From 3203b4ccce843a03e070472d809a52a159790f3f Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: May 12 2016 07:35:06 +0000
Subject: import sssd-1.13.0-40.el7_2.4


---

diff --git a/SOURCES/0109-memberof-Don-t-allocate-on-a-NULL-context.patch b/SOURCES/0109-memberof-Don-t-allocate-on-a-NULL-context.patch
new file mode 100644
index 0000000..9e25a2d
--- /dev/null
+++ b/SOURCES/0109-memberof-Don-t-allocate-on-a-NULL-context.patch
@@ -0,0 +1,47 @@
+From 50d5d5c2b8b304234b222c76413c47dc31a6379f Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Fri, 19 Feb 2016 15:50:12 +0100
+Subject: [PATCH 109/109] memberof: Don't allocate on a NULL context
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+https://fedorahosted.org/sssd/ticket/2959
+
+In case no previous delete operation occured, the del_ctx->muops pointer we
+allocate the diff structure was would be NULL, effectivelly leaking the
+diff array during the memberof processing.
+
+Allocating on del_ctx is safer as that pointer is always allocated and
+prevents the leak.
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit cd7a272fb361626a45d54cd45daaab4bfe7ad93f)
+---
+ src/ldb_modules/memberof.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
+index 4d7b23ea1b95bed0ec5c7cc717b95e6da3cd0717..be7c07dbcda257b6d813bb232ec27973167c25c4 100644
+--- a/src/ldb_modules/memberof.c
++++ b/src/ldb_modules/memberof.c
+@@ -2145,7 +2145,7 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop)
+         if (!el || !el->num_values) {
+             return LDB_ERR_OPERATIONS_ERROR;
+         }
+-        diff = talloc_array(del_ctx->muops, struct ldb_dn *,
++        diff = talloc_array(del_ctx, struct ldb_dn *,
+                             el->num_values + 1);
+         if (!diff) {
+             return LDB_ERR_OPERATIONS_ERROR;
+@@ -2241,6 +2241,7 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop)
+             if (ret != LDB_SUCCESS) {
+                 return ret;
+             }
++            talloc_steal(del_ctx->muops, diff[i]);
+         }
+     }
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0110-memberof-Fix-a-memory-leak-when-removing-ghost-users.patch b/SOURCES/0110-memberof-Fix-a-memory-leak-when-removing-ghost-users.patch
new file mode 100644
index 0000000..1a8ab09
--- /dev/null
+++ b/SOURCES/0110-memberof-Fix-a-memory-leak-when-removing-ghost-users.patch
@@ -0,0 +1,38 @@
+From 54aa951a69cb0d0d4f2b154bff520145ecd659cf Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Wed, 6 Apr 2016 18:35:39 +0200
+Subject: [PATCH 110/111] memberof: Fix a memory leak when removing ghost users
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit c07fb3f111b4dc2780fa4e1408ea04cd36e95a4d)
+---
+ src/ldb_modules/memberof.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
+index be7c07dbcda257b6d813bb232ec27973167c25c4..118e95a4d3b6246f2c7775f300ac345ac63ff17a 100644
+--- a/src/ldb_modules/memberof.c
++++ b/src/ldb_modules/memberof.c
+@@ -2531,7 +2531,7 @@ static int mbof_del_fill_ghop_ex(struct mbof_del_ctx *del_ctx,
+               num_gh_vals, mbof->num_values);
+ 
+     for (i = 0; i < mbof->num_values; i++) {
+-        valdn = ldb_dn_from_ldb_val(del_ctx->ghops,
++        valdn = ldb_dn_from_ldb_val(del_ctx,
+                                     ldb_module_get_ctx(del_ctx->ctx->module),
+                                     &mbof->values[i]);
+         if (!valdn || !ldb_dn_validate(valdn)) {
+@@ -2556,6 +2556,7 @@ static int mbof_del_fill_ghop_ex(struct mbof_del_ctx *del_ctx,
+             if (ret != LDB_SUCCESS) {
+                 return ret;
+             }
++            talloc_steal(del_ctx->ghops, valdn);
+         }
+     }
+ 
+-- 
+2.4.11
+
diff --git a/SOURCES/0111-memberof-Don-t-allocate-on-NULL-when-deleting-member.patch b/SOURCES/0111-memberof-Don-t-allocate-on-NULL-when-deleting-member.patch
new file mode 100644
index 0000000..fdb2593
--- /dev/null
+++ b/SOURCES/0111-memberof-Don-t-allocate-on-NULL-when-deleting-member.patch
@@ -0,0 +1,39 @@
+From 58e3bfad6a6fc5d44c928b37e79bc36775aee2a8 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Fri, 8 Apr 2016 11:47:44 +0200
+Subject: [PATCH 111/111] memberof: Don't allocate on NULL when deleting
+ memberUids
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit 27a0be2bb6f21f66527e0edea4ed2cb4b5cafa53)
+---
+ src/ldb_modules/memberof.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
+index 118e95a4d3b6246f2c7775f300ac345ac63ff17a..6c0180a493ce0c013b5882100a85b453e4111e63 100644
+--- a/src/ldb_modules/memberof.c
++++ b/src/ldb_modules/memberof.c
+@@ -2471,7 +2471,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx,
+     for (i = 0; i < el->num_values; i++) {
+         struct ldb_dn *valdn;
+ 
+-        valdn = ldb_dn_from_ldb_val(del_ctx->muops,
++        valdn = ldb_dn_from_ldb_val(del_ctx,
+                                     ldb_module_get_ctx(del_ctx->ctx->module),
+                                     &el->values[i]);
+         if (!valdn || !ldb_dn_validate(valdn)) {
+@@ -2489,6 +2489,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx,
+         if (ret != LDB_SUCCESS) {
+             return ret;
+         }
++        talloc_steal(del_ctx->muops, valdn);
+     }
+ 
+     return LDB_SUCCESS;
+-- 
+2.4.11
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index 7423742..eff8ddf 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -25,7 +25,7 @@
 
 Name: sssd
 Version: 1.13.0
-Release: 40%{?dist}.2
+Release: 40%{?dist}.4
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -144,6 +144,9 @@ Patch0105:  0105-IPA-fix-override-with-the-same-name.patch
 Patch0106:  0106-Add-a-new-option-ldap_group_external_member.patch
 Patch0107:  0107-IPA-Add-interface-to-call-into-IPA-provider-from-LDA.patch
 Patch0108:  0108-LDAP-Use-the-IPA-provider-interface-to-resolve-exter.patch
+Patch0109:  0109-memberof-Don-t-allocate-on-a-NULL-context.patch
+Patch0110:  0110-memberof-Fix-a-memory-leak-when-removing-ghost-users.patch
+Patch0111:  0111-memberof-Don-t-allocate-on-NULL-when-deleting-member.patch
 
 #This patch should not be removed in RHEL-7
 Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec
@@ -1076,6 +1079,13 @@ fi
 /usr/bin/rm -f /var/tmp/sssd.upgrade || :
 
 %changelog
+* Mon Apr 18 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-40.4
+- Resolves: rhbz#1324442 - sssd be memory leak in sssd's memberof plugin
+- More patches from upstream related to the memory leak
+
+* Wed Apr  6 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-40.3
+- Resolves: rhbz#1324442 - sssd be memory leak in sssd's memberof plugin
+
 * Wed Feb 24 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-40.2
 - Resolves: rhbz#1311569 - [RFE] IPA: resolve external group memberships
                            of IPA groups during getgrnam and getgrgid