diff --git a/SOURCES/0113-SBUS-defer-deallocation-of-sbus_watch_ctx.patch b/SOURCES/0113-SBUS-defer-deallocation-of-sbus_watch_ctx.patch
new file mode 100644
index 0000000..eacb658
--- /dev/null
+++ b/SOURCES/0113-SBUS-defer-deallocation-of-sbus_watch_ctx.patch
@@ -0,0 +1,89 @@
+From f845355e32127c5e8f2bf700cdaa5b8721804232 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 8 Nov 2019 20:01:50 +0100
+Subject: [PATCH] SBUS: defer deallocation of sbus_watch_ctx
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The following flow was causing use-after-free error:
+ tevent_common_invoke_fd_handler(RW) -> sbus_watch_handler(RW) ->
+ dbus_watch_handle(R) -> ...libdbus detects connection is closed... ->
+ sbus_remove_watch() -> talloc_free(watch) ->
+ ... get back to libdbus and back to sbus_watch_handler() ->
+ "if (watch->dbus_write_watch) dbus_watch_handle(W)" => use-after-free
+
+To resolve an issue schedule deallocation of watch as immediate event.
+
+Resolves: https://pagure.io/SSSD/sssd/issue/2660
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/sbus/sssd_dbus_common.c | 24 +++++++++++++++++++++++-
+ src/sbus/sssd_dbus_private.h | 1 +
+ 2 files changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/src/sbus/sssd_dbus_common.c b/src/sbus/sssd_dbus_common.c
+index 50100320a..dbdcae9ec 100644
+--- a/src/sbus/sssd_dbus_common.c
++++ b/src/sbus/sssd_dbus_common.c
+@@ -133,6 +133,12 @@ dbus_bool_t sbus_add_watch(DBusWatch *dbus_watch, void *data)
+ DEBUG(SSSDBG_FATAL_FAILURE, "Out of Memory!\n");
+ return FALSE;
+ }
++ watch->im_event = tevent_create_immediate(watch);
++ if (watch->im_event == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Out of Memory!\n");
++ talloc_free(watch);
++ return FALSE;
++ }
+ watch->conn = conn;
+ watch->fd = fd;
+ }
+@@ -243,6 +249,13 @@ void sbus_toggle_watch(DBusWatch *dbus_watch, void *data)
+ enabled?"enabled":"disabled");
+ }
+
++static void free_sbus_watch(struct tevent_context *ev,
++ struct tevent_immediate *im,
++ void *data)
++{
++ struct sbus_watch_ctx *w = talloc_get_type(data, struct sbus_watch_ctx);
++ talloc_free(w); /* this will free attached 'im' as well */
++}
+ /*
+ * sbus_remove_watch
+ * Hook for D-BUS to remove file descriptor-based events
+@@ -274,7 +287,16 @@ void sbus_remove_watch(DBusWatch *dbus_watch, void *data)
+ watch->dbus_write_watch = NULL;
+ }
+ if (!watch->dbus_read_watch && !watch->dbus_write_watch) {
+- talloc_free(watch);
++ /* libdus doesn't need this watch{fd} anymore, so associated
++ * tevent_fd should be removed from monitoring at the spot.
++ */
++ talloc_zfree(watch->fde);
++ /* watch itself can't be freed yet as it still may be referenced
++ * in the current context (for example in sbus_watch_handler())
++ * so instead schedule immediate event to delete it.
++ */
++ tevent_schedule_immediate(watch->im_event, watch->conn->ev,
++ free_sbus_watch, watch);
+ }
+ }
+
+diff --git a/src/sbus/sssd_dbus_private.h b/src/sbus/sssd_dbus_private.h
+index a3d4bae16..92649f113 100644
+--- a/src/sbus/sssd_dbus_private.h
++++ b/src/sbus/sssd_dbus_private.h
+@@ -88,6 +88,7 @@ struct sbus_watch_ctx {
+
+ struct tevent_fd *fde;
+ int fd;
++ struct tevent_immediate *im_event;
+
+ DBusWatch *dbus_read_watch;
+ DBusWatch *dbus_write_watch;
+--
+2.21.1
+
diff --git a/SOURCES/0114-memberof-keep-memberOf-attribute-for-nested-member.patch b/SOURCES/0114-memberof-keep-memberOf-attribute-for-nested-member.patch
new file mode 100644
index 0000000..7f5ea75
--- /dev/null
+++ b/SOURCES/0114-memberof-keep-memberOf-attribute-for-nested-member.patch
@@ -0,0 +1,50 @@
+From 9a7c044dcd17b23127ddda25ff9cddc9c67fe4ca Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Mon, 19 Mar 2018 12:47:17 +0100
+Subject: [PATCH] memberof: keep memberOf attribute for nested member
+
+If we have a member that is both direct and nested member,
+memberOf attribute was removed if the direct membership
+was deleted.
+
+1)
+user ----------> groupB -> groupC
+ -> groupA /
+
+2)
+user -> groupA -> groupB -> groupC
+
+If we remove user->groupB from 1), we get 2) but groupB was still
+removed from user memberOf attribute.
+
+Resolves:
+https://pagure.io/SSSD/sssd/issue/3636
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+(cherry picked from commit 1f5d139d103328b6e4be7dc8368abdd39a91d3a6)
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/ldb_modules/memberof.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
+index 5e1ff95a8..dae51938b 100644
+--- a/src/ldb_modules/memberof.c
++++ b/src/ldb_modules/memberof.c
+@@ -2055,11 +2055,7 @@ static int mbof_del_anc_callback(struct ldb_request *req,
+ talloc_free(valdn);
+ continue;
+ }
+- /* do not re-add the original deleted entry by mistake */
+- if (ldb_dn_compare(valdn, del_ctx->first->entry_dn) == 0) {
+- talloc_free(valdn);
+- continue;
+- }
++
+ new_list->dns = talloc_realloc(new_list,
+ new_list->dns,
+ struct ldb_dn *,
+--
+2.21.1
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index 63d1c9c..d83ce6c 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -48,7 +48,7 @@
Name: sssd
Version: 1.16.4
-Release: 37%{?dist}.1
+Release: 37%{?dist}.3
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -169,6 +169,8 @@ Patch0109: 0109-ad-set-min-and-max-ssf-for-ldaps.patch
Patch0110: 0110-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch
Patch0111: 0111-Add-TCP-level-timeout-to-LDAP-services.patch
Patch0112: 0112-sss_sockets-pass-pointer-instead-of-integer.patch
+Patch0113: 0113-SBUS-defer-deallocation-of-sbus_watch_ctx.patch
+Patch0114: 0114-memberof-keep-memberOf-attribute-for-nested-member.patch
#This patch should not be removed in RHEL-7
Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec
@@ -1328,13 +1330,22 @@ systemctl try-restart sssd >/dev/null 2>&1 || :
}
%changelog
+* Fri Mar 27 2020 Alexey Tikhonov <atikhono@redhat.com> - 1.16.4-37.3
+- Resolves: rhbz#1817380 - Removing an IPA sub-group should NOT remove the members
+ from indirect parent that also belong to other subgroups
+ [rhel-7.8.z]
+
+* Mon Mar 23 2020 Alexey Tikhonov <atikhono@redhat.com> - 1.16.4-37.2
+- Resolves: rhbz#1816031 - SSSD is crashing: dbus_watch_handle() is invoked
+ with corrupted 'watch' value [rhel-7.8.z]
+
* Wed Mar 18 2020 Michal Židek <mzidek@redhat.com> - 1.16.4-37.1
- Resolves: rhbz#1801208 - id command taking 1+ minute for returning user
information [rhel-7.8.z]
- Also updates spec file to not replace
/pam.d/sssd-shadowutils on update
-* Tue Jan 15 2020 Michal Židek <mzidek@redhat.com> - 1.16.4-37
+* Wed Jan 15 2020 Michal Židek <mzidek@redhat.com> - 1.16.4-37
- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider
- just bumping the version to fix generated dates in man pages