New upstream release 1.5.6

https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
Fixed a serious memory leak in the memberOf plugin
Fixed a regression with the negative cache that caused it to be essentially
nonfunctional
Fixed an issue where the user's full name would sometimes be removed from
the cache
Fixed an issue with password changes in the kerberos provider not working
with kpasswd

.gitignore

@@ -8,3 +8,4 @@ sssd-1.2.91.tar.gz
 /sssd-1.5.3.tar.gz
 /sssd-1.5.4.tar.gz
 /sssd-1.5.5.tar.gz
+/sssd-1.5.6.tar.gz

0001-memberof-fix-calculation-of-replaced-members.patch

@@ -1,26 +0,0 @@
->From c4236347f6c807793bd5c8c6a7432c0e9a2e78c2 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <ssorce@redhat.com>
-Date: Wed, 13 Apr 2011 15:21:32 -0400
-Subject: [PATCH 2/3] memberof: fix calculation of replaced members
-
-We were skipping the check on the next value in the added list when a match
-was found for the currentr value being checked.
----
- src/ldb_modules/memberof.c |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
-index 55c52fdcbbfccb7607190e21954a1439dc8fa57e..41ea0b344e951ffc47a4882896671bd9b37e1719 100644
---- a/src/ldb_modules/memberof.c
-+++ b/src/ldb_modules/memberof.c
-@@ -2727,6 +2727,7 @@ static int mbof_mod_process(struct mbof_mod_ctx *mod_ctx, bool *done)
-                         added->dns[j] = added->dns[j+1];
-                     }
-                     added->num--;
-+                    i--;
-                 }
-             }
-         }
--- 
-1.7.4.2
-

0002-memberof-free-delete-operation-apyload-once-done.patch

@@ -1,55 +0,0 @@
->From c808473b784459c65a99db8cf519a619df27f45a Mon Sep 17 00:00:00 2001
-From: Simo Sorce <ssorce@redhat.com>
-Date: Wed, 13 Apr 2011 17:09:09 -0400
-Subject: [PATCH] memberof: free delete operation apyload once done
-
-Large memberof delete operations can cause quite a number of searches
-and the results are attached to a delop operation structure.
-Make sure we free this payload once the operation is done and these
-results are not used anymore so that we get a smaller total memory footprint.
----
- src/ldb_modules/memberof.c |   14 +++++++++++++-
- 1 files changed, 13 insertions(+), 1 deletions(-)
-
-diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c
-index 41ea0b344e951ffc47a4882896671bd9b37e1719..4fc46fa84529ac1850cdb588ddf69be0f60e8238 100644
---- a/src/ldb_modules/memberof.c
-+++ b/src/ldb_modules/memberof.c
-@@ -1161,6 +1161,7 @@ static int mbof_del_fill_muop(struct mbof_del_ctx *del_ctx,
- static int mbof_del_muop(struct mbof_del_ctx *ctx);
- static int mbof_del_muop_callback(struct ldb_request *req,
-                                   struct ldb_reply *ares);
-+static void free_delop_contents(struct mbof_del_operation *delop);
- 
- 
- static int memberof_del(struct ldb_module *module, struct ldb_request *req)
-@@ -2182,6 +2183,8 @@ static int mbof_del_progeny(struct mbof_del_operation *delop)
-         return ret;
-     }
- 
-+    free_delop_contents(delop);
-+
-     if (nextop) {
-         return mbof_del_execute_op(nextop);
-     }
-@@ -2405,7 +2408,16 @@ static int mbof_del_muop_callback(struct ldb_request *req,
-     return LDB_SUCCESS;
- }
- 
--
-+/* delop may carry on a lot of memory, so we need a function to clean up
-+ * the payload without breaking the delop chain */
-+static void free_delop_contents(struct mbof_del_operation *delop)
-+{
-+    talloc_zfree(delop->entry);
-+    talloc_zfree(delop->parents);
-+    talloc_zfree(delop->anc_ctx);
-+    delop->num_parents = 0;
-+    delop->cur_parent = 0;
-+}
- 
- /* mod operation */
- 
--- 
-1.7.4.2
-

0003-Never-remove-gecos-from-the-sysdb-cache.patch

@@ -1,34 +0,0 @@
-From 9d5a7dec9eb1201f48f497b3f5355439977f0c88 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Tue, 12 Apr 2011 12:47:14 -0400
-Subject: [PATCH] Never remove gecos from the sysdb cache
-
-Now that gecos can come from either the 'gecos' or 'cn' attributes,
-we need to ensure that we never remove it from the cache.
----
- src/providers/ldap/ldap_common.c |    9 +++++++++
- 1 files changed, 9 insertions(+), 0 deletions(-)
-
-diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
-index ce6d41d5872a6dd474aff4bab8e2920688abda92..29a5820f5c6c765646c43948a9d17fe0016931ed 100644
---- a/src/providers/ldap/ldap_common.c
-+++ b/src/providers/ldap/ldap_common.c
-@@ -962,6 +962,15 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx,
-             continue;
-         }
- 
-+        /* GECOS is another special case. Its value can come
-+         * either from the 'gecos' attribute or the 'cn'
-+         * attribute. It's best if we just never remove it.
-+         */
-+        if (strcasecmp(sysdb_name, SYSDB_GECOS) == 0) {
-+            talloc_free(sysdb_name);
-+            continue;
-+        }
-+
-         for (j = 0; j < recvd_attrs->num; j++) {
-             /* Check whether this expected attribute appeared in the
-              * received attributes and had a non-zero number of
--- 
-1.7.4.2
-

0004-Always-generate-kpasswdinfo-file.patch

@@ -1,28 +0,0 @@
-From 39efef47b659fa952a9ac73f948688ebfbc0d5de Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Mon, 18 Apr 2011 11:11:13 -0400
-Subject: [PATCH] Always generate kpasswdinfo file
-
-Previously, we only generated it when performing a password change,
-but this didn't play nicely with kpasswd.
----
- src/providers/krb5/krb5_auth.c |    3 +--
- 1 files changed, 1 insertions(+), 2 deletions(-)
-
-diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
-index 379a97be6446bdf0fc5c9bc120c561a532d454cf..55a06a511688d6c9511a4f68db47046a4bfdc737 100644
---- a/src/providers/krb5/krb5_auth.c
-+++ b/src/providers/krb5/krb5_auth.c
-@@ -523,8 +523,7 @@ static void krb5_resolve_kdc_done(struct tevent_req *subreq)
-         be_mark_offline(state->be_ctx);
-         kr->is_offline = true;
-     } else {
--        if (state->pd->cmd == SSS_PAM_CHAUTHTOK &&
--            kr->krb5_ctx->kpasswd_service != NULL) {
-+        if (kr->krb5_ctx->kpasswd_service != NULL) {
-             subreq = be_resolve_server_send(state, state->ev, state->be_ctx,
-                                             kr->krb5_ctx->kpasswd_service->name);
-             if (subreq == NULL) {
--- 
-1.7.4.4
-

sources

@@ -1 +1 @@
-dbca15fb9a24daec163984c36a706820  sssd-1.5.5.tar.gz
+44a5d357b9fb0e3eb825a4b7de57b3a2  sssd-1.5.6.tar.gz

sssd.spec

@@ -8,8 +8,8 @@
 %global ldb_version 1.0.2
 
 Name: sssd
-Version: 1.5.5
-Release: 5%{?dist}
+Version: 1.5.6
+Release: 1%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -18,10 +18,6 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
 ### Patches ###
-Patch0001: 0001-memberof-fix-calculation-of-replaced-members.patch
-Patch0002: 0002-memberof-free-delete-operation-apyload-once-done.patch
-Patch0003: 0003-Never-remove-gecos-from-the-sysdb-cache.patch
-Patch0004: 0004-Always-generate-kpasswdinfo-file.patch
 
 ### Dependencies ###
 
@@ -115,10 +111,6 @@ use with ldap_default_authtok_type = obfuscated_password.
 %prep
 %setup -q
 
-%patch0001 -p1
-%patch0002 -p1
-%patch0003 -p1
-%patch0004 -p1
 
 %build
 autoreconf -ivf
@@ -303,6 +295,17 @@ fi
 %postun client -p /sbin/ldconfig
 
 %changelog
+* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1
+- New upstream release 1.5.6
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
+- Fixed a serious memory leak in the memberOf plugin
+- Fixed a regression with the negative cache that caused it to be essentially
+- nonfunctional
+- Fixed an issue where the user's full name would sometimes be removed from
+- the cache
+- Fixed an issue with password changes in the kerberos provider not working
+- with kpasswd
+
 * Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-5
 - Resolves: rhbz#697057 - kpasswd fails when using sssd and
 -                         kadmin server != kdc server