diff --git a/SOURCES/0003-SYSDB-don-t-add-group-members-if-ignore_group_member.patch b/SOURCES/0003-SYSDB-don-t-add-group-members-if-ignore_group_member.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6f5c7f7e55891d3dbac3c4eb779a0cef877ba310
--- /dev/null
+++ b/SOURCES/0003-SYSDB-don-t-add-group-members-if-ignore_group_member.patch
@@ -0,0 +1,440 @@
+From 281d9c3ed66ee28a9572433a629eb0d72525ca46 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 14 Feb 2025 21:15:16 +0100
+Subject: [PATCH] SYSDB: don't add group members if 'ignore_group_members ==
+ true'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://github.com/SSSD/sssd/issues/7793
+
+Reviewed-by: Alejandro López <allopez@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/db/sysdb.h | 51 ++++++---
+ src/db/sysdb_search.c | 6 +-
+ src/db/sysdb_views.c | 10 +-
+ src/tests/cmocka/test_responder_cache_req.c | 112 +++++++-------------
+ src/tests/cmocka/test_sysdb_ts_cache.c | 6 +-
+ src/tools/sss_override.c | 2 +-
+ 6 files changed, 90 insertions(+), 97 deletions(-)
+
+diff --git a/src/db/sysdb.h b/src/db/sysdb.h
+index 1b827caf9..319b88e25 100644
+--- a/src/db/sysdb.h
++++ b/src/db/sysdb.h
+@@ -277,19 +277,44 @@
+ SYSDB_ORIG_DN, \
+ NULL}
+
+-#define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \
+- SYSDB_MEMBERUID, \
+- SYSDB_MEMBER, \
+- SYSDB_GHOST, \
+- SYSDB_DEFAULT_ATTRS, \
+- SYSDB_SID_STR, \
+- SYSDB_OVERRIDE_DN, \
+- SYSDB_OVERRIDE_OBJECT_DN, \
+- SYSDB_DEFAULT_OVERRIDE_NAME, \
+- SYSDB_UUID, \
+- ORIGINALAD_PREFIX SYSDB_NAME, \
+- ORIGINALAD_PREFIX SYSDB_GIDNUM, \
+- NULL}
++/* Strictly speaking it should return 'const char * const *' but
++ * that gets really unreadable.
++ */
++__attribute__((always_inline))
++static inline const char **SYSDB_GRSRC_ATTRS(const struct sss_domain_info *domain)
++{
++ static const char * __SYSDB_GRSRC_ATTRS_NO_MEMBERS[] = {
++ SYSDB_NAME, SYSDB_GIDNUM,
++ SYSDB_DEFAULT_ATTRS,
++ SYSDB_SID_STR,
++ SYSDB_OVERRIDE_DN,
++ SYSDB_OVERRIDE_OBJECT_DN,
++ SYSDB_DEFAULT_OVERRIDE_NAME,
++ SYSDB_UUID,
++ NULL
++ };
++ static const char * __SYSDB_GRSRC_ATTRS_WITH_MEMBERS[] = {
++ SYSDB_NAME, SYSDB_GIDNUM,
++ SYSDB_MEMBERUID,
++ SYSDB_MEMBER,
++ SYSDB_GHOST,
++ SYSDB_DEFAULT_ATTRS,
++ SYSDB_SID_STR,
++ SYSDB_OVERRIDE_DN,
++ SYSDB_OVERRIDE_OBJECT_DN,
++ SYSDB_DEFAULT_OVERRIDE_NAME,
++ SYSDB_UUID,
++ ORIGINALAD_PREFIX SYSDB_NAME,
++ ORIGINALAD_PREFIX SYSDB_GIDNUM,
++ NULL
++ };
++
++ if (domain && domain->ignore_group_members) {
++ return __SYSDB_GRSRC_ATTRS_NO_MEMBERS;
++ } else {
++ return __SYSDB_GRSRC_ATTRS_WITH_MEMBERS;
++ }
++}
+
+ #define SYSDB_NETGR_ATTRS {SYSDB_NAME, SYSDB_NETGROUP_TRIPLE, \
+ SYSDB_NETGROUP_MEMBER, \
+diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
+index e4c53b853..7f34ddbcb 100644
+--- a/src/db/sysdb_search.c
++++ b/src/db/sysdb_search.c
+@@ -1176,7 +1176,7 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
+ struct ldb_result **_res)
+ {
+ TALLOC_CTX *tmp_ctx;
+- static const char *attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **attrs = SYSDB_GRSRC_ATTRS(domain);
+ const char *fmt_filter;
+ char *sanitized_name;
+ struct ldb_dn *base_dn;
+@@ -1378,7 +1378,7 @@ int sysdb_getgrgid_attrs(TALLOC_CTX *mem_ctx,
+ struct ldb_dn *base_dn;
+ struct ldb_result *res = NULL;
+ int ret;
+- static const char *default_attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **default_attrs = SYSDB_GRSRC_ATTRS(domain);
+ const char **attrs = NULL;
+
+ tmp_ctx = talloc_new(NULL);
+@@ -1484,7 +1484,7 @@ int sysdb_enumgrent_filter(TALLOC_CTX *mem_ctx,
+ struct ldb_result **_res)
+ {
+ TALLOC_CTX *tmp_ctx;
+- static const char *attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **attrs = SYSDB_GRSRC_ATTRS(domain);
+ const char *filter = NULL;
+ const char *ts_filter = NULL;
+ const char *base_filter;
+diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
+index 19c10977b..71f627974 100644
+--- a/src/db/sysdb_views.c
++++ b/src/db/sysdb_views.c
+@@ -1237,7 +1237,7 @@ errno_t sysdb_search_group_override_by_name(TALLOC_CTX *mem_ctx,
+ struct ldb_result **override_obj,
+ struct ldb_result **orig_obj)
+ {
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **attrs = SYSDB_GRSRC_ATTRS(domain);
+
+ return sysdb_search_override_by_name(mem_ctx, domain, name,
+ SYSDB_GROUP_NAME_OVERRIDE_FILTER,
+@@ -1253,7 +1253,7 @@ static errno_t sysdb_search_override_by_id(TALLOC_CTX *mem_ctx,
+ {
+ TALLOC_CTX *tmp_ctx;
+ static const char *user_attrs[] = SYSDB_PW_ATTRS;
+- static const char *group_attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **group_attrs = SYSDB_GRSRC_ATTRS(domain);
+ const char **attrs;
+ struct ldb_dn *base_dn;
+ struct ldb_result *override_res;
+@@ -1417,7 +1417,7 @@ errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
+ struct ldb_message *override;
+ uint64_t uid;
+ static const char *user_attrs[] = SYSDB_PW_ATTRS;
+- static const char *group_attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **group_attrs = SYSDB_GRSRC_ATTRS(domain); /* members don't matter */
+ const char **attrs;
+ struct attr_map {
+ const char *attr;
+@@ -1551,6 +1551,10 @@ errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
+ char *val;
+ struct sss_domain_info *orig_dom;
+
++ if (domain->ignore_group_members) {
++ return EOK;
++ }
++
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
+diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
+index 32718c1f1..fcc7eca35 100644
+--- a/src/tests/cmocka/test_responder_cache_req.c
++++ b/src/tests/cmocka/test_responder_cache_req.c
+@@ -3267,10 +3267,8 @@ void test_object_by_sid_user_multiple_domains_notfound(void **state)
+
+ void test_object_by_sid_group_cache_valid(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Setup user. */
+ prepare_group(test_ctx->tctx->dom, &groups[0], 1000, time(NULL));
+@@ -3283,10 +3281,8 @@ void test_object_by_sid_group_cache_valid(void **state)
+
+ void test_object_by_sid_group_cache_expired(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Setup user. */
+ prepare_group(test_ctx->tctx->dom, &groups[0], -1000, time(NULL));
+@@ -3305,10 +3301,8 @@ void test_object_by_sid_group_cache_expired(void **state)
+
+ void test_object_by_sid_group_cache_midpoint(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Setup user. */
+ prepare_group(test_ctx->tctx->dom, &groups[0], 50, time(NULL) - 26);
+@@ -3326,12 +3320,10 @@ void test_object_by_sid_group_cache_midpoint(void **state)
+
+ void test_object_by_sid_group_ncache(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+ errno_t ret;
+
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
+-
+ /* Setup user. */
+ ret = sss_ncache_set_sid(test_ctx->ncache, false, test_ctx->tctx->dom, groups[0].sid);
+ assert_int_equal(ret, EOK);
+@@ -3344,10 +3336,8 @@ void test_object_by_sid_group_ncache(void **state)
+
+ void test_object_by_sid_group_missing_found(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Mock values. */
+ will_return(__wrap_sss_dp_get_account_send, test_ctx);
+@@ -3365,10 +3355,8 @@ void test_object_by_sid_group_missing_found(void **state)
+
+ void test_object_by_sid_group_missing_notfound(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Mock values. */
+ will_return(__wrap_sss_dp_get_account_send, test_ctx);
+@@ -3382,17 +3370,13 @@ void test_object_by_sid_group_missing_notfound(void **state)
+
+ void test_object_by_sid_group_multiple_domains_found(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- struct sss_domain_info *domain = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
+-
+- /* Setup user. */
+- domain = find_domain_by_name(test_ctx->tctx->dom,
+- "responder_cache_req_test_d", true);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct sss_domain_info *domain = find_domain_by_name(test_ctx->tctx->dom,
++ "responder_cache_req_test_d", true);
+ assert_non_null(domain);
++ const char **attrs = SYSDB_GRSRC_ATTRS(domain);
+
++ /* Setup user. */
+ prepare_group(domain, &groups[0], 1000, time(NULL));
+
+ /* Mock values. */
+@@ -3408,10 +3392,8 @@ void test_object_by_sid_group_multiple_domains_found(void **state)
+
+ void test_object_by_sid_group_multiple_domains_notfound(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Mock values. */
+ will_return_always(__wrap_sss_dp_get_account_send, test_ctx);
+@@ -3590,10 +3572,8 @@ void test_object_by_id_user_multiple_domains_notfound(void **state)
+
+ void test_object_by_id_group_cache_valid(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Setup user. */
+ prepare_group(test_ctx->tctx->dom, &groups[0], 1000, time(NULL));
+@@ -3605,10 +3585,8 @@ void test_object_by_id_group_cache_valid(void **state)
+
+ void test_object_by_id_group_cache_expired(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Setup user. */
+ prepare_group(test_ctx->tctx->dom, &groups[0], -1000, time(NULL));
+@@ -3626,10 +3604,8 @@ void test_object_by_id_group_cache_expired(void **state)
+
+ void test_object_by_id_group_cache_midpoint(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Setup user. */
+ prepare_group(test_ctx->tctx->dom, &groups[0], 50, time(NULL) - 26);
+@@ -3646,12 +3622,10 @@ void test_object_by_id_group_cache_midpoint(void **state)
+
+ void test_object_by_id_group_ncache(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+ errno_t ret;
+
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
+-
+ /* Setup group. We explicitly add the UID into BOTH UID and GID
+ * namespaces, because otherwise the cache_req plugin would
+ * search the Data Provider anyway, because it can't be sure
+@@ -3678,10 +3652,8 @@ void test_object_by_id_group_ncache(void **state)
+
+ void test_object_by_id_group_missing_found(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Mock values. */
+ will_return(__wrap_sss_dp_get_account_send, test_ctx);
+@@ -3698,10 +3670,8 @@ void test_object_by_id_group_missing_found(void **state)
+
+ void test_object_by_id_group_missing_notfound(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Mock values. */
+ will_return(__wrap_sss_dp_get_account_send, test_ctx);
+@@ -3714,17 +3684,13 @@ void test_object_by_id_group_missing_notfound(void **state)
+
+ void test_object_by_id_group_multiple_domains_found(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- struct sss_domain_info *domain = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
+-
+- /* Setup user. */
+- domain = find_domain_by_name(test_ctx->tctx->dom,
+- "responder_cache_req_test_d", true);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct sss_domain_info *domain = find_domain_by_name(test_ctx->tctx->dom,
++ "responder_cache_req_test_d", true);
+ assert_non_null(domain);
++ const char **attrs = SYSDB_GRSRC_ATTRS(domain);
+
++ /* Setup user. */
+ prepare_group(domain, &groups[0], 1000, time(NULL));
+
+ /* Mock values. */
+@@ -3740,10 +3706,8 @@ void test_object_by_id_group_multiple_domains_found(void **state)
+
+ void test_object_by_id_group_multiple_domains_notfound(void **state)
+ {
+- struct cache_req_test_ctx *test_ctx = NULL;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
+-
+- test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ struct cache_req_test_ctx *test_ctx = talloc_get_type_abort(*state, struct cache_req_test_ctx);
++ const char **attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+
+ /* Mock values. */
+ will_return_always(__wrap_sss_dp_get_account_send, test_ctx);
+diff --git a/src/tests/cmocka/test_sysdb_ts_cache.c b/src/tests/cmocka/test_sysdb_ts_cache.c
+index 24b26d950..f349b7061 100644
+--- a/src/tests/cmocka/test_sysdb_ts_cache.c
++++ b/src/tests/cmocka/test_sysdb_ts_cache.c
+@@ -694,7 +694,7 @@ static void test_sysdb_getgr_merges(void **state)
+ struct sysdb_ts_test_ctx *test_ctx = talloc_get_type_abort(*state,
+ struct sysdb_ts_test_ctx);
+ struct sysdb_attrs *group_attrs = NULL;
+- const char *gr_fetch_attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **gr_fetch_attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+ char *filter = NULL;
+ struct ldb_result *res = NULL;
+ size_t msgs_count;
+@@ -783,7 +783,7 @@ static void test_merge_ldb_results(void **state)
+ int ret;
+ struct sysdb_ts_test_ctx *test_ctx = talloc_get_type_abort(*state,
+ struct sysdb_ts_test_ctx);
+- const char *gr_fetch_attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **gr_fetch_attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+ char *filter;
+ struct ldb_result *res;
+ struct ldb_result *res1;
+@@ -856,7 +856,7 @@ static void test_group_bysid(void **state)
+ int ret;
+ struct sysdb_ts_test_ctx *test_ctx = talloc_get_type_abort(*state,
+ struct sysdb_ts_test_ctx);
+- const char *gr_fetch_attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **gr_fetch_attrs = SYSDB_GRSRC_ATTRS(test_ctx->tctx->dom);
+ struct sysdb_attrs *group_attrs = NULL;
+ struct ldb_result *res;
+ struct ldb_message *msg = NULL;
+diff --git a/src/tools/sss_override.c b/src/tools/sss_override.c
+index e4bad848e..1968dde3a 100644
+--- a/src/tools/sss_override.c
++++ b/src/tools/sss_override.c
+@@ -1218,7 +1218,7 @@ list_group_overrides(TALLOC_CTX *mem_ctx,
+ size_t count;
+ size_t i;
+ errno_t ret;
+- const char *attrs[] = SYSDB_GRSRC_ATTRS;
++ const char **attrs = SYSDB_GRSRC_ATTRS(domain);
+ const char *fqname;
+ char *name;
+
+--
+2.47.0
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index 002c809bfc3ec6ab51e3cc6cd8bc2056e85be251..82b8a8b791120c3a801ccf9524f1703a3e71962f 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -57,7 +57,7 @@
Name: sssd
Version: 2.10.2
-Release: 3%{?dist}
+Release: 3%{?dist}.1
Summary: System Security Services Daemon
License: GPL-3.0-or-later
URL: https://github.com/SSSD/sssd/
@@ -67,6 +67,7 @@ Source1: sssd.sysusers
### Patches ###
Patch0001: 0001-KCM-fix-memory-leak.patch
Patch0002: 0002-KCM-another-memory-leak-fixed.patch
+Patch0003: 0003-SYSDB-don-t-add-group-members-if-ignore_group_member.patch
### Dependencies ###
@@ -1119,9 +1120,12 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
-* Thu Feb 13 2025 Release Engineering <releng@rockylinux.org> - 2.10.2-3
+* Thu Apr 03 2025 Release Engineering <releng@rockylinux.org> - 2.10.2-3
- Valgrind does not exist on riscv64
+* Wed Apr 2 2025 Alexey Tikhonov <atikhono@redhat.com> - 2.10.2-3.1
+- Resolves: RHEL-79158 - Disk cache failure with large db sizes
+
* Wed Feb 12 2025 Alexey Tikhonov <atikhono@redhat.com> - 2.10.2-3
- Resolves: RHEL-78061 - 'sssd_kcm' leaks memory