git: c2900ff6c818 - main - security/sssd: unbreak the port

From: John Hixson <jhixson_at_FreeBSD.org>
Date: Fri, 05 Jul 2024 12:32:38 UTC
The branch main has been updated by jhixson:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c2900ff6c81837e4c58774ceeacfa2f14b9bbbb7

commit c2900ff6c81837e4c58774ceeacfa2f14b9bbbb7
Author:     John Hixson <jhixson@FreeBSD.org>
AuthorDate: 2024-07-05 12:30:10 +0000
Commit:     John Hixson <jhixson@FreeBSD.org>
CommitDate: 2024-07-05 12:32:24 +0000

    security/sssd: unbreak the port
---
 security/sssd/Makefile                             |  2 +-
 security/sssd/files/bsdnss.c                       | 27 +++++--
 security/sssd/files/patch-Makefile.am              | 82 +++++++++++-----------
 security/sssd/files/patch-configure.ac             | 18 ++---
 security/sssd/files/patch-src__confdb__confdb.c    |  4 +-
 .../sssd/files/patch-src__external__inotify.m4     |  4 +-
 security/sssd/files/patch-src__external__krb5.m4   |  6 +-
 security/sssd/files/patch-src__external__ldap.m4   | 14 ++--
 security/sssd/files/patch-src__external__python.m4 |  8 ++-
 .../patch-src__lib__certmap__sss_certmap.exports   | 10 +++
 ...rc__lib__winbind_idmap_sss__winbind_idmap_sss.h |  4 +-
 .../files/patch-src__providers__ad__ad_common.c    | 10 ++-
 .../files/patch-src__providers__ad__ad_gpo_ndr.c   | 10 +--
 .../sssd/files/patch-src__providers__ad__ad_pac.h  |  4 +-
 .../files/patch-src__providers__data_provider_fo.c |  6 +-
 .../files/patch-src__providers__ipa__ipa_common.c  |  4 +-
 ...c__providers__ipa__ipa_deskprofile_rules_util.c |  4 +-
 ...ers__krb5__krb5_delayed_online_authentication.c |  8 +--
 .../files/patch-src__providers__ldap__ldap_auth.c  | 28 ++++----
 .../files/patch-src__providers__ldap__ldap_child.c |  6 +-
 .../patch-src__providers__ldap__sdap_access.c      |  8 +--
 ...patch-src__providers__ldap__sdap_async_groups.c |  4 +-
 ...h-src__providers__ldap__sdap_async_initgroups.c | 12 ++--
 ...rc__providers__ldap__sdap_async_initgroups_ad.c |  8 +--
 ...rc__providers__ldap__sdap_async_sudo_hostinfo.c |  8 +--
 .../patch-src__providers__ldap__sdap_async_users.c |  4 +-
 .../files/patch-src__resolv__async_resolv_utils.c  |  4 +-
 security/sssd/files/patch-src__sbus__sbus_codegen  |  6 +-
 .../sssd/files/patch-src__sss_client__common.c     | 68 +++++++++++++++---
 .../sssd/files/patch-src__sss_client__nss_group.c  |  4 +-
 .../sssd/files/patch-src__sss_client__pam_sss.c    | 15 ++--
 .../files/patch-src__sss_client__sss_nss.exports   | 35 +++++----
 .../files/patch-src__tests__cmocka__test_authtok.c |  4 +-
 .../patch-src__tests__cmocka__test_negcache_2.c    | 18 +++--
 .../files/patch-src__tests__cmocka__test_pam_srv.c |  4 +-
 ...atch-src__tests__cwrap__test_responder_common.c |  6 +-
 .../files/patch-src__tests__cwrap__test_server.c   |  4 +-
 .../sssd/files/patch-src__tests__dlopen-tests.c    |  4 +-
 ...__util__crypto__libcrypto__crypto_sha512crypt.c |  4 +-
 ...patch-src__util__crypto__nss__nss_sha512crypt.c |  4 +-
 security/sssd/files/patch-src__util__find_uid.c    | 10 ++-
 security/sssd/files/patch-src__util__nss_dl_load.c |  8 +--
 security/sssd/files/patch-src__util__server.c      |  4 +-
 security/sssd/files/patch-src__util__sss_endian.h  |  4 +-
 security/sssd/files/patch-src__util__sss_krb5.c    |  4 +-
 security/sssd/files/patch-src__util__sss_sockets.c | 10 +--
 security/sssd/files/patch-src__util__util.c        |  6 +-
 security/sssd/files/patch-src__util__util.h        |  6 +-
 security/sssd/pkg-plist                            | 10 +--
 security/sssd2/files/bsdnss.c                      | 17 +++++
 50 files changed, 302 insertions(+), 260 deletions(-)

diff --git a/security/sssd/Makefile b/security/sssd/Makefile
index 4ba425fb1bbf..ee98e270d779 100644
--- a/security/sssd/Makefile
+++ b/security/sssd/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	sssd
 PORTVERSION=	1.16.5
-PORTREVISION=	12
+PORTREVISION=	13
 CATEGORIES=	security
 MASTER_SITES=	https://releases.pagure.org/SSSD/${PORTNAME}/
 
diff --git a/security/sssd/files/bsdnss.c b/security/sssd/files/bsdnss.c
index 6a1152100c67..21484bdca1f5 100644
--- a/security/sssd/files/bsdnss.c
+++ b/security/sssd/files/bsdnss.c
@@ -6,6 +6,24 @@
 #include <nss.h>
 #include <netdb.h>
 
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
+NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
+NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership);
+
 extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t,
                                            int *);
 extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *,
@@ -66,7 +84,6 @@ static ns_mtab methods[] = {
 { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
 { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
 { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
-{ NSDB_GROUP, "getgroupmembership",   __nss_compat_getgroupmembership,   _nss_sss_getgroupmembership },
 { NSDB_GROUP, "setgrent",   __nss_compat_setgrent,   _nss_sss_setgrent },
 { NSDB_GROUP, "endgrent",   __nss_compat_endgrent,   _nss_sss_endgrent },
 
@@ -76,9 +93,9 @@ static ns_mtab methods[] = {
 { NSDB_PASSWD, "setpwent",   __nss_compat_setpwent,   _nss_sss_setpwent },
 { NSDB_PASSWD, "endpwent",   __nss_compat_endpwent,   _nss_sss_endpwent },
 
-// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r },
-//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r },
-//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r },
+{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r },
+{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r },
+{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r },
 
 { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
 { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
@@ -92,6 +109,8 @@ static ns_mtab methods[] = {
 { NSDB_PASSWD_COMPAT, "setpwent",   __nss_compat_setpwent,   _nss_sss_setpwent },
 { NSDB_PASSWD_COMPAT, "endpwent",   __nss_compat_endpwent,   _nss_sss_endpwent },
 
+{ NSDB_GROUP, "getgroupmembership",   __nss_compat_getgroupmembership,   _nss_sss_getgroupmembership },
+
 };
 
 
diff --git a/security/sssd/files/patch-Makefile.am b/security/sssd/files/patch-Makefile.am
index 12e49bf033c6..facbd10dcd13 100644
--- a/security/sssd/files/patch-Makefile.am
+++ b/security/sssd/files/patch-Makefile.am
@@ -1,8 +1,6 @@
-diff --git Makefile.am Makefile.am
-index be17d6a59..03386d1f8 100644
---- Makefile.am
+--- Makefile.am.orig	2024-07-05 11:41:32 UTC
 +++ Makefile.am
-@@ -61,7 +61,7 @@ sssdapiplugindir = $(sssddatadir)/sssd.api.d
+@@ -61,7 +61,7 @@ dbusservicedir = $(datadir)/dbus-1/system-services
  sssdtapscriptdir = $(sssddatadir)/systemtap
  dbuspolicydir = $(sysconfdir)/dbus-1/system.d
  dbusservicedir = $(datadir)/dbus-1/system-services
@@ -11,7 +9,7 @@ index be17d6a59..03386d1f8 100644
  runstatedir = @runstatedir@
  localedir = @localedir@
  nsslibdir = @nsslibdir@
-@@ -378,12 +378,6 @@ sssdlib_LTLIBRARIES += \
+@@ -382,12 +382,6 @@ endif
      libsss_ad.la
  endif
  
@@ -24,7 +22,7 @@ index be17d6a59..03386d1f8 100644
  ldblib_LTLIBRARIES = \
      memberof.la
  
-@@ -610,6 +604,7 @@ SSSD_FAILOVER_OBJ = \
+@@ -623,6 +617,7 @@ SSSD_LIBS = \
  
  SSSD_LIBS = \
      $(TALLOC_LIBS) \
@@ -32,7 +30,7 @@ index be17d6a59..03386d1f8 100644
      $(TEVENT_LIBS) \
      $(POPT_LIBS) \
      $(LDB_LIBS) \
-@@ -664,6 +659,7 @@ dist_noinst_HEADERS = \
+@@ -677,6 +672,7 @@ dist_noinst_HEADERS = \
      src/util/sss_ssh.h \
      src/util/sss_ini.h \
      src/util/sss_format.h \
@@ -40,7 +38,7 @@ index be17d6a59..03386d1f8 100644
      src/util/refcount.h \
      src/util/find_uid.h \
      src/util/user_info_msg.h \
-@@ -1358,6 +1354,7 @@ sssd_LDADD = \
+@@ -1372,6 +1368,7 @@ sssd_LDADD = \
      $(SSSD_LIBS) \
      $(INOTIFY_LIBS) \
      $(LIBNL_LIBS) \
@@ -48,55 +46,48 @@ index be17d6a59..03386d1f8 100644
      $(KEYUTILS_LIBS) \
      $(SYSTEMD_DAEMON_LIBS) \
      $(SSSD_INTERNAL_LTLIBS)
-@@ -1381,6 +1378,7 @@ sssd_nss_SOURCES = \
- sssd_nss_LDADD = \
+@@ -1396,6 +1393,7 @@ sssd_nss_LDADD = \
+     $(LIBADD_DL) \
      $(TDB_LIBS) \
      $(SSSD_LIBS) \
 +    $(LTLIBINTL) \
      libsss_idmap.la \
      libsss_cert.la \
      $(SYSTEMD_DAEMON_LIBS) \
-@@ -1397,6 +1395,7 @@ sssd_pam_SOURCES = \
- sssd_pam_LDADD = \
+@@ -1418,6 +1416,7 @@ sssd_pam_LDADD = \
+     $(LIBADD_DL) \
      $(TDB_LIBS) \
      $(SSSD_LIBS) \
 +    $(LTLIBINTL) \
      $(SELINUX_LIBS) \
      $(PAM_LIBS) \
      $(SYSTEMD_DAEMON_LIBS) \
-@@ -1414,6 +1413,7 @@ sssd_sudo_SOURCES = \
-     $(SSSD_RESPONDER_OBJ)
+@@ -1436,6 +1435,8 @@ sssd_sudo_LDADD = \
  sssd_sudo_LDADD = \
+     $(LIBADD_DL) \
      $(SSSD_LIBS) \
 +    $(LTLIBINTL) \
-     $(SYSTEMD_DAEMON_LIBS) \
-     $(SSSD_INTERNAL_LTLIBS)
- endif
-@@ -1426,6 +1426,7 @@ sssd_autofs_SOURCES = \
-     $(SSSD_RESPONDER_OBJ)
- sssd_autofs_LDADD = \
-     $(SSSD_LIBS) \
 +    $(LTLIBINTL) \
      $(SYSTEMD_DAEMON_LIBS) \
      $(SSSD_INTERNAL_LTLIBS)
  endif
-@@ -1441,6 +1442,7 @@ sssd_ssh_SOURCES = \
-     $(NULL)
+@@ -1464,6 +1465,7 @@ sssd_ssh_LDADD = \
  sssd_ssh_LDADD = \
+     $(LIBADD_DL) \
      $(SSSD_LIBS) \
 +    $(LTLIBINTL) \
      $(SSSD_INTERNAL_LTLIBS) \
      $(SYSTEMD_DAEMON_LIBS) \
      libsss_cert.la \
-@@ -1481,6 +1483,7 @@ sssd_ifp_CFLAGS = \
-     $(AM_CFLAGS)
+@@ -1506,6 +1508,7 @@ sssd_ifp_LDADD = \
  sssd_ifp_LDADD = \
+     $(LIBADD_DL) \
      $(SSSD_LIBS) \
 +    $(LTLIBINTL) \
      $(SYSTEMD_DAEMON_LIBS) \
      $(SSSD_INTERNAL_LTLIBS) \
      libsss_cert.la \
-@@ -1604,6 +1607,7 @@ sssd_be_SOURCES = \
+@@ -1631,6 +1634,7 @@ sssd_be_LDADD = \
  sssd_be_LDADD = \
      $(LIBADD_DL) \
      $(SSSD_LIBS) \
@@ -104,7 +95,7 @@ index be17d6a59..03386d1f8 100644
      $(CARES_LIBS) \
      $(PAM_LIBS) \
      $(SSSD_INTERNAL_LTLIBS)
-@@ -1726,6 +1730,7 @@ sss_signal_SOURCES = \
+@@ -1753,6 +1757,7 @@ sss_signal_LDADD = \
      src/tools/common/sss_process.c
      $(NULL)
  sss_signal_LDADD = \
@@ -112,7 +103,7 @@ index be17d6a59..03386d1f8 100644
      libsss_debug.la \
      $(NULL)
  
-@@ -2318,6 +2323,7 @@ test_ssh_client_CFLAGS = \
+@@ -2347,6 +2352,7 @@ test_ssh_client_LDADD = \
  test_ssh_client_LDADD = \
      $(SSSD_INTERNAL_LTLIBS) \
      $(SSSD_LIBS) \
@@ -120,7 +111,7 @@ index be17d6a59..03386d1f8 100644
      $(NULL)
  
  if BUILD_DBUS_TESTS
-@@ -2602,6 +2608,7 @@ test_authtok_LDADD = \
+@@ -2657,6 +2663,7 @@ test_authtok_LDADD = \
      $(CMOCKA_LIBS) \
      $(DHASH_LIBS) \
      $(POPT_LIBS) \
@@ -128,7 +119,7 @@ index be17d6a59..03386d1f8 100644
      libsss_test_common.la \
      libsss_debug.la \
      $(NULL)
-@@ -2622,6 +2629,7 @@ deskprofile_utils_tests_SOURCES = \
+@@ -2692,6 +2699,7 @@ deskprofile_utils_tests_LDADD = \
  deskprofile_utils_tests_CFLAGS = \
      $(AM_CFLAGS)
  deskprofile_utils_tests_LDADD = \
@@ -136,7 +127,7 @@ index be17d6a59..03386d1f8 100644
      $(CMOCKA_LIBS) \
      $(SSSD_INTERNAL_LTLIBS) \
      libsss_test_common.la
-@@ -2654,6 +2662,7 @@ domain_resolution_order_tests_CFLAGS = \
+@@ -2724,6 +2732,7 @@ domain_resolution_order_tests_LDADD = \
  	$(AM_CFLAGS)
  domain_resolution_order_tests_LDADD = \
  	$(CMOCKA_LIBS) \
@@ -144,7 +135,7 @@ index be17d6a59..03386d1f8 100644
  	$(SSSD_INTERNAL_LTLIBS) \
  	libsss_test_common.la
  
-@@ -2738,6 +2747,7 @@ test_search_bases_LDADD = \
+@@ -2809,6 +2818,7 @@ test_search_bases_LDADD = \
      $(CMOCKA_LIBS) \
      $(TALLOC_LIBS) \
      $(SSSD_INTERNAL_LTLIBS) \
@@ -152,7 +143,7 @@ index be17d6a59..03386d1f8 100644
      libsss_ldap_common.la \
      libsss_test_common.la \
      libdlopen_test_providers.la \
-@@ -3545,6 +3555,7 @@ test_inotify_LDADD = \
+@@ -3619,6 +3629,7 @@ test_inotify_LDADD = \
      $(CMOCKA_LIBS) \
      $(SSSD_LIBS) \
      $(SSSD_INTERNAL_LTLIBS) \
@@ -160,7 +151,7 @@ index be17d6a59..03386d1f8 100644
      $(LIBADD_DL) \
      libsss_test_common.la \
      $(NULL)
-@@ -3637,9 +3648,6 @@ endif
+@@ -3711,9 +3722,6 @@ endif
  if BUILD_WITH_LIBCURL
  noinst_PROGRAMS += tcurl-test-tool
  endif
@@ -170,7 +161,7 @@ index be17d6a59..03386d1f8 100644
  
  if BUILD_AUTOFS
  autofs_test_client_SOURCES = \
-@@ -3730,9 +3738,10 @@ intgcheck:
+@@ -3806,9 +3814,10 @@ intgcheck:
  # Client Libraries #
  ####################
  
@@ -183,7 +174,7 @@ index be17d6a59..03386d1f8 100644
      src/sss_client/nss_passwd.c \
      src/sss_client/nss_group.c \
      src/sss_client/nss_netgroup.c \
-@@ -3748,9 +3757,9 @@ libnss_sss_la_SOURCES = \
+@@ -3824,9 +3833,9 @@ libnss_sss_la_SOURCES = \
      src/sss_client/nss_mc_group.c \
      src/sss_client/nss_mc_initgr.c \
      src/sss_client/nss_mc.h
@@ -195,7 +186,7 @@ index be17d6a59..03386d1f8 100644
      -module \
      -version-info 2:0:0 \
      -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
-@@ -3908,6 +3917,7 @@ libsss_ldap_common_la_LIBADD = \
+@@ -3985,6 +3994,7 @@ libsss_ldap_common_la_LIBADD = \
      $(OPENLDAP_LIBS) \
      $(DHASH_LIBS) \
      $(KRB5_LIBS) \
@@ -203,7 +194,7 @@ index be17d6a59..03386d1f8 100644
      libsss_krb5_common.la \
      libsss_idmap.la \
      libsss_certmap.la \
-@@ -4271,6 +4281,7 @@ ldap_child_CFLAGS = \
+@@ -4353,6 +4363,7 @@ ldap_child_LDADD = \
      $(KRB5_CFLAGS)
  ldap_child_LDADD = \
      libsss_debug.la \
@@ -211,7 +202,7 @@ index be17d6a59..03386d1f8 100644
      $(TALLOC_LIBS) \
      $(POPT_LIBS) \
      $(DHASH_LIBS) \
-@@ -4313,6 +4324,7 @@ gpo_child_CFLAGS = \
+@@ -4395,6 +4406,7 @@ gpo_child_LDADD = \
      $(SMBCLIENT_CFLAGS)
  gpo_child_LDADD = \
      libsss_debug.la \
@@ -219,7 +210,7 @@ index be17d6a59..03386d1f8 100644
      $(TALLOC_LIBS) \
      $(POPT_LIBS) \
      $(DHASH_LIBS) \
-@@ -4329,6 +4341,7 @@ proxy_child_CFLAGS = \
+@@ -4411,6 +4423,7 @@ proxy_child_LDADD = \
  proxy_child_LDADD = \
      $(PAM_LIBS) \
      $(SSSD_LIBS) \
@@ -227,7 +218,7 @@ index be17d6a59..03386d1f8 100644
      $(SSSD_INTERNAL_LTLIBS)
  
  p11_child_SOURCES = \
-@@ -4361,6 +4374,7 @@ endif
+@@ -4443,6 +4456,7 @@ p11_child_LDADD = \
  
  p11_child_LDADD = \
      libsss_debug.la \
@@ -235,3 +226,12 @@ index be17d6a59..03386d1f8 100644
      $(TALLOC_LIBS) \
      $(DHASH_LIBS) \
      $(POPT_LIBS) \
+@@ -5094,7 +5108,7 @@ endif
+ endif
+ endif
+ 
+-install-data-hook:
++notnotinstall-data-hook:
+ 	rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \
+        $(DESTDIR)/$(nsslibdir)/libnss_sss.so
+ 	mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2
diff --git a/security/sssd/files/patch-configure.ac b/security/sssd/files/patch-configure.ac
index b62547432984..4dc61dafc774 100644
--- a/security/sssd/files/patch-configure.ac
+++ b/security/sssd/files/patch-configure.ac
@@ -1,6 +1,6 @@
---- configure.ac	2020-03-17 13:31:28 UTC
+--- configure.ac.orig	2020-03-17 13:31:28 UTC
 +++ configure.ac
-@@ -44,8 +44,6 @@ AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = y
+@@ -44,8 +44,6 @@ AC_CONFIG_HEADER(config.h)
  AC_CHECK_HEADERS(stdint.h dlfcn.h)
  AC_CONFIG_HEADER(config.h)
  
@@ -9,10 +9,10 @@
  m4_include([src/build_macros.m4])
  BUILD_WITH_SHARED_BUILD_DIR
  
-@@ -62,4 +60,18 @@
-
+@@ -62,6 +60,20 @@ AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" 
+ 
  AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
-+
+ 
 +saved_CFLAGS="$CFLAGS"
 +CFLAGS="-Werror"
 +AC_COMPILE_IFELSE(
@@ -26,12 +26,14 @@
 +CFLAGS="$saved_CFLAGS"
 +
 +AM_CONDITIONAL([HAVE_MEMPCPY], [test x"$HAVE_MEMPCPY" != "x"])
-
++
  # Check library for the timer_create function
-@@ -356,8 +358,8 @@ them please use argument --without-python3-bindings wh
+ SAVE_LIBS=$LIBS
+ LIBS=
+@@ -356,8 +368,8 @@ them please use argument --without-python3-bindings wh
      AM_CHECK_PYTHON_HEADERS([],
                              AC_MSG_ERROR([Could not find python3 headers]))
-
+ 
 -    AC_SUBST([py3execdir], [$pyexecdir])
 -    AC_SUBST([python3dir], [$pythondir])
 +    AC_SUBST([py3execdir], [$(eval echo $pyexecdir)])
diff --git a/security/sssd/files/patch-src__confdb__confdb.c b/security/sssd/files/patch-src__confdb__confdb.c
index 006f9810a3be..0db5562a301f 100644
--- a/security/sssd/files/patch-src__confdb__confdb.c
+++ b/security/sssd/files/patch-src__confdb__confdb.c
@@ -1,6 +1,4 @@
-diff --git src/confdb/confdb.c src/confdb/confdb.c
-index e55f88e4e..81fd3417a 100644
---- src/confdb/confdb.c
+--- src/confdb/confdb.c.orig	2020-03-17 13:31:28 UTC
 +++ src/confdb/confdb.c
 @@ -28,6 +28,11 @@
  #include "util/strtonum.h"
diff --git a/security/sssd/files/patch-src__external__inotify.m4 b/security/sssd/files/patch-src__external__inotify.m4
index 9acf30c5d281..7b99442f016d 100644
--- a/security/sssd/files/patch-src__external__inotify.m4
+++ b/security/sssd/files/patch-src__external__inotify.m4
@@ -1,6 +1,4 @@
-diff --git src/external/inotify.m4 src/external/inotify.m4
-index 3ae5ae314..e88bd3ffc 100644
---- src/external/inotify.m4
+--- src/external/inotify.m4.orig	2020-03-17 13:31:28 UTC
 +++ src/external/inotify.m4
 @@ -20,10 +20,10 @@ int main () {
      AS_IF([test x"$inotify_works" != xyes],
diff --git a/security/sssd/files/patch-src__external__krb5.m4 b/security/sssd/files/patch-src__external__krb5.m4
index fd36f02e61ee..a7d0d6c58b3b 100644
--- a/security/sssd/files/patch-src__external__krb5.m4
+++ b/security/sssd/files/patch-src__external__krb5.m4
@@ -1,8 +1,6 @@
-diff --git src/external/krb5.m4 src/external/krb5.m4
-index b844c2fbe..856ef56fe 100644
---- src/external/krb5.m4
+--- src/external/krb5.m4.orig	2020-03-17 13:31:28 UTC
 +++ src/external/krb5.m4
-@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then
+@@ -9,7 +9,7 @@ fi
      KRB5_PASSED_CFLAGS=$KRB5_CFLAGS
  fi
  
diff --git a/security/sssd/files/patch-src__external__ldap.m4 b/security/sssd/files/patch-src__external__ldap.m4
index 682de45f5f0d..8939c02bdeeb 100644
--- a/security/sssd/files/patch-src__external__ldap.m4
+++ b/security/sssd/files/patch-src__external__ldap.m4
@@ -1,8 +1,6 @@
-diff --git src/external/ldap.m4 src/external/ldap.m4
-index cd13fde62..73ca93674 100644
---- src/external/ldap.m4
+--- src/external/ldap.m4.orig	2020-03-17 13:31:28 UTC
 +++ src/external/ldap.m4
-@@ -32,8 +32,7 @@ dnl Check for other libraries we need to link with to get the main routines.
+@@ -32,8 +32,7 @@ test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, lda
  test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) }
  test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) }
  test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) }
@@ -12,13 +10,13 @@ index cd13fde62..73ca93674 100644
  dnl Recently, we need -lber even though the main routines are elsewhere,
  dnl because otherwise we get link errors w.r.t. ber_pvt_opt_on. So just
  dnl check for that (it's a variable not a fun but that doesn't seem to
-@@ -42,6 +41,9 @@ dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
+@@ -41,6 +40,9 @@ test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber
+ dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
  dnl #### understands LDAP needs to fix this properly.
  test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) }
- 
++
 +CFLAGS=$SAVE_CFLAGS
 +LIBS=$SAVE_LIBS
-+
+ 
  if test "$with_ldap" = "yes"; then
    if test "$with_ldap_des" = "yes" ; then
-     OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes"
diff --git a/security/sssd/files/patch-src__external__python.m4 b/security/sssd/files/patch-src__external__python.m4
index 8453814e053c..12987976c2fb 100644
--- a/security/sssd/files/patch-src__external__python.m4
+++ b/security/sssd/files/patch-src__external__python.m4
@@ -1,9 +1,11 @@
---- src/external/python.m4	2020-03-17 09:31:28.000000000 -0400
-+++ src/external/python.m4	2022-02-22 22:55:04.425467000 -0500
-@@ -37,5 +37,5 @@
+--- src/external/python.m4.orig	2020-03-17 13:31:28 UTC
++++ src/external/python.m4
+@@ -36,7 +36,7 @@ --without-$1-bindings when running configure.]))
+     if test $? -eq 0; then
          PYTHON_DLOPEN_LIB="` $PYTHON_CONFIG --libs --embed | grep -o -- '-lpython@<:@^ @:>@*' |sed -e 's/^-l/lib/'`"
          if test x"$PYTHON_DLOPEN_LIB" != x; then
 -            python_lib_path="` $PYTHON_CONFIG --ldflags | grep -o -- '-L/@<:@^ @:>@*' | sed -e 's/^-L//'`"
 +            python_lib_path="` $PYTHON_CONFIG --ldflags | sed -n 's/.*-L\(@<:@^ @:>@*\).*/\1/p'`"
              if test x"$python_lib_path" != x; then
                  PYTHON_DLOPEN_LIB=$python_lib_path"/"$PYTHON_DLOPEN_LIB
+             fi
diff --git a/security/sssd/files/patch-src__lib__certmap__sss_certmap.exports b/security/sssd/files/patch-src__lib__certmap__sss_certmap.exports
new file mode 100644
index 000000000000..df8fac78ac91
--- /dev/null
+++ b/security/sssd/files/patch-src__lib__certmap__sss_certmap.exports
@@ -0,0 +1,10 @@
+--- src/lib/certmap/sss_certmap.exports.orig	2024-01-12 12:05:40 UTC
++++ src/lib/certmap/sss_certmap.exports
+@@ -2,7 +2,6 @@ SSS_CERTMAP_0.0 {
+     global:
+         sss_certmap_init;
+         sss_certmap_free_ctx;
+-        sss_certmap_err_msg;
+         sss_certmap_add_rule;
+         sss_certmap_match_cert;
+         sss_certmap_get_search_filter;
diff --git a/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h b/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h
index 28013210fe9c..272d51672ba8 100644
--- a/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h
+++ b/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h
@@ -1,6 +1,4 @@
-diff --git src/lib/winbind_idmap_sss/winbind_idmap_sss.h src/lib/winbind_idmap_sss/winbind_idmap_sss.h
-index 868049fff..cb1604ef1 100644
---- src/lib/winbind_idmap_sss/winbind_idmap_sss.h
+--- src/lib/winbind_idmap_sss/winbind_idmap_sss.h.orig	2020-03-17 13:31:28 UTC
 +++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h
 @@ -29,6 +29,8 @@
  #include <stdbool.h>
diff --git a/security/sssd/files/patch-src__providers__ad__ad_common.c b/security/sssd/files/patch-src__providers__ad__ad_common.c
index 178dfb870821..abf17a992994 100644
--- a/security/sssd/files/patch-src__providers__ad__ad_common.c
+++ b/security/sssd/files/patch-src__providers__ad__ad_common.c
@@ -1,8 +1,6 @@
-diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c
-index 0d154ca57..407d37a37 100644
---- src/providers/ad/ad_common.c
+--- src/providers/ad/ad_common.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ad/ad_common.c
-@@ -419,7 +419,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
+@@ -420,7 +420,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
      char *server;
      char *realm;
      char *ad_hostname;
@@ -11,7 +9,7 @@ index 0d154ca57..407d37a37 100644
      char *case_sensitive_opt;
      const char *opt_override;
  
-@@ -458,7 +458,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
+@@ -459,7 +459,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
       */
      ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
      if (ad_hostname == NULL) {
@@ -20,7 +18,7 @@ index 0d154ca57..407d37a37 100644
          if (gret != 0) {
              ret = errno;
              DEBUG(SSSDBG_FATAL_FAILURE,
-@@ -466,7 +466,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
+@@ -467,7 +467,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
                     strerror(ret));
              goto done;
          }
diff --git a/security/sssd/files/patch-src__providers__ad__ad_gpo_ndr.c b/security/sssd/files/patch-src__providers__ad__ad_gpo_ndr.c
index 7bb5a0c1f476..33f2aaafc884 100644
--- a/security/sssd/files/patch-src__providers__ad__ad_gpo_ndr.c
+++ b/security/sssd/files/patch-src__providers__ad__ad_gpo_ndr.c
@@ -1,6 +1,6 @@
---- src/providers/ad/ad_gpo_ndr.c-orig	2020-11-28 22:21:39.860006000 +0000
-+++ src/providers/ad/ad_gpo_ndr.c	2020-11-28 22:23:15.849602000 +0000
-@@ -105,7 +105,7 @@
+--- src/providers/ad/ad_gpo_ndr.c.orig	2020-03-17 13:31:28 UTC
++++ src/providers/ad/ad_gpo_ndr.c
+@@ -105,7 +105,7 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr
                                    union security_ace_object_type *r)
  {
      uint32_t level;
@@ -9,7 +9,7 @@
      NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
      if (ndr_flags & NDR_SCALARS) {
          NDR_CHECK(ndr_pull_union_align(ndr, 4));
-@@ -135,7 +135,7 @@
+@@ -135,7 +135,7 @@ ndr_pull_security_ace_object_inherited_type(struct ndr
                                              union security_ace_object_inherited_type *r)
  {
      uint32_t level;
@@ -18,7 +18,7 @@
      NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
      if (ndr_flags & NDR_SCALARS) {
          NDR_CHECK(ndr_pull_union_align(ndr, 4));
-@@ -198,7 +198,7 @@
+@@ -198,7 +198,7 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
                                   union security_ace_object_ctr *r)
  {
      uint32_t level;
diff --git a/security/sssd/files/patch-src__providers__ad__ad_pac.h b/security/sssd/files/patch-src__providers__ad__ad_pac.h
index eb495780b53d..038a52963d46 100644
--- a/security/sssd/files/patch-src__providers__ad__ad_pac.h
+++ b/security/sssd/files/patch-src__providers__ad__ad_pac.h
@@ -1,6 +1,4 @@
-diff --git src/providers/ad/ad_pac.h src/providers/ad/ad_pac.h
-index 34f1e92c7..00a53cccd 100644
---- src/providers/ad/ad_pac.h
+--- src/providers/ad/ad_pac.h.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ad/ad_pac.h
 @@ -32,6 +32,8 @@
  #ifdef ldb_val
diff --git a/security/sssd/files/patch-src__providers__data_provider_fo.c b/security/sssd/files/patch-src__providers__data_provider_fo.c
index 4be41ef91a87..0b1b5ba212b7 100644
--- a/security/sssd/files/patch-src__providers__data_provider_fo.c
+++ b/security/sssd/files/patch-src__providers__data_provider_fo.c
@@ -1,8 +1,6 @@
-diff --git src/providers/data_provider_fo.c src/providers/data_provider_fo.c
-index 473b667e5..63f2dd131 100644
---- src/providers/data_provider_fo.c
+--- src/providers/data_provider_fo.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/data_provider_fo.c
-@@ -235,18 +235,18 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx *be_ctx,
+@@ -235,18 +235,18 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx 
                                          const char *hostname)
  {
      struct fo_resolve_srv_dns_ctx *srv_ctx = NULL;
diff --git a/security/sssd/files/patch-src__providers__ipa__ipa_common.c b/security/sssd/files/patch-src__providers__ipa__ipa_common.c
index 14c01fff88c9..cf16a396cf09 100644
--- a/security/sssd/files/patch-src__providers__ipa__ipa_common.c
+++ b/security/sssd/files/patch-src__providers__ipa__ipa_common.c
@@ -1,6 +1,4 @@
-diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c
-index 17d14e6b0..681ac8615 100644
---- src/providers/ipa/ipa_common.c
+--- src/providers/ipa/ipa_common.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ipa/ipa_common.c
 @@ -49,7 +49,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
      char *realm;
diff --git a/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c b/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c
index 91fe3ac37b8b..ba7a847dc4fc 100644
--- a/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c
+++ b/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c
@@ -1,6 +1,4 @@
-diff --git src/providers/ipa/ipa_deskprofile_rules_util.c src/providers/ipa/ipa_deskprofile_rules_util.c
-index 991c6053d..59483b452 100644
---- src/providers/ipa/ipa_deskprofile_rules_util.c
+--- src/providers/ipa/ipa_deskprofile_rules_util.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ipa/ipa_deskprofile_rules_util.c
 @@ -25,6 +25,8 @@
  #include "providers/ipa/ipa_rules_common.h"
diff --git a/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c b/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c
index 84fcfcd99001..3de6e4d92293 100644
--- a/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c
+++ b/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c
@@ -1,8 +1,6 @@
-diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c
-index 1cb7eade0..4aaeb84b2 100644
---- src/providers/krb5/krb5_delayed_online_authentication.c
+--- src/providers/krb5/krb5_delayed_online_authentication.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/krb5/krb5_delayed_online_authentication.c
-@@ -328,6 +328,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
+@@ -328,6 +328,7 @@ errno_t init_delayed_online_authentication(struct krb5
                                             struct tevent_context *ev)
  {
      int ret;
@@ -10,7 +8,7 @@ index 1cb7eade0..4aaeb84b2 100644
      hash_table_t *tmp_table;
  
      ret = get_uid_table(krb5_ctx, &tmp_table);
-@@ -347,6 +348,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
+@@ -347,6 +348,7 @@ errno_t init_delayed_online_authentication(struct krb5
                "hash_destroy failed [%s].\n", hash_error_string(ret));
          return EFAULT;
      }
diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c
index ae1bfc922d00..10fc2479bf3a 100644
--- a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c
+++ b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c
@@ -1,6 +1,4 @@
-diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
-index de22689ae..fdfd67cf4 100644
---- src/providers/ldap/ldap_auth.c
+--- src/providers/ldap/ldap_auth.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ldap/ldap_auth.c
 @@ -37,7 +37,6 @@
  #include <sys/time.h>
@@ -33,7 +31,7 @@ index de22689ae..fdfd67cf4 100644
  static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
  {
      int ret;
-@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
+@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *exp
      }
  
      DEBUG(SSSDBG_TRACE_ALL,
@@ -80,7 +78,7 @@ index de22689ae..fdfd67cf4 100644
          goto immediately;
  
      case SSS_PAM_ACCT_MGMT:
-@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
+@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_r
                                  state->be_ctx->domain->pwd_expiration_warning);
          if (ret == EINVAL) {
              /* Unknown password expiration type. */
@@ -89,7 +87,7 @@ index de22689ae..fdfd67cf4 100644
              goto done;
          }
      }
-@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
+@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_r
          state->pd->pam_status = PAM_BAD_ITEM;
          break;
      default:
@@ -98,7 +96,7 @@ index de22689ae..fdfd67cf4 100644
          break;
      }
  
-@@ -1271,7 +1286,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
+@@ -1273,7 +1288,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
      DEBUG(SSSDBG_OP_FAILURE,
            "starting password change request for user [%s].\n", pd->user);
  
@@ -107,7 +105,7 @@ index de22689ae..fdfd67cf4 100644
  
      if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
          DEBUG(SSSDBG_OP_FAILURE,
-@@ -1282,7 +1297,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
+@@ -1284,7 +1299,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
      subreq = auth_send(state, params->ev, auth_ctx,
                         pd->user, pd->authtok, true);
      if (subreq == NULL) {
@@ -116,7 +114,7 @@ index de22689ae..fdfd67cf4 100644
          goto immediately;
      }
  
-@@ -1335,7 +1350,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+@@ -1337,7 +1352,7 @@ static void sdap_pam_chpass_handler_auth_done(struct t
              if (ret == ERR_PASSWORD_EXPIRED) {
                  DEBUG(SSSDBG_CRIT_FAILURE, "LDAP provider cannot change "
                        "kerberos passwords.\n");
@@ -125,7 +123,7 @@ index de22689ae..fdfd67cf4 100644
                  goto done;
              }
              break;
-@@ -1344,7 +1359,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+@@ -1346,7 +1361,7 @@ static void sdap_pam_chpass_handler_auth_done(struct t
              break;
          default:
              DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n");
@@ -134,7 +132,7 @@ index de22689ae..fdfd67cf4 100644
                  goto done;
          }
      }
-@@ -1369,7 +1384,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+@@ -1371,7 +1386,7 @@ static void sdap_pam_chpass_handler_auth_done(struct t
                  if (subreq == NULL) {
                      DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for "
                            "%s\n", state->pd->user);
@@ -143,7 +141,7 @@ index de22689ae..fdfd67cf4 100644
                      goto done;
                  }
  
-@@ -1401,7 +1416,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+@@ -1403,7 +1418,7 @@ static void sdap_pam_chpass_handler_auth_done(struct t
              be_mark_offline(state->be_ctx);
              break;
          default:
@@ -152,7 +150,7 @@ index de22689ae..fdfd67cf4 100644
              break;
          }
  
-@@ -1437,7 +1452,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
+@@ -1439,7 +1454,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct
          state->pd->pam_status = PAM_AUTHTOK_ERR;
          break;
      default:
@@ -161,7 +159,7 @@ index de22689ae..fdfd67cf4 100644
          break;
      }
  
-@@ -1463,7 +1478,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
+@@ -1465,7 +1480,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct
                                                      state->sh, state->dn,
                                                      lastchanged_name);
          if (subreq == NULL) {
@@ -170,7 +168,7 @@ index de22689ae..fdfd67cf4 100644
              goto done;
          }
  
-@@ -1489,7 +1504,7 @@ static void sdap_pam_chpass_handler_last_done(struct tevent_req *subreq)
+@@ -1491,7 +1506,7 @@ static void sdap_pam_chpass_handler_last_done(struct t
      talloc_free(subreq);
  
      if (ret != EOK) {
diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_child.c b/security/sssd/files/patch-src__providers__ldap__ldap_child.c
index 745687d00267..11dd67f0e0e9 100644
--- a/security/sssd/files/patch-src__providers__ldap__ldap_child.c
+++ b/security/sssd/files/patch-src__providers__ldap__ldap_child.c
@@ -1,8 +1,6 @@
-diff --git src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child.c
-index 368bb91e1..1bc86ecb5 100644
---- src/providers/ldap/ldap_child.c
+--- src/providers/ldap/ldap_child.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ldap/ldap_child.c
-@@ -324,14 +324,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
+@@ -324,14 +324,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_
              full_princ = talloc_strdup(tmp_ctx, princ_str);
          }
      } else {
diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_access.c b/security/sssd/files/patch-src__providers__ldap__sdap_access.c
index 5b9e5efc1e1e..4ad743cec9eb 100644
--- a/security/sssd/files/patch-src__providers__ldap__sdap_access.c
+++ b/security/sssd/files/patch-src__providers__ldap__sdap_access.c
@@ -1,6 +1,4 @@
-diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
-index dd04ec512..58a3766fc 100644
---- src/providers/ldap/sdap_access.c
+--- src/providers/ldap/sdap_access.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ldap/sdap_access.c
 @@ -562,9 +562,9 @@ bool nds_check_expired(const char *exp_time_str)
  
@@ -15,7 +13,7 @@ index dd04ec512..58a3766fc 100644
  
      if (difftime(now, expire_time) > 0.0) {
          DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
-@@ -1247,7 +1247,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
+@@ -1247,7 +1247,7 @@ static errno_t sdap_access_host(struct ldb_message *us
      struct ldb_message_element *el;
      unsigned int i;
      char *host;
@@ -24,7 +22,7 @@ index dd04ec512..58a3766fc 100644
  
      el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST);
      if (!el || el->num_values == 0) {
-@@ -1255,12 +1255,12 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
+@@ -1255,12 +1255,12 @@ static errno_t sdap_access_host(struct ldb_message *us
          return ERR_ACCESS_DENIED;
      }
  
diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c
index 4cebe5fbd6c4..998f97ce4599 100644
--- a/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c
+++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c
@@ -1,6 +1,4 @@
-diff --git src/providers/ldap/sdap_async_groups.c src/providers/ldap/sdap_async_groups.c
-index 09e15bc3d..c74e4c3ea 100644
---- src/providers/ldap/sdap_async_groups.c
+--- src/providers/ldap/sdap_async_groups.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ldap/sdap_async_groups.c
 @@ -505,6 +505,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
      struct sysdb_attrs *group_attrs;
diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c
index 2803124e583b..78b4f54bbbc8 100644
--- a/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c
+++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c
@@ -1,8 +1,6 @@
-diff --git src/providers/ldap/sdap_async_initgroups.c src/providers/ldap/sdap_async_initgroups.c
-index 620782b6f..9831ac1d6 100644
---- src/providers/ldap/sdap_async_initgroups.c
+--- src/providers/ldap/sdap_async_initgroups.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ldap/sdap_async_initgroups.c
-@@ -45,6 +45,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
+@@ -45,6 +45,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *s
      const char *uuid = NULL;
      char **missing;
      gid_t gid;
@@ -10,7 +8,7 @@ index 620782b6f..9831ac1d6 100644
      int ret;
      errno_t sret;
      bool in_transaction = false;
-@@ -146,7 +147,8 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
+@@ -146,7 +147,8 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *s
  
                      /* Convert the SID into a UNIX group ID */
                      ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str,
@@ -20,7 +18,7 @@ index 620782b6f..9831ac1d6 100644
                      if (ret == EOK) {
                          DEBUG(SSSDBG_TRACE_INTERNAL,
                                "Group [%s] has mapped gid [%lu]\n",
-@@ -3305,6 +3307,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
+@@ -3305,6 +3307,7 @@ static void sdap_get_initgr_done(struct tevent_req *su
      int ret;
      TALLOC_CTX *tmp_ctx;
      gid_t primary_gid;
@@ -28,7 +26,7 @@ index 620782b6f..9831ac1d6 100644
      char *gid;
      char *sid_str;
      char *dom_sid_str;
-@@ -3411,8 +3414,9 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
+@@ -3411,8 +3414,9 @@ static void sdap_get_initgr_done(struct tevent_req *su
  
          /* Convert the SID into a UNIX group ID */
          ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str,
diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c
index b7feb84f1507..209b70aff503 100644
--- a/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c
+++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c
@@ -1,8 +1,6 @@
-diff --git src/providers/ldap/sdap_async_initgroups_ad.c src/providers/ldap/sdap_async_initgroups_ad.c
-index 3c58f5bc4..7e0a5169d 100644
---- src/providers/ldap/sdap_async_initgroups_ad.c
+--- src/providers/ldap/sdap_async_initgroups_ad.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ldap/sdap_async_initgroups_ad.c
-@@ -851,6 +851,7 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
+@@ -851,6 +851,7 @@ errno_t sdap_ad_save_group_membership_with_idmapping(c
      size_t i;
      time_t now;
      gid_t gid;
@@ -10,7 +8,7 @@ index 3c58f5bc4..7e0a5169d 100644
      char **groups = NULL;
      size_t num_groups;
      errno_t ret;
-@@ -881,7 +882,8 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
+@@ -881,7 +882,8 @@ errno_t sdap_ad_save_group_membership_with_idmapping(c
          sid = sids[i];
          DEBUG(SSSDBG_TRACE_LIBS, "Processing membership SID [%s]\n", sid);
  
diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c
index 78deda7d99fa..e3091d63446a 100644
--- a/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c
+++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c
@@ -1,8 +1,6 @@
-diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c
-index a3c3e1068..f33299304 100644
---- src/providers/ldap/sdap_async_sudo_hostinfo.c
+--- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ldap/sdap_async_sudo_hostinfo.c
-@@ -357,7 +357,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
+@@ -357,7 +357,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send
      struct tevent_req *subreq = NULL;
      struct sdap_sudo_get_hostnames_state *state = NULL;
      char *dot = NULL;
@@ -11,7 +9,7 @@ index a3c3e1068..f33299304 100644
      int ret;
  
      req = tevent_req_create(mem_ctx, &state,
-@@ -380,14 +380,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
+@@ -380,14 +380,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send
      /* get hostname */
  
      errno = 0;
diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c
index 4e5fcbb6008c..e835f542d46d 100644
--- a/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c
+++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c
@@ -1,6 +1,4 @@
-diff --git src/providers/ldap/sdap_async_users.c src/providers/ldap/sdap_async_users.c
-index 92eeda1d3..8847be79b 100644
---- src/providers/ldap/sdap_async_users.c
+--- src/providers/ldap/sdap_async_users.c.orig	2020-03-17 13:31:28 UTC
 +++ src/providers/ldap/sdap_async_users.c
 @@ -61,7 +61,8 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts,
  {
diff --git a/security/sssd/files/patch-src__resolv__async_resolv_utils.c b/security/sssd/files/patch-src__resolv__async_resolv_utils.c
index 27457a3399d6..d0bd69b25801 100644
--- a/security/sssd/files/patch-src__resolv__async_resolv_utils.c
*** 610 LINES SKIPPED ***