summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2022-05-26 17:11:20 +0200
committerLudovic Courtès <ludo@gnu.org>2022-05-26 17:11:20 +0200
commit7097e98586df3110b80943a88c27804d65f214fa (patch)
tree2e244b9fc19acc569d6abd42306aaf013f02da0d /gnu/packages/patches
parent15870cc08d20501e3526fa892111a43ae9e3e02f (diff)
parent4577f3c6b60ea100e521c246fb169d6c05214b20 (diff)
downloadguix-7097e98586df3110b80943a88c27804d65f214fa.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/elm-compiler-disable-reactor.patch71
-rw-r--r--gnu/packages/patches/elm-compiler-fix-map-key.patch38
-rw-r--r--gnu/packages/patches/elm-offline-package-registry.patch71
-rw-r--r--gnu/packages/patches/elm-reactor-static-files.patch251
-rw-r--r--gnu/packages/patches/emacs-ess-fix-obsolete-function-alias.patch23
-rw-r--r--gnu/packages/patches/emacs-lispy-fix-thread-last-test.patch39
-rw-r--r--gnu/packages/patches/gcc-12-strmov-store-file-names.patch114
-rw-r--r--gnu/packages/patches/gcolor3-update-libportal-usage.patch55
-rw-r--r--gnu/packages/patches/libobjc2-unbundle-robin-map.patch47
-rw-r--r--gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch71
-rw-r--r--gnu/packages/patches/sssd-fix-samba-4.15.3.patch523
-rw-r--r--gnu/packages/patches/sssd-fix-samba.patch50
-rw-r--r--gnu/packages/patches/sssd-optional-systemd.patch45
-rw-r--r--gnu/packages/patches/sssd-system-directories.patch44
-rw-r--r--gnu/packages/patches/ytnef-CVE-2021-3403.patch32
-rw-r--r--gnu/packages/patches/ytnef-CVE-2021-3404.patch30
16 files changed, 672 insertions, 832 deletions
diff --git a/gnu/packages/patches/elm-compiler-disable-reactor.patch b/gnu/packages/patches/elm-compiler-disable-reactor.patch
deleted file mode 100644
index 9871b55e8d..0000000000
--- a/gnu/packages/patches/elm-compiler-disable-reactor.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-commit 20d80e2323b565a36751c9455e535d8f73fa32f7
-Author: Robert Vollmert <rob@vllmrt.net>
-Date:   Fri Jun 14 16:05:47 2019 +0200
-
-    disable reactor
-
-diff --git a/elm.cabal b/elm.cabal
-index c75f9689..ece63c46 100644
---- a/elm.cabal
-+++ b/elm.cabal
-@@ -45,9 +45,6 @@ Executable elm
-         builder/src
-         ui/terminal/src
- 
--    other-extensions:
--        TemplateHaskell
--
-     Main-Is:
-         Main.hs
- 
-@@ -56,8 +53,6 @@ Executable elm
-         Develop
-         Develop.Generate.Help
-         Develop.Generate.Index
--        Develop.StaticFiles
--        Develop.StaticFiles.Build
-         Diff
-         Init
-         Install
-diff --git a/ui/terminal/src/Develop.hs b/ui/terminal/src/Develop.hs
-index 4b2252e1..7ed7716e 100644
---- a/ui/terminal/src/Develop.hs
-+++ b/ui/terminal/src/Develop.hs
-@@ -23,7 +23,6 @@ import Snap.Util.FileServe
- import qualified Elm.Project as Project
- import qualified Develop.Generate.Help as Generate
- import qualified Develop.Generate.Index as Index
--import qualified Develop.StaticFiles as StaticFiles
- import qualified Generate.Output as Output
- import qualified Json.Encode as Encode
- import qualified Reporting.Exit as Exit
-@@ -219,16 +218,7 @@ compileToHtmlBuilder mode file =
- 
- 
- serveAssets :: Snap ()
--serveAssets =
--  do  file <- getSafePath
--      case StaticFiles.lookup file of
--        Nothing ->
--          pass
--
--        Just (content, mimeType) ->
--          do  modifyResponse (setContentType (mimeType <> ";charset=utf-8"))
--              writeBS content
--
-+serveAssets = pass
- 
- 
- -- MIME TYPES
-diff --git a/ui/terminal/src/Main.hs b/terminal/src/Main.hs
-index 7000f3ca..2c76965a 100644
---- a/ui/terminal/src/Main.hs
-+++ b/ui/terminal/src/Main.hs
-@@ -39,7 +39,6 @@ main =
-       complex intro outro
-         [ repl
-         , init
--        , reactor
-         , make
-         , install
-         , bump
diff --git a/gnu/packages/patches/elm-compiler-fix-map-key.patch b/gnu/packages/patches/elm-compiler-fix-map-key.patch
deleted file mode 100644
index 4f05ded530..0000000000
--- a/gnu/packages/patches/elm-compiler-fix-map-key.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-commit e3512d887df41a8162c3e361171c04beca08415b
-Author: Tom Stejskal <tom.stejskal@gmail.com>
-Date:   Mon Nov 19 20:09:43 2018 +0100
-
-    Fix Map.!: given key is not an element in the map
-
-diff --git a/compiler/src/Elm/Compiler/Type/Extract.hs b/compiler/src/Elm/Compiler/Type/Extract.hs
-index 1aafe1d4..99763392 100644
---- a/compiler/src/Elm/Compiler/Type/Extract.hs
-+++ b/compiler/src/Elm/Compiler/Type/Extract.hs
-@@ -10,6 +10,7 @@ module Elm.Compiler.Type.Extract
- 
- 
- import Data.Map ((!))
-+import qualified Data.Map as Map
- import qualified Data.Maybe as Maybe
- import qualified Data.Set as Set
- 
-@@ -134,11 +135,15 @@ extractUnion interfaces (Opt.Global home name) =
-     else
-       let
-         pname = toPublicName home name
--        unions = I._unions (interfaces ! home)
-+        maybeUnions = I._unions <$> Map.lookup home interfaces
-       in
--      case I.toUnionInternals (unions ! name) of
--        Can.Union vars ctors _ _ ->
--          T.Union pname vars <$> traverse extractCtor ctors
-+      case Map.lookup name =<< maybeUnions of
-+        Just union ->
-+          case I.toUnionInternals union of
-+            Can.Union vars ctors _ _ ->
-+              T.Union pname vars <$> traverse extractCtor ctors
-+        Nothing ->
-+          return $ T.Union pname [] []
- 
- 
- extractCtor :: Can.Ctor -> Extractor (N.Name, [T.Type])
diff --git a/gnu/packages/patches/elm-offline-package-registry.patch b/gnu/packages/patches/elm-offline-package-registry.patch
new file mode 100644
index 0000000000..761ec69878
--- /dev/null
+++ b/gnu/packages/patches/elm-offline-package-registry.patch
@@ -0,0 +1,71 @@
+From 06563409e6f2b1cca7bc1b27e31efd07a7569da8 Mon Sep 17 00:00:00 2001
+From: Philip McGrath <philip@philipmcgrath.com>
+Date: Thu, 14 Apr 2022 22:41:04 -0400
+Subject: [PATCH] minimal support for offline builds
+
+Normally, Elm performs HTTP requests before building to obtain or
+update its list of all registed packages and their versions.
+This is problematic in the Guix build environment.
+
+This patch causes Elm to check if the `GUIX_ELM_OFFLINE_REGISTRY_FILE`
+is set and, if so, to use the contents of the file it specifies as
+though it were the response from
+https://package.elm-lang.org/all-packages.
+
+This patch does not attempt to add more general support for offline
+builds. In particular, it does not attempt to support incremental
+updates to the package registry cache file. See also discussion at
+https://discourse.elm-lang.org/t/private-package-tool-spec/6779/25.
+---
+ builder/src/Deps/Registry.hs | 25 +++++++++++++++++++++----
+ 1 file changed, 21 insertions(+), 4 deletions(-)
+
+diff --git a/builder/src/Deps/Registry.hs b/builder/src/Deps/Registry.hs
+index 8d7def98..70cf3622 100644
+--- a/builder/src/Deps/Registry.hs
++++ b/builder/src/Deps/Registry.hs
+@@ -18,6 +18,8 @@ import Control.Monad (liftM2)
+ import Data.Binary (Binary, get, put)
+ import qualified Data.List as List
+ import qualified Data.Map.Strict as Map
++import System.Environment as Env
++import qualified Data.ByteString as BS
+ 
+ import qualified Deps.Website as Website
+ import qualified Elm.Package as Pkg
+@@ -190,13 +192,28 @@ getVersions' name (Registry _ versions) =
+ post :: Http.Manager -> String -> D.Decoder x a -> (a -> IO b) -> IO (Either Exit.RegistryProblem b)
+ post manager path decoder callback =
+   let
+-    url = Website.route path []
+-  in
+-  Http.post manager url [] Exit.RP_Http $
+-    \body ->
++    mkBodyCallback url body =
+       case D.fromByteString decoder body of
+         Right a -> Right <$> callback a
+         Left _ -> return $ Left $ Exit.RP_Data url body
++    postOnline url cb =
++      Http.post manager url [] Exit.RP_Http cb
++    performPost f url =
++      f url (mkBodyCallback url)
++  in
++    do
++      maybeFile <- Env.lookupEnv "GUIX_ELM_OFFLINE_REGISTRY_FILE"
++      case (path, maybeFile) of
++        ( "/all-packages", Just file ) ->
++          performPost postOffline file
++        ( _, _ ) ->
++          -- don't know how to handle other endpoints yet
++          performPost postOnline (Website.route path [])
++
++postOffline :: String -> (BS.ByteString -> IO a) -> IO a
++postOffline file callback = do
++  body <- BS.readFile file
++  callback body
+ 
+ 
+ 
+-- 
+2.32.0
+
diff --git a/gnu/packages/patches/elm-reactor-static-files.patch b/gnu/packages/patches/elm-reactor-static-files.patch
new file mode 100644
index 0000000000..94c4aa0cd1
--- /dev/null
+++ b/gnu/packages/patches/elm-reactor-static-files.patch
@@ -0,0 +1,251 @@
+From 41d219a29b03f3114af7a0521c8b2dbbb487c3e1 Mon Sep 17 00:00:00 2001
+From: Philip McGrath <philip@philipmcgrath.com>
+Date: Wed, 13 Apr 2022 18:45:58 -0400
+Subject: [PATCH] reactor: look for static files relative to executable
+
+Must built with `-DGUIX_REACTOR_STATIC_REL_ROOT="../path/to/reactor"`.
+
+This lets us build a version of Elm without the `elm reactor` for
+bootstrapping, then simply put the files in place in the final package.
+---
+ elm.cabal                                 |  2 +-
+ terminal/src/Develop.hs                   | 32 +++++++++++----
+ terminal/src/Develop/StaticFiles.hs       | 37 ++++++++++-------
+ terminal/src/Develop/StaticFiles/Build.hs | 50 ++++++++++++++---------
+ 4 files changed, 79 insertions(+), 42 deletions(-)
+
+diff --git a/elm.cabal b/elm.cabal
+index bf1cfcf0..93161072 100644
+--- a/elm.cabal
++++ b/elm.cabal
+@@ -50,6 +50,7 @@ Executable elm
+ 
+     other-extensions:
+         TemplateHaskell
++        CPP
+ 
+     Main-Is:
+         Main.hs
+@@ -211,7 +212,6 @@ Executable elm
+         containers >= 0.5.8.2 && < 0.6,
+         directory >= 1.2.3.0 && < 2.0,
+         edit-distance >= 0.2 && < 0.3,
+-        file-embed,
+         filelock,
+         filepath >= 1 && < 2.0,
+         ghc-prim >= 0.5.2,
+diff --git a/terminal/src/Develop.hs b/terminal/src/Develop.hs
+index 00339364..6855b03e 100644
+--- a/terminal/src/Develop.hs
++++ b/terminal/src/Develop.hs
+@@ -33,6 +33,7 @@ import qualified Reporting.Exit as Exit
+ import qualified Reporting.Task as Task
+ import qualified Stuff
+ 
++import System.Exit as SysExit
+ 
+ 
+ -- RUN THE DEV SERVER
+@@ -45,13 +46,29 @@ data Flags =
+ 
+ 
+ run :: () -> Flags -> IO ()
+-run () (Flags maybePort) =
++run () flags = do
++  frontEnd <- StaticFiles.prepare
++  case frontEnd of
++    Right lookup ->
++      reallyRun lookup flags
++    Left missing ->
++      SysExit.die $ unlines
++      [ "The `reactor` command is not available."
++      , ""
++      , "On Guix, these files are needed for `elm reactor` to work,"
++      , "but they are missing:"
++      , ""
++      , unlines (map (\pth -> "    " ++ (show pth)) missing)
++      ]
++
++reallyRun :: StaticFiles.Lookup -> Flags -> IO ()
++reallyRun lookup (Flags maybePort) =
+   do  let port = maybe 8000 id maybePort
+       putStrLn $ "Go to http://localhost:" ++ show port ++ " to see your project dashboard."
+       httpServe (config port) $
+         serveFiles
+         <|> serveDirectoryWith directoryConfig "."
+-        <|> serveAssets
++        <|> serveAssets lookup
+         <|> error404
+ 
+ 
+@@ -169,16 +186,15 @@ compile path =
+ -- SERVE STATIC ASSETS
+ 
+ 
+-serveAssets :: Snap ()
+-serveAssets =
++serveAssets :: StaticFiles.Lookup -> Snap ()
++serveAssets lookup =
+   do  path <- getSafePath
+-      case StaticFiles.lookup path of
++      case lookup path of
+         Nothing ->
+           pass
+ 
+-        Just (content, mimeType) ->
+-          do  modifyResponse (setContentType (mimeType <> ";charset=utf-8"))
+-              writeBS content
++        Just (fsPath, mimeType) ->
++          serveFileAs (mimeType <> ";charset=utf-8") fsPath
+ 
+ 
+ 
+diff --git a/terminal/src/Develop/StaticFiles.hs b/terminal/src/Develop/StaticFiles.hs
+index 94ee72dc..3227d617 100644
+--- a/terminal/src/Develop/StaticFiles.hs
++++ b/terminal/src/Develop/StaticFiles.hs
+@@ -2,7 +2,8 @@
+ {-# LANGUAGE OverloadedStrings #-}
+ {-# LANGUAGE TemplateHaskell #-}
+ module Develop.StaticFiles
+-  ( lookup
++  ( prepare
++  , Lookup
+   , cssPath
+   , elmPath
+   , waitingPath
+@@ -11,9 +12,7 @@ module Develop.StaticFiles
+ 
+ import Prelude hiding (lookup)
+ import qualified Data.ByteString as BS
+-import Data.FileEmbed (bsToExp)
+ import qualified Data.HashMap.Strict as HM
+-import Language.Haskell.TH (runIO)
+ import System.FilePath ((</>))
+ 
+ import qualified Develop.StaticFiles.Build as Build
+@@ -26,20 +25,29 @@ import qualified Develop.StaticFiles.Build as Build
+ type MimeType =
+   BS.ByteString
+ 
++type Lookup = FilePath -> Maybe (FilePath, MimeType)
+ 
+-lookup :: FilePath -> Maybe (BS.ByteString, MimeType)
+-lookup path =
++prepare :: IO (Either [FilePath] Lookup)
++prepare = do
++  found <- Build.findReactorFrontEnd expectedFiles
++  return $ case found of
++    Left missing ->
++      Left missing
++    Right resolved ->
++      Right (mkLookup (HM.fromList resolved))
++
++mkLookup :: HM.HashMap FilePath (FilePath, MimeType) -> Lookup
++mkLookup dict path =
+   HM.lookup path dict
+ 
+ 
+-dict :: HM.HashMap FilePath (BS.ByteString, MimeType)
+-dict =
+-  HM.fromList
+-    [ faviconPath  ==> (favicon , "image/x-icon")
+-    , elmPath      ==> (elm     , "application/javascript")
+-    , cssPath      ==> (css     , "text/css")
+-    , codeFontPath ==> (codeFont, "font/ttf")
+-    , sansFontPath ==> (sansFont, "font/ttf")
++expectedFiles :: [(FilePath, MimeType)]
++expectedFiles =
++    [ faviconPath  ==> "image/x-icon"
++    , elmPath      ==> "application/javascript"
++    , cssPath      ==> "text/css"
++    , codeFontPath ==> "font/ttf"
++    , sansFontPath ==> "font/ttf"
+     ]
+ 
+ 
+@@ -82,7 +90,7 @@ sansFontPath =
+   "_elm" </> "source-sans-pro.ttf"
+ 
+ 
+-
++{-
+ -- ELM
+ 
+ 
+@@ -121,3 +129,4 @@ sansFont =
+ favicon :: BS.ByteString
+ favicon =
+   $(bsToExp =<< runIO (Build.readAsset "favicon.ico"))
++-}
+diff --git a/terminal/src/Develop/StaticFiles/Build.hs b/terminal/src/Develop/StaticFiles/Build.hs
+index c61fae57..c39b08b0 100644
+--- a/terminal/src/Develop/StaticFiles/Build.hs
++++ b/terminal/src/Develop/StaticFiles/Build.hs
+@@ -1,28 +1,39 @@
+ {-# LANGUAGE OverloadedStrings #-}
++{-# LANGUAGE CPP #-}
+ module Develop.StaticFiles.Build
+-  ( readAsset
+-  , buildReactorFrontEnd
++  ( findReactorFrontEnd
+   )
+   where
+ 
+-
+-import qualified Data.ByteString as BS
+-import qualified Data.ByteString.Builder as B
+-import qualified Data.ByteString.Lazy as LBS
+-import qualified Data.NonEmptyList as NE
+ import qualified System.Directory as Dir
+-import System.FilePath ((</>))
+-
+-import qualified BackgroundWriter as BW
+-import qualified Build
+-import qualified Elm.Details as Details
+-import qualified Generate
+-import qualified Reporting
+-import qualified Reporting.Exit as Exit
+-import qualified Reporting.Task as Task
+-
+-
+-
++import System.FilePath ((</>), takeDirectory)
++import System.Environment (getExecutablePath)
++import Data.Either as Either
++
++reactorStaticRelRoot :: FilePath
++reactorStaticRelRoot = GUIX_REACTOR_STATIC_REL_ROOT
++
++type Resolved a = (FilePath, (FilePath, a))
++
++findReactorFrontEnd :: [(FilePath, a)] -> IO (Either [FilePath] [Resolved a])
++findReactorFrontEnd specs = do
++  exe <- getExecutablePath
++  let dir = takeDirectory exe </> reactorStaticRelRoot
++  dirExists <- Dir.doesDirectoryExist dir
++  files <- sequence (map (findFile dir) specs)
++  return $ case Either.lefts files of
++           [] ->
++             Right (Either.rights files)
++           missing ->
++             Left $ if dirExists then missing else [dir]
++
++findFile :: FilePath -> (FilePath, a) -> IO (Either FilePath (Resolved a))
++findFile dir (rel, rhs) = do
++  let abs = dir </> rel
++  exists <- Dir.doesFileExist abs
++  return $ if not exists then Left abs else Right (rel, (abs, rhs))
++
++{-
+ -- ASSETS
+ 
+ 
+@@ -71,3 +82,4 @@ runTaskUnsafe task =
+                 \\nCompile with `elm make` directly to figure it out faster\
+                 \\n--------------------------------------------------------\
+                 \\n"
++-}
+-- 
+2.32.0
+
diff --git a/gnu/packages/patches/emacs-ess-fix-obsolete-function-alias.patch b/gnu/packages/patches/emacs-ess-fix-obsolete-function-alias.patch
new file mode 100644
index 0000000000..f7b61391c3
--- /dev/null
+++ b/gnu/packages/patches/emacs-ess-fix-obsolete-function-alias.patch
@@ -0,0 +1,23 @@
+From 9cc5520e1998d03f5dec0fbb1fe71b7cdec38b65 Mon Sep 17 00:00:00 2001
+From: Alex Branham <alex.branham@gmail.com>
+Date: Wed, 6 Jan 2021 06:41:20 -0500
+Subject: [PATCH] Add required when to obsolete function alias
+
+Closes #1085
+---
+ lisp/ess-r-package.el | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lisp/ess-r-package.el b/lisp/ess-r-package.el
+index 260959955..397ce14e6 100644
+--- a/lisp/ess-r-package.el
++++ b/lisp/ess-r-package.el
+@@ -577,7 +577,7 @@ package mode. Use this function if state of the buffer such as
+   (error "As of ESS 16.04, `ess-developer' is deprecated. Use `ess-r-set-evaluation-env' instead"))
+ 
+ (defalias 'ess-toggle-developer 'ess-developer)
+-(define-obsolete-function-alias 'ess-r-devtools-check-package-buildwin 'ess-r-devtools-check-with-winbuilder)
++(define-obsolete-function-alias 'ess-r-devtools-check-package-buildwin 'ess-r-devtools-check-with-winbuilder "18.04")
+ (define-obsolete-function-alias 'ess-r-devtools-ask 'ess-r-devtools-execute-command "18.04")
+ 
+ (make-obsolete-variable 'ess-developer "Please use `ess-developer-select-package' and `ess-r-set-evaluation-env' instead." "16.04")
diff --git a/gnu/packages/patches/emacs-lispy-fix-thread-last-test.patch b/gnu/packages/patches/emacs-lispy-fix-thread-last-test.patch
new file mode 100644
index 0000000000..2690dabdc8
--- /dev/null
+++ b/gnu/packages/patches/emacs-lispy-fix-thread-last-test.patch
@@ -0,0 +1,39 @@
+From dbe23aec174001c42f6edc7a594863a82a24bcfa Mon Sep 17 00:00:00 2001
+From: Kyle Meyer <kyle@kyleam.com>
+Date: Sun, 15 May 2022 13:56:37 -0400
+Subject: [PATCH] lispy-test.el (lispy-toggle-threaded-last): Update for Emacs
+ 28
+
+Starting with Emacs 28.1, thread-first uses `(declare (indent 0) ...)`
+rather than `(declare (indent 1) ...)`.
+---
+
+  Proposed upstream at <https://github.com/abo-abo/lispy/pull/632>.
+
+ lispy-test.el | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/lispy-test.el b/lispy-test.el
+index d946731..87d8c87 100644
+--- a/lispy-test.el
++++ b/lispy-test.el
+@@ -150,7 +150,13 @@ (ert-deftest lispy-toggle-threaded-last ()
+                    "|(thread-last (a 1) (b 2) (c 3))"))
+   (should (string= (lispy-with "|(equal 1443070800.0\n       (ts-unix\n        (ts-parse-org-element\n         (org-element-context))))"
+                                (lispy-toggle-thread-last))
+-                   "|(thread-last (org-element-context)\n  (ts-parse-org-element)\n  (ts-unix)\n  (equal 1443070800.0))"))
++                   (let ((indent (make-string
++                                  (if (version< emacs-version "28.1") 2 13)
++                                  ?\s)))
++                     (concat "|(thread-last (org-element-context)\n"
++                             indent "(ts-parse-org-element)\n"
++                             indent "(ts-unix)\n"
++                             indent "(equal 1443070800.0))"))))
+   (should (string= (lispy-with "|(thread-last (org-element-context)\n  (ts-parse-org-element)\n  (ts-unix)\n  (equal 1443070800.0))"
+                                (lispy-toggle-thread-last))
+                    "|(equal 1443070800.0\n       (ts-unix\n        (ts-parse-org-element\n         (org-element-context))))")))
+
+base-commit: df1b7e614fb0f73646755343e8892ddda310f427
+-- 
+2.36.0
+
diff --git a/gnu/packages/patches/gcc-12-strmov-store-file-names.patch b/gnu/packages/patches/gcc-12-strmov-store-file-names.patch
new file mode 100644
index 0000000000..091fc3f576
--- /dev/null
+++ b/gnu/packages/patches/gcc-12-strmov-store-file-names.patch
@@ -0,0 +1,114 @@
+Make sure that statements such as:
+
+  strcpy (dst, "/gnu/store/…");
+
+or
+
+  static const char str[] = "/gnu/store/…";
+  …
+  strcpy (dst, str);
+
+do not result in chunked /gnu/store strings that are undetectable by
+Guix's GC and its grafting code.  See <https://bugs.gnu.org/24703>
+and <https://bugs.gnu.org/30395>.
+
+diff --git a/gcc/builtins.cc b/gcc/builtins.cc
+index 5b085e3a1..480bc0b54 100644
+--- a/gcc/builtins.cc
++++ b/gcc/builtins.cc
+@@ -3363,6 +3363,58 @@ expand_builtin_mempcpy (tree exp, rtx target)
+ 				      target, exp, /*retmode=*/ RETURN_END);
+ }
+ 
++extern void debug_tree (tree);
++
++/* Return true if STR contains the string "/gnu/store".  */
++
++bool
++store_reference_p (tree str)
++{
++  if (getenv ("GUIX_GCC_DEBUG") != NULL)
++    debug_tree (str);
++
++  if (TREE_CODE (str) == ADDR_EXPR)
++    str = TREE_OPERAND (str, 0);
++
++  if (TREE_CODE (str) == VAR_DECL
++      && TREE_STATIC (str)
++      && TREE_READONLY (str))
++    {
++      /* STR may be a 'static const' variable whose initial value
++         is a string constant.  See <https://bugs.gnu.org/30395>.  */
++      str = DECL_INITIAL (str);
++      if (str == NULL_TREE)
++        return false;
++    }
++
++  if (TREE_CODE (str) != STRING_CST)
++    return false;
++
++  int len;
++  const char *store;
++
++  store = getenv ("NIX_STORE") ? getenv ("NIX_STORE") : "/gnu/store";
++  len = strlen (store);
++
++  /* Size of the hash part of store file names, including leading slash and
++     trailing hyphen.  */
++  const int hash_len = 34;
++
++  if (TREE_STRING_LENGTH (str) < len + hash_len)
++    return false;
++
++  /* We cannot use 'strstr' because 'TREE_STRING_POINTER' returns a string
++     that is not necessarily NUL-terminated.  */
++
++  for (int i = 0; i < TREE_STRING_LENGTH (str) - (len + hash_len); i++)
++    {
++      if (strncmp (TREE_STRING_POINTER (str) + i, store, len) == 0)
++	return true;
++    }
++
++  return false;
++}
++
+ /* Helper function to do the actual work for expand of memory copy family
+    functions (memcpy, mempcpy, stpcpy).  Expansing should assign LEN bytes
+    of memory from SRC to DEST and assign to TARGET if convenient.  Return
+@@ -3384,6 +3436,13 @@ expand_builtin_memory_copy_args (tree dest, tree src, tree len,
+ 
+   bool is_move_done;
+ 
++  /* Do not emit block moves, which translate to the 'movabs' instruction on
++     x86_64, when SRC refers to store items.  That way, store references
++     remain visible to the Guix GC and grafting code.  See
++     <https://bugs.gnu.org/24703>.  */
++  if (store_reference_p (src))
++    return NULL_RTX;
++
+   /* If DEST is not a pointer type, call the normal function.  */
+   if (dest_align == 0)
+     return NULL_RTX;
+diff --git a/gcc/gimple-fold.cc b/gcc/gimple-fold.cc
+index 863ee3d39..4cc46c265 100644
+--- a/gcc/gimple-fold.cc
++++ b/gcc/gimple-fold.cc
+@@ -856,6 +856,8 @@ var_decl_component_p (tree var)
+ 	      && TREE_CODE (TREE_OPERAND (inner, 0)) == ADDR_EXPR));
+ }
+ 
++extern bool store_reference_p (tree);
++
+ /* Return TRUE if the SIZE argument, representing the size of an
+    object, is in a range of values of which exactly zero is valid.  */
+ 
+@@ -960,6 +962,9 @@ gimple_fold_builtin_memory_op (gimple_stmt_iterator *gsi,
+ 	= build_int_cst (build_pointer_type_for_mode (char_type_node,
+ 						      ptr_mode, true), 0);
+ 
++      if (store_reference_p (src))
++        return false;
++
+       /* If we can perform the copy efficiently with first doing all loads
+          and then all stores inline it that way.  Currently efficiently
+ 	 means that we can load all the memory into a single integer
diff --git a/gnu/packages/patches/gcolor3-update-libportal-usage.patch b/gnu/packages/patches/gcolor3-update-libportal-usage.patch
new file mode 100644
index 0000000000..3e6d33e544
--- /dev/null
+++ b/gnu/packages/patches/gcolor3-update-libportal-usage.patch
@@ -0,0 +1,55 @@
+Fix gcolor3 to work with libportal-0.5
+
+This patch is extracted from upstream, see here
+https://gitlab.gnome.org/World/gcolor3/-/commit/1750369a3fd922aa9db6916207dc460c6f885e14
+
+From 1750369a3fd922aa9db6916207dc460c6f885e14 Mon Sep 17 00:00:00 2001
+From: Michal Vasilek <michal@vasilek.cz>
+Date: Mon, 27 Dec 2021 13:47:14 +0100
+Subject: [PATCH] Update to libportal 0.5
+
+---
+ meson.build                   | 2 ++
+ src/gcolor3-color-selection.c | 2 +-
+ src/meson.build               | 1 +
+ 3 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 6453679..7d6dc50 100644
+--- a/meson.build
++++ b/meson.build
+@@ -7,9 +7,11 @@ dep_gtk = dependency('gtk+-3.0', version: '>= 3.20.0', required: true)
+ dep_libportal = dependency(
+   'libportal',
+   required: true,
++  version: '>= 0.5',
+   fallback: ['libportal', 'libportal_dep'],
+   default_options: ['gtk_doc=false'],
+ )
++dep_libportal_gtk3 = dependency('libportal-gtk3', version: '>= 0.5', required: true)
+ cc = meson.get_compiler('c')
+ dep_lm = cc.find_library('m', required: true)
+ 
+diff --git a/src/gcolor3-color-selection.c b/src/gcolor3-color-selection.c
+index 7413850..5df9d54 100644
+--- a/src/gcolor3-color-selection.c
++++ b/src/gcolor3-color-selection.c
+@@ -41,7 +41,7 @@
+ #include <gtk/gtk.h>
+ #include <glib/gi18n.h>
+ #include <libportal/portal.h>
+-#include <libportal/portal-gtk3.h>
++#include <libportal-gtk3/portal-gtk3.h>
+ 
+ #ifdef ENABLE_NLS
+ #define P_(String) g_dgettext(GETTEXT_PACKAGE "-properties",String)
+diff --git a/src/meson.build b/src/meson.build
+index 3998f68..d488e51 100644
+--- a/src/meson.build
++++ b/src/meson.build
+@@ -42,6 +42,7 @@ executable(
+   dependencies: [
+     dep_gtk,
+     dep_libportal,
++    dep_libportal_gtk3,
+     dep_lm
diff --git a/gnu/packages/patches/libobjc2-unbundle-robin-map.patch b/gnu/packages/patches/libobjc2-unbundle-robin-map.patch
new file mode 100644
index 0000000000..b828a64221
--- /dev/null
+++ b/gnu/packages/patches/libobjc2-unbundle-robin-map.patch
@@ -0,0 +1,47 @@
+From 2c5b0d5d6eba3bda4e83f489da546060fa8f3a2b Mon Sep 17 00:00:00 2001
+From: Zhu Zihao <all_but_last@163.com>
+Date: Sat, 26 Mar 2022 16:54:43 +0800
+Subject: [PATCH] Unbundle robin-map.
+
+This patch makes libobjc2 use robin-map header from system instead of cloning
+from submodule.
+---
+ CMakeLists.txt | 8 --------
+ arc.mm         | 2 +-
+ 2 files changed, 1 insertion(+), 9 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index e2746e9..cf731f1 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -86,14 +86,6 @@ else ()
+ 	list(APPEND libobjc_C_SRCS eh_personality.c)
+ endif (WIN32)
+ 
+-if (NOT EXISTS "${CMAKE_SOURCE_DIR}/third_party/robin-map/include/tsl/robin_map.h")
+-	message(FATAL_ERROR "Git submodules not present, please run:\n\n"
+-						" $ git submodule init && git submodule update\n\n"
+-						"If you did not checkout via git, you will need to"
+-						"fetch the submodule's contents from"
+-						"https://github.com/Tessil/robin-map/")
+-endif ()
+-
+ # For release builds, we disable spamming the terminal with warnings about
+ # selector type mismatches
+ if (CMAKE_BUILD_TYPE STREQUAL Release)
+diff --git a/arc.mm b/arc.mm
+index c96681f..cc93e7f 100644
+--- a/arc.mm
++++ b/arc.mm
+@@ -3,7 +3,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <assert.h>
+-#include "third_party/robin-map/include/tsl/robin_map.h"
++#include <tsl/robin_map.h>
+ #import "lock.h"
+ #import "objc/runtime.h"
+ #import "objc/blocks_runtime.h"
+-- 
+2.34.0
+
diff --git a/gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch b/gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch
deleted file mode 100644
index 9d59ae91be..0000000000
--- a/gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From fe9eeb51be06059721e873f77092b1e9ba08e6c1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Thu, 27 Feb 2020 06:50:40 +0100
-Subject: [PATCH] nss: Collision with external nss symbol
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-One of our internal static function names started
-to collide with external nss symbol. Additional
-sss_ suffix was added to avoid the collision.
-
-This is needed to unblock Fedora Rawhide's
-SSSD build.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/responder/nss/nss_cmd.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c
-index 356aea1564..02706c4b94 100644
---- a/src/responder/nss/nss_cmd.c
-+++ b/src/responder/nss/nss_cmd.c
-@@ -731,11 +731,13 @@ static void nss_getent_done(struct tevent_req *subreq)
-     talloc_free(cmd_ctx);
- }
- 
--static void nss_setnetgrent_done(struct tevent_req *subreq);
-+static void sss_nss_setnetgrent_done(struct tevent_req *subreq);
- 
--static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
--                               enum cache_req_type type,
--                               nss_protocol_fill_packet_fn fill_fn)
-+/* This function's name started to collide with external nss symbol,
-+ * so it has additional sss_* prefix unlike other functions here. */
-+static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx,
-+                                   enum cache_req_type type,
-+                                   nss_protocol_fill_packet_fn fill_fn)
- {
-     struct nss_ctx *nss_ctx;
-     struct nss_state_ctx *state_ctx;
-@@ -777,7 +779,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
-         goto done;
-     }
- 
--    tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx);
-+    tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx);
- 
-     ret = EOK;
- 
-@@ -790,7 +792,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
-     return EOK;
- }
- 
--static void nss_setnetgrent_done(struct tevent_req *subreq)
-+static void sss_nss_setnetgrent_done(struct tevent_req *subreq)
- {
-     struct nss_cmd_ctx *cmd_ctx;
-     errno_t ret;
-@@ -1040,8 +1042,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx)
- 
- static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
- {
--    return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
--                           nss_protocol_fill_setnetgrent);
-+    return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
-+                               nss_protocol_fill_setnetgrent);
- }
- 
- static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx)
diff --git a/gnu/packages/patches/sssd-fix-samba-4.15.3.patch b/gnu/packages/patches/sssd-fix-samba-4.15.3.patch
deleted file mode 100644
index 731daa0ed9..0000000000
--- a/gnu/packages/patches/sssd-fix-samba-4.15.3.patch
+++ /dev/null
@@ -1,523 +0,0 @@
-From 3ba88c317fd64b69b000adbdf881c88383f325d1 Mon Sep 17 00:00:00 2001
-From: Noel Power <noel.power@suse.com>
-Date: Tue, 24 Mar 2020 13:37:07 +0000
-Subject: [PATCH] Use ndr_pull_steal_switch_value for modern samba versions
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit bc56b10aea999284458dcc293b54cf65288e325d attempted to
-fix the build error resulting from removal of 'ndr_pull_get_switch'
-
-This change uses the new replacement method
-'ndr_pull_steal_switch_value' however depending on the samba version
-the ndr_pull_steal_switch_value abi is different.
-
-Note: ndr_pull_steal_switch_value is used since samba 4.10 for
-      the affected methods
-
-Note: the following methods have been refreshed from samba-4.12 generated
-      code;
-
-    o ndr_pull_security_ace_object_type
-    o ndr_pull_security_ace_object_inherited_type
-    o ndr_pull_security_ace_object_ctr
-
-Signed-off-by: Noel Power <noel.power@suse.com>
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit 1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc)
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/external/samba.m4         |  9 ++++++-
- src/providers/ad/ad_gpo_ndr.c | 45 ++++++++++++++++++++---------------
- 2 files changed, 34 insertions(+), 20 deletions(-)
-
-diff --git a/src/external/samba.m4 b/src/external/samba.m4
-index 089f602a60..8e06174ead 100644
---- a/src/external/samba.m4
-+++ b/src/external/samba.m4
-@@ -132,8 +132,15 @@ int main(void)
-         AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1,
-                            [Samba's struct idmap_domain has dom_sid member])
-         AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member])
-+        if test $samba_minor_version -ge 12 ; then
-+            AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
-+                               [Samba's new push/pull switch functions])
-+            AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
-+        else
-+            AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
-+        fi
-     else
-         AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member])
-+        AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
-     fi
--
- fi
-
- SAVE_CFLAGS=$CFLAGS
-diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
-index 49c49d71b2..3d389e513d 100644
---- a/src/providers/ad/ad_gpo_ndr.c
-+++ b/src/providers/ad/ad_gpo_ndr.c
-@@ -105,9 +105,14 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
-                                   union security_ace_object_type *r)
- {
-     uint32_t level;
--    level = ndr_token_peek(&ndr->switch_list, r);
-     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-     if (ndr_flags & NDR_SCALARS) {
-+        /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
-+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-+        NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
-+#else
-+        level = ndr_pull_steal_switch_value(ndr, r);
-+#endif
-         NDR_CHECK(ndr_pull_union_align(ndr, 4));
-         switch (level) {
-         case SEC_ACE_OBJECT_TYPE_PRESENT: {
-@@ -117,14 +122,6 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
-             break; }
-         }
-     }
--    if (ndr_flags & NDR_BUFFERS) {
--        switch (level) {
--        case SEC_ACE_OBJECT_TYPE_PRESENT:
--            break;
--        default:
--            break;
--        }
--    }
-     return NDR_ERR_SUCCESS;
- }
-
-@@ -135,9 +132,14 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
-                                             union security_ace_object_inherited_type *r)
- {
-     uint32_t level;
--    level = ndr_token_peek(&ndr->switch_list, r);
-     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-     if (ndr_flags & NDR_SCALARS) {
-+        /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
-+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-+        NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
-+#else
-+        level = ndr_pull_steal_switch_value(ndr, r);
-+#endif
-         NDR_CHECK(ndr_pull_union_align(ndr, 4));
-         switch (level) {
-         case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
-@@ -149,14 +151,6 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
-             break; }
-         }
-     }
--    if (ndr_flags & NDR_BUFFERS) {
--        switch (level) {
--        case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
--            break;
--        default:
--            break;
--        }
--    }
-     return NDR_ERR_SUCCESS;
- }
-
-@@ -198,9 +192,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
-                                  union security_ace_object_ctr *r)
- {
-     uint32_t level;
--    level = ndr_token_peek(&ndr->switch_list, r);
-     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-     if (ndr_flags & NDR_SCALARS) {
-+        /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
-+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-+        NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
-+#else
-+        level = ndr_pull_steal_switch_value(ndr, r);
-+#endif
-         NDR_CHECK(ndr_pull_union_align(ndr, 4));
-         switch (level) {
-         case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
-@@ -224,6 +223,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
-         }
-     }
-     if (ndr_flags & NDR_BUFFERS) {
-+        if (!(ndr_flags & NDR_SCALARS)) {
-+            /* We didn't get it above, and the token is not needed after this. */
-+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
-+            NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
-+#else
-+            level = ndr_pull_steal_switch_value(ndr, r);
-+#endif
-+        }
-         switch (level) {
-         case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
-             NDR_CHECK(ndr_pull_security_ace_object
-From 5285a1896ee19bb8f1ff752380547bc6d7a43334 Mon Sep 17 00:00:00 2001
-From: Noel Power <noel.power@suse.com>
-Date: Tue, 24 Mar 2020 18:14:34 +0000
-Subject: [PATCH] ad_gpo_ndr.c: refresh ndr_ methods from samba-4.12
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Noel Power <noel.power@suse.com>
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit c031adde4f532f39845a0efd78693600f1f8b2f4)
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_gpo_ndr.c | 201 ++++++++++++++++++----------------
- 1 file changed, 106 insertions(+), 95 deletions(-)
-
-diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
-index 3d389e513d..a64b1a0f84 100644
---- a/src/providers/ad/ad_gpo_ndr.c
-+++ b/src/providers/ad/ad_gpo_ndr.c
-@@ -177,8 +177,16 @@ ndr_pull_security_ace_object(struct ndr_pull *ndr,
-         NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
-     }
-     if (ndr_flags & NDR_BUFFERS) {
-+        NDR_CHECK(ndr_pull_set_switch_value
-+                  (ndr,
-+                   &r->type,
-+                   r->flags & SEC_ACE_OBJECT_TYPE_PRESENT));
-         NDR_CHECK(ndr_pull_security_ace_object_type
-                   (ndr, NDR_BUFFERS, &r->type));
-+        NDR_CHECK(ndr_pull_set_switch_value
-+                  (ndr,
-+                   &r->inherited_type,
-+                   r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
-         NDR_CHECK(ndr_pull_security_ace_object_inherited_type
-                   (ndr, NDR_BUFFERS, &r->inherited_type));
-     }
-@@ -342,7 +350,7 @@ ndr_pull_security_acl(struct ndr_pull *ndr,
-                   (ndr, NDR_SCALARS, &r->revision));
-         NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
-         NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
--        if (r->num_aces > 1000) {
-+        if (r->num_aces > 2000) {
-             return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
-         }
-         size_aces_0 = r->num_aces;
-@@ -408,107 +416,110 @@ ad_gpo_ndr_pull_security_descriptor(struct ndr_pull *ndr,
-     TALLOC_CTX *_mem_save_sacl_0;
-     uint32_t _ptr_dacl;
-     TALLOC_CTX *_mem_save_dacl_0;
--    uint32_t _flags_save_STRUCT = ndr->flags;
--    uint32_t _relative_save_offset;
--
--    ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
--    NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
--    if (ndr_flags & NDR_SCALARS) {
--        NDR_CHECK(ndr_pull_align(ndr, 5));
--        NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
-+    {
-+        uint32_t _flags_save_STRUCT = ndr->flags;
-+        ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
-+        NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-+        if (ndr_flags & NDR_SCALARS) {
-+            NDR_CHECK(ndr_pull_align(ndr, 5));
-+            NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
-+                                                            NDR_SCALARS,
-+                                                            &r->revision));
-+            NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
-                                                         NDR_SCALARS,
--                                                        &r->revision));
--        NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
--                                                    NDR_SCALARS,
--                                                    &r->type));
--        NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
--        if (_ptr_owner_sid) {
--            NDR_PULL_ALLOC(ndr, r->owner_sid);
--            NDR_CHECK(ndr_pull_relative_ptr1(ndr,
--                                             r->owner_sid,
--                                             _ptr_owner_sid));
--        } else {
--            r->owner_sid = NULL;
--        }
--        NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
--        if (_ptr_group_sid) {
--            NDR_PULL_ALLOC(ndr, r->group_sid);
--            NDR_CHECK(ndr_pull_relative_ptr1(ndr,
--                                             r->group_sid,
--                                             _ptr_group_sid));
--        } else {
--            r->group_sid = NULL;
--        }
--        NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
--        if (_ptr_sacl) {
--            NDR_PULL_ALLOC(ndr, r->sacl);
--            NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
--        } else {
--            r->sacl = NULL;
--        }
--        NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
--        if (_ptr_dacl) {
--            NDR_PULL_ALLOC(ndr, r->dacl);
--            NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
--        } else {
--            r->dacl = NULL;
--        }
--        NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
--    }
--    if (ndr_flags & NDR_BUFFERS) {
--        if (r->owner_sid) {
--            _relative_save_offset = ndr->offset;
--            NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
--            _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
--            NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
--            NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
--            NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
--            if (ndr->offset > ndr->relative_highest_offset) {
--                ndr->relative_highest_offset = ndr->offset;
-+                                                        &r->type));
-+            NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
-+            if (_ptr_owner_sid) {
-+                NDR_PULL_ALLOC(ndr, r->owner_sid);
-+                NDR_CHECK(ndr_pull_relative_ptr1(ndr,
-+                                                 r->owner_sid,
-+                                                 _ptr_owner_sid));
-+            } else {
-+                r->owner_sid = NULL;
-             }
--            ndr->offset = _relative_save_offset;
--        }
--        if (r->group_sid) {
--            _relative_save_offset = ndr->offset;
--            NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
--            _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
--            NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
--            NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
--            NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
--            if (ndr->offset > ndr->relative_highest_offset) {
--                ndr->relative_highest_offset = ndr->offset;
-+            NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
-+            if (_ptr_group_sid) {
-+                NDR_PULL_ALLOC(ndr, r->group_sid);
-+                NDR_CHECK(ndr_pull_relative_ptr1(ndr,
-+                                                 r->group_sid,
-+                                                 _ptr_group_sid));
-+            } else {
-+                r->group_sid = NULL;
-             }
--            ndr->offset = _relative_save_offset;
--        }
--        if (r->sacl) {
--            _relative_save_offset = ndr->offset;
--            NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
--            _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
--            NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
--            NDR_CHECK(ndr_pull_security_acl(ndr,
--                                            NDR_SCALARS|NDR_BUFFERS,
--                                            r->sacl));
--            NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
--            if (ndr->offset > ndr->relative_highest_offset) {
--                ndr->relative_highest_offset = ndr->offset;
-+            NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
-+            if (_ptr_sacl) {
-+                NDR_PULL_ALLOC(ndr, r->sacl);
-+                NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
-+            } else {
-+                r->sacl = NULL;
-             }
--            ndr->offset = _relative_save_offset;
-+            NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
-+            if (_ptr_dacl) {
-+                NDR_PULL_ALLOC(ndr, r->dacl);
-+                NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
-+            } else {
-+                r->dacl = NULL;
-+            }
-+            NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
-         }
--        if (r->dacl) {
--            _relative_save_offset = ndr->offset;
--            NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
--            _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
--            NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
--            NDR_CHECK(ndr_pull_security_acl(ndr,
--                                            NDR_SCALARS|NDR_BUFFERS,
--                                            r->dacl));
--            NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
--            if (ndr->offset > ndr->relative_highest_offset) {
--                ndr->relative_highest_offset = ndr->offset;
-+        if (ndr_flags & NDR_BUFFERS) {
-+            if (r->owner_sid) {
-+                uint32_t _relative_save_offset;
-+                _relative_save_offset = ndr->offset;
-+                NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
-+                _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-+                NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
-+                NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
-+                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
-+                if (ndr->offset > ndr->relative_highest_offset) {
-+                    ndr->relative_highest_offset = ndr->offset;
-+                }
-+                ndr->offset = _relative_save_offset;
-+            }
-+            if (r->group_sid) {
-+                uint32_t _relative_save_offset;
-+                _relative_save_offset = ndr->offset;
-+                NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
-+                _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-+                NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
-+                NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
-+                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
-+                if (ndr->offset > ndr->relative_highest_offset) {
-+                    ndr->relative_highest_offset = ndr->offset;
-+                }
-+                ndr->offset = _relative_save_offset;
-+            }
-+            if (r->sacl) {
-+                uint32_t _relative_save_offset;
-+                _relative_save_offset = ndr->offset;
-+                NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
-+                _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
-+                NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
-+                NDR_CHECK(ndr_pull_security_acl(ndr,
-+                                                NDR_SCALARS|NDR_BUFFERS,
-+                                                r->sacl));
-+                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
-+                if (ndr->offset > ndr->relative_highest_offset) {
-+                    ndr->relative_highest_offset = ndr->offset;
-+                }
-+                ndr->offset = _relative_save_offset;
-+            }
-+            if (r->dacl) {
-+                uint32_t _relative_save_offset;
-+                _relative_save_offset = ndr->offset;
-+                NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
-+                _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
-+                NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
-+                NDR_CHECK(ndr_pull_security_acl(ndr,
-+                                                NDR_SCALARS|NDR_BUFFERS,
-+                                                r->dacl));
-+                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
-+                if (ndr->offset > ndr->relative_highest_offset) {
-+                    ndr->relative_highest_offset = ndr->offset;
-+                }
-+                ndr->offset = _relative_save_offset;
-             }
--            ndr->offset = _relative_save_offset;
-         }
--
-         ndr->flags = _flags_save_STRUCT;
-     }
-     return NDR_ERR_SUCCESS;
-From d5809f6f41ec0dc3fd38f9e4ae917a38bf7dfa43 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 28 May 2020 15:02:43 +0200
-Subject: [PATCH] ad_gpo_ndr.c: more ndr updates
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This patch add another update to the ndr code which was previously
-updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and
-1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc.
-
-As missing update in ndr_pull_security_ace() cased
-a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was
-added to prevent similar issues in future.
-
-Resolves: https://github.com/SSSD/sssd/issues/5183
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-(cherry picked from commit a7c755672cd277497da3df4714f6d9457b6ac5ae)
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_gpo_ndr.c  |  1 +
- src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++
- 2 files changed, 58 insertions(+)
-
-diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
-index a64b1a0f84..9f040dfb03 100644
---- a/src/providers/ad/ad_gpo_ndr.c
-+++ b/src/providers/ad/ad_gpo_ndr.c
-@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr,
-         ndr->offset += pad;
-     }
-     if (ndr_flags & NDR_BUFFERS) {
-+        NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
-         NDR_CHECK(ndr_pull_security_ace_object_ctr
-                   (ndr, NDR_BUFFERS, &r->object));
-     }
-diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c
-index 0589adcc3d..97dbe01794 100644
---- a/src/tests/cmocka/test_ad_gpo.c
-+++ b/src/tests/cmocka/test_ad_gpo.c
-@@ -329,6 +329,60 @@ void test_ad_gpo_ace_includes_client_sid_false(void **state)
-                                         ace_dom_sid, false);
- }
-
-+uint8_t test_sid_data[] = {
-+0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-+0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
-+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
-+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
-+0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
-+0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8,
-+0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00,
-+0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55,
-+0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00,
-+0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60,
-+0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
-+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
-+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
-+0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
-+0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00,
-+0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00,
-+0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00,
-+0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11,
-+0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
-+0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
-+0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00
-+};
-+
-+void test_ad_gpo_parse_sd(void **state)
-+{
-+    int ret;
-+    struct security_descriptor *sd = NULL;
-+
-+    ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd);
-+    assert_int_equal(ret, EINVAL);
-+
-+    ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd);
-+    assert_int_equal(ret, EOK);
-+    assert_non_null(sd);
-+    assert_int_equal(sd->revision, 1);
-+    assert_int_equal(sd->type, 39940);
-+    assert_null(sd->owner_sid);
-+    assert_null(sd->group_sid);
-+    assert_null(sd->sacl);
-+    assert_non_null(sd->dacl);
-+    assert_int_equal(sd->dacl->revision, 4);
-+    assert_int_equal(sd->dacl->size, 308);
-+    assert_int_equal(sd->dacl->num_aces, 10);
-+    assert_int_equal(sd->dacl->aces[0].type, 0);
-+    assert_int_equal(sd->dacl->aces[0].flags, 0);
-+    assert_int_equal(sd->dacl->aces[0].size, 36);
-+    assert_int_equal(sd->dacl->aces[0].access_mask, 917693);
-+    /* There are more components and ACEs in the security_descriptor struct
-+     * which are not checked here. */
-+
-+    talloc_free(sd);
-+}
-+
- int main(int argc, const char *argv[])
- {
-     poptContext pc;
-@@ -364,6 +418,9 @@ int main(int argc, const char *argv[])
-         cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_client_sid_false,
-                                         ad_gpo_test_setup,
-                                         ad_gpo_test_teardown),
-+        cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd,
-+                                        ad_gpo_test_setup,
-+                                        ad_gpo_test_teardown),
-     };
-
-     /* Set debug level to invalid value so we can decide if -d 0 was used. */
diff --git a/gnu/packages/patches/sssd-fix-samba.patch b/gnu/packages/patches/sssd-fix-samba.patch
deleted file mode 100644
index 714968337a..0000000000
--- a/gnu/packages/patches/sssd-fix-samba.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From bc56b10aea999284458dcc293b54cf65288e325d Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Fri, 24 Jan 2020 15:17:39 +0100
-Subject: [PATCH] Fix build failure against samba 4.12.0rc1
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The ndr_pull_get_switch() function was dropped, but it was just a wrapper
-around the ndr_token_peek() function, so we can use this approach on both
-old and new versions of libndr.
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_gpo_ndr.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
-index d573033494..8f405aa62b 100644
---- a/src/providers/ad/ad_gpo_ndr.c
-+++ b/src/providers/ad/ad_gpo_ndr.c
-@@ -105,7 +105,7 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
-                                   union security_ace_object_type *r)
- {
-     uint32_t level;
--    level = ndr_pull_get_switch_value(ndr, r);
-+    level = ndr_token_peek(&ndr->switch_list, r);
-     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-     if (ndr_flags & NDR_SCALARS) {
-         NDR_CHECK(ndr_pull_union_align(ndr, 4));
-@@ -135,7 +135,7 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
-                                             union security_ace_object_inherited_type *r)
- {
-     uint32_t level;
--    level = ndr_pull_get_switch_value(ndr, r);
-+    level = ndr_token_peek(&ndr->switch_list, r);
-     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-     if (ndr_flags & NDR_SCALARS) {
-         NDR_CHECK(ndr_pull_union_align(ndr, 4));
-@@ -198,7 +198,7 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
-                                  union security_ace_object_ctr *r)
- {
-     uint32_t level;
--    level = ndr_pull_get_switch_value(ndr, r);
-+    level = ndr_token_peek(&ndr->switch_list, r);
-     NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
-     if (ndr_flags & NDR_SCALARS) {
-         NDR_CHECK(ndr_pull_union_align(ndr, 4));
diff --git a/gnu/packages/patches/sssd-optional-systemd.patch b/gnu/packages/patches/sssd-optional-systemd.patch
new file mode 100644
index 0000000000..0784fdc7aa
--- /dev/null
+++ b/gnu/packages/patches/sssd-optional-systemd.patch
@@ -0,0 +1,45 @@
+Allow running sss_analyze without Python modules for systemd.
+Upstream PR: https://github.com/SSSD/sssd/pull/6125
+
+diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
+index b96a23c05..28ac2f194 100644
+--- a/src/tools/analyzer/modules/request.py
++++ b/src/tools/analyzer/modules/request.py
+@@ -1,8 +1,6 @@
+ import re
+ import logging
+ 
+-from sssd.source_files import Files
+-from sssd.source_journald import Journald
+ from sssd.parser import SubparsersAction
+ from sssd.parser import Option
+ 
+@@ -77,8 +75,10 @@ class RequestAnalyzer:
+             Instantiated source object
+         """
+         if args.source == "journald":
++            from sssd.source_journald import Journald
+             source = Journald()
+         else:
++            from sssd.source_files import Files
+             source = Files(args.logdir)
+         return source
+ 
+@@ -143,7 +143,7 @@ class RequestAnalyzer:
+             self.consumed_logs.append(line.rstrip(line[-1]))
+         else:
+             # files source includes newline
+-            if isinstance(source, Files):
++            if type(source).__name__ == 'Files':
+                 print(line, end='')
+             else:
+                 print(line)
+@@ -225,7 +225,7 @@ class RequestAnalyzer:
+         source.set_component(component, False)
+         self.done = ""
+         for line in self.matched_line(source, patterns):
+-            if isinstance(source, Journald):
++            if type(source).__name__ == 'Journald':
+                 print(line)
+             else:
+                 self.print_formatted(line, args.verbose)
diff --git a/gnu/packages/patches/sssd-system-directories.patch b/gnu/packages/patches/sssd-system-directories.patch
index f2ab0182e1..ce0dcf5d4d 100644
--- a/gnu/packages/patches/sssd-system-directories.patch
+++ b/gnu/packages/patches/sssd-system-directories.patch
@@ -1,29 +1,29 @@
 Do not attempt to create $localstatedir and $sysconfdir (i.e., /var and /etc)
 upon "make install".
 
-diff --git a/Makefile.in b/Makefile.in
-index c32cb7d..77a5c00 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -7991,7 +7991,7 @@ sssdconfdir = $(sysconfdir)/sssd
- sssddatadir = $(datadir)/sssd
+diff --git a/Makefile.am b/Makefile.am
+index 0de53a2c8..51ad57bf1 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -58,7 +58,7 @@ sssddatadir = $(datadir)/sssd
  sssdapiplugindir = $(sssddatadir)/sssd.api.d
  sssdtapscriptdir = $(sssddatadir)/systemtap
+ krb5snippetsdir = $(sssddatadir)/krb5-snippets
 -dbuspolicydir = $(sysconfdir)/dbus-1/system.d
 +dbuspolicydir = $(prefix)/etc/dbus-1/system.d
  dbusservicedir = $(datadir)/dbus-1/system-services
  sss_statedir = $(localstatedir)/lib/sss
- pamlibdir = @pammoddir@
-@@ -8000,7 +8000,7 @@ nfslibdir = @nfsidmaplibdir@
- keytabdir = $(sss_statedir)/keytabs
- pkgconfigdir = $(libdir)/pkgconfig
+ runstatedir = @runstatedir@
+@@ -85,7 +85,7 @@ pkgconfigdir = $(libdir)/pkgconfig
+ krb5rcachedir = @krb5rcachedir@
  sudolibdir = @sudolibpath@
+ polkitdir = @polkitdir@
 -pamconfdir = $(sysconfdir)/pam.d
 +pamconfdir = $(prefix)/etc/pam.d
  systemtap_tapdir = @tapset_dir@
  sssdkcmdatadir = $(datadir)/sssd-kcm
  deskprofilepath = $(sss_statedir)/deskprofile
-@@ -43733,7 +43733,6 @@ installsssddirs::
+@@ -5195,7 +5195,6 @@ installsssddirs::
      $(DESTDIR)$(bindir) \
      $(DESTDIR)$(sbindir) \
      $(DESTDIR)$(mandir) \
@@ -31,15 +31,18 @@ index c32cb7d..77a5c00 100644
      $(DESTDIR)$(pluginpath) \
      $(DESTDIR)$(libdir)/ldb \
      $(DESTDIR)$(dbuspolicydir) \
-@@ -43743,22 +43742,9 @@ installsssddirs::
+@@ -5205,24 +5204,12 @@ installsssddirs::
      $(DESTDIR)$(sssddatadir) \
      $(DESTDIR)$(sudolibdir) \
      $(DESTDIR)$(autofslibdir) \
 -    $(DESTDIR)$(pipepath)/private \
+     $(DESTDIR)$(krb5snippetsdir) \
 -    $(SSSD_USER_DIRS) \
      $(NULL);
- @SSSD_USER_TRUE@	-chown $(SSSD_USER):$(SSSD_USER) $(SSSD_USER_DIRS)
- @SSSD_USER_TRUE@	-chown $(SSSD_USER) $(DESTDIR)$(pipepath)/private
+ if SSSD_USER
+ 	-chown $(SSSD_USER):$(SSSD_USER) $(SSSD_USER_DIRS)
+ 	-chown $(SSSD_USER) $(DESTDIR)$(pipepath)/private
+ endif
 -	$(INSTALL) -d -m 0700 $(DESTDIR)$(dbpath) $(DESTDIR)$(logpath) \
 -	    $(DESTDIR)$(keytabdir) \
 -	    $(NULL)
@@ -50,7 +53,14 @@ index c32cb7d..77a5c00 100644
 -	$(INSTALL) -d -m 0711 $(DESTDIR)$(sssdconfdir) \
 -                          $(DESTDIR)$(sssdconfdir)/conf.d \
 -                          $(DESTDIR)$(sssdconfdir)/pki
--@BUILD_SECRETS_TRUE@	$(MKDIR_P) $(DESTDIR)$(secdbpath)
  
- @HAVE_DOXYGEN_TRUE@docs:
- @HAVE_DOXYGEN_TRUE@	$(DOXYGEN) src/doxy.config
+ if HAVE_DOXYGEN
+ docs:
+@@ -5338,7 +5325,6 @@ if BUILD_SAMBA
+ endif
+ if BUILD_KCM
+ 	$(MKDIR_P) $(DESTDIR)/$(sssdkcmdatadir)
+-	$(MKDIR_P) $(DESTDIR)$(secdbpath)
+ endif
+ 
+ uninstall-hook:
diff --git a/gnu/packages/patches/ytnef-CVE-2021-3403.patch b/gnu/packages/patches/ytnef-CVE-2021-3403.patch
deleted file mode 100644
index 4b1c9d659f..0000000000
--- a/gnu/packages/patches/ytnef-CVE-2021-3403.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From f2380a53fb84d370eaf6e6c3473062c54c57fac7 Mon Sep 17 00:00:00 2001
-From: Oliver Giles <ohw.giles@gmail.com>
-Date: Mon, 1 Feb 2021 10:12:16 +1300
-Subject: [PATCH] Prevent potential double-free in TNEFSubjectHandler
-
-If TNEFSubjectHandler is called multiple times, but the last time
-failed due to the PREALLOCCHECK, the subject.data member will be
-a freed, but invalid pointer. To prevent a double-free next time
-TNEFSubjectHandler is entered, set it to zero after freeing.
-
-Resolves: #85
-Reported-by: jasperla
----
- lib/ytnef.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/lib/ytnef.c b/lib/ytnef.c
-index b148719..b06c807 100644
---- a/lib/ytnef.c
-+++ b/lib/ytnef.c
-@@ -301,8 +301,10 @@ int TNEFFromHandler STD_ARGLIST {
- }
- // -----------------------------------------------------------------------------
- int TNEFSubjectHandler STD_ARGLIST {
--  if (TNEF->subject.data)
-+  if (TNEF->subject.data) {
-     free(TNEF->subject.data);
-+    TNEF->subject.data = NULL;
-+  }
- 
-   PREALLOCCHECK(size, 100);
-   TNEF->subject.data = calloc(size+1, sizeof(BYTE));
diff --git a/gnu/packages/patches/ytnef-CVE-2021-3404.patch b/gnu/packages/patches/ytnef-CVE-2021-3404.patch
deleted file mode 100644
index e991d6aff1..0000000000
--- a/gnu/packages/patches/ytnef-CVE-2021-3404.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From f9ff4a203b8c155d51a208cadadb62f224fba715 Mon Sep 17 00:00:00 2001
-From: Oliver Giles <ohw.giles@gmail.com>
-Date: Mon, 1 Feb 2021 10:18:17 +1300
-Subject: [PATCH] Ensure the size of the version field is 4 bytes
-
-A corrupted version field size can cause TNEFVersion to access outside
-of allocated memory. Check the version is the expected size and raise
-an error if not.
-
-Resolves: #86
-Reported-by: jasperla
----
- lib/ytnef.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/lib/ytnef.c b/lib/ytnef.c
-index b148719..ffede44 100644
---- a/lib/ytnef.c
-+++ b/lib/ytnef.c
-@@ -335,6 +335,10 @@ int TNEFRendData STD_ARGLIST {
- int TNEFVersion STD_ARGLIST {
-   WORD major;
-   WORD minor;
-+  if (size != 2 * sizeof(WORD)) {
-+    printf("Incorrect size of version field, suspected corruption\n");
-+    return -1;
-+  }
-   minor = SwapWord((BYTE*)data, size);
-   major = SwapWord((BYTE*)data + 2, size - 2);
-