diff --git a/0001-build-detect-endianness-at-configure-time.patch b/0001-build-detect-endianness-at-configure-time.patch
deleted file mode 100644
index 91b6cc8..0000000
--- a/0001-build-detect-endianness-at-configure-time.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 303d096f920801f7b06a7ad406ea83b4cd0219da Mon Sep 17 00:00:00 2001
-From: David Disseldorp <ddiss@samba.org>
-Date: Tue, 6 May 2014 15:56:42 +0200
-Subject: [PATCH] build: detect endianness at configure time
-
-WORDS_BIGENDIAN, HAVE_BIG_ENDIAN and HAVE_LITTLE_ENDIAN are needed by
-Samba. See Samba's byteorder.h header for an example.
-
-Signed-off-by: David Disseldorp <ddiss@samba.org>
----
- configure.ac |    3 +++
- 1 file changed, 3 insertions(+)
-
-Index: sssd-1.13.3/configure.ac
-===================================================================
---- sssd-1.13.3.orig/configure.ac
-+++ sssd-1.13.3/configure.ac
-@@ -428,6 +428,9 @@ AM_CONDITIONAL([HAVE_DEVSHM], [test -d /
- ENABLE_POLKIT_RULES_PATH
- AM_CONDITIONAL([HAVE_POLKIT_RULES_D], [test x$HAVE_POLKIT_RULES_D != x])
- 
-+AC_C_BIGENDIAN([AC_DEFINE(HAVE_BIG_ENDIAN, [1], [whether platform is big endian])], 
-+               [AC_DEFINE(HAVE_LITTLE_ENDIAN, [1], [whether platform is little endian])])
-+
- abs_build_dir=`pwd`
- AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory])
- AC_SUBST([abs_builddir], $abs_build_dir)
diff --git a/sssd-1.13.4.tar.gz b/sssd-1.13.4.tar.gz
deleted file mode 100644
index 8e16ee3..0000000
--- a/sssd-1.13.4.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0a7bba7697088734c5fa1844dbb6de4f1f11afd30df02f0c1dd2579114c0a194
-size 4730392
diff --git a/sssd-1.13.4.tar.gz.asc b/sssd-1.13.4.tar.gz.asc
deleted file mode 100644
index adc22cc..0000000
--- a/sssd-1.13.4.tar.gz.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlcPWC0ACgkQHsardTLnvCUN0ACfUaD9ymW6zqntaFMG+xYLChRj
-3FUAoItHho7bSsdNziD98BhPQKLPAETj
-=CSMb
------END PGP SIGNATURE-----
diff --git a/sssd-1.14.0.tar.gz b/sssd-1.14.0.tar.gz
new file mode 100644
index 0000000..5311bb1
--- /dev/null
+++ b/sssd-1.14.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c49ed0ecd17461a955bf031b73f257e8c40744d7485cd969976ccce819d624e
+size 4915954
diff --git a/sssd-1.14.0.tar.gz.asc b/sssd-1.14.0.tar.gz.asc
new file mode 100644
index 0000000..dafce65
--- /dev/null
+++ b/sssd-1.14.0.tar.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAld+lREACgkQHsardTLnvCWq5QCdHBsN7hUU57vQ6nekGFsKbS8t
+jYIAn14wL9ZxSlmGY9zAGUAt8A0l0DLQ
+=ER1G
+-----END PGP SIGNATURE-----
diff --git a/sssd.changes b/sssd.changes
index 741a3c2..fe2d0c5 100644
--- a/sssd.changes
+++ b/sssd.changes
@@ -1,3 +1,39 @@
+-------------------------------------------------------------------
+Fri Jul  8 10:46:59 UTC 2016 - jengelh@inai.de
+
+- Update to new upstream release 1.14.0
+* The AD provider is now able to look up users from Active
+  Directory domains by certificate. This change enables logins for
+  Active Directory users with the help of a smart card.
+* The sss_override tool is now able to add certificates as local
+  overrides in the SSSD cache. Please note that the certificate
+  overrides are stored in the local cache, so removing the cache
+  also removes all the certificates!
+* Invalid certificates are skipped instead of aborting the whole
+  operation when logging in with a smart card using SSH.
+* This version allows several OCSP-related options such as the OCSP
+  responder to be configured during smart card authentication.
+* SSSD is now able to determine the name of the user who logs in
+  from the inserted smart card without having to type in the
+  username. Note that this functionality must be enabled with the
+  allow_missing_name pam_sss option.
+* The sss_cache command line tool is now able to invalidate SUDO
+  rules with its new -r/-R switches. Note that the sudo rules ar
+  not refreshed with the sss_cache tool immediately.
+* A new command line tool called sssctl was added. This tool
+  allows to observe the status of SSSD.
+* A new option local_negative_timeout was added. This option
+  allows the admin to specify the time during which lookups for
+  users that are not handled by SSSD but are present on the
+  system (typically in /etc/passwd and /etc/group) and prevents
+  repeated lookups of local users on the remote server during
+  initgroups operation.
+* An ID-mapping plugin for the winbind deamon was added. With
+  this plugin, it's possible for winbind to use the same
+  ID-mapping scheme as SSSD uses, producing consistent ID values.
+- Remove 0001-build-detect-endianness-at-configure-time.patch
+  (included upstream)
+
 -------------------------------------------------------------------
 Mon Apr 18 12:24:29 UTC 2016 - hguo@suse.com
 
diff --git a/sssd.spec b/sssd.spec
index 1fdbe2a..7644c35 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -17,7 +17,7 @@
 
 
 Name:           sssd
-Version:        1.13.4
+Version:        1.14.0
 Release:        0
 Summary:        System Security Services Daemon
 License:        GPL-3.0+ and LGPL-3.0+
@@ -31,7 +31,6 @@ Source3:        baselibs.conf
 Source4:        sssd.service
 Source5:        %name.keyring
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Patch1:         0001-build-detect-endianness-at-configure-time.patch
 
 %define servicename	sssd
 %define sssdstatedir	%_localstatedir/lib/sss
@@ -206,6 +205,14 @@ utilities. The main purpose is to map Active Directory users and
 groups identified by their SID to POSIX users and groups identified
 by their POSIX UIDs and GIDs respectively.
 
+%package winbind-idmap
+Summary:        idmap backend for Winbind
+Group:          System/Libraries
+
+%description winbind-idmap
+The idmap_sss module provides a way for Winbind to call SSSD to map
+UIDs/GIDs and SIDs.
+
 %package -n libipa_hbac0
 Summary:        FreeIPA HBAC Evaluator library
 License:        LGPL-3.0+
@@ -371,7 +378,6 @@ Security Services Daemon (sssd).
 
 %prep
 %setup -q
-%patch -P 1 -p1
 
 %build
 %if 0%{?suse_version} < 1210
@@ -386,7 +392,7 @@ export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
 # help configure find nscd
 export PATH="$PATH:/usr/sbin"
 
-autoreconf -fiv;
+autoreconf -fiv
 export CFLAGS="%optflags -fPIE"
 export LDFLAGS="-pie"
 %configure \
@@ -402,20 +408,20 @@ export LDFLAGS="-pie"
     --with-os=suse \
     --with-semanage=no \
     --disable-ldb-version-check \
-
+	--without-secrets
 make %{?_smp_mflags} all
 
 %install
-b="%buildroot";
+b="%buildroot"
 make install DESTDIR="$b"
 
 # Copy default sssd.conf file
 install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
-           "$b/%_mandir"/{uk/man5,uk/man8};
-install -d "$b/%_sysconfdir/sssd";
-install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
-install -d "$b/%_unitdir";
-install -m644 %{S:4} "$b/%_unitdir/sssd.service";
+           "$b/%_mandir"/{uk/man5,uk/man8}
+install -d "$b/%_sysconfdir/sssd"
+install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
+install -d "$b/%_unitdir"
+install -m644 %{S:4} "$b/%_unitdir/sssd.service"
 rm -Rf "$b/%_initddir"
 ln -s service "$b/%_sbindir/rcsssd"
 
@@ -424,7 +430,7 @@ mkdir -p "$b/%_sysconfdir/ld.so.conf.d"
 cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF
 	%_libdir/%name/modules
 EOF
-find "$b" -type f -name "*.la" -delete;
+find "$b" -type f -name "*.la" -delete
 
 rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1"
 
@@ -448,8 +454,8 @@ make %{?_smp_mflags} check ||:
 
 %postun
 if [ "$1" = "0" ]; then
-	"%_sbindir/pam-config" -d --sss || :;
-fi;
+	"%_sbindir/pam-config" -d --sss || :
+fi
 /sbin/ldconfig
 # Clear caches, which may have an incompatible format afterwards
 # (especially, downgrades)
@@ -472,6 +478,7 @@ rm -f /var/lib/sss/db/*.ldb
 %doc COPYING
 %_unitdir
 %_bindir/sss_ssh_*
+%_sbindir/sssctl
 %_sbindir/sssd
 %_sbindir/rcsssd
 %dir %_mandir/??/
@@ -482,11 +489,13 @@ rm -f /var/lib/sss/db/*.ldb
 %_mandir/??/man5/sssd.conf.5*
 %_mandir/??/man8/sssd.8*
 %_mandir/man1/sss_ssh_*
+%_mandir/man8/sssctl.8*
 %_mandir/man5/sssd-simple.5*
 %_mandir/man5/sssd-sudo.5*
 %_mandir/man5/sssd.conf.5*
 %_mandir/man8/sssd.8*
 %dir %_libdir/%name/
+%_libdir/%name/conf/
 %_libdir/%name/libsss_child*
 %_libdir/%name/libsss_cert*
 %_libdir/%name/libsss_crypt*
@@ -517,7 +526,10 @@ rm -f /var/lib/sss/db/*.ldb
 %attr(750,root,root) %dir %_localstatedir/log/%name/
 %dir %_sysconfdir/sssd/
 %config(noreplace) %_sysconfdir/sssd/sssd.conf
+%dir %_sysconfdir/pam.d/
+%config(noreplace) %_sysconfdir/pam.d/sssd-shadowutils
 %dir %_datadir/%name/
+%_datadir/%name/cfg_rules.ini
 %_datadir/%name/sssd.api.conf
 %dir %_datadir/%name/sssd.api.d/
 %_datadir/%name/sssd.api.d/sssd-local.conf
@@ -649,6 +661,11 @@ rm -f /var/lib/sss/db/*.ldb
 %_libdir/sssd/modules/libwbclient.so
 %_libdir/pkgconfig/wbclient_sssd.pc
 
+%files winbind-idmap
+%defattr(-,root,root)
+%_libdir/samba/
+%_mandir/man8/idmap_sss.8*
+
 %files -n libipa_hbac0
 %defattr(-,root,root)
 %_libdir/libipa_hbac.so.0*