Update

Free IPA Client
Trahs
2026-01-05 08:07:41 +01:00 · 2026-01-05 07:52:53 +01:00 · 2025-12-18 08:51:29 +01:00 · 2025-12-18 08:43:17 +01:00 · 2025-12-18 04:32:46 +01:00 · 2025-12-18 03:32:55 +01:00
382 changed files with 3563 additions and 79888 deletions
--- a/devel/gmake3/Makefile
+++ b/devel/gmake3/Makefile
@ -0,0 +1,29 @@
 PORTNAME=	make
 DISTVERSION=	3.81
 CATEGORIES=	devel
 MASTER_SITES=	GNU
 PKGNAMEPREFIX=	g
 PKGNAMESUFFIX=	3
 # note: before committing to this port, contact portmgr to arrange for an
 # experimental ports run.  Untested commits may be backed out at portmgr's
 # discretion.
 MAINTAINER=	allanjude@FreeBSD.org
 COMMENT=	Last GPLv2 version of GNU 'make' utility
 WWW=		https://www.gnu.org/software/make/
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/COPYING
 USES=		cpe tar:bz2
 CPE_VENDOR=	gnu
 GNU_CONFIGURE=	yes
 GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
 CONFIGURE_ARGS=	--program-prefix=g \
 		--program-suffix=3 \
 		--disable-nls \
 		--disable-info \
 		--without-guile
 .include <bsd.port.mk>
--- a/devel/gmake3/distinfo
+++ b/devel/gmake3/distinfo
@ -0,0 +1,3 @@
 TIMESTAMP = 1747413857
 SHA256 (make-3.81.tar.bz2) = f3e69023771e23908f5d5592954d8271d3d6af09693cecfd29cee6fde8550dc8
 SIZE (make-3.81.tar.bz2) = 1151445
--- a/devel/gmake3/pkg-descr
+++ b/devel/gmake3/pkg-descr
@ -0,0 +1,4 @@
 This is the last GPLv2 licensed version of GNU make.
 GNU make is a tool that controls the generation of executables and other
 non-source files from source files.  Its purpose is the same as that
 of the utility make(1).
--- a/devel/gmake3/pkg-plist
+++ b/devel/gmake3/pkg-plist
@ -0,0 +1,2 @@
 bin/gmake3
 share/man/man1/gmake3.1.gz
--- a/devel/kati/Makefile
+++ b/devel/kati/Makefile
@ -0,0 +1,38 @@
 PORTNAME=	kati
 MASTER_SITES=	http://yhm1.klara.systems/kati/
 PORTVERSION=	0.1
 CATEGORIES=	devel
 MAINTAINER=	allanjude@FreeBSD.org
 COMMENT=	Apache licensed replacement for GNU make
 WWW=		https://github.com/google/kati
 LICENSE=	APACHE20
 LICENSE_FILE=	${WRKSRC}/LICENSE
 #Kati is pretending to be gmake, so we can't USES gmake here
 ##USES=		gmake
 BUILD_DEPENDS+=		gmake>=4.4.1:devel/gmake
 CONFIGURE_ENV+=		MAKE=gmake
 MAKE_CMD=		gmake
 CONFLICTS_INSTALL=	gmake
 # PROJECT TOKEN:
 #   Name: kati-port-ci
 #   Token: glpat-m9-NUmzPFAWfDFhur99s
 #   Scopes: read_repository
 #USE_GITLAB=	yes
 #GL_SITE=	https://gitlab.klara.systems
 #GL_SITE=        https://xavier.beaudouin\@klarasystems.com:xMwy3nX7PTwUudg@gitlab.klara.systems
 #GL_ACCOUNT=	prettybsd
 #GL_PROJECT=	kati
 #GL_TAGNAME=	1dc6868c0a4a6d17bf5527e06a5cb23cac5a6043
 NO_CHECKSUM=	yes
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/ckati ${STAGEDIR}${PREFIX}/bin/gmake
 .include <bsd.port.mk>
--- a/devel/kati/pkg-descr
+++ b/devel/kati/pkg-descr
@ -0,0 +1 @@
 Kati is an apache licensed replacement for GNU make
--- a/devel/kati/pkg-plist
+++ b/devel/kati/pkg-plist
@ -0,0 +1 @@
 bin/gmake
--- a/mail/exim-ldap2/Makefile
+++ b/mail/exim-ldap2/Makefile
@ -0,0 +1,6 @@
 PKGNAMESUFFIX=	-ldap2
 MASTERDIR=	${.CURDIR}/../exim
 OPTIONS_SLAVE=	OPENLDAP
 .include "${MASTERDIR}/Makefile"
--- a/mail/exim-monitor/Makefile
+++ b/mail/exim-monitor/Makefile
@ -0,0 +1,15 @@
 PKGNAMESUFFIX=	-monitor
 COMMENT=	The Exim monitor for the Exim MTA
 MASTERDIR=	${.CURDIR}/../exim
 EXIMON_ONLY=	yes
 OPTIONS_SLAVE=	EXIMON
 # This dependency is disabled, because it prevents package users from
 # using the exim-monitor package with any of the exim slave packages.
 #
 #RUN_DEPENDS=	${LOCALBASE}/sbin/exim:mail/exim
 .include "${MASTERDIR}/Makefile"
--- a/mail/exim-monitor/files/patch-OS__Makefile-Base
+++ b/mail/exim-monitor/files/patch-OS__Makefile-Base
@ -0,0 +1,12 @@
 --- OS/Makefile-Base.orig	Wed Aug 15 13:09:05 2001
 +++ OS/Makefile-Base	Mon Aug 27 14:59:04 2001
@@ -19,7 +19,8 @@
 # up-to-date. Then the os-specific source files and the C configuration file
 # are set up, and finally it goes to the main Exim target.
 -all:    $(EDITME) checklocalmake Makefile os.h os.c config.h allexim
 +all:    $(EDITME) checklocalmake Makefile os.h os.c config.h buildpcre \
 +	eximon.bin
 checklocalmake:
 	@if $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(OSTYPE) $(EDITME) || \
--- a/mail/exim-monitor/files/patch-OS__Makefile-FreeBSD
+++ b/mail/exim-monitor/files/patch-OS__Makefile-FreeBSD
@ -0,0 +1,10 @@
 --- OS/Makefile-FreeBSD.orig	Mon Jun 11 12:04:05 2001
 +++ OS/Makefile-FreeBSD	Mon Jun 11 12:04:33 2001
@@ -5,6 +5,7 @@
 PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aout
 CHOWN_COMMAND=/usr/sbin/chown
 +STRIP_COMMAND=/usr/bin/strip
 HAVE_SA_LEN=YES
--- a/mail/exim-monitor/files/patch-src__EDITME
+++ b/mail/exim-monitor/files/patch-src__EDITME
@ -0,0 +1,55 @@
 --- src/EDITME.orig	Mon Aug 27 14:35:47 2001
 +++ src/EDITME	Mon Aug 27 14:37:31 2001
@@ -98,7 +98,7 @@
 # /usr/local/sbin. The installation script will try to create this directory,
 # and any superior directories, if they do not exist.
 -BIN_DIRECTORY=/usr/exim/bin
 +BIN_DIRECTORY=XX_PREFIX_XX/sbin
 #------------------------------------------------------------------------------
@@ -113,7 +113,7 @@
 # directories if they don't exist. It will also install a default run time
 # configuration if this file does not exist.
 -CONFIGURE_FILE=/usr/exim/configure
 +CONFIGURE_FILE=XX_PREFIX_XX/etc/exim/configure
 #------------------------------------------------------------------------------
@@ -126,14 +126,14 @@
 # owner of a local mailbox.) Specifying these values as root is very strongly
 # discouraged. These values are compiled into the binary.
 -EXIM_USER=
 +EXIM_USER=mailnull
 # If the setting of EXIM_USER is numeric (e.g. EXIM_USER=42), there must
 # also be a setting of EXIM_GROUP. If, on the other hand, you use a name
 # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
 # you want to use a group other than the default group for the given user.
 -# EXIM_GROUP=
 +EXIM_GROUP=mail
 # Many sites define a user called "exim", with an appropriate default group,
 # and use
@@ -371,7 +373,7 @@
 # %s. This will be replaced by one of the strings "main", "panic", or "reject"
 # to form the final file names. Some installations may want something like this:
 -# LOG_FILE_PATH=/var/log/exim_%slog
 +LOG_FILE_PATH=/var/log/exim/%slog
 # which results in files with names /var/log/exim_mainlog, etc. The directory
 # in which the log files are placed must exist; Exim does not try to create
@@ -695,7 +705,7 @@
 # (process id) to a file so that it can easily be identified. The path of the
 # file can be specified here. Some installations may want something like this:
 -# PID_FILE_PATH=/var/lock/exim.pid
 +PID_FILE_PATH=/var/run/exim.pid
 # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
 # using the name "exim-daemon.pid".
--- a/mail/exim-monitor/pkg-descr
+++ b/mail/exim-monitor/pkg-descr
@ -0,0 +1,7 @@
 The Exim monitor (eximon) is a graphical user interface for the Exim
 mail transfer agent for Unix systems.  Eximon is distributed as part
 of the standard Exim distribution, but its dependency on XFree86
 annoys many administrators.
 For this reason, it is available as its own package to allow
 administrators to easily install Exim without installing XFree86.
--- a/mail/exim-monitor/pkg-message
+++ b/mail/exim-monitor/pkg-message
@ -0,0 +1,14 @@
 [
 { type: install
  message: <<EOM
 Although the Exim monitor has been correctly installed, please note
 that it is useless without the Exim MTA.  Install one of the Exim
 packages available, which include documentation for the Exim monitor:
 	exim
 	exim-ldap2
 	exim-mysql
 	exim-postgresql
 EOM
 }
 ]
--- a/mail/exim-mysql/Makefile
+++ b/mail/exim-mysql/Makefile
@ -0,0 +1,6 @@
 PKGNAMESUFFIX=	-mysql
 MASTERDIR=	${.CURDIR}/../exim
 OPTIONS_SLAVE=	MYSQL
 .include "${MASTERDIR}/Makefile"
--- a/mail/exim-postgresql/Makefile
+++ b/mail/exim-postgresql/Makefile
@ -0,0 +1,7 @@
 PORTREVISION=	1
 PKGNAMESUFFIX=	-postgresql
 MASTERDIR=	${.CURDIR}/../exim
 OPTIONS_SLAVE=	PGSQL
 .include "${MASTERDIR}/Makefile"
--- a/mail/exim-sqlite/Makefile
+++ b/mail/exim-sqlite/Makefile
@ -0,0 +1,7 @@
 PORTREVISION=	1
 PKGNAMESUFFIX=	-sqlite
 MASTERDIR=	${.CURDIR}/../exim
 OPTIONS_SLAVE=	SQLITE
 .include "${MASTERDIR}/Makefile"
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@ -0,0 +1,648 @@
 PORTNAME=	exim
 PORTVERSION?=	${EXIM_VERSION}
 PORTREVISION?=	0
 CATEGORIES=	mail
 MASTER_SITES=	EXIM:exim
 MASTER_SITE_SUBDIR=	/exim4/:exim \
 			/exim4/fixes/:exim \
 			/exim4/old/:exim
 DISTNAME=	${PORTNAME}-${EXIM_VERSION}
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}:exim
 DIST_SUBDIR=	exim
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 MAINTAINER=	fluffy@FreeBSD.org
 COMMENT?=	High performance MTA for Unix systems on the Internet
 WWW=		https://www.exim.org/
 LICENSE=	GPLv2
 BUILD_DEPENDS=	p5-File-FcntlLock>0:devel/p5-File-FcntlLock
 RUN_DEPENDS=	p5-File-FcntlLock>0:devel/p5-File-FcntlLock
 USES=		compiler cpe tar:bzip2 perl5
 USE_CSTD=	c99
 # Exim build system is job unsafe atm
 MAKE_JOBS_UNSAFE=	yes
 # One can tune the following "hidden" knobs:
 # - EXIM_USER: user exim is running as;
 # - EXIM_GROUP: ditto for the group;
 # - LOGDIR: where Exim logs will be put;
 # - LOG_FILE_PATH: path where '%s' will be substituted with
 #                  the target name (main, reject, etc);
 # - CONFIG_FILE_PATH: path to the default configuration file;
 # - ALT_CONFIG_PREFIX: path to the default prefix for all
 #                      configuration files, excluding the main one;
 #                      will be effective only when WITH_ALT_CONFIG_PREFIX
 #                      will be set via OPTIONS.
 .if make(makesum) && !defined(FETCH_ALL)
 .error "You forgot to define FETCH_ALL to create the sane distinfo"
 .endif
 .include "options"
 OPTIONS_SUB=	yes
 AUTH_SASL_LIB_DEPENDS=	libsasl2.so:security/cyrus-sasl2
 BDB_USES=	bdb
 DMARC_LIB_DEPENDS=	libopendmarc.so:mail/opendmarc
 EXIMON_USES=	xorg
 EXIMON_USE=	xorg=x11,xaw,xext,xmu,xt
 GNUTLS_LIB_DEPENDS=	libgnutls.so:security/gnutls
 ICONV_USES=	iconv:lib,build
 INTERNATIONAL_LIB_DEPENDS=	libidn.so:dns/libidn libidn2.so:dns/libidn2
 LMDB_LIB_DEPENDS=	liblmdb.so:databases/lmdb
 MYSQL_USES=	mysql
 OPENLDAP_USES=	ldap
 PGSQL_LIB_DEPENDS=	libicudata.so:devel/icu
 PGSQL_USES=	pgsql pkgconfig
 REDIS_LIB_DEPENDS=	libhiredis.so:databases/hiredis
 SASLAUTHD_RUN_DEPENDS=	${LOCALBASE}/sbin/saslauthd:security/cyrus-sasl2-saslauthd
 SA_EXIM_RUN_DEPENDS=	${LOCALBASE}/bin/spamc:mail/spamassassin
 SPF_LIB_DEPENDS=	libspf2.so:mail/libspf2
 SQLITE_LIB_DEPENDS=	libicudata.so:devel/icu
 SQLITE_USES=	pkgconfig sqlite
 #DEBIAN_PATCHES_PREFIX=	${FILESDIR}/debian/75
 #EXTRA_PATCHES= \
 #		${DEBIAN_PATCHES_PREFIX}_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:-p1 \
 #		${DEBIAN_PATCHES_PREFIX}_05-SPF-fix-memory-accounting-for-error-case.patch:-p1
 .include <bsd.port.options.mk>
 # OCSP is supported for openssl only
 .if ${PORT_OPTIONS:MOCSP}
 .if ! ${PORT_OPTIONS:MTLS}
 IGNORE=	you cannot enable OCSP stapling without TLS support
 .elif ${PORT_OPTIONS:MGNUTLS}
 IGNORE=	you cannot enable OCSP stapling with gnutls
 .endif
 .endif
 # DMARC implies SPF and DKIM
 .if ${PORT_OPTIONS:MDMARC}
 .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM}
 IGNORE=	you cannot enable DMARC without SPF and DKIM support
 .endif
 .endif
 # ARC implies SPF and DKIM
 .if ${PORT_OPTIONS:MARC}
 .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM}
 IGNORE=	you cannot enable ARC without SPF and DKIM support
 .endif
 .endif
 # DANE implies DNSSEC
 .if ${PORT_OPTIONS:MDANE}
 .if ! ${PORT_OPTIONS:MDNSSEC} || ! ${PORT_OPTIONS:MTLS}
 IGNORE=	you cannot enable DANE without DNSSEC support or without TLS support
 .endif
 .endif
 .if ${PORT_OPTIONS:MSA_EXIM} || defined(FETCH_ALL)
 BROKEN=		Unmaintained extension
 MASTER_SITES+=	http://marc.merlins.org/linux/exim/files/:sa_exim \
 		SF/sa-exim/sa-exim/${SA_EXIM_VERSION}:sa_exim
 DISTFILES+=	sa-exim-${SA_EXIM_VERSION}.tar.gz:sa_exim
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-Local-sa-exim.c
 EXTRA_PATCHES+=	${FILESDIR}/extra-patch-Local-sa-exim.conf
 .endif
 EXIM_VERSION=	4.99.1
 SA_EXIM_VERSION=4.2.1
 EXIM_INSTALL_ARG+=	"-no_chown" "-no_symlink"
 EXTRA_PATCHES+=	`${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h`
 .if !defined(EXIMON_ONLY)
 PLIST_SUB+=	EXIM=""
 .if defined(PKGNAMESUFFIX)
 CONFLICTS+=	${PKGNAMEPREFIX}${PORTNAME}-4.*
 .endif
 .for suffix in -ldap2 -mysql -postgresql -sa-exim -sqlite
 .if !defined(PKGNAMESUFFIX) || ${PKGNAMESUFFIX} != ${suffix}
 CONFLICTS+=	${PKGNAMEPREFIX}${PORTNAME}${suffix}-4.*
 .endif
 .endfor
 .if ${PORT_OPTIONS:MEXIMON}
 CONFLICTS+=	${PKGNAMEPREFIX}${PORTNAME}-monitor-4.*
 .endif
 PKGMESSAGE=	${WRKDIR}/POST-INSTALL-NOTES
 .else # !EXIMON_ONLY
 PLIST_SUB+=	EXIM="@comment "
 PORT_OPTIONS+=	EXIMON
 PKGMESSAGE=	${WRKDIR}/pkg-message
 EXIM_INSTALL_ARG+=	"eximon" "eximon.bin"
 .endif # !EXIMON_ONLY
 PORTDOC_BASE=	ACKNOWLEDGMENTS NOTICE README.UPDATING
 PORTDOC_FILES=	ChangeLog NewStuff DANE-draft-notes \
 		OptionLists.txt README README.SIEVE dbm.discuss.txt \
 		experimental-spec.txt filter.txt spec.txt
 PORT_EXAMPLES=	transport-filter.pl
 DAILY_SCRIPTS=	150.exim-tidydb 460.exim-mail-rejects
 MAKE_ENV+=	OSTYPE="${OPSYS}" ARCHTYPE="${ARCH}" DUMMY_LDFLAGS="${DUMMY_LDFLAGS}" STRIP_COMMAND="${STRIP_CMD}"
 EXIM_USER?=	mailnull
 EXIM_GROUP?=	mail
 # Default user/group are system ones, so we don't want to check them
 .if ${EXIM_USER} != "mailnull"
 USERS=	${EXIM_USER}
 .endif
 .if ${EXIM_GROUP} != "mail"
 GROUPS=	${EXIM_GROUP}
 .endif
 LOGDIR?=		/var/log/exim
 LOG_FILE_PATH?=		${LOGDIR}/%slog
 CONFIG_FILE_PATH?=	${PREFIX}/etc/exim/configure
 ALT_CONFIG_PREFIX?=	${PREFIX}/etc/exim/
 EXIM_DYNAMIC_LDFLAGS=	-fPIC -rdynamic -Wl,--export-dynamic
 SED_SCRIPT=	-e 's,%%PREFIX%%,${PREFIX},g' \
 		-e 's,%%DOCSDIR%%,${DOCSDIR},g' \
 		-e 's,%%EXAMPLESDIR%%,${EXAMPLESDIR},g' \
 		-e 's,%%EXIM_USER%%,${EXIM_USER},g' \
 		-e 's,%%EXIM_GROUP%%,${EXIM_GROUP},g' \
 		-e 's,%%LOGDIR%%,${LOGDIR},g'
 SEDLIST+=	-e 's,XX_CFLAGS_XX,${CFLAGS:S/,/\\,/g},' \
 		-e 's,XX_PREFIX_XX,${PREFIX:S/,/\\,/g},' \
 		-e 's,XX_LOCALBASE_XX,${LOCALBASE:S/,/\\,/g},' \
 		-e 's,XX_LOG_FILE_PATH_XX,${LOG_FILE_PATH:S/,/\\,/g},' \
 		-e 's,XX_CONFIG_FILE_PATH_XX,${CONFIG_FILE_PATH:S/,/\\,/g},' \
 		-e 's,XX_ALT_CONFIG_PREFIX_XX,${ALT_CONFIG_PREFIX:S/,/\\,/g},' \
 		-e 's,XX_EXIM_USER_XX,${EXIM_USER:S/,/\\,/g},' \
 		-e 's,XX_EXIM_GROUP_XX,${EXIM_GROUP:S/,/\\,/g},' \
 		-e 's,XX_DEFAULT_CHARSET_XX,${WITH_DEFAULT_CHARSET:S/,/\\,/g},' \
 		-e 's,XX_DYNAMIC_LDFLAGS_XX,${EXIM_DYNAMIC_LDFLAGS:S/,/\\,/g},'
 PLIST_SUB+=	EXIM_VERSION="${EXIM_VERSION}-${PORTREVISION}" \
 		EXIM_USER=${EXIM_USER} \
 		EXIM_GROUP=${EXIM_GROUP} \
 		LOGDIR="${LOGDIR:S/^\///}"
 # Exim refuses to run local deliveries as root by default.  You can
 # add other users to this colon-separated list that cannot be
 # overridden at runtime below, but are advised not to remove "root".
 #WITH_FIXED_NEVER_USERS=	root:daemon:bin
 # When Exim is decoding MIME "words" in header lines it converts any foreign
 # character sets to the one that is set in the headers_charset option.
 # The default setting is defined by this setting:
 WITH_DEFAULT_CHARSET?=	ISO-8859-1
 # You should not need to fiddle with anything below this point.
 LIB_DEPENDS+=	libpcre2-posix.so:devel/pcre2
 .if ! ${PORT_OPTIONS:MDKIM}
 SEDLIST+=	-e 's,^\# (DISABLE_DKIM=),\1,'
 .endif
 .if ${PORT_OPTIONS:MLISTMATCH_RHS}
 SEDLIST+=	-e 's,^\# (EXPAND_LISTMATCH_RHS=),\1,'
 .endif
 .if ${PORT_OPTIONS:MDCC}
 SEDLIST+=	-e 's,^\# (EXPERIMENTAL_DCC=),\1,'
 .endif
 .if ${PORT_OPTIONS:MPROXY}
 SEDLIST+=	-e 's,^\# (SUPPORT_PROXY=),\1,'
 .endif
 .if ${PORT_OPTIONS:MCERTNAMES}
 SEDLIST+=	-e 's,^\# (EXPERIMENTAL_CERTNAMES=),\1,'
 .endif
 .if ${PORT_OPTIONS:MDSN}
 SEDLIST+=	-e 's,^\# (EXPERIMENTAL_DSN=),\1,'
 .endif
 .if !${PORT_OPTIONS:MDANE}
 SEDLIST+=	-e 's,^(SUPPORT_DANE=),\#\1,'
 .endif
 .if ${PORT_OPTIONS:MARC}
 SEDLIST+=	-e 's,^\# (EXPERIMENTAL_ARC=),\1,'
 .endif
 .if !${PORT_OPTIONS:MEVENT}
 SEDLIST+=	-e 's,^\# (DISABLE_EVENT=),\1,'
 .endif
 .if ${PORT_OPTIONS:MINTERNATIONAL}
 SEDLIST+=	-e 's,^\# (SUPPORT_I18N=),\1,' \
 		-e 's,^\# (SUPPORT_I18N_2008=),\1,' \
 		-e 's,XX_IDN_LIBS_XX,-L${LOCALBASE}/lib -lidn -lidn2,'
 .else
 SEDLIST+=	-e 's,XX_IDN_LIBS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MSOCKS}
 SEDLIST+=	-e 's,^\# (SUPPORT_SOCKS=),\1,'
 .endif
 .if !${PORT_OPTIONS:MPRDR}
 SEDLIST+=	-e 's,^\# (DISABLE_PRDR=),\1,'
 .endif
 .if !${PORT_OPTIONS:MOCSP}
 SEDLIST+=	-e 's,^\# (DISABLE_OCSP=),\1,'
 .endif
 .if !${PORT_OPTIONS:MDNSSEC}
 SEDLIST+=	-e 's,^\# (DISABLE_DNSSEC=),\1,'
 .endif
 .if ${PORT_OPTIONS:MDMARC}
 SEDLIST+=	-e 's,XX_DMARC_LIBS_XX,-L${LOCALBASE}/lib -lopendmarc,' \
 		-e 's,^\# (SUPPORT_DMARC=),\1,'
 .else
 SEDLIST+=	-e 's,XX_DMARC_LIBS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MWISHLIST}
 EXTRA_PATCHES+=	`${FIND} ${PATCHDIR} -name 'wishlist-*.patch'`
 .endif
 .if ${PORT_OPTIONS:MFIXED_NEVER_USERS}
 SEDLIST+=	-e 's,^(FIXED_NEVER_USERS=).*,\1${WITH_FIXED_NEVER_USERS:S/,/\\,/g},'
 .endif
 .if ${PORT_OPTIONS:MEXIMON}
 SEDLIST+=	-e 's,^\# (EXIM_MONITOR=),\1,'
 .endif
 .if ${PORT_OPTIONS:MTLS}
 .if ! ${PORT_OPTIONS:MGNUTLS}
 USES+=		ssl
 SEDLIST+=	-e 's,^\# (USE_OPENSSL=),\1,'
 SEDLIST+=	-e 's,^\# (TLS_LIBS=.*-lssl[[:space:]]),\1,'
 BROKEN_SSL=	openssl31
 BROKEN_SSL_REASON=	error: token is not a valid binary operator in a preprocessor subexpression
 .else
 SEDLIST+=	-e 's,^\# (USE_GNUTLS=),\1,'
 SEDLIST+=	-e 's,^\# (TLS_LIBS=.*-lgnutls[[:space:]]),\1,'
 .endif
 .else # TLS support
 SEDLIST+=	-e 's,^\# (DISABLE_TLS=),\1,'
 .endif
 .if ${PORT_OPTIONS:MEMBEDDED_PERL}
 SEDLIST+=	-e 's,^\# (EXIM_PERL=),\1,'
 .endif
 .if ${PORT_OPTIONS:MICONV}
 SEDLIST+=	-e 's,XX_ICONV_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib ${ICONV_LIB},' \
 		-e 's,^\# (HAVE_ICONV=),\1,'
 .else
 SEDLIST+=	-e 's,XX_ICONV_LIBS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MOPENLDAP}
 LDAP_LIB_TYPE=	OPENLDAP2
 SEDLIST+=	-e 's,XX_LDAP_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -llber -lldap,' \
 		-e 's,XX_LDAP_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include,' \
 		-e 's,XX_LDAP_TYPE_XX,${LDAP_LIB_TYPE:S/,/\\,/g},' \
 		-e 's,^\# (LOOKUP_LDAP=),\1,'
 .else
 SEDLIST+=	-e 's,XX_LDAP_[^ ]*_XX,,' \
 		-e 's,^(LDAP_LIB_TYPE=),\# \1,'
 .endif
 .if ${PORT_OPTIONS:MBDB}
 INVALID_BDB_VER=	2 3 6 18
 DB_LIBS=	-L${BDB_LIB_DIR} -l${BDB_LIB_NAME}
 DB_INCLUDES=	-I${BDB_INCLUDE_DIR}
 .else
 DB_LIBS=
 DB_INCLUDES=
 SEDLIST+=	-e 's,^(DBMLIB=),\# \1,'
 .endif
 SEDLIST+=	-e 's,XX_DB_LIBS_XX,${DB_LIBS:S/,/\\,/g},' \
 		-e 's,XX_DB_INCLUDES_XX,${DB_INCLUDES:S/,/\\,/g},'
 .if ${PORT_OPTIONS:MLMDB}
 _LMDB_LIBS=	-L${LOCALBASE}/lib -llmdb
 _LMDB_INCLUDES=	-I${LOCALBASE}/include
 SEDLIST+=	-e 's,^\# (EXPERIMENTAL_LMDB=),\1,'
 .else
 _LMDB_LIBS=
 _LMDB_INCLUDES=
 .endif
 SEDLIST+=	-e 's,XX_LMDB_LIBS_XX,${_LMDB_LIBS:S/,/\\,/g},' \
 		-e 's,XX_LMDB_INCLUDES_XX,${_LMDB_INCLUDES:S/,/\\,/g},'
 .if ${PORT_OPTIONS:MMYSQL}
 SEDLIST+=	-e 's,XX_MYSQL_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib/mysql -l${_MYSQL_SHLIB:S/lib//},' \
 		-e 's,XX_MYSQL_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include/mysql,' \
 		-e 's,^\# (LOOKUP_MYSQL=),\1,'
 .else
 SEDLIST+=	-e 's,XX_MYSQL_[^ ]*_XX,,'
 .endif
 .if ${PORT_OPTIONS:MSASLAUTHD}
 SASLAUTHD_SOCKET?=	/var/run/saslauthd/mux
 SEDLIST+=	-e 's,^\# (CYRUS_SASLAUTHD_SOCKET=).*,\1${SASLAUTHD_SOCKET:S/,/\\,/g},'
 .endif
 .if ${PORT_OPTIONS:MPAM}
 SEDLIST+=	-e 's,XX_PAM_LIBS_XX,-lpam,' \
 		-e 's,^\# (SUPPORT_PAM=),\1,'
 .else
 SEDLIST+=	-e 's,XX_PAM_LIBS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MAUTH_CRAM_MD5}
 SEDLIST+=	-e 's,^\# (AUTH_CRAM_MD5=),\1,'
 .endif
 .if ${PORT_OPTIONS:MAUTH_PLAINTEXT}
 SEDLIST+=	-e 's,^\# (AUTH_PLAINTEXT=),\1,'
 .endif
 .if ${PORT_OPTIONS:MAUTH_DOVECOT}
 SEDLIST+=	-e 's,^\# (AUTH_DOVECOT=),\1,'
 .endif
 .if ${PORT_OPTIONS:MAUTH_SPA}
 SEDLIST+=	-e 's,^\# (AUTH_SPA=),\1,'
 .endif
 .if ${PORT_OPTIONS:MAUTH_SASL}
 SEDLIST+=	-e 's,^\# (AUTH_CYRUS_SASL=),\1,' \
 		-e 's,^\# (AUTH_LIBS=.*-lsasl2),\1,'
 .endif
 .if ${PORT_OPTIONS:MAUTH_TLS}
 SEDLIST+=	-e 's,^\# (AUTH_TLS=),\1,'
 .endif
 .if ${PORT_OPTIONS:MAUTH_RADIUS}
 WITH_RADIUS_TYPE?=	RADLIB
 .if ${WITH_RADIUS_TYPE:tl} == radlib
 SEDLIST+=	-e 's,XX_RADIUS_LIBS_XX,-lradius,' \
 		-e 's,^\# (RADIUS_CONFIG_FILE=).*,\1/etc/radius.conf,' \
 		-e 's,^\# (RADIUS_LIB_TYPE=).*,\1RADLIB,'
 .elif ${WITH_RADIUS_TYPE:tl} == radiusclient
 LIB_DEPENDS+=	libfreeradius-client.so:net/freeradius-client
 SEDLIST+=	-e 's,XX_RADIUS_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -lfreeradius-client,' \
 		-e 's,^\# (RADIUS_CONFIG_FILE=).*,\1${LOCALBASE:S/,/\\,/g}/etc/radiusclient/radiusclient.conf,' \
 		-e 's,^\# (RADIUS_LIB_TYPE=).*,\1RADIUSCLIENTNEW,'
 .else
 IGNORE=		the variable WITH_RADIUS_TYPE must be either RADLIB or RADIUSCLIENT
 .endif
 .else
 SEDLIST+=	-e 's,XX_RADIUS_LIBS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MPGSQL}
 SEDLIST+=	-e 's,XX_PGSQL_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -lpq,' \
 		-e 's,XX_PGSQL_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include/pgsql,' \
 		-e 's,^\# (LOOKUP_PGSQL=),\1,'
 .else
 SEDLIST+=	-e 's,XX_PGSQL_[^ ]*_XX,,'
 .endif
 .if ! ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MMYSQL} && !defined(LDAP_LIB_TYPE) && \
    ! ${PORT_OPTIONS:MBDB} && ! ${PORT_OPTIONS:MLMDB}
 SEDLIST+=	-e 's,^(LOOKUP_LIBS=),\# \1,' \
 		-e 's,^(LOOKUP_INCLUDE=),\# \1,'
 .endif
 .if ! ${PORT_OPTIONS:MDNSDB}
 SEDLIST+=	-e 's,^(LOOKUP_DNSDB=),\# \1,'
 .endif
 .if ${PORT_OPTIONS:MMAILDIR}
 SEDLIST+=	-e 's,^\# (SUPPORT_MAILDIR=),\1,'
 .endif
 .if ${PORT_OPTIONS:MMAILSTORE}
 SEDLIST+=	-e 's,^\# (SUPPORT_MAILSTORE=),\1,'
 .endif
 .if ${PORT_OPTIONS:MMBX}
 SEDLIST+=	-e 's,^\# (SUPPORT_MBX=),\1,'
 .endif
 .if ${PORT_OPTIONS:MCDB}
 SEDLIST+=	-e 's,^\# (LOOKUP_CDB=),\1,'
 .endif
 .if ${PORT_OPTIONS:MDSEARCH}
 SEDLIST+=	-e 's,^\# (LOOKUP_DSEARCH=),\1,'
 .endif
 .if ! ${PORT_OPTIONS:MLSEARCH}
 SEDLIST+=	-e 's,^(LOOKUP_LSEARCH=),\# \1,'
 .endif
 .if ${PORT_OPTIONS:MNIS}
 SEDLIST+=	-e 's,^\# (LOOKUP_NIS=),\1,'
 .endif
 .if ${PORT_OPTIONS:MPASSWD}
 SEDLIST+=	-e 's,^\# (LOOKUP_PASSWD=),\1,'
 .endif
 .if ${PORT_OPTIONS:MSQLITE}
 SEDLIST+=	-e 's,XX_SQLITE_LIBS_XX,`pkg-config --static --libs sqlite3`,' \
 		-e 's,XX_SQLITE_FLAGS_XX,`pkg-config --cflags sqlite3`,' \
 		-e 's,^\# (LOOKUP_SQLITE=),\1,'
 .else
 SEDLIST+=	-e 's,XX_SQLITE_LIBS_XX,,' \
 		-e 's,XX_SQLITE_FLAGS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MREDIS}
 SEDLIST+=	-e 's,XX_REDIS_LIBS_XX,-L${LOCALBASE}/lib -lhiredis,' \
 		-e 's,^\# (LOOKUP_REDIS=),\1,' \
 		-e 's,^\# (REDIS=),\1,'
 .else
 SEDLIST+=	-e 's,XX_REDIS_LIBS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MLMTP}
 SEDLIST+=	-e 's,^\# (TRANSPORT_LMTP=),\1,'
 .endif
 .if ! ${PORT_OPTIONS:MALT_CONFIG_PREFIX}
 SEDLIST+=	-e 's,^(ALT_CONFIG_PREFIX=),\# \1,'
 .endif
 .if ${PORT_OPTIONS:MSPF}
 SEDLIST+=	-e 's,XX_SPF_FLAGS_XX,-DSPF,' \
 		-e 's,XX_SPF_LIBS_XX,-L${LOCALBASE}/lib -lspf2 -lpthread,' \
 		-e 's,^\# (SUPPORT_SPF=),\1,'
 .else
 SEDLIST+=	-e 's,XX_SPF_FLAGS_XX,,' \
 		-e 's,XX_SPF_LIBS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MSRS}
 SEDLIST+=	-e 's,XX_SRS_FLAGS_XX,-DSUPPORT_SRS,' \
 		-e 's,XX_SRS_LIBS_XX,,'
 .elif ${PORT_OPTIONS:MOLD_SRS}
 LIB_DEPENDS+=	libsrs_alt.so:mail/libsrs_alt
 SEDLIST+=	-e 's,XX_SRS_FLAGS_XX,-DEXPERIMENTAL_SRS_ALT,' \
 		-e 's,XX_SRS_LIBS_XX,-L${LOCALBASE}/lib -lsrs_alt,'
 .else
 SEDLIST+=	-e 's,XX_SRS_FLAGS_XX,,' \
 		-e 's,XX_SRS_LIBS_XX,,'
 .endif
 .if ${PORT_OPTIONS:MREADLINE}
 SEDLIST+=	-e 's,^\# (USE_READLINE=),\1,'
 .endif
 .if ${PORT_OPTIONS:MCONTENT_SCAN}
 SEDLIST+=	-e 's,^\# (WITH_CONTENT_SCAN=),\1,'
 .endif
 .if !defined(EXIMON_ONLY) && ${PORT_OPTIONS:MDAEMON}
 USE_RC_SUBR=	exim
 PLIST_SUB+=	EXIMDAEMON=""
 SUB_LIST+=	LOGDIR="${LOGDIR}"
 .else
 PLIST_SUB+=	EXIMDAEMON="@comment "
 .endif
 .if ${PORT_OPTIONS:MIPV6}
 SEDLIST+=	-e 's,^\# (HAVE_IPV6=),\1,'
 .endif
 .if ${PORT_OPTIONS:MDISABLE_D_OPT}
 SEDLIST+=	-e 's,^\# (DISABLE_D_OPTION=),\1,'
 .else
 .if defined(WHITELIST_D_MACROS)
 SEDLIST+=	-e 's,^\# (WHITELIST_D_MACROS=).*$$,\1${WHITELIST_D_MACROS:S/,/\\,/g},'
 .endif
 .endif
 .if defined(TRUSTED_CONFIG_LIST)
 SEDLIST+=	-e 's,^\# (TRUSTED_CONFIG_LIST=).*$$,\1${TRUSTED_CONFIG_LIST:S/,/\\,/g},'
 .endif
 .if ${PORT_OPTIONS:MQUEUEFILE}
 SEDLIST+=	-e 's,^\# (EXPERIMENTAL_QUEUEFILE=),\1,'
 .endif
 MAKE_ENV+=	INSTALL_ARG="${EXIM_INSTALL_ARG}"
 DUMMY_LDFLAGS!=	${ECHO_CMD} ${LDFLAGS} | ${SED} -e 's|-Wl,-rpath|-Wl,-DUMMYrpath|g; s|-rpath|-Wl,-rpath|g; s|-DUMMYrpath|-rpath|g'
 pre-everything::
 	@${ECHO} 'Exim now drops privileges when alternate configuration'
 	@${ECHO} 'files are used.  You can set make variable TRUSTED_CONFIG_LIST'
 	@${ECHO} 'to specify the list of configuration files for which'
 	@${ECHO} 'root privileges will be retained.'
 	@${ECHO} ''
 	@${ECHO} 'You can whitelist some macros using the make variable'
 	@${ECHO} 'WHITELIST_D_MACROS.  This is useful if you are running'
 	@${ECHO} 'with DISABLE_D_OPT set, but macros whitelisting will be'
 	@${ECHO} 'removed in some future Exim release, so it is better'
 	@${ECHO} 'to use TRUSTED_CONFIG_LIST to set the list of trusted'
 	@${ECHO} 'configuration files.'
 .if empty(.MAKEFLAGS:M-s) && ${PORT_OPTIONS:MWISHLIST}
 	@${ECHO} ''
 	@${ECHO} 'Included extra patches:'
 	@${FIND} ${PATCHDIR} -name 'wishlist-*.patch' \
 	    -exec ${SED} -ne 's,^# , ,p' {} \;
 	@${ECHO} ''
 .endif
 post-extract:
 .if ${PORT_OPTIONS:MSA_EXIM}
 	@cd ${WRKDIR} && ${TAR} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/sa-exim-${SA_EXIM_VERSION}.tar.gz ${EXTRACT_AFTER_ARGS}
 	@@${CP} ${WRKDIR}/sa-exim-${SA_EXIM_VERSION}/sa-exim.c ${WRKSRC}/Local
 	@@${CP} ${WRKDIR}/sa-exim-${SA_EXIM_VERSION}/sa-exim.conf ${WRKSRC}/Local
 .endif
 do-configure:
 	@${MKDIR} ${WRKSRC}/Local
 	@${SED} -E ${SEDLIST} ${WRKSRC}/src/EDITME > ${WRKSRC}/Local/Makefile
 .if ${PORT_OPTIONS:MEXIMON}
 	@${CP} ${WRKSRC}/exim_monitor/EDITME ${WRKSRC}/Local/eximon.conf
 .endif
 	@${REINPLACE_CMD} -E ${SEDLIST} ${WRKSRC}/src/configure.default
 	@${REINPLACE_CMD} -e 's!$$(LDFLAGS)!$$(DUMMY_LDFLAGS) -L$${LOCALBASE}/lib!' ${WRKSRC}/OS/Makefile-Base
 	@${REINPLACE_CMD} -e 's/"(Exim $$version_number)\\n\\t"/"(Exim $$version_number (${OPSYS}))\\n\\t"/' \
 		${WRKSRC}/src/globals.c
 	@${REINPLACE_CMD} -e 's/Exim version %s \(#%s \)\{0,1\}/&(${OPSYS} ${OSREL}) /' ${WRKSRC}/src/exim.c
 	@${REINPLACE_CMD} -e 's/^#include "cnumber\.h"$$/${PORTREVISION}/' ${WRKSRC}/src/version.c
 	@${REINPLACE_CMD} -E -e 's/^(PERL_COMMAND=).*/\1${PERL:S,/,\/,g}/' \
 		-e 's/^(CC=).*/\1${CC:S,/,\/,g}/' ${WRKSRC}/OS/Makefile-Default
 .if ${PORT_OPTIONS:MSA_EXIM}
 	@${REINPLACE_CMD} -E -e 's/^\# (HAVE_LOCAL_SCAN=).*/\1yes/' \
 		${WRKSRC}/OS/Makefile-Default
 	@${REINPLACE_CMD} -E -e 's/^(LOCAL_SCAN_SOURCE=).*/\1Local\/sa-exim.c/' \
 		${WRKSRC}/OS/Makefile-Default
 	@{ \
 	    ${ECHO_CMD} "char *version=\"${SA_EXIM_VERSION}\";"; \
 	    ${ECHO_CMD} "#define SPAMC_LOCATION		\"${LOCALBASE}/bin/spamc\""; \
 	    ${ECHO_CMD} "#define SPAMASSASSIN_CONF	\"${PREFIX}/etc/exim/sa-exim.conf\""; \
 	} > ${WRKSRC}/Local/sa-exim.h
 	@${REINPLACE_CMD} -e 's,/usr/bin/spamc,${LOCALBASE}/bin/spamc,' \
 	    ${WRKSRC}/Local/sa-exim.conf
 .endif
 	@(cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} configure)
 post-build:
 .for script in ${DAILY_SCRIPTS}
 	@${SED} ${SED_SCRIPT} ${FILESDIR}/${script}.sh > ${WRKDIR}/${script}.sh
 .endfor
 	@${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES > \
 		${WRKDIR}/POST-INSTALL-NOTES
 	@${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES.clamd > ${WRKDIR}/POST-INSTALL-NOTES.clamd
 	@${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES > ${WRKDIR}/POST-INSTALL-NOTES
 	@[ ! -f ${PKGDIR}/pkg-message ] || ${SED} ${SED_SCRIPT} ${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message
 .if !defined(EXIMON_ONLY)
 post-install:
 .if ${PORT_OPTIONS:MDAEMON}
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/daily
 .for script in ${DAILY_SCRIPTS}
 	${INSTALL_SCRIPT} ${WRKDIR}/${script}.sh ${STAGEDIR}${PREFIX}/etc/periodic/daily/${script}
 .endfor
 .endif
 	@${MKDIR} -m 750 ${STAGEDIR}${LOGDIR}
 	${INSTALL_MAN} ${WRKSRC}/doc/exim.8 ${STAGEDIR}${PREFIX}/share/man/man8
 .if ${PORT_OPTIONS:MDOCS}
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKDIR}/POST-INSTALL-NOTES ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKDIR}/POST-INSTALL-NOTES.clamd ${STAGEDIR}${DOCSDIR}
 .for docfile in ${PORTDOC_BASE}
 	${INSTALL_DATA} ${WRKSRC}/${docfile} ${STAGEDIR}${DOCSDIR}
 .endfor
 .for docfile in ${PORTDOC_FILES}
 	${INSTALL_DATA} ${WRKSRC}/doc/${docfile} ${STAGEDIR}${DOCSDIR}
 .endfor
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 .for example in ${PORT_EXAMPLES}
 	${INSTALL_SCRIPT} ${WRKSRC}/build-${OPSYS}-${ARCH}/${example} ${STAGEDIR}${EXAMPLESDIR}
 .endfor
 .endif
 .if ${PORT_OPTIONS:MSA_EXIM}
 	${INSTALL_DATA} ${WRKSRC}/Local/sa-exim.conf \
 		${STAGEDIR}${PREFIX}/etc/exim/sa-exim.conf.sample
 .endif
 .endif # ! defined(EXIMON_ONLY)
 .include <bsd.port.pre.mk>
 # If using clang, avoid too many warnings due to Exim code style
 .if ${CHOSEN_COMPILER_TYPE} == "clang"
 EXIM_WARN_FLAGS?=	-Wno-logical-op-parentheses -Wno-macro-redefined -Wno-parentheses -Wno-dangling-else
 .endif
 CFLAGS+=	${EXIM_WARN_FLAGS}
 .include <bsd.port.post.mk>
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@ -0,0 +1,5 @@
 TIMESTAMP = 1765991031
 SHA256 (exim/exim-4.99.1.tar.bz2) = 9152a6e8a76103b33ea3fef255d8b296f368c9b0f710cd4ef4fd54fca6a742ae
 SIZE (exim/exim-4.99.1.tar.bz2) = 2135201
 SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1
 SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933
--- a/mail/exim/files/150.exim-tidydb.sh
+++ b/mail/exim/files/150.exim-tidydb.sh
@ -0,0 +1,49 @@
 #!/bin/sh
 #
 # Exim hints database maintenance
 # 
 #   contributed by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
 #
 # If there is a global system configuration file, suck it in.
 #
 if [ -r /etc/defaults/periodic.conf ]; then
    . /etc/defaults/periodic.conf
    source_periodic_confs
 fi
 : ${exim_tidydb_enable="YES"}
 : ${exim_tidydb="%%PREFIX%%/sbin/exim_tidydb"}
 # Set this to arbitrary shell command to filter
 # the output from this periodic script, for example,
 # exim_tidydb_filter="| tail -100".
 : ${exim_tidydb_filter=""}
 : ${exim_dbdir="/var/spool/exim"}
 tidy () {
 	for db in "$exim_dbdir"/db/*.lockfile; do
 	    [ "$db" = "$exim_dbdir/db/*.lockfile" ] && continue
 	    echo
 	    db_name=`basename "$db" .lockfile`
 	    if [ -e "${exim_dbdir}/db/${db_name}.db" ]; then
 	        "$exim_tidydb" "$exim_dbdir" "$db_name"
 	    fi
 	done
 }
 case "$exim_tidydb_enable" in
    [Yy][Ee][Ss])
 	echo ""
 	echo "Tidying Exim hints databases:"
 	eval tidy "$exim_tidydb_filter"
 	if [ $? = 0 ]; then
 		rc=0
 	else
 		rc=1
 	fi
 	;;
    *)  rc=0;;
 esac
 exit $rc
--- a/mail/exim/files/460.exim-mail-rejects.sh
+++ b/mail/exim/files/460.exim-mail-rejects.sh
@ -0,0 +1,66 @@
 #!/bin/sh
 #
 # Check for rejected mail
 # Log lines that end with ' : IGNORE' will not be reported
 # 
 #   contributed by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
 #
 # If there is a global system configuration file, suck it in.
 #
 if [ -r /etc/defaults/periodic.conf ]
 then
    . /etc/defaults/periodic.conf
    source_periodic_confs
 fi
 : ${exim_status_mail_rejects_enable="YES"}
 : ${exim_status_mail_rejects_logs=2}
 : ${exim_rejectlog="%%LOGDIR%%/rejectlog"}
 case "$exim_status_mail_rejects_enable" in
    [Yy][Ee][Ss])
 	if [ ! -d `dirname "$exim_rejectlog"` ]
 	then
 	    echo '$exim_status_mail_rejects_enable is set but' \
 		"`dirname "$exim_rejectlog"` doesn't exist"
 	    rc=2
 	elif [ "$exim_status_mail_rejects_logs" -le 0 ]
 	then
 	    echo '$exim_status_mail_rejects_enable is set but' \
 		'$exim_status_mail_rejects_logs is not greater than zero'
 	    rc=2
 	else
 	    echo
 	    echo "Checking for rejected mail:"
 	    start=`date -v-1d '+%Y-%m-%d'`
 	    n=$(($exim_status_mail_rejects_logs - 2))
 	    rc=$({
 		while [ $n -ge 0 ]
 		do
 		    if [ -f "$exim_rejectlog.$n" ]
 		    then
 			cat "$exim_rejectlog.$n"
 		    elif [ -f "$exim_rejectlog.$n.gz" ]
 		    then
 			zcat -fc "$exim_rejectlog.$n.gz"
 		    elif [ -f "$exim_rejectlog.$n.bz2" ]
 		    then
 			bzcat -fc "$exim_rejectlog.$n.bz2"
 		    fi
 		    n=$(($n - 1))
 		done
 		if [ -f "$exim_rejectlog" ]
 		then
 		    cat "$exim_rejectlog"
 		fi
 	    } |
 		grep -e "^$start" | grep -v ' : IGNORE$' | tee /dev/stderr | wc -l)
 	    [ $rc -gt 0 ] && rc=1
 	fi;;
    *)  rc=0;;
 esac
 exit $rc
--- a/mail/exim/files/POST-INSTALL-NOTES
+++ b/mail/exim/files/POST-INSTALL-NOTES
@ -0,0 +1,48 @@
 [
 { type: install
  message: <<EOM
 The following documentation has been installed:
  man exim                              -> Exim options (command line)
  %%DOCSDIR%%/spec.txt    -> Exim Specification (User Guide)
  %%DOCSDIR%%/filter.txt  -> Exim Filter Specification (for end-users)
 Postscript, PDF, HTML and texinfo versions of these documents can be
 installed via one of the mail/exim-doc-* ports.
 An online version as well as a comprehensive FAQ and a mailing list
 archive is available at:
  http://www.exim.org/
 Descriptions of new features not available it the manual, and a listing
 of all changes, including bug fixes are documented in:
  %%DOCSDIR%%/NewStuff
  %%DOCSDIR%%/ChangeLog
 To use Exim instead of sendmail on startup:
 *) Clear the sendmail queue and stop the sendmail daemon.
 *) Adjust mailer.conf(5) as appropriate.
 *) Set the 'sendmail_enable' rc.conf(5) variable to 'NONE'.
 *) Set the 'daily_status_include_submit_mailq' and
   'daily_clean_hoststat_enable' periodic.conf(5)
   variables to 'NO'.
 *) Consider setting 'daily_queuerun_enable' and
   'daily_submit_queuerun' to "NO" in periodic.conf(5),
   if you intend to manage queue runners / deliveries closely.
 *) Set the 'exim_enable' rc.conf(5) variable to 'YES'.
 *) Start exim with '%%PREFIX%%/etc/rc.d/exim start'.
 You may also want to configure newsyslog(8) to rotate Exim log files:
 %%LOGDIR%%/mainlog	mailnull:mail 640 7 * @T00 ZN
 %%LOGDIR%%/rejectlog	mailnull:mail 640 7 * @T00 ZN
 Additional scripts to help upgrading are installed in:
  %%EXAMPLESDIR%%
 EOM
 }
 ]
--- a/mail/exim/files/POST-INSTALL-NOTES.clamd
+++ b/mail/exim/files/POST-INSTALL-NOTES.clamd
@ -0,0 +1,52 @@
 [
 { type: install
  message: <<EOM
 The following steps will enable clamd malware scanning using exiscan ACLs.
 It is important to follow them in sequence.
 *  Install security/clamav from the ports tree.
 *  Confirm that user clamav was added to the mail group in /etc/group.
 *  Confirm that /var/log/clamav and /var/run/clamav exist and are owned
   by clamav:clamav.
 *  In Exim's configure file, set av_scanner=clamd:/var/run/clamav/clamd
 *  Adjust the exiscan ACLs in Exim's configure file.  Make sure you use
   the demime option with the malware check, e.g.:
   deny message = This message contains malware ($malware_name)
 	demime  = *
 	malware = *
 *  Edit clamav.conf as follows:
 	LogFile /var/log/clamav/clamd.log
 	PidFile /var/run/clamav/clamd.pid
 	LocalSocket /var/run/clamav/clamd
 	User clamav
 	AllowSupplementaryGroups
 	ScanArchive
 	ScanMail
   You may wish to make other changes as well.
 *  Make sure clamd_enable="YES" has been added to /etc/rc.conf; this is
   required by the clamav port's startup script,
   %%RC_DIR%%/clamd%%RC_SUFX%% .
 *  Run freshclam.
 *  Add a cron job that runs freshclam --daemon-notify --quiet at least
   once a day.
 *  Start clamd with %%RC_DIR%%/clamd%%RC_SUFX%% start .
 *  Start Exim with %%RC_DIR%%/exim%%RC_SUFX%% start .
 Sheldon Hearn <sheldonh@FreeBSD.org>
 EOM
 }
 ]
--- a/mail/exim/files/exim.in
+++ b/mail/exim/files/exim.in
@ -0,0 +1,60 @@
 #!/bin/sh
 # PROVIDE: mail
 # REQUIRE: LOGIN
 # KEYWORD: shutdown
 #	we make mail start late, so that things like .forward's are not
 #	processed until the system is fully operational
 #
 # Add the following lines to /etc/rc.conf to enable exim:
 #
 #exim_enable="YES"
 #
 # See exim(8) for flags
 #
 . /etc/rc.subr
 name=exim
 rcvar=exim_enable
 command=%%PREFIX%%/sbin/exim
 pidfile=/var/run/exim.pid
 required_dirs=%%LOGDIR%%
 required_files=%%PREFIX%%/etc/exim/configure
 start_precmd=start_precmd
 stop_postcmd=stop_postcmd
 extra_commands="reload"
 start_precmd()
 {
  case $sendmail_enable in
  [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
    warn "sendmail_enable should be set to NONE"
    ;;
  [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
    case $sendmail_submit_enable in
    [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
      warn "sendmail_submit_enable should be set to NO"
      ;;
    esac
    ;;
  [Nn][Oo][Nn][Ee])
    ;;
  esac
 }
 stop_postcmd()
 {
  rm -f $pidfile
 }
 # read settings, set default values
 load_rc_config $name
 : ${exim_enable="NO"}
 : ${exim_flags="-bd -q30m"}
 run_rc_command "$1"
--- a/mail/exim/files/extra-patch-Local-sa-exim.c
+++ b/mail/exim/files/extra-patch-Local-sa-exim.c
@ -0,0 +1,225 @@
 --- Local/sa-exim.c.orig	2025-12-18 04:08:13.593344000 +0100
 +++ Local/sa-exim.c	2025-12-18 04:10:17.527828000 +0100
@@ -29,10 +29,7 @@
 #include "sa-exim.h"
 /* Exim includes */
 -#include "local_scan.h"
 -extern FILE   *smtp_out;               /* Exim's incoming SMTP output file */
 -extern int     body_linecount;         /* Line count in body */
 -extern uschar *primary_hostname;
 +#include <local_scan.h>
 #ifdef DLOPEN_LOCAL_SCAN
@@ -409,6 +406,11 @@
 	    if (buffer[strlen(buffer)-1] == '\n')
 	    {
 		buffer[strlen(buffer)-1]=0;
 +		/* and any carriage return */
 +		if (buffer[strlen(buffer)-1] == '\r')
 +		{
 +		    buffer[strlen(buffer)-1]=0;
 +		}
 	    }
 	    if (SAEximDebug > 5)
 	    {
@@ -515,6 +517,7 @@
     int pid;
     int writefd[2];
     int readfd[2];
 +    char *spamc_argv[10];
     int i;
     /* These are the only values that we want working after the longjmp 
      * The automatic ones can be clobbered, but we don't really care */
@@ -536,8 +539,8 @@
     time_t beforescan;
     time_t afterscan;
     time_t afterwait;
 -    time_t scantime=0;
 -    time_t fulltime=0;
 +    int scantime=0;
 +    int fulltime=0;
     struct stat stbuf;
     uschar *expand;
@@ -550,8 +553,9 @@
     static char *SAspamcpath=SPAMC_LOCATION;
     static char *SAsafemesgidchars=SAFEMESGIDCHARS
     static char *SAspamcSockPath=NULL;
 -    static char *SAspamcPort="783";
 -    static char *SAspamcHost="127.0.0.1";
 +    static char *SAspamcPort=NULL;
 +    static char *SAspamcHost=NULL;
 +    static char *SAspamcUser=NULL;
     static char *SAEximRunCond="0";
     static char *SAEximRejCond="1";
     static int SAmaxbody=250*1024;
@@ -602,6 +606,10 @@
     /* Do not put a %s in there, or you'll segfault */
     static char *SAmsgerror="Temporary local error while processing message, please contact postmaster";
 +    /* This needs to be retrieved through expand_string in order
 +       not to violate the API. */
 +    uschar *primary_hostname=expand_string("$primary_hostname");
 +
     /* New values we read from spamassassin */
     char *xspamstatus=NULL;
     char *xspamflag=NULL;
@@ -712,6 +720,7 @@
 	    M_CHECKFORSTR(SAspamcSockPath);
 	    M_CHECKFORSTR(SAspamcPort);
 	    M_CHECKFORSTR(SAspamcHost);
 +	    M_CHECKFORSTR(SAspamcUser);
 	    M_CHECKFORSTR(SAEximRunCond);
 	    M_CHECKFORSTR(SAEximRejCond);
 	    M_CHECKFORVAR(SAmaxbody, "%d");
@@ -914,6 +923,22 @@
 	ret=dup2(readfd[1],2);
 	CHECKERR(ret,"dup2 stderr",__LINE__);
 +	i = 0;
 +	spamc_argv[i++] = "spamc";
 +	if (SAspamcUser && SAspamcUser[0])
 +	{
 +	    expand=expand_string(SAspamcUser);
 +	    if (expand == NULL)
 +	    {
 +		log_write(0, LOG_MAIN | LOG_PANIC, "SA: SAspamcUser expansion failure on %s, will run as Exim user instead.", SAspamcUser);
 +	    }
 +	    else if (expand[0] != '\0')
 +	    {
 +		spamc_argv[i++] = "-u";
 +		spamc_argv[i++] = expand;
 +	    }
 +	}
 +
 	/* 
          * I could implement the spamc protocol and talk to spamd directly
          * instead of forking spamc, but considering the overhead spent
@@ -924,17 +949,30 @@
 	/* Ok, we cheat, spamc cares about how big the whole message is and
          * we only know about the body size, so I'll  give an extra 16K
          * to account for any headers that can accompany the message */
 +
 +	spamc_argv[i++] = "-s";
 +	spamc_argv[i++] = string_sprintf("%d", SAmaxbody+16384);
 +
 	if(SAspamcSockPath)
 	{
 -	    ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-U", SAspamcSockPath, NULL);
 -	    CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
 +    	    spamc_argv[i++] = "-U";
 +	    spamc_argv[i++] = SAspamcSockPath;
 	}
 	else
 	{
 -	    ret=execl(SAspamcpath, "spamc", "-s", string_sprintf("%d", SAmaxbody+16384), "-d", SAspamcHost, "-p", SAspamcPort, NULL);
 -	    CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
 +	    if (SAspamcHost) {
 +		spamc_argv[i++] = "-d";
 +		spamc_argv[i++] = SAspamcHost;
 +	    }
 +	    if (SAspamcPort) {
 +		spamc_argv[i++] = "-p";
 +		spamc_argv[i++] = SAspamcPort;
 +	    }
 	}
 -	
 +	spamc_argv[i++] = NULL;
 +
 +	ret=execv(SAspamcpath, spamc_argv);
 +	CHECKERR(ret,string_sprintf("exec %s", SAspamcpath),__LINE__);
     }
     if (SAEximDebug > 8)
@@ -1045,6 +1083,11 @@
 	if (buffer[strlen(buffer)-1] == '\n')
 	{
 	    buffer[strlen(buffer)-1]=0;
 +	    /* and any carriage return */
 +	    if (buffer[strlen(buffer)-1] == '\r')
 +	    {
 +		buffer[strlen(buffer)-1]=0;
 +	    }
 	}
 restart:
 	if (SAEximDebug > 5)
@@ -1154,7 +1197,7 @@
 	{
 	    if (SAEximDebug > 5)
 	    {
 -		log_write(0, LOG_MAIN, "SA: Debug6: spamc read got newline, end of headers", buffer);
 +		log_write(0, LOG_MAIN, "SA: Debug6: spamc read got newline, end of headers");
 	    }
 	    goto exit;
 	}
@@ -1214,11 +1257,11 @@
 	{
 	    if (SAEximDebug > 8)
 	    {
 -		log_write(0, LOG_MAIN, "SA: Debug9: Read body from SA; line %d (read %d)", line, strlen(buffer));
 +		log_write(0, LOG_MAIN, "SA: Debug9: Read body from SA; line %d (read %zd)", line, strlen(buffer));
 	    }
 	    stret=write(fd, buffer, strlen(buffer));
 -	    CHECKERR(stret,string_sprintf("SA body write to msg"),__LINE__);
 +	    CHECKERR(stret,string_sprintf("%s", "SA body write to msg"),__LINE__);
 	    if (SAEximDebug > 8)
 	    {
 		log_write(0, LOG_MAIN, "SA: Debug9: Wrote to msg; line %d (wrote %d)", line, ret);
@@ -1229,18 +1272,20 @@
 	    }
 	}
 +	
 	if (SAEximDebug > 1)
 	{
 	    log_write(0, LOG_MAIN, "SA: Debug2: body_linecount before SA: %d", body_linecount);
 	}
 	/* update global variable $body_linecount to reflect the new body size*/
 -	body_linecount = (line - 1);
 +	if (body_linecount > 0) body_linecount = (line - 1); // Not updating if zero, indicating spool_wireformat
 	if (SAEximDebug > 1)
 	{
 	    log_write(0, LOG_MAIN, "SA: Debug2: body_linecount after SA: %d", body_linecount);
 	}
 +
     }
     fclose((FILE *)readfh);
@@ -1331,6 +1376,9 @@
 	if (dorej && doteergrube)
 	{
 +	    char *teergrubewaitstr;
 +	    teergrubewaitstr=string_sprintf(SAmsgteergrubewait, spamstatus);
 +
 	    /* By default, we'll only save temp bounces by message ID so
 	     * that when the same message is submitted several times, we
 	     * overwrite the same file on disk and not create a brand new
@@ -1353,20 +1401,8 @@
 	    for (i=0;i<SAteergrubetime/10;i++)
 	    {
 -		char *str;
 -		
 -		/* Unfortunately, we can't use exim's smtp_printf because it
 -		 * doesn't return an error code if the write gets an EPIPE.
 -		 * So, we write ourselves, but this won't work if you have a
 -		 * TLS connection opened (that said, if you are teergrubing
 -		 * a TLS connection, it's probably a relay host, not a
 -		 * spammer, and in this case you should not teergrube a
 -		 * friendly relay, so basically we should be ok).
 -		 * If you do teergrube an SSL connection with the current
 -		 * code, you will break it, but that's acceptable */
 -		str=string_sprintf(string_sprintf("451- %s\r\n",SAmsgteergrubewait), spamstatus);
 -		fprintf(smtp_out, str);
 -		ret=fflush(smtp_out);
 +		smtp_printf("451-%s\r\n", FALSE, teergrubewaitstr);
 +		ret=smtp_fflush(TRUE);
 		if (ret != 0)
 		{
 		    log_write(0, LOG_MAIN | LOG_REJECT, "SA: Action: teergrubed sender for %d secs until it closed the connection: %s (scanned in %d/%d secs | Message-Id: %s). %s", i*10, spamstatus, scantime, fulltime, safemesgid, mailinfo);
--- a/mail/exim/files/extra-patch-Local-sa-exim.conf
+++ b/mail/exim/files/extra-patch-Local-sa-exim.conf
@ -0,0 +1,24 @@
 --- Local/sa-exim.conf.orig	2005-03-08 20:35:43 UTC
 +++ Local/sa-exim.conf
@@ -49,11 +49,17 @@ SAspamcpath: /usr/bin/spamc
 # you set it, it will override the two TCP connect options below
 #SAspamcSockPath: /var/run/spamd.sock
 -# SAspamcHost / SAspamcPort: TCP socket where your spamd is listening
 -# Shown below are the defaults:
 -SAspamcHost: 127.0.0.1
 -SAspamcPort: 783
 +# SAspamcHost / SAspamcPort: TCP socket where your spamd is listening.
 +# Default is to let spamc use any settings in spamc.conf.
 +#SAspamcHost: 127.0.0.1
 +#SAspamcPort: 783
 +# SAspamcUser: The username passed to spamc. Some tricks are needed to 
 +# decide on one user when there are many recipients. This string is of
 +# course expanded. If unset or empty, spamc will use the user Exim 
 +# runs as. We suggest that you decide what username to use in the ACLs
 +# and set an ACL variable.
 +#SAspamcUser: $acl_m2
 # Exim configuration string to run before running SA against the message
 # This decides whether SA gets run against the message or not.  This
--- a/mail/exim/files/patch-Makefile
+++ b/mail/exim/files/patch-Makefile
@ -0,0 +1,11 @@
 --- Makefile.orig	2025-12-17 18:05:41.764604000 +0100
 +++ Makefile	2025-12-17 18:08:15.055964000 +0100
@@ -70,7 +70,7 @@
 # Configure-Makefile script. This does its own dependency checking because of
 # the optional files.
 -configure: checks build-directory \
 +configure: build-directory \
 		scripts/lookups-Makefile scripts/drivers-Makefile
 	@cd build-$(buildname); \
 	  build=$(build) $(SHELL) ../scripts/Configure-Makefile
--- a/mail/exim/files/patch-OS__Makefile-FreeBSD
+++ b/mail/exim/files/patch-OS__Makefile-FreeBSD
@ -0,0 +1,13 @@
 --- OS/Makefile-FreeBSD.orig	2023-04-09 09:45:04.226201000 +0200
 +++ OS/Makefile-FreeBSD	2023-04-09 09:48:01.819463000 +0200
@@ -18,8 +18,8 @@
 # Dynamically loaded modules need to be built with -fPIC
 CFLAGS_DYNAMIC=-shared -rdynamic -fPIC
 -# FreeBSD always ships with Berkeley DB
 -USE_DB=yes
 +# FreeBSD ships with Berkeley DB until 13.1, but ndbm is always included
 +USE_NDBM=yes
 # This code for building outside ports suggested by Richard Clayton
 .ifdef   X11BASE
--- a/mail/exim/files/patch-exim_monitor-em_hdr.h
+++ b/mail/exim/files/patch-exim_monitor-em_hdr.h
@ -0,0 +1,11 @@
 --- exim_monitor/em_hdr.h.orig	2019-12-08 12:53:48 UTC
 +++ exim_monitor/em_hdr.h
@@ -95,6 +95,8 @@ this interface so that this kind of kludge isn't neede
 #endif
 typedef void hctx;
 +typedef unsigned long ulong;
 +
 #include "local_scan.h"
 #include "macros.h"
 #include "structs.h"
--- a/mail/exim/files/patch-scripts__exim_install
+++ b/mail/exim/files/patch-scripts__exim_install
@ -0,0 +1,111 @@
 --- scripts/exim_install.orig	2016-12-18 14:02:28.000000000 +0000
 +++ scripts/exim_install	2017-01-02 11:48:46.939703000 +0000
@@ -29,6 +29,7 @@
 do_chown=yes
 do_symlink=yes
 +do_info=yes
 while [ $# -gt 0 ] ; do
   case "$1" in
@@ -51,6 +52,10 @@
       do_symlink=no
       ;;
 +	-no_info)
 +	  do_info=no
 +	  ;;
 +
     *)
       break
       ;;
@@ -117,9 +122,7 @@
 CONFIGURE_FILE=${DESTDIR}${CONFIGURE_FILE}
 SYSTEM_ALIASES_FILE=${DESTDIR}${SYSTEM_ALIASES_FILE}
 -if [ "${INFO_DIRECTORY}" != "" ] ; then
 -  INFO_DIRECTORY=${DESTDIR}${INFO_DIRECTORY}
 -fi
 +INFO_DIRECTORY=${DESTDIR}${INFO_DIRECTORY}
 # Overrides of other things
 case "$inst_uid"     in ?*) INST_UID="$inst_uid";; esac
@@ -218,8 +221,7 @@
   if [ $name = exim${EXE} ]; then
     exim="./exim -bV -C /dev/null"
 -    version=exim-`$exim 2>/dev/null | \
 -      awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE}
 +    version=exim
     if [ "${version}" = "exim-${EXE}" ]; then
       echo $com ""
@@ -384,9 +386,8 @@
   echo $com ' ' ${CONFIGURE_FILE}
   echo $com Therefore, skipping automatic installation.
 -elif [ ! -f ${CONFIGURE_FILE} ]; then
 -  echo $com Installing default configuration in ${CONFIGURE_FILE}
 -  echo $com because there is no existing configuration file.
 +else
 +  echo $com Installing default configuration in ${CONFIGURE_FILE}.sample
   if [ "${SYSTEM_ALIASES_FILE}" = "" ] ; then
     SYSTEM_ALIASES_FILE=/etc/aliases
     echo $com This configuration has system aliases in ${SYSTEM_ALIASES_FILE}.
@@ -396,8 +397,8 @@
   ${real} ${MKDIR} -p `${DIRNAME} ${CONFIGURE_FILE}`
   echo sed -e '\\'
 -  echo "  \"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'\"" '\\'
 -  echo "  ../src/configure.default > \${CONFIGURE_FILE}"
 +  echo "  \"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'/etc/aliases'\"" '\\'
 +  echo "  ../src/configure.default > \${CONFIGURE_FILE}.sample"
   # I can't find a way of writing this using the ${real} feature because
   # it seems that the output redirection always happens, even when -n was
@@ -405,8 +406,8 @@
   if [ "$real" = "" ] ; then
     sed -e \
 -      "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'" \
 -      ../src/configure.default > ${CONFIGURE_FILE}
 +      "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'/etc/aliases'" \
 +      ../src/configure.default > ${CONFIGURE_FILE}.sample
   else
     true
   fi
@@ -416,24 +417,22 @@
     echo $com "*** Exim installation ${ver}failed ***"
     exit 1
   fi
 -  if [ ! -f ${SYSTEM_ALIASES_FILE} ]; then
 -    echo $com '****'
 -    echo $com Installing a dummy ${SYSTEM_ALIASES_FILE} file because you do not have
 -    echo $com one, and the default configuration requires it. You should
 -    echo $com edit ${SYSTEM_ALIASES_FILE} and at least create an alias for postmaster.
 -    echo $com '***'
 -    echo ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
 -    ${real} ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
 -  fi
 +#  if [ ! -f ${SYSTEM_ALIASES_FILE} ]; then
 +#    echo $com '****'
 +#    echo $com Installing a dummy ${SYSTEM_ALIASES_FILE} file because you do not have
 +#    echo $com one, and the default configuration requires it. You should
 +#    echo $com edit ${SYSTEM_ALIASES_FILE} and at least create an alias for postmaster.
 +#    echo $com '***'
 +#    echo ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
 +#    ${real} ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
 +#  fi
 -else
 -  echo $com Configuration file ${CONFIGURE_FILE} already exists
 fi
 # Install info files if the directory is defined and the Texinfo
 # source documentation is present.
 -if [ "${INFO_DIRECTORY}" != "" -a -f ../doc/spec.texinfo ] ; then
 +if [ "$do_info" != "no" -a -f ../doc/spec.texinfo ] ; then
   echo $com ""
   if [ ! -d "${INFO_DIRECTORY}" ] ; then
     echo mkdir -p ${INFO_DIRECTORY}
--- a/mail/exim/files/patch-src-lookups-mysql.c
+++ b/mail/exim/files/patch-src-lookups-mysql.c
@ -0,0 +1,10 @@
 --- src/lookups/mysql.c.orig	2017-03-05 00:21:35.000000000 +0300
 +++ src/lookups/mysql.c	2017-08-15 01:12:26.508519000 +0300
@@ -13,6 +13,7 @@
 #include "lf_functions.h"
 #include <mysql.h>       /* The system header */
 +#include <mysql_version.h>
 /* Structure and anchor for caching connections. */
--- a/mail/exim/files/patch-src__EDITME
+++ b/mail/exim/files/patch-src__EDITME
@ -0,0 +1,146 @@
 --- src/EDITME.orig	2025-12-14 13:38:51.000000000 +0100
 +++ src/EDITME	2025-12-18 03:31:28.070641000 +0100
@@ -104,7 +104,7 @@
 # /usr/local/sbin. The installation script will try to create this directory,
 # and any superior directories, if they do not exist.
 -BIN_DIRECTORY=/usr/exim/bin
 +BIN_DIRECTORY=XX_PREFIX_XX/sbin
 #------------------------------------------------------------------------------
@@ -120,7 +120,7 @@
 # don't exist. It will also install a default runtime configuration if this
 # file does not exist.
 -CONFIGURE_FILE=/usr/exim/configure
 +CONFIGURE_FILE=XX_CONFIG_FILE_PATH_XX
 # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
 # In this case, Exim will use the first of them that exists when it is run.
@@ -137,7 +137,7 @@
 # deliveries. (Local deliveries run as various non-root users, typically as the
 # owner of a local mailbox.) Specifying these values as root is not supported.
 -EXIM_USER=
 +EXIM_USER=ref:XX_EXIM_USER_XX
 # If you specify EXIM_USER as a name, this is looked up at build time, and the
 # uid number is built into the binary. However, you can specify that this
@@ -158,7 +158,7 @@
 # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
 # you want to use a group other than the default group for the given user.
 -# EXIM_GROUP=
 +EXIM_GROUP=ref:XX_EXIM_GROUP_XX
 # Many sites define a user called "exim", with an appropriate default group,
 # and use
@@ -476,6 +476,7 @@
 # LDAP_LIB_TYPE=OPENLDAP2
 # LDAP_LIB_TYPE=NETSCAPE
 # LDAP_LIB_TYPE=SOLARIS
 +LDAP_LIB_TYPE=XX_LDAP_TYPE_XX
 # If you don't set any of these, Exim assumes the original University of
 # Michigan (OpenLDAP 1) library.
@@ -524,9 +525,10 @@
 # LSEARCH, DSEARCH & CDB have no external library needs.
 # DNSDB needs the resolver library which the core uses anyway.
 -# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include
 -# LOOKUP_INCLUDE +=-I /usr/local/include
 -# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 -llmdb
 +INCLUDE=-IXX_LOCALBASE_XX/include XX_DB_INCLUDES_XX XX_LMDB_INCLUDES_XX
 +LOOKUP_INCLUDE=XX_MYSQL_INCLUDE_XX XX_PGSQL_INCLUDE_XX XX_LDAP_INCLUDE_XX
 +LOOKUP_LIBS=XX_MYSQL_LIBS_XX XX_PGSQL_LIBS_XX XX_LDAP_LIBS_XX XX_LMDB_LIBS_XX
 +DBMLIB=XX_DB_LIBS_XX
 # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber
 # Some platforms may need this for LOOKUP_NIS:
@@ -715,6 +717,7 @@
 # Uncomment the following line to add XCLIENT support
 # EXPERIMENTAL_XCLIENT=yes
 +# EXPERIMENTAL_DCC=yes
 ###############################################################################
 #                 THESE ARE THINGS YOU MIGHT WANT TO SPECIFY                  #
 ###############################################################################
@@ -809,6 +812,7 @@
 # ALT_CONFIG_PREFIX=/some/directory/
 # ALT_CONFIG_PREFIX=/some/directory/exim.conf-
 +ALT_CONFIG_PREFIX=XX_ALT_CONFIG_PREFIX_XX
 #------------------------------------------------------------------------------
@@ -917,7 +921,7 @@
 # one that is set in the headers_charset option. The default setting is
 # defined by this setting:
 -HEADERS_CHARSET="ISO-8859-1"
 +HEADERS_CHARSET="XX_DEFAULT_CHARSET_XX"
 # If you are going to make use of $header_xxx expansions in your configuration
 # file, or if your users are going to use them in filter files, and the normal
@@ -950,6 +954,8 @@
 #
 # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
 # as well.
 +CFLAGS=XX_CFLAGS_XX XX_SPF_FLAGS_XX XX_SRS_FLAGS_XX XX_SQLITE_FLAGS_XX
 +EXTRALIBS=XX_PAM_LIBS_XX XX_ICONV_LIBS_XX XX_SPF_LIBS_XX XX_SRS_LIBS_XX XX_RADIUS_LIBS_XX XX_SQLITE_LIBS_XX XX_DMARC_LIBS_XX XX_REDIS_LIBS_XX XX_DYNAMIC_LDFLAGS_XX XX_IDN_LIBS_XX
 #
 # nb: FreeBSD as of 4.89 defines LIBICONV_PLUG to pick up the system iconv
 # more reliably.  If you explicitly want the libiconv Port then as well
@@ -1013,7 +1019,7 @@
 # Once you have done this, "make install" will build the info files and
 # install them in the directory you have defined.
 -# INFO_DIRECTORY=/usr/share/info
 +INFO_DIRECTORY=XX_PREFIX_XX/share/info
 #------------------------------------------------------------------------------
@@ -1026,7 +1032,7 @@
 # %s. This will be replaced by one of the strings "main", "panic", or "reject"
 # to form the final file names. Some installations may want something like this:
 -# LOG_FILE_PATH=/var/log/exim_%slog
 +LOG_FILE_PATH=XX_LOG_FILE_PATH_XX
 # which results in files with names /var/log/exim_mainlog, etc. The directory
 # in which the log files are placed must exist; Exim does not try to create
@@ -1114,7 +1120,7 @@
 # that the local_scan API is made available by the linker. You may also need
 # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
 -# EXPAND_DLFUNC=yes
 +EXPAND_DLFUNC=yes
 #------------------------------------------------------------------------------
@@ -1180,7 +1186,15 @@
 # CFLAGS  += -I/usr/local/include
 # LDFLAGS += -lspf2
 +# IPv6 is coming. Exim has experimental support that has been tried out on
 +# one or two OS. See the file README.IPV6 for the current status of this
 +# support. Do not set this option unless you are working on IPv6 and know
 +# what you are doing.
 +# HAVE_IPV6=YES
 +
 +
 +
 #------------------------------------------------------------------------------
 # Support for authentication via Radius is also available. The Exim support,
 # which is intended for use in conjunction with the SMTP AUTH facilities,
@@ -1534,7 +1548,7 @@
 # (process id) to a file so that it can easily be identified. The path of the
 # file can be specified here. Some installations may want something like this:
 -# PID_FILE_PATH=/var/lock/exim.pid
 +PID_FILE_PATH=/var/run/exim.pid
 # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
 # using the name "exim-daemon.pid".
--- a/mail/exim/files/patch-src__configure.default
+++ b/mail/exim/files/patch-src__configure.default
@ -0,0 +1,42 @@
 --- src/configure.default.orig	Wed May  5 12:08:35 2004
 +++ src/configure.default	Wed May  5 15:09:40 2004
@@ -153,6 +153,8 @@
 # as if it were a normal user. This isn't usually a problem, as most sites have
 # an alias for root that redirects such mail to a human administrator.
 +exim_user = XX_EXIM_USER_XX
 +exim_group = XX_EXIM_GROUP_XX
 never_users = root
@@ -412,7 +414,8 @@
   allow_fail
   allow_defer
   data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
 -# user = exim
 +  user = XX_EXIM_USER_XX
 +  group = XX_EXIM_GROUP_XX
   file_transport = address_file
   pipe_transport = address_pipe
@@ -454,6 +457,7 @@
   file_transport = address_file
   pipe_transport = address_pipe
   reply_transport = address_reply
 +  condition = ${if exists{$home/.forward} {yes} {no} }
 # This router matches local user mailboxes. If the router fails, the error
@@ -506,8 +510,10 @@
   delivery_date_add
   envelope_to_add
   return_path_add
 -# group = mail
 -# mode = 0660
 +  group = XX_EXIM_GROUP_XX
 +  user = $local_part
 +  mode = 0660
 +  no_mode_fail_narrower
 # This transport is used for handling pipe deliveries generated by alias or
--- a/mail/exim/files/patch-src_miscmods_radius.c
+++ b/mail/exim/files/patch-src_miscmods_radius.c
@ -0,0 +1,92 @@
 --- src/miscmods/radius.c.orig	2025-12-18 03:23:48.333630000 +0100
 +++ src/miscmods/radius.c	2025-12-18 03:28:22.528909000 +0100
@@ -104,37 +104,37 @@
 #ifdef RADIUS_LIB_RADIUSCLIENT
 if (rc_read_config(RADIUS_CONFIG_FILE) != 0)
 -  *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
 +  *errptr = string_sprintf("%s","RADIUS: can't open %s", RADIUS_CONFIG_FILE);
 else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0)
 -  *errptr = US"RADIUS: can't read dictionary";
 +  *errptr = string_sprintf("%","RADIUS: can't read dictionary");
 else if (!rc_avpair_add(&send, PW_USER_NAME, user, 0))
 -  *errptr = US"RADIUS: add user name failed";
 +  *errptr = string_sprintf("%","RADIUS: add user name failed");
 else if (!rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0))
 -  *errptr = US"RADIUS: add password failed");
 +  *errptr = string_sprintf("%","RADIUS: add password failed");
 else if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0))
 -  *errptr = US"RADIUS: add service type failed";
 +  *errptr = string_sprintf("%","RADIUS: add service type failed");
 #else  /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */
 if (!(h = rc_read_config(RADIUS_CONFIG_FILE)))
 -  *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE);
 +  *errptr = string_sprintf("%","RADIUS: can't open %s", RADIUS_CONFIG_FILE);
 else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0)
 -  *errptr = US"RADIUS: can't read dictionary";
 +  *errptr = string_sprintf("%","RADIUS: can't read dictionary");
 else if (!rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0))
 -  *errptr = US"RADIUS: add user name failed";
 +  *errptr = string_sprintf("%","RADIUS: add user name failed");
 else if (!rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args,
     Ustrlen(radius_args), 0))
 -  *errptr = US"RADIUS: add password failed";
 +  *errptr = string_sprintf("%","RADIUS: add password failed");
 else if (!rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0))
 -  *errptr = US"RADIUS: add service type failed";
 +  *errptr = string_sprintf("%","RADIUS: add service type failed");
 #endif  /* RADIUS_LIB_RADIUSCLIENT */
@@ -167,7 +167,7 @@
   case BADRESP_RC:
   default:
 -    *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
 +    *errptr = string_sprintf("%s","RADIUS: unexpected response (%d)", result);
     return ERROR;
   }
@@ -177,7 +177,7 @@
 if (!(h = rad_auth_open()))
   {
 -  *errptr = string_sprintf("RADIUS: can't initialise libradius");
 +  *errptr = string_sprintf("%s","RADIUS: can't initialise libradius");
   return ERROR;
   }
 if (rad_config(h, RADIUS_CONFIG_FILE) != 0 ||
@@ -187,7 +187,7 @@
     rad_put_int(h, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) != 0 ||
     rad_put_string(h, RAD_NAS_IDENTIFIER, CS primary_hostname) != 0)
   {
 -  *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
 +  *errptr = string_sprintf("%s","RADIUS: %s", rad_strerror(h));
   result = ERROR;
   }
 else
@@ -202,12 +202,12 @@
       break;
     case -1:
 -      *errptr = string_sprintf("RADIUS: %s", rad_strerror(h));
 +      *errptr = string_sprintf("%s","RADIUS: %s", rad_strerror(h));
       result = ERROR;
       break;
     default:
 -      *errptr = string_sprintf("RADIUS: unexpected response (%d)", result);
 +      *errptr = string_sprintf("%s","RADIUS: unexpected response (%d)", result);
       result= ERROR;
       break;
     }
--- a/mail/exim/files/patch-sys-file-include
+++ b/mail/exim/files/patch-sys-file-include
@ -0,0 +1,20 @@
 --- src/exim.h.orig	2017-02-14 19:13:41.381402389 +0200
 +++ src/exim.h	2017-02-14 19:13:53.330916377 +0200
@@ -129,7 +129,6 @@
 #endif
 #include <sys/types.h>
 -#include <sys/file.h>
 #include <dirent.h>
 #include <netdb.h>
 #ifndef NO_POLL_H
 --- src/exim_lock.c.orig	2017-02-14 19:21:09.709389008 +0200
 +++ src/exim_lock.c	2017-02-14 19:21:23.994407794 +0200
@@ -27,7 +27,6 @@
 #include <utime.h>
 #include <sys/utsname.h>
 #include <sys/stat.h>
 -#include <sys/file.h>
 #include <pwd.h>
 /* Not all systems have flock() available. Those that do must define LOCK_SH
--- a/mail/exim/options
+++ b/mail/exim/options
@ -0,0 +1,132 @@
 OPTIONS_DEFINE+=	ALT_CONFIG_PREFIX \
 			CONTENT_SCAN \
 			DAEMON \
 			DANE \
 			DEBUG \
 			DISABLE_D_OPT \
 			DKIM \
 			SPF \
 			DNSSEC \
 			DOCS \
 			EMBEDDED_PERL \
 			EXIMON \
 			ICONV \
 			IPV6 \
 			LISTMATCH_RHS \
 			LMTP \
 			OCSP \
 			PRDR \
 			READLINE \
 			SUID \
 			WISHLIST \
 			EVENT \
 			PROXY \
 			SOCKS \
 			INTERNATIONAL
 OPTIONS_DEFAULT+=	AUTH_CRAM_MD5 \
 			AUTH_DOVECOT \
 			AUTH_PLAINTEXT \
 			AUTH_SPA \
 			CDB \
 			CONTENT_SCAN \
 			DAEMON \
 			DISABLE_D_OPT \
 			DKIM \
 			DMARC \
 			DNSDB \
 			DNSSEC \
 			DSEARCH \
 			EMBEDDED_PERL \
 			EVENT \
 			ICONV \
 			INTERNATIONAL \
 			LMTP \
 			LSEARCH \
 			MAILDIR \
 			MAILSTORE \
 			MBX \
 			OCSP \
 			PAM \
 			PASSWD \
 			PRDR \
 			SPF \
 			SUID \
 			TLS
 OPTIONS_RADIO_TLS=	TLS GNUTLS
 TLS_DESC=	TLS support
 OPTIONS_RADIO_LS=	SA_EXIM
 LS_DESC=	Local scan patch
 OPTIONS_RADIO_SRSR=	SRS OLD_SRS
 SRSR_DESC=	Sender Rewriting Scheme
 OLD_SRS_DESC=	Enable Alternative Sender Rewriting Scheme
 OPTIONS_RADIO=	TLS LS SRSR
 OPTIONS_GROUP_AUTH=	AUTH_CRAM_MD5 AUTH_DOVECOT AUTH_PLAINTEXT AUTH_RADIUS AUTH_SASL AUTH_SPA AUTH_TLS SASLAUTHD PAM PASSWD
 AUTH_DESC=	SMTP Authorization
 OPTIONS_GROUP_LOOKUP=	CDB BDB DNSDB DSEARCH LSEARCH MYSQL NIS OPENLDAP PGSQL REDIS SQLITE
 LOOKUP_DESC=	Lookup support
 OPTIONS_GROUP_STORAGE=	MAILDIR MAILSTORE MBX
 STORAGE_DESC=	Supported storage formats
 OPTIONS_GROUP_EXPERIMENTAL= CERTNAMES DCC DMARC DSN ARC LMDB QUEUEFILE
 EXPERIMENTAL_DESC=	Experimental options
 OPTIONS_GROUP=	AUTH LOOKUP STORAGE EXPERIMENTAL
 ALT_CONFIG_PREFIX_DESC=	Restrict the set of configuration files
 ARC_DESC=		Enable experimental ARC support
 AUTH_CRAM_MD5_DESC=	Enable CRAM-MD5 authentication mechanisms
 AUTH_DOVECOT_DESC=	Enable Dovecot authentication mechanisms
 AUTH_PLAINTEXT_DESC=	Enable plaintext authentication
 AUTH_RADIUS_DESC=	Enable radius (RFC 2865) authentication
 AUTH_SASL_DESC=		Enable use of Cyrus SASL auth library
 AUTH_SPA_DESC=		Enable Secure Password Authentication
 AUTH_TLS_DESC=		Enable TLS client certificate authentication
 CERTNAMES_DESC=		Check certiticates ownership
 BDB_DESC=		Enable Berkeley DB lookups
 CDB_DESC=		Enable CDB-style lookups
 CONTENT_SCAN_DESC=	Enable exiscan email content scanner
 DAEMON_DESC=		Install scripts to run as a daemon
 DANE_DESC=		Enable experimental DANE support
 DCC_DESC=		Enable DCC at ACL support via dccifd
 DISABLE_D_OPT_DESC=	Disable macros overrides using option -D
 DKIM_DESC=		Enable support for DKIM
 DMARC_DESC=		Enable DMARC support
 DNSDB_DESC=		Enable DNS-style lookups
 DNSSEC_DESC=	Enable DNSSEC validation
 DSEARCH_DESC=		Enable directory-list lookups
 DSN_DESC=		Enable Delivery Status Notifications
 EMBEDDED_PERL_DESC=	Enable embedded Perl interpreter
 EVENT_DESC=		Messages events support (TPDA namely)
 EXIMON_DESC=		Build eximon monitor (requires X libraries)
 ICONV_DESC=		Enable header charset conversion
 INTERNATIONAL_DESC=	Enable support for the transmission of UTF-8 envelope addresses
 LISTMATCH_RHS_DESC=	Enable pre-4.77 behaviour for match_*
 LMDB_DESC=		Enable LMDB lookups
 LMTP_DESC=		RFC2033 SMTP over command pipe transport
 LSEARCH_DESC=		Enable wildcarded-file lookups
 MAILDIR_DESC=		Enable Maildir mailbox format
 MAILSTORE_DESC=		Enable Mailstore mailbox format
 MBX_DESC=		Enable MBX mailbox format
 MYSQL_DESC=		Enable mysql lookups
 NIS_DESC=		Enable NIS-style lookups
 OPENLDAP_DESC=		Enable LDAP lookups
 OCSP_DESC=		Enable OCSP stapling
 QUEUEFILE_DESC=		Enable queuefile transport
 PAM_DESC=		Enable PAM authentication mechanisms
 PASSWD_DESC=		Enable /etc/passwd lookups
 PGSQL_DESC=		Enable postgresql lookups
 PRDR_DESC=		Enable Per-Recipient-Data-Response support
 PROXY_DESC=		Enable Experimental Proxy Protocol
 READLINE_DESC=		Enable readline(3) library
 REDIS_DESC=		Enable redis lookups
 SASLAUTHD_DESC=		Enable use of Cyrus SASL auth daemon
 SA_EXIM_DESC=		Build with Spamassassin local scan (BROKEN)
 SOCKS_DESC=		Enable smtp transport via socks5 proxies
 SPF_DESC=		Enable Sender Policy Framework checking
 SQLITE_DESC=		Enable SQLite lookups
 SRS_DESC=		Enable Sender Rewriting Scheme
 SUID_DESC=		Install the exim binary suid root
 TAINTWARN_DESC=		Allow insecure tainted data (pre-4.93 config style, deprecated)
 GNUTLS_DESC=		Use GnuTLS instead of OpenSSL for TLS
 WISHLIST_DESC=		Include the unsupported patches
--- a/mail/exim/pkg-descr
+++ b/mail/exim/pkg-descr
@ -0,0 +1,7 @@
 Exim is a mail transfer agent for Unix systems connected to the Internet.
 It is a monolithic MTA designed to be a command line compatible drop-in
 replacement for Sendmail.
 Exim is an excellent mailer for an ISP, as its control and flexibility
 are very good and its requeueing and retry algorithms are very powerful.
 Exim's configuration syntax is well documented.
--- a/mail/exim/pkg-message
+++ b/mail/exim/pkg-message
@ -0,0 +1,57 @@
 [
 { type: install
  message: <<EOM
 All installations having Exim set-uid root and using 'perl_startup' are
 vulnerable to a local privilege escalation. Any user who can start an
 instance of Exim (and this is normally *any* user) can gain root
 privileges. If you do not use 'perl_startup' you *should* be safe.
 New options
 -----------
 We had to introduce two new configuration options:
    keep_environment =
    add_environment =
 Both options are empty per default. That is, Exim cleans the complete
 environment on startup. This affects Exim itself and any subprocesses,
 as transports, that may call other programs via some alias mechanisms,
 as routers (queryprogram), lookups, and so on. This may affect used
 libraries (e.g. LDAP).
 ** THIS MAY BREAK your existing installation **
 New behaviour
 -------------
 Now Exim changes it's working directory to / right after startup,
 even before reading it's configuration. (Later Exim changes it's working
 directory to $spool_directory, as usual.)
 Exim only accepts an absolute configuration file path now, when using
 the -C option.
 EOM
 }
 { type: upgrade
  maximum_version: 4.80
  message: <<EOM
 Upgrades to Exim 4.80
 =====================
 Exim 4.80 contains some backward-incompatible changes.
 OpenSSL default options have changed to be more secure, including
 disabling of SSLv2 by default (and adding support for TLSv1.1 and
 TLSv1.2 if using OpenSSL 1.0.1 or newer); GnuTLS has been updated to use
 a new API and stop honouring some options starting gnutls_*; users of
 LDAP can now distinguish "comma in data" from "multi-valued attribute".
 There are more details, covering more changes, in README.UPDATING.
 We now enable accept_8bitmime by default, as the Exim maintainers agree
 with Dan Bernstein about the best way to deal with the 8BITMIME
 extension.
 EOM
 }
 ]
--- a/mail/exim/pkg-plist
+++ b/mail/exim/pkg-plist
@ -0,0 +1,43 @@
 %%SUID%%@mode 4755
 %%EXIM%%sbin/exim
 %%SUID%%@mode
 %%EXIM%%sbin/exim_checkaccess
 %%EXIM%%sbin/exim_dbmbuild
 %%EXIM%%sbin/exim_dumpdb
 %%EXIM%%sbin/exim_fixdb
 %%EXIM%%sbin/exim_id_update
 %%EXIM%%sbin/exim_lock
 %%EXIM%%sbin/exim_msgdate
 %%EXIM%%sbin/exim_tidydb
 %%EXIM%%sbin/exicyclog
 %%EXIM%%sbin/exigrep
 %%EXIM%%sbin/eximstats
 %%EXIM%%sbin/exinext
 %%EXIM%%sbin/exipick
 %%EXIM%%sbin/exiqgrep
 %%EXIM%%sbin/exiqsumm
 %%EXIM%%sbin/exiwhat
 %%EXIM%%share/man/man8/exim.8.gz
 %%EXIMON%%sbin/eximon
 %%EXIMON%%sbin/eximon.bin
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/ACKNOWLEDGMENTS
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/NOTICE
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/README.UPDATING
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/DANE-draft-notes
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/NewStuff
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/OptionLists.txt
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/POST-INSTALL-NOTES
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/POST-INSTALL-NOTES.clamd
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/README
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/README.SIEVE
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/dbm.discuss.txt
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/experimental-spec.txt
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/filter.txt
 %%EXIM%%%%PORTDOCS%%%%DOCSDIR%%/spec.txt
 %%EXIM%%%%PORTDOCS%%%%EXAMPLESDIR%%/transport-filter.pl
 %%EXIMDAEMON%%etc/periodic/daily/150.exim-tidydb
 %%EXIMDAEMON%%etc/periodic/daily/460.exim-mail-rejects
@sample %%ETCDIR%%/configure.sample
 %%SA_EXIM%%@sample %%ETCDIR%%/sa-exim.conf.sample
 %%EXIM%%@dir(%%EXIM_USER%%,%%EXIM_GROUP%%,) /%%LOGDIR%%
--- a/math/blis/Makefile
+++ b/math/blis/Makefile
@ -1,74 +0,0 @@
 PORTNAME=	blis
 PORTVERSION=	0.9.0
 PORTREVISION=	3
 CATEGORIES=	math
 PKGNAMEPREFIX=	${PYHON_PKGNAMEPREFIX}
 MAINTAINER=	jmd@FreeBSD.org
 COMMENT=	Software framework for high-performance BLAS-like libraries
 WWW=		https://github.com/flame/blis
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/LICENSE
 BUILD_DEPENDS=	bash:shells/bash
 USES=		compiler gmake perl5 python shebangfix
 USE_PYTHON=	flavors
 USE_GITHUB=	yes
 GH_ACCOUNT=	flame
 USE_LDCONFIG=	yes
 USE_PERL5=	build
 SHEBANG_FILES=	build/flatten-headers.py
 OPTIONS_DEFINE=	PARA CBLAS
 PARA_DESC=	use pthread parallelization
 CBLAS_DESC=	build the CBLAS compatibility layer
 OPTIONS_DEFAULT=	PARA CBLAS
 OPTIONS_SUB=		yes
 CFLAGS_riscv64=	-mno-relax
 HAS_CONFIGURE=	yes
 TEST_TARGET=	test
 .include <bsd.port.options.mk>
 # enable BLAS and static/shared libs by default
 CONFIGURE_ARGS+=	--enable-blas \
 			--prefix=${PREFIX} \
 			--enable-shared \
 			--enable-static
 #--prefix=PREFIX
 .if ${PORT_OPTIONS:MPARA}
 CONFIGURE_ARGS+=	-t pthreads
 .endif
 .if ${PORT_OPTIONS:MCBLAS}
 CONFIGURE_ARGS+=	--enable-cblas
 .endif
 .if ${ARCH} == amd64
 CONFIGURE_ARGS+=	x86_64
 PLIST_SUB+=	ARCH="x86_64"
 .elif ${ARCH:Mpowerpc64*}
 CONFIGURE_ARGS+=	power9
 PLIST_SUB+=	ARCH="power9"
 USE_GCC=	yes
 .else
 CONFIGURE_ARGS+=	generic
 PLIST_SUB+=	ARCH="generic"
 .endif
 .include <bsd.port.pre.mk>
 .if ${CHOSEN_COMPILER_TYPE} == gcc
 USE_GCC=	yes
 .endif
 post-install:
 	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libblis.so.4.0.0
 .include <bsd.port.post.mk>
--- a/math/blis/distinfo
+++ b/math/blis/distinfo
@ -1,3 +0,0 @@
 TIMESTAMP = 1672884949
 SHA256 (flame-blis-0.9.0_GH0.tar.gz) = 1135f664be7355427b91025075562805cdc6cc730d3173f83533b2c5dcc2f308
 SIZE (flame-blis-0.9.0_GH0.tar.gz) = 15078619
--- a/math/blis/pkg-descr
+++ b/math/blis/pkg-descr
@ -1,7 +0,0 @@
 software framework for high-performance BLAS-like libraries
 BLIS is a portable software framework for instantiating high-performance
 BLAS-like dense linear algebra libraries. The framework was designed
 to isolate essential kernels of computation that, when optimized,
 immediately enable optimized implementations of most of its commonly
 used and computationally intensive operations.
--- a/math/blis/pkg-plist
+++ b/math/blis/pkg-plist
@ -1,10 +0,0 @@
 include/blis/blis.h
 %%CBLAS%%include/blis/cblas.h
 lib/libblis.a
 lib/libblis.so
 lib/libblis.so.4
 lib/libblis.so.4.0.0
 share/pkgconfig/blis.pc
 %%DATADIR%%/common.mk
 %%DATADIR%%/config.mk
 %%DATADIR%%/config/%%ARCH%%/make_defs.mk
--- a/net/freeipa-client/Makefile
+++ b/net/freeipa-client/Makefile
@ -0,0 +1,54 @@
 PORTNAME=	freeipa-client
 DISTVERSION=	4.13.0
 CATEGORIES=	net
 MASTER_SITES=	https://releases.pagure.org/freeipa/
 DISTNAME=	freeipa-${DISTVERSION}
 MAINTAINER=	kiwi@FreeBSD.org
 COMMENT=	FreeIPA Client tools
 WWW=		https://www.freeipa.org/
 LICENSE=	GPLv3+
 LICENSE_FILE=	${WRKSRC}/COPYING
 BUILD_DEPENDS=	${PY_SETUPTOOLS} \
 		${PYTHON_PKGNAMEPREFIX}pip>0:devel/py-pip@${PY_FLAVOR}
 LIB_DEPENDS=	libcmocka.so:sysutils/cmocka \
 		libcurl.so:ftp/curl \
 		libini_config.so:devel/ding-libs \
 		libjansson.so:devel/jansson \
 		libnspr4.so:devel/nspr \
 		libnss3.so:security/nss \
 		libpopt.so:devel/popt \
 		libpwquality.so:security/libpwquality \
 		libsasl2.so:security/cyrus-sasl2 \
 		libxmlrpc.so:net/xmlrpc-c
 USES=		autoreconf gettext gmake gssapi:mit ldap libtool \
 		localbase:ldflags pkgconfig python
 GNU_CONFIGURE=	yes
 GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
 CONFIGURE_ARGS=	--disable-dependency-tracking \
 		--disable-server \
 		--with-ipaplatform=freebsd \
 		--without-ipatests \
 		--without-server
 # Don't bytecode python files
 MAKE_ENV=	PYTHONDONTWRITEBYTECODE=1
 # Remove all systemd dependant things
 EXTRACT_AFTER_ARGS=	--exclude client/systemd --exclude daemons/dnssec \
 			--exclude daemons/ipa-otpd --exclude \
 			daemons/ipa-slapi-plugins --exclude init/systemd \
 			--exclude init/tmpfilesd
 PLIST_SUB=	DISTVERSION=${DISTVERSION}
 # Make sample configuration file
 post-install:
 	@${MV} ${STAGEDIR}${PREFIX}/etc/ipa/epn.conf ${STAGEDIR}${PREFIX}/etc/ipa/epn.conf.sample
 .include <bsd.port.mk>
--- a/net/freeipa-client/distinfo
+++ b/net/freeipa-client/distinfo
@ -0,0 +1,3 @@
 TIMESTAMP = 1767596852
 SHA256 (freeipa-4.13.0.tar.gz) = e2fe3bec07d258ae25a558c23d4c12e7a47874f269850856f9217e8fd9b19080
 SIZE (freeipa-4.13.0.tar.gz) = 41442218
--- a/net/freeipa-client/files/patch-asn1_asn1c_INTEGER.c
+++ b/net/freeipa-client/files/patch-asn1_asn1c_INTEGER.c
@ -0,0 +1,10 @@
 --- asn1/asn1c/INTEGER.c.orig	2024-08-21 15:06:37 UTC
 +++ asn1/asn1c/INTEGER.c
@@ -7,6 +7,7 @@
 #include <INTEGER.h>
 #include <asn_codecs_prim.h>	/* Encoder and decoder of a primitive type */
 #include <errno.h>
 +#include <stdlib.h>
 /*
  * INTEGER basic type description.
--- a/net/freeipa-client/files/patch-asn1_asn1c_Makefile.am
+++ b/net/freeipa-client/files/patch-asn1_asn1c_Makefile.am
@ -0,0 +1,11 @@
 --- asn1/asn1c/Makefile.am.orig	2021-11-25 17:34:42 UTC
 +++ asn1/asn1c/Makefile.am
@@ -70,7 +70,7 @@ libasn1c_la_SOURCES =		\
 EXTRA_DIST = ipa.asn1
 -AM_CPPFLAGS = -I$(top_srcdir)/util
 +AM_CPPFLAGS = -I$(top_srcdir)/util -D_GNU_SOURCE
 noinst_LTLIBRARIES=libasn1c.la
--- a/net/freeipa-client/files/patch-asn1_asn1c_NativeEnumerated.c
+++ b/net/freeipa-client/files/patch-asn1_asn1c_NativeEnumerated.c
@ -0,0 +1,10 @@
 --- asn1/asn1c/NativeEnumerated.c.orig	2024-08-21 15:06:37 UTC
 +++ asn1/asn1c/NativeEnumerated.c
@@ -11,6 +11,7 @@
  */
 #include <asn_internal.h>
 #include <NativeEnumerated.h>
 +#include <stdlib.h>
 /*
  * NativeEnumerated basic type description.
--- a/net/freeipa-client/files/patch-asn1_asn1c_der__encoder.c
+++ b/net/freeipa-client/files/patch-asn1_asn1c_der__encoder.c
@ -0,0 +1,10 @@
 --- asn1/asn1c/der_encoder.c.orig	2024-08-21 15:06:37 UTC
 +++ asn1/asn1c/der_encoder.c
@@ -4,6 +4,7 @@
  */
 #include <asn_internal.h>
 #include <errno.h>
 +#include <stdlib.h>
 static ssize_t der_write_TL(ber_tlv_tag_t tag, ber_tlv_len_t len,
 	asn_app_consume_bytes_f *cb, void *app_key, int constructed);
--- a/net/freeipa-client/files/patch-client_Makefile.am
+++ b/net/freeipa-client/files/patch-client_Makefile.am
@ -0,0 +1,11 @@
 --- client/Makefile.am.orig	2024-08-21 15:06:37 UTC
 +++ client/Makefile.am
@@ -94,8 +94,6 @@ SUBDIRS =			\
 SUBDIRS =			\
 	share		        \
 	man			\
 -	sysconfig	        \
 -	systemd			\
 	$(NULL)
 #       init                    
--- a/net/freeipa-client/files/patch-client_ipa-getkeytab.c
+++ b/net/freeipa-client/files/patch-client_ipa-getkeytab.c
@ -0,0 +1,16 @@
 --- client/ipa-getkeytab.c.orig	2023-08-21 14:29:00 UTC
 +++ client/ipa-getkeytab.c
@@ -34,6 +34,13 @@
 #include <time.h>
 #include <krb5.h>
 #include <ldap.h>
 +typedef unsigned char   u_char;
 +typedef unsigned short  u_short;
 +typedef unsigned int    u_int;
 +typedef unsigned long   u_long;
 +#include <sys/types.h>
 +#include <netinet/in.h>
 +#include <arpa/nameser.h>
 #include <resolv.h>
 #include <sasl/sasl.h>
 #include <popt.h>
--- a/net/freeipa-client/files/patch-configure.ac
+++ b/net/freeipa-client/files/patch-configure.ac
@ -0,0 +1,112 @@
 --- configure.ac.orig	2024-08-21 15:06:37 UTC
 +++ configure.ac
@@ -25,9 +25,12 @@ dnl fail hard when includes statements are missing
 dnl Enable features like strndup()
 CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200809L"
 dnl fail hard when includes statements are missing
 -CFLAGS="$CFLAGS -Werror=implicit-function-declaration"
 +dnl Removing this failing hard because on implicit declaration of 
 +dnl alloca() used several plaice in the code.
 +dnl CFLAGS="$CFLAGS -Werror=implicit-function-declaration"
 AC_PROG_CC_C99
 +AC_GNU_SOURCE
 AC_DISABLE_STATIC
 LT_INIT
@@ -211,14 +214,7 @@ SAVE_LIBS="$LIBS"
 dnl - Check for libintl
 dnl ---------------------------------------------------------------------------
 SAVE_LIBS="$LIBS"
 -LIBINTL_LIBS=
 -AC_CHECK_HEADER(libintl.h, [], [AC_MSG_ERROR([libintl.h not found, please install xgettext])])
 -AC_SEARCH_LIBS([bindtextdomain], [libintl],[], [])
 -if test "x$ac_cv_search_bindtextdomain" = "xno" ; then
 -  AC_MSG_ERROR([libintl is not found and your libc does not support gettext, please install xgettext])
 -elif test "x$ac_cv_search_bindtextdomain" != "xnone required" ; then
 -  LIBINTL_LIBS="$ac_cv_search_bindtextdomain"
 -fi
 +LIBINTL_LIBS="-lintl"
 LIBS="$SAVELIBS"
 AC_SUBST(LIBINTL_LIBS)
@@ -249,39 +245,13 @@ dnl --------------------------------------------------
 AC_SUBST([runstatedir])
 dnl ---------------------------------------------------------------------------
 -dnl - Check for systemd directories
 -dnl ---------------------------------------------------------------------------
 -
 -PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])])
 -AC_ARG_WITH([systemdsystemunitdir],
 -            AS_HELP_STRING([--with-systemdsystemunitdir=DIR],
 -               [Directory for systemd service files]),
 -            [systemdsystemunitdir=$with_systemdsystemunitdir],
 -        [systemdsystemunitdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=systemdsystemunitdir systemd)])
 -AC_SUBST([systemdsystemunitdir])
 -
 -AC_ARG_WITH([systemdtmpfilesdir],
 -            AS_HELP_STRING([--with-systemdtmpfilesdir=DIR],
 -               [Directory for systemd-tmpfiles configuration files]),
 -            [systemdtmpfilesdir=$with_systemdtmpfilesdir],
 -        [systemdtmpfilesdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=tmpfilesdir systemd)])
 -AC_SUBST([systemdtmpfilesdir])
 -
 -AC_ARG_WITH([systemdcatalogdir],
 -            AS_HELP_STRING([--with-systemdcatalogdir=DIR],
 -               [Directory for systemd journal catalog files]),
 -            [systemdcatalogdir=$with_systemdcatalogdir],
 -        [systemdcatalogdir=$($PKG_CONFIG --define-variable=prefix='${prefix}' --variable=catalogdir systemd)])
 -AC_SUBST([systemdcatalogdir])
 -
 -dnl ---------------------------------------------------------------------------
 dnl - Server-only configuration
 dnl ---------------------------------------------------------------------------
 -AM_COND_IF([ENABLE_SERVER], [
 -    m4_include(server.m4)
 -])
 -AM_CONDITIONAL([USE_SSS_NSS_TIMEOUT], [test "x$ac_cv_have_decl_sss_nss_getpwnam_timeout" = xyes])
 +dnl AM_COND_IF([ENABLE_SERVER], [
 +dnl     m4_include(server.m4)
 +dnl ])
 +dnl AM_CONDITIONAL([USE_SSS_NSS_TIMEOUT], [test "x$ac_cv_have_decl_sss_nss_getpwnam_timeout" = xyes])
 dnl ---------------------------------------------------------------------------
 dnl - Check if IPA certauth plugin can be build
@@ -625,35 +595,11 @@ AC_CONFIG_FILES([
     client/Makefile
     client/share/Makefile
     client/man/Makefile
 -    client/sysconfig/Makefile
 -    client/systemd/Makefile
     contrib/completion/Makefile
     contrib/Makefile
 -    daemons/dnssec/Makefile
     daemons/Makefile
     daemons/ipa-kdb/Makefile
     daemons/ipa-sam/Makefile
 -    daemons/ipa-otpd/Makefile
 -    daemons/ipa-slapi-plugins/Makefile
 -    daemons/ipa-slapi-plugins/libotp/Makefile
 -    daemons/ipa-slapi-plugins/ipa-cldap/Makefile
 -    daemons/ipa-slapi-plugins/ipa-dns/Makefile
 -    daemons/ipa-slapi-plugins/ipa-enrollment/Makefile
 -    daemons/ipa-slapi-plugins/ipa-graceperiod/Makefile
 -    daemons/ipa-slapi-plugins/ipa-lockout/Makefile
 -    daemons/ipa-slapi-plugins/ipa-otp-counter/Makefile
 -    daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile
 -    daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile
 -    daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile
 -    daemons/ipa-slapi-plugins/ipa-winsync/Makefile
 -    daemons/ipa-slapi-plugins/ipa-version/Makefile
 -    daemons/ipa-slapi-plugins/ipa-uuid/Makefile
 -    daemons/ipa-slapi-plugins/ipa-modrdn/Makefile
 -    daemons/ipa-slapi-plugins/ipa-sidgen/Makefile
 -    daemons/ipa-slapi-plugins/ipa-range-check/Makefile
 -    daemons/ipa-slapi-plugins/topology/Makefile
 -    init/systemd/Makefile
 -    init/tmpfilesd/Makefile
     init/Makefile
     install/Makefile
     install/certmonger/Makefile
--- a/net/freeipa-client/files/patch-daemons_Makefile.am
+++ b/net/freeipa-client/files/patch-daemons_Makefile.am
@ -0,0 +1,14 @@
 --- daemons/Makefile.am.orig	2023-08-21 16:29:00.040643147 +0200
 +++ daemons/Makefile.am	2023-10-24 17:56:44.164932000 +0200
@@ -9,11 +9,8 @@
 SUBDIRS =			\
 	.			\
 -	dnssec			\
 	ipa-kdb			\
 -	ipa-slapi-plugins	\
 	ipa-sam			\
 -	ipa-otpd		\
 	$(NULL)
 ipa-version.h: ipa-version.h.in $(top_builddir)/$(CONFIG_STATUS)
--- a/net/freeipa-client/files/patch-init_Makefile.am
+++ b/net/freeipa-client/files/patch-init_Makefile.am
@ -0,0 +1,11 @@
 --- init/Makefile.am.orig	2023-10-24 17:29:14.662539000 +0200
 +++ init/Makefile.am	2023-10-24 17:29:28.779983000 +0200
@@ -2,7 +2,7 @@
 #
 AUTOMAKE_OPTIONS = 1.7
 -SUBDIRS = systemd tmpfilesd
 +#SUBDIRS = systemd tmpfilesd
 dist_sysconfenv_DATA = 		\
 	ipa-dnskeysyncd		\
--- a/net/freeipa-client/files/patch-ipaplatform_freebsd_init.py
+++ b/net/freeipa-client/files/patch-ipaplatform_freebsd_init.py
@ -0,0 +1,4 @@
 --- /dev/null	2023-10-25 10:42:48.658581000 +0200
 +++ ipaplatform/freebsd/__init__.py	2023-10-25 10:42:03.380066000 +0200
@@ -0,0 +1 @@
 +NAME = 'freebsd'
--- a/net/freeipa-client/files/patch-ipaplatform_setup.py
+++ b/net/freeipa-client/files/patch-ipaplatform_setup.py
@ -0,0 +1,10 @@
 --- ipaplatform/setup.py.orig	2023-10-03 12:48:36 UTC
 +++ ipaplatform/setup.py
@@ -37,6 +37,7 @@ if __name__ == '__main__':
             "ipaplatform.debian",
             "ipaplatform.fedora",
             "ipaplatform.fedora_container",
 +            "ipaplatform.freebsd",
             "ipaplatform.nixos",
             "ipaplatform.redhat",
             "ipaplatform.rhel",
--- a/net/freeipa-client/files/patch-util_ipa__krb5.c
+++ b/net/freeipa-client/files/patch-util_ipa__krb5.c
@ -0,0 +1,10 @@
 --- util/ipa_krb5.c.orig	2021-11-25 17:34:42 UTC
 +++ util/ipa_krb5.c
@@ -25,6 +25,7 @@
 #include <errno.h>
 #include <lber.h>
 #include <errno.h>
 +#include <sys/endian.h>
 #include <libintl.h>
 #define _(STRING) gettext(STRING)
--- a/net/freeipa-client/pkg-descr
+++ b/net/freeipa-client/pkg-descr
@ -0,0 +1,2 @@
 FreeIPA is a free and open source identity management system. This
 package provides its command-line administration tools.
--- a/net/freeipa-client/pkg-plist
+++ b/net/freeipa-client/pkg-plist
@ -0,0 +1,446 @@
 bin/ipa
 etc/bash_completion.d/ipa
@sample etc/ipa/epn.conf.sample
 etc/ipa/epn/expire_msg.template
 %%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO
 %%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt
 %%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt
 %%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/entry_points.txt
 %%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/not-zip-safe
 %%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/requires.txt
 %%PYTHON_SITELIBDIR%%/ipaclient-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt
 %%PYTHON_SITELIBDIR%%/ipaclient/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/__main__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/discovery.py
 %%PYTHON_SITELIBDIR%%/ipaclient/frontend.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/automount.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/client.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_certupdate.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_client_automount.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_client_install.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_client_samba.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/ipa_epn.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/ipachangeconf.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/ipadiscovery.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/sssd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install/timeconf.py
 %%PYTHON_SITELIBDIR%%/ipaclient/install_files.txt
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/automember.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/automount.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/baseuser.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/ca.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/cert.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/certmap.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/certprofile.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/dns.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/hbacrule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/hbactest.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/host.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/idrange.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/internal.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/location.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/migration.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/misc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/otptoken.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/otptoken_yubikey.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/passwd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/permission.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/rpcclient.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/server.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/service.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/stageuser.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/sudorule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/topology.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/trust.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/user.py
 %%PYTHON_SITELIBDIR%%/ipaclient/plugins/vault.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/aci.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/automember.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/automount.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/batch.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/cert.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/config.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/delegation.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/dns.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/group.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hbacrule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hbacsvc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hbacsvcgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hbactest.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/host.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/hostgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/idrange.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/idviews.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/internal.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/join.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/krbtpolicy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/migration.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/misc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/netgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/otpconfig.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/otptoken.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/otptoken_yubikey.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/passwd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/permission.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/ping.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/pkinit.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/privilege.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/pwpolicy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/radiusproxy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/realmdomains.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/role.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/selfservice.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/selinuxusermap.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/service.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/session.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/sudocmd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/sudocmdgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/sudorule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/trust.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_114/user.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/aci.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/automember.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/automount.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/batch.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/caacl.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/cert.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/certprofile.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/config.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/delegation.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/dns.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/domainlevel.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/group.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hbacrule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hbacsvc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hbacsvcgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hbactest.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/host.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/hostgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/idrange.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/idviews.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/internal.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/join.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/krbtpolicy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/migration.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/misc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/netgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/otpconfig.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/otptoken.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/otptoken_yubikey.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/passwd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/permission.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/ping.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/pkinit.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/privilege.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/pwpolicy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/radiusproxy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/realmdomains.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/role.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/selfservice.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/selinuxusermap.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/server.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/service.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/servicedelegation.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/session.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/stageuser.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/sudocmd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/sudocmdgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/sudorule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/topology.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/trust.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/user.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_156/vault.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/aci.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/automember.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/automount.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/batch.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/caacl.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/cert.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/certprofile.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/config.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/delegation.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/dns.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/domainlevel.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/group.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hbacrule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hbacsvc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hbacsvcgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hbactest.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/host.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/hostgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/idrange.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/idviews.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/internal.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/join.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/krbtpolicy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/migration.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/misc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/netgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/otpconfig.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/otptoken.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/otptoken_yubikey.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/passwd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/permission.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/ping.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/pkinit.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/privilege.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/pwpolicy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/radiusproxy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/realmdomains.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/role.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/selfservice.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/selinuxusermap.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/server.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/service.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/servicedelegation.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/session.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/stageuser.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/sudocmd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/sudocmdgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/sudorule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/topology.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/trust.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/user.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_164/vault.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/aci.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/automember.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/automount.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/batch.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/cert.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/config.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/delegation.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/dns.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/entitle.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/group.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hbacrule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hbacsvc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hbacsvcgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hbactest.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/host.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/hostgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/idrange.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/internal.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/join.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/krbtpolicy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/migration.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/misc.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/netgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/passwd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/permission.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/ping.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/pkinit.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/privilege.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/pwpolicy.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/role.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/selfservice.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/selinuxusermap.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/service.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/session.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/sudocmd.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/sudocmdgroup.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/sudorule.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/trust.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/2_49/user.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/compat.py
 %%PYTHON_SITELIBDIR%%/ipaclient/remote_plugins/schema.py
 %%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO
 %%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt
 %%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt
 %%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/requires.txt
 %%PYTHON_SITELIBDIR%%/ipalib-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt
 %%PYTHON_SITELIBDIR%%/ipalib/__init__.py
 %%PYTHON_SITELIBDIR%%/ipalib/aci.py
 %%PYTHON_SITELIBDIR%%/ipalib/backend.py
 %%PYTHON_SITELIBDIR%%/ipalib/base.py
 %%PYTHON_SITELIBDIR%%/ipalib/capabilities.py
 %%PYTHON_SITELIBDIR%%/ipalib/cli.py
 %%PYTHON_SITELIBDIR%%/ipalib/config.py
 %%PYTHON_SITELIBDIR%%/ipalib/constants.py
 %%PYTHON_SITELIBDIR%%/ipalib/crud.py
 %%PYTHON_SITELIBDIR%%/ipalib/dns.py
 %%PYTHON_SITELIBDIR%%/ipalib/errors.py
 %%PYTHON_SITELIBDIR%%/ipalib/facts.py
 %%PYTHON_SITELIBDIR%%/ipalib/frontend.py
 %%PYTHON_SITELIBDIR%%/ipalib/install/__init__.py
 %%PYTHON_SITELIBDIR%%/ipalib/install/certmonger.py
 %%PYTHON_SITELIBDIR%%/ipalib/install/certstore.py
 %%PYTHON_SITELIBDIR%%/ipalib/install/dnsforwarders.py
 %%PYTHON_SITELIBDIR%%/ipalib/install/hostname.py
 %%PYTHON_SITELIBDIR%%/ipalib/install/kinit.py
 %%PYTHON_SITELIBDIR%%/ipalib/install/service.py
 %%PYTHON_SITELIBDIR%%/ipalib/install/sysrestore.py
 %%PYTHON_SITELIBDIR%%/ipalib/install_files.txt
 %%PYTHON_SITELIBDIR%%/ipalib/krb_utils.py
 %%PYTHON_SITELIBDIR%%/ipalib/messages.py
 %%PYTHON_SITELIBDIR%%/ipalib/misc.py
 %%PYTHON_SITELIBDIR%%/ipalib/output.py
 %%PYTHON_SITELIBDIR%%/ipalib/parameters.py
 %%PYTHON_SITELIBDIR%%/ipalib/pkcs10.py
 %%PYTHON_SITELIBDIR%%/ipalib/plugable.py
 %%PYTHON_SITELIBDIR%%/ipalib/request.py
 %%PYTHON_SITELIBDIR%%/ipalib/rpc.py
 %%PYTHON_SITELIBDIR%%/ipalib/sysrestore.py
 %%PYTHON_SITELIBDIR%%/ipalib/text.py
 %%PYTHON_SITELIBDIR%%/ipalib/util.py
 %%PYTHON_SITELIBDIR%%/ipalib/x509.py
 %%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO
 %%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt
 %%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt
 %%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/requires.txt
 %%PYTHON_SITELIBDIR%%/ipaplatform-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt
 %%PYTHON_SITELIBDIR%%/ipaplatform/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/_importhook.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/base/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/base/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/base/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/base/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/base/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/debian/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/debian/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/debian/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/debian/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/debian/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/fedora_container/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/freebsd/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/install_files.txt
 %%PYTHON_SITELIBDIR%%/ipaplatform/nixos/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/nixos/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/nixos/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/nixos/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/nixos/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/osinfo.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/override.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/redhat/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/redhat/authconfig.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/redhat/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/redhat/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/redhat/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/redhat/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/rhel_container/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/suse/__init__.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/suse/constants.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/suse/paths.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/suse/services.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/suse/tasks.py
 %%PYTHON_SITELIBDIR%%/ipaplatform/tasks.py
 %%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO
 %%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt
 %%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt
 %%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/requires.txt
 %%PYTHON_SITELIBDIR%%/ipapython-%%DISTVERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt
 %%PYTHON_SITELIBDIR%%/ipapython/__init__.py
 %%PYTHON_SITELIBDIR%%/ipapython/admintool.py
 %%PYTHON_SITELIBDIR%%/ipapython/certdb.py
 %%PYTHON_SITELIBDIR%%/ipapython/config.py
 %%PYTHON_SITELIBDIR%%/ipapython/cookie.py
 %%PYTHON_SITELIBDIR%%/ipapython/directivesetter.py
 %%PYTHON_SITELIBDIR%%/ipapython/dn.py
 %%PYTHON_SITELIBDIR%%/ipapython/dn_ctypes.py
 %%PYTHON_SITELIBDIR%%/ipapython/dnsutil.py
 %%PYTHON_SITELIBDIR%%/ipapython/dogtag.py
 %%PYTHON_SITELIBDIR%%/ipapython/errors.py
 %%PYTHON_SITELIBDIR%%/ipapython/fqdn.py
 %%PYTHON_SITELIBDIR%%/ipapython/graph.py
 %%PYTHON_SITELIBDIR%%/ipapython/install/__init__.py
 %%PYTHON_SITELIBDIR%%/ipapython/install/cli.py
 %%PYTHON_SITELIBDIR%%/ipapython/install/common.py
 %%PYTHON_SITELIBDIR%%/ipapython/install/core.py
 %%PYTHON_SITELIBDIR%%/ipapython/install/typing.py
 %%PYTHON_SITELIBDIR%%/ipapython/install/util.py
 %%PYTHON_SITELIBDIR%%/ipapython/install_files.txt
 %%PYTHON_SITELIBDIR%%/ipapython/ipa_log_manager.py
 %%PYTHON_SITELIBDIR%%/ipapython/ipachangeconf.py
 %%PYTHON_SITELIBDIR%%/ipapython/ipaldap.py
 %%PYTHON_SITELIBDIR%%/ipapython/ipautil.py
 %%PYTHON_SITELIBDIR%%/ipapython/ipavalidate.py
 %%PYTHON_SITELIBDIR%%/ipapython/kerberos.py
 %%PYTHON_SITELIBDIR%%/ipapython/kernel_keyring.py
 %%PYTHON_SITELIBDIR%%/ipapython/nsslib.py
 %%PYTHON_SITELIBDIR%%/ipapython/session_storage.py
 %%PYTHON_SITELIBDIR%%/ipapython/ssh.py
 %%PYTHON_SITELIBDIR%%/ipapython/version.py
 libexec/ipa/acme/certbot-dns-ipa
 share/man/man1/ipa-certupdate.1.gz
 share/man/man1/ipa-client-automount.1.gz
 share/man/man1/ipa-client-install.1.gz
 share/man/man1/ipa-client-samba.1.gz
 share/man/man1/ipa-epn.1.gz
 share/man/man1/ipa-getkeytab.1.gz
 share/man/man1/ipa-join.1.gz
 share/man/man1/ipa-rmkeytab.1.gz
 share/man/man1/ipa.1.gz
 share/man/man5/default.conf.5.gz
 share/man/man5/epn.conf.5.gz
 sbin/ipa-certupdate
 sbin/ipa-client-automount
 sbin/ipa-client-install
 sbin/ipa-client-samba
 sbin/ipa-epn
 sbin/ipa-getkeytab
 sbin/ipa-join
 sbin/ipa-rmkeytab
 share/ipa/client/freeipa.template
 share/ipa/client/ssh_ipa.conf.template
 share/ipa/client/sshd_ipa.conf.template
 share/locale/bn_IN/LC_MESSAGES/ipa.mo
 share/locale/ca/LC_MESSAGES/ipa.mo
 share/locale/cs/LC_MESSAGES/ipa.mo
 share/locale/de/LC_MESSAGES/ipa.mo
 share/locale/en_GB/LC_MESSAGES/ipa.mo
 share/locale/es/LC_MESSAGES/ipa.mo
 share/locale/eu/LC_MESSAGES/ipa.mo
 share/locale/fi/LC_MESSAGES/ipa.mo
 share/locale/fr/LC_MESSAGES/ipa.mo
 share/locale/hi/LC_MESSAGES/ipa.mo
 share/locale/hu/LC_MESSAGES/ipa.mo
 share/locale/id/LC_MESSAGES/ipa.mo
 share/locale/ja/LC_MESSAGES/ipa.mo
 share/locale/ka/LC_MESSAGES/ipa.mo
 share/locale/kn/LC_MESSAGES/ipa.mo
 share/locale/ko/LC_MESSAGES/ipa.mo
 share/locale/mr/LC_MESSAGES/ipa.mo
 share/locale/nl/LC_MESSAGES/ipa.mo
 share/locale/pa/LC_MESSAGES/ipa.mo
 share/locale/pl/LC_MESSAGES/ipa.mo
 share/locale/pt/LC_MESSAGES/ipa.mo
 share/locale/pt_BR/LC_MESSAGES/ipa.mo
 share/locale/ru/LC_MESSAGES/ipa.mo
 share/locale/sk/LC_MESSAGES/ipa.mo
 share/locale/tg/LC_MESSAGES/ipa.mo
 share/locale/tr/LC_MESSAGES/ipa.mo
 share/locale/uk/LC_MESSAGES/ipa.mo
 share/locale/zh_CN/LC_MESSAGES/ipa.mo
@dir etc/ipa/nssdb
@dir share/selinux/packages/targeted
@dir /var/lib/ipa-client/pki
@dir /var/lib/ipa-client/sysrestore
@dir /var/lib/ipa-client
@dir /var/lib
--- a/net/relayd.old/Makefile
+++ b/net/relayd.old/Makefile
@ -1,64 +0,0 @@
 PORTNAME=	relayd
 DISTVERSION=	7.3.2024.01.15
 CATEGORIES=	net
 #MASTER_SITES=	https://github.com/KlaraSystems/freebsd-relayd/releases/download/${DISTVERSION}/
 USE_GITHUB=	yes
 GH_ACCOUNT=	0mp
 GH_PROJECT=	freebsd-relayd
 GH_TAGNAME=	44c1ed0
 MAINTAINER=	0mp@FreeBSD.org
 COMMENT=	OpenBSD relay daemon
 WWW=		https://github.com/KlaraSystems/freebsd-relayd
 LICENSE=	ISCL
 LIB_DEPENDS=	libpfctl.so:net/libpfctl
 USES=		localbase:ldflags ssl uidfix
 USE_RC_SUBR=	relayd
 HAS_CONFIGURE=	yes
 LDFLAGS+=	-lpfctl
 USERS=		_relayd
 GROUPS=		_relayd
 .include <bsd.port.pre.mk>
 .if !${SSL_DEFAULT:Mlibressl*}
 #_LIBRESSL_ORIGIN=	security/libressl
 _LIBRESSL_ORIGIN=	security/libressl-devel
 . ifnmake describe
 STAGEDIR_libressl!=	${MAKE} -V STAGEDIR -C ${PORTSDIR}/${_LIBRESSL_ORIGIN}
 . endif
 BUILD_DEPENDS+=		${NONEXISTENT}:${_LIBRESSL_ORIGIN}:stage
 .endif # SSL_DEFAULT
 MAKE_ENV=	LIBCRYPTO=${STAGEDIR_libressl}${LOCALBASE}/lib/libcrypto.a \
 		LIBSSL=${STAGEDIR_libressl}${LOCALBASE}/lib/libssl.a \
 		LIBTLS=${STAGEDIR_libressl}${LOCALBASE}/lib/libtls.a \
 		OPENSSLINCDIR=${STAGEDIR_libressl}${LOCALBASE}/include
 post-patch:
 	${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \
 		${WRKSRC}/usr.sbin/relayd/relayd.conf.5 \
 		${WRKSRC}/usr.sbin/relayd/relayd.8
 do-install:
 	${INSTALL_DATA} ${WRKSRC}/etc/examples/relayd.conf \
 		${STAGEDIR}${PREFIX}/etc/relayd.conf.sample
 	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayctl/relayctl.8 \
 		${STAGEDIR}${PREFIX}/share/man/man8/
 	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayd/relayd.8 \
 		${STAGEDIR}${PREFIX}/share/man/man8/
 	${INSTALL_MAN} ${WRKSRC}/usr.sbin/relayd/relayd.conf.5 \
 		${STAGEDIR}${PREFIX}/share/man/man5/
 	${INSTALL_PROGRAM} ${WRKSRC}/usr.sbin/relayctl/relayctl \
 		${STAGEDIR}${PREFIX}/sbin/
 	${INSTALL_PROGRAM} ${WRKSRC}/usr.sbin/relayd/relayd \
 		${STAGEDIR}${PREFIX}/sbin/
 .include <bsd.port.post.mk>
--- a/net/relayd.old/distinfo
+++ b/net/relayd.old/distinfo
@ -1,3 +0,0 @@
 TIMESTAMP = 1709219928
 SHA256 (0mp-freebsd-relayd-7.3.2024.01.15-44c1ed0_GH0.tar.gz) = 3f155b63141b9143a9f57cac1536a81b1592c9d5b5c0d5716912edf3169ab812
 SIZE (0mp-freebsd-relayd-7.3.2024.01.15-44c1ed0_GH0.tar.gz) = 257538830
--- a/net/relayd.old/files/patch-share_mk_bsd.own.mk
+++ b/net/relayd.old/files/patch-share_mk_bsd.own.mk
@ -1,11 +0,0 @@
 --- share/mk/bsd.own.mk.orig	2023-11-02 07:25:02 UTC
 +++ share/mk/bsd.own.mk
@@ -15,7 +15,7 @@ SKEY?=		yes
 # Set `YP' to `yes' to build with support for NIS/YP.
 YP?=		yes
 -CLANG_ARCH=aarch64 amd64 arm i386 mips64 mips64el powerpc powerpc64 riscv64 sparc64
 +CLANG_ARCH=aarch64 amd64 arm armv6 armv7 i386 mips64 mips64el powerpc powerpc64 riscv64 sparc64
 GCC4_ARCH=alpha hppa sh sparc64
 GCC3_ARCH=m88k
 LLD_ARCH=aarch64 amd64 arm i386 powerpc powerpc64 riscv64
--- a/net/relayd.old/files/relayd.in
+++ b/net/relayd.old/files/relayd.in
@ -1,39 +0,0 @@
 #!/bin/sh
 # PROVIDE: relayd
 # REQUIRE: NETWORKING syslogd
 # BEFORE:  DAEMON
 # KEYWORD: shutdown
 # Add the following lines to /etc/rc.conf to enable relayd:
 # relayd_enable="YES"
 # relayd_flags="<set as needed>"
 . /etc/rc.subr
 name=relayd
 rcvar=relayd_enable
 load_rc_config $name
 : ${relayd_enable="NO"}
 command="%%PREFIX%%/sbin/relayd"
 relayctl="%%PREFIX%%/sbin/relayctl"
 start_precmd="relayd_checkconfig"
 reload_precmd="relayd_checkconfig"
 restart_precmd="relayd_checkconfig"
 reload_cmd="relayd_reload_cmd"
 extra_commands="reload"
 relayd_checkconfig()
 {
 	echo "Performing sanity check on relayd configuration:"
 	eval ${command} ${relayd_flags} -n
 }
 relayd_reload_cmd () {
 	${relayctl} reload
 }
 run_rc_command "$1"
--- a/net/relayd.old/pkg-descr
+++ b/net/relayd.old/pkg-descr
@ -1,18 +0,0 @@
 This is the FreeBSD port of the OpenBSD relayd and relayctl.
 relayd is a daemon to relay and dynamically redirect incoming connections
 to a target host.  Its main purposes are to run as a load-balancer,
 application layer gateway, or transparent proxy.  The daemon is able to
 monitor groups of hosts for availability, which is determined by checking
 for a specific service common to a host group.  When availability is con-
 firmed, Layer 3 and/or layer 7 forwarding services are set up by relayd.
 Layer 3 redirection happens at the packet level; to configure it, relayd
 communicates with pf(4).
 The following relayd functionality is not (yet) implemented in FreeBSD:
 - carp demote
 - modifying routing tables
 - snmp traps
 The relayctl program controls the relayd(8) daemon.
--- a/net/relayd.old/pkg-plist
+++ b/net/relayd.old/pkg-plist
@ -1,6 +0,0 @@
@sample etc/relayd.conf.sample
 share/man/man5/relayd.conf.5.gz
 share/man/man8/relayctl.8.gz
 share/man/man8/relayd.8.gz
 sbin/relayctl
 sbin/relayd
--- a/net/samba416.old/Makefile
+++ b/net/samba416.old/Makefile
@ -1,708 +0,0 @@
 PORTNAME=			${SAMBA4_BASENAME}416
 PORTVERSION=			${SAMBA4_VERSION}
 PORTREVISION=			5
 CATEGORIES?=			net
 MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=			${SAMBA4_DISTNAME}
 MAINTAINER=			timur@FreeBSD.org
 COMMENT=			Free SMB/CIFS and AD/DC server and client for Unix
 WWW=				https://gitlab.com/samba-freebsd/
 LICENSE=			GPLv3+
 LICENSE_FILE=			${WRKSRC}/COPYING
 USES=				cpe
 CONFLICTS_INSTALL?=		samba4*
 EXTRA_PATCHES=			\
 				${PATCHDIR}/0001-Compact-and-simplify-modules-build-and-config-genera.patch:-p1 \
 				${PATCHDIR}/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch:-p1 \
 				${PATCHDIR}/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch:-p1 \
 				${PATCHDIR}/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch:-p1 \
 				${PATCHDIR}/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch:-p1 \
 				${PATCHDIR}/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch:-p1 \
 				${PATCHDIR}/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch:-p1 \
 				${PATCHDIR}/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch:-p1 \
 				${PATCHDIR}/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch:-p1 \
 				${PATCHDIR}/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch:-p1 \
 				${PATCHDIR}/0011-Use-provided-by-port-location-of-the-XML-catalog.patch:-p1 \
 				${PATCHDIR}/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch:-p1 \
 				${PATCHDIR}/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch:-p1 \
 				${PATCHDIR}/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch:-p1 \
 				${PATCHDIR}/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch:-p1 \
 				${PATCHDIR}/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch:-p1 \
 				${PATCHDIR}/0017-Use-arc4random-when-available-to-generate-random-tal.patch:-p1 \
 				${PATCHDIR}/0018-Add-configuration-option-that-allows-to-choose-alter.patch:-p1 \
 				${PATCHDIR}/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch:-p1 \
 				${PATCHDIR}/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch:-p1 \
 				${PATCHDIR}/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch:-p1 \
 				${PATCHDIR}/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch:-p1 \
 				${PATCHDIR}/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch:-p1 \
 				${PATCHDIR}/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch:-p1 \
 				${PATCHDIR}/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch:-p1 \
 				${PATCHDIR}/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch:-p1 \
 				${PATCHDIR}/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch:-p1 \
 				${PATCHDIR}/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch:-p1 \
 				${PATCHDIR}/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch:-p1 \
 				${PATCHDIR}/0099-s4-mitkdc-Add-support-for-MIT-Kerberos-1.20.patch:-p1
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
 SAMBA4_VERSION=			4.16.11
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 WRKSRC?=			${WRKDIR}/${DISTNAME}
 PLIST?=				${PKGDIR}/pkg-plist
 CPE_VENDOR=			samba
 CPE_PRODUCT=			samba
 # Directories
 VARDIR=				${DESTDIR}/var
 SAMBA4_RUNDIR=			${VARDIR}/run/${SAMBA4_PORTNAME}
 SAMBA4_LOGDIR=			${VARDIR}/log/${SAMBA4_PORTNAME}
 SAMBA4_LOCKDIR=			${VARDIR}/db/${SAMBA4_PORTNAME}
 SAMBA4_BINDDNSDIR=		${SAMBA4_LOCKDIR}/bind-dns
 SAMBA4_PRIVATEDIR=		${SAMBA4_LOCKDIR}/private
 SAMBA4_PAMDIR=			${PREFIX}/lib
 SAMBA4_LIBDIR=			${PREFIX}/lib/${SAMBA4_PORTNAME}
 SAMBA4_INCLUDEDIR=		${PREFIX}/include/${SAMBA4_PORTNAME}
 SAMBA4_CONFDIR=			${PREFIX}/etc
 SAMBA4_CONFIG=			smb4.conf
 SAMBA4_MODULES_CLASS=		auth bind9 gensec gpext idmap ldb nss_info \
 				pdb perfcount process_model service vfs
 CONFIGURE_ARGS=			--mandir="${PREFIX}/share/man" \
 				--sysconfdir="${SAMBA4_CONFDIR}" \
 				--includedir="${SAMBA4_INCLUDEDIR}" \
 				--datadir="${DATADIR}" \
 				--libdir="${SAMBA4_LIBDIR}" \
 				--with-privatelibdir="${SAMBA4_LIBDIR}/private" \
 				--with-pammodulesdir="${SAMBA4_PAMDIR}" \
 				--with-modulesdir="${SAMBA4_MODULEDIR}" \
 				--with-pkgconfigdir="${PKGCONFIGDIR}" \
 				--localstatedir="${VARDIR}" \
 				--with-piddir="${SAMBA4_RUNDIR}" \
 				--with-sockets-dir="${SAMBA4_RUNDIR}" \
 				--with-privileged-socket-dir="${SAMBA4_RUNDIR}" \
 				--with-lockdir="${SAMBA4_LOCKDIR}" \
 				--with-statedir="${SAMBA4_LOCKDIR}" \
 				--with-cachedir="${SAMBA4_LOCKDIR}" \
 				--with-bind-dns-dir=${SAMBA4_BINDDNSDIR} \
 				--with-privatedir="${SAMBA4_PRIVATEDIR}" \
 				--with-logfilebase="${SAMBA4_LOGDIR}"
 # XXX: Flags
 CONFIGURE_ENV=			PTHREAD_LDFLAGS="-lpthread"
 MAKE_ENV=			PYTHONHASHSEED=1
 USES=				compiler:c++11-lang iconv localbase:ldflags \
 				perl5 pkgconfig shebangfix waf gettext-runtime
 USE_PERL5=			build
 USE_LDCONFIG=			${SAMBA4_LIBDIR}
 WAF_CMD=			buildtools/bin/waf
 CONFIGURE_LOG=			bin/config.log
 FLAVORS=			default noldb
 noldb_PKGNAMESUFFIX=		-noldb
 # Make sure that the right version of Python is used by the tools
 # https://bugzilla.samba.org/show_bug.cgi?id=7305
 SHEBANG_FILES=			${PATCH_WRKSRC}/source4/scripting/bin/* ${PATCH_WRKSRC}/selftest/*
 PKGCONFIGDIR?=			${PREFIX}/libdata/pkgconfig
 PKGCONFIGDIR_REL?=		${PKGCONFIGDIR:S,^${PREFIX}/,,}
 PLIST_SUB=			PKGCONFIGDIR=${PKGCONFIGDIR_REL}
 SUB_LIST=			PKGCONFIGDIR=${PKGCONFIGDIR_REL}
 ##############################################################################
 OPTIONS_SUB=			yes
 OPTIONS_DEFINE=			AD_DC ADS CLUSTER CUPS DOCS FAM GPGME \
 				LDAP MANDOC PROFILE PYTHON3 QUOTAS \
 				SPOTLIGHT SYSLOG UTMP
 #OPTIONS_DEFINE+=		DEVELOPER MEMORY_DEBUG
 OPTIONS_GROUP=			VFS
 OPTIONS_GROUP_VFS=		FRUIT GLUSTERFS
 OPTIONS_SINGLE=			GSSAPI ZEROCONF
 OPTIONS_SINGLE_GSSAPI=		GSSAPI_BUILTIN GSSAPI_MIT
 #GSSAPI_HEIMDAL
 OPTIONS_SINGLE_ZEROCONF=	ZEROCONF_NONE AVAHI MDNSRESPONDER
 # Make those default options
 OPTIONS_DEFAULT=		AD_DC ADS DOCS FAM LDAP \
 				PROFILE PYTHON3 QUOTAS SYSLOG UTMP \
 				FRUIT GSSAPI_BUILTIN AVAHI
 ##############################################################################
 ADS_DESC=			Active Directory client(implies LDAP)
 AD_DC_DESC=			Active Directory Domain Controller(implies PYTHON3)
 CLUSTER_DESC=			Clustering support
 DEVELOPER_DESC=			With developer framework
 FAM_DESC=			File Alteration Monitor
 GPGME_DESC=			GpgME support
 LDAP_DESC=			LDAP client
 LIBZFS_DESC=			LibZFS
 SPOTLIGHT_DESC=			Spotlight server-side search support
 MANDOC_DESC=			Build manpages from DOCBOOK templates
 MEMORY_DEBUG_DESC=		Debug memory allocator
 PICKY_DEVELOPER_DESC=		Treat compiler warnings as errors(implies DEVELOPER)
 PROFILE_DESC=			Profiling data
 QUOTAS_DESC=			Disk quota support
 UTMP_DESC=			UTMP accounting
 VFS_DESC=			VFS modules
 FRUIT_DESC=			MacOSX and TimeMachine support
 GLUSTERFS_DESC=			GlusterFS support
 GSSAPI_BUILTIN_DESC=		GSSAPI support via bundled Heimdal
 ZEROCONF_DESC=			Zero configuration networking
 ZEROCONF_NONE_DESC=		Zeroconf support is absent
 ##############################################################################
 # XXX: Unconditional dependencies which can't be switched off(if present in
 # the system)
 # Iconv(picked up unconditionaly)
 LIB_DEPENDS=			libiconv.so:converters/libiconv
 # unwind
 LIB_DEPENDS+=			libunwind.so:devel/libunwind
 # Readline(sponsored by Python)
 # XXX: USES=readline pollutes CPPFLAGS, so we explicitly put dependency
 LIB_DEPENDS+=			libreadline.so:devel/readline
 # popt
 LIB_DEPENDS+=			libpopt.so:devel/popt
 # inotify
 LIB_DEPENDS+=			libinotify.so:devel/libinotify
 # GNUTLS
 LIB_DEPENDS+=			libgnutls.so:security/gnutls
 LIB_DEPENDS+=			libgcrypt.so:security/libgcrypt
 # NFSv4 ACL glue
 LIB_DEPENDS+=			libsunacl.so:sysutils/libsunacl
 # Jansson
 BUILD_DEPENDS+=			jansson>=2.10:devel/jansson
 RUN_DEPENDS+=			jansson>=2.10:devel/jansson
 # tasn1
 BUILD_DEPENDS+=			libtasn1>=3.8:security/libtasn1
 RUN_DEPENDS+=			libtasn1>=3.8:security/libtasn1
 # External Samba dependencies
 # Needed for IDL compiler
 BUILD_DEPENDS+=			p5-Parse-Yapp>=0:devel/p5-Parse-Yapp
 # Libarchive
 SAMBA4_BUNDLED_LIBS=		!libarchive
 BUILD_DEPENDS+=			libarchive>=3.1.2:archivers/libarchive
 RUN_DEPENDS+=			libarchive>=3.1.2:archivers/libarchive
 ### Bundled libraries
 SAMBA4_BUNDLED_CMOCKA?=		no
 SAMBA4_BUNDLED_TALLOC?=		no
 SAMBA4_BUNDLED_TEVENT?=		no
 SAMBA4_BUNDLED_TDB?=		no
 .if ${FLAVOR:U} != noldb
 SAMBA4_BUNDLED_LDB?=		yes
 .else
 SAMBA4_BUNDLED_LDB?=		no
 .endif
 # cmocka
 .if defined(SAMBA4_BUNDLED_CMOCKA) && ${SAMBA4_BUNDLED_CMOCKA} == yes
 SAMBA4_BUNDLED_LIBS+=		cmocka
 CONFLICTS_INSTALL+=		cmocka-1.*
 PLIST_SUB+=			SAMBA4_BUNDLED_CMOCKA=""
 SUB_LIST+=			SAMBA4_BUNDLED_CMOCKA=""
 .else
 SAMBA4_BUNDLED_LIBS+=		!cmocka
 BUILD_DEPENDS+=			cmocka>=1.1.3:sysutils/cmocka
 TEST_DEPENDS+=			cmocka>=1.1.3:sysutils/cmocka
 PLIST_SUB+=			SAMBA4_BUNDLED_CMOCKA="@comment "
 SUB_LIST+=			SAMBA4_BUNDLED_CMOCKA="@comment "
 .endif
 # talloc
 .if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
 SAMBA4_BUNDLED_LIBS+=		talloc
 CONFLICTS_INSTALL+=		talloc-* talloc1-*
 PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC=""
 SUB_LIST+=			SAMBA4_BUNDLED_TALLOC=""
 .else
 SAMBA4_BUNDLED_LIBS+=		!talloc
 BUILD_DEPENDS+=			talloc>=2.3.3:devel/talloc
 RUN_DEPENDS+=			talloc>=2.3.3:devel/talloc
 PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC="@comment "
 SUB_LIST+=			SAMBA4_BUNDLED_TALLOC="@comment "
 .endif
 # tevent
 .if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
 SAMBA4_BUNDLED_LIBS+=		tevent
 CONFLICTS_INSTALL+=		tevent-* tevent1-*
 PLIST_SUB+=			SAMBA4_BUNDLED_TEVENT=""
 SUB_LIST+=			SAMBA4_BUNDLED_TEVENT=""
 .else
 SAMBA4_BUNDLED_LIBS+=		!tevent
 BUILD_DEPENDS+=			tevent>=0.11.0:devel/tevent
 RUN_DEPENDS+=			tevent>=0.11.0:devel/tevent
 PLIST_SUB+=			SAMBA4_BUNDLED_TEVENT="@comment "
 SUB_LIST+=			SAMBA4_BUNDLED_TEVENT="@comment "
 .endif
 # tdb
 .if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
 SAMBA4_BUNDLED_LIBS+=		tdb
 CONFLICTS_INSTALL+=		tdb-* tdb1-*
 PLIST_SUB+=			SAMBA4_BUNDLED_TDB=""
 SUB_LIST+=			SAMBA4_BUNDLED_TDB=""
 .else
 SAMBA4_BUNDLED_LIBS+=		!tdb
 BUILD_DEPENDS+=			tdb>=1.4.6:databases/tdb
 RUN_DEPENDS+=			tdb>=1.4.6:databases/tdb
 PLIST_SUB+=			SAMBA4_BUNDLED_TDB="@comment "
 SUB_LIST+=			SAMBA4_BUNDLED_TDB="@comment "
 .endif
 # ldb
 .if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
 SAMBA4_BUNDLED_LDB=		yes
 SAMBA4_BUNDLED_LIBS+=		ldb
 PLIST_SUB+=			SAMBA4_BUNDLED_LDB=""
 SUB_LIST+=			SAMBA4_BUNDLED_LDB=""
 SAMBA4_MODULEDIR=		${SAMBA4_LIBDIR}/modules
 .else
 SAMBA4_BUNDLED_LIBS+=		!ldb
 BUILD_DEPENDS+=			ldb25>=2.5.2:databases/ldb25
 RUN_DEPENDS+=			ldb25>=2.5.2:databases/ldb25
 PLIST_SUB+=			SAMBA4_BUNDLED_LDB="@comment "
 SUB_LIST+=			SAMBA4_BUNDLED_LDB="@comment "
 SAMBA4_MODULEDIR=		${PREFIX}/lib/shared-modules
 .endif
 .if (defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes) \
 	|| (defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes) \
 	|| (defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes) \
 	|| (defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes)
 SAMBA4_BUNDLED_LIBS+=		replace
 .endif
 # Don't use external libcom_err
 SAMBA4_BUNDLED_LIBS+=		com_err
 # Set the test environment variables
 TEST_USES=			python
 TEST_ENV=			PYTHON="${PYTHON_CMD}" \
 				SHA1SUM=/sbin/sha1 \
 				SHA256SUM=/sbin/sha256 \
 				MD5SUM=/sbin/md5 \
 				PYTHONDONTWRITEBYTECODE=1
 TEST_DEPENDS=			bash:shells/bash \
 				tshark:net/wireshark@nox11
 # External Python modules
 TEST_BUILD_DEPENDS=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
 TEST_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
 ##############################################################################
 CONFIGURE_ARGS+=		\
 				--with-pam \
 				--with-iconv \
 				--with-winbind \
 				--with-regedit \
 				--disable-rpath \
 				--without-lttng \
 				--without-gettext \
 				--enable-pthreadpool \
 				--without-fake-kaserver \
 				--without-systemd \
 				--with-libarchive \
 				--with-acl-support \
 				--with-sendfile-support \
 				--disable-ctdb-tests
 #				${ICONV_CONFIGURE_BASE}
 ##############################################################################
 FRUIT_PREVENTS=			ZEROCONF_NONE
 FRUIT_PREVENTS_MSG=		MacOSX support requires Zeroconf(AVAHI or MDNSRESPONDER)
 FRUIT_VARS=			SAMBA4_MODULES+=vfs_fruit
 FRUIT_PLIST_FILES=		share/man/man8/vfs_fruit.8.gz
 GLUSTERFS_CONFIGURE_ENABLE=	glusterfs
 GLUSTERFS_LIB_DEPENDS=		libglusterfs.so:net/glusterfs
 GLUSTERFS_VARS=			SAMBA4_MODULES+=vfs_glusterfs
 GLUSTERFS_PLIST_FILES=		share/man/man8/vfs_glusterfs.8.gz
 ZEROCONF_NONE_MAKE_ENV=		ZEROCONF=none
 ##############################################################################
 AVAHI_CONFIGURE_ENABLE=		avahi
 AVAHI_LIB_DEPENDS=		libavahi-client.so:net/avahi-app
 AVAHI_VARS=			SAMBA4_SERVICES+=avahi_daemon
 MDNSRESPONDER_CONFIGURE_ENABLE=	dnssd
 MDNSRESPONDER_LIB_DEPENDS=	libdns_sd.so:net/mDNSResponder
 MDNSRESPONDER_VARS=		SAMBA4_SERVICES+=mdnsd
 ##############################################################################
 MEMORY_DEBUG_IMPLIES=		DEBUG
 MEMORY_DEBUG_CONFIGURE_ENV=	ADDITIONAL_CFLAGS="-DENABLE_JEMALLOC `pkg-config --cflags jemalloc`" ADDITIONAL_LDFLAGS="`pkg-config --libs jemalloc`"
 MEMORY_DEBUG_LIB_DEPENDS=	libjemalloc.so.2:devel/jemalloc
 # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194046
 GDB_CMD?=			${LOCALBASE}/bin/gdb
 # https://bugzilla.samba.org/show_bug.cgi?id=8969
 PICKY_DEVELOPER_IMPLIES=	DEVELOPER
 PICKY_DEVELOPER_CONFIGURE_ON=	--picky-developer
 DEVELOPER_CONFIGURE_ON=		--enable-developer --enable-selftest --abi-check-disable
 DEVELOPER_CONFIGURE_ENV=	WAF_CMD_FORMAT=string
 DEVELOPER_BUILD_DEPENDS=	${SAMBA4_LMDB_DEPENDS} \
 				${GDB_CMD}:devel/gdb
 DEVELOPER_RUN_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
 DEVELOPER_TEST_DEPENDS=		${GDB_CMD}:devel/gdb
 DEVELOPER_VARS_OFF=		GDB_CMD=true
 ##############################################################################
 AD_DC_IMPLIES=			PYTHON3
 AD_DC_CONFIGURE_OFF=		--without-ad-dc
 AD_DC_BUILD_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
 AD_DC_RUN_DEPENDS=		${SAMBA4_LMDB_DEPENDS}
 AD_DC_VARS=			PLIST+=${PKGDIR}/pkg-plist.ad_dc
 # samba-tool requires those for *upgrade
 AD_DC_BUILD_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \
 				${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR}
 AD_DC_RUN_DEPENDS+=		${PYTHON_PKGNAMEPREFIX}markdown>=3.3.7:textproc/py-markdown@${PY_FLAVOR} \
 				${PYTHON_PKGNAMEPREFIX}dnspython>=2.2.1:dns/py-dnspython@${PY_FLAVOR}
 ADS_IMPLIES=			LDAP
 ADS_CONFIGURE_WITH=		ads
 CLUSTER_CONFIGURE_WITH=		cluster-support
 CLUSTER_VARS=			PLIST+=${PKGDIR}/pkg-plist.cluster
 CUPS_CONFIGURE_ENABLE=		cups iprint
 CUPS_LIB_DEPENDS=		libcups.so:print/cups
 # https://bugzilla.samba.org/show_bug.cgi?id=9545
 FAM_USES=			fam
 FAM_CONFIGURE_WITH=		fam
 GPGME_CONFIGURE_WITH=		gpgme
 GPGME_LIB_DEPENDS=		libgpgme.so:security/gpgme
 GPGME_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}gpgme>=1.14.0:security/py-gpgme@${PY_FLAVOR}
 GSSAPI_BUILTIN_USES=		bison
 GSSAPI_BUILTIN_BUILD_DEPENDS=	p5-JSON>=4.0:converters/p5-JSON
 GSSAPI_MIT_CONFIGURE_ON=	--with-system-mitkrb5 ${GSSAPIBASEDIR} \
 				--with-system-mitkdc=${GSSAPIBASEDIR}/sbin/krb5kdc \
 				--with-experimental-mit-ad-dc
 GSSAPI_MIT_USES=		gssapi:mit
 GSSAPI_HEIMDAL_CONFIGURE_ON=	--with-system-heimdalkrb5 ${GSSAPIBASEDIR}
 GSSAPI_HEIMDAL_USES=		gssapi:heimdal
 GSSAPI_HEIMDAL_PREVENTS=	AD_DC
 GSSAPI_HEIMDAL_PREVENTS_MSG=	GSSAPI_HEIMDAL and AD_DC enable conflicting options
 LDAP_CONFIGURE_WITH=		ldap
 LDAP_CONFIGURE_ON=		--with-openldap=${LOCALBASE}
 LDAP_USES=			ldap
 LDAP_VARS=			SAMBA4_MODULES+=idmap_ldap
 LIBZFS_CONFIGURE_WITH=		libzfs
 LIBZFS_VARS=			SAMBA4_MODULES+=vfs_zfs_space
 MANDOC_BUILD_DEPENDS=		${LOCALBASE}/share/xsl/docbook/manpages/docbook.xsl:textproc/docbook-xsl \
 				xsltproc:textproc/libxslt
 MANDOC_CONFIGURE_ENV_OFF=	XSLTPROC="true"
 PROFILE_CONFIGURE_WITH=		profiling-data
 QUOTAS_CONFIGURE_WITH=		quotas
 SPOTLIGHT_CONFIGURE_ENABLE=	spotlight
 SPOTLIGHT_BUILD_DEPENDS=	tracker>=1.4.1:sysutils/tracker
 SPOTLIGHT_RUN_DEPENDS=		tracker>=1.4.1:sysutils/tracker
 # ICU
 SPOTLIGHT_LIB_DEPENDS=		libicuuc.so:devel/icu
 SPOTLIGHT_USES=			bison gnome
 SPOTLIGHT_USE=			gnome=glib20
 SYSLOG_CONFIGURE_WITH=		syslog
 UTMP_CONFIGURE_WITH=		utmp
 ##############################################################################
 .include <bsd.port.options.mk>
 ##############################################################################
 .if !defined(WANT_EXP_MODULES) || empty(WANT_EXP_MODULES)
 WANT_EXP_MODULES=		vfs_cacheprime
 .endif
 .if ${WANT_EXP_MODULES:Mvfs_snapper}
 # snapper needs dbus
 LIB_DEPENDS+=			libdbus-1.so:devel/dbus
 LIB_DEPENDS+=			libdbus-glib-1.so:devel/dbus-glib
 .endif
 SAMBA4_MODULES+=		krb5_async_dns_krb5_locator krb5_winbind_krb5_locator idmap_nss idmap_autorid \
 				idmap_rid idmap_hash idmap_tdb idmap_tdb2 idmap_script \
 				nss-info_hash
 # List of extra modules taken from RHEL build
 # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197320
 .if ${PORT_OPTIONS:MADS}
 SAMBA4_MODULES+=		idmap_ad idmap_rfc2307 nss-info_template \
 				nss-info_rfc2307 nss-info_sfu nss-info_sfu20
 .endif
 # This kind of special for this distribution
 SAMBA4_MODULES+=		vfs_freebsd
 SAMBA4_MODULES+=		vfs_acl_tdb vfs_acl_xattr vfs_aio_fork vfs_aio_pthread \
 				vfs_audit vfs_cap vfs_catia vfs_commit vfs_crossrename \
 				vfs_default_quota vfs_dirsort vfs_expand_msdfs \
 				vfs_extd_audit vfs_fake_perms vfs_full_audit \
 				vfs_linux_xfs_sgid vfs_media_harmony vfs_offline \
 				vfs_preopen vfs_readahead vfs_readonly vfs_recycle \
 				vfs_shadow_copy vfs_shadow_copy2 vfs_shell_snap \
 				vfs_streams_depot vfs_streams_xattr vfs_syncops \
 				vfs_time_audit vfs_unityed_media vfs_virusfilter \
 				vfs_widelinks vfs_worm vfs_xattr_tdb vfs_zfsacl
 .if ${PORT_OPTIONS:MDEVELOPER}
 SAMBA4_MODULES+=		auth_skel pdb_test gpext_security gpext_registry \
 				gpext_scripts perfcount_test vfs_fake_dfq \
 				vfs_skel_opaque vfs_skel_transparent \
 				vfs_shadow_copy_test vfs_fake_acls \
 				vfs_nfs4acl_xattr vfs_error_inject vfs_delay_inject
 .endif
 # Python bindings
 .if ! ${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)
 USES+=				python:build,test
 CONFIGURE_ARGS+=		--disable-python
 .else
 USES+=				python
 PLIST+=				${PKGDIR}/pkg-plist.python
 # Don't cache Python modules
 CONFIGURE_ARGS+=		--nopycache
 MAKE_ENV+=			PYTHONDONTWRITEBYTECODE=1
 .	if defined(SAMBA4_BUNDLED_TALLOC) && ${SAMBA4_BUNDLED_TALLOC} == yes
 SAMBA4_BUNDLED_LIBS+=		pytalloc-util
 .	else
 SAMBA4_BUNDLED_LIBS+=		!pytalloc-util
 .	endif
 .	if defined(SAMBA4_BUNDLED_TEVENT) && ${SAMBA4_BUNDLED_TEVENT} == yes
 SAMBA4_BUNDLED_LIBS+=		pytevent
 .	else
 SAMBA4_BUNDLED_LIBS+=		!pytevent
 .	endif
 .	if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
 SAMBA4_BUNDLED_LIBS+=		pytdb
 .	else
 SAMBA4_BUNDLED_LIBS+=		!pytdb
 .	endif
 .	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
 SAMBA4_BUNDLED_LIBS+=		pyldb pyldb-util
 .	else
 SAMBA4_BUNDLED_LIBS+=		!pyldb !pyldb-util
 .	endif
 .endif
 .if defined(WANT_EXP_MODULES) && !empty(WANT_EXP_MODULES)
 SAMBA4_MODULES+=		${WANT_EXP_MODULES}
 .endif
 .if defined(SAMBA4_BUNDLED_LIBS) && !empty(SAMBA4_BUNDLED_LIBS)
 CONFIGURE_ARGS+=		--bundled-libraries="${SAMBA4_BUNDLED_LIBS:Q:C|(\\\\ )+|,|g:S|\\||g}"
 .endif
 .if defined(SAMBA4_MODULES) && !empty(SAMBA4_MODULES)
 CONFIGURE_ARGS+=		--with-shared-modules="${SAMBA4_MODULES:C|-|_|:Q:C|(\\\\ )+|,|g:S|\\||g}"
 .endif
 # XXX: Hack for nss-info_* -> nss_info/* modules
 # Add selected modules to the plist
 .for module in ${SAMBA4_MODULES}
 PLIST_FILES+=			${SAMBA4_MODULEDIR}/${module:C|_|/|:C|-|_|}.so
 .endfor
 .for module_class in ${SAMBA4_MODULES_CLASS}
 PLIST_DIRS+=			${SAMBA4_MODULEDIR}/${module_class}
 .endfor
 PLIST_DIRS+=			${SAMBA4_MODULEDIR}
 .if defined(WITH_DEBUG)
 CONFIGURE_ARGS+=		--verbose --enable-debug
 MAKE_ARGS+=			--verbose
 DEBUG_FLAGS?=			-g -ggdb3 -O0
 .endif
 ##############################################################################
 .include <bsd.port.pre.mk>
 ##############################################################################
 # Implemented in the gcrypt on AMD64
 .if ${ARCH} == "amd64"
 CONFIGURE_ARGS+=		--accel-aes=intelaesni
 .else
 CONFIGURE_ARGS+=		--accel-aes=none
 .endif
 # Only for 64-bit architectures
 .if ${ARCH} != armv6 && ${ARCH} != armv7 && ${ARCH} != i386 && ${ARCH} != mips && ${ARCH} != powerpc && ${ARCH} != powerpcspe
 .	if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes && (${PORT_OPTIONS:MAD_DC} || ${PORT_OPTIONS:MDEVELOPER})
 # LMDB
 SAMBA4_LMDB_DEPENDS=		lmdb>=0.9.16:databases/lmdb
 PLIST_FILES+=			${SAMBA4_LIBDIR}/private/libldb-mdb-int-samba4.so \
 				${SAMBA4_MODULEDIR}/ldb/mdb.so
 .	endif
 .endif
 .if ${PORT_OPTIONS:MGSSAPI_MIT}
 PLIST_FILES+=			${SAMBA4_MODULEDIR}/krb5/winbind_krb5_localauth.so \
 				share/man/man8/winbind_krb5_localauth.8.gz
 .	if ${PORT_OPTIONS:MAD_DC}
 PLIST_FILES+=			${SAMBA4_LIBDIR}/krb5/plugins/kdb/samba.so
 .	endif
 .endif
 # for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
 CFLAGS_amd64+=			-fno-omit-frame-pointer
 # No fancy color error messages
 CFLAGS+=			${CFLAGS_${CHOSEN_COMPILER_TYPE}}
 CFLAGS_clang=			-fno-color-diagnostics
 CONFIGURE_ENV+=			NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s'
 MAKE_ENV+=			NOCOLOR=yes WAF_LOG_FORMAT='%(c1)s%(zone)s%(c2)s %(message)s'
 # Allow rpcgen to find proper CPP
 MAKE_ENV+=			RPCGEN_CPP="${CPP}"
 #.if ${readline_ARGS} == port
 #CFLAGS+=			-D_FUNCTION_DEF
 #.endif
 # Some symbols in samba's linker version scripts are not defined, but since the
 # scripts are generated dynamically, suppress errors with lld >= 17 due to these
 # undefined symbols.
 LDFLAGS+=			-Wl,--undefined-version
 SAMBA4_SUB=			SAMBA4_LOGDIR="${SAMBA4_LOGDIR}" \
 				SAMBA4_RUNDIR="${SAMBA4_RUNDIR}" \
 				SAMBA4_LOCKDIR="${SAMBA4_LOCKDIR}" \
 				SAMBA4_LIBDIR="${SAMBA4_LIBDIR}" \
 				SAMBA4_MODULEDIR="${SAMBA4_MODULEDIR}" \
 				SAMBA4_BINDDNSDIR="${SAMBA4_BINDDNSDIR}" \
 				SAMBA4_PRIVATEDIR="${SAMBA4_PRIVATEDIR}" \
 				SAMBA4_CONFDIR="${SAMBA4_CONFDIR}" \
 				SAMBA4_CONFIG="${SAMBA4_CONFIG}" \
 				SAMBA4_SERVICES="${SAMBA4_SERVICES}"
 PLIST_SUB+=			${SAMBA4_SUB}
 SUB_LIST+=			${SAMBA4_SUB}
 USE_RC_SUBR=			samba_server
 SUB_FILES=			pkg-message README.FreeBSD
 PORTDOCS=			README.FreeBSD
 post-extract:
 				@${RM} -r ${WRKSRC}/pidl/lib/Parse/Yapp
 post-patch:
 				@${REINPLACE_CMD} -e 's|$${PKGCONFIGDIR}|${PKGCONFIGDIR}|g' \
 					${PATCH_WRKSRC}/buildtools/wafsamba/pkgconfig.py
 				@${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
 					${PATCH_WRKSRC}/buildtools/wafsamba/wafsamba.py
 				@${REINPLACE_CMD} -e 's|%%GDB_CMD%%|${GDB_CMD}|g' \
 					${PATCH_WRKSRC}/buildtools/scripts/abi_gen.sh
 				@${REINPLACE_CMD} -e 's|%%SAMBA4_CONFIG%%|${SAMBA4_CONFIG}|g' \
 					${PATCH_WRKSRC}/dynconfig/wscript
 # Use threading (or multiprocessing) but not thread (renamed in python 3+).
 pre-configure:
 .if (!${PORT_OPTIONS:MPYTHON3} || defined(NO_PYTHON)) && ${PORT_OPTIONS:MAD_DC}
 				@${ECHO_CMD}; \
 				${ECHO_MSG} "===>  AD_DC option requires PYTHON3 to be set"; \
 				${ECHO_CMD}; \
 				${FALSE}
 .endif
 pre-build-MANDOC-off:
 				${MKDIR} ${BUILD_WRKSRC}/bin/default/docs-xml/
 				${CP} -rp ${BUILD_WRKSRC}/docs/manpages ${BUILD_WRKSRC}/bin/default/docs-xml/
 .for man in			libcli/nbt/man/nmblookup4.1 \
 				librpc/tools/ndrdump.1 \
 				source4/lib/registry/man/regdiff.1 \
 				source4/lib/registry/man/regpatch.1 \
 				source4/lib/registry/man/regshell.1 \
 				source4/lib/registry/man/regtree.1 \
 				source4/scripting/man/samba-gpupdate.8 \
 				source4/torture/man/gentest.1 \
 				source4/torture/man/locktest.1 \
 				source4/torture/man/masktest.1 \
 				source4/torture/man/smbtorture.1 \
 				source4/utils/man/ntlm_auth4.1 \
 				source4/utils/oLschema2ldif/oLschema2ldif.1 \
 				lib/tdb/man/tdbdump.8 \
 				lib/tdb/man/tdbbackup.8 \
 				lib/tdb/man/tdbtool.8 \
 				lib/talloc/man/talloc.3 \
 				lib/tdb/man/tdbrestore.8 \
 				lib/ldb/man/ldb.3 \
 				lib/ldb/man/ldbadd.1 \
 				lib/ldb/man/ldbdel.1 \
 				lib/ldb/man/ldbedit.1 \
 				lib/ldb/man/ldbmodify.1 \
 				lib/ldb/man/ldbrename.1 \
 				lib/ldb/man/ldbsearch.1 \
 				docs-xml/manpages/vfs_freebsd.8
 					${MKDIR} `dirname ${BUILD_WRKSRC}/bin/default/${man}`
 					${INSTALL_MAN} ${FILESDIR}/man/`basename ${man}` ${BUILD_WRKSRC}/bin/default/${man}
 .endfor
 .if ${PORT_OPTIONS:MCLUSTER}
 				${MKDIR} ${BUILD_WRKSRC}/bin/default/ctdb/
 .	for man in		ctdb_diagnostics.1 ctdb.1 ctdbd_wrapper.1 ctdbd.1 ltdbtool.1 onnode.1 ping_pong.1 \
 				ctdb.conf.5 ctdb.sysconfig.5 ctdb-script.options.5 \
 				ctdb.7 ctdb-statistics.7 ctdb-tunables.7
 					${INSTALL_MAN} ${FILESDIR}/man/${man} ${BUILD_WRKSRC}/bin/default/ctdb/
 .	endfor
 .endif
 post-install-rm-junk:
 				${RM} -r ${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party
 				${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name __pycache__ \
 					-type d -print0 | ${XARGS} -0 -n 1 -t ${RM} -r
 				${FIND} ${STAGEDIR} -type f -empty -delete
 post-install-fix-manpages:
 .for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8
 				${RM} ${STAGEDIR}${PREFIX}/share/man/man8/${f}
 .endfor
 .if defined(SAMBA4_BUNDLED_LDB) && ${SAMBA4_BUNDLED_LDB} == yes
 .	for f in ldbadd.1 ldbdel.1 ldbedit.1 ldbmodify.1 ldbrename.1 ldbsearch.1
 				${MV} ${STAGEDIR}${PREFIX}/share/man/man1/${f} ${STAGEDIR}${PREFIX}/share/man/man1/samba-${f}
 .	endfor
 .endif
 .if defined(SAMBA4_BUNDLED_TDB) && ${SAMBA4_BUNDLED_TDB} == yes
 .	for f in tdbbackup.8 tdbdump.8 tdbrestore.8 tdbtool.8
 				${MV} ${STAGEDIR}${PREFIX}/share/man/man8/${f} ${STAGEDIR}${PREFIX}/share/man/man8/samba-${f}
 .	endfor
 .endif
 post-install: post-install-rm-junk post-install-fix-manpages
 				${LN} -sf smb.conf.5.gz ${STAGEDIR}${PREFIX}/share/man/man5/smb4.conf.5.gz
 # Run post-install script
 .for dir in			${SAMBA4_LOGDIR} ${SAMBA4_RUNDIR} ${SAMBA4_LOCKDIR} ${SAMBA4_MODULEDIR}
 					${INSTALL} -d -m 0755 "${STAGEDIR}${dir}"
 .endfor
 				${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_BINDDNSDIR}"
 				${INSTALL} -d -m 0750 "${STAGEDIR}${SAMBA4_PRIVATEDIR}"
 .for module_class in			${SAMBA4_MODULES_CLASS}
 					${INSTALL} -d -m 0755 "${STAGEDIR}${SAMBA4_MODULEDIR}/${module_class}"
 .endfor
 .if !defined(WITH_DEBUG)
 				-${FIND} ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin ${STAGEDIR}${PREFIX}/libexec \
 					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
 				-${FIND} ${STAGEDIR}${PREFIX}/lib -name '*.so*' \
 					-type f -print0 | ${XARGS} -0 -n 1 -t ${STRIP_CMD}
 .endif
 post-install-FRUIT-off:
 				${RM} ${STAGEDIR}${SAMBA4_MODULEDIR}/vfs/fruit.so
 				${RM} ${STAGEDIR}${PREFIX}/share/man/man8/vfs_fruit.8
 post-install-DOCS-on:
 				${MKDIR} ${STAGEDIR}${DOCSDIR}
 .for doc in			${PORTDOCS}
 				${INSTALL_DATA} ${WRKDIR}/${doc} ${STAGEDIR}${DOCSDIR}
 .endfor
 post-install-CLUSTER-on:
 				${LN} -nfs ../../../../share/ctdb/events/legacy/00.ctdb.script		${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/00.ctdb.script
 				${LN} -nfs ../../../../share/ctdb/events/legacy/10.interface.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/10.interface.script
 				${LN} -nfs ../../../../share/ctdb/events/legacy/05.system.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/05.system.script
 				${LN} -nfs ../../../../share/ctdb/events/legacy/01.reclock.script	${STAGEDIR}${PREFIX}/etc/ctdb/events/legacy/01.reclock.script
 .include <bsd.port.post.mk>
--- a/net/samba416.old/distinfo
+++ b/net/samba416.old/distinfo
@ -1,3 +0,0 @@
 TIMESTAMP = 1689931801
 SHA256 (samba-4.16.11.tar.gz) = 5218878cdcc01aa8e83d2c84ad16c5f37a01ea5e1a93f640f9ee282053c46e12
 SIZE (samba-4.16.11.tar.gz) = 30721388
--- a/net/samba416.old/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch
+++ b/net/samba416.old/files/0001-Compact-and-simplify-modules-build-and-config-genera.patch
@ -1,292 +0,0 @@
 From 05e3cc236406680a55e19b204202b63cdaf48ea1 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 1 Aug 2022 04:15:43 +0200
 Subject: [PATCH 01/28] Compact and simplify modules build and config
 generation for Bind 9.x AD DLZ.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 python/samba/provision/sambadns.py | 68 ++++++++++++------------------
 source4/dns_server/dlz_minimal.h   | 44 +++++++++----------
 source4/dns_server/wscript_build   | 62 +++------------------------
 source4/setup/named.conf.dlz       | 25 +----------
 source4/torture/dns/wscript_build  |  2 +-
 5 files changed, 55 insertions(+), 146 deletions(-)
 diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
 index 404b346a885..8e5a8ba5f25 100644
 --- a/python/samba/provision/sambadns.py
 +++ b/python/samba/provision/sambadns.py
@@ -21,6 +21,7 @@
 """DNS-related provisioning"""
 import os
 +import re
 import uuid
 import shutil
 import time
@@ -1010,52 +1011,37 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
                                      stderr=subprocess.STDOUT,
                                      cwd='.').communicate()[0]
         bind_info = get_string(bind_info)
 -        bind9_8 = '#'
 -        bind9_9 = '#'
 -        bind9_10 = '#'
 -        bind9_11 = '#'
 -        bind9_12 = '#'
 -        bind9_14 = '#'
 -        bind9_16 = '#'
 -        bind9_18 = '#'
 -        if bind_info.upper().find('BIND 9.8') != -1:
 -            bind9_8 = ''
 -        elif bind_info.upper().find('BIND 9.9') != -1:
 -            bind9_9 = ''
 -        elif bind_info.upper().find('BIND 9.10') != -1:
 -            bind9_10 = ''
 -        elif bind_info.upper().find('BIND 9.11') != -1:
 -            bind9_11 = ''
 -        elif bind_info.upper().find('BIND 9.12') != -1:
 -            bind9_12 = ''
 -        elif bind_info.upper().find('BIND 9.14') != -1:
 -            bind9_14 = ''
 -        elif bind_info.upper().find('BIND 9.16') != -1:
 -            bind9_16 = ''
 -        elif bind_info.upper().find('BIND 9.18') != -1:
 -            bind9_18 = ''
 -        elif bind_info.upper().find('BIND 9.7') != -1:
 -            raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
 -        elif bind_info.upper().find('BIND_9.13') != -1:
 -            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
 -        elif bind_info.upper().find('BIND_9.15') != -1:
 -            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
 -        elif bind_info.upper().find('BIND_9.17') != -1:
 -            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
 +        bind9_release = re.search('BIND (9)\.(\d+)\.', bind_info, re.I)
 +        if bind9_release:
 +            bind9_disabled = ''
 +            bind9_version = bind9_release.group(0) + "x"
 +            bind9_version_major = int(bind9_release.group(1))
 +            bind9_version_minor = int(bind9_release.group(2))
 +            if bind9_version_minor == 7:
 +                raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
 +            elif bind9_version_minor == 8:
 +                bind9_dlz_version = "9"
 +            elif bind9_version_minor in [13, 15, 17]:
 +                raise ProvisioningError("Only stable/esv releases of BIND are supported.")
 +            else:
 +                bind9_dlz_version = "%d_%d" % (bind9_version_major, bind9_version_minor)
         else:
 +            bind9_disabled = '# '
 +            bind9_version = "BIND z.y.x"
 +            bind9_dlz_version = "z_y"
             logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf)
 +
 +        bind9_dlz = (
 +            '    # For %s\n'
 +            '    %sdatabase "dlopen %s/bind9/dlz_bind%s.so";'
 +        ) % (
 +            bind9_version, bind9_disabled, samba.param.modules_dir(), bind9_dlz_version
 +        )
         setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
                     "NAMED_CONF": paths.namedconf,
                     "MODULESDIR": samba.param.modules_dir(),
 -                    "BIND9_8": bind9_8,
 -                    "BIND9_9": bind9_9,
 -                    "BIND9_10": bind9_10,
 -                    "BIND9_11": bind9_11,
 -                    "BIND9_12": bind9_12,
 -                    "BIND9_14": bind9_14,
 -                    "BIND9_16": bind9_16,
 -                    "BIND9_18": bind9_18
 -                    })
 +                    "BIND9_DLZ": bind9_dlz
 +                 })
 def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
 diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h
 index b7e36e7f8e6..bbdb616deb2 100644
 --- a/source4/dns_server/dlz_minimal.h
 +++ b/source4/dns_server/dlz_minimal.h
@@ -26,31 +26,25 @@
 #include <stdint.h>
 #include <stdbool.h>
 -#if defined (BIND_VERSION_9_8)
 -# error Bind 9.8 is not supported!
 -#elif defined (BIND_VERSION_9_9)
 -# error Bind 9.9 is not supported!
 -#elif defined (BIND_VERSION_9_10)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 1
 -# define ISC_BOOLEAN_AS_BOOL 0
 -#elif defined (BIND_VERSION_9_11)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 2
 -# define ISC_BOOLEAN_AS_BOOL 0
 -#elif defined (BIND_VERSION_9_12)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 2
 -# define ISC_BOOLEAN_AS_BOOL 0
 -#elif defined (BIND_VERSION_9_14)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 2
 -#elif defined (BIND_VERSION_9_16)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 2
 -#elif defined (BIND_VERSION_9_18)
 -# define DLZ_DLOPEN_VERSION 3
 -# define DNS_CLIENTINFO_VERSION 2
 +#if defined (BIND_VERSION)
 +# if BIND_VERSION == 908
 +#  error Bind 9.8 is not supported!
 +# elif BIND_VERSION == 909
 +#  error Bind 9.9 is not supported!
 +# elif BIND_VERSION == 910
 +#  define DLZ_DLOPEN_VERSION 3
 +#  define DNS_CLIENTINFO_VERSION 1
 +#  define ISC_BOOLEAN_AS_BOOL 0
 +# elif BIND_VERSION == 911 || BIND_VERSION == 912
 +#  define DLZ_DLOPEN_VERSION 3
 +#  define DNS_CLIENTINFO_VERSION 2
 +#  define ISC_BOOLEAN_AS_BOOL 0
 +# elif BIND_VERSION >= 914
 +#  define DLZ_DLOPEN_VERSION 3
 +#  define DNS_CLIENTINFO_VERSION 2
 +# else
 +#  error Unsupported BIND version
 +# endif
 #else
 # error Unsupported BIND version
 #endif
 diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build
 index ab0a241b937..3743753504c 100644
 --- a/source4/dns_server/wscript_build
 +++ b/source4/dns_server/wscript_build
@@ -20,69 +20,21 @@ bld.SAMBA_MODULE('service_dns',
         )
 # a bind9 dlz module giving access to the Samba DNS SAM
 -bld.SAMBA_LIBRARY('dlz_bind9_10',
 +for bind_version in (910, 911, 912, 914, 916, 918):
 +    string_version='%d_%d' % (bind_version // 100, bind_version % 100)
 +    bld.SAMBA_LIBRARY('dlz_bind%s' % (string_version),
                   source='dlz_bind9.c',
 -                  cflags='-DBIND_VERSION_9_10',
 +                  cflags='-DBIND_VERSION=%d' % bind_version,
                   private_library=True,
 -                  link_name='modules/bind9/dlz_bind9_10.so',
 -                  realname='dlz_bind9_10.so',
 -                  install_path='${MODULESDIR}/bind9',
 -                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
 -                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
 -
 -bld.SAMBA_LIBRARY('dlz_bind9_11',
 -                  source='dlz_bind9.c',
 -                  cflags='-DBIND_VERSION_9_11',
 -                  private_library=True,
 -                  link_name='modules/bind9/dlz_bind9_11.so',
 -                  realname='dlz_bind9_11.so',
 -                  install_path='${MODULESDIR}/bind9',
 -                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
 -                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
 -
 -bld.SAMBA_LIBRARY('dlz_bind9_12',
 -                  source='dlz_bind9.c',
 -                  cflags='-DBIND_VERSION_9_12',
 -                  private_library=True,
 -                  link_name='modules/bind9/dlz_bind9_12.so',
 -                  realname='dlz_bind9_12.so',
 -                  install_path='${MODULESDIR}/bind9',
 -                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
 -                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
 -
 -bld.SAMBA_LIBRARY('dlz_bind9_14',
 -                  source='dlz_bind9.c',
 -                  cflags='-DBIND_VERSION_9_14',
 -                  private_library=True,
 -                  link_name='modules/bind9/dlz_bind9_14.so',
 -                  realname='dlz_bind9_14.so',
 -                  install_path='${MODULESDIR}/bind9',
 -                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
 -                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
 -
 -bld.SAMBA_LIBRARY('dlz_bind9_16',
 -                  source='dlz_bind9.c',
 -                  cflags='-DBIND_VERSION_9_16',
 -                  private_library=True,
 -                  link_name='modules/bind9/dlz_bind9_16.so',
 -                  realname='dlz_bind9_16.so',
 -                  install_path='${MODULESDIR}/bind9',
 -                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
 -                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
 -
 -bld.SAMBA_LIBRARY('dlz_bind9_18',
 -                  source='dlz_bind9.c',
 -                  cflags='-DBIND_VERSION_9_18',
 -                  private_library=True,
 -                  link_name='modules/bind9/dlz_bind9_18.so',
 -                  realname='dlz_bind9_18.so',
 +                  link_name='modules/bind9/dlz_bind%s.so' % (string_version),
 +                  realname='dlz_bind%s.so' % (string_version),
                   install_path='${MODULESDIR}/bind9',
                   deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
                   enabled=bld.AD_DC_BUILD_IS_ENABLED())
 bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
                   source='dlz_bind9.c',
 -                  cflags='-DBIND_VERSION_9_16',
 +                  cflags='-DBIND_VERSION=918',
                   private_library=True,
                   deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
                   enabled=bld.AD_DC_BUILD_IS_ENABLED())
 diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz
 index cbe7d805f58..32672768af4 100644
 --- a/source4/setup/named.conf.dlz
 +++ b/source4/setup/named.conf.dlz
@@ -10,28 +10,5 @@
 # Uncomment only single database line, depending on your BIND version
 #
 dlz "AD DNS Zone" {
 -    # For BIND 9.8.x
 -    ${BIND9_8} database "dlopen ${MODULESDIR}/bind9/dlz_bind9.so";
 -
 -    # For BIND 9.9.x
 -    ${BIND9_9} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_9.so";
 -
 -    # For BIND 9.10.x
 -    ${BIND9_10} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_10.so";
 -
 -    # For BIND 9.11.x
 -    ${BIND9_11} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_11.so";
 -
 -    # For BIND 9.12.x
 -    ${BIND9_12} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_12.so";
 -
 -    # For BIND 9.14.x
 -    ${BIND9_14} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_14.so";
 -
 -    # For BIND 9.16.x
 -    ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so";
 -    #
 -    # For BIND 9.18.x
 -    ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so";
 +${BIND9_DLZ}
 };
 -
 diff --git a/source4/torture/dns/wscript_build b/source4/torture/dns/wscript_build
 index 0b40e03e370..bf7415ff88a 100644
 --- a/source4/torture/dns/wscript_build
 +++ b/source4/torture/dns/wscript_build
@@ -5,7 +5,7 @@ if bld.AD_DC_BUILD_IS_ENABLED():
 		source='dlz_bind9.c',
 		subsystem='smbtorture',
 		init_function='torture_bind_dns_init',
 -		cflags='-DBIND_VERSION_9_16',
 +		cflags='-DBIND_VERSION=918',
 		deps='torture talloc torturemain dlz_bind9_for_torture',
 		internal_module=True
 		)
 -- 
 2.37.1
--- a/net/samba416.old/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch
+++ b/net/samba416.old/files/0002-Adjust-abi_gen.sh-script-to-run-under-FreeBSD-with-i.patch
@ -1,35 +0,0 @@
 From 639b8d650685476016a6d5b1c996a04ac54f8a6f Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 04:00:08 +0200
 Subject: [PATCH 02/28] Adjust abi_gen.sh script to run under FreeBSD with it's
 own bintools and slightly different output of GDB.
 Substitution: yes
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 buildtools/scripts/abi_gen.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/buildtools/scripts/abi_gen.sh b/buildtools/scripts/abi_gen.sh
 index ddb0a7cc36f..d2750705ff9 100755
 --- a/buildtools/scripts/abi_gen.sh
 +++ b/buildtools/scripts/abi_gen.sh
@@ -9,6 +9,7 @@ GDBSCRIPT="gdb_syms.$$"
 cat <<EOF
 set height 0
 set width 0
 +set print sevenbit-strings on
 EOF
 # On older linker versions _init|_fini symbols are not hidden.
@@ -22,5 +23,5 @@ done
 ) > $GDBSCRIPT
 # forcing the terminal avoids a problem on Fedora12
 -TERM=none gdb -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
 +TERM=none %%GDB_CMD%% -n -batch -x $GDBSCRIPT "$SHAREDLIB" < /dev/null
 rm -f $GDBSCRIPT
 -- 
 2.37.1
--- a/net/samba416.old/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch
+++ b/net/samba416.old/files/0003-Mask-CLang-prototype-warnings-in-kadm5-admin.h.patch
@ -1,32 +0,0 @@
 From 382c3edc95a1747e0a6edd05c76adc0ec21a66c7 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 03:50:17 +0200
 Subject: [PATCH 03/28] Mask CLang prototype warnings in kadm5/admin.h
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source4/kdc/kdc-service-mit.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
 diff --git a/source4/kdc/kdc-service-mit.c b/source4/kdc/kdc-service-mit.c
 index 22663b6ecc8..5bef125206a 100644
 --- a/source4/kdc/kdc-service-mit.c
 +++ b/source4/kdc/kdc-service-mit.c
@@ -36,9 +36,13 @@
 #include "kdc/samba_kdc.h"
 #include "kdc/kdc-server.h"
 #include "kdc/kpasswd-service.h"
 -#include <kadm5/admin.h>
 #include <kdb.h>
 +#pragma clang diagnostic push
 +#pragma clang diagnostic ignored "-Wstrict-prototypes"
 +#include <kadm5/admin.h>
 +#pragma clang diagnostic pop
 +
 #include "source4/kdc/mit_kdc_irpc.h"
 /* PROTOTYPES */
 -- 
 2.37.1
--- a/net/samba416.old/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch
+++ b/net/samba416.old/files/0004-On-FreeBSD-date-1-has-different-semantics-than-on-Li.patch
@ -1,38 +0,0 @@
 From 0eb28116ceefee7bdafabac18a1763f13cb71883 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 03:42:31 +0200
 Subject: [PATCH 04/28] On FreeBSD `date(1)` has different semantics than on
 Linux. Generate call parameter accordingly.
 FreeBSD: `date [[[[[cc]yy]mm]dd]HH]MM[.ss]`
 Linux:   `date [mmddHHMM[[cc]yy][.ss]]`
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/utils/net_time.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
 diff --git a/source3/utils/net_time.c b/source3/utils/net_time.c
 index d102f84614f..f679000a979 100644
 --- a/source3/utils/net_time.c
 +++ b/source3/utils/net_time.c
@@ -82,10 +82,15 @@ static const char *systime(time_t t)
 	if (!tm) {
 		return "unknown";
 	}
 -
 +#if defined(FREEBSD)
 +	return talloc_asprintf(talloc_tos(), "%04d%02d%02d%02d%02d.%02d",
 +				tm->tm_year + 1900, tm->tm_mon+1, tm->tm_mday,
 +				tm->tm_hour, tm->tm_min, tm->tm_sec);
 +#else
 	return talloc_asprintf(talloc_tos(), "%02d%02d%02d%02d%04d.%02d",
 			       tm->tm_mon+1, tm->tm_mday, tm->tm_hour,
 			       tm->tm_min, tm->tm_year + 1900, tm->tm_sec);
 +#endif
 }
 int net_time_usage(struct net_context *c, int argc, const char **argv)
 -- 
 2.37.1
--- a/net/samba416.old/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch
+++ b/net/samba416.old/files/0005-Include-jemalloc-jemalloc.h-if-ENABLE_JEMALLOC-is-se.patch
@ -1,26 +0,0 @@
 From 3cc67018c560d32b98523618d16902c1a670ed40 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 03:33:51 +0200
 Subject: [PATCH 05/28] Include jemalloc/jemalloc.h if ENABLE_JEMALLOC is set.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/include/includes.h | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/source3/include/includes.h b/source3/include/includes.h
 index 510a0b96539..94a076de11e 100644
 --- a/source3/include/includes.h
 +++ b/source3/include/includes.h
@@ -326,6 +326,8 @@ typedef char fstring[FSTRING_LEN];
  * the *bottom* of include files so as not to conflict. */
 #ifdef ENABLE_DMALLOC
 #  include <dmalloc.h>
 +#elif ENABLE_JEMALLOC
 +#  include <jemalloc/jemalloc.h>
 #endif
 -- 
 2.37.1
--- a/net/samba416.old/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch
+++ b/net/samba416.old/files/0006-Install-nss_-modules-into-PAMMODULESDIR-path.patch
@ -1,32 +0,0 @@
 From 406621efcd26d48b5e8f1e5df4082c8bf2cc8bab Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 03:32:21 +0200
 Subject: [PATCH 06/28] Install nss_* modules into PAMMODULESDIR path.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 nsswitch/wscript_build | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
 index 3247b6c2b7c..df2fc3b97ea 100644
 --- a/nsswitch/wscript_build
 +++ b/nsswitch/wscript_build
@@ -54,12 +54,14 @@ elif (host_os.rfind('freebsd') > -1):
 			  source='winbind_nss_linux.c winbind_nss_freebsd.c',
 			  deps='wbclient',
 			  realname='nss_winbind.so.1',
 +			  install_path='${PAMMODULESDIR}',
 			  vnum='1')
 	bld.SAMBA3_PLUGIN('nss_wins',
 			  source='wins.c wins_freebsd.c',
 			  deps='''wbclient''',
 			  realname='nss_wins.so.1',
 +			  install_path='${PAMMODULESDIR}',
 			  vnum='1')
 elif (host_os.rfind('netbsd') > -1):
 -- 
 2.37.1
--- a/net/samba416.old/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch
+++ b/net/samba416.old/files/0007-Use-macro-value-as-a-default-backlog-size-for-the-li.patch
@ -1,105 +0,0 @@
 From 75f20f8e144a926873b619e1c0918896689d39a0 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 03:28:09 +0200
 Subject: [PATCH 07/28] Use macro value as a default backlog size for the
 `listen()` syscall.
 Set that macro to -1 on FreeBSD, specifying maximum kernel configured
 allowed backlog size.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 lib/tevent/echo_server.c    |  2 +-
 source3/include/local.h     | 11 +++++++++++
 source3/libsmb/unexpected.c |  2 +-
 source3/utils/smbfilter.c   |  2 +-
 source3/winbindd/winbindd.c |  4 ++--
 5 files changed, 16 insertions(+), 5 deletions(-)
 diff --git a/lib/tevent/echo_server.c b/lib/tevent/echo_server.c
 index f93d8bcdee7..49354dbf0e5 100644
 --- a/lib/tevent/echo_server.c
 +++ b/lib/tevent/echo_server.c
@@ -633,7 +633,7 @@ int main(int argc, const char **argv)
 		exit(1);
 	}
 -	ret = listen(listen_sock, 5);
 +	ret = listen(listen_sock, DEFAULT_LISTEN_BACKLOG);
 	if (ret == -1) {
 		perror("listen() failed");
 		exit(1);
 diff --git a/source3/include/local.h b/source3/include/local.h
 index 297e5572fdb..d85aab09f9f 100644
 --- a/source3/include/local.h
 +++ b/source3/include/local.h
@@ -163,7 +163,18 @@
 #define WINBIND_SERVER_MUTEX_WAIT_TIME (( ((NUM_CLI_AUTH_CONNECT_RETRIES) * ((CLI_AUTH_TIMEOUT)/1000)) + 5)*2)
 /* size of listen() backlog in smbd */
 +#if defined (FREEBSD)
 +#define SMBD_LISTEN_BACKLOG -1
 +#else
 #define SMBD_LISTEN_BACKLOG 50
 +#endif
 +
 +/* size of listen() default backlog */
 +#if defined (FREEBSD)
 +#define DEFAULT_LISTEN_BACKLOG -1
 +#else
 +#define DEFAULT_LISTEN_BACKLOG 5
 +#endif
 /* Number of microseconds to wait before a sharing violation. */
 #define SHARING_VIOLATION_USEC_WAIT 950000
 diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
 index ced46969b88..317d6b1e0e2 100644
 --- a/source3/libsmb/unexpected.c
 +++ b/source3/libsmb/unexpected.c
@@ -95,7 +95,7 @@ NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
 		status = map_nt_error_from_unix(errno);
 		goto fail;
 	}
 -	rc = listen(result->listen_sock, 5);
 +	rc = listen(result->listen_sock, DEFAULT_LISTEN_BACKLOG);
 	if (rc < 0) {
 		status = map_nt_error_from_unix(errno);
 		goto fail;
 diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
 index 3fbd63975c9..b2d90f993fc 100644
 --- a/source3/utils/smbfilter.c
 +++ b/source3/utils/smbfilter.c
@@ -291,7 +291,7 @@ static void start_filter(char *desthost)
 		exit(1);
 	}
 -	if (listen(s, 5) == -1) {
 +	if (listen(s, DEFAULT_LISTEN_BACKLOG) == -1) {
 		d_printf("listen failed\n");
 	}
 diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
 index 0f9c6449a5a..c2df0c92372 100644
 --- a/source3/winbindd/winbindd.c
 +++ b/source3/winbindd/winbindd.c
@@ -1312,7 +1312,7 @@ static bool winbindd_setup_listeners(void)
 	if (pub_state->fd == -1) {
 		goto failed;
 	}
 -	rc = listen(pub_state->fd, 5);
 +	rc = listen(pub_state->fd, DEFAULT_LISTEN_BACKLOG);
 	if (rc < 0) {
 		goto failed;
 	}
@@ -1344,7 +1344,7 @@ static bool winbindd_setup_listeners(void)
 	if (priv_state->fd == -1) {
 		goto failed;
 	}
 -	rc = listen(priv_state->fd, 5);
 +	rc = listen(priv_state->fd, DEFAULT_LISTEN_BACKLOG);
 	if (rc < 0) {
 		goto failed;
 	}
 -- 
 2.37.1
--- a/net/samba416.old/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch
+++ b/net/samba416.old/files/0008-Brute-force-work-around-usage-of-Linux-specific-m-fl.patch
@ -1,111 +0,0 @@
 From 29d0b3479f61f33356d6cc82099085b5c412f949 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 03:24:48 +0200
 Subject: [PATCH 08/28] Brute force work around usage of Linux-specific `%m`
 flag in `sscanf()`.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 libcli/http/http.c                | 36 ++++++++++++++++++++++++++-----
 source4/libcli/ldap/ldap_client.c | 12 +++++++++++
 2 files changed, 43 insertions(+), 5 deletions(-)
 diff --git a/libcli/http/http.c b/libcli/http/http.c
 index d20fc25f9e2..a28caca0045 100644
 --- a/libcli/http/http.c
 +++ b/libcli/http/http.c
@@ -142,7 +142,19 @@ static enum http_read_status http_parse_headers(struct http_read_response_state
 		return HTTP_ALL_DATA_READ;
 	}
 +#ifdef FREEBSD
 +	int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
 +	n = sscanf(line, "%n%*[^:]%n: %n%*[^\r\n]%n\r\n", &s0, &s1, &s2, &s3);
 +
 +	if(n >= 0) {
 +		key = calloc(sizeof(char), s1-s0+1);
 +		value = calloc(sizeof(char), s3-s2+1);
 +
 +		n = sscanf(line, "%[^:]: %[^\r\n]\r\n", key, value);
 +	}
 +#else
 	n = sscanf(line, "%m[^:]: %m[^\r\n]\r\n", &key, &value);
 +#endif
 	if (n != 2) {
 		DEBUG(0, ("%s: Error parsing header '%s'\n", __func__, line));
 		status = HTTP_DATA_CORRUPTED;
@@ -168,7 +180,7 @@ error:
 static bool http_parse_response_line(struct http_read_response_state *state)
 {
 	bool	status = true;
 -	char	*protocol;
 +	char	*protocol = NULL;
 	char	*msg = NULL;
 	char	major;
 	char	minor;
@@ -188,12 +200,22 @@ static bool http_parse_response_line(struct http_read_response_state *state)
 		return false;
 	}
 +#ifdef FREEBSD
 +	int s0, s1, s2, s3; s0 = s1 = s2 = s3 = 0;
 +	n = sscanf(line, "%n%*[^/]%n/%c.%c %d %n%*[^\r\n]%n\r\n",
 +		   &s0, &s1, &major, &minor, &code, &s2, &s3);
 +
 +	if(n == 3) {
 +		protocol = calloc(sizeof(char), s1-s0+1);
 +		msg = calloc(sizeof(char), s3-s2+1);
 +
 +		n = sscanf(line, "%[^/]/%c.%c %d %[^\r\n]\r\n",
 +			protocol, &major, &minor, &code, msg);
 +	}
 +#else
 	n = sscanf(line, "%m[^/]/%c.%c %d %m[^\r\n]\r\n",
 		   &protocol, &major, &minor, &code, &msg);
 -
 -	DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
 -		   "code->%d, message->%s\n", __func__, n, protocol, major, minor,
 -		   code, msg));
 +#endif
 	if (n != 5) {
 		DEBUG(0, ("%s: Error parsing header\n",	__func__));
@@ -201,6 +223,10 @@ static bool http_parse_response_line(struct http_read_response_state *state)
 		goto error;
 	}
 +	DEBUG(11, ("%s: Header parsed(%i): protocol->%s, major->%c, minor->%c, "
 +		   "code->%d, message->%s\n", __func__, n, protocol, major, minor,
 +		   code, msg));
 +
 	if (major != '1') {
 		DEBUG(0, ("%s: Bad HTTP major number '%c'\n", __func__, major));
 		status = false;
 diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
 index 8614ccdfd54..2630d3c8859 100644
 --- a/source4/libcli/ldap/ldap_client.c
 +++ b/source4/libcli/ldap/ldap_client.c
@@ -402,8 +402,20 @@ static int ldap_parse_basic_url(
 		*pport = port;
 		return 0;
 	}
 +#ifdef FREEBSD
 +	int s0, s1; s0 = s1 = 0;
 +	ret = sscanf(url, "%n%*[^:/]%n:%d", &s0, &s1, &port);
 +	if(ret >= 0) {
 +		host = calloc(sizeof(char), s1 - s0 + 1);
 +		if (host == NULL) {
 +			return ENOMEM;
 +		}
 +		ret = sscanf(url, "%[^:/]:%d", host, &port);
 +	}
 +#else
 	ret = sscanf(url, "%m[^:/]:%d", &host, &port);
 +#endif
 	if (ret < 1) {
 		return EINVAL;
 	}
 -- 
 2.37.1
--- a/net/samba416.old/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch
+++ b/net/samba416.old/files/0009-Make-sure-that-config-checks-fail-if-the-warning-is-.patch
@ -1,39 +0,0 @@
 From 3189d57e9c6cf8d5d25566f2760cfa4f822d7a2c Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 03:21:19 +0200
 Subject: [PATCH 09/28] Make sure that config checks fail if the warning is
 raised, by adding -Werror flag to the CFLAGS(WERROR_CFLAGS)
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 buildtools/wafsamba/samba_autoconf.py | 2 +-
 lib/replace/wscript                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
 index 78927d85193..cf87c8bb9ff 100644
 --- a/buildtools/wafsamba/samba_autoconf.py
 +++ b/buildtools/wafsamba/samba_autoconf.py
@@ -987,5 +987,5 @@ def SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS(conf):
         conf.env.undefined_ldflags = conf.ADD_LDFLAGS('-Wl,-no-undefined', testflags=True)
         if (conf.env.undefined_ignore_ldflags == [] and
 -            conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'])):
 +            conf.CHECK_LDFLAGS(['-undefined', 'dynamic_lookup'] + conf.env.WERROR_CFLAGS)):
             conf.env.undefined_ignore_ldflags = ['-undefined', 'dynamic_lookup']
 diff --git a/lib/replace/wscript b/lib/replace/wscript
 index 0db93d8caf1..1f9806f1dd7 100644
 --- a/lib/replace/wscript
 +++ b/lib/replace/wscript
@@ -122,7 +122,7 @@ def configure(conf):
     conf.CHECK_HEADERS('sys/atomic.h stdatomic.h')
     conf.CHECK_HEADERS('libgen.h')
 -    if conf.CHECK_CFLAGS('-Wno-format-truncation'):
 +    if conf.CHECK_CFLAGS(['-Wno-format-truncation'] + conf.env.WERROR_CFLAGS):
         conf.define('HAVE_WNO_FORMAT_TRUNCATION', '1')
     if conf.CHECK_CFLAGS('-Wno-unused-function'):
 -- 
 2.37.1
--- a/net/samba416.old/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch
+++ b/net/samba416.old/files/0010-Add-option-with-pkgconfigdir-to-specify-alternative-.patch
@ -1,54 +0,0 @@
 From 5b0d17a5b7849f40f59fb0daedd62e8f5a1b0fba Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 03:16:37 +0200
 Subject: [PATCH 10/28] Add option --with-pkgconfigdir, to specify alternative
 location.
 Override name of the config file.
 Remove code that doesn't allow direct install into /usr
 Substitution: yes
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 dynconfig/wscript | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)
 diff --git a/dynconfig/wscript b/dynconfig/wscript
 index c62afa25399..29cacf1b92c 100644
 --- a/dynconfig/wscript
 +++ b/dynconfig/wscript
@@ -151,6 +151,8 @@ dynconfig = {
     'PKGCONFIGDIR' : {
          'STD-PATH':  '${LIBDIR}/pkgconfig',
          'FHS-PATH':  '${LIBDIR}/pkgconfig',
 +         'OPTION':    '--with-pkgconfigdir',
 +         'HELPTEXT':  'Where to put .pc files',
     },
     'CODEPAGEDIR' : {
          'STD-PATH':  '${DATADIR}/codepages',
@@ -257,8 +259,8 @@ dynconfig = {
          'DELAY':     True,
     },
     'CONFIGFILE' : {
 -         'STD-PATH':  '${CONFIGDIR}/smb.conf',
 -         'FHS-PATH':  '${CONFIGDIR}/smb.conf',
 +         'STD-PATH':  '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
 +         'FHS-PATH':  '${CONFIGDIR}/%%SAMBA4_CONFIG%%',
          'DELAY':     True,
     },
     'LMHOSTSFILE' : {
@@ -317,9 +319,6 @@ def configure(conf):
         flavor = 'FHS-PATH'
     else:
         flavor = 'STD-PATH'
 -        if conf.env.PREFIX == '/usr' or conf.env.PREFIX == '/usr/local':
 -           Logs.error("Don't install directly under /usr or /usr/local without using the FHS option (--enable-fhs)")
 -           raise Errors.WafError("ERROR: invalid --prefix=%s value" % (conf.env.PREFIX))
     explicit_set ={}
 -- 
 2.37.1
--- a/net/samba416.old/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch
+++ b/net/samba416.old/files/0011-Use-provided-by-port-location-of-the-XML-catalog.patch
@ -1,28 +0,0 @@
 From 6c68907dcd9abd82cc95c842380a8e817b8f0e7f Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 02:54:28 +0200
 Subject: [PATCH 11/28] Use provided by port location of the XML catalog.
 Substitution: yes
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 buildtools/wafsamba/wafsamba.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
 index 7885ee720be..c42a021bc01 100644
 --- a/buildtools/wafsamba/wafsamba.py
 +++ b/buildtools/wafsamba/wafsamba.py
@@ -1174,7 +1174,7 @@ def SAMBAMANPAGES(bld, manpages, extra_source=None):
     bld.env.SAMBA_EXPAND_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/expand-sambadoc.xsl'
     bld.env.SAMBA_MAN_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/man.xsl'
     bld.env.SAMBA_CATALOG = bld.bldnode.abspath() + '/docs-xml/build/catalog.xml'
 -    bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog file://' + bld.env.SAMBA_CATALOG
 +    bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file://%%LOCALBASE%%/share/xml/catalog file://' + bld.env.SAMBA_CATALOG
     for m in manpages.split():
         source = [m + '.xml']
 -- 
 2.37.1
--- a/net/samba416.old/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch
+++ b/net/samba416.old/files/0012-Create-shared-libraries-according-to-the-FreeBSD-spe.patch
@ -1,29 +0,0 @@
 From 9731cc810b50b6694ff931135df398a6772200ae Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sun, 30 May 2021 02:51:47 +0200
 Subject: [PATCH 12/28] Create shared libraries according to the
 FreeBSD-specific naming schema, where only major.minor versions are used.
 https://docs.freebsd.org/en/books/developers-handbook/policies/#policies-shlib
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 buildtools/wafsamba/samba_install.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/buildtools/wafsamba/samba_install.py b/buildtools/wafsamba/samba_install.py
 index 2957e16c3da..82abbf893e2 100644
 --- a/buildtools/wafsamba/samba_install.py
 +++ b/buildtools/wafsamba/samba_install.py
@@ -115,7 +115,7 @@ def install_library(self):
                 inst_name    = bld.make_libname(t.target)
         elif self.vnum:
             vnum_base    = self.vnum.split('.')[0]
 -            install_name = bld.make_libname(target_name, version=self.vnum)
 +            install_name = bld.make_libname(target_name, version=vnum_base)
             install_link = bld.make_libname(target_name, version=vnum_base)
             inst_name    = bld.make_libname(t.target)
             if not self.private_library or not t.env.SONAME_ST:
 -- 
 2.37.1
--- a/net/samba416.old/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch
+++ b/net/samba416.old/files/0013-Pass-additional-msg-parameter-to-CHECK_LIB-so-it-can.patch
@ -1,70 +0,0 @@
 From 6be12b41eb0f71cfc25b5df6659dd176bd681621 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Thu, 8 Sep 2022 00:25:05 +0200
 Subject: [PATCH 13/28] Pass additional msg parameter to CHECK_LIB(), so it can
 be transited to the conf.check(), which allows us to specify `match`
 parameter to opt.add_option().
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 buildtools/wafsamba/samba_autoconf.py | 9 ++++++---
 buildtools/wafsamba/wscript           | 9 +++++++--
 2 files changed, 13 insertions(+), 5 deletions(-)
 diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
 index cf87c8bb9ff..f6c72d99125 100644
 --- a/buildtools/wafsamba/samba_autoconf.py
 +++ b/buildtools/wafsamba/samba_autoconf.py
@@ -593,7 +593,7 @@ def library_flags(self, libs):
 @conf
 -def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False):
 +def CHECK_LIB(conf, libs, mandatory=False, empty_decl=True, set_target=True, shlib=False, msg=None):
     '''check if a set of libraries exist as system libraries
     returns the sublist of libs that do exist as a syslib or []
@@ -613,11 +613,14 @@ int foo()
             ret.append(lib)
             continue
 +        if msg is None:
 +            msg = 'Checking for library %s' % lib
 +
         (ccflags, ldflags, cpppath) = library_flags(conf, lib)
         if shlib:
 -            res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
 +            res = conf.check(features='c cshlib', fragment=fragment, lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
         else:
 -            res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False)
 +            res = conf.check(lib=lib, uselib_store=lib, cflags=ccflags, ldflags=ldflags, uselib=lib.upper(), mandatory=False, msg=msg)
         if not res:
             if mandatory:
 diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
 index a4d6f3e5c49..c047e1e8b5a 100644
 --- a/buildtools/wafsamba/wscript
 +++ b/buildtools/wafsamba/wscript
@@ -133,12 +133,17 @@ Currently the only tested value is 'smbtorture,smbd/smbd' for Samba'''),
                    help=("private library directory [PREFIX/lib/%s]" % Context.g_module.APPNAME),
                    action="store", dest='PRIVATELIBDIR', default=None)
 +    opt.add_option('--with-openldap',
 +                   help='additional directory to search for OpenLDAP libs',
 +                   action='store', dest='ldap_open', default=None,
 +                   match = ['Checking for library lber', 'Checking for library ldap'])
 +
     opt.add_option('--with-libiconv',
                    help='additional directory to search for libiconv',
 -                   action='store', dest='iconv_open', default='/usr/local',
 +                   action='store', dest='iconv_open', default=None,
                    match = ['Checking for library iconv', 'Checking for iconv_open', 'Checking for header iconv.h'])
     opt.add_option('--without-gettext',
 -                   help=("Disable use of gettext"),
 +                   help=("disable use of gettext"),
                    action="store_true", dest='disable_gettext', default=False)
     gr = opt.option_group('developer options')
 -- 
 2.37.1
--- a/net/samba416.old/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch
+++ b/net/samba416.old/files/0014-Add-option-to-disable-CTDB-tests-failing-on-FreeBSD-.patch
@ -1,77 +0,0 @@
 From 2f16c17b683655fe318a1e6d45aaad3857d1a512 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 00:35:36 +0200
 Subject: [PATCH 14/28] Add option to disable CTDB tests - failing on FreeBSD
 right now in too many places.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 ctdb/wscript | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)
 diff --git a/ctdb/wscript b/ctdb/wscript
 index a9fef9241aa..c89c6decdd7 100644
 --- a/ctdb/wscript
 +++ b/ctdb/wscript
@@ -106,6 +106,9 @@ def options(opt):
     opt.add_option('--enable-ceph-reclock',
                    help=("Enable Ceph CTDB recovery lock helper (default=no)"),
                    action="store_true", dest='ctdb_ceph_reclock', default=False)
 +    opt.add_option('--disable-ctdb-tests',
 +                   help=("Disable CTDB tests (default=no)"),
 +                   action="store_true", dest='ctdb_no_tests', default=False)
     opt.add_option('--with-logdir',
                    help=("Path to log directory"),
@@ -278,7 +281,7 @@ def configure(conf):
     if Options.options.ctdb_ceph_reclock:
         if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and
 -					conf.CHECK_LIB('rados', shlib=True)):
 +                                         conf.CHECK_LIB('rados', shlib=True)):
             Logs.info('Building with Ceph librados recovery lock support')
             conf.define('HAVE_LIBRADOS', 1)
         else:
@@ -317,8 +320,14 @@ def configure(conf):
                     conf.env.CTDB_VARDIR,
                     conf.env.CTDB_RUNDIR))
 -    conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
 -    conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
 +    if Options.options.ctdb_no_tests:
 +        conf.env.ctdb_tests = False
 +    else:
 +        conf.env.ctdb_tests = True
 +
 +    if conf.env.ctdb_tests:
 +        conf.env.CTDB_TEST_DATADIR = os.path.join(conf.env.CTDB_DATADIR, 'tests')
 +        conf.env.CTDB_TEST_LIBEXECDIR = os.path.join(conf.env.LIBEXECDIR, 'ctdb/tests')
     # Allow unified compilation and separate compilation of utilities
     # to find includes
@@ -706,9 +715,9 @@ def build(bld):
     if bld.env.HAVE_LIBRADOS:
         bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper',
                          source='utils/ceph/ctdb_mutex_ceph_rados_helper.c',
 -			 deps='talloc tevent rados',
 -			 includes='include',
 -			 install_path='${CTDB_HELPER_BINDIR}')
 +                         deps='talloc tevent rados',
 +                         includes='include',
 +                         install_path='${CTDB_HELPER_BINDIR}')
     sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g'  % (bld.env.CTDB_VARDIR)
     sed_expr2 = 's|/usr/local/etc/ctdb|%s|g'      % (bld.env.CTDB_ETCDIR)
@@ -885,6 +894,9 @@ def build(bld):
     for d in ['volatile', 'persistent', 'state']:
         bld.INSTALL_DIR(os.path.join(bld.env.CTDB_VARDIR, d))
 +    if not bld.env.ctdb_tests:
 +        return
 +
     #
     # Test-only below this point
     #
 -- 
 2.37.1
--- a/net/samba416.old/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch
+++ b/net/samba416.old/files/0015-Add-extra-debug-class-to-trck-down-DB-locking-code.patch
@ -1,132 +0,0 @@
 From 08e648c899e5023f337d2fa56e4e758f62f31ec4 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 00:38:38 +0200
 Subject: [PATCH 15/28] Add extra debug class to trck down DB locking code.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 lib/dbwrap/dbwrap.c               | 3 +++
 lib/dbwrap/dbwrap_local_open.c    | 3 +++
 lib/dbwrap/dbwrap_rbt.c           | 3 +++
 lib/dbwrap/dbwrap_tdb.c           | 3 +++
 lib/dbwrap/dbwrap_util.c          | 3 +++
 source3/lib/dbwrap/dbwrap_ctdb.c  | 3 +++
 source3/lib/dbwrap/dbwrap_open.c  | 3 +++
 source3/lib/dbwrap/dbwrap_watch.c | 3 +++
 8 files changed, 24 insertions(+)
 diff --git a/lib/dbwrap/dbwrap.c b/lib/dbwrap/dbwrap.c
 index 7555efaa3ab..51f58fea851 100644
 --- a/lib/dbwrap/dbwrap.c
 +++ b/lib/dbwrap/dbwrap.c
@@ -28,6 +28,9 @@
 #include "lib/util/util_tdb.h"
 #include "lib/util/tevent_ntstatus.h"
 +#undef DBGC_CLASS
 +#define DBGC_CLASS DBGC_LOCKING
 +
 /*
  * Fall back using fetch if no genuine exists operation is provided
  */
 diff --git a/lib/dbwrap/dbwrap_local_open.c b/lib/dbwrap/dbwrap_local_open.c
 index 20c5fa0e1d2..b834bbd0e41 100644
 --- a/lib/dbwrap/dbwrap_local_open.c
 +++ b/lib/dbwrap/dbwrap_local_open.c
@@ -23,6 +23,9 @@
 #include "dbwrap/dbwrap_tdb.h"
 #include "tdb.h"
 +#undef DBGC_CLASS
 +#define DBGC_CLASS DBGC_LOCKING
 +
 struct db_context *dbwrap_local_open(TALLOC_CTX *mem_ctx,
 				     const char *name,
 				     int hash_size, int tdb_flags,
 diff --git a/lib/dbwrap/dbwrap_rbt.c b/lib/dbwrap/dbwrap_rbt.c
 index db456dfffba..483558a6dc7 100644
 --- a/lib/dbwrap/dbwrap_rbt.c
 +++ b/lib/dbwrap/dbwrap_rbt.c
@@ -24,6 +24,9 @@
 #include "../lib/util/rbtree.h"
 #include "../lib/util/dlinklist.h"
 +#undef DBGC_CLASS
 +#define DBGC_CLASS DBGC_LOCKING
 +
 #define DBWRAP_RBT_ALIGN(_size_) (((_size_)+15)&~15)
 struct db_rbt_ctx {
 diff --git a/lib/dbwrap/dbwrap_tdb.c b/lib/dbwrap/dbwrap_tdb.c
 index 6cd95fa25ad..4a75cd80256 100644
 --- a/lib/dbwrap/dbwrap_tdb.c
 +++ b/lib/dbwrap/dbwrap_tdb.c
@@ -29,6 +29,9 @@
 #include "lib/param/param.h"
 #include "libcli/util/error.h"
 +#undef DBGC_CLASS
 +#define DBGC_CLASS DBGC_LOCKING
 +
 struct db_tdb_ctx {
 	struct tdb_wrap *wtdb;
 diff --git a/lib/dbwrap/dbwrap_util.c b/lib/dbwrap/dbwrap_util.c
 index df6dea40097..465814f0952 100644
 --- a/lib/dbwrap/dbwrap_util.c
 +++ b/lib/dbwrap/dbwrap_util.c
@@ -26,6 +26,9 @@
 #include "dbwrap.h"
 #include "lib/util/util_tdb.h"
 +#undef DBGC_CLASS
 +#define DBGC_CLASS DBGC_LOCKING
 +
 struct dbwrap_fetch_int32_state {
 	NTSTATUS status;
 	int32_t result;
 diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
 index 0907089164a..9fc771d1217 100644
 --- a/source3/lib/dbwrap/dbwrap_ctdb.c
 +++ b/source3/lib/dbwrap/dbwrap_ctdb.c
@@ -38,6 +38,9 @@
 #include "lib/cluster_support.h"
 #include "lib/util/tevent_ntstatus.h"
 +#undef DBGC_CLASS
 +#define DBGC_CLASS DBGC_LOCKING
 +
 struct db_ctdb_transaction_handle {
 	struct db_ctdb_ctx *ctx;
 	/*
 diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c
 index 52c8a94aeff..caefb579058 100644
 --- a/source3/lib/dbwrap/dbwrap_open.c
 +++ b/source3/lib/dbwrap/dbwrap_open.c
@@ -31,6 +31,9 @@
 #include "ctdbd_conn.h"
 #include "global_contexts.h"
 +#undef DBGC_CLASS
 +#define DBGC_CLASS DBGC_LOCKING
 +
 bool db_is_local(const char *name)
 {
 	const char *sockname = lp_ctdbd_socket();
 diff --git a/source3/lib/dbwrap/dbwrap_watch.c b/source3/lib/dbwrap/dbwrap_watch.c
 index 17a52de37cc..77f7b178229 100644
 --- a/source3/lib/dbwrap/dbwrap_watch.c
 +++ b/source3/lib/dbwrap/dbwrap_watch.c
@@ -28,6 +28,9 @@
 #include "server_id_watch.h"
 #include "lib/dbwrap/dbwrap_private.h"
 +#undef DBGC_CLASS
 +#define DBGC_CLASS DBGC_LOCKING
 +
 struct dbwrap_watcher {
 	/*
 	 * Process watching this record
 -- 
 2.37.1
--- a/net/samba416.old/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch
+++ b/net/samba416.old/files/0016-Make-ldb_schema_attribute_compare-a-stable-comparisi.patch
@ -1,29 +0,0 @@
 From 2b3ee747cdf83b80d07aaf1b261956bc9894ff36 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Thu, 8 Sep 2022 00:06:37 +0200
 Subject: [PATCH 16/28] Make ldb_schema_attribute_compare() a stable
 comparision function.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 lib/ldb/ldb_key_value/ldb_kv_cache.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/lib/ldb/ldb_key_value/ldb_kv_cache.c b/lib/ldb/ldb_key_value/ldb_kv_cache.c
 index 4a3c9f29020..cb200aeb9ba 100644
 --- a/lib/ldb/ldb_key_value/ldb_kv_cache.c
 +++ b/lib/ldb/ldb_key_value/ldb_kv_cache.c
@@ -92,7 +92,9 @@ static int ldb_schema_attribute_compare(const void *p1, const void *p2)
 {
 	const struct ldb_schema_attribute *sa1 = (const struct ldb_schema_attribute *)p1;
 	const struct ldb_schema_attribute *sa2 = (const struct ldb_schema_attribute *)p2;
 -	return ldb_attr_cmp(sa1->name, sa2->name);
 +	int res = ldb_attr_cmp(sa1->name, sa2->name);
 +
 +	return (res) ? res : (sa1->flags > sa2->flags) ? 1 : (sa1->flags < sa2->flags) ? -1 : 0;
 }
 /*
 -- 
 2.37.1
--- a/net/samba416.old/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch
+++ b/net/samba416.old/files/0017-Use-arc4random-when-available-to-generate-random-tal.patch
@ -1,49 +0,0 @@
 From 42c9490dd346ee2f4369cbed4c37cb43f06e5d19 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Wed, 7 Sep 2022 23:52:43 +0200
 Subject: [PATCH 17/28] Use arc4random() when available to generate random
 talloc slab signature.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 lib/talloc/talloc.c | 4 ++++
 lib/talloc/wscript  | 1 +
 2 files changed, 5 insertions(+)
 diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c
 index 29da190880a..79c76fd9e35 100644
 --- a/lib/talloc/talloc.c
 +++ b/lib/talloc/talloc.c
@@ -397,6 +397,9 @@ void talloc_lib_init(void) CONSTRUCTOR;
 void talloc_lib_init(void)
 {
 	uint32_t random_value;
 +#if defined(HAVE_ARC4RANDOM)
 +	random_value = arc4random();
 +#else
 #if defined(HAVE_GETAUXVAL) && defined(AT_RANDOM)
 	uint8_t *p;
 	/*
@@ -430,6 +433,7 @@ void talloc_lib_init(void)
 		 */
 		random_value = ((uintptr_t)talloc_lib_init & 0xFFFFFFFF);
 	}
 +#endif /* HAVE_ARC4RANDOM */
 	talloc_magic = random_value & ~TALLOC_FLAG_MASK;
 }
 #else
 diff --git a/lib/talloc/wscript b/lib/talloc/wscript
 index f0c266a7878..c75ec0505df 100644
 --- a/lib/talloc/wscript
 +++ b/lib/talloc/wscript
@@ -52,6 +52,7 @@ def configure(conf):
     conf.CHECK_HEADERS('sys/auxv.h')
     conf.CHECK_FUNCS('getauxval')
 +    conf.CHECK_FUNCS('arc4random')
     conf.SAMBA_CONFIG_H()
 -- 
 2.37.1
--- a/net/samba416.old/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch
+++ b/net/samba416.old/files/0018-Add-configuration-option-that-allows-to-choose-alter.patch
@ -1,65 +0,0 @@
 From b81d399aa6d9e2bdbb9db0efa8109c41aad4d025 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 02:49:20 +0200
 Subject: [PATCH 18/28] Add configuration option that allows to choose
 alternative mDNS implementation dns_sd library.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/wscript       | 12 ++++++++++++
 source3/wscript_build |  2 ++
 2 files changed, 14 insertions(+)
 diff --git a/source3/wscript b/source3/wscript
 index 2121b8b6510..6209472c6c8 100644
 --- a/source3/wscript
 +++ b/source3/wscript
@@ -70,6 +70,7 @@ def options(opt):
     opt.samba_add_onoff_option('sendfile-support', default=None)
     opt.samba_add_onoff_option('utmp')
     opt.samba_add_onoff_option('avahi', with_name="enable", without_name="disable")
 +    opt.samba_add_onoff_option('dnssd', with_name="enable", without_name="disable")
     opt.samba_add_onoff_option('iconv')
     opt.samba_add_onoff_option('acl-support')
     opt.samba_add_onoff_option('syslog')
@@ -855,6 +856,17 @@ msg.msg_accrightslen = sizeof(fd);
         conf.SET_TARGET_TYPE('avahi-common', 'EMPTY')
         conf.SET_TARGET_TYPE('avahi-client', 'EMPTY')
 +    if Options.options.with_dnssd:
 +        conf.env.with_dnssd = True
 +        if not conf.CHECK_HEADERS('dns_sd.h'):
 +            conf.env.with_dnssd = False
 +        if not conf.CHECK_FUNCS_IN('DNSServiceRegister', 'dns_sd'):
 +            conf.env.with_dnssd = False
 +        if conf.env.with_dnssd:
 +            conf.DEFINE('WITH_DNSSD_SUPPORT', 1)
 +    else:
 +        conf.SET_TARGET_TYPE('dns_sd', 'EMPTY')
 +
     if Options.options.with_iconv:
         conf.env.with_iconv = True
         if not conf.CHECK_FUNCS_IN('iconv_open', 'iconv', headers='iconv.h'):
 diff --git a/source3/wscript_build b/source3/wscript_build
 index 5cf965dc45d..edd7985e648 100644
 --- a/source3/wscript_build
 +++ b/source3/wscript_build
@@ -709,6 +709,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
                         samba3core
                         param_service
                         AVAHI
 +                        dns_sd
                         PROFILE
                         LOCKING
                         LIBADS_SERVER
@@ -1128,6 +1129,7 @@ bld.SAMBA3_BINARY('client/smbclient',
                       msrpc3
                       RPC_NDR_SRVSVC
                       cli_smb_common
 +                      dns_sd
                       archive
                       ''')
 -- 
 2.37.1
--- a/net/samba416.old/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch
+++ b/net/samba416.old/files/0019-From-923bc7a1afeb0b920e60e14846987ae1d2d7dca4-Mon-Se.patch
@ -1,544 +0,0 @@
 From 5aabf82dfaf325bf682db85d80476224e7005a41 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 00:46:16 +0200
 Subject: [PATCH 19/28] From 923bc7a1afeb0b920e60e14846987ae1d2d7dca4 Mon Sep
 17 00:00:00 2001 From: John Hixson <john@ixsystems.com> Date: Thu, 7 Dec 2017
 09:36:32 -0500 Subject: [PATCH] Freenas/master mdns fixes (#22)
 * mDNS fixes for Samba (work in progress).
 * Fix mDNS - Can advertise on individual interfaces
 * Fix mDNS browsing in smbclient
 Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/client/dnsbrowse.c |  19 +-
 source3/smbd/dnsregister.c | 354 ++++++++++++++++++++++++++++++-------
 2 files changed, 299 insertions(+), 74 deletions(-)
 diff --git a/source3/client/dnsbrowse.c b/source3/client/dnsbrowse.c
 index be6eb881cf1..83aef966d2a 100644
 --- a/source3/client/dnsbrowse.c
 +++ b/source3/client/dnsbrowse.c
@@ -39,6 +39,7 @@ struct mdns_smbsrv_result
 struct mdns_browse_state
 {
 	struct mdns_smbsrv_result *listhead; /* Browse result list head */
 +	TALLOC_CTX * ctx;
 	int browseDone;
 };
@@ -64,7 +65,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
 	struct timeval tv;
 	DNSServiceErrorType err;
 -	TALLOC_CTX * ctx = talloc_tos();
 +	TALLOC_CTX * ctx = talloc_new(NULL);
 	err = DNSServiceResolve(&mdns_conn_sdref, 0 /* flags */,
 		browsesrv->ifIndex,
@@ -91,7 +92,7 @@ static void do_smb_resolve(struct mdns_smbsrv_result *browsesrv)
 		}
 	}
 -	TALLOC_FREE(fdset);
 +	TALLOC_FREE(ctx);
 	DNSServiceRefDeallocate(mdns_conn_sdref);
 }
@@ -124,18 +125,19 @@ do_smb_browse_reply(DNSServiceRef sdRef, DNSServiceFlags flags,
 		return;
 	}
 -	bresult = talloc_array(talloc_tos(), struct mdns_smbsrv_result, 1);
 +	bresult = talloc_array(bstatep->ctx, struct mdns_smbsrv_result, 1);
 	if (bresult == NULL) {
 		return;
 	}
 +	bresult->nextResult = NULL;
 	if (bstatep->listhead != NULL) {
 		bresult->nextResult = bstatep->listhead;
 	}
 -	bresult->serviceName = talloc_strdup(talloc_tos(), serviceName);
 -	bresult->regType = talloc_strdup(talloc_tos(), regtype);
 -	bresult->domain = talloc_strdup(talloc_tos(), replyDomain);
 +	bresult->serviceName = talloc_strdup(bstatep->ctx, serviceName);
 +	bresult->regType = talloc_strdup(bstatep->ctx, regtype);
 +	bresult->domain = talloc_strdup(bstatep->ctx, replyDomain);
 	bresult->ifIndex = interfaceIndex;
 	bstatep->listhead = bresult;
 }
@@ -151,10 +153,13 @@ int do_smb_browse(void)
 	DNSServiceRef mdns_conn_sdref = NULL;
 	DNSServiceErrorType err;
 -	TALLOC_CTX * ctx = talloc_stackframe();
 +	TALLOC_CTX * ctx = talloc_new(NULL);
 	ZERO_STRUCT(bstate);
 +	bstate.ctx = ctx;
 +	bstate.listhead = NULL;
 +
 	err = DNSServiceBrowse(&mdns_conn_sdref, 0, 0, "_smb._tcp", "",
 			do_smb_browse_reply, &bstate);
 diff --git a/source3/smbd/dnsregister.c b/source3/smbd/dnsregister.c
 index df189001a09..389a4278f64 100644
 --- a/source3/smbd/dnsregister.c
 +++ b/source3/smbd/dnsregister.c
@@ -29,6 +29,29 @@
  * browse for advertised SMB services.
  */
 +/*
 + * Time Machine Errata:
 + * sys=adVF=0x100 -- this is required when ._adisk._tcp is present on device. When it is
 + * set, the MacOS client will send a NetShareEnumAll IOCTL and shares will be visible.
 + * Otherwise, Finder will only see the Time Machine share. In the absence of ._adisk._tcp
 + * MacOS will _always_ send NetShareEnumAll IOCTL.
 + *
 + * waMa=0 -- MacOS server uses waMa=0, while embedded devices have it set to their Mac Address.
 + * Speculation in Samba-Technical indicates that this stands for "Wireless AirDisk Mac Address".
 + *
 + * adVU -- AirDisk Volume UUID. Mac OS servers generate a UUID. Time machine over SMB works without one
 + * set. Netatalk generates a UUID and stores it persistently in afp_voluuid.conf. This can be
 + * set by adding the share parameter "fruit:volume_uuid = "
 + *
 + * dk(n)=adVF=
 + *      0xa1, 0x81 - AFP support
 + *      0xa2, 0x82 - SMB support
 + *      0xa3, 0x83 - AFP and SMB support
 + *
 + * adVN -- AirDisk Volume Name. We set this to the share name.
 + *
 + */
 +
 #define DNS_REG_RETRY_INTERVAL (5*60)  /* in seconds */
 #ifdef WITH_DNSSD_SUPPORT
@@ -36,85 +59,177 @@
 #include <dns_sd.h>
 struct dns_reg_state {
 -	struct tevent_context *event_ctx;
 -	uint16_t port;
 -	DNSServiceRef srv_ref;
 -	struct tevent_timer *te;
 -	int fd;
 -	struct tevent_fd *fde;
 +	int count;
 +	struct reg_state {
 +		DNSServiceRef srv_ref;
 +		TALLOC_CTX *mem_ctx;
 +		struct tevent_context *event_ctx;
 +		struct tevent_timer *te;
 +		struct tevent_fd *fde;
 +		uint16_t port;
 +		int if_index;
 +		int fd;
 +	} *drs;
 };
 -static int dns_reg_state_destructor(struct dns_reg_state *dns_state)
 +static void dns_register_smbd_retry(struct tevent_context *ctx,
 +				    struct tevent_timer *te,
 +				    struct timeval now,
 +				    void *private_data);
 +static void dns_register_smbd_fde_handler(struct tevent_context *ev,
 +					  struct tevent_fd *fde,
 +					  uint16_t flags,
 +					  void *private_data);
 +
 +
 +static int reg_state_destructor(struct reg_state *state)
 {
 -	if (dns_state->srv_ref != NULL) {
 +	if (state == NULL) {
 +		return -1;
 +	}
 +
 +	if (state->srv_ref != NULL) {
 		/* Close connection to the mDNS daemon */
 -		DNSServiceRefDeallocate(dns_state->srv_ref);
 -		dns_state->srv_ref = NULL;
 +		DNSServiceRefDeallocate(state->srv_ref);
 +		state->srv_ref = NULL;
 	}
 	/* Clear event handler */
 -	TALLOC_FREE(dns_state->te);
 -	TALLOC_FREE(dns_state->fde);
 -	dns_state->fd = -1;
 +	TALLOC_FREE(state->te);
 +	TALLOC_FREE(state->fde);
 +	state->fd = -1;
 	return 0;
 }
 -static void dns_register_smbd_retry(struct tevent_context *ctx,
 -				    struct tevent_timer *te,
 -				    struct timeval now,
 -				    void *private_data);
 -static void dns_register_smbd_fde_handler(struct tevent_context *ev,
 -					  struct tevent_fd *fde,
 -					  uint16_t flags,
 -					  void *private_data);
 +int TXTRecordPrintf(TXTRecordRef * rec, const char * key, const char * fmt, ... )
 +{
 +	int ret = 0;
 +	char *str;
 +	va_list ap;
 +	va_start( ap, fmt );
 +
 +	if( 0 > vasprintf(&str, fmt, ap ) ) {
 +		va_end(ap);
 +		return -1;
 +	}
 +	va_end(ap);
 +
 +	if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
 +		ret = -1;
 +	}
 +
 +	free(str);
 +	return ret;
 +}
 +
 +int TXTRecordKeyPrintf(TXTRecordRef * rec, const char * key_fmt, int key_var, const char * fmt, ...)
 +{
 +	int ret = 0;
 +	char *key = NULL, *str = NULL;
 +	va_list ap;
 +
 +	if( 0 > asprintf(&key, key_fmt, key_var)) {
 +		DEBUG(1, ("Failed in asprintf\n"));
 +		return -1;
 +	}
 -static bool dns_register_smbd_schedule(struct dns_reg_state *dns_state,
 +	va_start( ap, fmt );
 +	if( 0 > vasprintf(&str, fmt, ap )) {
 +		va_end(ap);
 +		DEBUG(1, ("Failed in vasprintf\n"));
 +		ret = -1;
 +		goto exit;
 +	}
 +	va_end(ap);
 +
 +	if( kDNSServiceErr_NoError != TXTRecordSetValue(rec, key, strlen(str), str) ) {
 +		DEBUG(1, ("Failed in TXTRecordSetValuen"));
 +		ret = -1;
 +		goto exit;
 +	}
 +
 +	exit:
 +	if (str)
 +		free(str);
 +	if (key)
 +		free(key);
 +	return ret;
 +}
 +
 +
 +static bool dns_register_smbd_schedule(struct reg_state *state,
 				       struct timeval tval)
 {
 -	dns_reg_state_destructor(dns_state);
 +	reg_state_destructor(state);
 -	dns_state->te = tevent_add_timer(dns_state->event_ctx,
 -					 dns_state,
 +	state->te = tevent_add_timer(state->event_ctx,
 +					 state->mem_ctx,
 					 tval,
 					 dns_register_smbd_retry,
 -					 dns_state);
 -	if (!dns_state->te) {
 +					 state);
 +	if (!state->te) {
 		return false;
 	}
 	return true;
 }
 +static void dns_register_smbd_callback(DNSServiceRef service,
 +				       DNSServiceFlags flags,
 +				       DNSServiceErrorType errorCode,
 +				       const char *name,
 +				       const char *type,
 +				       const char *domain,
 +				       void *context)
 +{
 +	if (errorCode != kDNSServiceErr_NoError) {
 +		DEBUG(6, ("error=%d\n", errorCode));
 +	} else {
 +		DEBUG(6, ("%-15s %s.%s%s\n", "REGISTER", name, type, domain));
 +	}
 +}
 +
 static void dns_register_smbd_retry(struct tevent_context *ctx,
 				    struct tevent_timer *te,
 				    struct timeval now,
 				    void *private_data)
 {
 -	struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
 -					  struct dns_reg_state);
 +	struct reg_state *state = (struct reg_state *)private_data;
 	DNSServiceErrorType err;
 +	int snum;
 +	size_t dk = 0;
 +	bool sys_txt_created = false;
 +	TXTRecordRef txt_adisk;
 +	TXTRecordRef txt_devinfo;
 +	char *servname;
 +	char *v_uuid;
 +	int num_services = lp_numservices();
 +
 +	reg_state_destructor(state);
 -	dns_reg_state_destructor(dns_state);
 +	TXTRecordCreate(&txt_adisk, 0, NULL);
 -	DEBUG(6, ("registering _smb._tcp service on port %d\n",
 -		  dns_state->port));
 +	DEBUG(6, ("registering _smb._tcp service on port %d index %d\n",
 +		  state->port, state->if_index));
 	/* Register service with DNS. Connects with the mDNS
 	 * daemon running on the local system to perform DNS
 	 * service registration.
 	 */
 -	err = DNSServiceRegister(&dns_state->srv_ref, 0 /* flags */,
 -			kDNSServiceInterfaceIndexAny,
 -			NULL /* service name */,
 -			"_smb._tcp" /* service type */,
 -			NULL /* domain */,
 -			"" /* SRV target host name */,
 -			htons(dns_state->port),
 -			0 /* TXT record len */,
 -			NULL /* TXT record data */,
 -			NULL /* callback func */,
 -			NULL /* callback context */);
 +	err = DNSServiceRegister(&state->srv_ref,
 +			0		/* flags */,
 +			state->if_index /* interface index */,
 +			NULL		/* service name */,
 +			"_smb._tcp"	/* service type */,
 +			NULL		/* domain */,
 +			""		/* SRV target host name */,
 +			htons(state->port) /* port */,
 +			0		/* TXT record len */,
 +			NULL		/* TXT record data */,
 +			dns_register_smbd_callback /* callback func */,
 +			NULL		/* callback context */);
 +
 	if (err != kDNSServiceErr_NoError) {
 		/* Failed to register service. Schedule a re-try attempt.
@@ -123,24 +238,96 @@ static void dns_register_smbd_retry(struct tevent_context *ctx,
 		goto retry;
 	}
 -	dns_state->fd = DNSServiceRefSockFD(dns_state->srv_ref);
 -	if (dns_state->fd == -1) {
 +	/*
 +	 * Check for services that are configured as Time Machine targets
 +	 *
 +	 */
 +	for (snum = 0; snum < num_services; snum++) {
 +		if (lp_snum_ok(snum) && lp_parm_bool(snum, "fruit", "time machine", false))
 +		{
 +			if (!sys_txt_created) {
 +				if( 0 > TXTRecordPrintf(&txt_adisk, "sys", "adVF=0x100") ) {
 +					DEBUG(1, ("Failed to create Zeroconf TXTRecord for sys") );
 +					goto retry;
 +				}
 +				else
 +				{
 +					sys_txt_created = true;
 +				}
 +			}
 +
 +			v_uuid = lp_parm_const_string(snum, "fruit", "volume_uuid", NULL);
 +			servname = lp_const_servicename(snum);
 +			DEBUG(1, ("Registering volume %s for TimeMachine\n", servname));
 +			if (v_uuid) {
 +				if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82,adVU=%s",
 +					servname, v_uuid) ) {
 +					DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
 +					goto retry;
 +				}
 +				DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
 +					  "dk%zu,adVN=%s,adVF=0x82,adVU=%s\n", dk, servname, v_uuid) );
 +			}
 +			else {
 +				if( 0 > TXTRecordKeyPrintf(&txt_adisk, "dk%zu", dk++, "adVN=%s,adVF=0x82",
 +					servname) ) {
 +					DEBUG(1, ("Could not set Zeroconf TXTRecord for dk%zu \n", dk));
 +					goto retry;
 +				}
 +				DEBUG(1, ("Registering TimeMachine with the following TXT parameters: "
 +					  "dk%zu,adVN=%s,adVF=0x82\n", dk, servname) );
 +			}
 +		}
 +	}
 +
 +	if (dk) {
 +		err = DNSServiceRegister(&state->srv_ref,
 +				0		/* flags */,
 +				state->if_index /* interface index */,
 +				NULL		/* service name */,
 +				"_adisk._tcp"	/* service type */,
 +				NULL		/* domain */,
 +				""		/* SRV target host name */,
 +				/*
 +				 * We would probably use port 0 zero, but we can't, from man DNSServiceRegister:
 +				 *   "A value of 0 for a port is passed to register placeholder services.
 +				 *    Place holder services are not found  when browsing, but other
 +				 *    clients cannot register with the same name as the placeholder service."
 +				 * We therefor use port 9 which is used by the adisk service type.
 +				 */
 +				htons(9)	/* port */,
 +				TXTRecordGetLength(&txt_adisk)		/* TXT record len */,
 +				TXTRecordGetBytesPtr(&txt_adisk)	/* TXT record data */,
 +				dns_register_smbd_callback /* callback func */,
 +				NULL		/* callback context */);
 +
 +
 +		if (err != kDNSServiceErr_NoError) {
 +			/* Failed to register service. Schedule a re-try attempt.
 +			 */
 +			DEBUG(1, ("unable to register with mDNS (err %d)\n", err));
 +			goto retry;
 +		}
 +	}
 +
 +	state->fd = DNSServiceRefSockFD(state->srv_ref);
 +	if (state->fd == -1) {
 		goto retry;
 	}
 -	dns_state->fde = tevent_add_fd(dns_state->event_ctx,
 -				       dns_state,
 -				       dns_state->fd,
 -				       TEVENT_FD_READ,
 -				       dns_register_smbd_fde_handler,
 -				       dns_state);
 -	if (!dns_state->fde) {
 +	state->fde = tevent_add_fd(state->event_ctx,
 +				   state->mem_ctx,
 +				   state->fd,
 +				   TEVENT_FD_READ,
 +				   dns_register_smbd_fde_handler,
 +				   state);
 +	if (!state->fde) {
 		goto retry;
 	}
 	return;
  retry:
 -	dns_register_smbd_schedule(dns_state,
 +	dns_register_smbd_schedule(state,
 		timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
 }
@@ -150,44 +337,77 @@ static void dns_register_smbd_fde_handler(struct tevent_context *ev,
 					  uint16_t flags,
 					  void *private_data)
 {
 -	struct dns_reg_state *dns_state = talloc_get_type_abort(private_data,
 -					  struct dns_reg_state);
 +	struct reg_state *state = (struct reg_state *)private_data;
 	DNSServiceErrorType err;
 -	err = DNSServiceProcessResult(dns_state->srv_ref);
 +	err = DNSServiceProcessResult(state->srv_ref);
 	if (err != kDNSServiceErr_NoError) {
 -		DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n",
 -			    err));
 +		DEBUG(3, ("failed to process mDNS result (err %d), re-trying\n", err));
 		goto retry;
 	}
 -	talloc_free(dns_state);
 	return;
  retry:
 -	dns_register_smbd_schedule(dns_state,
 -		timeval_current_ofs(DNS_REG_RETRY_INTERVAL, 0));
 +	dns_register_smbd_schedule(state, timeval_zero());
 }
 +static int dns_reg_state_destructor(struct dns_reg_state *state)
 +{
 +	if (state != NULL) {
 +		talloc_free(state);
 +	}
 +	return 0;
 +}
 +
 +
 bool smbd_setup_mdns_registration(struct tevent_context *ev,
 				  TALLOC_CTX *mem_ctx,
 				  uint16_t port)
 {
 	struct dns_reg_state *dns_state;
 +	bool bind_all = true;
 +	int i;
 	dns_state = talloc_zero(mem_ctx, struct dns_reg_state);
 -	if (dns_state == NULL) {
 +	if (dns_state == NULL)
 +		return false;
 +
 +	if (lp_interfaces() && lp_bind_interfaces_only())
 +		bind_all = false;
 +
 +	dns_state->count = iface_count();
 +	if (dns_state->count <= 0 || bind_all == true)
 +		dns_state->count = 1;
 +
 +	dns_state->drs = talloc_array(mem_ctx, struct reg_state, dns_state->count);
 +	if (dns_state->drs == NULL) {
 +		talloc_free(dns_state);
 		return false;
 	}
 -	dns_state->event_ctx = ev;
 -	dns_state->port = port;
 -	dns_state->fd = -1;
 -	talloc_set_destructor(dns_state, dns_reg_state_destructor);
 +	for (i = 0; i < dns_state->count; i++) {
 +		struct interface *iface = get_interface(i);
 +		struct reg_state *state = &dns_state->drs[i];
 +
 +		state->mem_ctx = mem_ctx;
 +		state->srv_ref = NULL;
 +		state->event_ctx = ev;
 +		state->te = NULL;
 +		state->fde = NULL;
 +		state->port = port;
 +		state->fd = -1;
 -	return dns_register_smbd_schedule(dns_state, timeval_zero());
 +		state->if_index = bind_all ? kDNSServiceInterfaceIndexAny : iface->if_index;
 +
 +		dns_register_smbd_schedule(&dns_state->drs[i], timeval_zero());
 +	}
 +
 +	talloc_set_destructor(dns_state, dns_reg_state_destructor);
 +	return true;
 }
 +
 #else /* WITH_DNSSD_SUPPORT */
 bool smbd_setup_mdns_registration(struct tevent_context *ev,
 -- 
 2.37.1
--- a/net/samba416.old/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch
+++ b/net/samba416.old/files/0020-FreeBSD-12-between-r336017-and-r342928-wrongfuly-ret.patch
@ -1,35 +0,0 @@
 From 02b599cc740490fa6f433b0c455fe458fdc1db61 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 02:45:11 +0200
 Subject: [PATCH 20/28] FreeBSD 12 between r336017 and r342928 wrongfuly return
 ENOENT for the not enabled qoutas on ZFS. Wrap relevant error code check with
 the versioning ifdef's.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/lib/sysquotas_4B.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
 diff --git a/source3/lib/sysquotas_4B.c b/source3/lib/sysquotas_4B.c
 index d9beb924ad9..c41cac02e5f 100644
 --- a/source3/lib/sysquotas_4B.c
 +++ b/source3/lib/sysquotas_4B.c
@@ -140,7 +140,14 @@ static int sys_quotactl_4B(const char * path, int cmd,
 		/* ENOTSUP means quota support is not compiled in. EINVAL
 		 * means that quotas are not configured (commonly).
 		 */
 -		if (errno != ENOTSUP && errno != EINVAL) {
 +		if (errno != ENOTSUP && errno != EINVAL
 +/*
 + * FreeBSD 12 between r336017 and r342928 wrongfuly return ENOENT for the not enabled qoutas on ZFS.
 + */
 +#if defined(__FreeBSD__) && ((__FreeBSD_version >= 1102503 && __FreeBSD_version <= 1102506) || (__FreeBSD_version >= 1200072 && __FreeBSD_version <= 1200503) || (__FreeBSD_version >= 1300000 && __FreeBSD_version <= 1300009))
 +			&& errno != ENOENT
 +#endif
 +		) {
 			DEBUG(5, ("failed to %s quota for %s ID %u on %s: %s\n",
 				    (cmd & QCMD(Q_GETQUOTA, 0)) ? "get" : "set",
 				    (cmd & QCMD(0, GRPQUOTA)) ? "group" : "user",
 -- 
 2.37.1
--- a/net/samba416.old/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch
+++ b/net/samba416.old/files/0021-Fix-casting-warnings-in-the-nfs_quota-debug-message.patch
@ -1,36 +0,0 @@
 From 46f5b54aa5761541a16108d66764d662f37f04d2 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 02:41:48 +0200
 Subject: [PATCH 21/28] Fix casting warnings in the nfs_quota debug message.
 Initialize quota structure with zeros.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/smbd/quotas.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
 index 604631f81d6..c23fa49b3b0 100644
 --- a/source3/smbd/quotas.c
 +++ b/source3/smbd/quotas.c
@@ -125,6 +125,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t
 	if (!cutstr)
 		return False;
 +	memset(&D, '\0', sizeof(D));
 	memset(cutstr, '\0', len+1);
 	host = strncat(cutstr,mnttype, sizeof(char) * len );
 	DEBUG(5,("nfs_quotas: looking for mount on \"%s\"\n", cutstr));
@@ -133,7 +134,7 @@ static bool nfs_quotas(char *nfspath, uid_t euser_id, uint64_t *bsize, uint64_t
 	args.gqa_pathp = testpath+1;
 	args.gqa_uid = uid;
 -	DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%i\" rpcvers \"%i\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
 +	DEBUG(5,("nfs_quotas: Asking for host \"%s\" rpcprog \"%lu\" rpcvers \"%lu\" network \"%s\"\n", host, RQUOTAPROG, RQUOTAVERS, "udp"));
 	if ((clnt = clnt_create(host, RQUOTAPROG, RQUOTAVERS, "udp")) == NULL) {
 		ret = False;
 -- 
 2.37.1
--- a/net/samba416.old/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch
+++ b/net/samba416.old/files/0022-Clean-up-UTMP-handling-code-and-add-FreeBSD-support..patch
@ -1,340 +0,0 @@
 From 5019ad026f106d51dc2bb4c410a05b2f63b56cd0 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 01:43:13 +0200
 Subject: [PATCH 22/28] Clean up UTMP handling code and add FreeBSD support.
 Some really legacy platforms may have been dropped as a result.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/smbd/utmp.c | 156 ++++++++++++--------------------------------
 source3/wscript     |  37 ++++++-----
 2 files changed, 63 insertions(+), 130 deletions(-)
 diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c
 index 4327301e3b1..f4a8362dd56 100644
 --- a/source3/smbd/utmp.c
 +++ b/source3/smbd/utmp.c
@@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx,
  Update utmp file directly.  No subroutine interface: probably a BSD system.
 ****************************************************************************/
 -static void pututline_my(const char *uname, struct utmp *u, bool claim)
 +static void pututline_my(const char *uname, STRUCT_UTMP *u, bool claim)
 {
 	DEBUG(1,("pututline_my: not yet implemented\n"));
 	/* BSD implementor: may want to consider (or not) adjusting "lastlog" */
@@ -271,7 +271,7 @@ static void pututline_my(const char *uname, struct utmp *u, bool claim)
  Credit: Michail Vidiassov <master@iaas.msu.ru>
 ****************************************************************************/
 -static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
 +static void updwtmp_my(const char *wname, STRUCT_UTMP *u, bool claim)
 {
 	int fd;
 	struct stat buf;
@@ -303,7 +303,7 @@ static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
 	if ((fd = open(wname, O_WRONLY|O_APPEND, 0)) < 0)
 		return;
 	if (fstat(fd, &buf) == 0) {
 -		if (write(fd, (char *)u, sizeof(struct utmp)) != sizeof(struct utmp))
 +		if (write(fd, (char *)u, sizeof(STRUCT_UTMP)) != sizeof(STRUCT_UTMP))
 		(void) ftruncate(fd, buf.st_size);
 	}
 	(void) close(fd);
@@ -314,12 +314,12 @@ static void updwtmp_my(const char *wname, struct utmp *u, bool claim)
  Update via utmp/wtmp (not utmpx/wtmpx).
 ****************************************************************************/
 -static void utmp_nox_update(struct utmp *u, bool claim)
 +static void utmp_nox_update(STRUCT_UTMP *u, bool claim)
 {
 	char *uname = NULL;
 	char *wname = NULL;
 #if defined(PUTUTLINE_RETURNS_UTMP)
 -	struct utmp *urc;
 +	STRUCT_UTMP *urc;
 #endif /* PUTUTLINE_RETURNS_UTMP */
 	uname = uw_pathname(talloc_tos(), "utmp", ut_pathname);
@@ -376,127 +376,52 @@ static void utmp_nox_update(struct utmp *u, bool claim)
 	}
 }
 -/****************************************************************************
 - Copy a string in the utmp structure.
 -****************************************************************************/
 -static void utmp_strcpy(char *dest, const char *src, size_t n)
 -{
 -	size_t len = 0;
 -
 -	memset(dest, '\0', n);
 -	if (src)
 -		len = strlen(src);
 -	if (len >= n) {
 -		memcpy(dest, src, n);
 -	} else {
 -		if (len)
 -			memcpy(dest, src, len);
 -	}
 -}
 +
 +
 /****************************************************************************
  Update via utmpx/wtmpx (preferred) or via utmp/wtmp.
 ****************************************************************************/
 -static void sys_utmp_update(struct utmp *u, const char *hostname, bool claim)
 +static void sys_utmp_update(STRUCT_UTMP *u, const char *hostname, bool claim)
 {
 -#if !defined(HAVE_UTMPX_H)
 -	/* No utmpx stuff.  Drop to non-x stuff */
 -	utmp_nox_update(u, claim);
 -#elif !defined(HAVE_PUTUTXLINE)
 -	/* Odd.  Have utmpx.h but no "pututxline()".  Drop to non-x stuff */
 -	DEBUG(1,("utmp_update: have utmpx.h but no pututxline() function\n"));
 -	utmp_nox_update(u, claim);
 -#elif !defined(HAVE_GETUTMPX)
 -	/* Odd.  Have utmpx.h but no "getutmpx()".  Drop to non-x stuff */
 -	DEBUG(1,("utmp_update: have utmpx.h but no getutmpx() function\n"));
 -	utmp_nox_update(u, claim);
 -#elif !defined(HAVE_UPDWTMPX)
 -	/* Have utmpx.h but no "updwtmpx()".  Drop to non-x stuff */
 -	DEBUG(1,("utmp_update: have utmpx.h but no updwtmpx() function\n"));
 -	utmp_nox_update(u, claim);
 -#else
 -	char *uname = NULL;
 -	char *wname = NULL;
 -	struct utmpx ux, *uxrc;
 -
 -	getutmpx(u, &ux);
 -
 -#if defined(HAVE_UX_UT_SYSLEN)
 -	if (hostname)
 -		ux.ut_syslen = strlen(hostname) + 1;	/* include end NULL */
 -	else
 -		ux.ut_syslen = 0;
 -#endif
 -#if defined(HAVE_UX_UT_HOST)
 -	utmp_strcpy(ux.ut_host, hostname, sizeof(ux.ut_host));
 -#endif
 -
 -	uname = uw_pathname(talloc_tos(), "utmpx", ux_pathname);
 -	wname = uw_pathname(talloc_tos(), "wtmpx", wx_pathname);
 -	if (uname && wname) {
 -		DEBUG(2,("utmp_update: uname:%s wname:%s\n", uname, wname));
 -	}
 +	STRUCT_UTMP *urc;
 -	/*
 -	 * Check for either uname or wname being empty.
 -	 * Some systems, such as Redhat 6, have a "utmpx.h" which doesn't
 -	 * define default filenames.
 -	 * Also, our local installation has not provided an override.
 -	 * Drop to non-x method.  (E.g. RH6 has good defaults in "utmp.h".)
 -	 */
 -	if (!uname || !wname || (strlen(uname) == 0) || (strlen(wname) == 0)) {
 -		utmp_nox_update(u, claim);
 -	} else {
 -		utmpxname(uname);
 -		setutxent();
 -		uxrc = pututxline(&ux);
 -		endutxent();
 -		if (uxrc == NULL) {
 -			DEBUG(2,("utmp_update: pututxline() failed\n"));
 -			return;
 -		}
 -		updwtmpx(wname, &ux);
 +	setutxent();
 +	urc = pututxline(u);
 +	endutxent();
 +	if (urc == NULL) {
 +		DEBUG(2,("utmp_update: pututxline() failed\n"));
 +		return;
 	}
 -#endif /* HAVE_UTMPX_H */
 }
 #if defined(HAVE_UT_UT_ID)
 /****************************************************************************
  Encode the unique connection number into "ut_id".
 ****************************************************************************/
 -
 -static int ut_id_encode(int i, char *fourbyte)
 +static void ut_id_encode(char *buf, int id, size_t buf_size)
 {
 -	int nbase;
 -	const char *ut_id_encstr = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 +	const char ut_id_encstr[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
 -/*
 - * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
 - * Example: digits would produce the base-10 numbers from '001'.
 - */
 -	nbase = strlen(ut_id_encstr);
 -
 -	fourbyte[0] = ut_id_encstr[i % nbase];
 -	i /= nbase;
 -	fourbyte[1] = ut_id_encstr[i % nbase];
 -	i /= nbase;
 -	fourbyte[3] = ut_id_encstr[i % nbase];
 -	i /= nbase;
 -	fourbyte[2] = ut_id_encstr[i % nbase];
 -	i /= nbase;
 -
 -	/* we do not care about overflows as i is a random number */
 -	return 0;
 +	int nbase = sizeof(ut_id_encstr) - 1;
 +	/*
 +	 * 'ut_id_encstr' is the character set on which modulo arithmetic is done.
 +	 * Example: digits would produce the base-10 numbers from '001'.
 +	 */
 +
 +	for(int i = 0; i < buf_size; i++) {
 +		buf[i] = ut_id_encstr[id % nbase];
 +		id /= nbase;
 +	}
 }
 #endif /* defined(HAVE_UT_UT_ID) */
 -
 /*
   fill a system utmp structure given all the info we can gather
 */
 -static bool sys_utmp_fill(struct utmp *u,
 +static bool sys_utmp_fill(STRUCT_UTMP *u,
 			const char *username, const char *hostname,
 			const char *id_str, int id_num)
 {
@@ -509,16 +434,16 @@ static bool sys_utmp_fill(struct utmp *u,
 	 *	rather than to try to detect and optimise.
 	 */
 #if defined(HAVE_UT_UT_USER)
 -	utmp_strcpy(u->ut_user, username, sizeof(u->ut_user));
 +	strncpy(u->ut_user, username, sizeof(u->ut_user));
 #elif defined(HAVE_UT_UT_NAME)
 -	utmp_strcpy(u->ut_name, username, sizeof(u->ut_name));
 +	strncpy(u->ut_name, username, sizeof(u->ut_name));
 #endif
 	/*
 	 * ut_line:
 	 *	If size limit proves troublesome, then perhaps use "ut_id_encode()".
 	 */
 -	utmp_strcpy(u->ut_line, id_str, sizeof(u->ut_line));
 +	strncpy(u->ut_line, id_str, sizeof(u->ut_line));
 #if defined(HAVE_UT_UT_PID)
 	u->ut_pid = getpid();
@@ -535,20 +460,23 @@ static bool sys_utmp_fill(struct utmp *u,
 	u->ut_time = timeval.tv_sec;
 #elif defined(HAVE_UT_UT_TV)
 	GetTimeOfDay(&timeval);
 -	u->ut_tv = timeval;
 +	u->ut_tv.tv_sec = timeval.tv_sec;
 +	u->ut_tv.tv_usec = timeval.tv_usec;
 #else
 #error "with-utmp must have UT_TIME or UT_TV"
 #endif
 #if defined(HAVE_UT_UT_HOST)
 -	utmp_strcpy(u->ut_host, hostname, sizeof(u->ut_host));
 +	if(hostname != NULL) {
 +		strncpy(u->ut_host, hostname, sizeof(u->ut_host));
 +#if defined(HAVE_UT_UT_SYSLEN)
 +		u->ut_syslen = strlen(hostname) + 1;	/* include trailing NULL */
 +#endif
 +	}
 #endif
 #if defined(HAVE_UT_UT_ID)
 -	if (ut_id_encode(id_num, u->ut_id) != 0) {
 -		DEBUG(1,("utmp_fill: cannot encode id %d\n", id_num));
 -		return False;
 -	}
 +	ut_id_encode(u->ut_id, id_num, sizeof(u->ut_id));
 #endif
 	return True;
@@ -561,7 +489,7 @@ static bool sys_utmp_fill(struct utmp *u,
 void sys_utmp_yield(const char *username, const char *hostname,
 		    const char *id_str, int id_num)
 {
 -	struct utmp u;
 +	STRUCT_UTMP u;
 	ZERO_STRUCT(u);
@@ -587,7 +515,7 @@ void sys_utmp_yield(const char *username, const char *hostname,
 void sys_utmp_claim(const char *username, const char *hostname,
 		    const char *id_str, int id_num)
 {
 -	struct utmp u;
 +	STRUCT_UTMP u;
 	ZERO_STRUCT(u);
 diff --git a/source3/wscript b/source3/wscript
 index 6209472c6c8..65961851e17 100644
 --- a/source3/wscript
 +++ b/source3/wscript
@@ -807,34 +807,39 @@ msg.msg_accrightslen = sizeof(fd);
     if Options.options.with_utmp:
         conf.env.with_utmp = True
 -        if not conf.CHECK_HEADERS('utmp.h'): conf.env.with_utmp = False
 -        conf.CHECK_FUNCS('pututline pututxline updwtmp updwtmpx getutmpx getutxent')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_name', headers='utmp.h',
 +        if not conf.CHECK_HEADERS('utmpx.h') and not conf.CHECK_HEADERS('utmp.h'):
 +            conf.env.with_utmp = False
 +        if conf.CONFIG_SET('HAVE_UTMPX_H'):
 +            conf.DEFINE('STRUCT_UTMP', 'struct utmpx')
 +        elif conf.CONFIG_SET('HAVE_UTMP_H'):
 +            conf.DEFINE('STRUCT_UTMP', 'struct utmp')
 +        conf.CHECK_FUNCS('pututxline getutxid getutxline updwtmpx getutmpx setutxent endutxent')
 +        conf.CHECK_FUNCS('pututline getutid getutline updwtmp getutmp setutent endutent')
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_name', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_NAME')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_user', headers='utmp.h',
 +
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_user', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_USER')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_id', headers='utmp.h',
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_id', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_ID')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_host', headers='utmp.h',
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_host', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_HOST')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_time', headers='utmp.h',
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_time', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_TIME')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_tv', headers='utmp.h',
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_tv', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_TV')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_type', headers='utmp.h',
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_type', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_TYPE')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_pid', headers='utmp.h',
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_pid', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_PID')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmp', 'ut_exit.e_exit', headers='utmp.h',
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_exit.e_exit', headers='utmpx.h utmp.h',
                                     define='HAVE_UT_UT_EXIT')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_syslen', headers='utmpx.h',
 -                                    define='HAVE_UX_UT_SYSLEN')
 -        conf.CHECK_STRUCTURE_MEMBER('struct utmpx', 'ut_host', headers='utmpx.h',
 -                                    define='HAVE_UX_UT_HOST')
 +        conf.CHECK_STRUCTURE_MEMBER('STRUCT_UTMP', 'ut_syslen', headers='utmpx.h utmp.h',
 +                                    define='HAVE_UT_UT_SYSLEN')
         conf.CHECK_CODE('struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);',
                         'PUTUTLINE_RETURNS_UTMP', headers='utmp.h',
                         msg="Checking whether pututline returns pointer")
 -        conf.CHECK_SIZEOF(['((struct utmp *)NULL)->ut_line'], headers='utmp.h',
 +        conf.CHECK_SIZEOF(['((STRUCT_UTMP *)NULL)->ut_line'], headers='utmpx.h utmp.h',
                           define='SIZEOF_UTMP_UT_LINE', critical=False)
         if not conf.CONFIG_SET('SIZEOF_UTMP_UT_LINE'):
             conf.env.with_utmp = False
 -- 
 2.37.1
--- a/net/samba416.old/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch
+++ b/net/samba416.old/files/0023-Add-cmd_get_quota-test-function-into-vfstest-to-test.patch
@ -1,121 +0,0 @@
 From 2e927425e04d65027db5348b3e89a69a5e447556 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 03:07:40 +0200
 Subject: [PATCH 23/28] Add `cmd_get_quota()` test function into vfstest, to
 test disk quota interface.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/torture/cmd_vfs.c     | 78 +++++++++++++++++++++++++++++++++++
 source3/torture/wscript_build |  2 +-
 2 files changed, 79 insertions(+), 1 deletion(-)
 diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c
 index 38ce0dc4ff6..1bc4639d2a2 100644
 --- a/source3/torture/cmd_vfs.c
 +++ b/source3/torture/cmd_vfs.c
@@ -145,6 +145,83 @@ static NTSTATUS cmd_disk_free(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar
 	return NT_STATUS_OK;
 }
 +static NTSTATUS cmd_get_quota(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
 +{
 +	struct smb_filename *smb_fname = NULL;
 +	uint64_t bsize, dfree, dsize;
 +	enum SMB_QUOTA_TYPE qtype;
 +	SMB_DISK_QUOTA D;
 +	unid_t id;
 +	int r;
 +
 +	if (argc != 4) {
 +		printf("Usage: get_quota <path> [user|group] id\n");
 +		return NT_STATUS_OK;
 +	}
 +
 +	smb_fname = synthetic_smb_fname(talloc_tos(),
 +					argv[1],
 +					NULL,
 +					NULL,
 +					0,
 +					ssf_flags());
 +	if (smb_fname == NULL) {
 +		return NT_STATUS_NO_MEMORY;
 +	}
 +
 +	if(strcmp(argv[2], "user") == 0) {
 +		qtype = SMB_USER_FS_QUOTA_TYPE;
 +	}
 +	else if(strcmp(argv[2], "group") == 0) {
 +		qtype = SMB_GROUP_FS_QUOTA_TYPE;
 +	}
 +	else {
 +		printf("Usage: get_quota <path> [user|group] id\n");
 +		return NT_STATUS_OK;
 +	}
 +
 +	id.uid = atoi(argv[3]);
 +
 +	ZERO_STRUCT(D);
 +
 +	r = SMB_VFS_GET_QUOTA(vfs->conn, smb_fname, qtype, id, &D);
 +
 +	if (r == -1 && errno != ENOSYS) {
 +		return NT_STATUS_UNSUCCESSFUL;
 +	}
 +
 +	if (r == 0 && (D.qflags & QUOTAS_DENY_DISK) == 0) {
 +		return NT_STATUS_UNSUCCESSFUL;
 +	}
 +
 +	bsize = D.bsize;
 +	/* Use softlimit to determine disk space, except when it has been exceeded */
 +	if (
 +		(D.softlimit && D.curblocks >= D.softlimit) ||
 +		(D.hardlimit && D.curblocks >= D.hardlimit) ||
 +		(D.isoftlimit && D.curinodes >= D.isoftlimit) ||
 +		(D.ihardlimit && D.curinodes>=D.ihardlimit)
 +	) {
 +		dfree = 0;
 +		dsize = D.curblocks;
 +	} else if (D.softlimit==0 && D.hardlimit==0) {
 +		return NT_STATUS_UNSUCCESSFUL;
 +	} else {
 +		if (D.softlimit == 0) {
 +			D.softlimit = D.hardlimit;
 +		}
 +		dfree = D.softlimit - D.curblocks;
 +		dsize = D.softlimit;
 +	}
 +
 +	printf("get_quota: bsize = %lu, dfree = %lu, dsize = %lu\n",
 +			(unsigned long)bsize,
 +			(unsigned long)dfree,
 +			(unsigned long)dsize);
 +
 +	return NT_STATUS_OK;
 +}
 +
 static NTSTATUS cmd_opendir(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
 {
@@ -2257,6 +2334,7 @@ struct cmd_set vfs_commands[] = {
 	{ "connect",   cmd_connect,   "VFS connect()",    "connect" },
 	{ "disconnect",   cmd_disconnect,   "VFS disconnect()",    "disconnect" },
 	{ "disk_free",   cmd_disk_free,   "VFS disk_free()",    "disk_free <path>" },
 +	{ "get_quota",   cmd_get_quota,   "VFS get_quota()",    "get_quota <path> [user|group] id" },
 	{ "opendir",   cmd_opendir,   "VFS opendir()",    "opendir <fname>" },
 	{ "readdir",   cmd_readdir,   "VFS readdir()",    "readdir" },
 	{ "mkdir",   cmd_mkdir,   "VFS mkdir()",    "mkdir <path>" },
 diff --git a/source3/torture/wscript_build b/source3/torture/wscript_build
 index 0c4275de795..f75c4bfe2be 100644
 --- a/source3/torture/wscript_build
 +++ b/source3/torture/wscript_build
@@ -124,4 +124,4 @@ bld.SAMBA3_BINARY('vfstest',
                       smbconf
                       SMBREADLINE
                       ''',
 -                 for_selftest=True)
 +                 install=True)
 -- 
 2.37.1
--- a/net/samba416.old/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch
+++ b/net/samba416.old/files/0024-Cherry-pick-ZFS-provisioning-code-by-iXsystems-Inc.patch
@ -1,367 +0,0 @@
 From d3024a4a2ff8015932a26a9df08e8ea5ff12a959 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Thu, 4 Aug 2022 05:15:33 +0200
 Subject: [PATCH 24/28] Cherry-pick ZFS provisioning code by iXsystems Inc.
 * Check if sysvol is on filesystem with NFSv4 ACL's
 (cherry picked from commit ca86f52b78a7b6e7537454a69cf93e7b96210cba)
 * Only check targetdir if it is defined (I had assumed it was)
 (cherry picked from commit a29050cb2978ce23e3c04a859340dc2664c77a8a)
 * Kick samba a little bit into understanding NFSv4 ACL's
 (cherry picked from commit 1c7542ff4904b729e311e17464ee76582760c219)
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 python/samba/provision/__init__.py |  22 +++-
 source3/lib/sysacls.c              |  10 ++
 source3/param/loadparm.c           |  20 +++
 source3/smbd/pysmbd.c              | 189 ++++++++++++++++++++++++++++-
 4 files changed, 235 insertions(+), 6 deletions(-)
 diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
 index ff9b8fac916..20e41a9ad3e 100644
 --- a/python/samba/provision/__init__.py
 +++ b/python/samba/provision/__init__.py
@@ -1662,19 +1662,25 @@ def setsysvolacl(samdb, netlogon, sysvol, uid, gid, domainsid, dnsdomain,
         s3conf = s3param.get_context()
         s3conf.load(lp.configfile)
 -        file = tempfile.NamedTemporaryFile(dir=os.path.abspath(sysvol))
 +        sysvol_dir = os.path.abspath(sysvol)
 +
 +        set_simple_acl = smbd.set_simple_acl
 +        if smbd.has_nfsv4_acls(sysvol_dir):
 +            set_simple_acl = smbd.set_simple_nfsv4_acl
 +
 +        file = tempfile.NamedTemporaryFile(dir=sysvol_dir)
         try:
             try:
 -                smbd.set_simple_acl(file.name, 0o755, system_session_unix(), gid)
 +                set_simple_acl(file.name, 0o755, system_session_unix(), gid)
             except OSError:
 -                if not smbd.have_posix_acls():
 +                if not smbd.have_posix_acls() and not smbd.have_nfsv4_acls():
                     # This clue is only strictly correct for RPM and
                     # Debian-like Linux systems, but hopefully other users
                     # will get enough clue from it.
 -                    raise ProvisioningError("Samba was compiled without the posix ACL support that s3fs requires.  "
 +                    raise ProvisioningError("Samba was compiled without the ACL support that s3fs requires.  "
                                             "Try installing libacl1-dev or libacl-devel, then re-run configure and make.")
 -                raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  "
 +                raise ProvisioningError("Your filesystem or build does not support ACLs, which s3fs requires.  "
                                         "Try the mounting the filesystem with the 'acl' option.")
             try:
                 smbd.chown(file.name, uid, gid, system_session_unix())
@@ -1959,6 +1965,9 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths,
         samdb.transaction_commit()
     if serverrole == "active directory domain controller":
 +        if targetdir and smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(targetdir):
 +            smbd.set_nfsv4_defaults()
 +
         # Continue setting up sysvol for GPO. This appears to require being
         # outside a transaction.
         if not skip_sysvolacl:
@@ -2313,6 +2322,9 @@ def provision(logger, session_info, smbconf=None,
             if not os.path.isdir(paths.netlogon):
                 os.makedirs(paths.netlogon, 0o755)
 +            if smbd.have_nfsv4_acls() and smbd.has_nfsv4_acls(paths.sysvol):
 +                smbd.set_nfsv4_defaults()
 +
         if adminpass is None:
             adminpass = samba.generate_random_password(12, 32)
             adminpass_generated = True
 diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
 index 891fabea21e..d1357a47bd0 100644
 --- a/source3/lib/sysacls.c
 +++ b/source3/lib/sysacls.c
@@ -38,6 +38,16 @@
 #include "modules/vfs_aixacl.h"
 #endif
 +/*
 + * NFSv4 ACL's should be understood and a first class citizen. Work
 + * needs to be done in librpc/idl/smb_acl.idl for this to occur.
 + */
 +#if defined(HAVE_LIBSUNACL) && defined(FREEBSD)
 +#if 0
 +#include "modules/nfs4_acls.h"
 +#endif
 +#endif
 +
 #undef  DBGC_CLASS
 #define DBGC_CLASS DBGC_ACLS
 diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
 index 21e061939e3..4e23fdaaf6d 100644
 --- a/source3/param/loadparm.c
 +++ b/source3/param/loadparm.c
@@ -2830,9 +2830,29 @@ static void init_locals(void)
 		} else {
 			if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
 				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
 +			/*
 +			 * By default, the samba sysvol is located in the statedir. Provisioning will fail in setntacl
 +			 * unless we have zfacl enabled. Unfortunately, at this point the smb.conf has not been generated.
 +			 * This workaround is freebsd-specific.
 +			 */
 +#if defined(_PC_ACL_EXTENDED)
 +			} else if (pathconf(lp_state_directory(), _PC_ACL_EXTENDED) == 1) {
 +				lp_do_parameter(-1, "vfs objects", "dfs_samba4 freebsd");
 +#endif
 +#if defined(_PC_ACL_NFS4)
 +			} else if (pathconf(lp_state_directory(), _PC_ACL_NFS4) == 1) {
 +				lp_do_parameter(-1, "vfs objects", "dfs_samba4 zfsacl");
 +#endif
 			} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
 				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
 			} else {
 +				/*
 +				 * This should only set dfs_samba4 and leave acl_xattr
 +				 * to be set later (or zfsacl). The only reason the decision
 +				 * can't be made here to load acl_xattr or zfsacl is
 +				 * that we don't have access to what the target
 +				 * directory is.
 +				 */
 				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
 			}
 		}
 diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
 index 88cbf62a680..867010ea6cd 100644
 --- a/source3/smbd/pysmbd.c
 +++ b/source3/smbd/pysmbd.c
@@ -485,6 +485,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_CTX *mem_ctx,
 	return acl;
 }
 +static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
 +					gid_t gid,
 +					mode_t chmod_mode)
 +{
 +	/*
 +	 * This function needs to create an NFSv4 ACL. Currently, the only way
 +	 * to do so is to use the operating system interface, or to use the
 +	 * functions in source3/modules/nfs4_acls.c. These seems ugly and
 +	 * hacky. NFSv4 ACL's should be a first class citizen and
 +	 * librpc/idl/smb_acl.idl should be modified accordingly.
 +	 */
 +	return NULL;
 +}
 +
 /*
   set a simple ACL on a file, as a test
  */
@@ -557,6 +571,84 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
 	Py_RETURN_NONE;
 }
 +
 +/*
 +  set a simple NFSv4 ACL on a file, as a test
 + */
 +static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
 +{
 +	const char * const kwnames[] = {
 +		"fname",
 +		"mode",
 +		"session_info",
 +		"gid",
 +		"service",
 +		NULL
 +	};
 +	char *fname, *service = NULL;
 +	PyObject *py_session = Py_None;
 +	struct auth_session_info *session_info = NULL;
 +	int ret;
 +	int mode, gid = -1;
 +	SMB_ACL_T acl;
 +	TALLOC_CTX *frame;
 +	connection_struct *conn;
 +
 +	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "siO|iz",
 +					 discard_const_p(char *, kwnames),
 +					 &fname,
 +					 &mode,
 +					 &py_session,
 +					 &gid,
 +					 &service))
 +		return NULL;
 +
 +	if (!py_check_dcerpc_type(py_session,
 +				  "samba.dcerpc.auth",
 +				  "session_info")) {
 +		return NULL;
 +	}
 +	session_info = pytalloc_get_type(py_session,
 +					 struct auth_session_info);
 +	if (session_info == NULL) {
 +		PyErr_Format(PyExc_TypeError,
 +			     "Expected auth_session_info for session_info argument got %s",
 +			     pytalloc_get_name(py_session));
 +		return NULL;
 +	}
 +
 +	frame = talloc_stackframe();
 +
 +	acl = make_simple_nfsv4_acl(frame, gid, mode);
 +	if (acl == NULL) {
 +		TALLOC_FREE(frame);
 +		Py_RETURN_NONE;
 +	}
 +
 +	conn = get_conn_tos(service, session_info);
 +	if (!conn) {
 +		TALLOC_FREE(frame);
 +		Py_RETURN_NONE;
 +	}
 +
 +	/*
 +	 * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
 +	 */
 +	ret = 0;
 +
 +	/* ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn); */
 +
 +	if (ret != 0) {
 +		TALLOC_FREE(frame);
 +		errno = ret;
 +		return PyErr_SetFromErrno(PyExc_OSError);
 +	}
 +
 +	TALLOC_FREE(frame);
 +
 +	Py_RETURN_NONE;
 +}
 +
 /*
   chown a file
  */
@@ -744,7 +836,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs
 }
 /*
 -  check if we have ACL support
 +  check if we have POSIX.1e ACL support
  */
 static PyObject *py_smbd_have_posix_acls(PyObject *self,
 		PyObject *Py_UNUSED(ignored))
@@ -756,6 +848,83 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self,
 #endif
 }
 +static PyObject *py_smbd_has_posix_acls(PyObject *self, PyObject *args, PyObject *kwargs)
 +{
 +	const char * const kwnames[] = { "path", NULL };
 +	char *path = NULL;
 +	TALLOC_CTX *frame;
 +	struct statfs fs;
 +	int ret = false;
 +
 +	frame = talloc_stackframe();
 +
 +	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
 +					 discard_const_p(char *, kwnames), &path)) {
 +		TALLOC_FREE(frame);
 +		return NULL;
 +	}
 +
 +	if (statfs(path, &fs) != 0) {
 +		TALLOC_FREE(frame);
 +		return NULL;
 +	}
 +
 +	if (fs.f_flags & MNT_ACLS)
 +		ret = true;
 +
 +	TALLOC_FREE(frame);
 +	return PyBool_FromLong(ret);
 +}
 +
 +/*
 +  check if we have NFSv4 ACL support
 + */
 +static PyObject *py_smbd_have_nfsv4_acls(PyObject *self)
 +{
 +#ifdef HAVE_LIBSUNACL
 +	return PyBool_FromLong(true);
 +#else
 +	return PyBool_FromLong(false);
 +#endif
 +}
 +
 +static PyObject *py_smbd_has_nfsv4_acls(PyObject *self, PyObject *args, PyObject *kwargs)
 +{
 +	const char * const kwnames[] = { "path", NULL };
 +	char *path = NULL;
 +	TALLOC_CTX *frame;
 +	struct statfs fs;
 +	int ret = false;
 +
 +	frame = talloc_stackframe();
 +
 +	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|z",
 +					 discard_const_p(char *, kwnames), &path)) {
 +		TALLOC_FREE(frame);
 +		return NULL;
 +	}
 +
 +	if (statfs(path, &fs) != 0) {
 +		TALLOC_FREE(frame);
 +		return NULL;
 +	}
 +
 +	if (fs.f_flags & MNT_NFS4ACLS)
 +		ret = true;
 +
 +	TALLOC_FREE(frame);
 +	return PyBool_FromLong(ret);
 +}
 +
 +
 +static PyObject *py_smbd_set_nfsv4_defaults(PyObject *self)
 +{
 +	/*
 +	 * It is really be done in source3/param/loadparm.c
 +	 */
 +	Py_RETURN_NONE;
 +}
 +
 /*
   set the NT ACL on a file
  */
@@ -1242,10 +1411,28 @@ static PyMethodDef py_smbd_methods[] = {
 	{ "have_posix_acls",
 		(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
 		NULL },
 +	{ "has_posix_acls",
 +		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_posix_acls),
 +		METH_VARARGS|METH_KEYWORDS,
 +		NULL },
 +	{ "have_nfsv4_acls",
 +		(PyCFunction)py_smbd_have_nfsv4_acls, METH_NOARGS,
 +		NULL },
 +	{ "has_nfsv4_acls",
 +		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_has_nfsv4_acls),
 +		METH_VARARGS|METH_KEYWORDS,
 +		NULL },
 +	{ "set_nfsv4_defaults",
 +		(PyCFunction)py_smbd_set_nfsv4_defaults, METH_NOARGS,
 +		NULL },
 	{ "set_simple_acl",
 		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_acl),
 		METH_VARARGS|METH_KEYWORDS,
 		NULL },
 +	{ "set_simple_nfsv4_acl",
 +		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_simple_nfsv4_acl),
 +		METH_VARARGS|METH_KEYWORDS,
 +		NULL },
 	{ "set_nt_acl",
 		PY_DISCARD_FUNC_SIG(PyCFunction, py_smbd_set_nt_acl),
 		METH_VARARGS|METH_KEYWORDS,
 -- 
 2.37.1
--- a/net/samba416.old/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch
+++ b/net/samba416.old/files/0025-From-d9b748869a8f4018ebee302aae8246bf29f60309-Mon-Se.patch
@ -1,101 +0,0 @@
 From 6e79023af14210a6435ab18ada8097253b8b16b6 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Mon, 31 May 2021 01:38:49 +0200
 Subject: [PATCH 25/28] From d9b748869a8f4018ebee302aae8246bf29f60309 Mon Sep
 17 00:00:00 2001 From: "Timur I. Bakeyev" <timur@iXsystems.com> Date: Fri, 1
 Jun 2018 01:35:08 +0800 Subject: [PATCH] vfs_fruit: allow broken
 AFP_Signature where the first byte is 0
 FreeBSD bug ... caused the first byte of the AFP_AfpInfo xattr to be 0
 instead of 'A'. This hack allows such broken AFP_AfpInfo blobs to be
 parsed by afpinfo_unpack().
 FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
 Signed-off-by: Ralph Boehme <slow@samba.org>
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/lib/adouble.c       | 20 ++++++++++++++++----
 source3/modules/vfs_fruit.c | 19 ++++++++++++++++++-
 2 files changed, 34 insertions(+), 5 deletions(-)
 diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c
 index aa78007dadd..ca99dcff193 100644
 --- a/source3/lib/adouble.c
 +++ b/source3/lib/adouble.c
@@ -2830,6 +2830,8 @@ ssize_t afpinfo_pack(const AfpInfo *ai, char *buf)
 	return AFP_INFO_SIZE;
 }
 +#define BROKEN_FREEBSD_AFP_Signature 0x00465000
 +
 /**
  * Unpack a buffer into a AfpInfo structure
  *
@@ -2847,12 +2849,22 @@ AfpInfo *afpinfo_unpack(TALLOC_CTX *ctx, const void *data)
 	ai->afpi_Version = RIVAL(data, 4);
 	ai->afpi_BackupTime = RIVAL(data, 12);
 	memcpy(ai->afpi_FinderInfo, (const char *)data + 16,
 -	       sizeof(ai->afpi_FinderInfo));
 +		sizeof(ai->afpi_FinderInfo));
 +
 +	if (ai->afpi_Signature != AFP_Signature) {
 +		DBG_WARNING("Bad AFP signature [%x]\n", ai->afpi_Signature);
 +
 +		if (ai->afpi_Signature != BROKEN_FREEBSD_AFP_Signature) {
 +			DBG_ERR("Bad AfpInfo signature\n");
 +			TALLOC_FREE(ai);
 +			return NULL;
 +		}
 +	}
 -	if (ai->afpi_Signature != AFP_Signature
 -	    || ai->afpi_Version != AFP_Version) {
 -		DEBUG(1, ("Bad AfpInfo signature or version\n"));
 +	if (ai->afpi_Version != AFP_Version) {
 +		DBG_ERR("Bad AfpInfo version\n");
 		TALLOC_FREE(ai);
 +		return NULL;
 	}
 	return ai;
 diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
 index 303df41258e..428f95fd7d9 100644
 --- a/source3/modules/vfs_fruit.c
 +++ b/source3/modules/vfs_fruit.c
@@ -2300,6 +2300,7 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
 				       size_t n, off_t offset)
 {
 	struct fio *fio = fruit_get_complete_fio(handle, fsp);
 +	char *p = (char *)data;
 	ssize_t nread;
 	int ret;
@@ -2308,7 +2309,23 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
 	}
 	nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
 -	if (nread == -1 || nread == n) {
 +	if (nread <= 0) {
 +		/*
 +		 * fruit_meta_open_stream() removes O_CREAT flag
 +		 * from xattr open. This results in vfs_streams_xattr
 +		 * not generating an FSP extension for the files_struct
 +		 * and causes subsequent pread() of stream to return
 +		 * nread=0 if pread() occurs before pwrite().
 +		 */
 +		return nread;
 +	}
 +
 +	if (nread == n) {
 +		if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
 +			DBG_NOTICE("Fixing AFP_Info of [%s]\n",
 +				    fsp_str_dbg(fsp));
 +			p[0] = 'A';
 +		}
 		return nread;
 	}
 -- 
 2.37.1
--- a/net/samba416.old/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch
+++ b/net/samba416.old/files/0026-vfs-add-a-compatibility-option-to-the-vfs_streams_xa.patch
@ -1,336 +0,0 @@
 From 2d73ccb27ffcdf419d569260fcca6e9ee3b9538a Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Thu, 29 Sep 2022 03:24:26 +0200
 Subject: [PATCH 26/28] vfs: add a compatibility option to the
 vfs_streams_xattr
 When enabled, the module does not append a trailing 0
 byte to the end of the extended attribute data.
 This is primarily a consideration when the administrator
 wishes to expose extended attributes that have been written
 by another application as alternate data streams via
 Samba.
 An example where this parameter may be required is when
 migrating a netatalk share to Samba. See manpage for
 vfs_fruit for additional considerations regarding
 Netatalk and Samba compatibility.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 docs-xml/manpages/vfs_streams_xattr.8.xml | 25 ++++++
 source3/modules/vfs_streams_xattr.c       | 95 +++++++++++++++++------
 2 files changed, 97 insertions(+), 23 deletions(-)
 diff --git a/docs-xml/manpages/vfs_streams_xattr.8.xml b/docs-xml/manpages/vfs_streams_xattr.8.xml
 index 6645928c016..0f38d510a82 100644
 --- a/docs-xml/manpages/vfs_streams_xattr.8.xml
 +++ b/docs-xml/manpages/vfs_streams_xattr.8.xml
@@ -71,6 +71,31 @@
 	    </listitem>
 	  </varlistentry>
 +	  <varlistentry>
 +	    <term>streams_xattr:xattr_compat = [yes|no]</term>
 +	    <listitem>
 +	      <para>When enabled, the module does not append a trailing 0
 +	      byte to the end of the extended attribute data. This parameter
 +	      must not be changed once data has been written to the share
 +	      since it may result in dropping the last byte from xattr data.
 +
 +	      This is primarily a consideration when the administrator
 +	      wishes to expose extended attributes that have been written
 +	      by another application as alternate data streams via
 +	      Samba.
 +
 +	      An example where this parameter may be required is when
 +	      migrating a netatalk share to Samba. See manpage for
 +	      vfs_fruit for additional considerations regarding
 +	      Netatalk and Samba compatibility.
 +
 +	      WARNING: this parameter must not be changed on existing
 +	      Samba shares or new shares that export paths currently
 +	      or previously have been shared by Samba.
 +	      The default is <command>yes</command>.</para>
 +	    </listitem>
 +	  </varlistentry>
 +
 	</variablelist>
 </refsect1>
 diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
 index b69a4f342f5..070111e3ee9 100644
 --- a/source3/modules/vfs_streams_xattr.c
 +++ b/source3/modules/vfs_streams_xattr.c
@@ -35,6 +35,7 @@ struct streams_xattr_config {
 	const char *prefix;
 	size_t prefix_len;
 	bool store_stream_type;
 +	int xattr_compat_bytes;
 };
 struct stream_io {
@@ -45,22 +46,28 @@ struct stream_io {
 	vfs_handle_struct *handle;
 };
 -static ssize_t get_xattr_size_fsp(struct files_struct *fsp,
 +static ssize_t get_xattr_size_fsp(vfs_handle_struct *handle,
 +				  struct files_struct *fsp,
 			          const char *xattr_name)
 {
 	NTSTATUS status;
 	struct ea_struct ea;
 	ssize_t result;
 +	struct streams_xattr_config *config = NULL;
 +
 +	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
 +				return -1);
 	status = get_ea_value_fsp(talloc_tos(),
 				  fsp,
 				  xattr_name,
 				  &ea);
 +
 	if (!NT_STATUS_IS_OK(status)) {
 		return -1;
 	}
 -	result = ea.value.length-1;
 +	result = ea.value.length - config->xattr_compat_bytes;
 	TALLOC_FREE(ea.value.data);
 	return result;
 }
@@ -197,7 +204,8 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp,
 		return -1;
 	}
 -	sbuf->st_ex_size = get_xattr_size_fsp(fsp->base_fsp,
 +	sbuf->st_ex_size = get_xattr_size_fsp(handle,
 +					      fsp->base_fsp,
 					      io->xattr_name);
 	if (sbuf->st_ex_size == -1) {
 		SET_STAT_INVALID(*sbuf);
@@ -273,7 +281,7 @@ static int streams_xattr_stat(vfs_handle_struct *handle,
 		fsp = fsp->base_fsp;
 	}
 -	smb_fname->st.st_ex_size = get_xattr_size_fsp(fsp,
 +	smb_fname->st.st_ex_size = get_xattr_size_fsp(handle, fsp,
 						      xattr_name);
 	if (smb_fname->st.st_ex_size == -1) {
 		TALLOC_FREE(xattr_name);
@@ -308,6 +316,7 @@ static int streams_xattr_lstat(vfs_handle_struct *handle,
 		errno = ENOENT;
 		return -1;
 	}
 +
 	return SMB_VFS_NEXT_LSTAT(handle, smb_fname);
 }
@@ -346,6 +355,11 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
 	/*
 	 * For now assert this, so the below SMB_VFS_SETXATTR() works.
 	 */
 +#ifdef O_EMPTY_PATH
 +	if (flags & O_EMPTY_PATH) {
 +		return vfs_fake_fd();
 +	}
 +#endif
 	SMB_ASSERT(fsp_get_pathref_fd(dirfsp) == AT_FDCWD);
 	status = streams_xattr_get_name(handle, talloc_tos(),
@@ -355,6 +369,8 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
 		goto fail;
 	}
 +	fsp->fsp_flags.have_proc_fds = fsp->conn->have_proc_fds;
 +
 	status = get_ea_value_fsp(talloc_tos(),
 				  fsp->base_fsp,
 				  xattr_name,
@@ -393,7 +409,8 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
 		 */
 		/*
 -		 * Darn, xattrs need at least 1 byte
 +		 * If xattr_compat_bytes is set we need to
 +		 * provide one extra trailing byte
 		 */
 		char null = '\0';
@@ -402,7 +419,8 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
 		ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
 				       xattr_name,
 -				       &null, sizeof(null),
 +				       (config->xattr_compat_bytes) ? &null : NULL,
 +				       (config->xattr_compat_bytes) ? sizeof(null) : 0,
 				       flags & O_EXCL ? XATTR_CREATE : 0);
 		if (ret != 0) {
 			goto fail;
@@ -411,13 +429,13 @@ static int streams_xattr_openat(struct vfs_handle_struct *handle,
 	fakefd = vfs_fake_fd();
 -        sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
 -        if (sio == NULL) {
 -                errno = ENOMEM;
 -                goto fail;
 -        }
 +	sio = VFS_ADD_FSP_EXTENSION(handle, fsp, struct stream_io, NULL);
 +	if (sio == NULL) {
 +		errno = ENOMEM;
 +		goto fail;
 +	}
 -        sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
 +	sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
 					xattr_name);
 	if (sio->xattr_name == NULL) {
 		errno = ENOMEM;
@@ -823,12 +841,16 @@ static bool collect_one_stream(struct ea_struct *ea, void *private_data)
 {
 	struct streaminfo_state *state =
 		(struct streaminfo_state *)private_data;
 +	struct streams_xattr_config *config = NULL;
 +
 +	SMB_VFS_HANDLE_GET_DATA(state->handle, config, struct streams_xattr_config,
 +				return false);
 	if (!add_one_stream(state->mem_ctx,
 			    &state->num_streams, &state->streams,
 -			    ea->name, ea->value.length-1,
 +			    ea->name, ea->value.length - config->xattr_compat_bytes,
 			    smb_roundup(state->handle->conn,
 -					ea->value.length-1))) {
 +					ea->value.length - config->xattr_compat_bytes))) {
 		state->status = NT_STATUS_NO_MEMORY;
 		return false;
 	}
@@ -890,6 +912,7 @@ static int streams_xattr_connect(vfs_handle_struct *handle,
 	const char *default_prefix = SAMBA_XATTR_DOSSTREAM_PREFIX;
 	const char *prefix;
 	int rc;
 +	bool xattr_compat;
 	rc = SMB_VFS_NEXT_CONNECT(handle, service, user);
 	if (rc != 0) {
@@ -920,6 +943,13 @@ static int streams_xattr_connect(vfs_handle_struct *handle,
 						 "store_stream_type",
 						 true);
 +	xattr_compat = lp_parm_bool(SNUM(handle->conn),
 +				    "streams_xattr",
 +				    "xattr_compat",
 +				    true);
 +
 +        config->xattr_compat_bytes = xattr_compat ? 0 : 1;
 +
 	SMB_VFS_HANDLE_SET_DATA(handle, config,
 				NULL, struct stream_xattr_config,
 				return -1);
@@ -936,6 +966,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
 	struct ea_struct ea;
 	NTSTATUS status;
 	int ret;
 +	struct streams_xattr_config *config = NULL;
 	DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n));
@@ -947,6 +978,9 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
 		return -1;
 	}
 +	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
 +				return -1);
 +
 	if ((offset + n) >= lp_smbd_max_xattr_size(SNUM(handle->conn))) {
 		/*
 		 * Requested write is beyond what can be read based on
@@ -976,11 +1010,11 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
 		return -1;
 	}
 -        if ((offset + n) > ea.value.length-1) {
 +        if ((offset + n) > ea.value.length - config->xattr_compat_bytes) {
 		uint8_t *tmp;
 		tmp = talloc_realloc(talloc_tos(), ea.value.data, uint8_t,
 -					   offset + n + 1);
 +					   offset + n + config->xattr_compat_bytes);
 		if (tmp == NULL) {
 			TALLOC_FREE(ea.value.data);
@@ -988,8 +1022,10 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
                         return -1;
                 }
 		ea.value.data = tmp;
 -		ea.value.length = offset + n + 1;
 -		ea.value.data[offset+n] = 0;
 +		ea.value.length = offset + n + config->xattr_compat_bytes;
 +		if (config->xattr_compat_bytes) {
 +			ea.value.data[offset+n] = 0;
 +		}
         }
         memcpy(ea.value.data + offset, data, n);
@@ -1017,6 +1053,11 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle,
 	struct ea_struct ea;
 	NTSTATUS status;
 	size_t length, overlap;
 +	struct smb_filename *smb_fname_base = NULL;
 +	struct streams_xattr_config *config = NULL;
 +
 +	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
 +				return -1);
 	DEBUG(10, ("streams_xattr_pread: offset=%d, size=%d\n",
 		   (int)offset, (int)n));
@@ -1037,7 +1078,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle,
 		return -1;
 	}
 -	length = ea.value.length-1;
 +	length = ea.value.length - config->xattr_compat_bytes;
 	DBG_DEBUG("get_ea_value_fsp returned %d bytes\n",
 		   (int)length);
@@ -1225,6 +1266,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle,
         struct stream_io *sio =
 		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
 +	struct smb_filename *smb_fname_base = NULL;
 +	struct streams_xattr_config *config = NULL;
 +
 +	SMB_VFS_HANDLE_GET_DATA(handle, config, struct streams_xattr_config,
 +				return -1);
 +
 	DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n",
 		   fsp_str_dbg(fsp), (double)offset));
@@ -1254,14 +1301,16 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle,
 	}
 	/* Did we expand ? */
 -	if (ea.value.length < offset + 1) {
 +	if (ea.value.length < offset + config->xattr_compat_bytes) {
 		memset(&tmp[ea.value.length], '\0',
 -			offset + 1 - ea.value.length);
 +			offset + config->xattr_compat_bytes - ea.value.length);
 	}
 	ea.value.data = tmp;
 -	ea.value.length = offset + 1;
 -	ea.value.data[offset] = 0;
 +	ea.value.length = offset + config->xattr_compat_bytes;
 +	if (config->xattr_compat_bytes) {
 +		ea.value.data[offset] = 0;
 +	}
 	ret = SMB_VFS_FSETXATTR(fsp->base_fsp,
 				sio->xattr_name,
 -- 
 2.37.1
--- a/net/samba416.old/files/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch
+++ b/net/samba416.old/files/0027-Add-VFS-module-vfs_freebsd-that-implements-FreeBSD-s.patch
@ -1,932 +0,0 @@
 From f07e384150e53b18c3ea298f9a1ea588fb89e19b Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sat, 29 May 2021 03:58:01 +0200
 Subject: [PATCH 27/28] Add VFS module vfs_freebsd that implements FreeBSD
 specific wrappers to some VFS functions.
 At the moment that is configurable mapping between Linux xattrs and
 FreeBSD extended attributes.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 docs-xml/manpages/vfs_freebsd.8.xml | 169 +++++++
 docs-xml/wscript_build              |   1 +
 source3/modules/vfs_freebsd.c       | 699 ++++++++++++++++++++++++++++
 source3/modules/wscript_build       |   7 +
 4 files changed, 876 insertions(+)
 create mode 100644 docs-xml/manpages/vfs_freebsd.8.xml
 create mode 100644 source3/modules/vfs_freebsd.c
 diff --git a/docs-xml/manpages/vfs_freebsd.8.xml b/docs-xml/manpages/vfs_freebsd.8.xml
 new file mode 100644
 index 00000000000..6640a1c51f7
 --- /dev/null
 +++ b/docs-xml/manpages/vfs_freebsd.8.xml
@@ -0,0 +1,169 @@
 +<?xml version="1.0" encoding="iso-8859-1"?>
 +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
 +<refentry id="vfs_freebsd.8">
 +
 +<refmeta>
 +	<refentrytitle>vfs_freebsd</refentrytitle>
 +	<manvolnum>8</manvolnum>
 +	<refmiscinfo class="source">Samba</refmiscinfo>
 +	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
 +	<refmiscinfo class="version">&doc.version;</refmiscinfo>
 +</refmeta>
 +
 +<refnamediv>
 +	<refname>vfs_freebsd</refname>
 +	<refpurpose>FreeBSD-specific VFS functions</refpurpose>
 +</refnamediv>
 +
 +<refsynopsisdiv>
 +	<cmdsynopsis>
 +		<command>vfs objects = freebsd</command>
 +	</cmdsynopsis>
 +</refsynopsisdiv>
 +
 +<refsect1>
 +	<title>DESCRIPTION</title>
 +
 +	<para>This VFS module is part of the <citerefentry><refentrytitle>samba</refentrytitle>
 +	<manvolnum>7</manvolnum></citerefentry> suite.</para>
 +
 +	<para>The <command>vfs_freebsd</command> module implements some of the FreeBSD-specific VFS functions.</para>
 +
 +	<para>This module is stackable.</para>
 +</refsect1>
 +
 +
 +<refsect1>
 +	<title>OPTIONS</title>
 +
 +	<variablelist>
 +
 +	<varlistentry>
 +		<term>freebsd:extattr mode=[legacy|compat|secure]</term>
 +		<listitem>
 +		<para>This parameter defines how the emulation of the Linux attr(5) extended attributes
 +		is performed through the FreeBSD native extattr(9) system calls.</para>
 +
 +		<para>Currently the <emphasis>security</emphasis>, <emphasis>system</emphasis>,
 +		<emphasis>trusted</emphasis> and <emphasis>user</emphasis> extended attribute(xattr)
 +		classes are defined in Linux. Contrary FreeBSD has only <emphasis>USER</emphasis>
 +		and <emphasis>SYSTEM</emphasis> extended attribute(extattr) namespaces, so mapping
 +		of one set into another isn't straightforward and can be done in different ways.</para>
 +
 +		<para>Historically the Samba(7) built-in xattr mapping implementation simply converted
 +		<emphasis>system</emphasis> and <emphasis>user</emphasis> xattr into corresponding
 +		<emphasis>SYSTEM</emphasis> and <emphasis>USER</emphasis> extattr namespaces, dropping
 +		the class prefix name with the separating dot and using attribute name only within the
 +		mapped namespace. It also rejected any other xattr classes, like <emphasis>security</emphasis>
 +		and <emphasis>trusted</emphasis> as invalid. Such behavior in particular broke AD
 +		provisioning on UFS2 file systems as essential <emphasis>security.NTACL</emphasis>
 +		xattr was rejected as invalid.</para>
 +
 +		<para>This module tries to address this problem and provide secure, where it's possible,
 +		way to map Linux xattr into FreeBSD's extattr.</para>
 +
 +		<para>When <emphasis>mode</emphasis> is set to the <emphasis>legacy (default)</emphasis>
 +		then modified version of built-in mapping is used, where <emphasis>system</emphasis> xattr
 +		is mapped into SYSTEM namespace, while <emphasis>secure</emphasis>, <emphasis>trusted</emphasis>
 +		and <emphasis>user</emphasis> xattr are all mapped into the USER namespace, dropping class
 +		prefixes and mix them all together. This is the way how Samba FreeBSD ports were patched
 +		up to the 4.9 version and that created multiple potential security issues. This mode is aimed for
 +		the compatibility with the legacy installations only and should be avoided in new setups.</para>
 +
 +		<para>The <emphasis>compat</emphasis> mode is mostly designed for the jailed environments,
 +		where it's not possible to write extattrs into the secure SYSTEM namespace, so all four
 +		classes are mapped into the USER namespace. To preserve information about origin of the
 +		extended attribute it is stored together with the class preffix in the <emphasis>class.attribute</emphasis>
 +		format.</para>
 +
 +		<para>The <emphasis>secure</emphasis> mode is meant for storing extended attributes in a secure
 +		manner, so that <emphasis>security</emphasis>, <emphasis>system</emphasis> and <emphasis>trusted</emphasis>
 +		are stored in the SYSTEM namespace, which can be modified only by root.
 +		</para>
 +		</listitem>
 +	</varlistentry>
 +
 +
 +	</variablelist>
 +</refsect1>
 +
 +<refsect1>
 +	<table frame="all" rowheader="firstcol">
 +		<title>Attributes mapping</title>
 +		<tgroup cols='5' align='left' colsep='1' rowsep='1'>
 +		<thead>
 +			<row>
 +			<entry> </entry>
 +			<entry>built-in</entry>
 +			<entry>legacy</entry>
 +			<entry>compat/jail</entry>
 +			<entry>secure</entry>
 +			</row>
 +		</thead>
 +		<tbody>
 +			<row>
 +			<entry>user</entry>
 +			<entry>USER; attribute</entry>
 +			<entry>USER; attribute</entry>
 +			<entry>USER; user.attribute</entry>
 +			<entry>USER; user.attribute</entry>
 +			</row>
 +			<row>
 +			<entry>system</entry>
 +			<entry>SYSTEM; attribute</entry>
 +			<entry>SYSTEM; attribute</entry>
 +			<entry>USER; system.attribute</entry>
 +			<entry>SYSTEM; system.attribute</entry>
 +			</row>
 +			<row>
 +			<entry>trusted</entry>
 +			<entry>FAIL</entry>
 +			<entry>USER; attribute</entry>
 +			<entry>USER; trusted.attribute</entry>
 +			<entry>SYSTEM; trusted.attribute</entry>
 +			</row>
 +			<row>
 +			<entry>security</entry>
 +			<entry>FAIL</entry>
 +			<entry>USER; attribute</entry>
 +			<entry>USER; security.attribute</entry>
 +			<entry>SYSTEM; security.attribute</entry>
 +			</row>
 +		</tbody>
 +		</tgroup>
 +	</table>
 +</refsect1>
 +
 +<refsect1>
 +	<title>EXAMPLES</title>
 +
 +	<para>Use secure method of setting extended attributes on the share:</para>
 +
 +<programlisting>
 +	<smbconfsection name="[sysvol]"/>
 +	<smbconfoption name="vfs objects">freebsd</smbconfoption>
 +	<smbconfoption name="freebsd:extattr mode">secure</smbconfoption>
 +</programlisting>
 +
 +</refsect1>
 +
 +<refsect1>
 +	<title>VERSION</title>
 +
 +	<para>This man page is part of version &doc.version; of the Samba suite.
 +	</para>
 +</refsect1>
 +
 +<refsect1>
 +	<title>AUTHOR</title>
 +
 +	<para>The original Samba software and related utilities
 +	were created by Andrew Tridgell. Samba is now developed
 +	by the Samba Team as an Open Source project similar
 +	to the way the Linux kernel is developed.</para>
 +
 +	<para>This module was written by Timur I. Bakeyev</para>
 +
 +</refsect1>
 +
 +</refentry>
 diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
 index c8c4b68e514..4dc4b34ca40 100644
 --- a/docs-xml/wscript_build
 +++ b/docs-xml/wscript_build
@@ -86,6 +86,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
                        'vfs_extd_audit',
                        'vfs_fake_perms',
                        'vfs_fileid',
 +                       'vfs_freebsd',
                        'vfs_fruit',
                        'vfs_full_audit',
                        'vfs_glusterfs',
 diff --git a/source3/modules/vfs_freebsd.c b/source3/modules/vfs_freebsd.c
 new file mode 100644
 index 00000000000..07d26d9c516
 --- /dev/null
 +++ b/source3/modules/vfs_freebsd.c
@@ -0,0 +1,699 @@
 +/*
 + * This module implements VFS calls specific to FreeBSD
 + *
 + * Copyright (C) Timur I. Bakeyev, 2018
 + *
 + * This program is free software; you can redistribute it and/or modify
 + * it under the terms of the GNU General Public License as published by
 + * the Free Software Foundation; either version 3 of the License, or
 + * (at your option) any later version.
 + *
 + * This program is distributed in the hope that it will be useful,
 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 + * GNU General Public License for more details.
 + *
 + * You should have received a copy of the GNU General Public License
 + * along with this program; if not, see <http://www.gnu.org/licenses/>.
 + */
 +
 +#include "includes.h"
 +
 +#include "lib/util/tevent_unix.h"
 +#include "lib/util/tevent_ntstatus.h"
 +#include "system/filesys.h"
 +#include "smbd/smbd.h"
 +
 +#include <sys/sysctl.h>
 +
 +static int vfs_freebsd_debug_level = DBGC_VFS;
 +
 +#undef DBGC_CLASS
 +#define DBGC_CLASS vfs_freebsd_debug_level
 +
 +#ifndef EXTATTR_MAXNAMELEN
 +#define EXTATTR_MAXNAMELEN		UINT8_MAX
 +#endif
 +
 +#define EXTATTR_NAMESPACE(NS)		EXTATTR_NAMESPACE_ ## NS, \
 +					EXTATTR_NAMESPACE_ ## NS ## _STRING ".", \
 +					.data.len = (sizeof(EXTATTR_NAMESPACE_ ## NS ## _STRING ".") - 1)
 +
 +#define EXTATTR_EMPTY			0x00
 +#define EXTATTR_USER			0x01
 +#define EXTATTR_SYSTEM			0x02
 +#define EXTATTR_SECURITY		0x03
 +#define EXTATTR_TRUSTED			0x04
 +
 +enum extattr_mode {
 +	FREEBSD_EXTATTR_SECURE,
 +	FREEBSD_EXTATTR_COMPAT,
 +	FREEBSD_EXTATTR_LEGACY
 +};
 +
 +struct freebsd_handle_data {
 +	enum extattr_mode extattr_mode;
 +};
 +
 +typedef struct {
 +	int namespace;
 +	char name[EXTATTR_MAXNAMELEN+1];
 +	union {
 +		uint16_t len;
 +		uint16_t flags;
 +	} data;
 +} extattr_attr;
 +
 +static const struct enum_list extattr_mode_param[] = {
 +	{ FREEBSD_EXTATTR_SECURE, "secure" },		/*  */
 +	{ FREEBSD_EXTATTR_COMPAT, "compat" },		/*  */
 +	{ FREEBSD_EXTATTR_LEGACY, "legacy" },		/*  */
 +	{ -1, NULL }
 +};
 +
 +/* XXX: This order doesn't match namespace ids order! */
 +static extattr_attr extattr[] = {
 +	{ EXTATTR_NAMESPACE(EMPTY) },
 +	{ EXTATTR_NAMESPACE(SYSTEM) },
 +	{ EXTATTR_NAMESPACE(USER) },
 +};
 +
 +
 +static bool freebsd_in_jail(void) {
 +	int val = 0;
 +	size_t val_len = sizeof(val);
 +
 +	if((sysctlbyname("security.jail.jailed", &val, &val_len, NULL, 0) != -1) && val == 1) {
 +		return true;
 +	}
 +	return false;
 +}
 +
 +
 +static uint16_t freebsd_map_attrname(const char *name)
 +{
 +	if(name == NULL || name[0] == '\0') {
 +		return EXTATTR_EMPTY;
 +	}
 +
 +	switch(name[0]) {
 +		case 'u':
 +			if(strncmp(name, "user.", 5) == 0)
 +				return EXTATTR_USER;
 +			break;
 +		case 't':
 +			if(strncmp(name, "trusted.", 8) == 0)
 +				return EXTATTR_TRUSTED;
 +			break;
 +		case 's':
 +			/* name[1] could be any character, including '\0' */
 +			switch(name[1]) {
 +				case 'e':
 +					if(strncmp(name, "security.", 9) == 0)
 +						return EXTATTR_SECURITY;
 +					break;
 +				case 'y':
 +					if(strncmp(name, "system.", 7) == 0)
 +						return EXTATTR_SYSTEM;
 +					break;
 +			}
 +			break;
 +	}
 +	return EXTATTR_USER;
 +}
 +
 +
 +/* security, system, trusted or user */
 +static extattr_attr* freebsd_map_xattr(enum extattr_mode extattr_mode, const char *name, extattr_attr *attr)
 +{
 +	int attrnamespace = EXTATTR_NAMESPACE_EMPTY;
 +	const char *p, *attrname = name;
 +
 +	if(name == NULL || name[0] == '\0') {
 +		return NULL;
 +	}
 +
 +	if(attr == NULL) {
 +		return NULL;
 +	}
 +
 +	uint16_t flags = freebsd_map_attrname(name);
 +
 +	switch(flags) {
 +		case EXTATTR_SECURITY:
 +		case EXTATTR_TRUSTED:
 +		case EXTATTR_SYSTEM:
 +			attrnamespace = (extattr_mode == FREEBSD_EXTATTR_SECURE) ?
 +					EXTATTR_NAMESPACE_SYSTEM :
 +					EXTATTR_NAMESPACE_USER;
 +			break;
 +		case EXTATTR_USER:
 +			attrnamespace = EXTATTR_NAMESPACE_USER;
 +			break;
 +		default:
 +			/* Default to "user" namespace if nothing else was specified */
 +			attrnamespace = EXTATTR_NAMESPACE_USER;
 +			flags = EXTATTR_USER;
 +			break;
 +	}
 +
 +	if (extattr_mode == FREEBSD_EXTATTR_LEGACY) {
 +		switch(flags) {
 +			case EXTATTR_SECURITY:
 +				attrname = name + 9;
 +				break;
 +			case EXTATTR_TRUSTED:
 +				attrname = name + 8;
 +				break;
 +			case EXTATTR_SYSTEM:
 +				attrname = name + 7;
 +				break;
 +			case EXTATTR_USER:
 +				attrname = name + 5;
 +				break;
 +			default:
 +				attrname = ((p=strchr(name, '.')) != NULL) ? p + 1 : name;
 +				break;
 +		}
 +	}
 +
 +	attr->namespace = attrnamespace;
 +	attr->data.flags = flags;
 +	strlcpy(attr->name, attrname, EXTATTR_MAXNAMELEN + 1);
 +
 +	return attr;
 +}
 +
 +
 +static ssize_t extattr_size(struct files_struct *fsp, extattr_attr *attr)
 +{
 +	ssize_t result;
 +
 +	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
 +
 +	int fd = fsp_get_pathref_fd(fsp);
 +
 +	if (fsp->fsp_flags.is_pathref) {
 +		const char *path = fsp->fsp_name->base_name;
 +		if (fsp->fsp_flags.have_proc_fds) {
 +			char buf[PATH_MAX];
 +			path = sys_proc_fd_path(fd, buf, sizeof(buf));
 +			if (path == NULL) {
 +				return -1;
 +			}
 +		}
 +		/*
 +		 * This is no longer a handle based call.
 +		 */
 +		return extattr_get_file(path, attr->namespace, attr->name, NULL, 0);
 +	}
 +	else {
 +		return extattr_get_fd(fd, attr->namespace, attr->name, NULL, 0);
 +	}
 +}
 +
 +/*
 + * The list of names is returned as an unordered array of NULL-terminated
 + * character strings (attribute names are separated by NULL characters),
 + * like this:
 + *      user.name1\0system.name1\0user.name2\0
 + *
 + * Filesystems like ext2, ext3 and XFS which implement POSIX ACLs using
 + * extended attributes, might return a list like this:
 + *      system.posix_acl_access\0system.posix_acl_default\0
 + */
 +/*
 + * The extattr_list_file() returns a list of attributes present in the
 + * requested namespace. Each list entry consists of a single byte containing
 + * the length of the attribute name, followed by the attribute name. The
 + * attribute name is not terminated by ASCII 0 (nul).
 +*/
 +static ssize_t freebsd_extattr_list(struct files_struct *fsp, enum extattr_mode extattr_mode, char *list, size_t size)
 +{
 +	ssize_t list_size, total_size = 0;
 +	char *p, *q, *list_end;
 +	int len;
 +	/*
 +	 Ignore all but user namespace when we are not root or in jail
 +	 See: https://bugzilla.samba.org/show_bug.cgi?id=10247
 +	*/
 +	bool as_root = (geteuid() == 0);
 +
 +	int ns = (extattr_mode == FREEBSD_EXTATTR_SECURE && as_root) ? 1 : 2;
 +
 +	int fd = fsp_get_pathref_fd(fsp);
 +
 +	/* Iterate through extattr(2) namespaces */
 +	for(; ns < ARRAY_SIZE(extattr); ns++) {
 +		list_size = -1;
 +
 +		if (fsp->fsp_flags.is_pathref) {
 +			const char *path = fsp->fsp_name->base_name;
 +			if (fsp->fsp_flags.have_proc_fds) {
 +				char buf[PATH_MAX];
 +				path = sys_proc_fd_path(fd, buf, sizeof(buf));
 +				if (path == NULL) {
 +					return -1;
 +				}
 +			}
 +			/*
 +			 * This is no longer a handle based call.
 +			 */
 +			list_size = extattr_list_file(path, extattr[ns].namespace, list, size);
 +		}
 +		else {
 +			list_size = extattr_list_fd(fd, extattr[ns].namespace, list, size);
 +		}
 +		/* Some error happend. Errno should be set by the previous call */
 +		if(list_size < 0)
 +			return -1;
 +		/* No attributes in this namespace */
 +		if(list_size == 0)
 +			continue;
 +		/*
 +		 Call with an empty buffer may be used to calculate
 +		 necessary buffer size.
 +		*/
 +		if(list == NULL) {
 +			/*
 +			 XXX: Unfortunately, we can't say, how many attributes were
 +			 returned, so here is the potential problem with the emulation.
 +			*/
 +			if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
 +				/*
 +				 Take the worse case of one char attribute names -
 +				 two bytes per name plus one more for sanity.
 +				*/
 +				total_size += list_size + (list_size/2 + 1)*extattr[ns].data.len;
 +			}
 +			else {
 +				total_size += list_size;
 +			}
 +			continue;
 +		}
 +
 +		if(extattr_mode == FREEBSD_EXTATTR_LEGACY) {
 +			/* Count necessary offset to fit namespace prefixes */
 +			int extra_len = 0;
 +			uint16_t flags;
 +			list_end = list + list_size;
 +			for(list_size = 0, p = q = list; p < list_end; p += len) {
 +				len = p[0] + 1;
 +				(void)strlcpy(q, p + 1, len);
 +				flags = freebsd_map_attrname(q);
 +				/* Skip secure attributes for non-root user */
 +				if(extattr_mode != FREEBSD_EXTATTR_SECURE && !as_root && flags > EXTATTR_USER) {
 +					continue;
 +				}
 +				if(flags <= EXTATTR_USER) {
 +					/* Don't count trailing '\0' */
 +					extra_len += extattr[ns].data.len;
 +				}
 +				list_size += len;
 +				q += len;
 +			}
 +			total_size += list_size + extra_len;
 +			/* Buffer is too small to fit the results */
 +			if(total_size > size) {
 +				errno = ERANGE;
 +				return -1;
 +			}
 +			/* Shift results backwards, so we can prepend prefixes */
 +			list_end = list + extra_len;
 +			p = (char*)memmove(list_end, list, list_size);
 +			/*
 +			 We enter the loop with `p` pointing to the shifted list and
 +			 `extra_len` having the total margin between `list` and `p`
 +			*/
 +			for(list_end += list_size; p < list_end; p += len) {
 +				len = strlen(p) + 1;
 +				flags = freebsd_map_attrname(p);
 +				if(flags <= EXTATTR_USER) {
 +					/* Add namespace prefix */
 +					(void)strncpy(list, extattr[ns].name, extattr[ns].data.len);
 +					list += extattr[ns].data.len;
 +				}
 +				/* Append attribute name */
 +				(void)strlcpy(list, p, len);
 +				list += len;
 +			}
 +		}
 +		else {
 +			/* Convert UCSD strings into nul-terminated strings */
 +			for(list_end = list + list_size; list < list_end; list += len) {
 +				len = list[0] + 1;
 +				(void)strlcpy(list, list + 1, len);
 +			}
 +			total_size += list_size;
 +		}
 +	}
 +	return total_size;
 +}
 +
 +/*
 +static ssize_t freebsd_fgetxattr_size(struct vfs_handle_struct *handle,
 +				     struct files_struct *fsp,
 +				     const char *name)
 +{
 +	struct freebsd_handle_data *data;
 +	extattr_attr attr;
 +
 +	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
 +
 +	SMB_VFS_HANDLE_GET_DATA(handle, data,
 +				struct freebsd_handle_data,
 +				return -1);
 +
 +	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
 +		errno = EINVAL;
 +		return -1;
 +	}
 +
 +	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
 +		errno = ENOATTR;
 +		return -1;
 +	}
 +
 +	return extattr_size(fsp, &attr);
 +}
 +*/
 +
 +/* VFS entries */
 +static ssize_t freebsd_fgetxattr(struct vfs_handle_struct *handle,
 +				 struct files_struct *fsp,
 +				 const char *name,
 +				 void *value,
 +				 size_t size)
 +{
 +#if defined(HAVE_XATTR_EXTATTR)
 +	struct freebsd_handle_data *data;
 +	extattr_attr attr;
 +	ssize_t res;
 +	int fd;
 +
 +	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
 +
 +	SMB_VFS_HANDLE_GET_DATA(handle, data,
 +				struct freebsd_handle_data,
 +				return -1);
 +
 +	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
 +		errno = EINVAL;
 +		return -1;
 +	}
 +
 +	/* Filter out 'secure' entries */
 +	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
 +		errno = ENOATTR;
 +		return -1;
 +	}
 +
 +	/*
 +	 * The BSD implementation has a nasty habit of silently truncating
 +	 * the returned value to the size of the buffer, so we have to check
 +	 * that the buffer is large enough to fit the returned value.
 +	 */
 +	if((res=extattr_size(fsp, &attr)) < 0) {
 +		return -1;
 +	}
 +
 +	if (size == 0) {
 +		return res;
 +	}
 +	else if (res > size) {
 +		errno = ERANGE;
 +		return -1;
 +	}
 +
 +	fd = fsp_get_pathref_fd(fsp);
 +
 +	if (fsp->fsp_flags.is_pathref) {
 +		const char *path = fsp->fsp_name->base_name;
 +		if (fsp->fsp_flags.have_proc_fds) {
 +			char buf[PATH_MAX];
 +			path = sys_proc_fd_path(fd, buf, sizeof(buf));
 +			if (path == NULL) {
 +				return -1;
 +			}
 +		}
 +		/*
 +		 * This is no longer a handle based call.
 +		 */
 +		return extattr_get_file(path, attr.namespace, attr.name, value, size);
 +	}
 +	else {
 +		return extattr_get_fd(fd, attr.namespace, attr.name, value, size);
 +	}
 +	return -1;
 +#else
 +	errno = ENOSYS;
 +	return -1;
 +#endif
 +}
 +
 +
 +static ssize_t freebsd_flistxattr(struct vfs_handle_struct *handle,
 +				  struct files_struct *fsp,
 +				  char *list,
 +				  size_t size)
 +{
 +#if defined(HAVE_XATTR_EXTATTR)
 +	struct freebsd_handle_data *data;
 +
 +	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
 +
 +	SMB_VFS_HANDLE_GET_DATA(handle, data,
 +				struct freebsd_handle_data,
 +				return -1);
 +
 +	return freebsd_extattr_list(fsp, data->extattr_mode, list, size);
 +#else
 +	errno = ENOSYS;
 +	return -1;
 +#endif
 +}
 +
 +
 +static int freebsd_fremovexattr(struct vfs_handle_struct *handle,
 +				struct files_struct *fsp,
 +				const char *name)
 +{
 +#if defined(HAVE_XATTR_EXTATTR)
 +	struct freebsd_handle_data *data;
 +	extattr_attr attr;
 +	int fd;
 +
 +	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
 +
 +	SMB_VFS_HANDLE_GET_DATA(handle, data,
 +				struct freebsd_handle_data,
 +				return -1);
 +
 +	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
 +		errno = EINVAL;
 +		return -1;
 +	}
 +
 +	/* Filter out 'secure' entries */
 +	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
 +		errno = ENOATTR;
 +		return -1;
 +	}
 +
 +	fd = fsp_get_pathref_fd(fsp);
 +
 +	if (fsp->fsp_flags.is_pathref) {
 +		const char *path = fsp->fsp_name->base_name;
 +		if (fsp->fsp_flags.have_proc_fds) {
 +			char buf[PATH_MAX];
 +			path = sys_proc_fd_path(fd, buf, sizeof(buf));
 +			if (path == NULL) {
 +				return -1;
 +			}
 +		}
 +		/*
 +		 * This is no longer a handle based call.
 +		 */
 +		return extattr_delete_file(path, attr.namespace, attr.name);
 +	}
 +	else {
 +		return extattr_delete_fd(fd, attr.namespace, attr.name);
 +	}
 +	return -1;
 +#else
 +	errno = ENOSYS;
 +	return -1;
 +#endif
 +}
 +
 +
 +static int freebsd_fsetxattr(struct vfs_handle_struct *handle,
 +			     struct files_struct *fsp,
 +			     const char *name,
 +			     const void *value,
 +			     size_t size,
 +			     int flags)
 +{
 +#if defined(HAVE_XATTR_EXTATTR)
 +	struct freebsd_handle_data *data;
 +	extattr_attr attr;
 +	ssize_t res;
 +	int fd;
 +
 +	SMB_ASSERT(!fsp_is_alternate_stream(fsp));
 +
 +	SMB_VFS_HANDLE_GET_DATA(handle, data,
 +				struct freebsd_handle_data,
 +				return -1);
 +
 +	if(!freebsd_map_xattr(data->extattr_mode, name, &attr)) {
 +		errno = EINVAL;
 +		return -1;
 +	}
 +
 +	/* Filter out 'secure' entries */
 +	if(data->extattr_mode != FREEBSD_EXTATTR_SECURE && geteuid() != 0 && attr.data.flags > EXTATTR_USER) {
 +		errno = ENOATTR;
 +		return -1;
 +	}
 +
 +	if (flags) {
 +		/* Check attribute existence */
 +		res = extattr_size(fsp, &attr);
 +		if (res < 0) {
 +			/* REPLACE attribute, that doesn't exist */
 +			if ((flags & XATTR_REPLACE) && errno == ENOATTR) {
 +				errno = ENOATTR;
 +				return -1;
 +			}
 +			/* Ignore other errors */
 +		}
 +		else {
 +			/* CREATE attribute, that already exists */
 +			if (flags & XATTR_CREATE) {
 +				errno = EEXIST;
 +				return -1;
 +			}
 +		}
 +	}
 +
 +	fd = fsp_get_pathref_fd(fsp);
 +
 +	if (fsp->fsp_flags.is_pathref) {
 +		const char *path = fsp->fsp_name->base_name;
 +		if (fsp->fsp_flags.have_proc_fds) {
 +			char buf[PATH_MAX];
 +			path = sys_proc_fd_path(fd, buf, sizeof(buf));
 +			if (path == NULL) {
 +				return -1;
 +			}
 +		}
 +		/*
 +		 * This is no longer a handle based call.
 +		 */
 +		res = extattr_set_file(path, attr.namespace, attr.name, value, size);
 +	}
 +	else {
 +		res = extattr_set_fd(fd, attr.namespace, attr.name, value, size);
 +	}
 +	return (res >= 0) ? 0 : -1;
 +#else
 +	errno = ENOSYS;
 +	return -1;
 +#endif
 +}
 +
 +
 +static int freebsd_connect(struct vfs_handle_struct *handle,
 +			   const char *service,
 +			   const char *user)
 +{
 +	struct freebsd_handle_data *data;
 +	int enumval, saved_errno;
 +
 +	int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
 +
 +	if (ret < 0) {
 +		return ret;
 +	}
 +
 +	data = talloc_zero(handle->conn, struct freebsd_handle_data);
 +	if (!data) {
 +		saved_errno = errno;
 +		SMB_VFS_NEXT_DISCONNECT(handle);
 +		DEBUG(0, ("talloc_zero() failed\n"));
 +		errno = saved_errno;
 +		return -1;
 +	}
 +
 +	enumval = lp_parm_enum(SNUM(handle->conn), "freebsd",
 +			       "extattr mode", extattr_mode_param, FREEBSD_EXTATTR_LEGACY);
 +	if (enumval == -1) {
 +		saved_errno = errno;
 +		SMB_VFS_NEXT_DISCONNECT(handle);
 +		DBG_DEBUG("value for freebsd: 'extattr mode' is unknown\n");
 +		errno = saved_errno;
 +		return -1;
 +	}
 +
 +	if(freebsd_in_jail()) {
 +		enumval = FREEBSD_EXTATTR_COMPAT;
 +		DBG_WARNING("running in jail, enforcing 'compat' mode\n");
 +	}
 +
 +	data->extattr_mode = (enum extattr_mode)enumval;
 +
 +	SMB_VFS_HANDLE_SET_DATA(handle, data, NULL,
 +				struct freebsd_handle_data,
 +				return -1);
 +
 +	DBG_DEBUG("connect to service[%s] with '%s' extattr mode\n",
 +		  service, extattr_mode_param[data->extattr_mode].name);
 +
 +	return 0;
 +}
 +
 +
 +static void freebsd_disconnect(vfs_handle_struct *handle)
 +{
 +	SMB_VFS_NEXT_DISCONNECT(handle);
 +}
 +
 +/* VFS operations structure */
 +
 +struct vfs_fn_pointers freebsd_fns = {
 +	/* Disk operations */
 +	.connect_fn = freebsd_connect,
 +	.disconnect_fn = freebsd_disconnect,
 +
 +	/* EA operations. */
 +	.getxattrat_send_fn = vfs_not_implemented_getxattrat_send,
 +	.getxattrat_recv_fn = vfs_not_implemented_getxattrat_recv,
 +	.fgetxattr_fn = freebsd_fgetxattr,
 +	.flistxattr_fn = freebsd_flistxattr,
 +	.fremovexattr_fn = freebsd_fremovexattr,
 +	.fsetxattr_fn = freebsd_fsetxattr,
 +};
 +
 +static_decl_vfs;
 +NTSTATUS vfs_freebsd_init(TALLOC_CTX *ctx)
 +{
 +	NTSTATUS ret;
 +
 +	ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "freebsd",
 +				&freebsd_fns);
 +
 +	if (!NT_STATUS_IS_OK(ret)) {
 +		return ret;
 +	}
 +
 +	vfs_freebsd_debug_level = debug_add_class("freebsd");
 +	if (vfs_freebsd_debug_level == -1) {
 +		vfs_freebsd_debug_level = DBGC_VFS;
 +		DEBUG(0, ("vfs_freebsd: Couldn't register custom debugging class!\n"));
 +	} else {
 +		DEBUG(10, ("vfs_freebsd: Debug class number of 'fileid': %d\n", vfs_freebsd_debug_level));
 +	}
 +
 +	return ret;
 +}
 diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
 index ff318c3fa06..f88d054d524 100644
 --- a/source3/modules/wscript_build
 +++ b/source3/modules/wscript_build
@@ -636,6 +636,13 @@ bld.SAMBA3_MODULE('vfs_delay_inject',
                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_delay_inject'),
                  install=False)
 +bld.SAMBA3_MODULE('vfs_freebsd',
 +                 subsystem='vfs',
 +                 source='vfs_freebsd.c',
 +                 init_function='',
 +                 internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_freebsd'),
 +                 enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_freebsd'))
 +
 bld.SAMBA3_MODULE('vfs_widelinks',
                  subsystem='vfs',
                  source='vfs_widelinks.c',
 -- 
 2.37.1
--- a/net/samba416.old/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch
+++ b/net/samba416.old/files/0028-s3-lib-system-add-FreeBSD-proc_fd_pattern.patch
@ -1,149 +0,0 @@
 From 584c69e77abb537a7345222648a397a9963c01b7 Mon Sep 17 00:00:00 2001
 From: "Timur I. Bakeyev" <timur@FreeBSD.org>
 Date: Sat, 15 Oct 2022 04:02:43 +0200
 Subject: [PATCH 28/28] s3:lib:system - add FreeBSD proc_fd_pattern
 Add support for FreeBSD equivalent of /proc/self/fd through a special
 fdescfs mount with option "nodup". This filesystem should be mounted
 either to the private $PIDDIR/fd/ directory or to /dev/fd in order to
 provide security and performance characteristics similar to Linux.
 Signed-off-by: Timur I. Bakeyev <timur@FreeBSD.org>
 ---
 source3/lib/system.c | 108 ++++++++++++++++++++++++++++++++++---------
 1 file changed, 87 insertions(+), 21 deletions(-)
 diff --git a/source3/lib/system.c b/source3/lib/system.c
 index 00d31692e00..d22ec08361c 100644
 --- a/source3/lib/system.c
 +++ b/source3/lib/system.c
@@ -1094,39 +1094,105 @@ int sys_get_number_of_cores(void)
 }
 #endif
 -static struct proc_fd_pattern {
 -	const char *pattern;
 -	const char *test_path;
 -} proc_fd_patterns[] = {
 -	/* Linux */
 -	{ "/proc/self/fd/%d", "/proc/self/fd/0" },
 -	{ NULL, NULL },
 +static bool freebsd_fdesc_check(const char *pattern)
 +{
 +	char fdesc_path[PATH_MAX];
 +	int fd, fd2;
 +
 +	fd = open(lp_pid_directory(), O_DIRECTORY);
 +	if (fd == -1) {
 +		DBG_ERR("%s: failed to open pid directory: %s\n",
 +			lp_pid_directory(), strerror(errno));
 +		return false;
 +	}
 +
 +	snprintf(fdesc_path, sizeof(fdesc_path), pattern, fd);
 +
 +	fd2 = open(fdesc_path, O_DIRECTORY);
 +	if (fd2 == -1) {
 +		/*
 +		 * Setting O_DIRECTORY on open of fdescfs mount
 +		 * without `nodup` option will fail with ENOTDIR.
 +		 */
 +		if (errno == ENOTDIR) {
 +			DBG_ERR("%s: fdescfs filesystem is not mounted with "
 +				"'nodup' option. This specific mount option is "
 +				"required in order to enable race-free handling "
 +				"of paths.\n"
 +				"See documentation for Samba's New VFS' "
 +				"for more details. The `nodup` mount option was "
 +				"introduced in FreeBSD 13.\n", fdesc_path);
 +			close(fd);
 +			return false;
 +		}
 +		DBG_ERR("%s: failed to open fdescfs path: %s\n",
 +			fdesc_path, strerror(errno));
 +		close(fd);
 +		return false;
 +	}
 +	close(fd);
 +	close(fd2);
 +
 +	return true;
 +}
 +
 +static char* linux_pattern(char *buf, size_t bufsize)
 +{
 +	char proc_fd_path[PATH_MAX];
 +	const char *pattern = "/proc/self/fd/%lu";
 +	struct stat sb;
 +
 +	snprintf(proc_fd_path, sizeof(proc_fd_path), pattern, 0);
 +	if(stat(proc_fd_path, &sb) == 0) {
 +		snprintf(buf, bufsize, "%s", pattern);
 +		return buf;
 +	}
 +	return NULL;
 +}
 +
 +static char* freebsd_pattern(char *buf, size_t bufsize) {
 +	const char** base;
 +	const char* base_dir[] = {
 +		lp_pid_directory(), /* This is a preffered location */
 +		"/dev",
 +		NULL
 +	};
 +
 +	for(base = &base_dir[0]; *base != NULL; base++) {
 +		snprintf(buf, bufsize, "%s/fd/%%lu", *base);
 +		if(freebsd_fdesc_check(buf)) {
 +			return buf;
 +		}
 +	}
 +	return NULL;
 +}
 +
 +static char* (*proc_fd_patterns[])(char *, size_t) = {
 +	linux_pattern,
 +	freebsd_pattern,
 +	NULL
 };
 -static const char *proc_fd_pattern;
 +static char proc_fd_pattern_buf[PATH_MAX];
 +static const char *proc_fd_pattern = NULL;
 bool sys_have_proc_fds(void)
 {
 -	static bool checked;
 -	static bool have_proc_fds;
 -	struct proc_fd_pattern *p = NULL;
 -	struct stat sb;
 -	int ret;
 +	static bool checked = false;
 +	static bool have_proc_fds = false;
 +	char* (**pattern_func)(char *, size_t) = NULL;
 	if (checked) {
 		return have_proc_fds;
 	}
 -	for (p = &proc_fd_patterns[0]; p->test_path != NULL; p++) {
 -		ret = stat(p->test_path, &sb);
 -		if (ret != 0) {
 -			continue;
 +	for (pattern_func = &proc_fd_patterns[0]; *pattern_func != NULL; pattern_func++) {
 +		if((*pattern_func)(proc_fd_pattern_buf, sizeof(proc_fd_pattern_buf)) != NULL) {
 +			have_proc_fds = true;
 +			proc_fd_pattern = proc_fd_pattern_buf;
 +			break;
 		}
 -		have_proc_fds = true;
 -		proc_fd_pattern = p->pattern;
 -		break;
 	}
 -
 	checked = true;
 	return have_proc_fds;
 }
 -- 
 2.37.1
--- a/net/samba416.old/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch
+++ b/net/samba416.old/files/0099-s3-modules-zfsacl-fix-get-set-ACL-on-FreeBSD-13.patch
@ -1,105 +0,0 @@
 From 4d27a5990311fdd4c73918781f91a3c18196b24c Mon Sep 17 00:00:00 2001
 From: Andrew Walker <awalker@ixsystems.com>
 Date: Fri, 12 Nov 2021 14:48:25 -0500
 Subject: [PATCH] s3:modules:zfsacl - fix get/set ACL on FreeBSD 13+
 FreeBSD 13 added support for O_PATH, which means
 that fsp being used in get_nt_acl() and set_nt_acl()
 will have O_PATH opens and we must use either the IO
 fd or use a procfd path for this.
 Signed-off-by: Andrew Walker <awalker@ixsystems.com>
 ---
 source3/modules/vfs_zfsacl.c | 62 ++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
 index 69a1db59249..0472de23825 100644
 --- a/source3/modules/vfs_zfsacl.c
 +++ b/source3/modules/vfs_zfsacl.c
@@ -235,12 +235,43 @@ static bool zfs_process_smbacl(vfs_handle_struct *handle, files_struct *fsp,
 	SMB_ASSERT(i == naces);
 	/* store acl */
 +#ifdef O_PATH
 +	if (fsp->fsp_flags.is_pathref) {
 +		const char *proc_fd_path = NULL;
 +		char buf[PATH_MAX];
 +
 +		if (!fsp->fsp_flags.have_proc_fds) {
 +			DBG_ERR("fdescfs filesystem must be mounted with 'nodup' "
 +				"option \n");
 +			errno = EBADF;
 +			return -1;
 +		}
 +
 +		fd = fsp_get_pathref_fd(fsp);
 +		proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
 +		if (proc_fd_path == NULL) {
 +			DBG_ERR("%s: failed to generate pathref fd for %d\n",
 +				fsp_str_dbg(fsp), fd);
 +			errno = EBADF;
 +			return -1;
 +		}
 +		rv = acl(proc_fd_path, ACE_SETACL, naces, acebuf);
 +	} else {
 +		fd = fsp_get_io_fd(fsp);
 +		if (fd == -1) {
 +			errno = EBADF;
 +			return false;
 +		}
 +		rv = facl(fd, ACE_SETACL, naces, acebuf);
 +	}
 +#else
 	fd = fsp_get_pathref_fd(fsp);
 	if (fd == -1) {
 		errno = EBADF;
 		return false;
 	}
 	rv = facl(fd, ACE_SETACL, naces, acebuf);
 +#endif
 	if (rv != 0) {
 		if(errno == ENOSYS) {
 			DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
@@ -321,7 +352,38 @@ static int fget_zfsacl(TALLOC_CTX *mem_ctx,
 	ace_t *acebuf = NULL;
 	int fd;
 +#ifdef O_PATH
 +	if (fsp->fsp_flags.is_pathref) {
 +		const char *proc_fd_path = NULL;
 +		char buf[PATH_MAX];
 +		struct smb_filename smb_fname;
 +
 +		if (!fsp->fsp_flags.have_proc_fds) {
 +			DBG_ERR("fdescfs filesystem must be mounted with 'nodup' "
 +				"option \n");
 +			errno = EBADF;
 +			return -1;
 +		}
 +
 +		fd = fsp_get_pathref_fd(fsp);
 +		proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
 +		if (proc_fd_path == NULL) {
 +			DBG_ERR("%s: failed to generate pathref fd for %d\n",
 +				fsp_str_dbg(fsp), fd);
 +			errno = EBADF;
 +			return -1;
 +		}
 +
 +		smb_fname = (struct smb_filename) {
 +			.base_name = discard_const_p(char, proc_fd_path)
 +		};
 +
 +		return get_zfsacl(mem_ctx, &smb_fname, outbuf);
 +	}
 +	fd = fsp_get_io_fd(fsp);
 +#else
 	fd = fsp_get_pathref_fd(fsp);
 +#endif
 	if (fd == -1) {
 		errno = EBADF;
 		return -1;
 -- 
 2.37.1
--- a/net/samba416.old/files/0099-s4-mitkdc-Add-support-for-MIT-Kerberos-1.20.patch
+++ b/net/samba416.old/files/0099-s4-mitkdc-Add-support-for-MIT-Kerberos-1.20.patch
@ -1,942 +0,0 @@
 From 74f71d2e97bc15350b05967e6cff590a6b287a21 Mon Sep 17 00:00:00 2001
 From: Andreas Schneider <asn@samba.org>
 Date: Mon, 4 Oct 2021 11:53:55 +0200
 Subject: [PATCH] s4:mitkdc: Add support for MIT Kerberos 1.20
 This also addresses CVE-2020-17049.
 MIT Kerberos 1.20 is in pre-release state at the time writing this commit. It
 will be released in autumn 2022. We need to support MIT Kerberos 1.19 till
 enough distributions have been released with MIT Kerberos 1.20.
 Pair-Programmed-With: Robbie Harwood <rharwood@redhat.com>
 Signed-off-by: Andreas Schneider <asn@samba.org>
 Signed-off-by: Robbie Harwood <rharwood@redhat.com>
 Reviewed-by: Stefan Metzmacher <metze@samba.org>
 ---
 .../samba/tests/krb5/compatability_tests.py   |   9 +-
 selftest/knownfail_mit_kdc                    |  25 +-
 selftest/knownfail_mit_kdc_1_20               |   9 +
 selftest/wscript                              |   6 +
 source4/kdc/mit-kdb/kdb_samba.c               |   7 +-
 source4/kdc/mit-kdb/kdb_samba.h               |  10 +
 source4/kdc/mit-kdb/kdb_samba_policies.c      | 125 ++++-
 source4/kdc/mit_samba.c                       | 481 +++++++++++++++++-
 source4/kdc/mit_samba.h                       |  11 +-
 source4/selftest/tests.py                     |   7 +-
 wscript_configure_system_mitkrb5              |   4 +
 11 files changed, 661 insertions(+), 33 deletions(-)
 create mode 100644 selftest/knownfail_mit_kdc_1_20
 diff --git a/python/samba/tests/krb5/compatability_tests.py b/python/samba/tests/krb5/compatability_tests.py
 index 44c2afd41dc..b862f381bc5 100755
 --- a/python/samba/tests/krb5/compatability_tests.py
 +++ b/python/samba/tests/krb5/compatability_tests.py
@@ -120,7 +120,12 @@ class SimpleKerberosTests(KDCBaseTest):
             self.fail(
                 "(Heimdal) Salt populated for ARCFOUR_HMAC_MD5 encryption")
 -    def test_heimdal_ticket_signature(self):
 +    # This tests also passes again Samba AD built with MIT Kerberos 1.20 which
 +    # is not released yet.
 +    #
 +    # FIXME: Should be moved to to a new kdc_tgt_tests.py once MIT KRB5 1.20
 +    # is released.
 +    def test_ticket_signature(self):
         # Ensure that a DC correctly issues tickets signed with its krbtgt key.
         user_creds = self.get_client_creds()
         target_creds = self.get_service_creds()
@@ -141,7 +146,7 @@ class SimpleKerberosTests(KDCBaseTest):
         self.verify_ticket(service_ticket, key, service_ticket=True,
                            expect_ticket_checksum=True)
 -    def test_mit_ticket_signature(self):
 +    def test_mit_pre_1_20_ticket_signature(self):
         # Ensure that a DC does not issue tickets signed with its krbtgt key.
         user_creds = self.get_client_creds()
         target_creds = self.get_service_creds()
 diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
 index 6d07ca4efb6..f9d5c4b0b46 100644
 --- a/selftest/knownfail_mit_kdc
 +++ b/selftest/knownfail_mit_kdc
@@ -294,8 +294,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 #
 # KDC TGS PAC tests
 #
 -^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_client_no_auth_data_required\(ad_dc\)
 -^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_client_no_auth_data_required\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_no_pac_service_no_auth_data_required\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac\(ad_dc\)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_remove_pac_client_no_auth_data_required\(ad_dc\)
@@ -321,7 +319,10 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 #
 ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_spn(?!_)
 ^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_spn_realm
 -
 +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_aes128_rc4.*fl2003dc
 +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_enc_timestamp_mac_aes128_rc4.*fl2003dc
 +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth.*aes.*rc4.*fl2003dc
 +^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth.*rc4.*aes.*fl2003dc
 # Differences in our KDC compared to windows
 #
 ^samba4.krb5.kdc .*.as-req-pac-request # We should reply to a request for a PAC over UDP with KRB5KRB_ERR_RESPONSE_TOO_BIG unconditionally
@@ -373,30 +374,14 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba4.blackbox.pkinit_pac.netr-mem-arcfour.s4u2proxy-arcfour.ad_dc_ntvfs:local
 ^samba4.blackbox.pkinit_pac.netr-mem-arcfour.verify-sig-arcfour.ad_dc:local
 ^samba4.blackbox.pkinit_pac.netr-mem-arcfour.verify-sig-arcfour.ad_dc_ntvfs:local
 -^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2000dc
 -^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2003dc
 -^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2008dc
 -^samba4.rpc.pac on ncacn_np.netr-bdc-aes.verify-sig-aes.fl2008r2dc
 -^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2000dc
 -^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2003dc
 -^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2008dc
 -^samba4.rpc.pac on ncacn_np.netr-bdc-arcfour.verify-sig-arcfour.fl2008r2dc
 ^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2000dc
 ^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2003dc
 ^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2008dc
 ^samba4.rpc.pac on ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2008r2dc
 -^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2000dc
 -^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2003dc
 -^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2008dc
 -^samba4.rpc.pac on ncacn_np.netr-mem-aes.verify-sig-aes.fl2008r2dc
 ^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2000dc
 ^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2003dc
 ^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2008dc
 ^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2008r2dc
 -^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2000dc
 -^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2003dc
 -^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2008dc
 -^samba4.rpc.pac on ncacn_np.netr-mem-arcfour.verify-sig-arcfour.fl2008r2dc
 #
 # Alias tests
 #
@@ -444,8 +429,6 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_false
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_none
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_rodc_validate_pac_request_true
 -^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_authdata_no_pac
 -^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_no_pac
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_req(?!_invalid)
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_allowed_denied
 ^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_denied
 diff --git a/selftest/knownfail_mit_kdc_1_20 b/selftest/knownfail_mit_kdc_1_20
 new file mode 100644
 index 00000000000..4a47ab974ae
 --- /dev/null
 +++ b/selftest/knownfail_mit_kdc_1_20
@@ -0,0 +1,9 @@
 +^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_pre_1_20_ticket_signature
 +#
 +# FAST tests
 +# https://github.com/krb5/krb5/pull/1225#issuecomment-996418770
 +#
 +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_fast_encrypted_challenge_as_req_self\(
 +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self\(
 +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_pac_request_none\(
 +^samba.tests.krb5.fast_tests.samba.tests.krb5.fast_tests.FAST_Tests.test_simple_as_req_self_pac_request_true\(
 diff --git a/selftest/wscript b/selftest/wscript
 index e207b87eeb8..c92b37bd5e1 100644
 --- a/selftest/wscript
 +++ b/selftest/wscript
@@ -260,6 +260,12 @@ def cmd_testonly(opt):
         env.OPTIONS += " --mitkrb5 --exclude=${srcdir}/selftest/skip_mit_kdc"
         env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\
                             "knownfail_mit_kdc"
 +
 +        if CONFIG_GET(opt, 'HAVE_MIT_KRB5_PRE_1_20'):
 +            env.FILTER_XFAIL += ' --expected-failures=${srcdir}/selftest/knownfail_mit_kdc_pre_1_20'
 +
 +        if CONFIG_GET(opt, 'HAVE_MIT_KRB5_1_20'):
 +            env.FILTER_XFAIL += ' --expected-failures=${srcdir}/selftest/knownfail_mit_kdc_1_20'
     else:
         env.FILTER_XFAIL += " --expected-failures=${srcdir}/selftest/"\
                             "knownfail_heimdal_kdc"
 diff --git a/source4/kdc/mit-kdb/kdb_samba.c b/source4/kdc/mit-kdb/kdb_samba.c
 index 02bbdca9f54..f5092f75873 100644
 --- a/source4/kdc/mit-kdb/kdb_samba.c
 +++ b/source4/kdc/mit-kdb/kdb_samba.c
@@ -166,10 +166,15 @@ kdb_vftabl kdb_function_table = {
 	.decrypt_key_data          = kdb_samba_dbekd_decrypt_key_data,
 	.encrypt_key_data          = kdb_samba_dbekd_encrypt_key_data,
 -	.sign_authdata             = kdb_samba_db_sign_auth_data,
 	.check_policy_as           = kdb_samba_db_check_policy_as,
 	.audit_as_req              = kdb_samba_db_audit_as_req,
 	.check_allowed_to_delegate = kdb_samba_db_check_allowed_to_delegate,
 	.free_principal_e_data     = kdb_samba_db_free_principal_e_data,
 +
 +#if KRB5_KDB_DAL_MAJOR_VERSION >= 9
 +	.issue_pac                 = kdb_samba_db_issue_pac,
 +#else
 +	.sign_authdata             = kdb_samba_db_sign_auth_data,
 +#endif
 };
 diff --git a/source4/kdc/mit-kdb/kdb_samba.h b/source4/kdc/mit-kdb/kdb_samba.h
 index e9613e2fc7e..dd97061130c 100644
 --- a/source4/kdc/mit-kdb/kdb_samba.h
 +++ b/source4/kdc/mit-kdb/kdb_samba.h
@@ -113,6 +113,16 @@ krb5_error_code kdb_samba_dbekd_encrypt_key_data(krb5_context context,
 						 krb5_key_data *key_data);
 /* from kdb_samba_policies.c */
 +krb5_error_code kdb_samba_db_issue_pac(krb5_context context,
 +				       unsigned int flags,
 +				       krb5_db_entry *client,
 +				       krb5_keyblock *replaced_reply_key,
 +				       krb5_db_entry *server,
 +				       krb5_db_entry *signing_krbtgt,
 +				       krb5_timestamp authtime,
 +				       krb5_pac old_pac,
 +				       krb5_pac new_pac,
 +				       krb5_data ***auth_indicators);
 krb5_error_code kdb_samba_db_sign_auth_data(krb5_context context,
 					    unsigned int flags,
 diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
 index 793fe366c35..cbc9bbb9dae 100644
 --- a/source4/kdc/mit-kdb/kdb_samba_policies.c
 +++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -190,6 +190,7 @@ static krb5_error_code ks_get_pac(krb5_context context,
 	return code;
 }
 +#if KRB5_KDB_DAL_MAJOR_VERSION < 9
 static krb5_error_code ks_verify_pac(krb5_context context,
 				     unsigned int flags,
 				     krb5_const_principal client_princ,
@@ -557,6 +558,128 @@ done:
 	return code;
 }
 +#else /* KRB5_KDB_DAL_MAJOR_VERSION >= 9 */
 +static krb5_error_code ks_update_pac(krb5_context context,
 +				     int flags,
 +				     krb5_db_entry *client,
 +				     krb5_db_entry *server,
 +				     krb5_db_entry *signing_krbtgt,
 +				     krb5_pac old_pac,
 +				     krb5_pac new_pac)
 +{
 +	struct mit_samba_context *mit_ctx = NULL;
 +	krb5_error_code code;
 +
 +	mit_ctx = ks_get_context(context);
 +	if (mit_ctx == NULL) {
 +		return KRB5_KDB_DBNOTINITED;
 +	}
 +
 +	code = mit_samba_update_pac(mit_ctx,
 +				    context,
 +				    flags,
 +				    client,
 +				    server,
 +				    signing_krbtgt,
 +				    old_pac,
 +				    new_pac);
 +	if (code != 0) {
 +		return code;
 +	}
 +
 +	return code;
 +}
 +
 +krb5_error_code kdb_samba_db_issue_pac(krb5_context context,
 +				       unsigned int flags,
 +				       krb5_db_entry *client,
 +				       krb5_keyblock *replaced_reply_key,
 +				       krb5_db_entry *server,
 +				       krb5_db_entry *signing_krbtgt,
 +				       krb5_timestamp authtime,
 +				       krb5_pac old_pac,
 +				       krb5_pac new_pac,
 +				       krb5_data ***auth_indicators)
 +{
 +	char *client_name = NULL;
 +	char *server_name = NULL;
 +	krb5_error_code code = EINVAL;
 +
 +	/* The KDC handles both signing and verification for us. */
 +
 +	if (client != NULL) {
 +		code = krb5_unparse_name(context,
 +					 client->princ,
 +					 &client_name);
 +		if (code != 0) {
 +			return code;
 +		}
 +	}
 +
 +	if (server != NULL) {
 +		code = krb5_unparse_name(context,
 +					 server->princ,
 +					 &server_name);
 +		if (code != 0) {
 +			SAFE_FREE(client_name);
 +			return code;
 +		}
 +	}
 +
 +	/*
 +	 * Get a new PAC for AS-REQ or S4U2Self for our realm.
 +	 *
 +	 * For a simple cross-realm S4U2Proxy there will be the following TGS
 +	 * requests after the client realm is identified:
 +	 *
 +	 * 1. server@SREALM to SREALM for krbtgt/CREALM@SREALM -- a regular TGS
 +	 *    request with server's normal TGT and no S4U2Self padata.
 +	 * 2. server@SREALM to CREALM for server@SREALM (expressed as an
 +	 *    enterprise principal), with the TGT from #1 as header ticket and
 +	 *    S4U2Self padata identifying the client.
 +	 * 3. server@SREALM to SREALM for server@SREALM with S4U2Self padata,
 +	 *    with the referral TGT from #2 as header ticket
 +	 *
 +	 * In request 2 the PROTOCOL_TRANSITION and CROSS_REALM flags are set,
 +	 * and the request is for a local client (so client != NULL) and we
 +	 * want to make a new PAC.
 +	 *
 +	 * In request 3 the PROTOCOL_TRANSITION and CROSS_REALM flags are also
 +	 * set, but the request is for a non-local client (so client == NULL)
 +	 * and we want to copy the subject PAC contained in the referral TGT.
 +	 */
 +	if (old_pac == NULL ||
 +	    (client != NULL && (flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION))) {
 +		DBG_NOTICE("Generate PAC for AS-REQ [client=%s, flags=%#08x]\n",
 +			   client_name != NULL ? client_name : "<unknown>",
 +			   flags);
 +
 +		code = ks_get_pac(context,
 +				  client,
 +				  server,
 +				  replaced_reply_key,
 +				  &new_pac);
 +	} else {
 +		DBG_NOTICE("Update PAC for TGS-REQ [client=%s, server=%s, "
 +			   "flags=%#08x]\n",
 +			   client_name != NULL ? client_name : "<unknown>",
 +			   server_name != NULL ? server_name : "<unknown>",
 +			   flags);
 +
 +		code = ks_update_pac(context,
 +				flags,
 +				client,
 +				server,
 +				signing_krbtgt,
 +				old_pac,
 +				new_pac);
 +	}
 +	SAFE_FREE(client_name);
 +	SAFE_FREE(server_name);
 +
 +	return code;
 +}
 +#endif /* KRB5_KDB_DAL_MAJOR_VERSION */
 krb5_error_code kdb_samba_db_check_allowed_to_delegate(krb5_context context,
 						       krb5_const_principal client,
@@ -635,4 +758,4 @@ void kdb_samba_db_audit_as_req(krb5_context context,
 	samba_bad_password_count(client, error_code);
 	/* TODO: perform proper audit logging for addresses */
 -}
 +}
 \ No newline at end of file
 diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
 index cb72b5de294..d58bbea4a5d 100644
 --- a/source4/kdc/mit_samba.c
 +++ b/source4/kdc/mit_samba.c
@@ -229,6 +229,27 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
 	sflags |= SDB_F_FORCE_CANON;
 #endif
 +#if KRB5_KDB_DAL_MAJOR_VERSION >= 9
 +	if (kflags & KRB5_KDB_FLAG_REFERRAL_OK) {
 +		sflags |= SDB_F_CANON;
 +	}
 +
 +	if (kflags & KRB5_KDB_FLAG_CLIENT) {
 +		sflags |= SDB_F_GET_CLIENT;
 +
 +		if (!(kflags & KRB5_KDB_FLAG_REFERRAL_OK)) {
 +			sflags |= SDB_F_FOR_AS_REQ;
 +		}
 +	} else if (ks_is_tgs_principal(ctx, principal)) {
 +		sflags |= SDB_F_GET_KRBTGT;
 +	} else {
 +		sflags |= SDB_F_GET_SERVER;
 +
 +		if (!(kflags & KRB5_KDB_FLAG_REFERRAL_OK)) {
 +			sflags |= SDB_F_FOR_TGS_REQ;
 +		}
 +	}
 +#else /* KRB5_KDB_DAL_MAJOR_VERSION < 9 */
 	if (kflags & KRB5_KDB_FLAG_CANONICALIZE) {
 		sflags |= SDB_F_CANON;
 	}
@@ -247,6 +268,7 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
 	} else {
 		sflags |= SDB_F_GET_SERVER|SDB_F_FOR_TGS_REQ;
 	}
 +#endif /* KRB5_KDB_DAL_MAJOR_VERSION */
 	/* always set this or the created_by data will not be populated by samba's
 	 * backend and we will fail to parse the entry later */
@@ -434,7 +456,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 		      krb5_context context,
 		      krb5_db_entry *client,
 		      krb5_db_entry *server,
 -		      krb5_keyblock *client_key,
 +		      krb5_keyblock *replaced_reply_key,
 		      krb5_pac *pac)
 {
 	TALLOC_CTX *tmp_ctx;
@@ -461,12 +483,10 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 		return ENOMEM;
 	}
 -#if 0 /* TODO Find out if this is a pkinit_reply key */
 	/* Check if we have a PREAUTH key */
 -	if (client_key != NULL) {
 +	if (replaced_reply_key != NULL) {
 		cred_ndr_ptr = &cred_ndr;
 	}
 -#endif
 	is_krbtgt = ks_is_tgs_principal(smb_ctx, server->princ);
@@ -488,9 +508,9 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 		return EINVAL;
 	}
 -	if (cred_ndr != NULL) {
 +	if (replaced_reply_key != NULL && cred_ndr != NULL) {
 		code = samba_kdc_encrypt_pac_credentials(context,
 -							 client_key,
 +							 replaced_reply_key,
 							 cred_ndr,
 							 tmp_ctx,
 							 &cred_blob);
@@ -514,6 +534,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 	return code;
 }
 +#if KRB5_KDB_DAL_MAJOR_VERSION < 9
 krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 				    krb5_context context,
 				    int flags,
@@ -999,6 +1020,454 @@ done:
 	talloc_free(tmp_ctx);
 	return code;
 }
 +#else
 +krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
 +				    krb5_context context,
 +				    int flags,
 +				    krb5_db_entry *client,
 +				    krb5_db_entry *server,
 +				    krb5_db_entry *krbtgt,
 +				    krb5_pac old_pac,
 +				    krb5_pac new_pac)
 +{
 +	TALLOC_CTX *tmp_ctx = NULL;
 +	krb5_error_code code;
 +	NTSTATUS nt_status;
 +	DATA_BLOB *pac_blob = NULL;
 +	DATA_BLOB *upn_blob = NULL;
 +	DATA_BLOB *requester_sid_blob = NULL;
 +	struct samba_kdc_entry *client_skdc_entry = NULL;
 +	struct samba_kdc_entry *server_skdc_entry = NULL;
 +	struct samba_kdc_entry *krbtgt_skdc_entry = NULL;
 +	bool is_in_db = false;
 +	bool is_untrusted = false;
 +	bool is_krbtgt = false;
 +	size_t num_types = 0;
 +	uint32_t *types = NULL;
 +	size_t i = 0;
 +	ssize_t logon_info_idx = -1;
 +	ssize_t delegation_idx = -1;
 +	ssize_t logon_name_idx = -1;
 +	ssize_t upn_dns_info_idx = -1;
 +	ssize_t srv_checksum_idx = -1;
 +	ssize_t kdc_checksum_idx = -1;
 +	ssize_t tkt_checksum_idx = -1;
 +	ssize_t attrs_info_idx = -1;
 +	ssize_t requester_sid_idx = -1;
 +
 +	/* Create a memory context early so code can use talloc_stackframe() */
 +	tmp_ctx = talloc_named(ctx, 0, "mit_samba_update_pac context");
 +	if (tmp_ctx == NULL) {
 +		return ENOMEM;
 +	}
 +
 +	if (client != NULL) {
 +		client_skdc_entry =
 +			talloc_get_type_abort(client->e_data,
 +					      struct samba_kdc_entry);
 +
 +		/*
 +		 * Check the objectSID of the client and pac data are the same.
 +		 * Does a parse and SID check, but no crypto.
 +		 */
 +		code = samba_kdc_validate_pac_blob(context,
 +						   client_skdc_entry,
 +						   old_pac);
 +		if (code != 0) {
 +			goto done;
 +		}
 +	}
 +
 +	if (krbtgt == NULL) {
 +		code = EINVAL;
 +		goto done;
 +	}
 +	krbtgt_skdc_entry =
 +		talloc_get_type_abort(krbtgt->e_data,
 +				      struct samba_kdc_entry);
 +
 +	/*
 +	 * If the krbtgt was generated by an RODC, and we are not that
 +	 * RODC, then we need to regenerate the PAC - we can't trust
 +	 * it, and confirm that the RODC was permitted to print this ticket
 +	 *
 +	 * Because of the samba_kdc_validate_pac_blob() step we can be
 +	 * sure that the record in 'client' or 'server' matches the SID in the
 +	 * original PAC.
 +	 */
 +	code = samba_krbtgt_is_in_db(krbtgt_skdc_entry,
 +				     &is_in_db,
 +				     &is_untrusted);
 +	if (code != 0) {
 +		goto done;
 +	}
 +
 +	if (is_untrusted) {
 +		struct auth_user_info_dc *user_info_dc = NULL;
 +		WERROR werr;
 +
 +		if (client == NULL) {
 +			code = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
 +			goto done;
 +		}
 +
 +		nt_status = samba_kdc_get_pac_blobs(tmp_ctx,
 +						    client_skdc_entry,
 +						    &pac_blob,
 +						    NULL,
 +						    &upn_blob,
 +						    NULL,
 +						    PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY,
 +						    &requester_sid_blob,
 +						    &user_info_dc);
 +		if (!NT_STATUS_IS_OK(nt_status)) {
 +			code = EINVAL;
 +			goto done;
 +		}
 +
 +		/*
 +		 * Check if the SID list in the user_info_dc intersects
 +		 * correctly with the RODC allow/deny lists.
 +		 */
 +		werr = samba_rodc_confirm_user_is_allowed(user_info_dc->num_sids,
 +							  user_info_dc->sids,
 +							  krbtgt_skdc_entry,
 +							  client_skdc_entry);
 +		if (!W_ERROR_IS_OK(werr)) {
 +			code = KRB5KDC_ERR_TGT_REVOKED;
 +			if (W_ERROR_EQUAL(werr,
 +					  WERR_DOMAIN_CONTROLLER_NOT_FOUND)) {
 +				code = KRB5KDC_ERR_POLICY;
 +			}
 +			goto done;
 +		}
 +	} else {
 +		pac_blob = talloc_zero(tmp_ctx, DATA_BLOB);
 +		if (pac_blob == NULL) {
 +			code = ENOMEM;
 +			goto done;
 +		}
 +
 +		nt_status = samba_kdc_update_pac_blob(tmp_ctx,
 +						      context,
 +						      krbtgt_skdc_entry->kdc_db_ctx->samdb,
 +						      old_pac,
 +						      pac_blob,
 +						      NULL,
 +						      NULL);
 +		if (!NT_STATUS_IS_OK(nt_status)) {
 +			DEBUG(0, ("Update PAC blob failed: %s\n",
 +				  nt_errstr(nt_status)));
 +			code = EINVAL;
 +			goto done;
 +		}
 +	}
 +
 +	/* Check the types of the given PAC */
 +	code = krb5_pac_get_types(context, old_pac, &num_types, &types);
 +	if (code != 0) {
 +		goto done;
 +	}
 +
 +	for (i = 0; i < num_types; i++) {
 +		switch (types[i]) {
 +		case PAC_TYPE_LOGON_INFO:
 +			if (logon_info_idx != -1) {
 +				DBG_WARNING("logon info type[%u] twice [%zd] and "
 +					    "[%zu]: \n",
 +					    types[i],
 +					    logon_info_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			logon_info_idx = i;
 +			break;
 +		case PAC_TYPE_CONSTRAINED_DELEGATION:
 +			if (delegation_idx != -1) {
 +				DBG_WARNING("constrained delegation type[%u] "
 +					    "twice [%zd] and [%zu]: \n",
 +					    types[i],
 +					    delegation_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			delegation_idx = i;
 +			break;
 +		case PAC_TYPE_LOGON_NAME:
 +			if (logon_name_idx != -1) {
 +				DBG_WARNING("logon name type[%u] twice [%zd] "
 +					    "and [%zu]: \n",
 +					    types[i],
 +					    logon_name_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			logon_name_idx = i;
 +			break;
 +		case PAC_TYPE_UPN_DNS_INFO:
 +			if (upn_dns_info_idx != -1) {
 +				DBG_WARNING("upn dns info type[%u] twice [%zd] "
 +					    "and [%zu]: \n",
 +					    types[i],
 +					    upn_dns_info_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			upn_dns_info_idx = i;
 +			break;
 +		case PAC_TYPE_SRV_CHECKSUM:
 +			if (srv_checksum_idx != -1) {
 +				DBG_WARNING("srv checksum type[%u] twice [%zd] "
 +					    "and [%zu]: \n",
 +					    types[i],
 +					    srv_checksum_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			srv_checksum_idx = i;
 +			break;
 +		case PAC_TYPE_KDC_CHECKSUM:
 +			if (kdc_checksum_idx != -1) {
 +				DBG_WARNING("kdc checksum type[%u] twice [%zd] "
 +					    "and [%zu]: \n",
 +					    types[i],
 +					    kdc_checksum_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			kdc_checksum_idx = i;
 +			break;
 +		case PAC_TYPE_TICKET_CHECKSUM:
 +			if (tkt_checksum_idx != -1) {
 +				DBG_WARNING("ticket checksum type[%u] twice "
 +					    "[%zd] and [%zu]: \n",
 +					    types[i],
 +					    tkt_checksum_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			tkt_checksum_idx = i;
 +			break;
 +		case PAC_TYPE_ATTRIBUTES_INFO:
 +			if (attrs_info_idx != -1) {
 +				DBG_WARNING("attributes info type[%u] twice "
 +					    "[%zd] and [%zu]: \n",
 +					    types[i],
 +					    attrs_info_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			attrs_info_idx = i;
 +			break;
 +		case PAC_TYPE_REQUESTER_SID:
 +			if (requester_sid_idx != -1) {
 +				DBG_WARNING("requester sid type[%u] twice"
 +					    "[%zd] and [%zu]: \n",
 +					    types[i],
 +					    requester_sid_idx,
 +					    i);
 +				code = EINVAL;
 +				goto done;
 +			}
 +			requester_sid_idx = i;
 +			break;
 +		default:
 +			continue;
 +		}
 +	}
 +
 +	if (logon_info_idx == -1) {
 +		DBG_WARNING("PAC_TYPE_LOGON_INFO missing\n");
 +		code = EINVAL;
 +		goto done;
 +	}
 +	if (logon_name_idx == -1) {
 +		DBG_WARNING("PAC_TYPE_LOGON_NAME missing\n");
 +		code = EINVAL;
 +		goto done;
 +	}
 +	if (srv_checksum_idx == -1) {
 +		DBG_WARNING("PAC_TYPE_SRV_CHECKSUM missing\n");
 +		code = EINVAL;
 +		goto done;
 +	}
 +	if (kdc_checksum_idx == -1) {
 +		DBG_WARNING("PAC_TYPE_KDC_CHECKSUM missing\n");
 +		code = EINVAL;
 +		goto done;
 +	}
 +	if (!(flags & KRB5_KDB_FLAG_CONSTRAINED_DELEGATION) &&
 +	    requester_sid_idx == -1) {
 +		DBG_WARNING("PAC_TYPE_REQUESTER_SID missing\n");
 +		code = KRB5KDC_ERR_TGT_REVOKED;
 +		goto done;
 +	}
 +
 +	server_skdc_entry = talloc_get_type_abort(server->e_data,
 +						  struct samba_kdc_entry);
 +
 +	/*
 +	 * The server account may be set not to want the PAC.
 +	 *
 +	 * While this is wasteful if the above cacluations were done
 +	 * and now thrown away, this is cleaner as we do any ticket
 +	 * signature checking etc always.
 +	 *
 +	 * UF_NO_AUTH_DATA_REQUIRED is the rare case and most of the
 +	 * time (eg not accepting a ticket from the RODC) we do not
 +	 * need to re-generate anything anyway.
 +	 */
 +	if (!samba_princ_needs_pac(server_skdc_entry)) {
 +		code = 0;
 +		goto done;
 +	}
 +
 +	is_krbtgt = ks_is_tgs_principal(ctx, server->princ);
 +
 +	if (!is_untrusted && !is_krbtgt) {
 +		/*
 +		 * The client may have requested no PAC when obtaining the
 +		 * TGT.
 +		 */
 +		bool requested_pac = false;
 +
 +		code = samba_client_requested_pac(context,
 +						  &old_pac,
 +						  tmp_ctx,
 +						  &requested_pac);
 +		if (code != 0 || !requested_pac) {
 +			goto done;
 +		}
 +	}
 +
 +#define MAX_PAC_BUFFERS 64 /* Avoid infinite loops */
 +
 +	for (i = 0; i < MAX_PAC_BUFFERS;) {
 +		krb5_data type_data;
 +		DATA_BLOB type_blob = data_blob_null;
 +		uint32_t type;
 +
 +		if (i < num_types) {
 +			type = types[i];
 +			i++;
 +		} else {
 +			break;
 +		}
 +
 +		switch (type) {
 +		case PAC_TYPE_LOGON_INFO:
 +			type_blob = *pac_blob;
 +			break;
 +		case PAC_TYPE_CREDENTIAL_INFO:
 +			/*
 +			 * Note that we copy the credential blob,
 +			 * as it's only usable with the PKINIT based
 +			 * AS-REP reply key, it's only available on the
 +			 * host which did the AS-REQ/AS-REP exchange.
 +			 *
 +			 * This matches Windows 2008R2...
 +			 */
 +			break;
 +		case PAC_TYPE_LOGON_NAME:
 +			/*
 +			 * This is generated in the main KDC code
 +			 */
 +			continue;
 +		case PAC_TYPE_UPN_DNS_INFO:
 +			/*
 +			 * Replace in the RODC case, otherwise
 +			 * upn_blob is NULL and we just copy.
 +			 */
 +			if (upn_blob != NULL) {
 +				type_blob = *upn_blob;
 +			}
 +			break;
 +		case PAC_TYPE_SRV_CHECKSUM:
 +			/*
 +			 * This is generated in the main KDC code
 +			 */
 +			continue;
 +		case PAC_TYPE_KDC_CHECKSUM:
 +			/*
 +			 * This is generated in the main KDC code
 +			 */
 +			continue;
 +		case PAC_TYPE_TICKET_CHECKSUM:
 +			/*
 +			 * This is generated in the main KDC code
 +			 */
 +			continue;
 +		case PAC_TYPE_CONSTRAINED_DELEGATION:
 +			/*
 +			 * This is generated in the main KDC code
 +			 */
 +			continue;
 +		case PAC_TYPE_ATTRIBUTES_INFO:
 +			if (!is_untrusted && is_krbtgt) {
 +				/* just copy... */
 +				break;
 +			} else {
 +				continue;
 +			}
 +		case PAC_TYPE_REQUESTER_SID:
 +			if (is_krbtgt) {
 +				/*
 +				 * Replace in the RODC case, otherwise
 +				 * requester_sid_blob is NULL and we just copy.
 +				 */
 +				if (requester_sid_blob != NULL) {
 +					type_blob = *requester_sid_blob;
 +				}
 +				break;
 +			} else {
 +				continue;
 +			}
 +		default:
 +			/* just copy... */
 +			break;
 +		}
 +
 +		if (type_blob.length != 0) {
 +			code = smb_krb5_copy_data_contents(&type_data,
 +							   type_blob.data,
 +							   type_blob.length);
 +			if (code != 0) {
 +				goto done;
 +			}
 +		} else {
 +			code = krb5_pac_get_buffer(context,
 +						   old_pac,
 +						   type,
 +						   &type_data);
 +			if (code != 0) {
 +				goto done;
 +			}
 +		}
 +
 +		code = krb5_pac_add_buffer(context,
 +					   new_pac,
 +					   type,
 +					   &type_data);
 +		smb_krb5_free_data_contents(context, &type_data);
 +		if (code != 0) {
 +			goto done;
 +		}
 +	}
 +
 +done:
 +	SAFE_FREE(types);
 +	talloc_free(tmp_ctx);
 +	return code;
 +}
 +#endif
 /* provide header, function is exported but there are no public headers */
 diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
 index 4431e82a1b2..f34fb1bbfd5 100644
 --- a/source4/kdc/mit_samba.h
 +++ b/source4/kdc/mit_samba.h
@@ -51,7 +51,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 		      krb5_context context,
 		      krb5_db_entry *client,
 		      krb5_db_entry *server,
 -		      krb5_keyblock *client_key,
 +		      krb5_keyblock *replaced_reply_key,
 		      krb5_pac *pac);
 krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
@@ -64,6 +64,15 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 				    krb5_keyblock *krbtgt_keyblock,
 				    krb5_pac *pac);
 +krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
 +				    krb5_context context,
 +				    int flags,
 +				    krb5_db_entry *client,
 +				    krb5_db_entry *server,
 +				    krb5_db_entry *signing_krbtgt,
 +				    krb5_pac old_pac,
 +				    krb5_pac new_pac);
 +
 int mit_samba_check_client_access(struct mit_samba_context *ctx,
 				  krb5_db_entry *client,
 				  const char *client_name,
 diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
 index 3af8e92d7f2..f451ad1cec2 100755
 --- a/source4/selftest/tests.py
 +++ b/source4/selftest/tests.py
@@ -964,7 +964,7 @@ for env in ['fileserver_smb1', 'nt4_member', 'clustere
 have_fast_support = 1
 claims_support = 0
 compound_id_support = 0
 -tkt_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
 +tkt_sig_support = 1 if('SAMBA4_USES_HEIMDAL' in config_hash or 'HAVE_MIT_KRB5_1_20' in config_hash) else 0
 full_sig_support = int('SAMBA4_USES_HEIMDAL' in config_hash)
 expect_pac = int('SAMBA4_USES_HEIMDAL' in config_hash)
 extra_pac_buffers = int('SAMBA4_USES_HEIMDAL' in config_hash)
 diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5
 index efdbced6e78..b0640654260 100644
 --- a/wscript_configure_system_mitkrb5
 +++ b/wscript_configure_system_mitkrb5
@@ -98,6 +98,10 @@ if conf.env.KRB5_CONFIG:
     else:
         Logs.info('MIT Kerberos %s detected, MIT krb5 build can proceed' % (krb5_version))
 +    if parse_version(krb5_version) < parse_version('1.20'):
 +        conf.DEFINE('HAVE_MIT_KRB5_PRE_1_20', 1)
 +    if parse_version(krb5_version) >= parse_version('1.20'):
 +        conf.DEFINE('HAVE_MIT_KRB5_1_20', 1)
     conf.define('USING_SYSTEM_MITKRB5', '"%s"' % krb5_version)
 conf.CHECK_HEADERS('krb5.h krb5/locate_plugin.h', lib='krb5')
 -- 
 2.37.1
--- a/net/samba416.old/files/README.FreeBSD.in
+++ b/net/samba416.old/files/README.FreeBSD.in
@ -1,94 +0,0 @@
              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
              !!! Please read before runing any tools !!!
              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 Documentation
 =============
    o https://wiki.samba.org/index.php/Samba4/HOWTO
    o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
    o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
 FreeBSD specific information
 ============================
 * Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%
 * All the logs are under: %%SAMBA4_LOGDIR%%
 * All the relevant databases are under: %%SAMBA4_LOCKDIR%%
 * Provisioning script is: %%PREFIX%%/bin/samba-tool
 Samba4 provisioning requires file system(s) with the ACLs support. On
 UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
 flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
 provisioning work.
 There is a hack in the code, that makes provisioning work on UFS2 and in
 the jails on the price of using USER extattr(2) namespace, which is less
 secure than SYSTEM namespace, as can be edited not only by root user, but
 also by the owner of the file.
 For the provisioning on ZFS you need to use additional parameters to the
 samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:
    # samba-tool domain provision --interactive \
            --option="vfs objects"="dfs_samba4 zfsacl"
 To run this port you need to perform the following steps:
 ---------------------------------------------------------
 0. If you had Samba3 port installed before, please, *take backups* of
 all the relevant files. That includes 'smb.conf' file and all the
 content of the '/var/db/samba/' directory.
 1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:
    # samba-tool domain provision
 1b. Or upgrade from the Samba3 'smb.conf' file by running:
    # samba-tool domain classicupgrade
 %%AC_DC%%1c. You will need to specify location of the 'nsupdate' command in the
 %%AC_DC%%'%%SAMBA4_CONFIG%%' file:
 %%AC_DC%%
 %%AC_DC%%      nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
 %%AC_DC%%
 2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.
 3. Make sure that your server doesn't run Samba3, OpenLDAP and named.
 Stop them, if necessary.
 4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.
 Please, check archives of samba@lists.samba.org and ask there for help,
 if necessary:
    https://lists.samba.org/archive/samba/
 Port related bugs can be reported to the FreeBSD Bugzilla or directly to:
    https://gitlab.com/samba-freebsd/ports/-/issues
 In case you found a bug which is clearly not related to the port build
 process itself, plese file a bug report at:
    https://bugzilla.samba.org/
 And add me to CC list.
 You may find those tools helpful:
 ---------------------------------
 Microsoft Remote Server Administration Tools (RSAT) for:
 * Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
 * Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887
 FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>
--- a/net/samba416.old/files/man/ctdb-script.options.5
+++ b/net/samba416.old/files/man/ctdb-script.options.5
@ -1,558 +0,0 @@
 '\" t
 .\"     Title: ctdb-script.options
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
 .\"      Date: 09/23/2020
 .\"    Manual: CTDB - clustered TDB database
 .\"    Source: ctdb
 .\"  Language: English
 .\"
 .TH "CTDB\-SCRIPT\&.OPTIO" "5" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .\" http://bugs.debian.org/507673
 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .ie \n(.g .ds Aq \(aq
 .el       .ds Aq '
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
 .ad l
 .\" -----------------------------------------------------------------
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
 ctdb-script.options \- CTDB scripts configuration files
 .SH "DESCRIPTION"
 .PP
 Each CTDB script has 2 possible locations for its configuration options:
 .PP
 /usr/local/etc/ctdb/script\&.options
 .RS 4
 This is a catch\-all global file for general purpose scripts and for options that are used in multiple event scripts\&.
 .RE
 .PP
 \fISCRIPT\fR\&.options
 .RS 4
 That is, options for
 \fISCRIPT\fR
 are placed in a file alongside the script, with a "\&.script" suffix added\&. This style is usually recommended for event scripts\&.
 .sp
 Options in this script\-specific file override those in the global file\&.
 .RE
 .PP
 These files should include simple shell\-style variable assignments and shell\-style comments\&.
 .SH "NETWORK CONFIGURATION"
 .SS "10\&.interface"
 .PP
 This event script handles monitoring of interfaces using by public IP addresses\&.
 .PP
 CTDB_PARTIALLY_ONLINE_INTERFACES=yes|no
 .RS 4
 Whether one or more offline interfaces should cause a monitor event to fail if there are other interfaces that are up\&. If this is "yes" and a node has some interfaces that are down then
 \fBctdb status\fR
 will display the node as "PARTIALLYONLINE"\&.
 .sp
 Note that CTDB_PARTIALLY_ONLINE_INTERFACES=yes is not generally compatible with NAT gateway or LVS\&. NAT gateway relies on the interface configured by CTDB_NATGW_PUBLIC_IFACE to be up and LVS replies on CTDB_LVS_PUBLIC_IFACE to be up\&. CTDB does not check if these options are set in an incompatible way so care is needed to understand the interaction\&.
 .sp
 Default is "no"\&.
 .RE
 .SS "11\&.natgw"
 .PP
 Provides CTDB\*(Aqs NAT gateway functionality\&.
 .PP
 NAT gateway is used to configure fallback routing for nodes when they do not host any public IP addresses\&. For example, it allows unhealthy nodes to reliably communicate with external infrastructure\&. One node in a NAT gateway group will be designated as the NAT gateway master node and other (slave) nodes will be configured with fallback routes via the NAT gateway master node\&. For more information, see the
 NAT GATEWAY
 section in
 \fBctdb\fR(7)\&.
 .PP
 CTDB_NATGW_DEFAULT_GATEWAY=\fIIPADDR\fR
 .RS 4
 IPADDR is an alternate network gateway to use on the NAT gateway master node\&. If set, a fallback default route is added via this network gateway\&.
 .sp
 No default\&. Setting this variable is optional \- if not set that no route is created on the NAT gateway master node\&.
 .RE
 .PP
 CTDB_NATGW_NODES=\fIFILENAME\fR
 .RS 4
 FILENAME contains the list of nodes that belong to the same NAT gateway group\&.
 .sp
 File format:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 \fIIPADDR\fR [slave\-only]
 .fi
 .if n \{\
 .RE
 .\}
 .sp
 IPADDR is the private IP address of each node in the NAT gateway group\&.
 .sp
 If "slave\-only" is specified then the corresponding node can not be the NAT gateway master node\&. In this case
 \fICTDB_NATGW_PUBLIC_IFACE\fR
 and
 \fICTDB_NATGW_PUBLIC_IP\fR
 are optional and unused\&.
 .sp
 No default, usually
 /usr/local/etc/ctdb/natgw_nodes
 when enabled\&.
 .RE
 .PP
 CTDB_NATGW_PRIVATE_NETWORK=\fIIPADDR/MASK\fR
 .RS 4
 IPADDR/MASK is the private sub\-network that is internally routed via the NAT gateway master node\&. This is usually the private network that is used for node addresses\&.
 .sp
 No default\&.
 .RE
 .PP
 CTDB_NATGW_PUBLIC_IFACE=\fIIFACE\fR
 .RS 4
 IFACE is the network interface on which the CTDB_NATGW_PUBLIC_IP will be configured\&.
 .sp
 No default\&.
 .RE
 .PP
 CTDB_NATGW_PUBLIC_IP=\fIIPADDR/MASK\fR
 .RS 4
 IPADDR/MASK indicates the IP address that is used for outgoing traffic (originating from CTDB_NATGW_PRIVATE_NETWORK) on the NAT gateway master node\&. This
 \fImust not\fR
 be a configured public IP address\&.
 .sp
 No default\&.
 .RE
 .PP
 CTDB_NATGW_STATIC_ROUTES=\fIIPADDR/MASK[@GATEWAY]\fR \&.\&.\&.
 .RS 4
 Each IPADDR/MASK identifies a network or host to which NATGW should create a fallback route, instead of creating a single default route\&. This can be used when there is already a default route, via an interface that can not reach required infrastructure, that overrides the NAT gateway default route\&.
 .sp
 If GATEWAY is specified then the corresponding route on the NATGW master node will be via GATEWAY\&. Such routes are created even if
 \fICTDB_NATGW_DEFAULT_GATEWAY\fR
 is not specified\&. If GATEWAY is not specified for some networks then routes are only created on the NATGW master node for those networks if
 \fICTDB_NATGW_DEFAULT_GATEWAY\fR
 is specified\&.
 .sp
 This should be used with care to avoid causing traffic to unnecessarily double\-hop through the NAT gateway master, even when a node is hosting public IP addresses\&. Each specified network or host should probably have a corresponding automatically created link route or static route to avoid this\&.
 .sp
 No default\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBExample\fR
 .RS 4
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
 CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
 CTDB_NATGW_DEFAULT_GATEWAY=10\&.0\&.0\&.1
 CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
 CTDB_NATGW_PUBLIC_IFACE=eth0
 .fi
 .if n \{\
 .RE
 .\}
 .PP
 A variation that ensures that infrastructure (ADS, DNS, \&.\&.\&.) directly attached to the public network (10\&.0\&.0\&.0/24) is always reachable would look like this:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 CTDB_NATGW_NODES=/usr/local/etc/ctdb/natgw_nodes
 CTDB_NATGW_PRIVATE_NETWORK=192\&.168\&.1\&.0/24
 CTDB_NATGW_PUBLIC_IP=10\&.0\&.0\&.227/24
 CTDB_NATGW_PUBLIC_IFACE=eth0
 CTDB_NATGW_STATIC_ROUTES=10\&.0\&.0\&.0/24
 .fi
 .if n \{\
 .RE
 .\}
 .PP
 Note that
 \fICTDB_NATGW_DEFAULT_GATEWAY\fR
 is not specified\&.
 .RE
 .SS "13\&.per_ip_routing"
 .PP
 Provides CTDB\*(Aqs policy routing functionality\&.
 .PP
 A node running CTDB may be a component of a complex network topology\&. In particular, public addresses may be spread across several different networks (or VLANs) and it may not be possible to route packets from these public addresses via the system\*(Aqs default route\&. Therefore, CTDB has support for policy routing via the
 13\&.per_ip_routing
 eventscript\&. This allows routing to be specified for packets sourced from each public address\&. The routes are added and removed as CTDB moves public addresses between nodes\&.
 .PP
 For more information, see the
 POLICY ROUTING
 section in
 \fBctdb\fR(7)\&.
 .PP
 CTDB_PER_IP_ROUTING_CONF=\fIFILENAME\fR
 .RS 4
 FILENAME contains elements for constructing the desired routes for each source address\&.
 .sp
 The special FILENAME value
 \fB__auto_link_local__\fR
 indicates that no configuration file is provided and that CTDB should generate reasonable link\-local routes for each public IP address\&.
 .sp
 File format:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 		\fIIPADDR\fR \fIDEST\-IPADDR/MASK\fR [\fIGATEWAY\-IPADDR\fR]
 .fi
 .if n \{\
 .RE
 .\}
 .sp
 No default, usually
 /usr/local/etc/ctdb/policy_routing
 when enabled\&.
 .RE
 .PP
 CTDB_PER_IP_ROUTING_RULE_PREF=\fINUM\fR
 .RS 4
 NUM sets the priority (or preference) for the routing rules that are added by CTDB\&.
 .sp
 This should be (strictly) greater than 0 and (strictly) less than 32766\&. A priority of 100 is recommended, unless this conflicts with a priority already in use on the system\&. See
 \fBip\fR(8), for more details\&.
 .RE
 .PP
 CTDB_PER_IP_ROUTING_TABLE_ID_LOW=\fILOW\-NUM\fR, CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=\fIHIGH\-NUM\fR
 .RS 4
 CTDB determines a unique routing table number to use for the routing related to each public address\&. LOW\-NUM and HIGH\-NUM indicate the minimum and maximum routing table numbers that are used\&.
 .sp
 \fBip\fR(8)
 uses some reserved routing table numbers below 255\&. Therefore, CTDB_PER_IP_ROUTING_TABLE_ID_LOW should be (strictly) greater than 255\&.
 .sp
 CTDB uses the standard file
 /etc/iproute2/rt_tables
 to maintain a mapping between the routing table numbers and labels\&. The label for a public address
 \fIADDR\fR
 will look like ctdb\&.\fIaddr\fR\&. This means that the associated rules and routes are easy to read (and manipulate)\&.
 .sp
 No default, usually 1000 and 9000\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBExample\fR
 .RS 4
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 CTDB_PER_IP_ROUTING_CONF=/usr/local/etc/ctdb/policy_routing
 CTDB_PER_IP_ROUTING_RULE_PREF=100
 CTDB_PER_IP_ROUTING_TABLE_ID_LOW=1000
 CTDB_PER_IP_ROUTING_TABLE_ID_HIGH=9000
 .fi
 .if n \{\
 .RE
 .\}
 .RE
 .SS "91\&.lvs"
 .PP
 Provides CTDB\*(Aqs LVS functionality\&.
 .PP
 For a general description see the
 LVS
 section in
 \fBctdb\fR(7)\&.
 .PP
 CTDB_LVS_NODES=\fIFILENAME\fR
 .RS 4
 FILENAME contains the list of nodes that belong to the same LVS group\&.
 .sp
 File format:
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 \fIIPADDR\fR [slave\-only]
 .fi
 .if n \{\
 .RE
 .\}
 .sp
 IPADDR is the private IP address of each node in the LVS group\&.
 .sp
 If "slave\-only" is specified then the corresponding node can not be the LVS master node\&. In this case
 \fICTDB_LVS_PUBLIC_IFACE\fR
 and
 \fICTDB_LVS_PUBLIC_IP\fR
 are optional and unused\&.
 .sp
 No default, usually
 /usr/local/etc/ctdb/lvs_nodes
 when enabled\&.
 .RE
 .PP
 CTDB_LVS_PUBLIC_IFACE=\fIINTERFACE\fR
 .RS 4
 INTERFACE is the network interface that clients will use to connection to
 \fICTDB_LVS_PUBLIC_IP\fR\&. This is optional for slave\-only nodes\&. No default\&.
 .RE
 .PP
 CTDB_LVS_PUBLIC_IP=\fIIPADDR\fR
 .RS 4
 CTDB_LVS_PUBLIC_IP is the LVS public address\&. No default\&.
 .RE
 .SH "SERVICE CONFIGURATION"
 .PP
 CTDB can be configured to manage and/or monitor various NAS (and other) services via its eventscripts\&.
 .PP
 In the simplest case CTDB will manage a service\&. This means the service will be started and stopped along with CTDB, CTDB will monitor the service and CTDB will do any required reconfiguration of the service when public IP addresses are failed over\&.
 .SS "20\&.multipathd"
 .PP
 Provides CTDB\*(Aqs Linux multipathd service management\&.
 .PP
 It can monitor multipath devices to ensure that active paths are available\&.
 .PP
 CTDB_MONITOR_MPDEVICES=\fIMP\-DEVICE\-LIST\fR
 .RS 4
 MP\-DEVICE\-LIST is a list of multipath devices for CTDB to monitor?
 .sp
 No default\&.
 .RE
 .SS "31\&.clamd"
 .PP
 This event script provide CTDB\*(Aqs ClamAV anti\-virus service management\&.
 .PP
 This eventscript is not enabled by default\&. Use
 \fBctdb enablescript\fR
 to enable it\&.
 .PP
 CTDB_CLAMD_SOCKET=\fIFILENAME\fR
 .RS 4
 FILENAME is the socket to monitor ClamAV\&.
 .sp
 No default\&.
 .RE
 .SS "49\&.winbind"
 .PP
 Provides CTDB\*(Aqs Samba winbind service management\&.
 .PP
 CTDB_SERVICE_WINBIND=\fISERVICE\fR
 .RS 4
 Distribution specific SERVICE for managing winbindd\&.
 .sp
 Default is "winbind"\&.
 .RE
 .SS "50\&.samba"
 .PP
 Provides the core of CTDB\*(Aqs Samba file service management\&.
 .PP
 CTDB_SAMBA_CHECK_PORTS=\fIPORT\-LIST\fR
 .RS 4
 When monitoring Samba, check TCP ports in space\-separated PORT\-LIST\&.
 .sp
 Default is to monitor ports that Samba is configured to listen on\&.
 .RE
 .PP
 CTDB_SAMBA_SKIP_SHARE_CHECK=yes|no
 .RS 4
 As part of monitoring, should CTDB skip the check for the existence of each directory configured as share in Samba\&. This may be desirable if there is a large number of shares\&.
 .sp
 Default is no\&.
 .RE
 .PP
 CTDB_SERVICE_NMB=\fISERVICE\fR
 .RS 4
 Distribution specific SERVICE for managing nmbd\&.
 .sp
 Default is distribution\-dependant\&.
 .RE
 .PP
 CTDB_SERVICE_SMB=\fISERVICE\fR
 .RS 4
 Distribution specific SERVICE for managing smbd\&.
 .sp
 Default is distribution\-dependant\&.
 .RE
 .SS "60\&.nfs"
 .PP
 This event script (along with 06\&.nfs) provides CTDB\*(Aqs NFS service management\&.
 .PP
 This includes parameters for the kernel NFS server\&. Alternative NFS subsystems (such as
 \m[blue]\fBNFS\-Ganesha\fR\m[]\&\s-2\u[1]\d\s+2) can be integrated using
 \fICTDB_NFS_CALLOUT\fR\&.
 .PP
 CTDB_NFS_CALLOUT=\fICOMMAND\fR
 .RS 4
 COMMAND specifies the path to a callout to handle interactions with the configured NFS system, including startup, shutdown, monitoring\&.
 .sp
 Default is the included
 \fBnfs\-linux\-kernel\-callout\fR\&.
 .RE
 .PP
 CTDB_NFS_CHECKS_DIR=\fIDIRECTORY\fR
 .RS 4
 Specifies the path to a DIRECTORY containing files that describe how to monitor the responsiveness of NFS RPC services\&. See the README file for this directory for an explanation of the contents of these "check" files\&.
 .sp
 CTDB_NFS_CHECKS_DIR can be used to point to different sets of checks for different NFS servers\&.
 .sp
 One way of using this is to have it point to, say,
 /usr/local/etc/ctdb/nfs\-checks\-enabled\&.d
 and populate it with symbolic links to the desired check files\&. This avoids duplication and is upgrade\-safe\&.
 .sp
 Default is
 /usr/local/etc/ctdb/nfs\-checks\&.d, which contains NFS RPC checks suitable for Linux kernel NFS\&.
 .RE
 .PP
 CTDB_NFS_SKIP_SHARE_CHECK=yes|no
 .RS 4
 As part of monitoring, should CTDB skip the check for the existence of each directory exported via NFS\&. This may be desirable if there is a large number of exports\&.
 .sp
 Default is no\&.
 .RE
 .PP
 CTDB_RPCINFO_LOCALHOST=\fIIPADDR\fR|\fIHOSTNAME\fR
 .RS 4
 IPADDR or HOSTNAME indicates the address that
 \fBrpcinfo\fR
 should connect to when doing
 \fBrpcinfo\fR
 check on IPv4 RPC service during monitoring\&. Optimally this would be "localhost"\&. However, this can add some performance overheads\&.
 .sp
 Default is "127\&.0\&.0\&.1"\&.
 .RE
 .PP
 CTDB_RPCINFO_LOCALHOST6=\fIIPADDR\fR|\fIHOSTNAME\fR
 .RS 4
 IPADDR or HOSTNAME indicates the address that
 \fBrpcinfo\fR
 should connect to when doing
 \fBrpcinfo\fR
 check on IPv6 RPC service during monitoring\&. Optimally this would be "localhost6" (or similar)\&. However, this can add some performance overheads\&.
 .sp
 Default is "::1"\&.
 .RE
 .PP
 CTDB_NFS_STATE_FS_TYPE=\fITYPE\fR
 .RS 4
 The type of filesystem used for a clustered NFS\*(Aq shared state\&. No default\&.
 .RE
 .PP
 CTDB_NFS_STATE_MNT=\fIDIR\fR
 .RS 4
 The directory where a clustered NFS\*(Aq shared state will be located\&. No default\&.
 .RE
 .SS "70\&.iscsi"
 .PP
 Provides CTDB\*(Aqs Linux iSCSI tgtd service management\&.
 .PP
 CTDB_START_ISCSI_SCRIPTS=\fIDIRECTORY\fR
 .RS 4
 DIRECTORY on shared storage containing scripts to start tgtd for each public IP address\&.
 .sp
 No default\&.
 .RE
 .SH "DATABASE SETUP"
 .PP
 CTDB checks the consistency of databases during startup\&.
 .SS "00\&.ctdb"
 .PP
 CTDB_MAX_CORRUPT_DB_BACKUPS=\fINUM\fR
 .RS 4
 NUM is the maximum number of volatile TDB database backups to be kept (for each database) when a corrupt database is found during startup\&. Volatile TDBs are zeroed during startup so backups are needed to debug any corruption that occurs before a restart\&.
 .sp
 Default is 10\&.
 .RE
 .SH "SYSTEM RESOURCE MONITORING"
 .SS "05\&.system"
 .PP
 Provides CTDB\*(Aqs filesystem and memory usage monitoring\&.
 .PP
 CTDB can experience seemingly random (performance and other) issues if system resources become too constrained\&. Options in this section can be enabled to allow certain system resources to be checked\&. They allows warnings to be logged and nodes to be marked unhealthy when system resource usage reaches the configured thresholds\&.
 .PP
 Some checks are enabled by default\&. It is recommended that these checks remain enabled or are augmented by extra checks\&. There is no supported way of completely disabling the checks\&.
 .PP
 CTDB_MONITOR_FILESYSTEM_USAGE=\fIFS\-LIMIT\-LIST\fR
 .RS 4
 FS\-LIMIT\-LIST is a space\-separated list of
 \fIFILESYSTEM\fR:\fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR]
 triples indicating that warnings should be logged if the space used on FILESYSTEM reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&.
 .sp
 Default is to warn for each filesystem containing a database directory (volatile\ \&database\ \&directory,
 persistent\ \&database\ \&directory,
 state\ \&database\ \&directory) with a threshold of 90%\&.
 .RE
 .PP
 CTDB_MONITOR_MEMORY_USAGE=\fIMEM\-LIMITS\fR
 .RS 4
 MEM\-LIMITS takes the form
 \fIWARN_LIMIT\fR[:\fIUNHEALTHY_LIMIT\fR]
 indicating that warnings should be logged if memory usage reaches WARN_LIMIT%\&. If usage reaches UNHEALTHY_LIMIT then the node should be flagged unhealthy\&. Either WARN_LIMIT or UNHEALTHY_LIMIT may be left blank, meaning that check will be omitted\&.
 .sp
 Default is 80, so warnings will be logged when memory usage reaches 80%\&.
 .RE
 .SH "EVENT SCRIPT DEBUGGING"
 .SS "debug\-hung\-script\&.sh"
 .PP
 CTDB_DEBUG_HUNG_SCRIPT_STACKPAT=\fIREGEXP\fR
 .RS 4
 REGEXP specifies interesting processes for which stack traces should be logged when debugging hung eventscripts and those processes are matched in pstree output\&. REGEXP is an extended regexp so choices are separated by pipes (\*(Aq|\*(Aq)\&. However, REGEXP should not contain parentheses\&. See also the
 \fBctdb.conf\fR(5)
 [event] "debug\ \&script" option\&.
 .sp
 Default is "exportfs|rpcinfo"\&.
 .RE
 .SH "FILES"
 .RS 4
 /usr/local/etc/ctdb/script\&.options
 .RE
 .SH "SEE ALSO"
 .PP
 \fBctdbd\fR(1),
 \fBctdb\fR(7),
 \m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
 .SH "AUTHOR"
 .br
 .PP
 This documentation was written by Amitay Isaacs, Martin Schwenke
 .SH "COPYRIGHT"
 .br
 Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
 .br
 .PP
 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
 .PP
 This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
 .PP
 You should have received a copy of the GNU General Public License along with this program; if not, see
 \m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
 .sp
 .SH "NOTES"
 .IP " 1." 4
 NFS-Ganesha
 .RS 4
 \%https://github.com/nfs-ganesha/nfs-ganesha/wiki
 .RE
--- a/net/samba416.old/files/man/ctdb-statistics.7
+++ b/net/samba416.old/files/man/ctdb-statistics.7
@ -1,550 +0,0 @@
 '\" t
 .\"     Title: ctdb-statistics
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
 .\"      Date: 09/23/2020
 .\"    Manual: CTDB - clustered TDB database
 .\"    Source: ctdb
 .\"  Language: English
 .\"
 .TH "CTDB\-STATISTICS" "7" "09/23/2020" "ctdb" "CTDB \- clustered TDB database"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .\" http://bugs.debian.org/507673
 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .ie \n(.g .ds Aq \(aq
 .el       .ds Aq '
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
 .ad l
 .\" -----------------------------------------------------------------
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
 ctdb-statistics \- CTDB statistics output
 .SH "OVERALL STATISTICS"
 .PP
 CTDB maintains information about various messages communicated and some of the important operations per node\&. See the
 \fBctdb\fR(1)
 commands
 \fBstatistics\fR
 and
 \fBstatisticsreset\fR
 for displaying statistics\&.
 .SS "Example: ctdb statistics"
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 CTDB version 1
 Current time of statistics  :                Fri Sep 12 13:32:32 2014
 Statistics collected since  : (000 01:49:20) Fri Sep 12 11:43:12 2014
 num_clients                        6
 frozen                             0
 recovering                         0
 num_recoveries                     2
 client_packets_sent           281293
 client_packets_recv           296317
 node_packets_sent             452387
 node_packets_recv             182394
 keepalive_packets_sent          3927
 keepalive_packets_recv          3928
 node
     req_call                   48605
     reply_call                     1
     req_dmaster                23404
     reply_dmaster              24917
     reply_error                    0
     req_message                  958
     req_control               197513
     reply_control             153705
 client
     req_call                  130866
     req_message                  770
     req_control               168921
 timeouts
     call                           0
     control                        0
     traverse                       0
 locks
     num_calls                    220
     num_current                    0
     num_pending                    0
     num_failed                     0
 total_calls                   130866
 pending_calls                      0
 childwrite_calls                   1
 pending_childwrite_calls             0
 memory_used                   334490
 max_hop_count                     18
 total_ro_delegations               2
 total_ro_revokes                   2
 hop_count_buckets: 42816 5464 26 1 0 0 0 0 0 0 0 0 0 0 0 0
 lock_buckets: 9 165 14 15 7 2 2 0 0 0 0 0 0 0 0 0
 locks_latency      MIN/AVG/MAX     0\&.000685/0\&.160302/6\&.369342 sec out of 214
 reclock_ctdbd      MIN/AVG/MAX     0\&.004940/0\&.004969/0\&.004998 sec out of 2
 reclock_recd       MIN/AVG/MAX     0\&.000000/0\&.000000/0\&.000000 sec out of 0
 call_latency       MIN/AVG/MAX     0\&.000006/0\&.000719/4\&.562991 sec out of 126626
 childwrite_latency MIN/AVG/MAX     0\&.014527/0\&.014527/0\&.014527 sec out of 1
 .fi
 .if n \{\
 .RE
 .\}
 .SS "CTDB version"
 .PP
 Version of the ctdb protocol used by the node\&.
 .SS "Current time of statistics"
 .PP
 Time when the statistics are generated\&.
 .PP
 This is useful when collecting statistics output periodically for post\-processing\&.
 .SS "Statistics collected since"
 .PP
 Time when ctdb was started or the last time statistics was reset\&. The output shows the duration and the timestamp\&.
 .SS "num_clients"
 .PP
 Number of processes currently connected to CTDB\*(Aqs unix socket\&. This includes recovery daemon, ctdb tool and samba processes (smbd, winbindd)\&.
 .SS "frozen"
 .PP
 1 if the databases are currently frozen, 0 otherwise\&.
 .SS "recovering"
 .PP
 1 if recovery is active, 0 otherwise\&.
 .SS "num_recoveries"
 .PP
 Number of recoveries since the start of ctdb or since the last statistics reset\&.
 .SS "client_packets_sent"
 .PP
 Number of packets sent to client processes via unix domain socket\&.
 .SS "client_packets_recv"
 .PP
 Number of packets received from client processes via unix domain socket\&.
 .SS "node_packets_sent"
 .PP
 Number of packets sent to the other nodes in the cluster via TCP\&.
 .SS "node_packets_recv"
 .PP
 Number of packets received from the other nodes in the cluster via TCP\&.
 .SS "keepalive_packets_sent"
 .PP
 Number of keepalive messages sent to other nodes\&.
 .PP
 CTDB periodically sends keepalive messages to other nodes\&. See
 KeepaliveInterval
 tunable in
 \fBctdb-tunables\fR(7)
 for more details\&.
 .SS "keepalive_packets_recv"
 .PP
 Number of keepalive messages received from other nodes\&.
 .SS "node"
 .PP
 This section lists various types of messages processed which originated from other nodes via TCP\&.
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_call\fR
 .RS 4
 .PP
 Number of REQ_CALL messages from the other nodes\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreply_call\fR
 .RS 4
 .PP
 Number of REPLY_CALL messages from the other nodes\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_dmaster\fR
 .RS 4
 .PP
 Number of REQ_DMASTER messages from the other nodes\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreply_dmaster\fR
 .RS 4
 .PP
 Number of REPLY_DMASTER messages from the other nodes\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreply_error\fR
 .RS 4
 .PP
 Number of REPLY_ERROR messages from the other nodes\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_message\fR
 .RS 4
 .PP
 Number of REQ_MESSAGE messages from the other nodes\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_control\fR
 .RS 4
 .PP
 Number of REQ_CONTROL messages from the other nodes\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreply_control\fR
 .RS 4
 .PP
 Number of REPLY_CONTROL messages from the other nodes\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_tunnel\fR
 .RS 4
 .PP
 Number of REQ_TUNNEL messages from the other nodes\&.
 .RE
 .SS "client"
 .PP
 This section lists various types of messages processed which originated from clients via unix domain socket\&.
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_call\fR
 .RS 4
 .PP
 Number of REQ_CALL messages from the clients\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_message\fR
 .RS 4
 .PP
 Number of REQ_MESSAGE messages from the clients\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_control\fR
 .RS 4
 .PP
 Number of REQ_CONTROL messages from the clients\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBreq_tunnel\fR
 .RS 4
 .PP
 Number of REQ_TUNNEL messages from the clients\&.
 .RE
 .SS "timeouts"
 .PP
 This section lists timeouts occurred when sending various messages\&.
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBcall\fR
 .RS 4
 .PP
 Number of timeouts for REQ_CALL messages\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBcontrol\fR
 .RS 4
 .PP
 Number of timeouts for REQ_CONTROL messages\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBtraverse\fR
 .RS 4
 .PP
 Number of timeouts for database traverse operations\&.
 .RE
 .SS "locks"
 .PP
 This section lists locking statistics\&.
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBnum_calls\fR
 .RS 4
 .PP
 Number of completed lock calls\&. This includes database locks and record locks\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBnum_current\fR
 .RS 4
 .PP
 Number of scheduled lock calls\&. This includes database locks and record locks\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBnum_pending\fR
 .RS 4
 .PP
 Number of queued lock calls\&. This includes database locks and record locks\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBnum_failed\fR
 .RS 4
 .PP
 Number of failed lock calls\&. This includes database locks and record locks\&.
 .RE
 .SS "total_calls"
 .PP
 Number of req_call messages processed from clients\&. This number should be same as client \-\-> req_call\&.
 .SS "pending_calls"
 .PP
 Number of req_call messages which are currently being processed\&. This number indicates the number of record migrations in flight\&.
 .SS "childwrite_calls"
 .PP
 Number of record update calls\&. Record update calls are used to update a record under a transaction\&.
 .SS "pending_childwrite_calls"
 .PP
 Number of record update calls currently active\&.
 .SS "memory_used"
 .PP
 The amount of memory in bytes currently used by CTDB using talloc\&. This includes all the memory used for CTDB\*(Aqs internal data structures\&. This does not include the memory mapped TDB databases\&.
 .SS "max_hop_count"
 .PP
 The maximum number of hops required for a record migration request to obtain the record\&. High numbers indicate record contention\&.
 .SS "total_ro_delegations"
 .PP
 Number of readonly delegations created\&.
 .SS "total_ro_revokes"
 .PP
 Number of readonly delegations that were revoked\&. The difference between total_ro_revokes and total_ro_delegations gives the number of currently active readonly delegations\&.
 .SS "hop_count_buckets"
 .PP
 Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&.
 .SS "lock_buckets"
 .PP
 Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&.
 .SS "locks_latency"
 .PP
 The minimum, the average and the maximum time (in seconds) required to obtain record locks\&.
 .SS "reclock_ctdbd"
 .PP
 The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon when recovery mode is changed\&. This check is done in ctdb daemon\&.
 .SS "reclock_recd"
 .PP
 The minimum, the average and the maximum time (in seconds) required to check if recovery lock is still held by recovery daemon during recovery\&. This check is done in recovery daemon\&.
 .SS "call_latency"
 .PP
 The minimum, the average and the maximum time (in seconds) required to process a REQ_CALL message from client\&. This includes the time required to migrate a record from remote node, if the record is not available on the local node\&.
 .SS "childwrite_latency"
 .PP
 Default: 0
 .PP
 The minimum, the average and the maximum time (in seconds) required to update records under a transaction\&.
 .SH "DATABASE STATISTICS"
 .PP
 CTDB maintains per database statistics about important operations\&. See the
 \fBctdb\fR(1)
 command
 \fBdbstatistics\fR
 for displaying database statistics\&.
 .SS "Example: ctdb dbstatistics notify_index\&.tdb"
 .sp
 .if n \{\
 .RS 4
 .\}
 .nf
 DB Statistics: notify_index\&.tdb
 ro_delegations                     0
 ro_revokes                         0
 locks
     total                        131
     failed                         0
     current                        0
     pending                        0
 hop_count_buckets: 9890 5454 26 1 0 0 0 0 0 0 0 0 0 0 0 0
 lock_buckets: 4 117 10 0 0 0 0 0 0 0 0 0 0 0 0 0
 locks_latency      MIN/AVG/MAX     0\&.000683/0\&.004198/0\&.014730 sec out of 131
 Num Hot Keys:     3
     Count:7 Key:2f636c75737465726673
     Count:18 Key:2f636c757374657266732f64617461
     Count:7 Key:2f636c757374657266732f646174612f636c69656e7473
 .fi
 .if n \{\
 .RE
 .\}
 .SS "DB Statistics"
 .PP
 Name of the database\&.
 .SS "ro_delegations"
 .PP
 Number of readonly delegations created in the database\&.
 .SS "ro_revokes"
 .PP
 Number of readonly delegations revoked\&. The difference in ro_delegations and ro_revokes indicates the currently active readonly delegations\&.
 .SS "locks"
 .PP
 This section lists locking statistics\&.
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBtotal\fR
 .RS 4
 .PP
 Number of completed lock calls\&. This includes database locks and record locks\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBfailed\fR
 .RS 4
 .PP
 Number of failed lock calls\&. This includes database locks and record locks\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBcurrent\fR
 .RS 4
 .PP
 Number of scheduled lock calls\&. This includes database locks and record locks\&.
 .RE
 .sp
 .it 1 an-trap
 .nr an-no-space-flag 1
 .nr an-break-flag 1
 .br
 .ps +1
 \fBpending\fR
 .RS 4
 .PP
 Number of queued lock calls\&. This includes database locks and record locks\&.
 .RE
 .SS "hop_count_buckets"
 .PP
 Distribution of migration requests based on hop counts values\&. Buckets are 0, <\ \&2, <\ \&4, <\ \&8, <\ \&16, <\ \&32, <\ \&64, <\ \&128, <\ \&256, <\ \&512, <\ \&1024, <\ \&2048, <\ \&4096, <\ \&8192, <\ \&16384, ≥\ \&16384\&.
 .SS "lock_buckets"
 .PP
 Distribution of record lock requests based on time required to obtain locks\&. Buckets are <\ \&1ms, <\ \&10ms, <\ \&100ms, <\ \&1s, <\ \&2s, <\ \&4s, <\ \&8s, <\ \&16s, <\ \&32s, <\ \&64s, ≥\ \&64s\&.
 .SS "locks_latency"
 .PP
 The minimum, the average and the maximum time (in seconds) required to obtain record locks\&.
 .SS "Num Hot Keys"
 .PP
 Number of contended records determined by hop count\&. CTDB keeps track of top 10 hot records and the output shows hex encoded keys for the hot records\&.
 .SH "SEE ALSO"
 .PP
 \fBctdb\fR(1),
 \fBctdbd\fR(1),
 \fBctdb-tunables\fR(7),
 \m[blue]\fB\%http://ctdb.samba.org/\fR\m[]
 .SH "AUTHOR"
 .br
 .PP
 This documentation was written by Amitay Isaacs, Martin Schwenke
 .SH "COPYRIGHT"
 .br
 Copyright \(co 2007 Andrew Tridgell, Ronnie Sahlberg
 .br
 .PP
 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version\&.
 .PP
 This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the GNU General Public License for more details\&.
 .PP
 You should have received a copy of the GNU General Public License along with this program; if not, see
 \m[blue]\fB\%http://www.gnu.org/licenses\fR\m[]\&.
 .sp
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Xavier Beaudouin	6548ba09f6	Update	2026-01-05 08:07:41 +01:00
Xavier Beaudouin	aa53729584	Free IPA Client	2026-01-05 07:52:53 +01:00
Xavier Beaudouin	c729bfcb24	Trahs	2025-12-18 08:51:29 +01:00
Xavier Beaudouin	34549e9737	Added leaf ports	2025-12-18 08:43:17 +01:00
Xavier Beaudouin	f7aa855c57	SA-Exim seems to be dead (2006)	2025-12-18 04:32:46 +01:00
Xavier Beaudouin	3df13746aa	No more TCP_WRAPPER	2025-12-18 03:32:55 +01:00
Xavier Beaudouin	19e7e133d1	Radius fix	2025-12-18 03:29:37 +01:00
Xavier Beaudouin	6c2e867ab0	almost working	2025-12-18 03:09:47 +01:00
Xavier Beaudouin	3c7cd52344	Eirik works	2025-12-18 02:09:01 +01:00
Xavier Beaudouin	8544126ef2	Exim original port	2025-12-18 02:01:07 +01:00
Xavier Beaudouin	1d39ae8491	Pushed into ports	2025-12-11 06:11:17 +01:00
Xavier Beaudouin	2592c32254	Remove port revision	2025-12-11 05:23:42 +01:00
Xavier Beaudouin	108cad4157	3.5.25	2025-12-11 05:22:45 +01:00
Xavier Beaudouin	82fe3b5fcc	Remove go version	2025-12-11 05:21:32 +01:00
Xavier Beaudouin	0ea4fb2088	Initial port	2025-12-11 05:17:48 +01:00
Xavier Beaudouin	d790b9ed33	gc() + add patch from Markj	2025-11-12 03:13:37 +01:00
Xavier Beaudouin	f8dbaa22a0	Port is "automaking" itself	2025-09-17 09:56:33 +02:00
Xavier Beaudouin	fb9bdce10a	0mp port	2025-09-11 11:56:43 +07:00
Xavier Beaudouin	ba38a2457f	Grrr	2025-09-11 11:56:23 +07:00
Xavier Beaudouin	afc6047814	D52168	2025-09-11 05:14:52 +02:00
Xavier Beaudouin	7acb408e7d	Samba 4.20 -> 4.22	2025-09-11 05:10:10 +02:00
Xavier Beaudouin	52d3f86b37	Samba420	2025-09-11 05:09:25 +02:00
Xavier Beaudouin	45d4e085cc	Added kati port	2025-08-27 04:25:34 +02:00
Xavier Beaudouin	0cf431dc97	Try	2025-08-22 16:26:15 +07:00
Xavier Beaudouin	7bc33a4aa5	Original py-numpy	2025-08-19 10:44:30 +02:00
Xavier Beaudouin	bc51ad4da5	Fixed sssd2	2025-08-08 04:20:20 +02:00
Xavier Beaudouin	f8c2133b44	bump	2025-07-24 04:02:26 +02:00
Xavier Beaudouin	f014c8afd9	Try a new patch	2025-07-24 04:00:59 +02:00
Xavier Beaudouin	71e43c341a	Use PATCHFILES	2025-07-24 03:42:43 +02:00
Xavier Beaudouin	7cde189318	not neededwq	2025-07-23 13:14:48 +02:00
Xavier Beaudouin	d7e134245c	Fix the port	2025-07-23 13:14:03 +02:00
Xavier Beaudouin	fbf86c8f34	Update port before poudriere	2025-07-23 07:18:49 +02:00
Xavier Beaudouin	93f2480ef0	Update patches and add patchs from commits 4297f4e, ff69dad, 55f74e5 (some of them don't applies correctly)	2025-07-18 07:09:53 +02:00
Xavier Beaudouin	afb8ac49b7	add www/libaprep2 from porttree	2025-07-18 04:25:11 +02:00
Xavier Beaudouin	8befa9b010	Removed	2025-07-01 16:26:36 +02:00
Xavier Beaudouin	cff784a9d4	Test original	2025-06-23 16:25:21 +02:00
Xavier Beaudouin	73d6aff554	foo	2025-06-23 16:10:02 +02:00
Xavier Beaudouin	f1eb64b7f5	bison as main dep	2025-06-23 16:09:25 +02:00
Xavier Beaudouin	abd4351249	net/samba420: added bison dependency	2025-06-23 12:06:32 +02:00
Xavier Beaudouin	ec7155349f	Original port	2025-06-23 12:01:09 +02:00
Xavier Beaudouin	fd4655d957	Fix	2025-06-16 11:40:21 +02:00
Xavier Beaudouin	6dab8b2f18	PR 863	2025-06-16 11:36:42 +02:00
Xavier Beaudouin	ee90a418d6	Fix several CVE: CVE-2024-56171, CVE-2025-24928, CVE-2025-32414	2025-06-13 12:30:26 +02:00
Xavier Beaudouin	66b22f147f	Removed pushed ports. Added libxml2	2025-06-13 11:10:43 +02:00
Xavier Beaudouin	a181190b3f	Cleanup	2025-06-04 15:15:02 +02:00
Xavier Beaudouin	a2e43778b8	Testing py-salt	2025-05-26 09:46:51 +02:00
Xavier Beaudouin	88e7ad955a	Updated patch	2025-05-22 15:20:44 +02:00
Xavier Beaudouin	e23dca4a8c	Try to add GSSAPI patch	2025-05-22 15:17:30 +02:00
Xavier Beaudouin	b76a177d9f	Current openssh-portable	2025-05-22 15:11:17 +02:00
Xavier Beaudouin	6ee87e0e92	Better before poudriere	2025-03-27 17:06:53 +01:00
Xavier Beaudouin	384e9cd3fc	Fix sample and other things	2025-03-27 16:49:10 +01:00
Xavier Beaudouin	f75d65c04c	LOCALBASE -> PREFIX	2025-03-27 14:48:23 +01:00
Xavier Beaudouin	f0d8f5a3f2	Update from portsd	2025-03-27 14:40:13 +01:00
Xavier Beaudouin	d1739433ef	Try to fix net/jose	2025-03-24 17:03:38 +01:00
Xavier Beaudouin	3b54995a82	Doc	2025-03-17 15:29:13 +01:00
Xavier Beaudouin	a97e82ec24	Pushed into ports	2025-03-13 14:20:24 +01:00
Xavier Beaudouin	7e00fb2426	Fix	2025-03-12 14:58:54 +01:00
Xavier Beaudouin	722d8098dd	fix	2025-03-12 08:57:52 +01:00
Xavier Beaudouin	8b359169a1	update	2025-03-11 15:52:47 +01:00
Xavier Beaudouin	001885d256	Update	2025-03-11 15:51:58 +01:00
Xavier Beaudouin	4f4c03701f	Fix typo	2025-03-11 13:56:09 +01:00
Xavier Beaudouin	7c2a94c399	Merge branch 'main' of gitea.home.oav.net:kiwi/klara-ports	2025-03-11 13:38:28 +01:00
Xavier Beaudouin	aa92ca9f89	Fix Makefile	2025-03-11 13:38:06 +01:00
Xavier Beaudouin	11ade4f850	Try a fix	2025-03-07 09:59:12 +01:00
Xavier Beaudouin	412201b193	Update	2025-03-06 17:05:37 +01:00
Xavier Beaudouin	733f329e12	Try sudo@sssd2 ?	2025-03-06 16:56:47 +01:00
Xavier Beaudouin	1a69951521	Update	2025-02-20 10:28:00 +01:00
Xavier Beaudouin	705b4240eb	up	2025-02-20 10:26:27 +01:00
Xavier Beaudouin	c5b8b6ec7c	update	2025-02-20 10:23:12 +01:00
Xavier Beaudouin	8810970ff7	fix plist	2025-02-20 10:21:41 +01:00
Xavier Beaudouin	5b4804de0e	Update	2025-02-20 10:15:18 +01:00
Xavier Beaudouin	51d45e9bae	Update	2025-02-20 10:03:29 +01:00
Xavier Beaudouin	1aad1427a9	Dix	2025-02-19 15:54:14 +01:00
Xavier Beaudouin	58e703a9d8	Update	2025-02-19 15:52:07 +01:00
Xavier Beaudouin	666b94afea	Grr	2025-02-19 15:51:02 +01:00
Xavier Beaudouin	466ed70f74	WTF distname	2025-02-19 15:46:25 +01:00
Xavier Beaudouin	72a4e6ac76	push	2025-02-19 15:33:31 +01:00
Xavier Beaudouin	cf12c13935	Removed	2025-02-19 15:30:29 +01:00
Xavier Beaudouin	b2505c34e4	Update port	2025-02-19 15:29:41 +01:00
Xavier Beaudouin	c22f73c04d	Update	2025-02-07 16:43:54 +01:00
Xavier Beaudouin	f15e5e297f	Whatt?	2025-02-07 15:24:23 +01:00
Xavier Beaudouin	eeb1275958	plop	2025-02-07 14:46:30 +01:00
Xavier Beaudouin	7fc6c41cc5	Fix	2025-02-07 14:44:56 +01:00
Xavier Beaudouin	8eb6b8f05f	Fix	2025-02-07 14:43:41 +01:00
Xavier Beaudouin	446f718b13	pet portclippy	2025-02-07 14:29:04 +01:00
Xavier Beaudouin	acbaa67d26	Inital port	2025-02-07 14:25:21 +01:00
Xavier Beaudouin	44b23bafc3	Update	2025-02-07 12:08:57 +01:00
Xavier Beaudouin	617ee90998	LOCALBASE	2025-02-07 12:00:40 +01:00
Xavier Beaudouin	db7dae0a62	Pet	2025-02-06 17:27:01 +01:00
Xavier Beaudouin	0dd1bf2e9c	Removed	2025-02-05 15:37:44 +01:00
Xavier Beaudouin	8cc1cef1fd	Removed	2025-02-05 15:36:39 +01:00
Xavier Beaudouin	e2e1446597	Removed all are in the ports	2025-01-31 17:38:28 +01:00
Xavier Beaudouin	ce038c3bd9	Update plist	2025-01-24 12:17:19 +01:00
Xavier Beaudouin	1b6da007e3	Added missing stuff	2025-01-24 10:22:11 +01:00
Xavier Beaudouin	023a0772a8	fix	2025-01-23 17:14:59 +01:00
Xavier Beaudouin	0094500a45	Fix dependencies	2025-01-23 17:12:34 +01:00
Xavier Beaudouin	223ecbfc0f	Conflicts	2025-01-23 16:46:02 +01:00
Xavier Beaudouin	773c992991	Update dependencies	2025-01-23 15:46:22 +01:00
Xavier Beaudouin	163ad31fce	ldb29	2025-01-23 15:40:56 +01:00
Xavier Beaudouin	49540576e3	ldb28 -> ldb29	2025-01-23 15:34:20 +01:00
Xavier Beaudouin	f0bf0bf427	tevent 0.16.1	2025-01-23 15:29:03 +01:00
Xavier Beaudouin	71c418eedf	Tevent 0.16.0	2025-01-23 15:26:08 +01:00
Xavier Beaudouin	405e99c4cc	Deps	2025-01-23 15:21:01 +01:00
Xavier Beaudouin	b037aa6f3c	1.4.2	2025-01-23 15:18:48 +01:00
Xavier Beaudouin	8d28b1406e	Talloc	2025-01-23 15:15:44 +01:00
Xavier Beaudouin	1724567115	Fix	2025-01-23 15:11:50 +01:00
Xavier Beaudouin	c6964c5ed7	1.4.10	2025-01-23 15:08:00 +01:00
Xavier Beaudouin	21bb9220c4	Added database/tdb as tdb1410	2025-01-23 15:05:49 +01:00
Xavier Beaudouin	e9868dc745	update	2025-01-23 15:03:45 +01:00
Xavier Beaudouin	218354026d	Fix	2025-01-22 17:54:05 +01:00
Xavier Beaudouin	a1d501ba35	Fix port	2025-01-22 17:53:34 +01:00
Xavier Beaudouin	f6ff52230b	Try samba420	2025-01-20 18:42:30 +01:00
Xavier Beaudouin	c9e958d235	Old makefile	2025-01-08 16:50:21 +01:00
Xavier Beaudouin	dc9b59ccc0	Removed security/sssd depend	2025-01-08 16:50:02 +01:00
Xavier Beaudouin	762783c50c	Pushed	2025-01-08 16:38:17 +01:00
Xavier Beaudouin	98a97ad489	Add new port from Allan	2025-01-03 16:53:31 +01:00
Xavier Beaudouin	6b32dda5a7	Test flavor	2024-12-19 11:38:10 +01:00
Xavier Beaudouin	31eeafb011	fix	2024-12-17 17:31:07 +01:00
Xavier Beaudouin	1214291293	test	2024-12-17 17:25:31 +01:00
Xavier Beaudouin	26a1a2f707	fix2	2024-12-17 16:55:21 +01:00
Xavier Beaudouin	2c9e0206a0	original	2024-12-17 16:36:57 +01:00
Xavier Beaudouin	a3ca7ddab7	Fix	2024-12-17 10:22:15 +01:00
Xavier Beaudouin	337fe33f3a	Fix	2024-12-17 09:56:46 +01:00
Xavier Beaudouin	bbae96f0cd	fix	2024-12-17 09:43:32 +01:00
Xavier Beaudouin	3f8d05a7cb	Fix	2024-12-17 09:42:56 +01:00
Xavier Beaudouin	45b083b50f	Fix	2024-12-17 09:42:38 +01:00
Xavier Beaudouin	cbfe736462	Fix recu	2024-12-17 09:39:38 +01:00
Xavier Beaudouin	f1d6d84c72	Better FLAVORS	2024-12-16 16:46:41 +01:00
Xavier Beaudouin	ec7fea8ffb	Adding sssd flavor	2024-12-16 13:02:16 +01:00
Xavier Beaudouin	3010baafd3	Add Flavor	2024-12-16 11:24:15 +01:00
Xavier Beaudouin	bd64ef4f7b	Flavors	2024-12-16 10:28:48 +01:00
Xavier Beaudouin	17b695b587	Verisign stuff	2024-12-16 09:43:03 +01:00
Xavier Beaudouin	2b0788e34d	Renamed openssh-portable Added base sudo	2024-11-15 15:24:21 +01:00
Xavier Beaudouin	15130ca2a3	Commited	2024-10-24 15:03:56 +02:00
Xavier Beaudouin	dd20e2937d	Openssh is back	2024-10-23 15:20:21 +02:00
Xavier Beaudouin	f3b44ec049	Force	2024-10-23 14:28:37 +02:00
Xavier Beaudouin	be79208c62	Changes	2024-10-23 14:26:52 +02:00
Xavier Beaudouin	d19048dda5	Updated Makefile	2024-10-23 13:37:35 +02:00
Xavier Beaudouin	04351943b1	Fix	2024-10-23 11:27:54 +02:00
Xavier Beaudouin	da062311d4	Fix	2024-10-23 11:24:19 +02:00
Xavier Beaudouin	dfe76d00db	Try this fix	2024-10-22 16:05:02 +02:00
Xavier Beaudouin	33a9a96daa	Fix ?	2024-10-22 15:34:43 +02:00
Xavier Beaudouin	ecbde3039c	Fix	2024-10-22 11:01:00 +02:00
Xavier Beaudouin	b41c3ca75c	foo	2024-10-22 11:00:42 +02:00
Xavier Beaudouin	3581eca1c8	Fix	2024-10-22 09:50:33 +02:00
Xavier Beaudouin	b8246220b5	Update	2024-10-22 09:49:21 +02:00
Xavier Beaudouin	4361803f50	Fix?	2024-10-21 18:02:53 +02:00
Xavier Beaudouin	66920fdd49	Fix	2024-10-21 17:03:53 +02:00
Xavier Beaudouin	7aa22724d4	Fix distinfo	2024-10-21 17:01:15 +02:00
Xavier Beaudouin	89aa74043f	etcd35	2024-10-21 16:14:00 +02:00
Xavier Beaudouin	c11cceda2f	Not needed anymore -> commited	2024-10-17 14:22:50 +02:00
Xavier Beaudouin	783e621f59	Fix before bugzilla	2024-10-14 10:46:26 +02:00
Xavier Beaudouin	166635ae5c	Ca doit passer	2024-10-14 10:37:51 +02:00
Xavier Beaudouin	77fa23b088	Trye	2024-10-14 10:36:55 +02:00
Xavier Beaudouin	051937ad75	Fix	2024-10-14 10:29:44 +02:00
Xavier Beaudouin	2b5496a20f	Fix	2024-10-14 10:27:19 +02:00
Xavier Beaudouin	acdcb76e31	Try flavors	2024-10-14 10:17:43 +02:00
Xavier Beaudouin	2fcf94a249	Added NOOPENMP option	2024-10-11 14:37:34 +02:00
Xavier Beaudouin	6265e3ee84	Added rpm4 original port	2024-10-11 11:20:25 +02:00
Xavier Beaudouin	7c770cfb90	Fix dep	2024-09-27 17:42:04 +02:00
Xavier Beaudouin	06b929466d	fix semantic version	2024-09-27 16:27:11 +02:00
Xavier Beaudouin	4447036632	Fix	2024-09-27 16:25:52 +02:00
Xavier Beaudouin	de01928a4e	First port	2024-09-26 15:57:50 +02:00
Xavier Beaudouin	ca11902c51	Push the original port from 2020Q2	2024-09-26 15:28:26 +02:00
Xavier Beaudouin	81b70f3a5e	Added PR #723	2024-09-09 11:17:40 +02:00
Xavier Beaudouin	53b60cbc27	Import check_mk_agent from ports	2024-09-09 11:15:45 +02:00
Xavier Beaudouin	cdfff2f06d	Remove relayd + samba416 uncessery ports	2024-09-04 16:26:02 +02:00
Xavier Beaudouin	f6bac9b95f	Removed	2024-09-04 16:25:31 +02:00
Xavier Beaudouin	490ebed1a2	math/blis: not needed anymore	2024-09-04 16:24:47 +02:00
Xavier Beaudouin	e9dd66620e	PLIST_SUB	2024-09-04 15:14:08 +02:00
Xavier Beaudouin	71cec86c27	added DISTVERSION	2024-09-04 14:58:36 +02:00
Xavier Beaudouin	5ecc266da9	da-fuck?	2024-09-04 13:59:58 +02:00
Xavier Beaudouin	2887b2bc41	fix mython	2024-09-04 13:39:29 +02:00
Xavier Beaudouin	7b4ab6f642	Fix	2024-09-04 11:35:19 +02:00
Xavier Beaudouin	8d5a764658	Forgotten	2024-09-04 09:12:46 +02:00
Xavier Beaudouin	a77f5f743f	Forgot	2024-09-04 09:02:42 +02:00
Xavier Beaudouin	403ae864c8	Missing patch	2024-09-03 16:42:54 +02:00
Xavier Beaudouin	b15b4cb00e	Update freeipa-client	2024-09-03 14:14:10 +02:00
Xavier Beaudouin	611a04f2fb	Fix ptaches	2024-08-26 12:02:49 +02:00
Charlie Root	276c36772e	Fix	2024-08-26 12:00:42 +02:00
Xavier Beaudouin	09cce557a8	Bump version	2024-08-26 11:46:30 +02:00
Xavier Beaudouin	39b1225600	Patch	2024-08-26 11:45:17 +02:00
Xavier Beaudouin	11d2141e99	Removed	2024-08-26 11:39:35 +02:00
Xavier Beaudouin	fe885d33af	Fix	2024-08-26 11:38:46 +02:00
Xavier Beaudouin	a324b16114	Sync with port	2024-08-26 11:14:24 +02:00
Xavier Beaudouin	f9446ae2bc	Don't need this patch anymore	2024-08-26 10:50:10 +02:00
Xavier Beaudouin	89ed0f4b86	sssd2 is now merged	2024-08-26 10:47:57 +02:00
Xavier Beaudouin	3dbc00e6a9	openssh-portable is update by 0mp	2024-08-26 10:47:29 +02:00
Xavier Beaudouin	a640d13601	netbox-agent is in the ports	2024-08-26 10:46:42 +02:00
Xavier Beaudouin	6a8811e740	revert `e003ad43ec` Need this	2024-08-26 08:45:36 +00:00
Xavier Beaudouin	690eb31c22	Remove GH tag	2024-08-22 14:14:21 +02:00
Xavier Beaudouin	9accb199e5	Fixes	2024-08-22 13:43:17 +02:00
Xavier Beaudouin	bf9444e0b1	mv net/netbox-agent net-mgmt/netbox-agent	2024-08-22 13:39:03 +02:00
Xavier Beaudouin	6de0037431	Fix	2024-08-22 12:07:34 +02:00
Xavier Beaudouin	a9a64115e1	dep	2024-08-21 17:13:57 +02:00
Xavier Beaudouin	699f92e91a	Added deps	2024-08-21 14:55:33 +02:00
Xavier Beaudouin	39454779ee	Fix Depends	2024-08-21 14:38:53 +02:00
Xavier Beaudouin	17afda2eca	fix	2024-08-21 13:37:53 +02:00
Xavier Beaudouin	d6e4b56d95	Fix	2024-08-21 13:36:04 +02:00
Xavier Beaudouin	41ef715b17	netbox agent	2024-08-21 13:33:32 +02:00
Xavier Beaudouin	e003ad43ec	Not needed	2024-07-29 09:49:29 +02:00
Xavier Beaudouin	d6eda6be3c	Commited into porttree not needed	2024-06-27 10:34:48 +02:00
Xavier Beaudouin	365c48dfcf	Fix	2024-06-26 09:51:05 +02:00
Xavier Beaudouin	631009dff7	Update daniel's port	2024-06-26 09:40:02 +02:00
Xavier Beaudouin	cb90af48a0	Added Daniel initial port	2024-06-26 09:34:14 +02:00
Xavier Beaudouin	fbac8f4d26	Conflict version with one on the ports	2024-06-25 14:06:25 +02:00
Xavier Beaudouin	b446e5eae2	Try MarkJ patch	2024-06-25 14:04:13 +02:00
Xavier Beaudouin	3ec7667371	Test again	2024-06-25 14:01:37 +02:00
Xavier Beaudouin	016c14dd0a	Tmp	2024-06-25 09:57:57 +02:00
Xavier Beaudouin	b9a8122aad	Not needed	2024-06-17 09:42:06 +02:00
Xavier Beaudouin	734ab5e5e9	Support for hashed mode to poudriere	2024-06-05 15:24:04 +02:00
Xavier Beaudouin	cdd5fb7b20	Fix	2024-05-31 15:44:20 +02:00
Xavier Beaudouin	383e9d32ef	Not needed anymore	2024-05-31 15:43:28 +02:00
		`@ -0,0 +1 @@`
							`Kati is an apache licensed replacement for GNU make`
		`@ -0,0 +1,2 @@`
							`FreeIPA is a free and open source identity management system. This`
							`package provides its command-line administration tools.`