18 files changed, 2099 insertions, 313 deletions

diff --git a/net/samba48/Makefile b/net/samba48/Makefile
index c95fccfdbf21..1ee7b0e6daf5 100644
--- a/net/samba48/Makefile
+++ b/net/samba48/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=			${SAMBA4_BASENAME}48
 PORTVERSION=			${SAMBA4_VERSION}
-PORTREVISION=			1
+PORTREVISION=			0
 CATEGORIES?=			net
 MASTER_SITES=			SAMBA/samba/stable SAMBA/samba/rc
 DISTNAME=			${SAMBA4_DISTNAME}
@@ -14,20 +14,24 @@ COMMENT=			Free SMB/CIFS and AD/DC server and client for Unix
 LICENSE=			GPLv3
 
 BROKEN_powerpc64=		fails to compile: auth.idl:107: Unable to determine origin of type struct cli_credentials
-
 IGNORE_NONTHREAD_PYTHON=	needs port lang/python${PYTHON_SUFFIX} to be build with THREADS support
 
 CONFLICTS_INSTALL?=		samba4-4.0.* samba4[1-79]-4.* p5-Parse-Pidl-4.*
 
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Zfs-provision-1.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-Freenas-master-mdns-fixes-22.patch:-p1
-EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13427.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-audit.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-ctdb.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13175.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13351.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13441.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13451.patch:-p1
+EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-13537.patch:-p1
 EXTRA_PATCHES+=			${PATCHDIR}/0001-bug-228462.patch:-p1
 
 SAMBA4_BASENAME=		samba
 SAMBA4_PORTNAME=		${SAMBA4_BASENAME}4
-SAMBA4_VERSION=			4.8.2
+SAMBA4_VERSION=			4.8.3
 SAMBA4_DISTNAME=		${SAMBA4_BASENAME}-${SAMBA4_VERSION:S|.p|pre|:S|.r|rc|:S|.t|tp|:S|.a|alpha|}
 
 WRKSRC?=			${WRKDIR}/${DISTNAME}
@@ -98,7 +102,7 @@ OPTIONS_DEFINE+=		DEVELOPER MANDOC
 OPTIONS_DEFINE_amd64=		AESNI
 OPTIONS_DEFAULT_amd64=		AESNI
 
-OPTIONS_DEFINE+=		CUPS GPGME NTVFS SPOTLIGHT
+OPTIONS_DEFINE+=		CLUSTER CUPS GPGME NTVFS SPOTLIGHT
 #OPTIONS_DEFINE+=		MEMORY_DEBUG
 
 OPTIONS_SINGLE=			GSSAPI
@@ -133,9 +137,11 @@ GSSAPI_BUILTIN_DESC=		GSSAPI support via bundled Heimdal
 BIND911_DESC=			Use Bind 9.11 as AD DC DNS server frontend
 NSUPDATE_DESC=			Use samba NSUPDATE utility for AD DC
 ##############################################################################
-PLIST_SUB+=			CLUSTER="@comment "
-SUB_LIST+=			CLUSTER="@comment "
-# XXX: Unconditional dependencies which can't be switched off(if present in the system)
+# XXX: Unconditional dependencies which can't be switched off(if present in
+# the system)
+# Readline(sponsored by Python)
+# XXX: USES=readline pollutes CPPFLAGS, so we explicitly put dependency
+LIB_DEPENDS+=			libreadline.so.7:devel/readline
 # popt
 LIB_DEPENDS+=			libpopt.so:devel/popt
 # inotify
@@ -159,7 +165,7 @@ RUN_DEPENDS+=			libarchive>=3.1.2:archivers/libarchive
 #SAMBA4_BUNDLED_TALLOC=		yes
 #SAMBA4_BUNDLED_TEVENT=		yes
 #SAMBA4_BUNDLED_TDB=		yes
-#SAMBA4_BUNDLED_LDB=		yes
+SAMBA4_BUNDLED_LDB=		yes
 SAMBA4_LDB=			13
 # cmocka
 .if defined(SAMBA4_BUNDLED_CMOCKA)
@@ -182,8 +188,8 @@ PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC=""
 SUB_LIST+=			SAMBA4_BUNDLED_TALLOC=""
 .else
 SAMBA4_BUNDLED_LIBS+=		!talloc
-BUILD_DEPENDS+=			talloc>=2.1.13:devel/talloc
-RUN_DEPENDS+=			talloc>=2.1.13:devel/talloc
+BUILD_DEPENDS+=			talloc>=2.1.14:devel/talloc
+RUN_DEPENDS+=			talloc>=2.1.14:devel/talloc
 PLIST_SUB+=			SAMBA4_BUNDLED_TALLOC="@comment "
 SUB_LIST+=			SAMBA4_BUNDLED_TALLOC="@comment "
 .endif
@@ -195,8 +201,8 @@ PLIST_SUB+=			SAMBA4_BUNDLED_TEVENT=""
 SUB_LIST+=			SAMBA4_BUNDLED_TEVENT=""
 .else
 SAMBA4_BUNDLED_LIBS+=		!tevent
-BUILD_DEPENDS+=			tevent>=0.9.36:devel/tevent
-RUN_DEPENDS+=			tevent>=0.9.36:devel/tevent
+BUILD_DEPENDS+=			tevent>=0.9.37:devel/tevent
+RUN_DEPENDS+=			tevent>=0.9.37:devel/tevent
 PLIST_SUB+=			SAMBA4_BUNDLED_TEVENT="@comment "
 SUB_LIST+=			SAMBA4_BUNDLED_TEVENT="@comment "
 .endif
@@ -222,8 +228,8 @@ PLIST_SUB+=			SAMBA4_BUNDLED_LDB=""
 SUB_LIST+=			SAMBA4_BUNDLED_LDB=""
 .else
 .       if ${SAMBA4_LDB} == 13
-BUILD_DEPENDS+=			ldb13>=1.3.3:databases/ldb13
-RUN_DEPENDS+=			ldb13>=1.3.3:databases/ldb13
+BUILD_DEPENDS+=			ldb13>=1.3.4:databases/ldb13
+RUN_DEPENDS+=			ldb13>=1.3.4:databases/ldb13
 .       elif ${SAMBA4_LDB} == 12
 BUILD_DEPENDS+=			ldb12>=1.2.3:databases/ldb12
 RUN_DEPENDS+=			ldb12>=1.2.3:databases/ldb12
@@ -431,10 +437,10 @@ BUILD_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_F
 RUN_DEPENDS+=			${PYTHON_PKGNAMEPREFIX}iso8601>=0.1.11:devel/py-iso8601@${PY_FLAVOR}
 # XXX: This is a gross hack to make port use both Python 2.7+ and 3.3+
 # This is not officially supported, use at your own risk
-.if defined(WITH_SAMBA4_PYTHON3) && ${WITH_SAMBA4_PYTHON3:Mpython3\.[0-9]}
-SAMBA4_PYTHON3=			${WITH_SAMBA4_PYTHON3}
-SAMBA4_PYTHON3_VERSION:=	${SAMBA4_PYTHON3:S/^python//}
-SAMBA4_PYTHON3_VER:=		${SAMBA4_PYTHON3_VERSION:C/\.//}
+.if defined(WITH_SAMBA4_PYTHON3) && ${WITH_SAMBA4_PYTHON3:M3\.[0-9]}
+SAMBA4_PYTHON3_VERSION=		${WITH_SAMBA4_PYTHON3}
+SAMBA4_PYTHON3=			python${SAMBA4_PYTHON3_VERSION}
+SAMBA4_PYTHON3_VER=		${SAMBA4_PYTHON3_VERSION:C/\.//}
 .if !exists(${PORTSDIR}/lang/python${SAMBA4_PYTHON3_VER})
 .error				unsupported or unknown Python version ${SAMBA4_PYTHON3_VERSION}
 .endif
@@ -476,8 +482,11 @@ PLIST_FILES+=			lib/samba4/private/libaesni-intel-samba4.so
 CONFIGURE_ARGS+=		--accel-aes=none
 .endif
 
-.if ${PORT_OPTIONS:MAD_DC} && ${PORT_OPTIONS:MGSSAPI_MIT}
+.if ${PORT_OPTIONS:MGSSAPI_MIT}
+PLIST_FILES+=			lib/samba4/winbind-krb5-localauth.so
+.       if ${PORT_OPTIONS:MAD_DC}
 PLIST_FILES+=			lib/samba4/krb5/plugins/kdb/samba.so
+.       endif
 .endif
 # for libexecinfo: (so that __builtin_frame_address() finds the top of the stack)
 CFLAGS_amd64+=			-fno-omit-frame-pointer
@@ -585,6 +594,10 @@ post-install-rm-junk:
 .for f in vfs_aio_linux.8 vfs_btrfs.8 vfs_ceph.8 vfs_gpfs.8
 				${RM} ${STAGEDIR}${PREFIX}/man/man8/${f}
 .endfor
+.if defined(NO_PYTHON)
+				${RM} -r ${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party/dns \
+					 ${STAGEDIR}${PYTHON_SITELIBDIR}/samba/third_party/iso8601
+.endif
 
 post-install: post-install-rm-junk
 				${LN} -sf smb.conf.5.gz ${STAGEDIR}${PREFIX}/man/man5/smb4.conf.5.gz
diff --git a/net/samba48/distinfo b/net/samba48/distinfo
index a097e42c1fd0..819a15095f69 100644
--- a/net/samba48/distinfo
+++ b/net/samba48/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1526478569
-SHA256 (samba-4.8.2.tar.gz) = 62e552296d49e6ab44bb87d120a288813fa52e42435d53a1f71b77596512bf22
-SIZE (samba-4.8.2.tar.gz) = 17675145
+TIMESTAMP = 1530185888
+SHA256 (samba-4.8.3.tar.gz) = e0569a8a605d5dfb49f1fdd11db796f4d36fe0351c4a7f21387ef253010b82ed
+SIZE (samba-4.8.3.tar.gz) = 17680660
diff --git a/net/samba48/files/0001-Zfs-provision-1.patch b/net/samba48/files/0001-Zfs-provision-1.patch
index 12f9ac9f394a..7edd94a9b1d9 100644
--- a/net/samba48/files/0001-Zfs-provision-1.patch
+++ b/net/samba48/files/0001-Zfs-provision-1.patch
@@ -120,11 +120,13 @@ diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
 index 63fc5d68c33..f5a536ee186 100644
 --- a/source3/smbd/pysmbd.c
 +++ b/source3/smbd/pysmbd.c
-@@ -335,6 +335,18 @@ static SMB_ACL_T make_simple_acl(gid_t gid, mode_t chmod_mode)
+@@ -368,6 +368,20 @@ static SMB_ACL_T make_simple_acl(TALLOC_
  	return acl;
  }
  
-+static SMB_ACL_T make_simple_nfsv4_acl(gid_t gid, mode_t chmod_mode)
++static SMB_ACL_T make_simple_nfsv4_acl(TALLOC_CTX *mem_ctx,
++					gid_t gid,
++					mode_t chmod_mode)
 +{
 +	/*
 +	 * This function needs to create an NFSv4 ACL. Currently, the only way
@@ -139,25 +141,10 @@ index 63fc5d68c33..f5a536ee186 100644
  /*
    set a simple ACL on a file, as a test
   */
-@@ -363,6 +375,53 @@ static PyObject *py_smbd_set_simple_acl(PyObject *self, PyObject *args, PyObject
- 	}
+@@ -413,6 +427,53 @@ static PyObject *py_smbd_set_simple_acl(
+ }
  
- 	ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn);
-+
-+	TALLOC_FREE(acl);
-+
-+	if (ret != 0) {
-+		TALLOC_FREE(frame);
-+		errno = ret;
-+		return PyErr_SetFromErrno(PyExc_OSError);
-+	}
-+
-+	TALLOC_FREE(frame);
-+
-+	Py_RETURN_NONE;
-+}
-+
-+/*
+ /*
 +  set a simple NFSv4 ACL on a file, as a test
 + */
 +static PyObject *py_smbd_set_simple_nfsv4_acl(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -175,10 +162,14 @@ index 63fc5d68c33..f5a536ee186 100644
 +					 &fname, &mode, &gid, &service))
 +		return NULL;
 +
-+	acl = make_simple_nfsv4_acl(gid, mode);
-+
 +	frame = talloc_stackframe();
 +
++	acl = make_simple_nfsv4_acl(frame, gid, mode);
++	if (acl == NULL) {
++		TALLOC_FREE(frame);
++		return NULL;
++	}
++
 +	conn = get_conn(frame, service);
 +	if (!conn) {
 +		return NULL;
@@ -187,13 +178,24 @@ index 63fc5d68c33..f5a536ee186 100644
 +	/*
 +	 * SMB_ACL_TYPE_ACCESS -> ACL_TYPE_ACCESS -> Not valid for NFSv4 ACL
 +	 */
-+	//ret = set_sys_acl_conn(fname, SMB_ACL_TYPE_ACCESS, acl, conn);
 +	ret = 0;
 +
- 	TALLOC_FREE(acl);
- 
- 	if (ret != 0) {
-@@ -483,7 +542,7 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs
++	if (ret != 0) {
++		TALLOC_FREE(frame);
++		errno = ret;
++		return PyErr_SetFromErrno(PyExc_OSError);
++	}
++
++	TALLOC_FREE(frame);
++
++	Py_RETURN_NONE;
++}
++
++/*
+   chown a file
+  */
+ static PyObject *py_smbd_chown(PyObject *self, PyObject *args, PyObject *kwargs)
+@@ -519,7 +580,7 @@ static PyObject *py_smbd_unlink(PyObject
  }
  
  /*
@@ -202,7 +204,7 @@ index 63fc5d68c33..f5a536ee186 100644
   */
  static PyObject *py_smbd_have_posix_acls(PyObject *self)
  {
-@@ -494,6 +553,86 @@ static PyObject *py_smbd_have_posix_acls(PyObject *self)
+@@ -530,6 +591,86 @@ static PyObject *py_smbd_have_posix_acls
  #endif
  }
  
@@ -289,7 +291,7 @@ index 63fc5d68c33..f5a536ee186 100644
  /*
    set the NT ACL on a file
   */
-@@ -681,9 +820,24 @@ static PyMethodDef py_smbd_methods[] = {
+@@ -717,9 +858,24 @@ static PyMethodDef py_smbd_methods[] = {
  	{ "have_posix_acls",
  		(PyCFunction)py_smbd_have_posix_acls, METH_NOARGS,
  		NULL },
diff --git a/net/samba48/files/0001-audit.patch b/net/samba48/files/0001-audit.patch
new file mode 100644
index 000000000000..75708608e4ad
--- /dev/null
+++ b/net/samba48/files/0001-audit.patch
@@ -0,0 +1,247 @@
+From 7d1bcfc99c393367093c903f95a5e365881b7989 Mon Sep 17 00:00:00 2001
+From: "Timur I. Bakeyev" <timur@iXsystems.com>
+Date: Fri, 22 Jun 2018 12:15:30 +0800
+Subject: [PATCH 1/3] Make sure that vfs*audit modules recognize and accept all
+ the syslog facilities.
+
+---
+ source3/modules/vfs_audit.c      | 34 +++++++++++++++++++++++-----------
+ source3/modules/vfs_extd_audit.c | 34 +++++++++++++++++++++++-----------
+ source3/modules/vfs_full_audit.c | 34 +++++++++++++++++++++++-----------
+ 3 files changed, 69 insertions(+), 33 deletions(-)
+
+diff --git a/source3/modules/vfs_audit.c b/source3/modules/vfs_audit.c
+index 12477d5b01f..4f9d16c452e 100644
+--- a/source3/modules/vfs_audit.c
++++ b/source3/modules/vfs_audit.c
+@@ -33,16 +33,28 @@
+ static int audit_syslog_facility(vfs_handle_struct *handle)
+ {
+ 	static const struct enum_list enum_log_facilities[] = {
+-		{ LOG_USER, "USER" },
+-		{ LOG_LOCAL0, "LOCAL0" },
+-		{ LOG_LOCAL1, "LOCAL1" },
+-		{ LOG_LOCAL2, "LOCAL2" },
+-		{ LOG_LOCAL3, "LOCAL3" },
+-		{ LOG_LOCAL4, "LOCAL4" },
+-		{ LOG_LOCAL5, "LOCAL5" },
+-		{ LOG_LOCAL6, "LOCAL6" },
+-		{ LOG_LOCAL7, "LOCAL7" },
+-		{ -1, NULL}
++		{ LOG_AUTH,	"AUTH" },
++		{ LOG_CRON,	"CRON" },
++		{ LOG_DAEMON,	"DAEMON" },
++		{ LOG_FTP,	"FTP" },
++		{ LOG_KERN,	"KERN" },
++		{ LOG_LPR,	"LPR" },
++		{ LOG_MAIL,	"MAIL" },
++		{ LOG_NEWS,	"NEWS" },
++		{ LOG_NTP,	"NTP" },
++		{ LOG_SECURITY,	"SECURITY" },
++		{ LOG_SYSLOG,	"SYSLOG" },
++		{ LOG_USER,	"USER" },
++		{ LOG_UUCP,	"UUCP" },
++		{ LOG_LOCAL0,	"LOCAL0" },
++		{ LOG_LOCAL1,	"LOCAL1" },
++		{ LOG_LOCAL2,	"LOCAL2" },
++		{ LOG_LOCAL3,	"LOCAL3" },
++		{ LOG_LOCAL4,	"LOCAL4" },
++		{ LOG_LOCAL5,	"LOCAL5" },
++		{ LOG_LOCAL6,	"LOCAL6" },
++		{ LOG_LOCAL7,	"LOCAL7" },
++		{ -1,		NULL }
+ 	};
+ 
+ 	int facility;
+@@ -64,7 +76,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
+ 		{ LOG_NOTICE, "NOTICE" },
+ 		{ LOG_INFO, "INFO" },
+ 		{ LOG_DEBUG, "DEBUG" },
+-		{ -1, NULL}
++		{ -1, NULL }
+ 	};
+ 
+ 	int priority;
+diff --git a/source3/modules/vfs_extd_audit.c b/source3/modules/vfs_extd_audit.c
+index 7d1fe273978..5307569a010 100644
+--- a/source3/modules/vfs_extd_audit.c
++++ b/source3/modules/vfs_extd_audit.c
+@@ -36,16 +36,28 @@ static int vfs_extd_audit_debug_level = DBGC_VFS;
+ static int audit_syslog_facility(vfs_handle_struct *handle)
+ {
+ 	static const struct enum_list enum_log_facilities[] = {
+-		{ LOG_USER, "USER" },
+-		{ LOG_LOCAL0, "LOCAL0" },
+-		{ LOG_LOCAL1, "LOCAL1" },
+-		{ LOG_LOCAL2, "LOCAL2" },
+-		{ LOG_LOCAL3, "LOCAL3" },
+-		{ LOG_LOCAL4, "LOCAL4" },
+-		{ LOG_LOCAL5, "LOCAL5" },
+-		{ LOG_LOCAL6, "LOCAL6" },
+-		{ LOG_LOCAL7, "LOCAL7" },
+-		{ -1, NULL}
++		{ LOG_AUTH,	"AUTH" },
++		{ LOG_CRON,	"CRON" },
++		{ LOG_DAEMON,	"DAEMON" },
++		{ LOG_FTP,	"FTP" },
++		{ LOG_KERN,	"KERN" },
++		{ LOG_LPR,	"LPR" },
++		{ LOG_MAIL,	"MAIL" },
++		{ LOG_NEWS,	"NEWS" },
++		{ LOG_NTP,	"NTP" },
++		{ LOG_SECURITY,	"SECURITY" },
++		{ LOG_SYSLOG,	"SYSLOG" },
++		{ LOG_USER,	"USER" },
++		{ LOG_UUCP,	"UUCP" },
++		{ LOG_LOCAL0,	"LOCAL0" },
++		{ LOG_LOCAL1,	"LOCAL1" },
++		{ LOG_LOCAL2,	"LOCAL2" },
++		{ LOG_LOCAL3,	"LOCAL3" },
++		{ LOG_LOCAL4,	"LOCAL4" },
++		{ LOG_LOCAL5,	"LOCAL5" },
++		{ LOG_LOCAL6,	"LOCAL6" },
++		{ LOG_LOCAL7,	"LOCAL7" },
++		{ -1,		NULL }
+ 	};
+ 
+ 	int facility;
+@@ -67,7 +79,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
+ 		{ LOG_NOTICE, "NOTICE" },
+ 		{ LOG_INFO, "INFO" },
+ 		{ LOG_DEBUG, "DEBUG" },
+-		{ -1, NULL}
++		{ -1, NULL }
+ 	};
+ 
+ 	int priority;
+diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
+index a205007f46f..a52af4b5740 100644
+--- a/source3/modules/vfs_full_audit.c
++++ b/source3/modules/vfs_full_audit.c
+@@ -357,16 +357,28 @@ static struct {
+ static int audit_syslog_facility(vfs_handle_struct *handle)
+ {
+ 	static const struct enum_list enum_log_facilities[] = {
+-		{ LOG_USER, "USER" },
+-		{ LOG_LOCAL0, "LOCAL0" },
+-		{ LOG_LOCAL1, "LOCAL1" },
+-		{ LOG_LOCAL2, "LOCAL2" },
+-		{ LOG_LOCAL3, "LOCAL3" },
+-		{ LOG_LOCAL4, "LOCAL4" },
+-		{ LOG_LOCAL5, "LOCAL5" },
+-		{ LOG_LOCAL6, "LOCAL6" },
+-		{ LOG_LOCAL7, "LOCAL7" },
+-		{ -1, NULL}
++		{ LOG_AUTH,	"AUTH" },
++		{ LOG_CRON,	"CRON" },
++		{ LOG_DAEMON,	"DAEMON" },
++		{ LOG_FTP,	"FTP" },
++		{ LOG_KERN,	"KERN" },
++		{ LOG_LPR,	"LPR" },
++		{ LOG_MAIL,	"MAIL" },
++		{ LOG_NEWS,	"NEWS" },
++		{ LOG_NTP,	"NTP" },
++		{ LOG_SECURITY,	"SECURITY" },
++		{ LOG_SYSLOG,	"SYSLOG" },
++		{ LOG_USER,	"USER" },
++		{ LOG_UUCP,	"UUCP" },
++		{ LOG_LOCAL0,	"LOCAL0" },
++		{ LOG_LOCAL1,	"LOCAL1" },
++		{ LOG_LOCAL2,	"LOCAL2" },
++		{ LOG_LOCAL3,	"LOCAL3" },
++		{ LOG_LOCAL4,	"LOCAL4" },
++		{ LOG_LOCAL5,	"LOCAL5" },
++		{ LOG_LOCAL6,	"LOCAL6" },
++		{ LOG_LOCAL7,	"LOCAL7" },
++		{ -1,		NULL }
+ 	};
+ 
+ 	int facility;
+@@ -387,7 +399,7 @@ static int audit_syslog_priority(vfs_handle_struct *handle)
+ 		{ LOG_NOTICE, "NOTICE" },
+ 		{ LOG_INFO, "INFO" },
+ 		{ LOG_DEBUG, "DEBUG" },
+-		{ -1, NULL}
++		{ -1, NULL }
+ 	};
+ 
+ 	int priority;
+-- 
+2.16.3
+
+
+From b98fc517251ad25b695ef64453ffe3eaaffed5d8 Mon Sep 17 00:00:00 2001
+From: "Timur I. Bakeyev" <timur@iXsystems.com>
+Date: Fri, 22 Jun 2018 12:19:42 +0800
+Subject: [PATCH 2/3] Make "none" is the default setting for the successful and
+ failed operations in the vfs_full_audit, so you don't blow up your server by
+ just adding this module to the configuration.
+
+---
+ source3/modules/vfs_full_audit.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
+index a52af4b5740..bc40c8137dc 100644
+--- a/source3/modules/vfs_full_audit.c
++++ b/source3/modules/vfs_full_audit.c
+@@ -624,6 +624,7 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
+ 			 const char *svc, const char *user)
+ {
+ 	int result;
++	const char *none[] = { "none" };
+ 	struct vfs_full_audit_private_data *pd = NULL;
+ 
+ 	result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
+@@ -663,10 +664,10 @@ static int smb_full_audit_connect(vfs_handle_struct *handle,
+ 
+ 	pd->success_ops = init_bitmap(
+ 		pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
+-					"success", NULL));
++					"success", none));
+ 	pd->failure_ops = init_bitmap(
+ 		pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
+-					"failure", NULL));
++					"failure", none));
+ 
+ 	/* Store the private data. */
+ 	SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,
+-- 
+2.16.3
+
+
+From e25f3a6cfc284737d8df941686f6629568763103 Mon Sep 17 00:00:00 2001
+From: "Timur I. Bakeyev" <timur@iXsystems.com>
+Date: Fri, 22 Jun 2018 12:36:07 +0800
+Subject: [PATCH 3/3] Document that vfs_full_audit defaults are "none" for the
+ successful and failed operations.
+
+---
+ docs-xml/manpages/vfs_full_audit.8.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml
+index cefe66d8b6f..ac8473f9990 100644
+--- a/docs-xml/manpages/vfs_full_audit.8.xml
++++ b/docs-xml/manpages/vfs_full_audit.8.xml
+@@ -164,7 +164,7 @@
+ 		<para>LIST is a list of VFS operations that should be
+ 		recorded if they succeed. Operations are specified using
+ 		the names listed above. Operations can be unset by prefixing
+-		the names with "!". The default is all operations.
++		the names with "!". The default is none operations.
+ 		</para>
+ 
+ 		</listitem>
+@@ -176,7 +176,7 @@
+ 		<para>LIST is a list of VFS operations that should be
+ 		recorded if they failed. Operations are specified using
+ 		the names listed above. Operations can be unset by prefixing
+-		the names with "!". The default is all operations.
++		the names with "!". The default is none operations.
+ 		</para>
+ 
+ 		</listitem>
+-- 
+2.16.3
+
diff --git a/net/samba48/files/0001-bug-13351.patch b/net/samba48/files/0001-bug-13351.patch
new file mode 100644
index 000000000000..f11093b221c2
--- /dev/null
+++ b/net/samba48/files/0001-bug-13351.patch
@@ -0,0 +1,50 @@
+From 1598b78bf791b5a2b8ff52745563ebfcc2a5a0cb Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Thu, 22 Mar 2018 08:03:58 +0100
+Subject: [PATCH] s3: smbd: always set vuid in check_user_ok()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+A SMB session reauth will have invalidated conn->vuid via
+conn_clear_vuid_caches().
+
+Ensure conn->vuid always has the vuid of the current user in
+check_user_ok().
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13351
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+
+Autobuild-User(master): Ralph Böhme <slow@samba.org>
+Autobuild-Date(master): Thu Mar 22 18:26:04 CET 2018 on sn-devel-144
+
+(cherry picked from commit 42d6dd2f30b6c3b3176bd1f378422a2eb62b1008)
+---
+ source3/smbd/uid.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
+index 6eb53920abf..b24ae3cc3b0 100644
+--- a/source3/smbd/uid.c
++++ b/source3/smbd/uid.c
+@@ -202,6 +202,7 @@ static bool check_user_ok(connection_struct *conn,
+ 			conn->session_info = ent->session_info;
+ 			conn->read_only = ent->read_only;
+ 			conn->share_access = ent->share_access;
++			conn->vuid = ent->vuid;
+ 			return(True);
+ 		}
+ 	}
+@@ -250,6 +251,7 @@ static bool check_user_ok(connection_struct *conn,
+ 	ent->share_access = share_access;
+ 	free_conn_session_info_if_unused(conn);
+ 	conn->session_info = ent->session_info;
++	conn->vuid = ent->vuid;
+ 	if (vuid == UID_FIELD_INVALID) {
+ 		/*
+ 		 * Not strictly needed, just make it really
+-- 
+2.13.6
+
diff --git a/net/samba48/files/0001-bug-13427.patch b/net/samba48/files/0001-bug-13427.patch
deleted file mode 100644
index 11d2534b498e..000000000000
--- a/net/samba48/files/0001-bug-13427.patch
+++ /dev/null
@@ -1,213 +0,0 @@
-From 31e168958987826ab7cce61b854daf2a8f3f2adb Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 9 May 2018 13:30:13 +0200
-Subject: [PATCH 1/3] auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal
- option
-
-This will be used to similate a Windows client only
-using NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL
-on an LDAP connection, which is indicated internally by
-GENSEC_FEATURE_LDAP_STYLE.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit 7f2bebf09cd8056b3f901dd9ff1fc9e9525f3e9d)
----
- auth/ntlmssp/ntlmssp_client.c | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
-index db2003f0d6b..54fda41b534 100644
---- a/auth/ntlmssp/ntlmssp_client.c
-+++ b/auth/ntlmssp/ntlmssp_client.c
-@@ -865,13 +865,23 @@ NTSTATUS gensec_ntlmssp_client_start(struct gensec_security *gensec_security)
- 			 * is requested.
- 			 */
- 			ntlmssp_state->force_wrap_seal = true;
--			/*
--			 * We want also work against old Samba servers
--			 * which didn't had GENSEC_FEATURE_LDAP_STYLE
--			 * we negotiate SEAL too. We may remove this
--			 * in a few years. As all servers should have
--			 * GENSEC_FEATURE_LDAP_STYLE by then.
--			 */
-+		}
-+	}
-+	if (ntlmssp_state->force_wrap_seal) {
-+		bool ret;
-+
-+		/*
-+		 * We want also work against old Samba servers
-+		 * which didn't had GENSEC_FEATURE_LDAP_STYLE
-+		 * we negotiate SEAL too. We may remove this
-+		 * in a few years. As all servers should have
-+		 * GENSEC_FEATURE_LDAP_STYLE by then.
-+		 */
-+		ret = gensec_setting_bool(gensec_security->settings,
-+					  "ntlmssp_client",
-+					  "ldap_style_send_seal",
-+					  true);
-+		if (ret) {
- 			ntlmssp_state->required_flags |= NTLMSSP_NEGOTIATE_SEAL;
- 		}
- 	}
--- 
-2.14.3
-
-
-From 1734791570ff0eb57a04fef779a093c20c83ed9d Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Wed, 9 May 2018 13:33:05 +0200
-Subject: [PATCH 2/3] s4:selftest: run test_ldb_simple.sh with more auth
- options
-
-This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE
-handling in our LDAP server.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-(cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782)
----
- selftest/knownfail.d/ntlmssp_ldap_style_send_seal | 1 +
- source4/selftest/tests.py                         | 7 +++++++
- 2 files changed, 8 insertions(+)
- create mode 100644 selftest/knownfail.d/ntlmssp_ldap_style_send_seal
-
-diff --git a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
-new file mode 100644
-index 00000000000..0cd7cc2ea39
---- /dev/null
-+++ b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
-@@ -0,0 +1 @@
-+^samba4.ldb.simple.ldap.*ldap_style_send_seal=no
-diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
-index 621a61347bc..226617f3b6a 100755
---- a/source4/selftest/tests.py
-+++ b/source4/selftest/tests.py
-@@ -116,6 +116,13 @@ for env in ["ad_dc_ntvfs", "fl2008r2dc", "fl2003dc"]:
-         '--option=clientldapsaslwrapping=plain',
-         '--sign',
-         '--encrypt',
-+        '-k yes --option=clientldapsaslwrapping=plain',
-+        '-k yes --sign',
-+        '-k yes --encrypt',
-+        '-k no --option=clientldapsaslwrapping=plain',
-+        '-k no --sign --option=ntlmssp_client:ldap_style_send_seal=no',
-+        '-k no --sign',
-+        '-k no --encrypt',
-     ]
- 
-     for auth_option in auth_options:
--- 
-2.14.3
-
-
-From 4b612bcfb938a49b2725e913a95004bd9fa6c3c3 Mon Sep 17 00:00:00 2001
-From: Stefan Metzmacher <metze@samba.org>
-Date: Mon, 7 May 2018 14:50:27 +0200
-Subject: [PATCH 3/3] auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE
- as a server
-
-This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
-error messages, which were generated if the client only sends
-NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
-connection.
-
-This fixes a regession in the combination of commits
-77adac8c3cd2f7419894d18db735782c9646a202 and
-3a0b835408a6efa339e8b34333906bfe3aacd6e3.
-
-We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
-of the authentication (as a server, while we already
-do so at the beginning as a client).
-
-As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
-(as an internal flag) in order to let us work as a
-Windows using NTLMSSP for LDAP. Even if only signing is
-negotiated during the authentication the following PDUs
-will still be encrypted if NTLMSSP is used. This is exactly the
-same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
-I guess it's a bug in Windows, but we have to reimplement that
-bug. Note this only applies to NTLMSSP and only to LDAP!
-Signing only works fine for LDAP with Kerberos
-or DCERPC and NTLMSSP.
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427
-
-Signed-off-by: Stefan Metzmacher <metze@samba.org>
-Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-
-Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
-Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144
-
-(cherry picked from commit c7a3ce95ac4ce837d8fde36578b3b1f56c3ac2fa)
----
- auth/ntlmssp/gensec_ntlmssp_server.c              | 19 -------------------
- auth/ntlmssp/ntlmssp_server.c                     |  8 ++++++++
- selftest/knownfail.d/ntlmssp_ldap_style_send_seal |  1 -
- 3 files changed, 8 insertions(+), 20 deletions(-)
- delete mode 100644 selftest/knownfail.d/ntlmssp_ldap_style_send_seal
-
-diff --git a/auth/ntlmssp/gensec_ntlmssp_server.c b/auth/ntlmssp/gensec_ntlmssp_server.c
-index c0e6cff5952..ab92f4d0c09 100644
---- a/auth/ntlmssp/gensec_ntlmssp_server.c
-+++ b/auth/ntlmssp/gensec_ntlmssp_server.c
-@@ -179,25 +179,6 @@ NTSTATUS gensec_ntlmssp_server_start(struct gensec_security *gensec_security)
- 	ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- 	ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
- 
--	if (gensec_security->want_features & GENSEC_FEATURE_SESSION_KEY) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
--	}
--	if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
--
--		if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
--			/*
--			 * We need to handle NTLMSSP_NEGOTIATE_SIGN as
--			 * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
--			 * is requested.
--			 */
--			ntlmssp_state->force_wrap_seal = true;
--		}
--	}
--	if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
--		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
--	}
- 
- 	if (role == ROLE_STANDALONE) {
- 		ntlmssp_state->server.is_standalone = true;
-diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
-index 37ed2bc9565..140e89daeb1 100644
---- a/auth/ntlmssp/ntlmssp_server.c
-+++ b/auth/ntlmssp/ntlmssp_server.c
-@@ -1080,6 +1080,14 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
- 	data_blob_free(&ntlmssp_state->challenge_blob);
- 
- 	if (gensec_ntlmssp_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
-+		if (gensec_security->want_features & GENSEC_FEATURE_LDAP_STYLE) {
-+			/*
-+			 * We need to handle NTLMSSP_NEGOTIATE_SIGN as
-+			 * NTLMSSP_NEGOTIATE_SEAL if GENSEC_FEATURE_LDAP_STYLE
-+			 * is requested.
-+			 */
-+			ntlmssp_state->force_wrap_seal = true;
-+		}
- 		nt_status = ntlmssp_sign_init(ntlmssp_state);
- 	}
- 
-diff --git a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal b/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
-deleted file mode 100644
-index 0cd7cc2ea39..00000000000
---- a/selftest/knownfail.d/ntlmssp_ldap_style_send_seal
-+++ /dev/null
-@@ -1 +0,0 @@
--^samba4.ldb.simple.ldap.*ldap_style_send_seal=no
--- 
-2.14.3
-
diff --git a/net/samba48/files/0001-bug-13441.patch b/net/samba48/files/0001-bug-13441.patch
new file mode 100644
index 000000000000..befb1988ab79
--- /dev/null
+++ b/net/samba48/files/0001-bug-13441.patch
@@ -0,0 +1,343 @@
+From 1aa2785b7549205c4187c2afcd171ea1ade96ba9 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 19 May 2018 01:36:21 +0200
+Subject: [PATCH 1/3] s4:torture/vfs/fruit: decrease large resource fork size
+ in test from 1 GB to 64 MB
+
+64 MB is a more realistic value and lets the test pass on FreeBSD with
+fruit:resource=stream and vfs_streams_xattr.
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 2729b4329af0ad0b6a8bd188450b8abd76670d8a)
+---
+ source4/torture/vfs/fruit.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
+index 4564047e0fb..543b1c5d969 100644
+--- a/source4/torture/vfs/fruit.c
++++ b/source4/torture/vfs/fruit.c
+@@ -1594,11 +1594,11 @@ static bool test_write_atalk_rfork_io(struct torture_context *tctx,
+ 
+ 	ret &= write_stream(tree, __location__, tctx, mem_ctx,
+ 			    fname, AFPRESOURCE_STREAM_NAME,
+-			    (off_t)1<<32, 10, rfork_content);
++			    (off_t)64*1024*1024, 10, rfork_content);
+ 
+ 	ret &= check_stream(tree, __location__, tctx, mem_ctx,
+ 			    fname, AFPRESOURCE_STREAM_NAME,
+-			    (off_t)1<<32, 10, 0, 10, rfork_content);
++			    (off_t)64*1024*1024, 10, 0, 10, rfork_content);
+ 
+ 	/* Truncate back to size of 1 byte */
+ 
+-- 
+2.13.6
+
+
+From 928b66f9b798497bb694434e08384bb75d029913 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Thu, 17 May 2018 16:43:49 +0200
+Subject: [PATCH 2/3] s4:torture: test setting EOF of a stream to 0 with
+ enabled AAPL extensions
+
+macOS SMB server uses xattrs as storage backend for streams, directly
+exposing xattr get/set characteristics. Setting EOF on a stream to 0
+just deletes the xattr as macOS doesn't support 0-byte sized xattrs.
+
+Note that this does not apply to the AFP_AfpInfo and AFP_Resource
+streams, they have even stranger semantics and we have other tests
+for those.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit cf5d471544f0cb0d072e4af1ee36798580d32897)
+---
+ selftest/knownfail.d/samba3.vfs.fruit |   3 +
+ source4/torture/vfs/fruit.c           | 197 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 200 insertions(+)
+
+diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit
+index 8df25bccb79..5931c471086 100644
+--- a/selftest/knownfail.d/samba3.vfs.fruit
++++ b/selftest/knownfail.d/samba3.vfs.fruit
+@@ -1 +1,4 @@
+ ^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\)
++^samba3.vfs.fruit metadata_netatalk.setinfo eof stream\(nt4_dc\)
++^samba3.vfs.fruit metadata_stream.setinfo eof stream\(nt4_dc\)
++^samba3.vfs.fruit streams_depot.setinfo eof stream\(nt4_dc\)
+diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
+index 543b1c5d969..1202adb2cbf 100644
+--- a/source4/torture/vfs/fruit.c
++++ b/source4/torture/vfs/fruit.c
+@@ -4578,6 +4578,202 @@ static bool test_nfs_aces(struct torture_context *tctx,
+ 	return ret;
+ }
+ 
++static bool test_setinfo_stream_eof(struct torture_context *tctx,
++				    struct smb2_tree *tree)
++{
++	bool ret = true;
++	NTSTATUS status;
++	struct smb2_create create;
++	union smb_setfileinfo sfinfo;
++	union smb_fileinfo finfo;
++	struct smb2_handle h1;
++	TALLOC_CTX *mem_ctx = talloc_new(tctx);
++	const char *fname = BASEDIR "\\file";
++	const char *sname = BASEDIR "\\file:foo";
++
++	torture_assert_goto(tctx, mem_ctx != NULL, ret, done,
++			    "talloc_new failed\n");
++
++	torture_comment(tctx, "Test setting EOF on a stream\n");
++
++	smb2_deltree(tree, BASEDIR);
++	status = torture_smb2_testdir(tree, BASEDIR, &h1);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testdir\n");
++	smb2_util_close(tree, h1);
++
++	status = torture_smb2_testfile(tree, fname, &h1);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++	smb2_util_close(tree, h1);
++
++	status = torture_smb2_testfile_access(tree, sname, &h1,
++					      SEC_FILE_WRITE_DATA);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++
++	status = smb2_util_write(tree, h1, "1234567890", 0, 10);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_util_write failed\n");
++	smb2_util_close(tree, h1);
++
++	/*
++	 * Test setting EOF to 21
++	 */
++
++	torture_comment(tctx, "Setting stream EOF to 21\n");
++
++	status = torture_smb2_testfile_access(tree, sname, &h1,
++					      SEC_FILE_WRITE_DATA);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++
++	ZERO_STRUCT(sfinfo);
++	sfinfo.generic.in.file.handle = h1;
++	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
++	sfinfo.position_information.in.position = 21;
++	status = smb2_setinfo_file(tree, &sfinfo);
++	torture_assert_ntstatus_ok_goto(tctx, status,
++					ret, done, "set EOF 21 failed\n");
++
++	smb2_util_close(tree, h1);
++
++	status = torture_smb2_testfile_access(tree, sname, &h1,
++					      SEC_FILE_WRITE_DATA);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++
++	ZERO_STRUCT(finfo);
++	finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
++	finfo.generic.in.file.handle = h1;
++	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_getinfo_file failed");
++
++	smb2_util_close(tree, h1);
++
++	torture_assert_goto(tctx, finfo.standard_info.out.size == 21,
++			    ret, done, "size != 21\n");
++
++	/*
++	 * Test setting EOF to 0
++	 */
++
++	torture_comment(tctx, "Setting stream EOF to 0\n");
++
++	status = torture_smb2_testfile_access(tree, sname, &h1,
++					      SEC_FILE_WRITE_DATA);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++
++	ZERO_STRUCT(sfinfo);
++	sfinfo.generic.in.file.handle = h1;
++	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
++	sfinfo.position_information.in.position = 0;
++	status = smb2_setinfo_file(tree, &sfinfo);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"set eof 0 failed\n");
++
++	smb2_util_close(tree, h1);
++
++	status = torture_smb2_testfile_access(tree, sname, &h1,
++					      SEC_FILE_WRITE_DATA);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++
++	ZERO_STRUCT(finfo);
++	finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
++	finfo.generic.in.file.handle = h1;
++	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_getinfo_file failed\n");
++
++	smb2_util_close(tree, h1);
++
++	torture_assert_goto(tctx, finfo.standard_info.out.size == 0,
++			    ret, done, "size != 0\n");
++
++	/*
++	 * Test setinfo end-of-file info to 1
++	 */
++
++	torture_comment(tctx, "Setting stream EOF to 1\n");
++
++	status = torture_smb2_testfile_access(tree, sname, &h1,
++					      SEC_FILE_WRITE_DATA);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++
++	ZERO_STRUCT(sfinfo);
++	sfinfo.generic.in.file.handle = h1;
++	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
++	sfinfo.position_information.in.position = 1;
++	status = smb2_setinfo_file(tree, &sfinfo);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"set EOF 1 failed\n");
++
++	smb2_util_close(tree, h1);
++
++	status = torture_smb2_testfile_access(tree, sname, &h1,
++					      SEC_FILE_WRITE_DATA);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++
++	ZERO_STRUCT(finfo);
++	finfo.generic.level = RAW_FILEINFO_STANDARD_INFORMATION;
++	finfo.generic.in.file.handle = h1;
++	status = smb2_getinfo_file(tree, mem_ctx, &finfo);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_getinfo_file failed\n");
++
++	smb2_util_close(tree, h1);
++
++	torture_assert_goto(tctx, finfo.standard_info.out.size == 1,
++			    ret, done, "size != 1\n");
++
++	/*
++	 * Test setting EOF to 0 with AAPL enabled, should delete stream
++	 */
++
++	torture_comment(tctx, "Enabling AAPL extensions\n");
++
++	ret = enable_aapl(tctx, tree);
++	torture_assert(tctx, ret == true, "enable_aapl failed\n");
++
++	torture_comment(tctx, "Setting stream EOF to 0\n");
++	status = torture_smb2_testfile_access(tree, sname, &h1,
++					      SEC_FILE_WRITE_DATA);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"torture_smb2_testfile failed\n");
++
++	ZERO_STRUCT(sfinfo);
++	sfinfo.generic.in.file.handle = h1;
++	sfinfo.generic.level = RAW_SFILEINFO_END_OF_FILE_INFORMATION;
++	sfinfo.position_information.in.position = 0;
++	status = smb2_setinfo_file(tree, &sfinfo);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"set eof 0 failed\n");
++
++	smb2_util_close(tree, h1);
++
++	ZERO_STRUCT(create);
++	create.in.desired_access = SEC_FILE_READ_ATTRIBUTE;
++	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
++	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
++	create.in.create_disposition = NTCREATEX_DISP_OPEN;
++	create.in.fname = sname;
++
++	status = smb2_create(tree, tctx, &create);
++	torture_assert_ntstatus_equal_goto(
++		tctx, status, NT_STATUS_OBJECT_NAME_NOT_FOUND, ret, done,
++		"Unexpected status\n");
++
++done:
++	smb2_util_unlink(tree, fname);
++	smb2_util_rmdir(tree, BASEDIR);
++	return ret;
++}
++
+ /*
+  * Note: This test depends on "vfs objects = catia fruit streams_xattr".  For
+  * some tests torture must be run on the host it tests and takes an additional
+@@ -4610,6 +4806,7 @@ struct torture_suite *torture_vfs_fruit(TALLOC_CTX *ctx)
+ 	torture_suite_add_1smb2_test(suite, "create delete-on-close AFP_AfpResource", test_create_delete_on_close_resource);
+ 	torture_suite_add_1smb2_test(suite, "setinfo delete-on-close AFP_AfpResource", test_setinfo_delete_on_close_resource);
+ 	torture_suite_add_1smb2_test(suite, "setinfo eof AFP_AfpResource", test_setinfo_eof_resource);
++	torture_suite_add_1smb2_test(suite, "setinfo eof stream", test_setinfo_stream_eof);
+ 	torture_suite_add_1smb2_test(suite, "null afpinfo", test_null_afpinfo);
+ 	torture_suite_add_1smb2_test(suite, "delete", test_delete_file_with_rfork);
+ 	torture_suite_add_1smb2_test(suite, "read open rsrc after rename", test_rename_and_read_rsrc);
+-- 
+2.13.6
+
+
+From d85666f4c4062af68606790df2c5e1fdba135906 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Thu, 17 May 2018 16:48:09 +0200
+Subject: [PATCH 3/3] vfs_fruit: delete 0 byte size streams if AAPL is enabled
+
+macOS SMB server uses xattrs as storage backend for streams, directly
+exposing xattr get/set characteristics. Setting EOF on a stream to 0
+just deletes the xattr as macOS doesn't support 0-byte sized xattrs.
+
+Note that this does not apply to the AFP_AfpInfo and AFP_Resource
+streams, they have even stranger semantics and we have other tests
+for those.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Wed May 30 02:34:29 CEST 2018 on sn-devel-144
+
+(cherry picked from commit 46d127865f3fb14041797d395db3b3234ed3bd6c)
+---
+ selftest/knownfail.d/samba3.vfs.fruit | 3 ---
+ source3/modules/vfs_fruit.c           | 3 +++
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit
+index 5931c471086..8df25bccb79 100644
+--- a/selftest/knownfail.d/samba3.vfs.fruit
++++ b/selftest/knownfail.d/samba3.vfs.fruit
+@@ -1,4 +1 @@
+ ^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\)
+-^samba3.vfs.fruit metadata_netatalk.setinfo eof stream\(nt4_dc\)
+-^samba3.vfs.fruit metadata_stream.setinfo eof stream\(nt4_dc\)
+-^samba3.vfs.fruit streams_depot.setinfo eof stream\(nt4_dc\)
+diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
+index 1a05d0bae34..013dec0186a 100644
+--- a/source3/modules/vfs_fruit.c
++++ b/source3/modules/vfs_fruit.c
+@@ -5537,6 +5537,9 @@ static int fruit_ftruncate(struct vfs_handle_struct *handle,
+ 		  (intmax_t)offset);
+ 
+ 	if (fio == NULL) {
++		if (offset == 0 && global_fruit_config.nego_aapl) {
++			return SMB_VFS_NEXT_UNLINK(handle, fsp->fsp_name);
++		}
+ 		return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
+ 	}
+ 
+-- 
+2.13.6
+
diff --git a/net/samba48/files/0001-bug-13451.patch b/net/samba48/files/0001-bug-13451.patch
new file mode 100644
index 000000000000..a84741e55fd8
--- /dev/null
+++ b/net/samba48/files/0001-bug-13451.patch
@@ -0,0 +1,461 @@
+From 7bf82ece36c384784b1ba672667c5461fd0d7c29 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 26 May 2018 16:30:47 +0200
+Subject: [PATCH 1/6] selftest: run smb2.streams tests against a share with
+ vfs_streams_xattr
+
+The tests are currently only run against streams_depot, where stream IO
+is handle based, compared to streams_xattr which is path
+based. vfs_streams_xattr is also used much more in real world setups, so
+we should run our tests against it.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(backported from commit aa096ab70a466388a9947f73a525b2dcbb9821e5)
+---
+ selftest/knownfail        | 3 +++
+ source3/selftest/tests.py | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/selftest/knownfail b/selftest/knownfail
+index eaddaece25c..ba16fd72290 100644
+--- a/selftest/knownfail
++++ b/selftest/knownfail
+@@ -177,6 +177,9 @@
+ ^samba3.smb2.streams.rename
+ ^samba3.smb2.streams.rename2
+ ^samba3.smb2.streams.attributes
++^samba3.smb2.streams streams_xattr.rename\(nt4_dc\)
++^samba3.smb2.streams streams_xattr.rename2\(nt4_dc\)
++^samba3.smb2.streams streams_xattr.attributes\(nt4_dc\)
+ ^samba3.smb2.getinfo.complex
+ ^samba3.smb2.getinfo.fsinfo # quotas don't work yet
+ ^samba3.smb2.setinfo.setinfo
+diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
+index f43d2b14d3a..9092c1776c8 100755
+--- a/source3/selftest/tests.py
++++ b/source3/selftest/tests.py
+@@ -559,6 +559,10 @@ tests= base + raw + smb2 + rpc + unix + local + rap + nbt + libsmbclient + idmap
+     elif t == "rpc.samba3.netlogon" or t == "rpc.samba3.sessionkey":
+         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD --option=torture:wksname=samba3rpctest')
+         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD --option=torture:wksname=samba3rpctest')
++    elif t == "smb2.streams":
++        plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
++        plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
++        plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/streams_xattr -U$USERNAME%$PASSWORD', 'streams_xattr')
+     else:
+         plansmbtorture4testsuite(t, "nt4_dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD')
+         plansmbtorture4testsuite(t, "ad_dc", '//$SERVER/tmp -U$USERNAME%$PASSWORD')
+-- 
+2.13.6
+
+
+From 495303b80c7cc87a5b2c6a8b6c6d545db7b48d8b Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 26 May 2018 16:07:14 +0200
+Subject: [PATCH 2/6] s4:torture/smb2/streams: try to rename basefile while is
+ has open streams
+
+This tests the following:
+
+- create a file with a stream
+- open the the stream and keep it open
+- on a second connection, try to rename the basefile, this should fail
+  with NT_STATUS_ACCESS_DENIED
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 00d19bdab15102083b8ba395ede161824c898be1)
+---
+ selftest/knownfail.d/samba3.smb2.streams |  2 +
+ source4/torture/smb2/streams.c           | 82 ++++++++++++++++++++++++++++++++
+ 2 files changed, 84 insertions(+)
+ create mode 100644 selftest/knownfail.d/samba3.smb2.streams
+
+diff --git a/selftest/knownfail.d/samba3.smb2.streams b/selftest/knownfail.d/samba3.smb2.streams
+new file mode 100644
+index 00000000000..26d40a67bda
+--- /dev/null
++++ b/selftest/knownfail.d/samba3.smb2.streams
+@@ -0,0 +1,2 @@
++samba3.smb2.streams.basefile-rename-with-open-stream\(.*\)
++samba3.smb2.streams streams_xattr.basefile-rename-with-open-stream\(nt4_dc\)
+diff --git a/source4/torture/smb2/streams.c b/source4/torture/smb2/streams.c
+index d302bf923c9..b39d96d4924 100644
+--- a/source4/torture/smb2/streams.c
++++ b/source4/torture/smb2/streams.c
+@@ -1830,6 +1830,86 @@ static bool test_stream_attributes(struct torture_context *tctx,
+ 	return ret;
+ }
+ 
++static bool test_basefile_rename_with_open_stream(struct torture_context *tctx,
++						  struct smb2_tree *tree)
++{
++	bool ret = true;
++	NTSTATUS status;
++	struct smb2_tree *tree2 = NULL;
++	struct smb2_create create, create2;
++	struct smb2_handle h1 = {{0}}, h2 = {{0}};
++	const char *fname = "test_rename_openfile";
++	const char *sname = "test_rename_openfile:foo";
++	const char *fname_renamed = "test_rename_openfile_renamed";
++	union smb_setfileinfo sinfo;
++	const char *data = "test data";
++
++	ret = torture_smb2_connection(tctx, &tree2);
++	torture_assert_goto(tctx, ret == true, ret, done,
++			    "torture_smb2_connection failed\n");
++
++	torture_comment(tctx, "Creating file with stream\n");
++
++	ZERO_STRUCT(create);
++	create.in.desired_access = SEC_FILE_ALL;
++	create.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
++	create.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
++	create.in.create_disposition = NTCREATEX_DISP_OPEN_IF;
++	create.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
++	create.in.fname = sname;
++
++	status = smb2_create(tree, tctx, &create);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_create failed\n");
++
++	h1 = create.out.file.handle;
++
++	torture_comment(tctx, "Writing to stream\n");
++
++	status = smb2_util_write(tree, h1, data, 0, strlen(data));
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_util_write failed\n");
++
++	torture_comment(tctx, "Renaming base file\n");
++
++	ZERO_STRUCT(create2);
++	create2.in.desired_access = SEC_FILE_ALL;
++	create2.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
++	create2.in.share_access = NTCREATEX_SHARE_ACCESS_MASK;
++	create2.in.create_disposition = NTCREATEX_DISP_OPEN;
++	create2.in.impersonation_level = SMB2_IMPERSONATION_IMPERSONATION;
++	create2.in.fname = fname;
++
++	status = smb2_create(tree2, tctx, &create2);
++	torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
++					"smb2_create failed\n");
++
++	h2 = create2.out.file.handle;
++
++	ZERO_STRUCT(sinfo);
++	sinfo.rename_information.level = RAW_SFILEINFO_RENAME_INFORMATION;
++	sinfo.rename_information.in.file.handle = h2;
++	sinfo.rename_information.in.new_name = fname_renamed;
++
++	status = smb2_setinfo_file(tree2, &sinfo);
++	torture_assert_ntstatus_equal_goto(
++		tctx, status, NT_STATUS_ACCESS_DENIED, ret, done,
++		"smb2_setinfo_file didn't return NT_STATUS_ACCESS_DENIED\n");
++
++	smb2_util_close(tree2, h2);
++
++done:
++	if (!smb2_util_handle_empty(h1)) {
++		smb2_util_close(tree, h1);
++	}
++	if (!smb2_util_handle_empty(h2)) {
++		smb2_util_close(tree2, h2);
++	}
++	smb2_util_unlink(tree, fname);
++	smb2_util_unlink(tree, fname_renamed);
++
++	return ret;
++}
+ 
+ /*
+    basic testing of streams calls SMB2
+@@ -1850,6 +1930,8 @@ struct torture_suite *torture_smb2_streams_init(TALLOC_CTX *ctx)
+ 	torture_suite_add_1smb2_test(suite, "attributes", test_stream_attributes);
+ 	torture_suite_add_1smb2_test(suite, "delete", test_stream_delete);
+ 	torture_suite_add_1smb2_test(suite, "zero-byte", test_zero_byte_stream);
++	torture_suite_add_1smb2_test(suite, "basefile-rename-with-open-stream",
++					test_basefile_rename_with_open_stream);
+ 
+ 	suite->description = talloc_strdup(suite, "SMB2-STREAM tests");
+ 
+-- 
+2.13.6
+
+
+From fbdb42c19526ff2ddeab378f384526156da161b0 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 26 May 2018 18:33:00 +0200
+Subject: [PATCH 3/6] s4:torture/vfs/fruit: adjust test testing basefile rename
+ to expect failure
+
+Renaming a basefile that has open streams must fail with
+NT_STATUS_ACCESS_DENIED.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit f166207fc0344b51879d863857055ab7ff36a09b)
+---
+ selftest/knownfail.d/samba3.vfs.fruit |  3 +++
+ source4/torture/vfs/fruit.c           | 25 ++++---------------------
+ 2 files changed, 7 insertions(+), 21 deletions(-)
+
+diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit
+index 8df25bccb79..bf97dbc5822 100644
+--- a/selftest/knownfail.d/samba3.vfs.fruit
++++ b/selftest/knownfail.d/samba3.vfs.fruit
+@@ -1 +1,4 @@
+ ^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\)
++^samba3.vfs.fruit metadata_netatalk.read open rsrc after rename\(nt4_dc\)
++^samba3.vfs.fruit metadata_stream.read open rsrc after rename\(nt4_dc\)
++^samba3.vfs.fruit streams_depot.read open rsrc after rename\(nt4_dc\)
+diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c
+index 65109cc1934..4564047e0fb 100644
+--- a/source4/torture/vfs/fruit.c
++++ b/source4/torture/vfs/fruit.c
+@@ -3897,7 +3897,6 @@ static bool test_rename_and_read_rsrc(struct torture_context *tctx,
+ 	const char *fname_renamed = "test_rename_openfile_renamed";
+ 	const char *data = "1234567890";
+ 	union smb_setfileinfo sinfo;
+-	struct smb2_read r;
+ 
+ 	ret = enable_aapl(tctx, tree);
+ 	torture_assert_goto(tctx, ret == true, ret, done, "enable_aapl failed");
+@@ -3949,28 +3948,12 @@ static bool test_rename_and_read_rsrc(struct torture_context *tctx,
+ 	sinfo.rename_information.in.new_name = fname_renamed;
+ 
+ 	status = smb2_setinfo_file(tree, &sinfo);
+-	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_setinfo_file failed");
+-
+-	smb2_util_close(tree, h2);
+-
+-	ZERO_STRUCT(r);
+-	r.in.file.handle = h1;
+-	r.in.length      = 10;
+-	r.in.offset      = 0;
+-
+-	torture_comment(tctx, "Read resource fork of renamed file\n");
+-
+-	status = smb2_read(tree, tree, &r);
+-	torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "smb2_read failed");
++	torture_assert_ntstatus_equal_goto(
++		tctx, status, NT_STATUS_ACCESS_DENIED, ret, done,
++		"smb2_setinfo_file failed");
+ 
+ 	smb2_util_close(tree, h1);
+-
+-	torture_assert_goto(tctx, r.out.data.length == 10, ret, done,
+-			    talloc_asprintf(tctx, "smb2_read returned %jd bytes, expected 10\n",
+-					    (intmax_t)r.out.data.length));
+-
+-	torture_assert_goto(tctx, memcmp(r.out.data.data, data, 10) == 0, ret, done,
+-			    talloc_asprintf(tctx, "Bad data in stream\n"));
++	smb2_util_close(tree, h2);
+ 
+ done:
+ 	smb2_util_unlink(tree, fname);
+-- 
+2.13.6
+
+
+From 33e52b7e4e7d54b3488a54e2620f5e07b3042b9c Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sun, 27 May 2018 13:01:50 +0200
+Subject: [PATCH 4/6] s3:smbd: add private option
+ NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN
+
+This will be used to mark basefile opens of streams opens. This is
+needed to later implement a function that can determine if a file has
+stream opens.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 37e7ff05ab9443c0330e68f5c701ffecedf2d738)
+---
+ source3/include/smb.h | 3 +++
+ source3/smbd/open.c   | 7 ++++++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/source3/include/smb.h b/source3/include/smb.h
+index 3316f09d94f..5e83ee90afe 100644
+--- a/source3/include/smb.h
++++ b/source3/include/smb.h
+@@ -419,6 +419,9 @@ Offset  Data			length.
+ /* Private options for printer support */
+ #define NTCREATEX_OPTIONS_PRIVATE_DELETE_ON_CLOSE 0x0008
+ 
++/* Private option for streams support */
++#define NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN 0x0010
++
+ /* Flag for NT transact rename call. */
+ #define RENAME_REPLACE_IF_EXISTS 1
+ 
+diff --git a/source3/smbd/open.c b/source3/smbd/open.c
+index 3708bdd10fa..8a9288dbdb4 100644
+--- a/source3/smbd/open.c
++++ b/source3/smbd/open.c
+@@ -5091,6 +5091,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
+ 	    && (!(private_flags & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
+ 		uint32_t base_create_disposition;
+ 		struct smb_filename *smb_fname_base = NULL;
++		uint32_t base_privflags;
+ 
+ 		if (create_options & FILE_DIRECTORY_FILE) {
+ 			status = NT_STATUS_NOT_A_DIRECTORY;
+@@ -5141,13 +5142,17 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
+ 			}
+ 		}
+ 
++		base_privflags = NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN;
++
+ 		/* Open the base file. */
+ 		status = create_file_unixpath(conn, NULL, smb_fname_base, 0,
+ 					      FILE_SHARE_READ
+ 					      | FILE_SHARE_WRITE
+ 					      | FILE_SHARE_DELETE,
+ 					      base_create_disposition,
+-					      0, 0, 0, NULL, 0, 0, NULL, NULL,
++					      0, 0, 0, NULL, 0,
++					      base_privflags,
++					      NULL, NULL,
+ 					      &base_fsp, NULL);
+ 		TALLOC_FREE(smb_fname_base);
+ 
+-- 
+2.13.6
+
+
+From f2f02d9b9f2d6c38b2813757ee942b8910985839 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sun, 27 May 2018 13:03:25 +0200
+Subject: [PATCH 5/6] s3:locking: add file_has_open_streams()
+
+This can be used to check if a file opened by fsp also has stream opens.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit dd8cf54c79fe8536e34cde15801d60931cd47b8b)
+---
+ source3/locking/locking.c | 31 +++++++++++++++++++++++++++++++
+ source3/locking/proto.h   |  1 +
+ 2 files changed, 32 insertions(+)
+
+diff --git a/source3/locking/locking.c b/source3/locking/locking.c
+index 4e9f1bbc681..f71cd176029 100644
+--- a/source3/locking/locking.c
++++ b/source3/locking/locking.c
+@@ -1318,3 +1318,34 @@ struct timespec get_share_mode_write_time(struct share_mode_lock *lck)
+ 	}
+ 	return d->old_write_time;
+ }
++
++bool file_has_open_streams(files_struct *fsp)
++{
++	struct share_mode_lock *lock = NULL;
++	struct share_mode_data *d = NULL;
++	uint32_t i;
++
++	lock = get_existing_share_mode_lock(talloc_tos(), fsp->file_id);
++	if (lock == NULL) {
++		return false;
++	}
++	d = lock->data;
++
++	for (i = 0; i < d->num_share_modes; i++) {
++		struct share_mode_entry *e = &d->share_modes[i];
++
++		if (share_mode_stale_pid(d, i)) {
++			continue;
++		}
++
++		if (e->private_options &
++		    NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN)
++		{
++			TALLOC_FREE(lock);
++			return true;
++		}
++	}
++
++	TALLOC_FREE(lock);
++	return false;
++}
+diff --git a/source3/locking/proto.h b/source3/locking/proto.h
+index 33184e0fa0a..4cd38091f3c 100644
+--- a/source3/locking/proto.h
++++ b/source3/locking/proto.h
+@@ -205,6 +205,7 @@ bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash);
+ bool set_sticky_write_time(struct file_id fileid, struct timespec write_time);
+ bool set_write_time(struct file_id fileid, struct timespec write_time);
+ struct timespec get_share_mode_write_time(struct share_mode_lock *lck);
++bool file_has_open_streams(files_struct *fsp);
+ int share_mode_forall(int (*fn)(struct file_id fid,
+ 				const struct share_mode_data *data,
+ 				void *private_data),
+-- 
+2.13.6
+
+
+From 809c3b9f13d5d22847a94fcfdec27b022fdb099d Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 26 May 2018 18:32:21 +0200
+Subject: [PATCH 6/6] s3:smbd: don't allow renaming basefile if streams are
+ open
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 465b7d07e5db787c3d6330371e5e42ecbb1b57b9)
+---
+ selftest/knownfail.d/samba3.smb2.streams | 2 --
+ selftest/knownfail.d/samba3.vfs.fruit    | 3 ---
+ source3/smbd/reply.c                     | 4 ++++
+ 3 files changed, 4 insertions(+), 5 deletions(-)
+ delete mode 100644 selftest/knownfail.d/samba3.smb2.streams
+
+diff --git a/selftest/knownfail.d/samba3.smb2.streams b/selftest/knownfail.d/samba3.smb2.streams
+deleted file mode 100644
+index 26d40a67bda..00000000000
+--- a/selftest/knownfail.d/samba3.smb2.streams
++++ /dev/null
+@@ -1,2 +0,0 @@
+-samba3.smb2.streams.basefile-rename-with-open-stream\(.*\)
+-samba3.smb2.streams streams_xattr.basefile-rename-with-open-stream\(nt4_dc\)
+diff --git a/selftest/knownfail.d/samba3.vfs.fruit b/selftest/knownfail.d/samba3.vfs.fruit
+index bf97dbc5822..8df25bccb79 100644
+--- a/selftest/knownfail.d/samba3.vfs.fruit
++++ b/selftest/knownfail.d/samba3.vfs.fruit
+@@ -1,4 +1 @@
+ ^samba3.vfs.fruit streams_depot.OS X AppleDouble file conversion\(nt4_dc\)
+-^samba3.vfs.fruit metadata_netatalk.read open rsrc after rename\(nt4_dc\)
+-^samba3.vfs.fruit metadata_stream.read open rsrc after rename\(nt4_dc\)
+-^samba3.vfs.fruit streams_depot.read open rsrc after rename\(nt4_dc\)
+diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
+index 623f83b1250..2b5bb8f1ed6 100644
+--- a/source3/smbd/reply.c
++++ b/source3/smbd/reply.c
+@@ -6642,6 +6642,10 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
+ 		return status;
+ 	}
+ 
++	if (file_has_open_streams(fsp)) {
++		return NT_STATUS_ACCESS_DENIED;
++	}
++
+ 	/* Make a copy of the dst smb_fname structs */
+ 
+ 	smb_fname_dst = cp_smb_filename(ctx, smb_fname_dst_in);
+-- 
+2.13.6
+
diff --git a/net/samba48/files/0001-bug-13537.patch b/net/samba48/files/0001-bug-13537.patch
new file mode 100644
index 000000000000..afba0146c7e8
--- /dev/null
+++ b/net/samba48/files/0001-bug-13537.patch
@@ -0,0 +1,539 @@
+From f0ed4f0930673ee044f187085e8972b8be104ebd Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Wed, 18 Jul 2018 13:32:49 -0700
+Subject: [PATCH 1/5] s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't
+ spin on EAGAIN.
+
+For SMB2 the socket is set non-blocking. Ensure sendfile()
+calls complete by saving the socket state, setting it blocking,
+doing the sendfile until completion and then restoring the socket
+state.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/lib/sendfile.c | 54 ++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 47 insertions(+), 7 deletions(-)
+
+diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
+index 3d457bd6f13..a578a66e7de 100644
+--- a/source3/lib/sendfile.c
++++ b/source3/lib/sendfile.c
+@@ -24,6 +24,7 @@
+  */
+ 
+ #include "includes.h"
++#include "system/filesys.h"
+ 
+ #if defined(LINUX_SENDFILE_API)
+ 
+@@ -36,8 +37,23 @@
+ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
+ {
+ 	size_t total=0;
+-	ssize_t ret;
++	ssize_t ret = -1;
+ 	size_t hdr_len = 0;
++	int saved_errno = 0;
++	int old_flags = 0;
++
++	/*
++	 * Sendfile must complete before we can
++	 * send any other outgoing data on the socket.
++	 * Ensure socket is in blocking mode.
++	 * For SMB2 by default the socket is in non-blocking
++	 * mode.
++	 */
++	old_flags = fcntl(tofd, F_GETFL, 0);
++	ret = set_blocking(tofd, true);
++	if (ret == -1) {
++		goto out;
++	}
+ 
+ 	/*
+ 	 * Send the header first.
+@@ -48,8 +64,9 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 		hdr_len = header->length;
+ 		while (total < hdr_len) {
+ 			ret = sys_send(tofd, header->data + total,hdr_len - total, MSG_MORE);
+-			if (ret == -1)
+-				return -1;
++			if (ret == -1) {
++				goto out;
++			}
+ 			total += ret;
+ 		}
+ 	}
+@@ -59,7 +76,7 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 		ssize_t nwritten;
+ 		do {
+ 			nwritten = sendfile(tofd, fromfd, &offset, total);
+-		} while (nwritten == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
++		} while (nwritten == -1 && errno == EINTR);
+ 		if (nwritten == -1) {
+ 			if (errno == ENOSYS || errno == EINVAL) {
+ 				/* Ok - we're in a world of pain here. We just sent
+@@ -72,17 +89,40 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 				 */
+ 				errno = EINTR; /* Normally we can never return this. */
+ 			}
+-			return -1;
++			ret = -1;
++			goto out;
+ 		}
+ 		if (nwritten == 0) {
+ 			/*
+ 			 * EOF, return a short read
+ 			 */
+-			return hdr_len + (count - total);
++			ret = hdr_len + (count - total);
++			goto out;
+ 		}
+ 		total -= nwritten;
+ 	}
+-	return count + hdr_len;
++
++	ret = count + hdr_len;
++
++  out:
++
++	if (ret == -1) {
++		saved_errno = errno;
++	}
++
++	{
++		/* Restore the blocking state of the socket. */
++		int err = fcntl(tofd, F_SETFL, old_flags);
++		if (err == -1) {
++			return -1;
++		}
++	}
++
++	if (ret == -1) {
++		errno = saved_errno;
++	}
++
++	return ret;
+ }
+ 
+ #elif defined(SOLARIS_SENDFILE_API)
+-- 
+2.18.0.203.gfac676dfb9-goog
+
+
+From abc681420b88a2d795adc44808c7e52eb2775cf6 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Wed, 18 Jul 2018 15:29:37 -0700
+Subject: [PATCH 2/5] s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we
+ don't spin on EAGAIN.
+
+For SMB2 the socket is set non-blocking. Ensure sendfile()
+calls complete by saving the socket state, setting it blocking,
+doing the sendfile until completion and then restoring the socket
+state.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/lib/sendfile.c | 52 +++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 46 insertions(+), 6 deletions(-)
+
+diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
+index a578a66e7de..6c323213830 100644
+--- a/source3/lib/sendfile.c
++++ b/source3/lib/sendfile.c
+@@ -139,6 +139,9 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 	size_t total, xferred;
+ 	struct sendfilevec vec[2];
+ 	ssize_t hdr_len = 0;
++	int saved_errno = 0;
++	int old_flags = 0;
++	ssize_t ret = -1;
+ 
+ 	if (header) {
+ 		sfvcnt = 2;
+@@ -164,6 +167,19 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 
+ 	total = count + hdr_len;
+ 
++	/*
++	 * Sendfile must complete before we can
++	 * send any other outgoing data on the socket.
++	 * Ensure socket is in blocking mode.
++	 * For SMB2 by default the socket is in non-blocking
++	 * mode.
++	 */
++	old_flags = fcntl(tofd, F_GETFL, 0);
++	ret = set_blocking(tofd, true);
++	if (ret == -1) {
++		goto out;
++	}
++
+ 	while (total) {
+ 		ssize_t nwritten;
+ 
+@@ -175,17 +191,21 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 		xferred = 0;
+ 
+ 			nwritten = sendfilev(tofd, vec, sfvcnt, &xferred);
+-		if  (nwritten == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)) {
++		if  (nwritten == -1 && errno == EINTR) {
+ 			if (xferred == 0)
+ 				continue; /* Nothing written yet. */
+ 			else
+ 				nwritten = xferred;
+ 		}
+ 
+-		if (nwritten == -1)
+-			return -1;
+-		if (nwritten == 0)
+-			return -1; /* I think we're at EOF here... */
++		if (nwritten == -1) {
++			ret = -1;
++			goto out;
++		}
++		if (nwritten == 0) {
++			ret = -1;
++			goto out; /* I think we're at EOF here... */
++		}
+ 
+ 		/*
+ 		 * If this was a short (signal interrupted) write we may need
+@@ -207,7 +227,27 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 		}
+ 		total -= nwritten;
+ 	}
+-	return count + hdr_len;
++	ret = count + hdr_len;
++
++  out:
++
++	if (ret == -1) {
++		saved_errno = errno;
++	}
++
++	{
++		/* Restore the blocking state of the socket. */
++		int err = fcntl(tofd, F_SETFL, old_flags);
++		if (err == -1) {
++			return -1;
++		}
++	}
++
++	if (ret == -1) {
++		errno = saved_errno;
++	}
++
++	return ret;
+ }
+ 
+ #elif defined(HPUX_SENDFILE_API)
+-- 
+2.18.0.203.gfac676dfb9-goog
+
+
+From 0068f7d136da89d96d50dced5eda8738c28e2938 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Wed, 18 Jul 2018 15:36:47 -0700
+Subject: [PATCH 3/5] s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't
+ spin on EAGAIN.
+
+For SMB2 the socket is set non-blocking. Ensure sendfile()
+calls complete by saving the socket state, setting it blocking,
+doing the sendfile until completion and then restoring the socket
+state.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/lib/sendfile.c | 53 +++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 47 insertions(+), 6 deletions(-)
+
+diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
+index 6c323213830..63f50d1946f 100644
+--- a/source3/lib/sendfile.c
++++ b/source3/lib/sendfile.c
+@@ -260,6 +260,9 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 	size_t total=0;
+ 	struct iovec hdtrl[2];
+ 	size_t hdr_len = 0;
++	int saved_errno = 0;
++	int old_flags = 0;
++	ssize_t ret = -1;
+ 
+ 	if (header) {
+ 		/* Set up the header/trailer iovec. */
+@@ -273,6 +276,20 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 	hdtrl[1].iov_len = 0;
+ 
+ 	total = count;
++
++	/*
++	 * Sendfile must complete before we can
++	 * send any other outgoing data on the socket.
++	 * Ensure socket is in blocking mode.
++	 * For SMB2 by default the socket is in non-blocking
++	 * mode.
++	 */
++	old_flags = fcntl(tofd, F_GETFL, 0);
++	ret = set_blocking(tofd, true);
++	if (ret == -1) {
++		goto out;
++	}
++
+ 	while (total + hdtrl[0].iov_len) {
+ 		ssize_t nwritten;
+ 
+@@ -285,11 +302,15 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 
+ 		do {
+ 			nwritten = sendfile(tofd, fromfd, offset, total, &hdtrl[0], 0);
+-		} while (nwritten == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
+-		if (nwritten == -1)
+-			return -1;
+-		if (nwritten == 0)
+-			return -1; /* I think we're at EOF here... */
++		} while (nwritten == -1 && errno == EINTR);
++		if (nwritten == -1) {
++			ret = -1;
++			goto out;
++		}
++		if (nwritten == 0) {
++			ret = -1; /* I think we're at EOF here... */
++			goto out;
++		}
+ 
+ 		/*
+ 		 * If this was a short (signal interrupted) write we may need
+@@ -313,7 +334,27 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 		total -= nwritten;
+ 		offset += nwritten;
+ 	}
+-	return count + hdr_len;
++	ret = count + hdr_len;
++
++  out:
++
++	if (ret == -1) {
++		saved_errno = errno;
++	}
++
++	{
++		/* Restore the blocking state of the socket. */
++		int err = fcntl(tofd, F_SETFL, old_flags);
++		if (err == -1) {
++			return -1;
++		}
++	}
++
++	if (ret == -1) {
++		errno = saved_errno;
++	}
++
++	return ret;
+ }
+ 
+ #elif defined(FREEBSD_SENDFILE_API) || defined(DARWIN_SENDFILE_API)
+-- 
+2.18.0.203.gfac676dfb9-goog
+
+
+From 8df7360c2198098a2cb757910974110e33e4d4cf Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Wed, 18 Jul 2018 15:44:34 -0700
+Subject: [PATCH 4/5] s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we
+ don't spin on EAGAIN.
+
+For SMB2 the socket is set non-blocking. Ensure sendfile()
+calls complete by saving the socket state, setting it blocking,
+doing the sendfile until completion and then restoring the socket
+state.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/lib/sendfile.c | 44 ++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 40 insertions(+), 4 deletions(-)
+
+diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
+index 63f50d1946f..575428deb15 100644
+--- a/source3/lib/sendfile.c
++++ b/source3/lib/sendfile.c
+@@ -368,9 +368,11 @@ ssize_t sys_sendfile(int tofd, int fromfd,
+ {
+ 	struct sf_hdtr	sf_header = {0};
+ 	struct iovec	io_header = {0};
++	int saved_errno = 0;
++	int old_flags = 0;
+ 
+ 	off_t	nwritten;
+-	int	ret;
++	ssize_t	ret = -1;
+ 
+ 	if (header) {
+ 		sf_header.headers = &io_header;
+@@ -381,6 +383,19 @@ ssize_t sys_sendfile(int tofd, int fromfd,
+ 		sf_header.trl_cnt = 0;
+ 	}
+ 
++	/*
++	 * Sendfile must complete before we can
++	 * send any other outgoing data on the socket.
++	 * Ensure socket is in blocking mode.
++	 * For SMB2 by default the socket is in non-blocking
++	 * mode.
++	 */
++	old_flags = fcntl(tofd, F_GETFL, 0);
++	ret = set_blocking(tofd, true);
++	if (ret == -1) {
++		goto out;
++	}
++
+ 	while (count != 0) {
+ 
+ 		nwritten = count;
+@@ -391,9 +406,10 @@ ssize_t sys_sendfile(int tofd, int fromfd,
+ #else
+ 		ret = sendfile(fromfd, tofd, offset, count, &sf_header, &nwritten, 0);
+ #endif
+-		if (ret == -1 && errno != EINTR && errno != EAGAIN && errno != EWOULDBLOCK) {
++		if (ret == -1 && errno != EINTR) {
+ 			/* Send failed, we are toast. */
+-			return -1;
++			ret = -1;
++			goto out;
+ 		}
+ 
+ 		if (nwritten == 0) {
+@@ -420,7 +436,27 @@ ssize_t sys_sendfile(int tofd, int fromfd,
+ 		count -= nwritten;
+ 	}
+ 
+-	return nwritten;
++	ret = nwritten;
++
++  out:
++
++	if (ret == -1) {
++		saved_errno = errno;
++	}
++
++	{
++		/* Restore the blocking state of the socket. */
++		int err = fcntl(tofd, F_SETFL, old_flags);
++		if (err == -1) {
++			return -1;
++		}
++	}
++
++	if (ret == -1) {
++		errno = saved_errno;
++	}
++
++	return ret;
+ }
+ 
+ #elif defined(AIX_SENDFILE_API)
+-- 
+2.18.0.203.gfac676dfb9-goog
+
+
+From 019c677b42184d5f45931bdb549b22aad25ee2e9 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Wed, 18 Jul 2018 15:49:29 -0700
+Subject: [PATCH 5/5] s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't
+ spin on EAGAIN.
+
+For SMB2 the socket is set non-blocking. Ensure sendfile()
+calls complete by saving the socket state, setting it blocking,
+doing the sendfile until completion and then restoring the socket
+state.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/lib/sendfile.c | 45 +++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 40 insertions(+), 5 deletions(-)
+
+diff --git a/source3/lib/sendfile.c b/source3/lib/sendfile.c
+index 575428deb15..a28102b5bf9 100644
+--- a/source3/lib/sendfile.c
++++ b/source3/lib/sendfile.c
+@@ -469,6 +469,9 @@ ssize_t sys_sendfile(int tofd, int fromfd,
+ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset, size_t count)
+ {
+ 	struct sf_parms hdtrl;
++	int saved_errno = 0;
++	int old_flags = 0;
++	ssize_t ret = -1;
+ 
+ 	/* Set up the header/trailer struct params. */
+ 	if (header) {
+@@ -485,9 +488,20 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 	hdtrl.file_offset = offset;
+ 	hdtrl.file_bytes = count;
+ 
+-	while ( hdtrl.file_bytes + hdtrl.header_length ) {
+-		ssize_t ret;
++	/*
++	 * Sendfile must complete before we can
++	 * send any other outgoing data on the socket.
++	 * Ensure socket is in blocking mode.
++	 * For SMB2 by default the socket is in non-blocking
++	 * mode.
++	 */
++	old_flags = fcntl(tofd, F_GETFL, 0);
++	ret = set_blocking(tofd, true);
++	if (ret == -1) {
++		goto out;
++	}
+ 
++	while ( hdtrl.file_bytes + hdtrl.header_length ) {
+ 		/*
+ 		 Return Value
+ 
+@@ -505,12 +519,33 @@ ssize_t sys_sendfile(int tofd, int fromfd, const DATA_BLOB *header, off_t offset
+ 		*/
+ 		do {
+ 			ret = send_file(&tofd, &hdtrl, 0);
+-		} while ((ret == 1) || (ret == -1 && (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)));
+-		if ( ret == -1 )
++		} while ((ret == 1) || (ret == -1 && errno == EINTR));
++		if ( ret == -1 ) {
++			goto out;
++		}
++	}
++
++	ret = count + header->length;
++
++  out:
++
++	if (ret == -1) {
++		saved_errno = errno;
++	}
++
++	{
++		/* Restore the blocking state of the socket. */
++		int err = fcntl(tofd, F_SETFL, old_flags);
++		if (err == -1) {
+ 			return -1;
++		}
+ 	}
+ 
+-	return count + header->length;
++	if (ret == -1) {
++		errno = saved_errno;
++	}
++
++	return ret;
+ }
+ /* END AIX SEND_FILE */
+ 
+-- 
+2.18.0.203.gfac676dfb9-goog
+
diff --git a/net/samba48/files/0001-bug-228462.patch b/net/samba48/files/0001-bug-228462.patch
index a89254379c08..911974bac140 100644
--- a/net/samba48/files/0001-bug-228462.patch
+++ b/net/samba48/files/0001-bug-228462.patch
@@ -144,3 +144,39 @@ index 8714007cb8d..5f3dfb30beb 100644
 -- 
 2.16.3
 
+From daa9930fc10459f0567931622e2ffbb636e365f0 Mon Sep 17 00:00:00 2001
+From: Ralph Boehme <slow@samba.org>
+Date: Sat, 19 May 2018 01:35:45 +0200
+Subject: [PATCH] vfs_fruit: fixup broken AFP_Signatures
+
+FreeBSD Bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228462
+
+Signed-off-by: Ralph Boehme <slow@samba.org>
+---
+ source3/modules/vfs_fruit.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
+index d92049cc899..0594fd7a538 100644
+--- a/source3/modules/vfs_fruit.c
++++ b/source3/modules/vfs_fruit.c
+@@ -3935,10 +3935,16 @@ static ssize_t fruit_pread_meta_stream(vfs_handle_struct *handle,
+ {
+ 	ssize_t nread;
+ 	int ret;
++	char *p = (char *)data;
+ 
+ 	nread = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
+ 
+ 	if (nread == n) {
++		if (offset == 0 && nread > 3 && p[0] == 0 && p[1] == 'F' && p[2] == 'P') {
++			DBG_NOTICE("Fixing AFP_Info of [%s]\n",
++				    fsp_str_dbg(fsp));
++			p[0] = 'A';
++		}
+ 		return nread;
+ 	}
+ 
+-- 
+2.17.0
+
diff --git a/net/samba48/files/0001-ctdb.patch b/net/samba48/files/0001-ctdb.patch
new file mode 100644
index 000000000000..6efc8860dba1
--- /dev/null
+++ b/net/samba48/files/0001-ctdb.patch
@@ -0,0 +1,308 @@
+From 8304a62ea7847ba6934d44c1b5b7acef9667750d Mon Sep 17 00:00:00 2001
+From: Martin Schwenke <martin@meltin.net>
+Date: Fri, 8 Jun 2018 19:57:20 +1000
+Subject: [PATCH 1/2] ctdb-common: New include file common/system_network.h
+
+Contains declarations for functions that need ctdb_sock_addr.
+
+Signed-off-by: Martin Schwenke <martin@meltin.net>
+---
+ ctdb/common/system.h           | 16 ------------
+ ctdb/common/system_aix.c       |  1 +
+ ctdb/common/system_common.c    |  2 +-
+ ctdb/common/system_freebsd.c   |  1 +
+ ctdb/common/system_gnu.c       |  1 +
+ ctdb/common/system_kfreebsd.c  |  1 +
+ ctdb/common/system_linux.c     |  1 +
+ ctdb/common/system_network.h   | 46 ++++++++++++++++++++++++++++++++++
+ ctdb/server/ctdb_daemon.c      |  1 +
+ ctdb/server/ctdb_recoverd.c    |  2 +-
+ ctdb/server/ctdb_takeover.c    |  1 +
+ ctdb/tests/src/porting_tests.c |  1 +
+ ctdb/tools/ctdb.c              |  1 +
+ ctdb/tools/ctdb_killtcp.c      |  2 +-
+ 14 files changed, 58 insertions(+), 19 deletions(-)
+ create mode 100644 ctdb/common/system_network.h
+
+diff --git a/ctdb/common/system.h b/ctdb/common/system.h
+index e6f65b5e621..38ae67d2ab1 100644
+--- a/ctdb/common/system.h
++++ b/ctdb/common/system.h
+@@ -22,24 +22,8 @@
+ 
+ #include <talloc.h>
+ 
+-/* From system_common.c */
+-
+-uint32_t uint16_checksum(uint16_t *data, size_t n);
+-bool ctdb_sys_have_ip(ctdb_sock_addr *_addr);
+-char *ctdb_sys_find_ifname(ctdb_sock_addr *addr);
+-
+ /* From system_<os>.c */
+ 
+-int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface);
+-int ctdb_sys_send_tcp(const ctdb_sock_addr *dest,
+-		      const ctdb_sock_addr *src,
+-		      uint32_t seq, uint32_t ack, int rst);
+-int ctdb_sys_open_capture_socket(const char *iface, void **private_data);
+-int ctdb_sys_close_capture_socket(void *private_data);
+-int ctdb_sys_read_tcp_packet(int s, void *private_data,
+-			     ctdb_sock_addr *src, ctdb_sock_addr *dst,
+-			     uint32_t *ack_seq, uint32_t *seq,
+-			     int *rst, uint16_t *window);
+ bool ctdb_sys_check_iface_exists(const char *iface);
+ int ctdb_get_peer_pid(const int fd, pid_t *peer_pid);
+ 
+diff --git a/ctdb/common/system_aix.c b/ctdb/common/system_aix.c
+index f0a0a62efc0..7be54c7a46b 100644
+--- a/ctdb/common/system_aix.c
++++ b/ctdb/common/system_aix.c
+@@ -38,6 +38,7 @@
+ 
+ #include "common/logging.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ 
+ 
+ #if 0
+diff --git a/ctdb/common/system_common.c b/ctdb/common/system_common.c
+index a80189cd6c8..2618bf88c7f 100644
+--- a/ctdb/common/system_common.c
++++ b/ctdb/common/system_common.c
+@@ -26,7 +26,7 @@
+ #include "protocol/protocol.h"
+ 
+ #include "common/logging.h"
+-#include "common/system.h"
++#include "common/system_network.h"
+ 
+ /*
+   uint16 checksum for n bytes
+diff --git a/ctdb/common/system_freebsd.c b/ctdb/common/system_freebsd.c
+index b709a5c75c1..e5a6522c08f 100644
+--- a/ctdb/common/system_freebsd.c
++++ b/ctdb/common/system_freebsd.c
+@@ -41,6 +41,7 @@
+ 
+ #include "common/logging.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ 
+ #ifndef ETHERTYPE_IP6
+ #define ETHERTYPE_IP6 0x86dd
+diff --git a/ctdb/common/system_gnu.c b/ctdb/common/system_gnu.c
+index 38ccd13988b..683843a6b76 100644
+--- a/ctdb/common/system_gnu.c
++++ b/ctdb/common/system_gnu.c
+@@ -40,6 +40,7 @@
+ 
+ #include "common/logging.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ 
+ #ifndef ETHERTYPE_IP6
+ #define ETHERTYPE_IP6 0x86dd
+diff --git a/ctdb/common/system_kfreebsd.c b/ctdb/common/system_kfreebsd.c
+index d02f28659cb..cdf13572b2b 100644
+--- a/ctdb/common/system_kfreebsd.c
++++ b/ctdb/common/system_kfreebsd.c
+@@ -40,6 +40,7 @@
+ 
+ #include "common/logging.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ 
+ #ifndef ETHERTYPE_IP6
+ #define ETHERTYPE_IP6 0x86dd
+diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
+index fa77a45460f..beacbf34138 100644
+--- a/ctdb/common/system_linux.c
++++ b/ctdb/common/system_linux.c
+@@ -37,6 +37,7 @@
+ 
+ #include "common/logging.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ 
+ #ifndef ETHERTYPE_IP6
+ #define ETHERTYPE_IP6 0x86dd
+diff --git a/ctdb/common/system_network.h b/ctdb/common/system_network.h
+new file mode 100644
+index 00000000000..b6761d29c76
+--- /dev/null
++++ b/ctdb/common/system_network.h
+@@ -0,0 +1,46 @@
++/*
++   System specific network code
++
++   Copyright (C) Amitay Isaacs  2015
++
++   This program is free software; you can redistribute it and/or modify
++   it under the terms of the GNU General Public License as published by
++   the Free Software Foundation; either version 3 of the License, or
++   (at your option) any later version.
++
++   This program is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++   GNU General Public License for more details.
++
++   You should have received a copy of the GNU General Public License
++   along with this program; if not, see <http://www.gnu.org/licenses/>.
++*/
++
++#ifndef __CTDB_SYSTEM_NETWORK_H__
++#define __CTDB_SYSTEM_NETWORK_H__
++
++#include <talloc.h>
++
++#include "protocol/protocol.h"
++
++/* From system_common.c */
++
++uint32_t uint16_checksum(uint16_t *data, size_t n);
++bool ctdb_sys_have_ip(ctdb_sock_addr *_addr);
++char *ctdb_sys_find_ifname(ctdb_sock_addr *addr);
++
++/* From system_<os>.c */
++
++int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface);
++int ctdb_sys_send_tcp(const ctdb_sock_addr *dest,
++		      const ctdb_sock_addr *src,
++		      uint32_t seq, uint32_t ack, int rst);
++int ctdb_sys_open_capture_socket(const char *iface, void **private_data);
++int ctdb_sys_close_capture_socket(void *private_data);
++int ctdb_sys_read_tcp_packet(int s, void *private_data,
++			     ctdb_sock_addr *src, ctdb_sock_addr *dst,
++			     uint32_t *ack_seq, uint32_t *seq,
++			     int *rst, uint16_t *window);
++
++#endif /* __CTDB_SYSTEM_H__ */
+diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
+index 35c1ab639b5..37a93ec6de1 100644
+--- a/ctdb/server/ctdb_daemon.c
++++ b/ctdb/server/ctdb_daemon.c
+@@ -43,6 +43,7 @@
+ #include "common/rb_tree.h"
+ #include "common/reqid.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ #include "common/common.h"
+ #include "common/logging.h"
+ #include "common/pidfile.h"
+diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
+index 2b94fed7478..73451711845 100644
+--- a/ctdb/server/ctdb_recoverd.c
++++ b/ctdb/server/ctdb_recoverd.c
+@@ -38,7 +38,7 @@
+ #include "ctdb_private.h"
+ #include "ctdb_client.h"
+ 
+-#include "common/system.h"
++#include "common/system_network.h"
+ #include "common/common.h"
+ #include "common/logging.h"
+ 
+diff --git a/ctdb/server/ctdb_takeover.c b/ctdb/server/ctdb_takeover.c
+index cd240875ba2..a97ce2b6de6 100644
+--- a/ctdb/server/ctdb_takeover.c
++++ b/ctdb/server/ctdb_takeover.c
+@@ -39,6 +39,7 @@
+ #include "common/rb_tree.h"
+ #include "common/reqid.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ #include "common/common.h"
+ #include "common/logging.h"
+ 
+diff --git a/ctdb/tests/src/porting_tests.c b/ctdb/tests/src/porting_tests.c
+index 74dbf0781b4..b7ad5256fdc 100644
+--- a/ctdb/tests/src/porting_tests.c
++++ b/ctdb/tests/src/porting_tests.c
+@@ -32,6 +32,7 @@
+ 
+ #include "protocol/protocol.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ #include "common/logging.h"
+ 
+ 
+diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c
+index 2cb46b057f0..8cbe706ab54 100644
+--- a/ctdb/tools/ctdb.c
++++ b/ctdb/tools/ctdb.c
+@@ -41,6 +41,7 @@
+ #include "protocol/protocol_api.h"
+ #include "protocol/protocol_util.h"
+ #include "common/system.h"
++#include "common/system_network.h"
+ #include "client/client.h"
+ #include "client/client_sync.h"
+ 
+diff --git a/ctdb/tools/ctdb_killtcp.c b/ctdb/tools/ctdb_killtcp.c
+index 71b5999b10e..408a7b4e121 100644
+--- a/ctdb/tools/ctdb_killtcp.c
++++ b/ctdb/tools/ctdb_killtcp.c
+@@ -30,7 +30,7 @@
+ #include "protocol/protocol_util.h"
+ 
+ #include "common/db_hash.h"
+-#include "common/system.h"
++#include "common/system_network.h"
+ #include "common/logging.h"
+ 
+ 
+-- 
+2.17.1
+
+
+From fb350f80cc072d4b699759a432217211986926be Mon Sep 17 00:00:00 2001
+From: Martin Schwenke <martin@meltin.net>
+Date: Fri, 8 Jun 2018 22:31:48 +1000
+Subject: [PATCH 2/2] ctdb-tests: Switch fake_ctdbd to use ctdb_get_peer_pid()
+
+This potentially improves portability.
+
+Signed-off-by: Martin Schwenke <martin@meltin.net>
+---
+ ctdb/tests/src/fake_ctdbd.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/ctdb/tests/src/fake_ctdbd.c b/ctdb/tests/src/fake_ctdbd.c
+index 2f4e87f6f6c..0e33f8c02e0 100644
+--- a/ctdb/tests/src/fake_ctdbd.c
++++ b/ctdb/tests/src/fake_ctdbd.c
+@@ -40,6 +40,7 @@
+ #include "common/logging.h"
+ #include "common/tunable.h"
+ #include "common/srvid.h"
++#include "common/system.h"
+ 
+ #include "ipalloc_read_known_ips.h"
+ 
+@@ -3050,8 +3051,6 @@ static struct tevent_req *client_send(TALLOC_CTX *mem_ctx,
+ {
+ 	struct tevent_req *req;
+ 	struct client_state *state;
+-	struct ucred cr;
+-	socklen_t crl = sizeof(struct ucred);
+ 	int ret;
+ 
+ 	req = tevent_req_create(mem_ctx, &state, struct client_state);
+@@ -3064,12 +3063,11 @@ static struct tevent_req *client_send(TALLOC_CTX *mem_ctx,
+ 	state->ctdb = ctdb;
+ 	state->pnn = pnn;
+ 
+-	ret = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &crl);
++	ret = ctdb_get_peer_pid(fd, &state->pid);
+ 	if (ret != 0) {
+ 		tevent_req_error(req, ret);
+ 		return tevent_req_post(req, ev);
+ 	}
+-	state->pid = cr.pid;
+ 
+ 	ret = comm_setup(state, ev, fd, client_read_handler, req,
+ 			 client_dead_handler, req, &state->comm);
+-- 
+2.17.1
+
diff --git a/net/samba48/files/patch-ctdb__common__ctdb_util.c b/net/samba48/files/patch-ctdb__common__ctdb_util.c
new file mode 100644
index 000000000000..dcb118ffc4e2
--- /dev/null
+++ b/net/samba48/files/patch-ctdb__common__ctdb_util.c
@@ -0,0 +1,11 @@
+--- ctdb/common/ctdb_util.c.orig	2018-06-28 15:36:39 UTC
++++ ctdb/common/ctdb_util.c
+@@ -390,7 +390,7 @@ void ctdb_canonicalize_ip(const ctdb_soc
+ 		} else {
+ 			cip->ip6.sin6_family = AF_INET6;
+ #ifdef HAVE_SOCK_SIN_LEN
+-			cip->ip6.sin_len = sizeof(ctdb_sock_addr);
++			cip->ip6.sin6_len = sizeof(ctdb_sock_addr);
+ #endif
+ 			cip->ip6.sin6_port   = ip->ip6.sin6_port;
+ 			memcpy(&cip->ip6.sin6_addr,
diff --git a/net/samba48/files/patch-ctdb__wscript b/net/samba48/files/patch-ctdb__wscript
index 688204e6e670..0485ee76087f 100644
--- a/net/samba48/files/patch-ctdb__wscript
+++ b/net/samba48/files/patch-ctdb__wscript
@@ -10,7 +10,7 @@
  
      opt.add_option('--with-logdir',
                     help=("Path to log directory"),
-@@ -210,7 +213,7 @@ def configure(conf):
+@@ -219,7 +222,7 @@ def configure(conf):
  
      if Options.options.ctdb_ceph_reclock:
          if (conf.CHECK_HEADERS('rados/librados.h', False, False, 'rados') and
@@ -19,7 +19,7 @@
              Logs.info('Building with Ceph librados recovery lock support')
              conf.define('HAVE_LIBRADOS', 1)
          else:
-@@ -246,9 +249,15 @@ def configure(conf):
+@@ -255,9 +258,15 @@ def configure(conf):
                      conf.env.CTDB_VARDIR,
                      conf.env.CTDB_RUNDIR))
  
@@ -38,7 +38,7 @@
  
      # Allow unified compilation and separate compilation of utilities
      # to find includes
-@@ -573,9 +582,9 @@ def build(bld):
+@@ -592,9 +601,9 @@ def build(bld):
      if bld.env.HAVE_LIBRADOS:
          bld.SAMBA_BINARY('ctdb_mutex_ceph_rados_helper',
                           source='utils/ceph/ctdb_mutex_ceph_rados_helper.c',
@@ -51,7 +51,7 @@
  
      sed_expr1 = 's|/usr/local/var/lib/ctdb|%s|g'  % (bld.env.CTDB_VARDIR)
      sed_expr2 = 's|/usr/local/etc/ctdb|%s|g'      % (bld.env.CTDB_ETCDIR)
-@@ -718,6 +727,9 @@ def build(bld):
+@@ -737,6 +746,9 @@ def build(bld):
      bld.install_dir(bld.env.CTDB_RUNDIR)
      bld.install_dir(bld.env.CTDB_VARDIR)
  
@@ -61,14 +61,3 @@
      # Unit tests
      ctdb_unit_tests = [
          'db_hash_test',
-@@ -828,7 +840,9 @@ def build(bld):
-                               ib_deps,
-                          install_path='${CTDB_TEST_LIBEXECDIR}')
- 
--    if bld.env.HAVE_ROBUST_MUTEXES and sys.platform.startswith('linux'):
-+    if bld.env.HAVE_ROBUST_MUTEXES and (
-+        sys.platform.startswith('linux') or sys.platform.startswith('freebsd')
-+    ):
-         bld.SAMBA_BINARY('test_mutex_raw',
-                          source='tests/src/test_mutex_raw.c',
-                          deps='pthread',
diff --git a/net/samba48/files/patch-dnssock.c b/net/samba48/files/patch-dnssock.c
new file mode 100644
index 000000000000..766de19d7779
--- /dev/null
+++ b/net/samba48/files/patch-dnssock.c
@@ -0,0 +1,13 @@
+--- lib/addns/dnssock.c.orig	2018-06-11 14:38:36 UTC
++++ lib/addns/dnssock.c
+@@ -221,9 +221,7 @@ static DNS_ERROR dns_send_udp(struct dns
+ 	ssize_t ret;
+ 
+ 	do {
+-		ret = sendto(conn->s, buf->data, buf->offset, 0,
+-		     (struct sockaddr *)&conn->RecvAddr,
+-		     sizeof(conn->RecvAddr));
++		ret = send(conn->s, buf->data, buf->offset, 0);
+ 	} while ((ret == -1) && (errno == EINTR));
+ 
+ 	if (ret != buf->offset) {
diff --git a/net/samba48/files/patch-lib__util__debug.c b/net/samba48/files/patch-lib__util__debug.c
index d6b53ed5a711..280ed9f83629 100644
--- a/net/samba48/files/patch-lib__util__debug.c
+++ b/net/samba48/files/patch-lib__util__debug.c
@@ -1,12 +1,22 @@
 --- lib/util/debug.c.orig	2017-09-17 19:15:34 UTC
 +++ lib/util/debug.c
-@@ -750,12 +750,21 @@ static void debug_dump_status(int level)
+@@ -653,7 +653,8 @@ static int debug_lookup_classname_int(co
+ {
+ 	size_t i;
+ 
+-	if (!classname) return -1;
++	if (!classname)
++		return -1;
+ 
+ 	for (i=0; i < debug_num_classes; i++) {
+ 		if (strcmp(classname, classname_table[i])==0)
+@@ -752,12 +753,21 @@ static void debug_dump_status(int level)
  	}
  }
  
 +static void debug_set_all_levels(int level)
 +{
-+	int i;
++	size_t i;
 +	/* Array is debug_num_classes long */
 +	for (i = DBGC_ALL; i < debug_num_classes; i++) {
 +		DEBUGLEVEL_CLASS[i] = level;
@@ -23,7 +33,7 @@
  
  	class_name = strtok_r(param, ":", &saveptr);
  	if (class_name == NULL) {
-@@ -772,7 +781,13 @@ static bool debug_parse_param(char *para
+@@ -774,7 +784,13 @@ static bool debug_parse_param(char *para
  		return false;
  	}
  
@@ -38,16 +48,16 @@
  
  	return true;
  }
-@@ -788,7 +803,7 @@ bool debug_parse_levels(const char *para
+@@ -790,7 +806,7 @@ bool debug_parse_levels(const char *para
  	size_t str_len = strlen(params_str);
  	char str[str_len+1];
  	char *tok, *saveptr;
--	int i;
+-	size_t i;
 +	int level = 0;
  
  	/* Just in case */
  	debug_init();
-@@ -804,16 +819,11 @@ bool debug_parse_levels(const char *para
+@@ -806,16 +822,11 @@ bool debug_parse_levels(const char *para
  	 * v.s. "all:10", this is the traditional way to set DEBUGLEVEL
  	 */
  	if (isdigit(tok[0])) {
diff --git a/net/samba48/files/patch-source3__smbd__utmp.c b/net/samba48/files/patch-source3__smbd__utmp.c
index 89dcf171724b..9e2d7af06c70 100644
--- a/net/samba48/files/patch-source3__smbd__utmp.c
+++ b/net/samba48/files/patch-source3__smbd__utmp.c
@@ -1,5 +1,5 @@
---- source3/smbd/utmp.c.orig	2018-01-15 04:41:58.000000000 +0800
-+++ source3/smbd/utmp.c	2018-05-25 14:06:42.746302000 +0800
+--- source3/smbd/utmp.c.orig	2018-01-15 12:41:58 UTC
++++ source3/smbd/utmp.c
 @@ -257,7 +257,7 @@ static char *uw_pathname(TALLOC_CTX *ctx
   Update utmp file directly.  No subroutine interface: probably a BSD system.
  ****************************************************************************/
diff --git a/net/samba48/files/patch-source3__wscript b/net/samba48/files/patch-source3__wscript
index 80c7062c450b..fb468518e731 100644
--- a/net/samba48/files/patch-source3__wscript
+++ b/net/samba48/files/patch-source3__wscript
@@ -1,5 +1,5 @@
---- source3/wscript.orig	2018-03-02 04:18:10.000000000 +0800
-+++ source3/wscript	2018-05-25 13:41:10.834885000 +0800
+--- source3/wscript.orig	2018-03-02 12:18:10 UTC
++++ source3/wscript
 @@ -47,6 +47,7 @@ def set_options(opt):
      opt.SAMBA3_ADD_OPTION('sendfile-support')
      opt.SAMBA3_ADD_OPTION('utmp')
diff --git a/net/samba48/files/patch-vfs_full_audit.c b/net/samba48/files/patch-vfs_full_audit.c
deleted file mode 100644
index 0864d43804ca..000000000000
--- a/net/samba48/files/patch-vfs_full_audit.c
+++ /dev/null
@@ -1,23 +0,0 @@
---- source3/modules/vfs_full_audit.c.orig	2018-05-15 10:58:37 UTC
-+++ source3/modules/vfs_full_audit.c
-@@ -613,6 +613,7 @@ static int smb_full_audit_connect(vfs_ha
- 			 const char *svc, const char *user)
- {
- 	int result;
-+	const char *none[] = { "none" };
- 	struct vfs_full_audit_private_data *pd = NULL;
- 
- 	result = SMB_VFS_NEXT_CONNECT(handle, svc, user);
-@@ -652,10 +653,10 @@ static int smb_full_audit_connect(vfs_ha
- 
- 	pd->success_ops = init_bitmap(
- 		pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
--					"success", NULL));
-+					"success", none));
- 	pd->failure_ops = init_bitmap(
- 		pd, lp_parm_string_list(SNUM(handle->conn), "full_audit",
--					"failure", NULL));
-+					"failure", none));
- 
- 	/* Store the private data. */
- 	SMB_VFS_HANDLE_SET_DATA(handle, pd, NULL,