diff --git a/net/miniupnpd/Makefile b/net/miniupnpd/Makefile
index 988168b9802b..fafefa0ad735 100644
--- a/net/miniupnpd/Makefile
+++ b/net/miniupnpd/Makefile
@@ -1,7 +1,9 @@
 PORTNAME=	miniupnpd
-DISTVERSION=	2.3.6
+DISTVERSION=	2.3.7
 PORTEPOCH=	1
 CATEGORIES=	net
+MASTER_SITES=	http://miniupnp.free.fr/files/ \
+		https://github.com/miniupnp/miniupnp/releases/download/${PORTNAME}_${DISTVERSION:S|.|_|g}/
 
 MAINTAINER=	squat@squat.no
 COMMENT=	Lightweight UPnP IGD & PCP/NAT-PMP daemon which uses pf
@@ -9,33 +11,26 @@ WWW=		http://miniupnp.free.fr/
 
 LICENSE=	BSD3CLAUSE
 
-LIB_DEPENDS=   libpfctl.so:net/libpfctl
+LIB_DEPENDS=	libpfctl.so:net/libpfctl
 
-USES=		cpe ssl localbase:ldflags
+USES=		cpe localbase:ldflags ssl
 CPE_VENDOR=	miniupnp_project
 
-USE_GITHUB=	yes
-GH_ACCOUNT=	miniupnp
-GH_PROJECT=	miniupnp
-GH_TAGNAME=	miniupnpd_2_3_6
-
-USE_RC_SUBR=	miniupnpd
+USE_RC_SUBR=	${PORTNAME}
 
 HAS_CONFIGURE=	yes
+# unconditionally use pf, ipfw does not work on FreeBSD
+CONFIGURE_ARGS=	--firewall=pf --libpfctl
+
 MAKE_JOBS_UNSAFE=	yes
 
 CFLAGS+=	-I${OPENSSLINC}
 LDFLAGS+=	-L${OPENSSLLIB} -lpfctl
 
-WRKSRC_SUBDIR=	miniupnpd
-
 PLIST_FILES=	etc/miniupnpd.conf.sample \
 		share/man/man8/miniupnpd.8.gz \
 		sbin/miniupnpd
 
-# unconditionally use pf, ipfw does not work on FreeBSD
-CONFIGURE_ARGS=	--firewall=pf
-
 OPTIONS_DEFINE=			CHECK_PORTINUSE IPV6 LEASEFILE UPNP_IGDV2 \
 				UPNP_STRICT
 CHECK_PORTINUSE_DESC=		Check if ports are in use
diff --git a/net/miniupnpd/distinfo b/net/miniupnpd/distinfo
index 1d7be071d12b..587e74fc7dfd 100644
--- a/net/miniupnpd/distinfo
+++ b/net/miniupnpd/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1715155832
-SHA256 (miniupnp-miniupnp-2.3.6-miniupnpd_2_3_6_GH0.tar.gz) = 6e5ee2239030486675f558cc840d154e5e2db9517efc96c5b0ab2b2c34c1a128
-SIZE (miniupnp-miniupnp-2.3.6-miniupnpd_2_3_6_GH0.tar.gz) = 462607
+TIMESTAMP = 1726178413
+SHA256 (miniupnpd-2.3.7.tar.gz) = fbdd5501039730f04a8420ea2f8f54b7df63f9f04cde2dc67fa7371e80477bbe
+SIZE (miniupnpd-2.3.7.tar.gz) = 265329
diff --git a/net/miniupnpd/files/patch-pf_obsdrdr.c b/net/miniupnpd/files/patch-pf_obsdrdr.c
deleted file mode 100644
index a13e3888ed46..000000000000
--- a/net/miniupnpd/files/patch-pf_obsdrdr.c
+++ /dev/null
@@ -1,458 +0,0 @@
---- pf/obsdrdr.c.orig	2024-03-19 23:41:25 UTC
-+++ pf/obsdrdr.c
-@@ -64,6 +64,8 @@
- #include <stdio.h>
- #include <stdlib.h>
- 
-+#include <libpfctl.h>
-+
- #include "../macros.h"
- #include "config.h"
- #include "obsdrdr.h"
-@@ -155,7 +157,7 @@ init_redirect(void)
- int
- init_redirect(void)
- {
--	struct pf_status status;
-+	struct pfctl_status *status;
- 	if(dev>=0)
- 		shutdown_redirect();
- 	dev = open("/dev/pf", O_RDWR);
-@@ -163,14 +165,16 @@ init_redirect(void)
- 		syslog(LOG_ERR, "open(\"/dev/pf\"): %m");
- 		return -1;
- 	}
--	if(ioctl(dev, DIOCGETSTATUS, &status)<0) {
-+	if ((status = pfctl_get_status(dev)) == NULL) {
- 		syslog(LOG_ERR, "DIOCGETSTATUS: %m");
- 		return -1;
- 	}
--	if(!status.running) {
-+	if(!status->running) {
-+		pfctl_free_status(status);
- 		syslog(LOG_ERR, "pf is disabled");
- 		return -1;
- 	}
-+	pfctl_free_status(status);
- 	return 0;
- }
- 
-@@ -471,6 +475,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
- 	int i, n, r;
- 	unsigned int tnum;
- 	struct pfioc_rule pr;
-+	struct pfctl_rule rule;
- 	UNUSED(ifname);
- 	if(dev<0) {
- 		syslog(LOG_ERR, "pf device is not open");
-@@ -486,7 +491,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
- 	{
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- 	n = pr.nr;
-@@ -497,7 +502,7 @@ delete_nat_rule(const char * ifname, unsigned short ip
- 	for(i=0; i<n; i++)
- 	{
- 		pr.nr = i;
--		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
-+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_NAT, &rule, pr.anchor_call) != 0)
- 		{
- 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 			r = -1;
-@@ -505,12 +510,12 @@ delete_nat_rule(const char * ifname, unsigned short ip
- 		}
- #ifdef TEST
- 		syslog(LOG_DEBUG, "%2d port=%hu proto=%d addr=%8x    %8x",
--		       i, ntohs(pr.rule.src.port[0]), pr.rule.proto,
--		       pr.rule.src.addr.v.a.addr.v4.s_addr, iaddr);
-+		       i, ntohs(rule.src.port[0]), rule.proto,
-+		       rule.src.addr.v.a.addr.v4.s_addr, iaddr);
- #endif /* TEST */
--		if(iport == ntohs(pr.rule.src.port[0])
--		 && pr.rule.proto == proto
--		 && iaddr == pr.rule.src.addr.v.a.addr.v4.s_addr)
-+		if(iport == ntohs(rule.src.port[0])
-+		 && rule.proto == proto
-+		 && iaddr == rule.src.addr.v.a.addr.v4.s_addr)
- 		{
- 			pr.action = PF_CHANGE_GET_TICKET;
- 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0)
-@@ -842,7 +847,7 @@ get_redirect_rule_count(const char * ifname)
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
- 	{
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- 	release_ticket(dev, pr.ticket);
-@@ -863,7 +868,9 @@ get_redirect_rule(const char * ifname, unsigned short 
- {
- 	int i, n, r;
- 	unsigned int tnum;
--	struct pfioc_rule pr;
-+	struct pfctl_rules_info info;
-+	struct pfctl_rule rule;
-+	char anchor_call[MAXPATHLEN];
- #ifndef PF_NEWSTYLE
- 	struct pfioc_pooladdr pp;
- #endif
-@@ -873,63 +880,57 @@ get_redirect_rule(const char * ifname, unsigned short 
- 		syslog(LOG_ERR, "pf device is not open");
- 		return -1;
- 	}
--	memset(&pr, 0, sizeof(pr));
--	strlcpy(pr.anchor, anchor_name, MAXPATHLEN);
--#ifndef PF_NEWSTYLE
--	pr.rule.action = PF_RDR;
--#endif
--	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
-+	if (pfctl_get_rules_info(dev, &info, PF_RDR, anchor_name) != 0)
- 	{
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
--	n = pr.nr;
-+	n = info.nr;
- #ifdef PF_RELEASETICKETS
--	tnum = pr.ticket;
-+	tnum = info.ticket;
- #endif /* PF_RELEASETICKETS */
- 	r = -2;
- 	for(i=0; i<n; i++)
- 	{
--		pr.nr = i;
--		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
-+		if (pfctl_get_rule(dev, i, info.ticket, anchor_name, PF_RDR, &rule, anchor_call) != 0)
- 		{
- 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 			r = -1;
- 			break;
- 		}
- #ifdef __APPLE__
--		if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))
--		  && (eport == ntohs(pr.rule.dst.xport.range.port[1]))
-+		if( (eport == ntohs(rule.dst.xport.range.port[0]))
-+		  && (eport == ntohs(rule.dst.xport.range.port[1]))
- #else
--		if( (eport == ntohs(pr.rule.dst.port[0]))
--		  && (eport == ntohs(pr.rule.dst.port[1]))
-+		if( (eport == ntohs(rule.dst.port[0]))
-+		  && (eport == ntohs(rule.dst.port[1]))
- #endif
--		  && (pr.rule.proto == proto) )
-+		  && (rule.proto == proto) )
- 		{
- #ifndef PF_NEWSTYLE
--			*iport = pr.rule.rpool.proxy_port[0];
-+			*iport = rule.rpool.proxy_port[0];
- #else
--			*iport = pr.rule.rdr.proxy_port[0];
-+			*iport = rule.rdr.proxy_port[0];
- #endif
- 			if(desc)
--				strlcpy(desc, pr.rule.label, desclen);
-+				strlcpy(desc, rule.label[0], desclen);
- #ifdef PFRULE_INOUT_COUNTS
- 			if(packets)
--				*packets = pr.rule.packets[0] + pr.rule.packets[1];
-+				*packets = rule.packets[0] + rule.packets[1];
- 			if(bytes)
--				*bytes = pr.rule.bytes[0] + pr.rule.bytes[1];
-+				*bytes = rule.bytes[0] + rule.bytes[1];
- #else
- 			if(packets)
--				*packets = pr.rule.packets;
-+				*packets = rule.packets;
- 			if(bytes)
--				*bytes = pr.rule.bytes;
-+				*bytes = rule.bytes;
- #endif
- #ifndef PF_NEWSTYLE
- 			memset(&pp, 0, sizeof(pp));
- 			strlcpy(pp.anchor, anchor_name, MAXPATHLEN);
- 			pp.r_action = PF_RDR;
- 			pp.r_num = i;
--			pp.ticket = pr.ticket;
-+			pp.ticket = info.ticket;
- 			if(ioctl(dev, DIOCGETADDRS, &pp) < 0)
- 			{
- 				syslog(LOG_ERR, "ioctl(dev, DIOCGETADDRS, ...): %m");
-@@ -957,15 +958,15 @@ get_redirect_rule(const char * ifname, unsigned short 
- 			          iaddr, iaddrlen);
- #endif
- #else
--			inet_ntop(AF_INET, &pr.rule.rdr.addr.v.a.addr.v4.s_addr,
-+			inet_ntop(AF_INET, &rule.rdr.addr.v.a.addr.v4.s_addr,
- 			          iaddr, iaddrlen);
- #endif
- 			if(rhost && rhostlen > 0)
- 			{
- #ifdef PFVAR_NEW_STYLE
--				if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0)
-+				if (rule.src.addr.v.a.addr.v4addr.s_addr == 0)
- #else
--				if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0)
-+				if (rule.src.addr.v.a.addr.v4.s_addr == 0)
- #endif
- 				{
- 					rhost[0] = '\0'; /* empty string */
-@@ -973,10 +974,10 @@ get_redirect_rule(const char * ifname, unsigned short 
- 				else
- 				{
- #ifdef PFVAR_NEW_STYLE
--					inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr,
-+					inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr,
- 					          rhost, rhostlen);
- #else
--					inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr,
-+					inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr,
- 					          rhost, rhostlen);
- #endif
- 				}
-@@ -1010,6 +1011,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna
- 	int i, n, r;
- 	unsigned int tnum;
- 	struct pfioc_rule pr;
-+	struct pfctl_rule rule;
- 	UNUSED(ifname);
- 
- 	if(dev<0) {
-@@ -1023,7 +1025,7 @@ priv_delete_redirect_rule_check_desc(const char * ifna
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
- 	{
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- 	n = pr.nr;
-@@ -1034,24 +1036,24 @@ priv_delete_redirect_rule_check_desc(const char * ifna
- 	for(i=0; i<n; i++)
- 	{
- 		pr.nr = i;
--		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
-+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
- 		{
- 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 			r = -1;
- 			break;
- 		}
- #ifdef __APPLE__
--		if( (eport == ntohs(pr.rule.dst.xport.range.port[0]))
--		  && (eport == ntohs(pr.rule.dst.xport.range.port[1]))
-+		if( (eport == ntohs(rule.dst.xport.range.port[0]))
-+		  && (eport == ntohs(rule.dst.xport.range.port[1]))
- #else
--		if( (eport == ntohs(pr.rule.dst.port[0]))
--		  && (eport == ntohs(pr.rule.dst.port[1]))
-+		if( (eport == ntohs(rule.dst.port[0]))
-+		  && (eport == ntohs(rule.dst.port[1]))
- #endif
--		  && (pr.rule.proto == proto) )
-+		  && (rule.proto == proto) )
- 		{
- 			/* retrieve iport in order to remove filter rule */
- #ifndef PF_NEWSTYLE
--			if(iport) *iport = pr.rule.rpool.proxy_port[0];
-+			if(iport) *iport = rule.rpool.proxy_port[0];
- 			if(iaddr)
- 			{
- 				/* retrieve internal address */
-@@ -1087,33 +1089,33 @@ priv_delete_redirect_rule_check_desc(const char * ifna
- #endif
- 			}
- #else
--			if(iport) *iport = pr.rule.rdr.proxy_port[0];
-+			if(iport) *iport = rule.rdr.proxy_port[0];
- 			if(iaddr)
- 			{
- 				/* retrieve internal address */
--				*iaddr = pr.rule.rdr.addr.v.a.addr.v4.s_addr;
-+				*iaddr = rule.rdr.addr.v.a.addr.v4.s_addr;
- 			}
- #endif
- 			if(rhost && rhostlen > 0)
- 			{
- #ifdef PFVAR_NEW_STYLE
--				if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0)
-+				if (rule.src.addr.v.a.addr.v4addr.s_addr == 0)
- #else
--				if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0)
-+				if (rule.src.addr.v.a.addr.v4.s_addr == 0)
- #endif
- 					rhost[0] = '\0'; /* empty string */
- 				else
- #ifdef PFVAR_NEW_STYLE
--					inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr,
-+					inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr,
- 					          rhost, rhostlen);
- #else
--					inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr,
-+					inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr,
- 					          rhost, rhostlen);
- #endif
- 			}
- 			if(check_desc) {
--				if((desc == NULL && pr.rule.label[0] == '\0') ||
--				   (desc && 0 == strcmp(desc, pr.rule.label))) {
-+				if((desc == NULL && rule.label[0][0] == '\0') ||
-+				   (desc && 0 == strcmp(desc, rule.label[0]))) {
- 					r = 1;
- 					break;
- 				}
-@@ -1175,7 +1177,7 @@ priv_delete_filter_rule(const char * ifname, unsigned 
- 	pr.rule.action = PF_PASS;
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
- 	{
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- 	n = pr.nr;
-@@ -1275,6 +1277,7 @@ get_redirect_rule_by_index(int index,
- 	int n, r;
- 	unsigned int tnum;
- 	struct pfioc_rule pr;
-+	struct pfctl_rule rule;
- #ifndef PF_NEWSTYLE
- 	struct pfioc_pooladdr pp;
- #endif
-@@ -1291,7 +1294,7 @@ get_redirect_rule_by_index(int index,
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
- 	{
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- 	n = pr.nr;
-@@ -1302,36 +1305,36 @@ get_redirect_rule_by_index(int index,
- 	if(index >= n)
- 		goto error;
- 	pr.nr = index;
--	if(ioctl(dev, DIOCGETRULE, &pr) < 0)
-+	if (pfctl_get_rule(dev, index, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
- 	{
- 		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 		goto error;
- 	}
--	*proto = pr.rule.proto;
-+	*proto = rule.proto;
- #ifdef __APPLE__
--	*eport = ntohs(pr.rule.dst.xport.range.port[0]);
-+	*eport = ntohs(rule.dst.xport.range.port[0]);
- #else
--	*eport = ntohs(pr.rule.dst.port[0]);
-+	*eport = ntohs(rule.dst.port[0]);
- #endif
- #ifndef PF_NEWSTYLE
--	*iport = pr.rule.rpool.proxy_port[0];
-+	*iport = rule.rpool.proxy_port[0];
- #else
--	*iport = pr.rule.rdr.proxy_port[0];
-+	*iport = rule.rdr.proxy_port[0];
- #endif
- 	if(ifname)
--		strlcpy(ifname, pr.rule.ifname, IFNAMSIZ);
-+		strlcpy(ifname, rule.ifname, IFNAMSIZ);
- 	if(desc)
--		strlcpy(desc, pr.rule.label, desclen);
-+		strlcpy(desc, rule.label[0], desclen);
- #ifdef PFRULE_INOUT_COUNTS
- 	if(packets)
--		*packets = pr.rule.packets[0] + pr.rule.packets[1];
-+		*packets = rule.packets[0] + rule.packets[1];
- 	if(bytes)
--		*bytes = pr.rule.bytes[0] + pr.rule.bytes[1];
-+		*bytes = rule.bytes[0] + rule.bytes[1];
- #else
- 	if(packets)
--		*packets = pr.rule.packets;
-+		*packets = rule.packets;
- 	if(bytes)
--		*bytes = pr.rule.bytes;
-+		*bytes = rule.bytes;
- #endif
- #ifndef PF_NEWSTYLE
- 	memset(&pp, 0, sizeof(pp));
-@@ -1363,15 +1366,15 @@ get_redirect_rule_by_index(int index,
- 	          iaddr, iaddrlen);
- #endif
- #else
--	inet_ntop(AF_INET, &pr.rule.rdr.addr.v.a.addr.v4.s_addr,
-+	inet_ntop(AF_INET, &rule.rdr.addr.v.a.addr.v4.s_addr,
- 	          iaddr, iaddrlen);
- #endif
- 	if(rhost && rhostlen > 0)
- 	{
- #ifdef PFVAR_NEW_STYLE
--		if (pr.rule.src.addr.v.a.addr.v4addr.s_addr == 0)
-+		if (rule.src.addr.v.a.addr.v4addr.s_addr == 0)
- #else
--		if (pr.rule.src.addr.v.a.addr.v4.s_addr == 0)
-+		if (rule.src.addr.v.a.addr.v4.s_addr == 0)
- #endif
- 		{
- 			rhost[0] = '\0'; /* empty string */
-@@ -1379,10 +1382,10 @@ get_redirect_rule_by_index(int index,
- 		else
- 		{
- #ifdef PFVAR_NEW_STYLE
--			inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4addr.s_addr,
-+			inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4addr.s_addr,
- 			          rhost, rhostlen);
- #else
--			inet_ntop(AF_INET, &pr.rule.src.addr.v.a.addr.v4.s_addr,
-+			inet_ntop(AF_INET, &rule.src.addr.v.a.addr.v4.s_addr,
- 			          rhost, rhostlen);
- #endif
- 		}
-@@ -1406,6 +1409,7 @@ get_portmappings_in_range(unsigned short startport, un
- 	int i, n;
- 	unsigned short eport;
- 	struct pfioc_rule pr;
-+	struct pfctl_rule rule;
- 
- 	*number = 0;
- 	if(dev<0) {
-@@ -1426,7 +1430,7 @@ get_portmappings_in_range(unsigned short startport, un
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0)
- 	{
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		free(array);
- 		return NULL;
- 	}
-@@ -1437,19 +1441,19 @@ get_portmappings_in_range(unsigned short startport, un
- 	for(i=0; i<n; i++)
- 	{
- 		pr.nr = i;
--		if(ioctl(dev, DIOCGETRULE, &pr) < 0)
-+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_RDR, &rule, pr.anchor_call) != 0)
- 		{
- 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 			continue;
- 		}
- #ifdef __APPLE__
--		eport = ntohs(pr.rule.dst.xport.range.port[0]);
--		if( (eport == ntohs(pr.rule.dst.xport.range.port[1]))
-+		eport = ntohs(rule.dst.xport.range.port[0]);
-+		if( (eport == ntohs(rule.dst.xport.range.port[1]))
- #else
--		eport = ntohs(pr.rule.dst.port[0]);
--		if( (eport == ntohs(pr.rule.dst.port[1]))
-+		eport = ntohs(rule.dst.port[0]);
-+		if( (eport == ntohs(rule.dst.port[1]))
- #endif
--		  && (pr.rule.proto == proto)
-+		  && (rule.proto == proto)
- 		  && (startport <= eport) && (eport <= endport) )
- 		{
- 			if(*number >= capacity)
diff --git a/net/miniupnpd/files/patch-pf_pfpinhole.c b/net/miniupnpd/files/patch-pf_pfpinhole.c
deleted file mode 100644
index 9c62bd94fdd4..000000000000
--- a/net/miniupnpd/files/patch-pf_pfpinhole.c
+++ /dev/null
@@ -1,210 +0,0 @@
---- pf/pfpinhole.c.orig	2024-03-19 23:41:25 UTC
-+++ pf/pfpinhole.c
-@@ -28,6 +28,7 @@
- #include <syslog.h>
- #include <stdio.h>
- #include <stdlib.h>
-+#include <libpfctl.h>
- 
- #include "config.h"
- #include "pfpinhole.h"
-@@ -171,6 +172,7 @@ int find_pinhole(const char * ifname,
- 	unsigned int ts, tnum;
- 	int i, n;
- 	struct pfioc_rule pr;
-+	struct pfctl_rule rule;
- 	struct in6_addr saddr;
- 	struct in6_addr daddr;
- 	UNUSED(ifname);
-@@ -191,7 +193,7 @@ int find_pinhole(const char * ifname,
- 	pr.rule.action = PF_PASS;
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- 	n = pr.nr;
-@@ -200,22 +202,22 @@ int find_pinhole(const char * ifname,
- #endif /* PF_RELEASETICKETS */
- 	for(i=0; i<n; i++) {
- 		pr.nr = i;
--		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
-+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) {
- 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 			release_ticket(dev, tnum);
- 			return -1;
- 		}
--		if((proto == pr.rule.proto) && (rem_port == ntohs(pr.rule.src.port[0]))
--		   && (0 == memcmp(&saddr, &pr.rule.src.addr.v.a.addr.v6, sizeof(struct in6_addr)))
--		   && (int_port == ntohs(pr.rule.dst.port[0])) &&
--		   (0 == memcmp(&daddr, &pr.rule.dst.addr.v.a.addr.v6, sizeof(struct in6_addr)))) {
--			if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) {
--				syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", pr.rule.label);
-+		if((proto == rule.proto) && (rem_port == ntohs(rule.src.port[0]))
-+		   && (0 == memcmp(&saddr, &rule.src.addr.v.a.addr.v6, sizeof(struct in6_addr)))
-+		   && (int_port == ntohs(rule.dst.port[0])) &&
-+		   (0 == memcmp(&daddr, &rule.dst.addr.v.a.addr.v6, sizeof(struct in6_addr)))) {
-+			if(sscanf(rule.label[0], PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) {
-+				syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", rule.label[0]);
- 				continue;
- 			}
- 			if(timestamp) *timestamp = ts;
- 			if(desc) {
--				char * p = strchr(pr.rule.label, ':');
-+				char * p = strchr(rule.label[0], ':');
- 				if(p) {
- 					p += 2;
- 					strlcpy(desc, p, desc_len);
-@@ -234,6 +236,7 @@ int delete_pinhole(unsigned short uid)
- 	int i, n;
- 	unsigned int tnum;
- 	struct pfioc_rule pr;
-+	struct pfctl_rule rule;
- 	char label_start[PF_RULE_LABEL_SIZE];
- 	char tmp_label[PF_RULE_LABEL_SIZE];
- 
-@@ -249,7 +252,7 @@ int delete_pinhole(unsigned short uid)
- 	pr.rule.action = PF_PASS;
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- 	n = pr.nr;
-@@ -258,11 +261,11 @@ int delete_pinhole(unsigned short uid)
- #endif
- 	for(i=0; i<n; i++) {
- 		pr.nr = i;
--		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
-+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) {
- 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 			return -1;
- 		}
--		strlcpy(tmp_label, pr.rule.label, sizeof(tmp_label));
-+		strlcpy(tmp_label, rule.label[0], sizeof(tmp_label));
- 		strtok(tmp_label, " ");
- 		if(0 == strcmp(tmp_label, label_start)) {
- 			pr.action = PF_CHANGE_GET_TICKET;
-@@ -298,6 +301,7 @@ get_pinhole_info(unsigned short uid,
- 	int i, n;
- 	unsigned int tnum;
- 	struct pfioc_rule pr;
-+	struct pfctl_rule rule;
- 	char label_start[PF_RULE_LABEL_SIZE];
- 	char tmp_label[PF_RULE_LABEL_SIZE];
- 	char * p;
-@@ -314,7 +318,7 @@ get_pinhole_info(unsigned short uid,
- 	pr.rule.action = PF_PASS;
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- 	n = pr.nr;
-@@ -323,29 +327,29 @@ get_pinhole_info(unsigned short uid,
- #endif
- 	for(i=0; i<n; i++) {
- 		pr.nr = i;
--		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
-+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) {
- 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 			release_ticket(dev, tnum);
- 			return -1;
- 		}
--		strlcpy(tmp_label, pr.rule.label, sizeof(tmp_label));
-+		strlcpy(tmp_label, rule.label[0], sizeof(tmp_label));
- 		p = tmp_label;
- 		strsep(&p, " ");
- 		if(0 == strcmp(tmp_label, label_start)) {
--			if(rem_host && (inet_ntop(AF_INET6, &pr.rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) {
-+			if(rem_host && (inet_ntop(AF_INET6, &rule.src.addr.v.a.addr.v6, rem_host, rem_hostlen) == NULL)) {
- 				release_ticket(dev, tnum);
- 				return -1;
- 			}
- 			if(rem_port)
--				*rem_port = ntohs(pr.rule.src.port[0]);
--			if(int_client && (inet_ntop(AF_INET6, &pr.rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) {
-+				*rem_port = ntohs(rule.src.port[0]);
-+			if(int_client && (inet_ntop(AF_INET6, &rule.dst.addr.v.a.addr.v6, int_client, int_clientlen) == NULL)) {
- 				release_ticket(dev, tnum);
- 				return -1;
- 			}
- 			if(int_port)
--				*int_port = ntohs(pr.rule.dst.port[0]);
-+				*int_port = ntohs(rule.dst.port[0]);
- 			if(proto)
--				*proto = pr.rule.proto;
-+				*proto = rule.proto;
- 			if(timestamp)
- 				sscanf(p, "ts-%u", timestamp);
- 			if(desc) {
-@@ -358,14 +362,14 @@ get_pinhole_info(unsigned short uid,
- 			}
- #ifdef PFRULE_INOUT_COUNTS
- 			if(packets)
--				*packets = pr.rule.packets[0] + pr.rule.packets[1];
-+				*packets = rule.packets[0] + rule.packets[1];
- 			if(bytes)
--				*bytes = pr.rule.bytes[0] + pr.rule.bytes[1];
-+				*bytes = rule.bytes[0] + rule.bytes[1];
- #else
- 			if(packets)
--				*packets = pr.rule.packets;
-+				*packets = rule.packets;
- 			if(bytes)
--				*bytes = pr.rule.bytes;
-+				*bytes = rule.bytes;
- #endif
- 			release_ticket(dev, tnum);
- 			return 0;
-@@ -393,6 +397,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
- {
- 	int i;
- 	struct pfioc_rule pr;
-+	struct pfctl_rule rule;
- 	time_t current_time;
- 	unsigned int ts, tnum;
- 	int uid;
-@@ -411,7 +416,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
- 	pr.rule.action = PF_PASS;
- #endif
- 	if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
--		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+		syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 		return -1;
- 	}
- #ifdef PF_RELEASETICKETS
-@@ -419,17 +424,17 @@ int clean_pinhole_list(unsigned int * next_timestamp)
- #endif
- 	for(i = pr.nr - 1; i >= 0; i--) {
- 		pr.nr = i;
--		if(ioctl(dev, DIOCGETRULE, &pr) < 0) {
-+		if (pfctl_get_rule(dev, i, pr.ticket, pr.anchor, PF_PASS, &rule, pr.anchor_call) < 0) {
- 			syslog(LOG_ERR, "ioctl(dev, DIOCGETRULE): %m");
- 			release_ticket(dev, tnum);
- 			return -1;
- 		}
--		if(sscanf(pr.rule.label, PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) {
--			syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", pr.rule.label);
-+		if(sscanf(rule.label[0], PINEHOLE_LABEL_FORMAT_SKIPDESC, &uid, &ts) != 2) {
-+			syslog(LOG_DEBUG, "rule with label '%s' is not a IGD pinhole", rule.label[0]);
- 			continue;
- 		}
- 		if(ts <= (unsigned int)current_time) {
--			syslog(LOG_INFO, "removing expired pinhole '%s'", pr.rule.label);
-+			syslog(LOG_INFO, "removing expired pinhole '%s'", rule.label[0]);
- 			pr.action = PF_CHANGE_GET_TICKET;
- 			if(ioctl(dev, DIOCCHANGERULE, &pr) < 0) {
- 				syslog(LOG_ERR, "ioctl(dev, DIOCCHANGERULE, ...) PF_CHANGE_GET_TICKET: %m");
-@@ -449,7 +454,7 @@ int clean_pinhole_list(unsigned int * next_timestamp)
- #endif
- 			release_ticket(dev, tnum);
- 			if(ioctl(dev, DIOCGETRULES, &pr) < 0) {
--				syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...): %m");
-+				syslog(LOG_ERR, "ioctl(dev, DIOCGETRULES, ...) (%s:%d): %m", __func__, __LINE__);
- 				return -1;
- 			}
- #ifdef PF_RELEASETICKETS