diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 97442725..d8772310 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -12,14 +12,14 @@ on:
 
 jobs:
   build:
-    runs-on: "ubuntu-22.04"
+    runs-on: "ubuntu-24.04"
     steps:
       - name: "checkout repository"
         uses: "actions/checkout@v3"
       - name: "setup go"
         uses: "actions/setup-go@v3"
         with:
-          go-version: "1.21"
+          go-version: "1.25"
       - name: "install python3-pytest"
         run: "sudo apt install -y python3-pytest"
       - name: "make install"
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 98f8c206..c47ef05c 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,5 +1,6 @@
 # .goreleaser.yml
 # Build customization
+version: 2
 project_name: ergo
 builds:
   - main: ergo.go
@@ -17,6 +18,7 @@ builds:
       - amd64
       - arm
       - arm64
+      - riscv64
     goarm:
       - 6
     ignore:
@@ -24,30 +26,41 @@ builds:
         goarch: arm
       - goos: windows
         goarch: arm64
+      - goos: windows
+        goarch: riscv64
       - goos: darwin
         goarch: arm
+      - goos: darwin
+        goarch: riscv64
       - goos: freebsd
         goarch: arm
       - goos: freebsd
         goarch: arm64
+      - goos: freebsd
+        goarch: riscv64
       - goos: openbsd
         goarch: arm
       - goos: openbsd
         goarch: arm64
+      - goos: openbsd
+        goarch: riscv64
       - goos: plan9
         goarch: arm
       - goos: plan9
         goarch: arm64
+      - goos: plan9
+        goarch: riscv64
     flags:
       - -trimpath
 
 archives:
   -
-    name_template: "{{ .ProjectName }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
+    name_template: >-
+            {{ .ProjectName }}-{{ .Version }}-
+            {{- if eq .Os "darwin" }}macos{{- else }}{{ .Os }}{{ end -}}-
+            {{- if eq .Arch "amd64" }}x86_64{{- else }}{{ .Arch }}{{ end -}}
+            {{ if .Arm }}v{{ .Arm }}{{ end -}}
     format: tar.gz
-    replacements:
-      amd64: x86_64
-      darwin: macos
     format_overrides:
       - goos: windows
         format: zip
@@ -58,6 +71,7 @@ archives:
       - ergo.motd
       - default.yaml
       - traditional.yaml
+      - docs/API.md
       - docs/MANUAL.md
       - docs/USERGUIDE.md
       - languages/*.yaml
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2e4478d7..b24ce6b8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,161 @@
 # Changelog
 All notable changes to Ergo will be documented in this file.
 
+## [2.17.0-rc1] - 2025-12-14
+
+We're pleased to be publishing the release candidate for v2.17.0 (the official release should follow within a week or so). This release adds support for the [IRCv3 metadata specification](https://ircv3.net/specs/extensions/metadata), thanks to [@thatcher-gaming](https://github.com/thatcher-gaming), as well as bug fixes and minor updates.
+
+This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading. It includes no changes to the database file format.
+
+Many thanks to [@branchgrove](https://github.com/branchgrove), [@Brutus5000](https://github.com/Brutus5000), [@progval](https://github.com/progval), [@SarahRoseLives](https://github.com/SarahRoseLives), [@thatcher-gaming](https://github.com/thatcher-gaming), [@ValwareIRC](https://github.com/ValwareIRC), and Xogium for contributing patches, reporting issues, and helping test.
+
+### Config changes
+* Added `accounts.metadata` block to configure the new metadata feature. If this block is absent, metadata is disabled. See `default.yaml` for an example. (#2273)
+* Added `server.idle-timeouts` for configurable idle timeouts; when unset, the previous hardcoded defaults are used (#2292, thanks [@Brutus5000](https://github.com/Brutus5000)!)
+* Added `server.oper-throttle` to configure throttling for failed `OPER` attempts; when unset, this defaults to 1 attempt every 10 seconds (#2296)
+
+### Added
+* Implemented support for the [draft/metadata-2](https://ircv3.net/specs/extensions/metadata) specification, allowing clients to set and retrieve metadata on accounts and channels (#2273, #2277, #2281, #2282, #2301, thanks [@thatcher-gaming](https://github.com/thatcher-gaming)!)
+* Added `/v1/status` and `/v1/account_list` HTTP API endpoints (#2261, thanks [@SarahRoseLives](https://github.com/SarahRoseLives)!)
+* Enhanced `/v1/account_details` API response with additional fields (#2261, thanks [@SarahRoseLives](https://github.com/SarahRoseLives)!)
+
+### Fixed
+* Fixed `REGISTER` command to strip guest format when applicable, matching `NS REGISTER` behavior (#2270, #2271, thanks [@ValwareIRC](https://github.com/ValwareIRC) and [@thatcher-gaming](https://github.com/thatcher-gaming)!)
+* Fixed invalid `FAIL` codes in `REGISTER` command (#2269, thanks [@ValwareIRC](https://github.com/ValwareIRC)!)
+* Fixed validation of web push URLs to reject non-HTTPS URLs (#2295)
+* Fixed inconsistent behavior when `history.enabled` is set but `history.chathistory-maxmessages` is not (#2303, #2304, thanks [@branchgrove](https://github.com/branchgrove)!)
+
+### Changed
+* The `OPER` command now imposes a throttle on all attempts, never disconnects the client on failure, and logs non-sensitive information about failed attempts (#2296, #2298, thanks Xogium!)
+
+### Internal
+* Official release builds use Go 1.25 (#2290)
+* Upgraded the Docker base image from Alpine 3.19 to 3.22 (#2306)
+
+## [2.16.0] - 2025-05-18
+We're pleased to be publishing v2.16.0, a new stable release. This release contains bug fixes and some minor updates.
+
+This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading. It includes no changes to the database file format.
+
+Many thanks to [@csmith](https://github.com/csmith), [@delthas](https://github.com/delthas), donio, [@emersion](https://github.com/emersion), [@KlaasT](https://github.com/KlaasT), [@knolley](https://github.com/knolley), [@Mailaender](https://github.com/Mailaender), and [@prdes](https://github.com/prdes) for reporting issues and helping test.
+
+### Config changes
+* Added `api` block for configuring the new HTTP API. If this block is absent, the API is disabled (#2231)
+* Added `server.additional-isupport` for publishing arbitrary ISUPPORT tokens (#2220, #2240)
+* Added `server.command-aliases` to configure aliases for server commands (#2229, #2236)
+* Added options to `roleplay` to customize the NUH's sent for `NPC` and `SCENE`. Roleplay remains deprecated and disabled by default. (#2237)
+
+### Security
+* Mitigated HTTP DoS attacks by rejecting IRC sessions that begin with an HTTP verb, such as `POST`. If you were relying on this to create IRC sessions via an HTTP client, please open an issue. (#2239)
+
+### Added
+* Added an HTTP API, providing programmatic access to Ergo functionality (#2231, thanks [@KlaasT](https://github.com/KlaasT)!)
+* Added SAFERATE to 005 ISUPPORT tokens (#2223, thanks [@delthas](https://github.com/delthas)!)
+* Added support for ed25519-sha256 for DKIM. However, enabling this algorithm is not recommended since mainstream email providers still do not support it. (#1041, #2242)
+
+### Fixed
+* Fixed `CHATHISTORY TARGETS` from MySQL backend reporting incorrect timestamps when the server timezone is not UTC (#2224)
+* Fixed batch name parameter in `draft/isupport` responses (#2253)
+* Fixed `NS UNREGISTER` not deleting the stored push subscriptions (#2254)
+* Fixed cases where `NS SAREGISTER` could create clients without applying the default user modes (#2252, #2254, thanks donio!)
+* Improved validation of `CHATHISTORY` parameters (#2248, #2249, thanks [@prdes](https://github.com/prdes)!)
+* Added validation to ensure the MOTD is UTF-8 when `enforce-utf8` is enabled (the recommended default) (#2228, #2233, thanks [@KlaasT](https://github.com/KlaasT)!)
+* The client's own `QUIT` line now respects the `server-time` capability (#2218, #2219)
+* Fixed sending unnecessary replies to certain invalid `MODE` changes (#2213)
+* Improved safety of ISUPPORT length limits (#2241)
+
+### Changed
+* The `draft/message-redaction` capability is no longer advertised when `allow-individual-delete` is disabled (#2215, #2216, thanks [@delthas](https://github.com/delthas)!)
+* Receiving the UTF-8 BOM (byte-order mark) at the start of an IRC connection now produces an explicit error (#2244, #2247, thanks [@csmith](https://github.com/csmith), [@Mailaender](https://github.com/Mailaender)!)
+
+### Internal
+* Release builds use Go 1.24.3 (#2217)
+
+## [2.15.0] - 2025-01-26
+
+We're pleased to be publishing v2.15.0, a new stable release. This release adds support for mobile push notifications, via the [draft/webpush](https://github.com/ircv3/ircv3-specifications/pull/471) specification. More information on this is available in the [manual](https://github.com/ergochat/ergo/blob/ab2d842b270d9df217c779df9c7a5c594d85fdd5/docs/MANUAL.md#push-notifications) and [user guide](https://github.com/ergochat/ergo/blob/ab2d842b270d9df217c779df9c7a5c594d85fdd5/docs/USERGUIDE.md#push-notifications). This feature is still considered to be in an experimental state; `default.yaml` ships with it disabled, and its configuration may have backwards-incompatible changes in the future.
+
+This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading.
+
+This release includes a database change. If you have `datastore.autoupgrade` set to `true` in your configuration, it will be automatically applied when you restart Ergo. Otherwise, you can update the database manually by running `ergo upgradedb` (see the manual for complete instructions).
+
+Many thanks to [@delthas](https://github.com/delthas), [@donatj](https://github.com/donatj), donio, [@emersion](https://github.com/emersion), and [@eskimo](https://github.com/eskimo) for contributing patches and helping test.
+
+### Config changes
+* Added `webpush` block to the config file to configure push notifications. See `default.yaml` for an example. Note that at this time, `default.yaml` ships with support for push notifications disabled; operators can enable them by setting `webpush.enabled: true`. In the absence of such a block, push notifications are disabled.
+* We recommend the addition of `"WEBPUSH": 1` to `fakelag.command-budgets`, to speed up mobile reattach when web push is enabled. See `default.yaml` for an example.
+
+### Added
+* Added support for the [draft/webpush](https://github.com/ircv3/ircv3-specifications/pull/471) specification (#2205, thanks [@emersion](https://github.com/emersion), [@eskimo](https://github.com/eskimo)!)
+* Added support for the [draft/extended-isupport](https://github.com/ircv3/ircv3-specifications/pull/543) specification (#2184, thanks [@emersion](https://github.com/emersion)!)
+* `UBAN ADD` now accepts `REQUIRE-SASL` with NUH masks, i.e. k-lines (#2198, #2199)
+* Ergo now publishes the `SAFELIST` ISUPPORT parameter (#2196, thanks [@delthas](https://github.com/delthas)!)
+
+### Fixed
+* Fixed incorrect parameters when pushing `005` (ISUPPORT) updates to clients on rehash (#2177, #2184)
+
+### Internal
+* Official release builds use Go 1.23.5
+* Added a unique identifier to identify connections in debug logs. This has no privacy implications in a standard, non-debug configuration of Ergo. (#2206, thanks donio!)
+* Added support for Solaris on amd64 CPUs (#2183)
+
+## [2.14.0] - 2024-06-30
+
+We're pleased to be publishing v2.14.0, a new stable release. This release contains primarily bug fixes, with the addition of some new authentication mechanisms for integrating with web clients.
+
+This release includes changes to the config file format, all of which are fully backwards-compatible and do not require updating the file before upgrading. It includes no changes to the database file format.
+
+Many thanks to [@al3xandros](https://github.com/al3xandros), donio, [@eeeeeta](https://github.com/eeeeeta), [@emersion](https://github.com/emersion), [@Eriner](https://github.com/Eriner), [@eskimo](https://github.com/eskimo), [@Herringway](https://github.com/Herringway), [@jwheare](https://github.com/jwheare), [@knolley](https://github.com/knolley), [@mengzhuo](https://github.com/mengzhuo), pathof, [@poVoq](https://github.com/poVoq), [@progval](https://github.com/progval), [@RNDpacman](https://github.com/RNDpacman), and [@xnaas](https://github.com/xnaas) for contributing patches, reporting issues, and helping test.
+
+### Config changes
+* Added `accounts.oauth2` and `accounts.jwt-auth` blocks for configuring OAuth2 and JWT authentication (#2004)
+* Added `protocol` and `local-address` options to `accounts.registration.email-verification`, to force emails to be sent over IPv4 (or IPv6) or to force the use of a particular source address (#2142)
+* Added `limits.realnamelen`, a configurable limit on the length of realnames. If unset, no limit is enforced beyond the IRC protocol line length limits (the previous behavior). (#2123, thanks [@eskimo](https://github.com/eskimo)!)
+* Added the `accept-hostname` option to the webirc config block, allowing Ergo to accept hostnames passed from reverse proxies on the `WEBIRC` line. Note that this will have no effect under the default/recommended configuration, in which cloaks are used instead (#1686, #2146, thanks [@RNDpacman](https://github.com/RNDpacman)!)
+* The default/recommended value of `limits.chan-list-modes` (the size limit for ban/except/invite lists) was raised to 100 (#2081, #2165, #2167)
+
+### Added
+* Added support for the `OAUTHBEARER` SASL mechanism, allowing Ergo to interoperate with Gamja and an OAuth2 provider (#2004, #2122, thanks [@emersion](https://github.com/emersion)!)
+* Added support for the [`IRCV3BEARER` SASL mechanism](https://github.com/ircv3/ircv3-specifications/pull/545), allowing Ergo to accept OAuth2 or JWT bearer tokens (#2158)
+* Added support for the legacy `rfc1459` and `rfc1459-strict` casemappings (#2099, #2159, thanks [@xnaas](https://github.com/xnaas)!)
+* The new `ergo defaultconfig` subcommand prints a copy of the default config file to standard output (#2157, #2160, thanks [@al3xandros](https://github.com/al3xandros)!)
+
+### Fixed
+* Even with `allow-truncation: false` (the recommended default), some oversized messages were being accepted and relayed with truncation. These messages will now be rejected with `417 ERR_INPUTTOOLONG` as expected (#2170)
+* NICK and QUIT from invisible members of auditorium channels are no longer recorded in history (#2133, #2137, thanks [@knolley](https://github.com/knolley) and [@poVoq](https://github.com/poVoq)!)
+* If channel registration was disabled, registered channels could become inaccessible after rehash; this has been fixed (#2130, thanks [@eeeeeta](https://github.com/eeeeeta)!)
+* Attempts to use unrecognized SASL mechanisms no longer count against the login throttle, improving compatibility with Pidgin (#2156, thanks donio and pathof!)
+* Fixed database autoupgrade on Windows, which was previously broken due to the use of a colon in the backup filename (#2139, #2140, thanks [@Herringway](https://github.com/Herringway)!)
+* Fixed handling of `NS CERT ADD <user> <fp>` when an unprivileged user invokes it on themself (#2128, #2098, thanks [@Eriner](https://github.com/Eriner)!)
+* Fixed missing human-readable trailing parameters for two multiline `FAIL` messages (#2043, #2162, thanks [@jwheare](https://github.com/jwheare) and [@progval](https://github.com/progval)!)
+* Fixed symbol sent by `353 RPL_NAMREPLY` for secret channels (#2144, #2145, thanks savoyard!)
+
+### Changed
+* Trying to claim a registered nickname that is also actually in use by another client now produces `433 ERR_NICKNAMEINUSE` as expected (#2135, #2136, thanks savoyard!)
+* `SAMODE` now overrides the enforcement of `limits.chan-list-modes` (the size limit for ban/except/invite lists) (#2081, #2165)
+* Certain unsuccessful `MODE` changes no longer send `324 RPL_CHANNELMODEIS` and `329 RPL_CREATIONTIME` (#2163)
+* Debug logging for environment variable configuration overrides no longer prints the value, only the key (#2129, #2132, thanks [@eeeeeta](https://github.com/eeeeeta)!)
+
+### Internal
+
+* Official release builds use Go 1.22.4
+* Added a linux/riscv64 release (#2172, #2173, thanks [@mengzhuo](https://github.com/mengzhuo)!)
+
+## [2.13.1] - 2024-05-06
+
+Ergo 2.13.1 is a bugfix release, fixing an exploitable deadlock that could lead to a denial of service. We regret the oversight.
+
+This release includes no changes to the config file format or database format.
+
+### Security
+
+* Fixed an exploitable deadlock that could lead to a denial of service (#2149)
+
+### Internal
+
+* Official release builds use Go 1.22.2
+
+
 ## [2.13.0] - 2024-01-14
 
 We're pleased to be publishing v2.13.0, a new stable release. This is a bugfix release that fixes some issues, including a crash.
diff --git a/Dockerfile b/Dockerfile
index eb21904c..1d5bb800 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 ## build ergo binary
-FROM docker.io/golang:1.21-alpine AS build-env
+FROM docker.io/golang:1.25-alpine3.22 AS build-env
 
 RUN apk upgrade -U --force-refresh --no-cache && apk add --no-cache --purge --clean-protected -l -u make git
 
@@ -16,7 +16,7 @@ RUN sed -i 's/^\(\s*\)\"127.0.0.1:6667\":.*$/\1":6667":/' /go/src/github.com/erg
 RUN make install
 
 ## build ergo container
-FROM docker.io/alpine:3.19
+FROM docker.io/alpine:3.22
 
 # metadata
 LABEL maintainer="Daniel Oaks <daniel@danieloaks.net>,Daniel Thamdrup <dallemon@protonmail.com>" \
diff --git a/Makefile b/Makefile
index 0a6bcf0e..af4240d1 100644
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,3 @@
-.PHONY: all install build release capdefs test smoke gofmt irctest
-
 GIT_COMMIT := $(shell git rev-parse HEAD 2> /dev/null)
 GIT_TAG := $(shell git tag --points-at HEAD 2> /dev/null | head -n 1)
 
@@ -9,33 +7,42 @@ export CGO_ENABLED ?= 0
 
 capdef_file = ./irc/caps/defs.go
 
+.PHONY: all
 all: build
 
+.PHONY: install
 install:
 	go install -v -ldflags "-X main.commit=$(GIT_COMMIT) -X main.version=$(GIT_TAG)"
 
+.PHONY: build
 build:
 	go build -v -ldflags "-X main.commit=$(GIT_COMMIT) -X main.version=$(GIT_TAG)"
 
+.PHONY: release
 release:
-	goreleaser --skip-publish --rm-dist
+	goreleaser --skip=publish --clean
 
+.PHONY: capdefs
 capdefs:
 	python3 ./gencapdefs.py > ${capdef_file}
 
+.PHONY: test
 test:
 	python3 ./gencapdefs.py | diff - ${capdef_file}
 	go test ./...
 	go vet ./...
 	./.check-gofmt.sh
 
+.PHONY: smoke
 smoke: install
 	ergo mkcerts --conf ./default.yaml || true
 	ergo run --conf ./default.yaml --smoke
 
+.PHONY: gofmt
 gofmt:
 	./.check-gofmt.sh --fix
 
+.PHONY: irctest
 irctest: install
 	git submodule update --init
 	cd irctest && make ergo
diff --git a/default.yaml b/default.yaml
index 7936a766..007d8e18 100644
--- a/default.yaml
+++ b/default.yaml
@@ -100,6 +100,7 @@ server:
         max-connections-per-duration: 64
 
     # strict transport security, to get clients to automagically use TLS
+    # (irrelevant in the recommended configuration, with no public plaintext listener)
     sts:
         # whether to advertise STS
         #
@@ -134,9 +135,10 @@ server:
     # the recommended default is 'ascii' (traditional ASCII-only identifiers).
     # the other options are 'precis', which allows UTF8 identifiers that are "sane"
     # (according to UFC 8265), with additional mitigations for homoglyph attacks,
-    # and 'permissive', which allows identifiers containing unusual characters like
+    # 'permissive', which allows identifiers containing unusual characters like
     # emoji, at the cost of increased vulnerability to homoglyph attacks and potential
-    # client compatibility problems. we recommend leaving this value at its default;
+    # client compatibility problems, and the legacy mappings 'rfc1459' and
+    # 'rfc1459-strict'. we recommend leaving this value at its default;
     # however, note that changing it once the network is already up and running is
     # problematic.
     casemapping: "ascii"
@@ -178,6 +180,17 @@ server:
     # if this is true, the motd is escaped using formatting codes like $c, $b, and $i
     motd-formatting: true
 
+    # idle timeouts for inactive clients
+    idle-timeouts:
+        # give the client this long to complete connection registration (i.e. the initial
+        # IRC handshake, including capability negotiation and SASL)
+        registration: 60s
+        # if the client hasn't sent anything for this long, send them a PING
+        ping: 1m30s
+        # if the client hasn't sent anything for this long (including the PONG to the
+        # above PING), disconnect them
+        disconnect: 2m30s
+
     # relaying using the RELAYMSG command
     relaymsg:
         # is relaymsg enabled at all?
@@ -218,6 +231,10 @@ server:
                 # - "192.168.1.1"
                 # - "192.168.10.1/24"
 
+            # whether to accept the hostname parameter on the WEBIRC line as the IRC hostname
+            # (the default/recommended Ergo configuration will use cloaks instead)
+            accept-hostname: false
+
     # maximum length of clients' sendQ in bytes
     # this should be big enough to hold bursts of channel/direct messages
     max-sendq: 96k
@@ -352,6 +369,10 @@ server:
     secure-nets:
         # - "10.0.0.0/8"
 
+    # allow attempts to OPER with a password at most this often. defaults to
+    # 10 seconds when unset.
+    oper-throttle: 10s
+
     # Ergo will write files to disk under certain circumstances, e.g.,
     # CPU profiling or data export. by default, these files will be written
     # to the working directory. set this to customize:
@@ -370,6 +391,17 @@ server:
     # if you don't want to publicize how popular the server is
     suppress-lusers: false
 
+    # publish additional key-value pairs in ISUPPORT (the 005 numeric).
+    # keys that collide with a key published by Ergo will be silently ignored.
+    additional-isupport:
+        #"draft/FILEHOST": "https://example.com/filehost"
+        #"draft/bazbat": "" # empty string means no value
+
+    # optionally map command alias names to existing ergo commands. most deployments
+    # should ignore this.
+    #command-aliases:
+        #"UMGEBUNG": "AMBIANCE"
+
 # account options
 accounts:
     # is account authentication enabled, i.e., can users log into existing accounts?
@@ -405,6 +437,10 @@ accounts:
             sender: "admin@my.network"
             require-tls: true
             helo-domain: "my.network" # defaults to server name if unset
+            # set to `tcp4` to force sending over IPv4, `tcp6` to force IPv6:
+            # protocol: "tcp4"
+            # set to force a specific source/local IPv4 or IPv6 address:
+            # local-address: "1.2.3.4"
             # options to enable DKIM signing of outgoing emails (recommended, but
             # requires creating a DNS entry for the public key):
             # dkim:
@@ -501,7 +537,7 @@ accounts:
         # 1. these nicknames cannot be registered or reserved
         # 2. if a client is automatically renamed by the server,
         #    this is the template that will be used (e.g., Guest-nccj6rgmt97cg)
-        # 3. if enforce-guest-format (see below) is enabled, clients without
+        # 3. if force-guest-format (see below) is enabled, clients without
         #    a registered account will have this template applied to their
         #    nicknames (e.g., 'katie' will become 'Guest-katie')
         guest-nickname-format: "Guest-*"
@@ -586,6 +622,40 @@ accounts:
         # how many scripts are allowed to run at once? 0 for no limit:
         max-concurrency: 64
 
+    # support for login via OAuth2 bearer tokens
+    oauth2:
+        enabled: false
+        # should we automatically create users on presentation of a valid token?
+        autocreate: true
+        # enable this to use auth-script for validation:
+        auth-script: false
+        introspection-url: "https://example.com/api/oidc/introspection"
+        introspection-timeout: 10s
+        # omit for auth method `none`; required for auth method `client_secret_basic`:
+        client-id: "ergo"
+        client-secret: "4TA0I7mJ3fUUcW05KJiODg"
+
+    # support for login via JWT bearer tokens
+    jwt-auth:
+        enabled: false
+        # should we automatically create users on presentation of a valid token?
+        autocreate: true
+        # any of these token definitions can be accepted, allowing for key rotation
+        tokens:
+            -
+                algorithm: "hmac" # either 'hmac', 'rsa', or 'eddsa' (ed25519)
+                # hmac takes a symmetric key, rsa and eddsa take PEM-encoded public keys;
+                # either way, the key can be specified either as a YAML string:
+                key: "nANiZ1De4v6WnltCHN2H7Q"
+                # or as a path to the file containing the key:
+                #key-file: "jwt_pubkey.pem"
+                # list of JWT claim names to search for the user's account name (make sure the format
+                # is what you expect, especially if using "sub"):
+                account-claims: ["preferred_username"]
+                # if a claim is formatted as an email address, require it to have the following domain,
+                # and then strip off the domain and use the local-part as the account name:
+                #strip-domain: "example.com"
+
 # channel options
 channels:
     # modes that are set when new channels are created
@@ -669,6 +739,7 @@ oper-classes:
             - "history"      # modify or delete history messages
             - "defcon"       # use the DEFCON command (restrict server capabilities)
             - "massmessage"  # message all users on the server
+            - "metadata"     # modify arbitrary metadata on channels and users
 
 # ircd operators
 opers:
@@ -733,7 +804,7 @@ logging:
         # be logged, even if you explicitly include it
         #
         # useful types include:
-        #   *               everything (usually used with exclusing some types below)
+        #   *               everything (usually used with excluding some types below)
         #   server          server startup, rehash, and shutdown events
         #   accounts        account registration and authentication
         #   channels        channel creation and operations
@@ -777,7 +848,7 @@ lock-file: "ircd.lock"
 
 # datastore configuration
 datastore:
-    # path to the datastore
+    # path to the database file (used to store account and channel registrations):
     path: ircd.db
 
     # if the database schema requires an upgrade, `autoupgrade` will attempt to
@@ -820,6 +891,9 @@ limits:
     # identlen is the max ident length allowed
     identlen: 20
 
+    # realnamelen is the maximum realname length allowed
+    realnamelen: 150
+
     # channellen is the max channel length allowed
     channellen: 64
 
@@ -839,7 +913,7 @@ limits:
     whowas-entries: 100
 
     # maximum length of channel lists (beI modes)
-    chan-list-modes: 60
+    chan-list-modes: 100
 
     # maximum number of messages to accept during registration (prevents
     # DoS / resource exhaustion attacks):
@@ -876,6 +950,7 @@ fakelag:
         "MARKREAD":    16
         "MONITOR":     1
         "WHO":         4
+        "WEBPUSH":     1
 
 # the roleplay commands are semi-standardized extensions to IRC that allow
 # sending and receiving messages from pseudo-nicknames. this can be used either
@@ -894,6 +969,12 @@ roleplay:
     # add the real nickname, in parentheses, to the end of every roleplay message?
     add-suffix: true
 
+    # allow customizing the NUH's sent for NPC and SCENE commands
+    # NPC: the first %s is the NPC name, the second is the user's real nick
+    #npc-nick-mask: "*%s*!%s@npc.fakeuser.invalid"
+    # SCENE: the %s is the client's real nick
+    #scene-nick-mask: "=Scene=!%s@npc.fakeuser.invalid"
+
 # external services can integrate with the ircd using JSON Web Tokens (https://jwt.io).
 # in effect, the server can sign a token attesting that the client is present on
 # the server, is a member of a particular channel, etc.
@@ -1021,3 +1102,56 @@ history:
 # whether to allow customization of the config at runtime using environment variables,
 # e.g., ERGO__SERVER__MAX_SENDQ=128k. see the manual for more details.
 allow-environment-overrides: true
+
+# metadata support for setting key/value data on channels and nicknames.
+metadata:
+    # can clients store metadata?
+    enabled: true
+    # how many keys can a client subscribe to?
+    max-subs: 100
+    # how many keys can be stored per entity?
+    max-keys: 100
+    # rate limiting for client metadata updates, which are expensive to process
+    client-throttle:
+        enabled: true
+        duration: 2m
+        max-attempts: 10
+
+# experimental support for mobile push notifications
+# see the manual for potential security, privacy, and performance implications.
+# DO NOT enable if you are running a Tor or I2P hidden service (i.e. one
+# with no public IP listeners, only Tor/I2P listeners).
+webpush:
+    # are push notifications enabled at all?
+    enabled: false
+    # request timeout for POST'ing the http notification
+    timeout: 10s
+    # delay sending the notification for this amount of time, then suppress it
+    # if the client sent MARKREAD to indicate that it was read on another device
+    delay: 0s
+    # subscriber field for the VAPID JWT authorization:
+    #subscriber: "https://your-website.com/"
+    # maximum number of push subscriptions per user
+    max-subscriptions: 4
+    # expiration time for a push subscription; it must be renewed within this time
+    # by the client reconnecting to IRC. we also detect whether the client is no longer
+    # successfully receiving push messages.
+    expiration: 14d
+
+# HTTP API. we strongly recommend leaving this disabled unless you have a specific
+# need for it.
+api:
+    # is the API enabled at all?
+    enabled: false
+    # listen address:
+    listener: "127.0.0.1:8089"
+    # serve over TLS (strongly recommended if the listener is public):
+    #tls:
+        #cert: fullchain.pem
+        #key: privkey.pem
+    # one or more static bearer tokens accepted for HTTP bearer authentication.
+    # these must be strong, unique, high-entropy printable ASCII strings.
+    # to generate a new token, use `ergo gentoken` or:
+    # python3 -c "import secrets; print(secrets.token_urlsafe(32))"
+    bearer-tokens:
+        - "example"
diff --git a/distrib/docker/README.md b/distrib/docker/README.md
index 9d4feed6..d3e214da 100644
--- a/distrib/docker/README.md
+++ b/distrib/docker/README.md
@@ -53,14 +53,14 @@ For example, to create a new docker volume and then mount it:
 
 ```shell
 docker volume create ergo-data
-docker run --init -d -v ergo-data:/ircd -p 6667:6667 -p 6697:6697 ghcr.io/ergochat/ergo:stable
+docker run --init --name ergo -d -v ergo-data:/ircd -p 6667:6667 -p 6697:6697 ghcr.io/ergochat/ergo:stable
 ```
 
 Or to mount a folder from your host machine:
 
 ```shell
 mkdir ergo-data
-docker run --init -d -v $(PWD)/ergo-data:/ircd -p 6667:6667 -p 6697:6697 ghcr.io/ergochat/ergo:stable
+docker run --init --name ergo -d -v $(pwd)/ergo-data:/ircd -p 6667:6667 -p 6697:6697 ghcr.io/ergochat/ergo:stable
 ```
 
 ## Customising the config
@@ -85,8 +85,8 @@ docker kill -s SIGHUP ergo
 
 ## Using custom TLS certificates
 
-TLS certs will by default be read from /ircd/tls.crt, with a private key
-in /ircd/tls.key. You can customise this path in the ircd.yaml file if
+TLS certs will by default be read from /ircd/fullchain.pem, with a private key
+in /ircd/privkey.pem. You can customise this path in the ircd.yaml file if
 you wish to mount the certificates from another volume. For information
 on using Let's Encrypt certificates, see
 [this manual entry](https://github.com/ergochat/ergo/blob/master/docs/MANUAL.md#using-valid-tls-certificates).
diff --git a/docs/API.md b/docs/API.md
new file mode 100644
index 00000000..524e8077
--- /dev/null
+++ b/docs/API.md
@@ -0,0 +1,124 @@
+         __ __  ______ ___  ______ ___ 
+      __/ // /_/ ____/ __ \/ ____/ __ \
+     /_  // __/ __/ / /_/ / / __/ / / /
+    /_  // __/ /___/ _, _/ /_/ / /_/ / 
+     /_//_/ /_____/_/ |_|\____/\____/  
+
+        Ergo IRCd API Documentation
+            https://ergo.chat/
+
+_Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn@cs.stanford.edu>_
+
+
+--------------------------------------------------------------------------------------------
+
+Ergo has an experimental HTTP API. Some general information about the API:
+
+1. All requests to the API are via POST.
+1. All requests to the API are authenticated via bearer authentication. This is a header named `Authorization` with the value `Bearer <token>`. A list of valid tokens is hardcoded in the Ergo config. Future versions of Ergo may allow additional validation schemes for tokens.
+1. The request parameters are sent as JSON in the POST body.
+1. Any status code other than 200 is an error response; the response body is undefined in this case (likely human-readable text for debugging).
+1. A 200 status code indicates successful execution of the request. The response body will be JSON and may indicate application-level success or failure (typically via the `success` field, which takes a boolean value).
+
+API endpoints are versioned (currently all endpoints have a `/v1/` path prefix). Backwards-incompatible updates will most likely take the form of endpoints with new names, or an increased version prefix. Any exceptions to this will be specifically documented in the changelog.
+
+All API endpoints should be considered highly privileged. Bearer tokens should be kept secret. Access to the API should be either over a trusted link (like loopback) or secured via verified TLS. See the `api` section of `default.yaml` for examples of how to configure this.
+
+Here's an example of how to test an API configured to run over loopback TCP in plaintext:
+
+```bash
+curl -d '{"accountName": "invalidaccountname", "passphrase": "invalidpassphrase"}' -H 'Authorization: Bearer EYBbXVilnumTtfn4A9HE8_TiKLGWEGylre7FG6gEww0' -v http://127.0.0.1:8089/v1/check_auth
+```
+
+This returns:
+
+```json
+{"success":false}
+```
+
+Endpoints
+=========
+
+`/v1/account_details`
+----------------
+
+This endpoint fetches account details and returns them as JSON. The request is a JSON object with fields:
+
+* `accountName`: string, name of the account
+
+The response is a JSON object with fields:
+
+* `success`: whether the account exists or not
+* `accountName`: canonical, case-unfolded version of the account name
+* `email`: email address of the account provided
+* `registeredAt`: string, registration date/time of the account (in ISO8601 format)
+* `channels`: array of strings, list of channels the account is registered on or associated with
+
+`/v1/check_auth`
+----------------
+
+This endpoint verifies the credentials of a NickServ account; this allows Ergo to be used as the source of truth for authentication by another system. The request is a JSON object with fields:
+
+* `accountName`: string, name of the account
+* `passphrase`: string, alleged passphrase of the account
+
+The response is a JSON object with fields:
+
+* `success`: whether the credentials provided were valid
+* `accountName`: canonical, case-unfolded version of the account name
+
+`/v1/rehash`
+------------
+
+This endpoint rehashes the server (i.e. reloads the configuration file, TLS certificates, and other associated data). The body is ignored. The response is a JSON object with fields:
+
+* `success`: boolean, indicates whether the rehash was successful
+* `error`: string, optional, human-readable description of the failure
+
+`/v1/saregister`
+----------------
+
+This endpoint registers an account in NickServ, with the same semantics as `NS SAREGISTER`. The request is a JSON object with fields:
+
+* `accountName`: string, name of the account
+* `passphrase`: string, passphrase of the account
+
+The response is a JSON object with fields:
+
+* `success`: whether the account creation succeeded
+* `errorCode`: string, optional, machine-readable description of the error. Possible values include: `ACCOUNT_EXISTS`, `INVALID_PASSPHRASE`, `UNKNOWN_ERROR`.
+* `error`: string, optional, human-readable description of the failure.
+
+`/v1/account_list`
+-------------------
+
+This endpoint fetches a list of all accounts. The request body is ignored and can be empty.
+
+The response is a JSON object with fields:
+
+* `success`: whether the request succeeded
+* `accounts`: array of objects, each with fields:
+  * `success`: boolean, whether this individual account query succeeded
+  * `accountName`: string, canonical, case-unfolded version of the account name
+* `totalCount`: integer, total number of accounts returned
+
+
+`/v1/status`
+-------------
+
+This endpoint returns status information about the running Ergo server. The request body is ignored and can be empty.
+
+The response is a JSON object with fields:
+
+* `success`: whether the request succeeded
+* `version`: string, Ergo server version string
+* `go_version`: string, version of Go runtime used
+* `start_time`: string, server start time in ISO8601 format
+* `users`: object with fields:
+  * `total`: total number of users connected
+  * `invisible`: number of invisible users
+  * `operators`: number of operators connected
+  * `unknown`: number of users with unknown status
+  * `max`: maximum number of users seen connected at once
+* `channels`: integer, number of channels currently active
+* `servers`: integer, number of servers connected in the network
diff --git a/docs/MANUAL.md b/docs/MANUAL.md
index 8308fe8c..cfa3ddc9 100644
--- a/docs/MANUAL.md
+++ b/docs/MANUAL.md
@@ -44,6 +44,7 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
     - [Persistent history with MySQL](#persistent-history-with-mysql)
     - [IP cloaking](#ip-cloaking)
     - [Moderation](#moderation)
+    - [Push notifications](#push-notifications)
 - [Frequently Asked Questions](#frequently-asked-questions)
 - [IRC over TLS](#irc-over-tls)
     - [Redirect from plaintext to TLS](#how-can-i-redirect-users-from-plaintext-to-tls)
@@ -60,7 +61,9 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
     - [Migrating from Anope or Atheme](#migrating-from-anope-or-atheme)
     - [HOPM](#hopm)
     - [Tor](#tor)
+    - [I2P](#i2p)
     - [ZNC](#znc)
+    - [API](#api)
     - [External authentication systems](#external-authentication-systems)
     - [DNSBLs and other IP checking systems](#dnsbls-and-other-ip-checking-systems)
 - [Acknowledgements](#acknowledgements)
@@ -168,6 +171,7 @@ Rehashing also reloads TLS certificates and the MOTD. Some configuration setting
 
 Ergo can also be configured using environment variables, using the following technique:
 
+1. Ensure that `allow-environment-variables` is set to `true` in the YAML config file itself (see `default.yaml` for an example)
 1. Find the "path" of the config variable you want to override in the YAML file, e.g., `server.websockets.allowed-origins`
 1. Convert each path component from "kebab case" to "screaming snake case", e.g., `SERVER`, `WEBSOCKETS`, and `ALLOWED_ORIGINS`.
 1. Prepend `ERGO` to the components, then join them all together using `__` as the separator, e.g., `ERGO__SERVER__WEBSOCKETS__ALLOWED_ORIGINS`.
@@ -482,6 +486,19 @@ These techniques require operator privileges: `UBAN` requires the `ban` operator
 For channel operators, `/msg ChanServ HOWTOBAN #channel nickname` will provide similar information about the best way to ban a user from a channel.
 
 
+## Push notifications
+
+Ergo now has experimental support for push notifications via the [draft/webpush](https://github.com/ircv3/ircv3-specifications/pull/471) IRCv3 specification. Support for push notifications is disabled by default; operators can enable it by setting `webpush.enabled` to `true` in the configuration file. This has security, privacy, and performance implications:
+
+* If push notifications are enabled, Ergo will send HTTP POST requests to HTTP endpoints of the user's choosing. Although the user has limited control over the POST body (since it is encrypted with random key material), and Ergo disallows requests to local or internal IP addresses, this may potentially impact the IP reputation of the Ergo host, or allow an attacker to probe endpoints that whitelist the Ergo host's IP address.
+* Push notifications result in the disclosure of metadata (that the user received a message, and the approximate time of the message) to third-party messaging infrastructure. In the typical case, this will include a push endpoint controlled by the application vendor, plus the push infrastructure controlled by Apple or Google.
+* The message contents (including the sender's identity) are protected by [encryption](https://datatracker.ietf.org/doc/html/rfc8291) between the server and the user's endpoint device. However, the encryption algorithm is not forward-secret (a long-term private key is stored on the user's device) or post-quantum (the server retains a copy of the corresponding elliptic curve public key).
+* Push notifications are relatively expensive to process, and may increase the impact of spam or denial-of-service attacks on the Ergo server.
+* Push notifications negate the anonymization provided by Tor and I2P; an Ergo instance intended to run as a Tor onion service ("hidden service") or exclusively behind an I2P address must disable them in the Ergo configuration file.
+
+Operators and end users are invited to share feedback about push notifications, either via the project issue tracker or the support channel. Note that in order to receive push notifications, the user must be logged in with always-on enabled, and must be using a client (e.g. Goguma) that supports them.
+
+
 -------------------------------------------------------------------------------------------
 
 
@@ -510,7 +527,7 @@ If your client or bot is failing to connect to Ergo, here are some things to che
 
 ## Why can't I oper?
 
-If you try to oper unsuccessfully, Ergo will disconnect you from the network. If you're unable to oper, here are some things to double-check:
+If your `OPER` command fails, check your server logs for more information. Here are some general issues to double-check:
 
 1. Did you correctly generate the hashed password with `ergo genpasswd`?
 1. Did you add the password hash to the correct config file, then save the file?
@@ -1120,6 +1137,7 @@ Tor provides end-to-end encryption for onion services, so there's no need to ena
 The second way is to run Ergo as a true hidden service, where the server's actual IP address is a secret. This requires hardening measures on the Ergo side:
 
 * Ergo should not accept any connections on its public interfaces. You should remove any listener that starts with the address of a public interface, or with `:`, which means "listen on all available interfaces". You should listen only on `127.0.0.1:6667` and a Unix domain socket such as `/hidden_service_sockets/ergo_tor_sock`.
+* Push notifications will reveal the server's true IP address, so they must be disabled; set `webpush.enabled` to `false`.
 * In this mode, it is especially important that all operator passwords are strong and all operators are trusted (operators have a larger attack surface to deanonymize the server).
 * Onion services are at risk of being deanonymized if a client can trick the server into performing a non-Tor network request. Ergo should not perform any such requests (such as hostname resolution or ident lookups) in response to input received over a correctly configured Tor listener. However, Ergo has not been thoroughly audited against such deanonymization attacks --- therefore, Ergo should be deployed with additional sandboxing to protect against this:
   * Ergo should run with no direct network connectivity, e.g., by running in its own Linux network namespace. systemd implements this with the [PrivateNetwork](https://www.freedesktop.org/software/systemd/man/systemd.exec.html) configuration option: add `PrivateNetwork=true` to Ergo's systemd unit file.
@@ -1142,6 +1160,16 @@ Instructions on how client software should connect to an .onion address are outs
 1. [Hexchat](https://hexchat.github.io/) is known to support .onion addresses, once it has been configured to use a local Tor daemon as a SOCKS proxy (Settings -> Preferences -> Network Setup -> Proxy Server).
 1. Pidgin should work with [torsocks](https://trac.torproject.org/projects/tor/wiki/doc/torsocks).
 
+## I2P
+
+I2P is an anonymizing overlay network similar to Tor. The recommended configuration for I2P is to treat it similarly to Tor: have the i2pd reverse proxy its connections to an Ergo listener configured with `tor: true`. See the [i2pd configuration guide](https://i2pd.readthedocs.io/en/latest/tutorials/irc/#running-anonymous-irc-server) for more details; note that the instructions to separate I2P traffic from other localhost traffic are unnecessary for a `tor: true` listener.
+
+I2P can additionally expose an opaque client identifier (the user's "b32 address"). Exposing this identifier via Ergo is not recommended, but if you wish to do so, you can use the following procedure:
+
+1. Enable WEBIRC support in the i2pd configuration by adding the `webircpassword` key to the [i2pd server block](https://i2pd.readthedocs.io/en/latest/tutorials/irc/#running-anonymous-irc-server)
+1. Remove `tor: true` from the relevant Ergo listener config
+1. Enable WEBIRC support in Ergo (starting from the default/recommended configuration, find the existing webirc block, delete the `certfp` configuration, change `password` to use the output of `ergo genpasswd` on the password you configured i2pd to send, and set `accept-hostname: true`)
+1. To prevent Ergo from overwriting the hostname as passed from i2pd, set the following options: `server.ip-cloaking.enabled: false` and `server.lookup-hostnames: false`. (There is currently no support for applying cloaks to regular IP traffic but displaying the b32 address for I2P traffic).
 
 ## ZNC
 
@@ -1149,6 +1177,10 @@ ZNC 1.6.x (still pretty common in distros that package old versions of IRC softw
 
 Ergo can emulate certain capabilities of the ZNC bouncer for the benefit of clients, in particular the third-party [playback](https://wiki.znc.in/Playback) module. This enables clients with specific support for ZNC to receive selective history playback automatically. To configure this in [Textual](https://www.codeux.com/textual/), go to "Server properties", select "Vendor specific", uncheck "Do not automatically join channels on connect", and check "Only play back messages you missed". Other clients with support are listed on ZNC's wiki page.
 
+## API
+
+Ergo offers an HTTP API that can be used to control Ergo, or to allow other applications to use Ergo as a source of truth for authentication. The API is documented separately; see [API.md](https://github.com/ergochat/ergo/blob/stable/docs/API.md) on the website, or the `API.md` file that was bundled with your release.
+
 ## External authentication systems
 
 Ergo can be configured to call arbitrary scripts to authenticate users; see the `auth-script` section of the config. The API for these scripts is as follows: Ergo will invoke the script with a configurable set of arguments, then send it the authentication data as JSON on the first line (`\n`-terminated) of stdin. The input is a JSON dictionary with the following keys:
diff --git a/docs/USERGUIDE.md b/docs/USERGUIDE.md
index e424e88b..65fe88d4 100644
--- a/docs/USERGUIDE.md
+++ b/docs/USERGUIDE.md
@@ -23,6 +23,7 @@ _Copyright © Daniel Oaks <daniel@danieloaks.net>, Shivaram Lingamneni <slingamn
 - [Always-on](#always-on)
 - [Multiclient](#multiclient)
 - [History](#history)
+- [Push notifications](#push-notifications)
 
 --------------------------------------------------------------------------------------------
 
@@ -85,7 +86,7 @@ Once you've registered your nickname, you can use it to register channels. By de
 /msg ChanServ register #myChannel
 ```
 
-You must already be an operator (have the `+o` channel mode --- your client may display this as an `@` next to your nickname). If you're not a channel operator in the channel you want to register, ask your server administrator for help.
+The channel must exist (if it doesn't, you can create it with `/join #myChannel`) and you must already be an operator (have the `+o` channel mode --- your client may display this as an `@` next to your nickname). If you're not a channel operator in the channel you want to register, ask your server administrator for help.
 
 # Always-on
 
@@ -121,3 +122,7 @@ If you have registered a channel, you can make it private. The best way to do th
 1. Identify the users you want to be able to access the channel. Ensure that they have registered their accounts (you should be able to see their registration status if you `/WHOIS` their nicknames).
 1. Add the desired nick/account names to the invite exception list (`/mode #example +I alice`) or give them persistent voice (`/msg ChanServ AMODE #example +v alice`)
 1. If you want to grant a persistent channel privilege to a user, you can do it with `CS AMODE` (`/msg ChanServ AMODE #example +o bob`)
+
+# Push notifications
+
+Ergo has experimental support for mobile push notifications. The server operator must enable this functionality; to check whether this is the case, you can send `/msg NickServ push list`. You must additionally be using a client (e.g. Goguma) that supports the functionality, and your account must be set to always-on (`/msg NickServ set always-on true`, as described above).
diff --git a/ergo.go b/ergo.go
index 7aa86f2e..d9d9f32f 100644
--- a/ergo.go
+++ b/ergo.go
@@ -7,6 +7,7 @@ package main
 
 import (
 	"bufio"
+	_ "embed"
 	"fmt"
 	"log"
 	"os"
@@ -20,12 +21,16 @@ import (
 	"github.com/ergochat/ergo/irc"
 	"github.com/ergochat/ergo/irc/logger"
 	"github.com/ergochat/ergo/irc/mkcerts"
+	"github.com/ergochat/ergo/irc/utils"
 )
 
 // set via linker flags, either by make or by goreleaser:
 var commit = ""  // git hash
 var version = "" // tagged version
 
+//go:embed default.yaml
+var defaultConfig string
+
 // get a password from stdin from the user
 func getPasswordFromTerminal() string {
 	bytePassword, err := term.ReadPassword(int(syscall.Stdin))
@@ -94,6 +99,8 @@ Usage:
 	ergo importdb <database.json> [--conf <filename>] [--quiet]
 	ergo genpasswd [--conf <filename>] [--quiet]
 	ergo mkcerts [--conf <filename>] [--quiet]
+	ergo defaultconfig
+	ergo gentoken
 	ergo run [--conf <filename>] [--quiet] [--smoke]
 	ergo -h | --help
 	ergo --version
@@ -133,6 +140,12 @@ Options:
 		}
 		fmt.Println(string(hash))
 		return
+	} else if arguments["defaultconfig"].(bool) {
+		fmt.Print(defaultConfig)
+		return
+	} else if arguments["gentoken"].(bool) {
+		fmt.Println(utils.GenerateSecretKey())
+		return
 	} else if arguments["mkcerts"].(bool) {
 		doMkcerts(arguments["--conf"].(string), arguments["--quiet"].(bool))
 		return
@@ -180,7 +193,7 @@ Options:
 
 		// warning if running a non-final version
 		if strings.Contains(irc.Ver, "unreleased") {
-			logman.Warning("server", "You are currently running an unreleased beta version of Ergo that may be unstable and could corrupt your database.\nIf you are running a production network, please download the latest build from https://ergo.chat/downloads.html and run that instead.")
+			logman.Warning("server", "You are currently running an unreleased beta version of Ergo that may be unstable and could corrupt your database.\nIf you are running a production network, please download the latest build from https://ergo.chat/about and run that instead.")
 		}
 
 		server, err := irc.NewServer(config, logman)
diff --git a/gencapdefs.py b/gencapdefs.py
index e1cfbc7f..45453c2b 100644
--- a/gencapdefs.py
+++ b/gencapdefs.py
@@ -219,6 +219,31 @@ CAPDEFS = [
         url="https://github.com/ircv3/ircv3-specifications/pull/527",
         standard="proposed IRCv3",
     ),
+   CapDef(
+        identifier="ExtendedISupport",
+        name="draft/extended-isupport",
+        url="https://github.com/ircv3/ircv3-specifications/pull/543",
+        standard="proposed IRCv3",
+    ),
+   CapDef(
+        identifier="WebPush",
+        name="draft/webpush",
+        url="https://github.com/ircv3/ircv3-specifications/pull/471",
+        standard="proposed IRCv3",
+    ),
+   CapDef(
+        identifier="SojuWebPush",
+        name="soju.im/webpush",
+        url="https://github.com/ircv3/ircv3-specifications/pull/471",
+        standard="Soju/Goguma vendor",
+    ),
+    CapDef(
+        identifier="Metadata",
+        name="draft/metadata-2",
+        url="https://ircv3.net/specs/extensions/metadata",
+        standard="draft IRCv3",
+    ),
+
 ]
 
 def validate_defs():
diff --git a/go.mod b/go.mod
index 046668bd..a577c776 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/ergochat/ergo
 
-go 1.21
+go 1.25
 
 require (
 	code.cloudfoundry.org/bytefmt v0.0.0-20200131002437-cf55d5288a48
@@ -8,25 +8,28 @@ require (
 	github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815
 	github.com/ergochat/confusables v0.0.0-20201108231250-4ab98ab61fb1
 	github.com/ergochat/go-ident v0.0.0-20230911071154-8c30606d6881
-	github.com/ergochat/irc-go v0.4.0
+	github.com/ergochat/irc-go v0.5.0-rc2
 	github.com/go-sql-driver/mysql v1.7.0
-	github.com/go-test/deep v1.0.6 // indirect
 	github.com/gofrs/flock v0.8.1
-	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/gorilla/websocket v1.4.2
 	github.com/okzk/sdnotify v0.0.0-20180710141335-d9becc38acbd
 	github.com/onsi/ginkgo v1.12.0 // indirect
 	github.com/onsi/gomega v1.9.0 // indirect
 	github.com/stretchr/testify v1.4.0 // indirect
-	github.com/tidwall/buntdb v1.2.10
-	github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208
+	github.com/tidwall/buntdb v1.3.2
 	github.com/xdg-go/scram v1.0.2
-	golang.org/x/crypto v0.17.0
-	golang.org/x/term v0.15.0
-	golang.org/x/text v0.14.0
+	golang.org/x/crypto v0.38.0
+	golang.org/x/term v0.32.0
+	golang.org/x/text v0.25.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
+require (
+	github.com/emersion/go-msgauth v0.7.0
+	github.com/ergochat/webpush-go/v2 v2.0.0
+	github.com/golang-jwt/jwt/v5 v5.2.2
+)
+
 require (
 	github.com/tidwall/btree v1.4.2 // indirect
 	github.com/tidwall/gjson v1.14.3 // indirect
@@ -36,7 +39,7 @@ require (
 	github.com/tidwall/rtred v0.1.2 // indirect
 	github.com/tidwall/tinyqueue v0.1.1 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
 )
 
 replace github.com/gorilla/websocket => github.com/ergochat/websocket v1.4.2-oragono1
diff --git a/go.sum b/go.sum
index 42b3cdc5..24ef25c3 100644
--- a/go.sum
+++ b/go.sum
@@ -6,25 +6,29 @@ github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 h1:bWDMxwH3px2JBh6AyO7hdCn/PkvCZXii8TGj7sbtEbQ=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
+github.com/emersion/go-msgauth v0.6.8 h1:kW/0E9E8Zx5CdKsERC/WnAvnXvX7q9wTHia1OA4944A=
+github.com/emersion/go-msgauth v0.6.8/go.mod h1:YDwuyTCUHu9xxmAeVj0eW4INnwB6NNZoPdLerpSxRrc=
+github.com/emersion/go-msgauth v0.7.0 h1:vj2hMn6KhFtW41kshIBTXvp6KgYSqpA/ZN9Pv4g1INc=
+github.com/emersion/go-msgauth v0.7.0/go.mod h1:mmS9I6HkSovrNgq0HNXTeu8l3sRAAuQ9RMvbM4KU7Ck=
 github.com/ergochat/confusables v0.0.0-20201108231250-4ab98ab61fb1 h1:WLHTOodthVyv5NvYLIvWl112kSFv5IInKKrRN2qpons=
 github.com/ergochat/confusables v0.0.0-20201108231250-4ab98ab61fb1/go.mod h1:mov+uh1DPWsltdQnOdzn08UO9GsJ3MEvhtu0Ci37fdk=
 github.com/ergochat/go-ident v0.0.0-20230911071154-8c30606d6881 h1:+J5m88nvybxB5AnBVGzTXM/yHVytt48rXBGcJGzSbms=
 github.com/ergochat/go-ident v0.0.0-20230911071154-8c30606d6881/go.mod h1:ASYJtQujNitna6cVHsNQTGrfWvMPJ5Sa2lZlmsH65uM=
-github.com/ergochat/irc-go v0.4.0 h1:0YibCKfAAtwxQdNjLQd9xpIEPisLcJ45f8FNsMHAuZc=
-github.com/ergochat/irc-go v0.4.0/go.mod h1:2vi7KNpIPWnReB5hmLpl92eMywQvuIeIIGdt/FQCph0=
+github.com/ergochat/irc-go v0.5.0-rc2 h1:VuSQJF5K4hWvYSzGa4b8vgL6kzw8HF6LSOejE+RWpAo=
+github.com/ergochat/irc-go v0.5.0-rc2/go.mod h1:2vi7KNpIPWnReB5hmLpl92eMywQvuIeIIGdt/FQCph0=
 github.com/ergochat/scram v1.0.2-ergo1 h1:2bYXiRFQH636pT0msOG39fmEYl4Eq+OuutcyDsCix/g=
 github.com/ergochat/scram v1.0.2-ergo1/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
+github.com/ergochat/webpush-go/v2 v2.0.0 h1:n6eoJk8RpzJFeBJ6gxvqo/dngnVEmJbzJwzKtCZbByo=
+github.com/ergochat/webpush-go/v2 v2.0.0/go.mod h1:OQlhnq8JeHDzRzAy6bdDObr19uqbHliOV+z7mHbYr4c=
 github.com/ergochat/websocket v1.4.2-oragono1 h1:plMUunFBM6UoSCIYCKKclTdy/TkkHfUslhOfJQzfueM=
 github.com/ergochat/websocket v1.4.2-oragono1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
-github.com/go-test/deep v1.0.6 h1:UHSEyLZUwX9Qoi99vVwvewiMC8mM2bf7XEM2nqvzEn8=
-github.com/go-test/deep v1.0.6/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
 github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
-github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
-github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -45,8 +49,8 @@ github.com/tidwall/assert v0.1.0 h1:aWcKyRBUAdLoVebxo95N7+YZVTFF/ASTr7BN4sLP6XI=
 github.com/tidwall/assert v0.1.0/go.mod h1:QLYtGyeqse53vuELQheYl9dngGCJQ+mTtlxcktb+Kj8=
 github.com/tidwall/btree v1.4.2 h1:PpkaieETJMUxYNADsjgtNRcERX7mGc/GP2zp/r5FM3g=
 github.com/tidwall/btree v1.4.2/go.mod h1:LGm8L/DZjPLmeWGjv5kFrY8dL4uVhMmzmmLYmsObdKE=
-github.com/tidwall/buntdb v1.2.10 h1:U/ebfkmYPBnyiNZIirUiWFcxA/mgzjbKlyPynFsPtyM=
-github.com/tidwall/buntdb v1.2.10/go.mod h1:lZZrZUWzlyDJKlLQ6DKAy53LnG7m5kHyrEHvvcDmBpU=
+github.com/tidwall/buntdb v1.3.2 h1:qd+IpdEGs0pZci37G4jF51+fSKlkuUTMXuHhXL1AkKg=
+github.com/tidwall/buntdb v1.3.2/go.mod h1:lZZrZUWzlyDJKlLQ6DKAy53LnG7m5kHyrEHvvcDmBpU=
 github.com/tidwall/gjson v1.12.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/gjson v1.14.3 h1:9jvXn7olKEHU1S9vwoMGliaT8jq1vJ7IH/n9zD9Dnlw=
 github.com/tidwall/gjson v1.14.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
@@ -62,28 +66,34 @@ github.com/tidwall/rtred v0.1.2 h1:exmoQtOLvDoO8ud++6LwVsAMTu0KPzLTUrMln8u1yu8=
 github.com/tidwall/rtred v0.1.2/go.mod h1:hd69WNXQ5RP9vHd7dqekAz+RIdtfBogmglkZSRxCHFQ=
 github.com/tidwall/tinyqueue v0.1.1 h1:SpNEvEggbpyN5DIReaJ2/1ndroY8iyEGxPYxoSaymYE=
 github.com/tidwall/tinyqueue v0.1.1/go.mod h1:O/QNHwrnjqr6IHItYrzoHAKYhBkLI67Q096fQP5zMYw=
-github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208 h1:PM5hJF7HVfNWmCjMdEfbuOBNXSVF2cMFGgQTPdKCbwM=
-github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208/go.mod h1:BzWtXXrXzZUvMacR0oF/fbDDgUPO8L36tDMmRAf14ns=
 github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/stringprep v1.0.2 h1:6iq84/ryjjeRmMJwxutI51F2GIPlP5BfTvXHeYjyhBc=
 github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
+golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/irc/accounts.go b/irc/accounts.go
index 181da6df..fd55aeff 100644
--- a/irc/accounts.go
+++ b/irc/accounts.go
@@ -4,6 +4,7 @@
 package irc
 
 import (
+	"context"
 	"crypto/rand"
 	"crypto/x509"
 	"encoding/json"
@@ -23,6 +24,7 @@ import (
 	"github.com/ergochat/ergo/irc/email"
 	"github.com/ergochat/ergo/irc/migrations"
 	"github.com/ergochat/ergo/irc/modes"
+	"github.com/ergochat/ergo/irc/oauth2"
 	"github.com/ergochat/ergo/irc/passwd"
 	"github.com/ergochat/ergo/irc/utils"
 )
@@ -48,7 +50,9 @@ const (
 	keyAccountEmailChange      = "account.emailchange %s"
 	// for an always-on client, a map of channel names they're in to their current modes
 	// (not to be confused with their amodes, which a non-always-on client can have):
-	keyAccountChannelToModes = "account.channeltomodes %s"
+	keyAccountChannelToModes    = "account.channeltomodes %s"
+	keyAccountPushSubscriptions = "account.pushsubscriptions %s"
+	keyAccountMetadata          = "account.metadata %s"
 
 	maxCertfpsPerAccount = 5
 )
@@ -133,6 +137,8 @@ func (am *AccountManager) createAlwaysOnClients(config *Config) {
 				am.loadTimeMap(keyAccountReadMarkers, accountName),
 				am.loadModes(accountName),
 				am.loadRealname(accountName),
+				am.loadPushSubscriptions(accountName),
+				am.loadMetadata(accountName),
 			)
 		}
 	}
@@ -713,6 +719,74 @@ func (am *AccountManager) loadRealname(account string) (realname string) {
 	return
 }
 
+func (am *AccountManager) savePushSubscriptions(account string, subs []storedPushSubscription) {
+	j, err := json.Marshal(subs)
+	if err != nil {
+		am.server.logger.Error("internal", "error storing push subscriptions", err.Error())
+		return
+	}
+	val := string(j)
+	key := fmt.Sprintf(keyAccountPushSubscriptions, account)
+	am.server.store.Update(func(tx *buntdb.Tx) error {
+		tx.Set(key, val, nil)
+		return nil
+	})
+	return
+}
+
+func (am *AccountManager) loadPushSubscriptions(account string) (result []storedPushSubscription) {
+	key := fmt.Sprintf(keyAccountPushSubscriptions, account)
+	var val string
+	am.server.store.View(func(tx *buntdb.Tx) error {
+		val, _ = tx.Get(key)
+		return nil
+	})
+
+	if val == "" {
+		return nil
+	}
+	if err := json.Unmarshal([]byte(val), &result); err == nil {
+		return result
+	} else {
+		am.server.logger.Error("internal", "error loading push subscriptions", err.Error())
+		return nil
+	}
+}
+
+func (am *AccountManager) saveMetadata(account string, metadata map[string]string) {
+	j, err := json.Marshal(metadata)
+	if err != nil {
+		am.server.logger.Error("internal", "error storing metadata", err.Error())
+		return
+	}
+	val := string(j)
+	key := fmt.Sprintf(keyAccountMetadata, account)
+	am.server.store.Update(func(tx *buntdb.Tx) error {
+		tx.Set(key, val, nil)
+		return nil
+	})
+	return
+}
+
+func (am *AccountManager) loadMetadata(account string) (result map[string]string) {
+	key := fmt.Sprintf(keyAccountMetadata, account)
+	var val string
+	am.server.store.View(func(tx *buntdb.Tx) error {
+		val, _ = tx.Get(key)
+		return nil
+	})
+
+	if val == "" {
+		return nil
+	}
+	if err := json.Unmarshal([]byte(val), &result); err == nil {
+		return result
+	} else {
+		am.server.logger.Error("internal", "error loading metadata", err.Error())
+		return nil
+	}
+}
+
 func (am *AccountManager) addRemoveCertfp(account, certfp string, add bool, hasPrivs bool) (err error) {
 	certfp, err = utils.NormalizeCertfp(certfp)
 	if err != nil {
@@ -948,7 +1022,7 @@ func (am *AccountManager) Verify(client *Client, account string, code string, ad
 	if client != nil {
 		am.Login(client, clientAccount)
 		if client.AlwaysOn() {
-			client.markDirty(IncludeRealname)
+			client.markDirty(IncludeAllAttrs)
 		}
 	}
 	// we may need to do nick enforcement here:
@@ -1119,7 +1193,7 @@ func (am *AccountManager) NsSendpass(client *Client, accountName string) (err er
 	message := email.ComposeMail(config.Accounts.Registration.EmailVerification, account.Settings.Email, subject)
 	fmt.Fprintf(&message, client.t("We received a request to reset your password on %[1]s for account: %[2]s"), am.server.name, account.Name)
 	message.WriteString("\r\n")
-	fmt.Fprintf(&message, client.t("If you did not initiate this request, you can safely ignore this message."))
+	message.WriteString(client.t("If you did not initiate this request, you can safely ignore this message."))
 	message.WriteString("\r\n")
 	message.WriteString("\r\n")
 	message.WriteString(client.t("Otherwise, to reset your password, issue the following command (replace `new_password` with your desired password):"))
@@ -1427,6 +1501,74 @@ func (am *AccountManager) AuthenticateByPassphrase(client *Client, accountName s
 	return err
 }
 
+func (am *AccountManager) AuthenticateByBearerToken(client *Client, tokenType, token string) (err error) {
+	switch tokenType {
+	case "oauth2":
+		return am.AuthenticateByOAuthBearer(client, oauth2.OAuthBearerOptions{Token: token})
+	case "jwt":
+		return am.AuthenticateByJWT(client, token)
+	default:
+		return errInvalidBearerTokenType
+	}
+}
+
+func (am *AccountManager) AuthenticateByOAuthBearer(client *Client, opts oauth2.OAuthBearerOptions) (err error) {
+	config := am.server.Config()
+
+	if !config.Accounts.OAuth2.Enabled {
+		return errFeatureDisabled
+	}
+
+	if throttled, remainingTime := client.checkLoginThrottle(); throttled {
+		return &ThrottleError{remainingTime}
+	}
+
+	var username string
+	if config.Accounts.AuthScript.Enabled && config.Accounts.OAuth2.AuthScript {
+		username, err = am.authenticateByOAuthBearerScript(client, config, opts)
+	} else {
+		username, err = config.Accounts.OAuth2.Introspect(context.Background(), opts.Token)
+	}
+	if err != nil {
+		return err
+	}
+
+	account, err := am.loadWithAutocreation(username, config.Accounts.OAuth2.Autocreate)
+	if err == nil {
+		am.Login(client, account)
+	}
+	return err
+}
+
+func (am *AccountManager) AuthenticateByJWT(client *Client, token string) (err error) {
+	config := am.server.Config()
+	// enabled check is encapsulated here:
+	accountName, err := config.Accounts.JWTAuth.Validate(token)
+	if err != nil {
+		am.server.logger.Debug("accounts", "invalid JWT token", err.Error())
+		return errAccountInvalidCredentials
+	}
+	account, err := am.loadWithAutocreation(accountName, config.Accounts.JWTAuth.Autocreate)
+	if err == nil {
+		am.Login(client, account)
+	}
+	return err
+}
+
+func (am *AccountManager) authenticateByOAuthBearerScript(client *Client, config *Config, opts oauth2.OAuthBearerOptions) (username string, err error) {
+	output, err := CheckAuthScript(am.server.semaphores.AuthScript, config.Accounts.AuthScript.ScriptConfig,
+		AuthScriptInput{OAuthBearer: &opts, IP: client.IP().String()})
+
+	if err != nil {
+		am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
+		return "", oauth2.ErrInvalidToken
+	} else if output.Success {
+		return output.AccountName, nil
+	} else {
+		return "", oauth2.ErrInvalidToken
+	}
+}
+
 // AllNicks returns the uncasefolded nicknames for all accounts, including additional (grouped) nicks.
 func (am *AccountManager) AllNicks() (result []string) {
 	accountNamePrefix := fmt.Sprintf(keyAccountName, "")
@@ -1773,6 +1915,8 @@ func (am *AccountManager) Unregister(account string, erase bool) error {
 	suspendedKey := fmt.Sprintf(keyAccountSuspended, casefoldedAccount)
 	pwResetKey := fmt.Sprintf(keyAccountPwReset, casefoldedAccount)
 	emailChangeKey := fmt.Sprintf(keyAccountEmailChange, casefoldedAccount)
+	pushSubscriptionsKey := fmt.Sprintf(keyAccountPushSubscriptions, casefoldedAccount)
+	metadataKey := fmt.Sprintf(keyAccountMetadata, casefoldedAccount)
 
 	var clients []*Client
 	defer func() {
@@ -1831,6 +1975,8 @@ func (am *AccountManager) Unregister(account string, erase bool) error {
 		tx.Delete(suspendedKey)
 		tx.Delete(pwResetKey)
 		tx.Delete(emailChangeKey)
+		tx.Delete(pushSubscriptionsKey)
+		tx.Delete(metadataKey)
 
 		return nil
 	})
@@ -1939,8 +2085,10 @@ func (am *AccountManager) AuthenticateByCertificate(client *Client, certfp strin
 		return err
 	}
 
-	if authzid != "" && authzid != account {
-		return errAuthzidAuthcidMismatch
+	if authzid != "" {
+		if cfAuthzid, err := CasefoldName(authzid); err != nil || cfAuthzid != account {
+			return errAuthzidAuthcidMismatch
+		}
 	}
 
 	// ok, we found an account corresponding to their certificate
@@ -2145,6 +2293,8 @@ var (
 		"PLAIN":         authPlainHandler,
 		"EXTERNAL":      authExternalHandler,
 		"SCRAM-SHA-256": authScramHandler,
+		"OAUTHBEARER":   authOauthBearerHandler,
+		"IRCV3BEARER":   authIRCv3BearerHandler,
 	}
 )
 
diff --git a/irc/api.go b/irc/api.go
new file mode 100644
index 00000000..cb313cbc
--- /dev/null
+++ b/irc/api.go
@@ -0,0 +1,311 @@
+package irc
+
+import (
+	"crypto/subtle"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"runtime"
+	"strings"
+
+	"github.com/ergochat/ergo/irc/utils"
+)
+
+func newAPIHandler(server *Server) http.Handler {
+	api := &ergoAPI{
+		server: server,
+		mux:    http.NewServeMux(),
+	}
+
+	api.mux.HandleFunc("POST /v1/rehash", api.handleRehash)
+	api.mux.HandleFunc("POST /v1/check_auth", api.handleCheckAuth)
+	api.mux.HandleFunc("POST /v1/saregister", api.handleSaregister)
+	api.mux.HandleFunc("POST /v1/account_details", api.handleAccountDetails)
+	api.mux.HandleFunc("POST /v1/account_list", api.handleAccountList)
+	api.mux.HandleFunc("POST /v1/status", api.handleStatus)
+
+	return api
+}
+
+type ergoAPI struct {
+	server *Server
+	mux    *http.ServeMux
+}
+
+func (a *ergoAPI) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	defer a.server.HandlePanic(nil)
+	defer a.server.logger.Debug("api", r.URL.Path)
+
+	if a.checkBearerAuth(r.Header.Get("Authorization")) {
+		a.mux.ServeHTTP(w, r)
+	} else {
+		http.Error(w, "Unauthorized", http.StatusUnauthorized)
+	}
+}
+
+func (a *ergoAPI) checkBearerAuth(authHeader string) (authorized bool) {
+	if authHeader == "" {
+		return false
+	}
+	c := a.server.Config()
+	if !c.API.Enabled {
+		return false
+	}
+	spaceIdx := strings.IndexByte(authHeader, ' ')
+	if spaceIdx < 0 {
+		return false
+	}
+	if !strings.EqualFold("Bearer", authHeader[:spaceIdx]) {
+		return false
+	}
+	providedTokenBytes := []byte(authHeader[spaceIdx+1:])
+	for _, tokenBytes := range c.API.bearerTokenBytes {
+		if subtle.ConstantTimeCompare(tokenBytes, providedTokenBytes) == 1 {
+			return true
+		}
+	}
+	return false
+}
+
+func (a *ergoAPI) decodeJSONRequest(request any, w http.ResponseWriter, r *http.Request) (err error) {
+	err = json.NewDecoder(r.Body).Decode(request)
+	if err != nil {
+		http.Error(w, fmt.Sprintf("failed to deserialize json request: %v", err), http.StatusBadRequest)
+	}
+	return err
+}
+
+func (a *ergoAPI) writeJSONResponse(response any, w http.ResponseWriter, r *http.Request) {
+	j, err := json.Marshal(response)
+	if err == nil {
+		j = append(j, '\n') // less annoying in curl output
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		w.Write(j)
+	} else {
+		a.server.logger.Error("internal", "failed to serialize API response", r.URL.Path, err.Error())
+		http.Error(w, fmt.Sprintf("failed to serialize json response: %v", err), http.StatusInternalServerError)
+	}
+}
+
+type apiGenericResponse struct {
+	Success   bool   `json:"success"`
+	Error     string `json:"error,omitempty"`
+	ErrorCode string `json:"errorCode,omitempty"`
+}
+
+func (a *ergoAPI) handleRehash(w http.ResponseWriter, r *http.Request) {
+	var response apiGenericResponse
+	err := a.server.rehash()
+	if err == nil {
+		response.Success = true
+	} else {
+		response.Success = false
+		response.Error = err.Error()
+	}
+	a.writeJSONResponse(response, w, r)
+}
+
+type apiCheckAuthResponse struct {
+	apiGenericResponse
+	AccountName string `json:"accountName,omitempty"`
+}
+
+func (a *ergoAPI) handleCheckAuth(w http.ResponseWriter, r *http.Request) {
+	var request AuthScriptInput
+	if err := a.decodeJSONRequest(&request, w, r); err != nil {
+		return
+	}
+
+	var response apiCheckAuthResponse
+
+	// try passphrase if present
+	if request.AccountName != "" && request.Passphrase != "" {
+		account, err := a.server.accounts.checkPassphrase(request.AccountName, request.Passphrase)
+		switch err {
+		case nil:
+			// success, no error
+			response.Success = true
+			response.AccountName = account.Name
+		case errAccountDoesNotExist, errAccountInvalidCredentials, errAccountUnverified, errAccountSuspended:
+			// fail, no error
+			response.Success = false
+		default:
+			response.Success = false
+			response.Error = err.Error()
+		}
+	}
+	// try certfp if present
+	if !response.Success && request.Certfp != "" {
+		// TODO support cerftp
+	}
+
+	a.writeJSONResponse(response, w, r)
+}
+
+type apiSaregisterRequest struct {
+	AccountName string `json:"accountName"`
+	Passphrase  string `json:"passphrase"`
+}
+
+func (a *ergoAPI) handleSaregister(w http.ResponseWriter, r *http.Request) {
+	var request apiSaregisterRequest
+	if err := a.decodeJSONRequest(&request, w, r); err != nil {
+		return
+	}
+
+	var response apiGenericResponse
+	err := a.server.accounts.SARegister(request.AccountName, request.Passphrase)
+	if err == nil {
+		response.Success = true
+	} else {
+		response.Success = false
+		response.Error = err.Error()
+		switch err {
+		case errAccountAlreadyRegistered, errAccountAlreadyVerified, errNameReserved:
+			response.ErrorCode = "ACCOUNT_EXISTS"
+		case errAccountBadPassphrase:
+			response.ErrorCode = "INVALID_PASSPHRASE"
+		default:
+			response.ErrorCode = "UNKNOWN_ERROR"
+		}
+	}
+
+	a.writeJSONResponse(response, w, r)
+}
+
+type apiAccountDetailsResponse struct {
+	apiGenericResponse
+	AccountName  string   `json:"accountName,omitempty"`
+	Email        string   `json:"email,omitempty"`
+	RegisteredAt string   `json:"registeredAt,omitempty"`
+	Channels     []string `json:"channels,omitempty"`
+}
+
+type apiAccountDetailsRequest struct {
+	AccountName string `json:"accountName"`
+}
+
+func (a *ergoAPI) handleAccountDetails(w http.ResponseWriter, r *http.Request) {
+	var request apiAccountDetailsRequest
+	if err := a.decodeJSONRequest(&request, w, r); err != nil {
+		return
+	}
+
+	var response apiAccountDetailsResponse
+
+	if request.AccountName != "" {
+		accountData, err := a.server.accounts.LoadAccount(request.AccountName)
+		if err == nil {
+			if !accountData.Verified {
+				err = errAccountUnverified
+			} else if accountData.Suspended != nil {
+				err = errAccountSuspended
+			}
+		}
+
+		switch err {
+		case nil:
+			response.AccountName = accountData.Name
+			response.Email = accountData.Settings.Email
+			if !accountData.RegisteredAt.IsZero() {
+				response.RegisteredAt = accountData.RegisteredAt.Format(utils.IRCv3TimestampFormat)
+			}
+
+			// Get channels the account is in
+			response.Channels = a.server.channels.ChannelsForAccount(accountData.NameCasefolded)
+			response.Success = true
+		case errAccountDoesNotExist, errAccountUnverified, errAccountSuspended:
+			response.Success = false
+		default:
+			response.Success = false
+			response.ErrorCode = "UNKNOWN_ERROR"
+			response.Error = err.Error()
+		}
+	} else {
+		response.Success = false
+		response.ErrorCode = "INVALID_REQUEST"
+	}
+
+	a.writeJSONResponse(response, w, r)
+}
+
+type apiAccountListResponse struct {
+	apiGenericResponse
+	Accounts   []apiAccountDetailsResponse `json:"accounts"`
+	TotalCount int                         `json:"totalCount"`
+}
+
+func (a *ergoAPI) handleAccountList(w http.ResponseWriter, r *http.Request) {
+	var response apiAccountListResponse
+
+	// Get all account names
+	accounts := a.server.accounts.AllNicks()
+	response.TotalCount = len(accounts)
+
+	// Load account details
+	response.Accounts = make([]apiAccountDetailsResponse, len(accounts))
+	for i, account := range accounts {
+		accountData, err := a.server.accounts.LoadAccount(account)
+		if err != nil {
+			response.Accounts[i] = apiAccountDetailsResponse{
+				apiGenericResponse: apiGenericResponse{
+					Success: false,
+					Error:   err.Error(),
+				},
+			}
+			continue
+		}
+
+		response.Accounts[i] = apiAccountDetailsResponse{
+			apiGenericResponse: apiGenericResponse{
+				Success: true,
+			},
+			AccountName: accountData.Name,
+			Email:       accountData.Settings.Email,
+		}
+	}
+
+	response.Success = true
+	a.writeJSONResponse(response, w, r)
+}
+
+type apiStatusResponse struct {
+	apiGenericResponse
+	Version   string `json:"version"`
+	GoVersion string `json:"go_version"`
+	Commit    string `json:"commit,omitempty"`
+	StartTime string `json:"start_time"`
+	Users     struct {
+		Total     int `json:"total"`
+		Invisible int `json:"invisible"`
+		Operators int `json:"operators"`
+		Unknown   int `json:"unknown"`
+		Max       int `json:"max"`
+	} `json:"users"`
+	Channels int `json:"channels"`
+	Servers  int `json:"servers"`
+}
+
+func (a *ergoAPI) handleStatus(w http.ResponseWriter, r *http.Request) {
+	server := a.server
+	stats := server.stats.GetValues()
+
+	response := apiStatusResponse{
+		apiGenericResponse: apiGenericResponse{Success: true},
+		Version:            SemVer,
+		GoVersion:          runtime.Version(),
+		Commit:             Commit,
+		StartTime:          server.ctime.Format(utils.IRCv3TimestampFormat),
+	}
+
+	response.Users.Total = stats.Total
+	response.Users.Invisible = stats.Invisible
+	response.Users.Operators = stats.Operators
+	response.Users.Unknown = stats.Unknown
+	response.Users.Max = stats.Max
+	response.Channels = server.channels.Len()
+	response.Servers = 1
+
+	a.writeJSONResponse(response, w, r)
+}
diff --git a/irc/authscript.go b/irc/authscript.go
index 8299afe1..a63268dd 100644
--- a/irc/authscript.go
+++ b/irc/authscript.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"net"
 
+	"github.com/ergochat/ergo/irc/oauth2"
 	"github.com/ergochat/ergo/irc/utils"
 )
 
@@ -20,7 +21,8 @@ type AuthScriptInput struct {
 	Certfp      string   `json:"certfp,omitempty"`
 	PeerCerts   []string `json:"peerCerts,omitempty"`
 	peerCerts   []*x509.Certificate
-	IP          string `json:"ip,omitempty"`
+	IP          string                     `json:"ip,omitempty"`
+	OAuthBearer *oauth2.OAuthBearerOptions `json:"oauth2,omitempty"`
 }
 
 type AuthScriptOutput struct {
diff --git a/irc/bunt/bunt_datastore.go b/irc/bunt/bunt_datastore.go
index 76c831e3..869c6461 100644
--- a/irc/bunt/bunt_datastore.go
+++ b/irc/bunt/bunt_datastore.go
@@ -44,10 +44,11 @@ func (b *buntdbDatastore) GetAll(table datastore.Table) (result []datastore.KV,
 	tablePrefix := fmt.Sprintf("%x ", table)
 	err = b.db.View(func(tx *buntdb.Tx) error {
 		err := tx.AscendGreaterOrEqual("", tablePrefix, func(key, value string) bool {
-			if !strings.HasPrefix(key, tablePrefix) {
+			encUUID, ok := strings.CutPrefix(key, tablePrefix)
+			if !ok {
 				return false
 			}
-			uuid, err := utils.DecodeUUID(strings.TrimPrefix(key, tablePrefix))
+			uuid, err := utils.DecodeUUID(encUUID)
 			if err == nil {
 				result = append(result, datastore.KV{UUID: uuid, Value: []byte(value)})
 			} else {
diff --git a/irc/caps/constants.go b/irc/caps/constants.go
index 57f088e3..2b6a38e4 100644
--- a/irc/caps/constants.go
+++ b/irc/caps/constants.go
@@ -64,10 +64,11 @@ const (
 	BotTagName = "bot"
 	// https://ircv3.net/specs/extensions/chathistory
 	ChathistoryTargetsBatchType = "draft/chathistory-targets"
+	ExtendedISupportBatchType   = "draft/isupport"
 )
 
 func init() {
-	nameToCapability = make(map[string]Capability)
+	nameToCapability = make(map[string]Capability, numCapabs)
 	for capab, name := range capabilityNames {
 		nameToCapability[name] = Capability(capab)
 	}
diff --git a/irc/caps/defs.go b/irc/caps/defs.go
index 18ff5759..a6377884 100644
--- a/irc/caps/defs.go
+++ b/irc/caps/defs.go
@@ -7,7 +7,7 @@ package caps
 
 const (
 	// number of recognized capabilities:
-	numCapabs = 34
+	numCapabs = 38
 	// length of the uint32 array that represents the bitset:
 	bitsetLen = 2
 )
@@ -53,6 +53,10 @@ const (
 	// https://github.com/ircv3/ircv3-specifications/pull/362
 	EventPlayback Capability = iota
 
+	// ExtendedISupport is the proposed IRCv3 capability named "draft/extended-isupport":
+	// https://github.com/ircv3/ircv3-specifications/pull/543
+	ExtendedISupport Capability = iota
+
 	// Languages is the proposed IRCv3 capability named "draft/languages":
 	// https://gist.github.com/DanielOaks/8126122f74b26012a3de37db80e4e0c6
 	Languages Capability = iota
@@ -61,6 +65,10 @@ const (
 	// https://github.com/progval/ircv3-specifications/blob/redaction/extensions/message-redaction.md
 	MessageRedaction Capability = iota
 
+	// Metadata is the draft IRCv3 capability named "draft/metadata-2":
+	// https://ircv3.net/specs/extensions/metadata
+	Metadata Capability = iota
+
 	// Multiline is the proposed IRCv3 capability named "draft/multiline":
 	// https://github.com/ircv3/ircv3-specifications/pull/398
 	Multiline Capability = iota
@@ -85,6 +93,10 @@ const (
 	// https://github.com/ircv3/ircv3-specifications/pull/417
 	Relaymsg Capability = iota
 
+	// WebPush is the proposed IRCv3 capability named "draft/webpush":
+	// https://github.com/ircv3/ircv3-specifications/pull/471
+	WebPush Capability = iota
+
 	// EchoMessage is the IRCv3 capability named "echo-message":
 	// https://ircv3.net/specs/extensions/echo-message-3.2.html
 	EchoMessage Capability = iota
@@ -129,6 +141,10 @@ const (
 	// https://ircv3.net/specs/extensions/setname.html
 	SetName Capability = iota
 
+	// SojuWebPush is the Soju/Goguma vendor capability named "soju.im/webpush":
+	// https://github.com/ircv3/ircv3-specifications/pull/471
+	SojuWebPush Capability = iota
+
 	// StandardReplies is the IRCv3 capability named "standard-replies":
 	// https://github.com/ircv3/ircv3-specifications/pull/506
 	StandardReplies Capability = iota
@@ -163,14 +179,17 @@ var (
 		"draft/channel-rename",
 		"draft/chathistory",
 		"draft/event-playback",
+		"draft/extended-isupport",
 		"draft/languages",
 		"draft/message-redaction",
+		"draft/metadata-2",
 		"draft/multiline",
 		"draft/no-implicit-names",
 		"draft/persistence",
 		"draft/pre-away",
 		"draft/read-marker",
 		"draft/relaymsg",
+		"draft/webpush",
 		"echo-message",
 		"ergo.chat/nope",
 		"extended-join",
@@ -182,6 +201,7 @@ var (
 		"sasl",
 		"server-time",
 		"setname",
+		"soju.im/webpush",
 		"standard-replies",
 		"sts",
 		"userhost-in-names",
diff --git a/irc/channel.go b/irc/channel.go
index 586d80d1..ade4b5b4 100644
--- a/irc/channel.go
+++ b/irc/channel.go
@@ -7,6 +7,7 @@ package irc
 
 import (
 	"fmt"
+	"iter"
 	"maps"
 	"strconv"
 	"strings"
@@ -21,6 +22,7 @@ import (
 	"github.com/ergochat/ergo/irc/history"
 	"github.com/ergochat/ergo/irc/modes"
 	"github.com/ergochat/ergo/irc/utils"
+	"github.com/ergochat/ergo/irc/webpush"
 )
 
 type ChannelSettings struct {
@@ -54,6 +56,7 @@ type Channel struct {
 	dirtyBits         uint
 	settings          ChannelSettings
 	uuid              utils.UUID
+	metadata          map[string]string
 	// these caches are paired to allow iteration over channel members without holding the lock
 	membersCache    []*Client
 	memberDataCache []*memberData
@@ -125,6 +128,7 @@ func (channel *Channel) applyRegInfo(chanReg RegisteredChannel) {
 	channel.userLimit = chanReg.UserLimit
 	channel.settings = chanReg.Settings
 	channel.forward = chanReg.Forward
+	channel.metadata = chanReg.Metadata
 
 	for _, mode := range chanReg.Modes {
 		channel.flags.SetMode(mode, true)
@@ -162,6 +166,7 @@ func (channel *Channel) ExportRegistration() (info RegisteredChannel) {
 	info.AccountToUMode = maps.Clone(channel.accountToUMode)
 
 	info.Settings = channel.settings
+	info.Metadata = channel.metadata
 
 	return
 }
@@ -222,7 +227,7 @@ func (channel *Channel) wakeWriter() {
 
 // equivalent of Socket.send()
 func (channel *Channel) writeLoop() {
-	defer channel.server.HandlePanic()
+	defer channel.server.HandlePanic(nil)
 
 	for {
 		// TODO(#357) check the error value of this and implement timed backoff
@@ -449,6 +454,10 @@ func (channel *Channel) Names(client *Client, rb *ResponseBuffer) {
 	chname := channel.name
 	membersCache, memberDataCache := channel.membersCache, channel.memberDataCache
 	channel.stateMutex.RUnlock()
+	symbol := "=" // https://modern.ircdocs.horse/#rplnamreply-353
+	if channel.flags.HasMode(modes.Secret) {
+		symbol = "@"
+	}
 	isOper := client.HasRoleCapabs("sajoin")
 	respectAuditorium := channel.flags.HasMode(modes.Auditorium) && !isOper &&
 		(!isJoined || clientData.modes.HighestChannelUserMode() == modes.Mode(0))
@@ -478,7 +487,7 @@ func (channel *Channel) Names(client *Client, rb *ResponseBuffer) {
 	}
 
 	for _, line := range tl.Lines() {
-		rb.Add(nil, client.server.name, RPL_NAMREPLY, client.nick, "=", chname, line)
+		rb.Add(nil, client.server.name, RPL_NAMREPLY, client.nick, symbol, chname, line)
 	}
 	rb.Add(nil, client.server.name, RPL_ENDOFNAMES, client.nick, chname, client.t("End of NAMES list"))
 }
@@ -887,6 +896,10 @@ func (channel *Channel) Join(client *Client, key string, isSajoin bool, rb *Resp
 		rb.Add(nil, client.server.name, "MARKREAD", chname, client.GetReadMarker(chcfname))
 	}
 
+	if rb.session.capabilities.Has(caps.Metadata) {
+		syncChannelMetadata(client.server, rb, channel)
+	}
+
 	if rb.session.client == client {
 		// don't send topic and names for a SAJOIN of a different client
 		channel.SendTopic(client, rb, false)
@@ -1316,18 +1329,21 @@ func (channel *Channel) SendSplitMessage(command string, minPrefixMode modes.Mod
 	isBot := client.HasMode(modes.Bot)
 	chname := channel.Name()
 
-	if !client.server.Config().Server.Compatibility.allowTruncation {
+	// STATUSMSG targets are prefixed with the supplied min-prefix, e.g., @#channel
+	if minPrefixMode != modes.Mode(0) {
+		chname = fmt.Sprintf("%s%s", modes.ChannelModePrefixes[minPrefixMode], chname)
+	}
+
+	config := client.server.Config()
+	dispatchWebPush := false
+
+	if !config.Server.Compatibility.allowTruncation {
 		if !validateSplitMessageLen(histType, details.nickMask, chname, message) {
 			rb.Add(nil, client.server.name, ERR_INPUTTOOLONG, details.nick, client.t("Line too long to be relayed without truncation"))
 			return
 		}
 	}
 
-	// STATUSMSG targets are prefixed with the supplied min-prefix, e.g., @#channel
-	if minPrefixMode != modes.Mode(0) {
-		chname = fmt.Sprintf("%s%s", modes.ChannelModePrefixes[minPrefixMode], chname)
-	}
-
 	if channel.flags.HasMode(modes.OpModerated) {
 		channel.stateMutex.RLock()
 		cuData, ok := channel.members[client]
@@ -1351,6 +1367,9 @@ func (channel *Channel) SendSplitMessage(command string, minPrefixMode modes.Mod
 			continue
 		}
 
+		// TODO consider when we might want to push TAGMSG
+		dispatchWebPush = dispatchWebPush || (config.WebPush.Enabled && histType != history.Tagmsg && member.hasPushSubscriptions())
+
 		for _, session := range member.Sessions() {
 			if session == rb.session {
 				continue // we already sent echo-message, if applicable
@@ -1374,6 +1393,42 @@ func (channel *Channel) SendSplitMessage(command string, minPrefixMode modes.Mod
 			Tags:        clientOnlyTags,
 			IsBot:       isBot,
 		}, details.account)
+
+		if dispatchWebPush {
+			channel.dispatchWebPush(client, command, details.nickMask, details.accountName, chname, message)
+		}
+	}
+}
+
+func (channel *Channel) dispatchWebPush(client *Client, command, nuh, accountName, chname string, msg utils.SplitMessage) {
+	msgBytes, err := webpush.MakePushMessage(command, nuh, accountName, chname, msg)
+	if err != nil {
+		channel.server.logger.Error("internal", "can't serialize push message", err.Error())
+		return
+	}
+	messageText := strings.ToLower(msg.CombinedValue())
+
+	for _, member := range channel.Members() {
+		if member == client {
+			continue // don't push to the client's own devices even if they mentioned themself
+		}
+		if !member.hasPushSubscriptions() {
+			continue
+		}
+		// this is the casefolded account name for comparison to the casefolded message text:
+		account := member.Account()
+		if account == "" {
+			continue
+		}
+		if !webpush.IsHighlight(messageText, account) {
+			continue
+		}
+		member.dispatchPushMessage(pushMessage{
+			msg:      msgBytes,
+			urgency:  webpush.UrgencyHigh,
+			cftarget: channel.NameCasefolded(),
+			time:     msg.Time,
+		})
 	}
 }
 
@@ -1622,6 +1677,40 @@ func (channel *Channel) auditoriumFriends(client *Client) (friends []*Client) {
 	return
 }
 
+func (channel *Channel) sessionsWithCaps(capabs ...caps.Capability) iter.Seq[*Session] {
+	return func(yield func(*Session) bool) {
+		for _, member := range channel.Members() {
+			for _, sess := range member.Sessions() {
+				if sess.capabilities.HasAll(capabs...) {
+					if !yield(sess) {
+						return
+					}
+				}
+			}
+		}
+	}
+}
+
+// returns whether the client is visible to unprivileged users in the channel
+// (i.e., respecting auditorium mode). note that this assumes that the client
+// is a member; if the client is not, it may return true anyway
+func (channel *Channel) memberIsVisible(client *Client) bool {
+	// fast path, we assume they're a member so if this isn't an auditorium,
+	// they're visible:
+	if !channel.flags.HasMode(modes.Auditorium) {
+		return true
+	}
+
+	channel.stateMutex.RLock()
+	defer channel.stateMutex.RUnlock()
+
+	clientData, found := channel.members[client]
+	if !found {
+		return false
+	}
+	return clientData.modes.HighestChannelUserMode() != modes.Mode(0)
+}
+
 // data for RPL_LIST
 func (channel *Channel) listData() (memberCount int, name, topic string) {
 	channel.stateMutex.RLock()
diff --git a/irc/channelmanager.go b/irc/channelmanager.go
index 5934ab43..f5bbed39 100644
--- a/irc/channelmanager.go
+++ b/irc/channelmanager.go
@@ -206,6 +206,10 @@ func (cm *ChannelManager) Cleanup(channel *Channel) {
 }
 
 func (cm *ChannelManager) SetRegistered(channelName string, account string) (err error) {
+	if account == "" {
+		return errAuthRequired // this is already enforced by ChanServ, but do a final check
+	}
+
 	if cm.server.Defcon() <= 4 {
 		return errFeatureDisabled
 	}
diff --git a/irc/channelreg.go b/irc/channelreg.go
index 1978b4ef..3e61e460 100644
--- a/irc/channelreg.go
+++ b/irc/channelreg.go
@@ -63,6 +63,8 @@ type RegisteredChannel struct {
 	Invites map[string]MaskInfo
 	// Settings are the chanserv-modifiable settings
 	Settings ChannelSettings
+	// Metadata set using the METADATA command
+	Metadata map[string]string
 }
 
 func (r *RegisteredChannel) Serialize() ([]byte, error) {
diff --git a/irc/client.go b/irc/client.go
index 83464599..42a6dc95 100644
--- a/irc/client.go
+++ b/irc/client.go
@@ -6,6 +6,7 @@
 package irc
 
 import (
+	"context"
 	"crypto/x509"
 	"fmt"
 	"maps"
@@ -21,6 +22,7 @@ import (
 	"github.com/ergochat/irc-go/ircfmt"
 	"github.com/ergochat/irc-go/ircmsg"
 	"github.com/ergochat/irc-go/ircreader"
+	"github.com/ergochat/irc-go/ircutils"
 	"github.com/xdg-go/scram"
 
 	"github.com/ergochat/ergo/irc/caps"
@@ -28,8 +30,10 @@ import (
 	"github.com/ergochat/ergo/irc/flatip"
 	"github.com/ergochat/ergo/irc/history"
 	"github.com/ergochat/ergo/irc/modes"
+	"github.com/ergochat/ergo/irc/oauth2"
 	"github.com/ergochat/ergo/irc/sno"
 	"github.com/ergochat/ergo/irc/utils"
+	"github.com/ergochat/ergo/irc/webpush"
 )
 
 const (
@@ -37,94 +41,114 @@ const (
 	DefaultMaxLineLen = 512
 
 	// IdentTimeout is how long before our ident (username) check times out.
-	IdentTimeout         = time.Second + 500*time.Millisecond
-	IRCv3TimestampFormat = utils.IRCv3TimestampFormat
+	IdentTimeout = time.Second + 500*time.Millisecond
 	// limit the number of device IDs a client can use, as a DoS mitigation
 	maxDeviceIDsPerClient = 64
 	// maximum total read markers that can be stored
 	// (writeback of read markers is controlled by lastSeen logic)
 	maxReadMarkers = 256
+
+	// should be long enough to handle multiple notifications in rapid succession,
+	// short enough that it doesn't waste a lot of RAM per client
+	pushQueueLengthPerClient = 16
+)
+
+var (
+	// idle timeouts for client connections, set from the config
+	RegisterTimeout, PingTimeout, DisconnectTimeout time.Duration
 )
 
 const (
-	// RegisterTimeout is how long clients have to register before we disconnect them
-	RegisterTimeout = time.Minute
-	// DefaultIdleTimeout is how long without traffic before we send the client a PING
-	DefaultIdleTimeout = time.Minute + 30*time.Second
 	// For Tor clients, we send a PING at least every 30 seconds, as a workaround for this bug
 	// (single-onion circuits will close unless the client sends data once every 60 seconds):
 	// https://bugs.torproject.org/29665
-	TorIdleTimeout = time.Second * 30
-	// This is how long a client gets without sending any message, including the PONG to our
-	// PING, before we disconnect them:
-	DefaultTotalTimeout = 2*time.Minute + 30*time.Second
+	TorPingTimeout = time.Second * 30
 
 	// round off the ping interval by this much, see below:
 	PingCoalesceThreshold = time.Second
 )
 
+const (
+	utf8BOM = "\xef\xbb\xbf"
+)
+
 var (
 	MaxLineLen = DefaultMaxLineLen
 )
 
 // Client is an IRC client.
 type Client struct {
-	account            string
-	accountName        string // display name of the account: uncasefolded, '*' if not logged in
-	accountRegDate     time.Time
-	accountSettings    AccountSettings
-	awayMessage        string
-	channels           ChannelSet
-	ctime              time.Time
-	destroyed          bool
-	modes              modes.ModeSet
-	hostname           string
-	invitedTo          map[string]channelInvite
-	isSTSOnly          bool
-	isKlined           bool // #1941: k-line kills are special-cased to suppress some triggered notices/events
-	languages          []string
-	lastActive         time.Time            // last time they sent a command that wasn't PONG or similar
-	lastSeen           map[string]time.Time // maps device ID (including "") to time of last received command
-	readMarkers        map[string]time.Time // maps casefolded target to time of last read marker
-	loginThrottle      connection_limits.GenericThrottle
-	nextSessionID      int64 // Incremented when a new session is established
-	nick               string
-	nickCasefolded     string
-	nickMaskCasefolded string
-	nickMaskString     string // cache for nickmask string since it's used with lots of replies
-	oper               *Oper
-	preregNick         string
-	proxiedIP          net.IP // actual remote IP if using the PROXY protocol
-	rawHostname        string
-	cloakedHostname    string
-	realname           string
-	realIP             net.IP
-	requireSASLMessage string
-	requireSASL        bool
-	registered         bool
-	registerCmdSent    bool // already sent the draft/register command, can't send it again
-	dirtyTimestamps    bool // lastSeen or readMarkers is dirty
-	registrationTimer  *time.Timer
-	server             *Server
-	skeleton           string
-	sessions           []*Session
-	stateMutex         sync.RWMutex // tier 1
-	alwaysOn           bool
-	username           string
-	vhost              string
-	history            history.Buffer
-	dirtyBits          uint
-	writebackLock      sync.Mutex // tier 1.5
+	account                 string
+	accountName             string // display name of the account: uncasefolded, '*' if not logged in
+	accountRegDate          time.Time
+	accountSettings         AccountSettings
+	awayMessage             string
+	channels                ChannelSet
+	ctime                   time.Time
+	destroyed               bool
+	modes                   modes.ModeSet
+	hostname                string
+	invitedTo               map[string]channelInvite
+	isSTSOnly               bool
+	isKlined                bool // #1941: k-line kills are special-cased to suppress some triggered notices/events
+	languages               []string
+	lastActive              time.Time            // last time they sent a command that wasn't PONG or similar
+	lastSeen                map[string]time.Time // maps device ID (including "") to time of last received command
+	readMarkers             map[string]time.Time // maps casefolded target to time of last read marker
+	loginThrottle           connection_limits.GenericThrottle
+	nextSessionID           int64 // Incremented when a new session is established
+	nick                    string
+	nickCasefolded          string
+	nickMaskCasefolded      string
+	nickMaskString          string // cache for nickmask string since it's used with lots of replies
+	oper                    *Oper
+	preregNick              string
+	proxiedIP               net.IP // actual remote IP if using the PROXY protocol
+	rawHostname             string
+	cloakedHostname         string
+	realname                string
+	realIP                  net.IP
+	requireSASLMessage      string
+	requireSASL             bool
+	registered              bool
+	registerCmdSent         bool // already sent the draft/register command, can't send it again
+	dirtyTimestamps         bool // lastSeen or readMarkers is dirty
+	registrationTimer       *time.Timer
+	server                  *Server
+	skeleton                string
+	sessions                []*Session
+	stateMutex              sync.RWMutex // tier 1
+	alwaysOn                bool
+	username                string
+	vhost                   string
+	history                 history.Buffer
+	dirtyBits               uint
+	writebackLock           sync.Mutex // tier 1.5
+	pushSubscriptions       map[string]*pushSubscription
+	cachedPushSubscriptions []storedPushSubscription
+	clearablePushMessages   map[string]time.Time
+	pushSubscriptionsExist  atomic.Uint32 // this is a cache on len(pushSubscriptions) != 0
+	pushQueue               pushQueue
+	metadata                map[string]string
+	metadataThrottle        connection_limits.ThrottleDetails
 }
 
 type saslStatus struct {
 	mechanism string
-	value     string
+	value     ircutils.SASLBuffer
 	scramConv *scram.ServerConversation
+	oauthConv *oauth2.OAuthBearerServer
+}
+
+func (s *saslStatus) Initialize() {
+	s.value.Initialize(saslMaxResponseLength)
 }
 
 func (s *saslStatus) Clear() {
-	*s = saslStatus{}
+	s.mechanism = ""
+	s.value.Clear()
+	s.scramConv = nil
+	s.oauthConv = nil
 }
 
 // what stage the client is at w.r.t. the PASS command:
@@ -142,6 +166,8 @@ const (
 type Session struct {
 	client *Client
 
+	connID string // identifies the connection in debug logs
+
 	deviceID string
 
 	ctime      time.Time
@@ -150,17 +176,20 @@ type Session struct {
 	idleTimer  *time.Timer
 	pingSent   bool // we sent PING to a putatively idle connection and we're waiting for PONG
 
-	sessionID   int64
-	socket      *Socket
-	realIP      net.IP
-	proxiedIP   net.IP
-	rawHostname string
-	isTor       bool
-	hideSTS     bool
+	sessionID         int64
+	socket            *Socket
+	realIP            net.IP
+	proxiedIP         net.IP
+	rawHostname       string
+	hostnameFinalized bool
+	isTor             bool
+	hideSTS           bool
 
 	fakelag              Fakelag
 	deferredFakelagCount int
 
+	lastOperAttempt time.Time
+
 	certfp     string
 	peerCerts  []*x509.Certificate
 	sasl       saslStatus
@@ -168,6 +197,8 @@ type Session struct {
 
 	batchCounter atomic.Uint32
 
+	isupportSentPrereg bool
+
 	quitMessage string
 
 	awayMessage string
@@ -183,6 +214,11 @@ type Session struct {
 	autoreplayMissedSince time.Time
 
 	batch MultilineBatch
+
+	webPushEndpoint string // goroutine-local: web push endpoint registered by the current session
+
+	metadataSubscriptions utils.HashSet[string]
+	metadataPreregVals    map[string]string
 }
 
 // MultilineBatch tracks the state of a client-to-server multiline batch.
@@ -321,7 +357,8 @@ func (server *Server) RunClient(conn IRCConn) {
 		return
 	}
 
-	server.logger.Info("connect-ip", fmt.Sprintf("Client connecting: real IP %v, proxied IP %v", realIP, proxiedIP))
+	connID := server.generateConnectionID()
+	server.logger.Info("connect-ip", connID, fmt.Sprintf("Client connecting: real IP %v, proxied IP %v", realIP, proxiedIP))
 
 	now := time.Now().UTC()
 	// give them 1k of grace over the limit:
@@ -361,7 +398,9 @@ func (server *Server) RunClient(conn IRCConn) {
 		proxiedIP:  proxiedIP,
 		isTor:      wConn.Tor,
 		hideSTS:    wConn.Tor || wConn.HideSTS,
+		connID:     connID,
 	}
+	session.sasl.Initialize()
 	client.sessions = []*Session{session}
 
 	session.resetFakelag()
@@ -389,7 +428,7 @@ func (server *Server) RunClient(conn IRCConn) {
 	client.run(session)
 }
 
-func (server *Server) AddAlwaysOnClient(account ClientAccount, channelToStatus map[string]alwaysOnChannelStatus, lastSeen, readMarkers map[string]time.Time, uModes modes.Modes, realname string) {
+func (server *Server) AddAlwaysOnClient(account ClientAccount, channelToStatus map[string]alwaysOnChannelStatus, lastSeen, readMarkers map[string]time.Time, uModes modes.Modes, realname string, pushSubscriptions []storedPushSubscription, metadata map[string]string) {
 	now := time.Now().UTC()
 	config := server.Config()
 	if lastSeen == nil && account.Settings.AutoreplayMissed {
@@ -466,6 +505,18 @@ func (server *Server) AddAlwaysOnClient(account ClientAccount, channelToStatus m
 	if persistenceEnabled(config.Accounts.Multiclient.AutoAway, client.accountSettings.AutoAway) {
 		client.setAutoAwayNoMutex(config)
 	}
+
+	if len(pushSubscriptions) != 0 {
+		client.pushSubscriptions = make(map[string]*pushSubscription, len(pushSubscriptions))
+		for _, sub := range pushSubscriptions {
+			client.pushSubscriptions[sub.Endpoint] = newPushSubscription(sub)
+		}
+	}
+	client.rebuildPushSubscriptionCache()
+
+	if len(metadata) != 0 {
+		client.metadata = metadata
+	}
 }
 
 func (client *Client) resizeHistory(config *Config) {
@@ -477,12 +528,21 @@ func (client *Client) resizeHistory(config *Config) {
 	}
 }
 
-// resolve an IP to an IRC-ready hostname, using reverse DNS, forward-confirming if necessary,
-// and sending appropriate notices to the client
-func (client *Client) lookupHostname(session *Session, overwrite bool) {
+// once we have the final IP address (from the connection itself or from proxy data),
+// compute the various possibilities for the hostname:
+// * In the default/recommended configuration, via the cloak algorithm
+// * If hostname lookup is enabled, via (forward-confirmed) reverse DNS
+// * If WEBIRC was used, possibly via the hostname passed on the WEBIRC line
+func (client *Client) finalizeHostname(session *Session) {
+	// only allow this once, since registration can fail (e.g. if the nickname is in use)
+	if session.hostnameFinalized {
+		return
+	}
+	session.hostnameFinalized = true
+
 	if session.isTor {
 		return
-	} // else: even if cloaking is enabled, look up the real hostname to show to operators
+	}
 
 	config := client.server.Config()
 	ip := session.realIP
@@ -490,30 +550,27 @@ func (client *Client) lookupHostname(session *Session, overwrite bool) {
 		ip = session.proxiedIP
 	}
 
-	var hostname string
-	lookupSuccessful := false
-	if config.Server.lookupHostnames {
-		session.Notice("*** Looking up your hostname...")
-		hostname, lookupSuccessful = utils.LookupHostname(ip, config.Server.ForwardConfirmHostnames)
-		if lookupSuccessful {
-			session.Notice("*** Found your hostname")
+	// even if cloaking is enabled, we may want to look up the real hostname to show to operators:
+	if session.rawHostname == "" {
+		var hostname string
+		lookupSuccessful := false
+		if config.Server.lookupHostnames {
+			session.Notice("*** Looking up your hostname...")
+			hostname, lookupSuccessful = utils.LookupHostname(ip, config.Server.ForwardConfirmHostnames)
+			if lookupSuccessful {
+				session.Notice("*** Found your hostname")
+			} else {
+				session.Notice("*** Couldn't look up your hostname")
+			}
 		} else {
-			session.Notice("*** Couldn't look up your hostname")
+			hostname = utils.IPStringToHostname(ip.String())
 		}
-	} else {
-		hostname = utils.IPStringToHostname(ip.String())
+		session.rawHostname = hostname
 	}
 
-	session.rawHostname = hostname
-	cloakedHostname := config.Server.Cloaks.ComputeCloak(ip)
-	client.stateMutex.Lock()
-	defer client.stateMutex.Unlock()
-	// update the hostname if this is a new connection, but not if it's a reattach
-	if overwrite || client.rawHostname == "" {
-		client.rawHostname = hostname
-		client.cloakedHostname = cloakedHostname
-		client.updateNickMaskNoMutex()
-	}
+	// these will be discarded if this is actually a reattach:
+	client.rawHostname = session.rawHostname
+	client.cloakedHostname = config.Server.Cloaks.ComputeCloak(ip)
 }
 
 func (client *Client) doIdentLookup(conn net.Conn) {
@@ -626,7 +683,7 @@ func (client *Client) run(session *Session) {
 	isReattach := client.Registered()
 	if isReattach {
 		client.Touch(session)
-		client.playReattachMessages(session)
+		client.performReattach(session)
 	}
 
 	firstLine := !isReattach
@@ -637,7 +694,7 @@ func (client *Client) run(session *Session) {
 		if err == errInvalidUtf8 {
 			invalidUtf8 = true // handle as normal, including labeling
 		} else if err != nil {
-			client.server.logger.Debug("connect-ip", "read error from client", err.Error())
+			client.server.logger.Debug("connect-ip", session.connID, "read error from client", err.Error())
 			var quitMessage string
 			switch err {
 			case ircreader.ErrReadQ:
@@ -650,7 +707,7 @@ func (client *Client) run(session *Session) {
 		}
 
 		if client.server.logger.IsLoggingRawIO() {
-			client.server.logger.Debug("userinput", client.nick, "<- ", line)
+			client.server.logger.Debug("userinput", session.connID, client.nick, "<-", line)
 		}
 
 		// special-cased handling of PROXY protocol, see `handleProxyCommand` for details:
@@ -682,8 +739,12 @@ func (client *Client) run(session *Session) {
 			}
 			session.fakelag.Touch(command)
 		} else {
-			// DoS hardening, #505
+			if session.registrationMessages == 0 && httpVerbs.Has(msg.Command) {
+				client.Send(nil, client.server.name, ERR_UNKNOWNERROR, msg.Command, "This is not an HTTP server")
+				break
+			}
 			session.registrationMessages++
+			// DoS hardening, #505
 			if client.server.Config().Limits.RegistrationMessages < session.registrationMessages {
 				client.Send(nil, client.server.name, ERR_UNKNOWNERROR, "*", client.t("You have sent too many registration messages"))
 				break
@@ -701,17 +762,16 @@ func (client *Client) run(session *Session) {
 				continue
 			} // else: proceed with the truncated line
 		} else if err != nil {
-			client.Quit(client.t("Received malformed line"), session)
+			message := "Received malformed line"
+			if strings.HasPrefix(line, utf8BOM) {
+				message = "Received UTF-8 byte-order mark, which is invalid at the start of an IRC protocol message"
+			}
+			client.Quit(message, session)
 			break
 		}
 
-		cmd, exists := Commands[msg.Command]
-		if !exists {
-			cmd = unknownCommand
-		} else if invalidUtf8 {
-			cmd = invalidUtf8Command
-		}
-
+		var cmd Command
+		msg.Command, cmd = client.server.resolveCommand(msg.Command, invalidUtf8)
 		isExiting := cmd.Run(client.server, client, session, msg)
 		if isExiting {
 			break
@@ -723,7 +783,9 @@ func (client *Client) run(session *Session) {
 	}
 }
 
-func (client *Client) playReattachMessages(session *Session) {
+func (client *Client) performReattach(session *Session) {
+	client.applyPreregMetadata(session)
+
 	client.server.playRegistrationBurst(session)
 	hasHistoryCaps := session.HasHistoryCaps()
 	for _, channel := range session.client.Channels() {
@@ -747,6 +809,34 @@ func (client *Client) playReattachMessages(session *Session) {
 	session.autoreplayMissedSince = time.Time{}
 }
 
+func (client *Client) applyPreregMetadata(session *Session) {
+	if session.metadataPreregVals == nil {
+		return
+	}
+
+	defer func() {
+		session.metadataPreregVals = nil
+	}()
+
+	updates := client.UpdateMetadataFromPrereg(session.metadataPreregVals, client.server.Config().Metadata.MaxKeys)
+	if len(updates) == 0 {
+		return
+	}
+
+	// TODO this is expensive
+	friends := client.FriendsMonitors(caps.Metadata)
+	for _, s := range client.Sessions() {
+		if s != session {
+			friends.Add(s)
+		}
+	}
+
+	target := client.Nick()
+	for k, v := range updates {
+		broadcastMetadataUpdate(client.server, maps.Keys(friends), session, target, k, v, true)
+	}
+}
+
 //
 // idle, quit, timers and timeouts
 //
@@ -778,19 +868,19 @@ func (client *Client) updateIdleTimer(session *Session, now time.Time) {
 	session.pingSent = false
 
 	if session.idleTimer == nil {
-		pingTimeout := DefaultIdleTimeout
-		if session.isTor {
-			pingTimeout = TorIdleTimeout
+		pingTimeout := PingTimeout
+		if session.isTor && TorPingTimeout < pingTimeout {
+			pingTimeout = TorPingTimeout
 		}
 		session.idleTimer = time.AfterFunc(pingTimeout, session.handleIdleTimeout)
 	}
 }
 
 func (session *Session) handleIdleTimeout() {
-	totalTimeout := DefaultTotalTimeout
-	pingTimeout := DefaultIdleTimeout
-	if session.isTor {
-		pingTimeout = TorIdleTimeout
+	totalTimeout := DisconnectTimeout
+	pingTimeout := PingTimeout
+	if session.isTor && TorPingTimeout < pingTimeout {
+		pingTimeout = TorPingTimeout
 	}
 
 	session.client.stateMutex.Lock()
@@ -1078,6 +1168,7 @@ func (client *Client) SetNick(nick, nickCasefolded, skeleton string) (success bo
 	client.nickCasefolded = nickCasefolded
 	client.skeleton = skeleton
 	client.updateNickMaskNoMutex()
+
 	return true
 }
 
@@ -1142,12 +1233,18 @@ func (client *Client) LoggedIntoAccount() bool {
 // (You must ensure separately that destroy() is called, e.g., by returning `true` from
 // the command handler or calling it yourself.)
 func (client *Client) Quit(message string, session *Session) {
+	nuh := client.NickMaskString()
+	now := time.Now().UTC()
+
 	setFinalData := func(sess *Session) {
 		message := sess.quitMessage
 		var finalData []byte
 		// #364: don't send QUIT lines to unregistered clients
 		if client.registered {
-			quitMsg := ircmsg.MakeMessage(nil, client.nickMaskString, "QUIT", message)
+			quitMsg := ircmsg.MakeMessage(nil, nuh, "QUIT", message)
+			if sess.capabilities.Has(caps.ServerTime) {
+				quitMsg.SetTag("time", now.Format(utils.IRCv3TimestampFormat))
+			}
 			finalData, _ = quitMsg.LineBytesStrict(false, MaxLineLen)
 		}
 
@@ -1267,7 +1364,7 @@ func (client *Client) destroy(session *Session) {
 		if !shouldDestroy {
 			client.server.snomasks.Send(sno.LocalDisconnects, fmt.Sprintf(ircfmt.Unescape("Client session disconnected for [a:%s] [h:%s] [ip:%s]"), details.accountName, session.rawHostname, source))
 		}
-		client.server.logger.Info("connect-ip", fmt.Sprintf("disconnecting session of %s from %s", details.nick, source))
+		client.server.logger.Info("connect-ip", session.connID, fmt.Sprintf("Disconnecting session of %s from %s", details.nick, source))
 	}
 
 	// decrement stats if we have no more sessions, even if the client will not be destroyed
@@ -1286,10 +1383,10 @@ func (client *Client) destroy(session *Session) {
 	}
 
 	var quitItem history.Item
-	var channels []*Channel
+	var quitHistoryChannels []*Channel
 	// use a defer here to avoid writing to mysql while holding the destroy semaphore:
 	defer func() {
-		for _, channel := range channels {
+		for _, channel := range quitHistoryChannels {
 			channel.AddHistoryItem(quitItem, details.account)
 		}
 	}()
@@ -1305,14 +1402,17 @@ func (client *Client) destroy(session *Session) {
 
 	// alert monitors
 	if registered {
-		client.server.monitorManager.AlertAbout(details.nick, details.nickCasefolded, false)
+		client.server.monitorManager.AlertAbout(details.nick, details.nickCasefolded, false, nil)
 	}
 
 	// clean up channels
 	// (note that if this is a reattach, client has no channels and therefore no friends)
 	friends := make(ClientSet)
-	channels = client.Channels()
+	channels := client.Channels()
 	for _, channel := range channels {
+		if channel.memberIsVisible(client) {
+			quitHistoryChannels = append(quitHistoryChannels, channel)
+		}
 		for _, member := range channel.auditoriumFriends(client) {
 			friends.Add(member)
 		}
@@ -1402,7 +1502,7 @@ func (session *Session) sendFromClientInternal(blocking bool, serverTime time.Ti
 
 func composeMultilineBatch(batchID, fromNickMask, fromAccount string, isBot bool, tags map[string]string, command, target string, message utils.SplitMessage) (result []ircmsg.Message) {
 	batchStart := ircmsg.MakeMessage(tags, fromNickMask, "BATCH", "+"+batchID, caps.MultilineBatchType, target)
-	batchStart.SetTag("time", message.Time.Format(IRCv3TimestampFormat))
+	batchStart.SetTag("time", message.Time.Format(utils.IRCv3TimestampFormat))
 	batchStart.SetTag("msgid", message.Msgid)
 	if fromAccount != "*" {
 		batchStart.SetTag("account", fromAccount)
@@ -1474,7 +1574,7 @@ func (session *Session) SendRawMessage(message ircmsg.Message, blocking bool) er
 func (session *Session) sendBytes(line []byte, blocking bool) (err error) {
 	if session.client.server.logger.IsLoggingRawIO() {
 		logline := string(line[:len(line)-2]) // strip "\r\n"
-		session.client.server.logger.Debug("useroutput", session.client.Nick(), " ->", logline)
+		session.client.server.logger.Debug("useroutput", session.connID, session.client.Nick(), "->", logline)
 	}
 
 	if blocking {
@@ -1483,7 +1583,7 @@ func (session *Session) sendBytes(line []byte, blocking bool) (err error) {
 		err = session.socket.Write(line)
 	}
 	if err != nil {
-		session.client.server.logger.Info("quit", "send error to client", fmt.Sprintf("%s [%d]", session.client.Nick(), session.sessionID), err.Error())
+		session.client.server.logger.Info("quit", session.connID, "send error to client", session.client.Nick(), err.Error())
 	}
 	return err
 }
@@ -1510,7 +1610,7 @@ func (session *Session) setTimeTag(msg *ircmsg.Message, serverTime time.Time) {
 		if serverTime.IsZero() {
 			serverTime = time.Now()
 		}
-		msg.SetTag("time", serverTime.UTC().Format(IRCv3TimestampFormat))
+		msg.SetTag("time", serverTime.UTC().Format(utils.IRCv3TimestampFormat))
 	}
 }
 
@@ -1753,6 +1853,8 @@ const (
 	IncludeChannels uint = 1 << iota
 	IncludeUserModes
 	IncludeRealname
+	IncludePushSubscriptions
+	IncludeMetadata
 )
 
 func (client *Client) markDirty(dirtyBits uint) {
@@ -1773,7 +1875,7 @@ func (client *Client) wakeWriter() {
 }
 
 func (client *Client) writeLoop() {
-	defer client.server.HandlePanic()
+	defer client.server.HandlePanic(nil)
 
 	for {
 		client.performWrite(0)
@@ -1831,6 +1933,12 @@ func (client *Client) performWrite(additionalDirtyBits uint) {
 	if (dirtyBits & IncludeRealname) != 0 {
 		client.server.accounts.saveRealname(account, client.realname)
 	}
+	if (dirtyBits & IncludePushSubscriptions) != 0 {
+		client.server.accounts.savePushSubscriptions(account, client.getPushSubscriptions(true))
+	}
+	if (dirtyBits & IncludeMetadata) != 0 {
+		client.server.accounts.saveMetadata(account, client.ListMetadata())
+	}
 }
 
 // Blocking store; see Channel.Store and Socket.BlockingWrite
@@ -1850,3 +1958,134 @@ func (client *Client) Store(dirtyBits uint) (err error) {
 	client.performWrite(dirtyBits)
 	return nil
 }
+
+// pushSubscription represents all the data we track about the state of a push subscription;
+// right now every field is persisted, but we may want to persist only a subset in future
+type pushSubscription struct {
+	storedPushSubscription
+}
+
+// storedPushSubscription represents a subscription as stored in the database
+type storedPushSubscription struct {
+	Endpoint    string
+	Keys        webpush.Keys
+	LastRefresh time.Time // last time the client sent WEBPUSH REGISTER for this endpoint
+	LastSuccess time.Time // last time we successfully pushed to this endpoint
+}
+
+func newPushSubscription(sub storedPushSubscription) *pushSubscription {
+	return &pushSubscription{
+		storedPushSubscription: sub,
+		// TODO any other initialization here, like rate limiting
+	}
+}
+
+type pushMessage struct {
+	msg                 []byte
+	urgency             webpush.Urgency
+	originatingEndpoint string
+	cftarget            string
+	time                time.Time
+}
+
+type pushQueue struct {
+	workerLock sync.Mutex
+	queue      chan pushMessage
+	once       sync.Once
+	dropped    atomic.Uint64
+}
+
+func (c *Client) ensurePushInitialized() {
+	c.pushQueue.once.Do(c.initializePush)
+}
+
+func (c *Client) initializePush() {
+	// allocate the queue
+	c.pushQueue.queue = make(chan pushMessage, pushQueueLengthPerClient)
+}
+
+func (client *Client) dispatchPushMessage(msg pushMessage) {
+	client.ensurePushInitialized()
+
+	select {
+	case client.pushQueue.queue <- msg:
+		if client.pushQueue.workerLock.TryLock() {
+			go client.pushWorker()
+		}
+	default:
+		client.pushQueue.dropped.Add(1)
+	}
+}
+
+func (client *Client) pushWorker() {
+	defer client.server.HandlePanic(nil)
+	defer client.pushQueue.workerLock.Unlock()
+
+	for {
+		select {
+		case msg := <-client.pushQueue.queue:
+			for _, sub := range client.getPushSubscriptions(false) {
+				if !client.skipPushMessage(msg) {
+					client.sendAndTrackPush(sub.Endpoint, sub.Keys, msg, true)
+				}
+			}
+		default:
+			// no more messages, end the goroutine and release the trylock
+			return
+		}
+	}
+}
+
+// skipPushMessage waits up to the configured delay for the client to send MARKREAD;
+// it returns whether the message has been read
+func (client *Client) skipPushMessage(msg pushMessage) bool {
+	if msg.cftarget == "" || msg.time.IsZero() {
+		return false
+	}
+	config := client.server.Config()
+	if config.WebPush.Delay == 0 {
+		return false
+	}
+	deadline := msg.time.Add(config.WebPush.Delay)
+	pause := time.Until(deadline)
+	if pause > 0 {
+		time.Sleep(pause)
+	}
+	readTimestamp, ok := client.getMarkreadTime(msg.cftarget)
+	return ok && utils.ReadMarkerLessThanOrEqual(msg.time, readTimestamp)
+}
+
+func (client *Client) sendAndTrackPush(endpoint string, keys webpush.Keys, msg pushMessage, updateDB bool) {
+	if endpoint == msg.originatingEndpoint {
+		return
+	}
+	if msg.cftarget != "" && !msg.time.IsZero() {
+		client.addClearablePushMessage(msg.cftarget, msg.time)
+	}
+	switch client.sendPush(endpoint, keys, msg.urgency, msg.msg) {
+	case nil:
+		client.recordPush(endpoint, true)
+	case webpush.Err404:
+		client.deletePushSubscription(endpoint, updateDB)
+	default:
+		client.recordPush(endpoint, false)
+	}
+}
+
+func (client *Client) sendPush(endpoint string, keys webpush.Keys, urgency webpush.Urgency, msg []byte) error {
+	config := client.server.Config()
+	// final sanity check
+	if !config.WebPush.Enabled {
+		return nil
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), config.WebPush.Timeout)
+	defer cancel()
+
+	err := webpush.SendWebPush(ctx, endpoint, keys, config.WebPush.vapidKeys, webpush.UrgencyHigh, config.WebPush.Subscriber, msg)
+	if err == nil {
+		client.server.logger.Debug("webpush", "dispatched push to client", client.Nick(), endpoint)
+	} else {
+		client.server.logger.Debug("webpush", "failed to dispatch push to client", client.Nick(), endpoint, err.Error())
+	}
+	return err
+}
diff --git a/irc/client_lookup_set.go b/irc/client_lookup_set.go
index ef767b6d..6e028206 100644
--- a/irc/client_lookup_set.go
+++ b/irc/client_lookup_set.go
@@ -94,7 +94,6 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
 	accountName := client.accountName
 	settings := client.accountSettings
 	registered := client.registered
-	realname := client.realname
 	client.stateMutex.RUnlock()
 
 	// these restrictions have grandfather exceptions for nicknames registered
@@ -116,6 +115,8 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
 		useAccountName = alwaysOn || config.Accounts.NickReservation.ForceNickEqualsAccount
 	}
 
+	nickIsReserved := false
+
 	if useAccountName {
 		if registered && newNick != accountName {
 			return "", errNickAccountMismatch, false
@@ -167,7 +168,9 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
 
 		reservedAccount, method := client.server.accounts.EnforcementStatus(newCfNick, newSkeleton)
 		if method == NickEnforcementStrict && reservedAccount != "" && reservedAccount != account {
-			return "", errNicknameReserved, false
+			// see #2135: we want to enter the critical section, see if the nick is actually in use,
+			// and return errNicknameInUse in that case
+			nickIsReserved = true
 		}
 	}
 
@@ -205,10 +208,6 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
 			client.server.stats.AddRegistered(invisible, operator)
 		}
 		session.autoreplayMissedSince = lastSeen
-		// TODO: transition mechanism for #1065, clean this up eventually:
-		if currentClient.Realname() == "" {
-			currentClient.SetRealname(realname)
-		}
 		// successful reattach!
 		return newNick, nil, wasAway != nowAway
 	} else if currentClient == client && currentClient.Nick() == newNick {
@@ -219,6 +218,9 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
 	if skeletonHolder != nil && skeletonHolder != client {
 		return "", errNicknameInUse, false
 	}
+	if nickIsReserved {
+		return "", errNicknameReserved, false
+	}
 
 	if dryRun {
 		return "", nil, false
@@ -246,15 +248,14 @@ func (clients *ClientManager) AllClients() (result []*Client) {
 	return
 }
 
-// AllWithCapsNotify returns all clients with the given capabilities, and that support cap-notify.
-func (clients *ClientManager) AllWithCapsNotify(capabs ...caps.Capability) (sessions []*Session) {
-	capabs = append(capabs, caps.CapNotify)
+// AllWithCapsNotify returns all sessions that support cap-notify.
+func (clients *ClientManager) AllWithCapsNotify() (sessions []*Session) {
 	clients.RLock()
 	defer clients.RUnlock()
 	for _, client := range clients.byNick {
 		for _, session := range client.Sessions() {
 			// cap-notify is implicit in cap version 302 and above
-			if session.capabilities.HasAll(capabs...) || 302 <= session.capVersion {
+			if session.capabilities.Has(caps.CapNotify) || 302 <= session.capVersion {
 				sessions = append(sessions, session)
 			}
 		}
@@ -263,6 +264,18 @@ func (clients *ClientManager) AllWithCapsNotify(capabs ...caps.Capability) (sess
 	return
 }
 
+// AllWithPushSubscriptions returns all clients that are always-on with an active push subscription.
+func (clients *ClientManager) AllWithPushSubscriptions() (result []*Client) {
+	clients.RLock()
+	defer clients.RUnlock()
+	for _, client := range clients.byNick {
+		if client.hasPushSubscriptions() && client.AlwaysOn() {
+			result = append(result, client)
+		}
+	}
+	return result
+}
+
 // FindAll returns all clients that match the given userhost mask.
 func (clients *ClientManager) FindAll(userhost string) (set ClientSet) {
 	set = make(ClientSet)
diff --git a/irc/cloaks/cloaks.go b/irc/cloaks/cloaks.go
index a46b5208..5ebc0937 100644
--- a/irc/cloaks/cloaks.go
+++ b/irc/cloaks/cloaks.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"net"
 
-	"golang.org/x/crypto/sha3"
+	"crypto/sha3"
 
 	"github.com/ergochat/ergo/irc/utils"
 )
diff --git a/irc/commands.go b/irc/commands.go
index ccbec383..b8be684d 100644
--- a/irc/commands.go
+++ b/irc/commands.go
@@ -18,6 +18,24 @@ type Command struct {
 	capabs         []string
 }
 
+// resolveCommand returns the command to execute in response to a user input line.
+// some invalid commands (unknown command verb, invalid UTF8) get a fake handler
+// to ensure that labeled-response still works as expected.
+func (server *Server) resolveCommand(command string, invalidUTF8 bool) (canonicalName string, result Command) {
+	if invalidUTF8 {
+		return command, invalidUtf8Command
+	}
+	if cmd, ok := Commands[command]; ok {
+		return command, cmd
+	}
+	if target, ok := server.Config().Server.CommandAliases[command]; ok {
+		if cmd, ok := Commands[target]; ok {
+			return target, cmd
+		}
+	}
+	return command, unknownCommand
+}
+
 // Run runs this command with the given client/message.
 func (cmd *Command) Run(server *Server, client *Client, session *Session, msg ircmsg.Message) (exiting bool) {
 	rb := NewResponseBuffer(session)
@@ -152,6 +170,10 @@ func init() {
 			handler:   isonHandler,
 			minParams: 1,
 		},
+		"ISUPPORT": {
+			handler:      isupportHandler,
+			usablePreReg: true,
+		},
 		"JOIN": {
 			handler:   joinHandler,
 			minParams: 1,
@@ -187,6 +209,11 @@ func init() {
 			handler:   markReadHandler,
 			minParams: 0, // send FAIL instead of ERR_NEEDMOREPARAMS
 		},
+		"METADATA": {
+			handler:      metadataHandler,
+			minParams:    2,
+			usablePreReg: true,
+		},
 		"MODE": {
 			handler:   modeHandler,
 			minParams: 1,
@@ -363,6 +390,10 @@ func init() {
 			usablePreReg: true,
 			minParams:    4,
 		},
+		"WEBPUSH": {
+			handler:   webpushHandler,
+			minParams: 2,
+		},
 		"WHO": {
 			handler:   whoHandler,
 			minParams: 1,
diff --git a/irc/config.go b/irc/config.go
index 3649efd1..fd997512 100644
--- a/irc/config.go
+++ b/irc/config.go
@@ -22,6 +22,7 @@ import (
 	"strconv"
 	"strings"
 	"time"
+	"unicode/utf8"
 
 	"code.cloudfoundry.org/bytefmt"
 	"github.com/ergochat/irc-go/ircfmt"
@@ -38,8 +39,14 @@ import (
 	"github.com/ergochat/ergo/irc/logger"
 	"github.com/ergochat/ergo/irc/modes"
 	"github.com/ergochat/ergo/irc/mysql"
+	"github.com/ergochat/ergo/irc/oauth2"
 	"github.com/ergochat/ergo/irc/passwd"
 	"github.com/ergochat/ergo/irc/utils"
+	"github.com/ergochat/ergo/irc/webpush"
+)
+
+const (
+	defaultProxyDeadline = time.Minute
 )
 
 // here's how this works: exported (capitalized) members of the config structs
@@ -331,7 +338,9 @@ type AccountConfig struct {
 	Multiclient MulticlientConfig
 	Bouncer     *MulticlientConfig // # handle old name for 'multiclient'
 	VHosts      VHostConfig
-	AuthScript  AuthScriptConfig `yaml:"auth-script"`
+	AuthScript  AuthScriptConfig          `yaml:"auth-script"`
+	OAuth2      oauth2.OAuth2BearerConfig `yaml:"oauth2"`
+	JWTAuth     jwt.JWTAuthConfig         `yaml:"jwt-auth"`
 }
 
 type ScriptConfig struct {
@@ -450,6 +459,10 @@ func (cm *Casemapping) UnmarshalYAML(unmarshal func(interface{}) error) (err err
 		result = CasemappingPRECIS
 	case "permissive", "fun":
 		result = CasemappingPermissive
+	case "rfc1459":
+		result = CasemappingRFC1459
+	case "rfc1459-strict":
+		result = CasemappingRFC1459Strict
 	default:
 		return fmt.Errorf("invalid casemapping value: %s", orig)
 	}
@@ -484,6 +497,7 @@ type Limits struct {
 	ChanListModes        int `yaml:"chan-list-modes"`
 	ChannelLen           int `yaml:"channellen"`
 	IdentLen             int `yaml:"identlen"`
+	RealnameLen          int `yaml:"realnamelen"`
 	KickLen              int `yaml:"kicklen"`
 	MonitorEntries       int `yaml:"monitor-entries"`
 	NickLen              int `yaml:"nicklen"`
@@ -567,7 +581,12 @@ type Config struct {
 		MOTD                    string
 		motdLines               []string
 		MOTDFormatting          bool `yaml:"motd-formatting"`
-		Relaymsg                struct {
+		IdleTimeouts            struct {
+			Registration time.Duration
+			Ping         time.Duration
+			Disconnect   time.Duration
+		} `yaml:"idle-timeouts"`
+		Relaymsg struct {
 			Enabled            bool
 			Separators         string
 			AvailableToChanops bool `yaml:"available-to-chanops"`
@@ -589,6 +608,7 @@ type Config struct {
 		Cloaks                   cloaks.CloakConfig              `yaml:"ip-cloaking"`
 		SecureNetDefs            []string                        `yaml:"secure-nets"`
 		secureNets               []net.IPNet
+		OperThrottle             time.Duration `yaml:"oper-throttle"`
 		supportedCaps            *caps.Set
 		supportedCapsWithoutSTS  *caps.Set
 		capValues                caps.Values
@@ -599,14 +619,27 @@ type Config struct {
 		OverrideServicesHostname string              `yaml:"override-services-hostname"`
 		MaxLineLen               int                 `yaml:"max-line-len"`
 		SuppressLusers           bool                `yaml:"suppress-lusers"`
+		AdditionalISupport       map[string]string   `yaml:"additional-isupport"`
+		CommandAliases           map[string]string   `yaml:"command-aliases"`
 	}
 
+	API struct {
+		Enabled          bool
+		Listener         string
+		TLS              TLSListenConfig
+		tlsConfig        *tls.Config
+		BearerTokens     []string `yaml:"bearer-tokens"`
+		bearerTokenBytes [][]byte
+	} `yaml:"api"`
+
 	Roleplay struct {
 		Enabled        bool
 		RequireChanops bool  `yaml:"require-chanops"`
 		RequireOper    bool  `yaml:"require-oper"`
 		AddSuffix      *bool `yaml:"add-suffix"`
 		addSuffix      bool
+		NPCNickMask    string `yaml:"npc-nick-mask"`
+		SceneNickMask  string `yaml:"scene-nick-mask"`
 	}
 
 	Extjwt struct {
@@ -700,6 +733,24 @@ type Config struct {
 		} `yaml:"tagmsg-storage"`
 	}
 
+	Metadata struct {
+		Enabled        bool
+		MaxSubs        int            `yaml:"max-subs"`
+		MaxKeys        int            `yaml:"max-keys"`
+		MaxValueBytes  int            `yaml:"max-value-length"`
+		ClientThrottle ThrottleConfig `yaml:"client-throttle"`
+	}
+
+	WebPush struct {
+		Enabled          bool
+		Timeout          time.Duration
+		Delay            time.Duration
+		Subscriber       string
+		MaxSubscriptions int `yaml:"max-subscriptions"`
+		Expiration       custime.Duration
+		vapidKeys        *webpush.VAPIDKeys
+	} `yaml:"webpush"`
+
 	Filename string
 }
 
@@ -946,7 +997,7 @@ func (conf *Config) prepareListeners() (err error) {
 	conf.Server.trueListeners = make(map[string]utils.ListenerConfig)
 	for addr, block := range conf.Server.Listeners {
 		var lconf utils.ListenerConfig
-		lconf.ProxyDeadline = RegisterTimeout
+		lconf.ProxyDeadline = defaultProxyDeadline
 		lconf.Tor = block.Tor
 		lconf.STSOnly = block.STSOnly
 		if lconf.STSOnly && !conf.Server.STS.Enabled {
@@ -990,6 +1041,40 @@ func (config *Config) processExtjwt() (err error) {
 	return nil
 }
 
+func (config *Config) processAPI() (err error) {
+	if !config.API.Enabled {
+		return nil
+	}
+
+	if config.API.Listener == "" {
+		return errors.New("config.api.enabled is true, but listener address is empty")
+	}
+
+	config.API.bearerTokenBytes = make([][]byte, len(config.API.BearerTokens))
+	for i, tok := range config.API.BearerTokens {
+		if tok == "" || tok == "example" {
+			continue
+		}
+		config.API.bearerTokenBytes[i] = []byte(tok)
+	}
+
+	var tlsConfig *tls.Config
+	if config.API.TLS.Cert != "" {
+		cert, err := loadCertWithLeaf(config.API.TLS.Cert, config.API.TLS.Key)
+		if err != nil {
+			return err
+		}
+		tlsConfig = &tls.Config{
+			Certificates: []tls.Certificate{cert},
+			MinVersion:   tls.VersionTLS12,
+			// TODO consider supporting client certificates
+		}
+	}
+	config.API.tlsConfig = tlsConfig
+
+	return nil
+}
+
 // LoadRawConfig loads the config without doing any consistency checks or postprocessing
 func LoadRawConfig(filename string) (config *Config, err error) {
 	data, err := os.ReadFile(filename)
@@ -1039,7 +1124,7 @@ func (ce *configPathError) Error() string {
 	return fmt.Sprintf("Couldn't apply config override `%s`: %s", ce.name, ce.desc)
 }
 
-func mungeFromEnvironment(config *Config, envPair string) (applied bool, err *configPathError) {
+func mungeFromEnvironment(config *Config, envPair string) (applied bool, name string, err *configPathError) {
 	equalIdx := strings.IndexByte(envPair, '=')
 	name, value := envPair[:equalIdx], envPair[equalIdx+1:]
 	if strings.HasPrefix(name, "ERGO__") {
@@ -1047,7 +1132,7 @@ func mungeFromEnvironment(config *Config, envPair string) (applied bool, err *co
 	} else if strings.HasPrefix(name, "ORAGONO__") {
 		name = strings.TrimPrefix(name, "ORAGONO__")
 	} else {
-		return false, nil
+		return false, "", nil
 	}
 	pathComponents := strings.Split(name, "__")
 	for i, pathComponent := range pathComponents {
@@ -1058,10 +1143,10 @@ func mungeFromEnvironment(config *Config, envPair string) (applied bool, err *co
 	t := v.Type()
 	for _, component := range pathComponents {
 		if component == "" {
-			return false, &configPathError{name, "invalid", nil}
+			return false, "", &configPathError{name, "invalid", nil}
 		}
 		if v.Kind() != reflect.Struct {
-			return false, &configPathError{name, "index into non-struct", nil}
+			return false, "", &configPathError{name, "index into non-struct", nil}
 		}
 		var nextField reflect.StructField
 		success := false
@@ -1087,7 +1172,7 @@ func mungeFromEnvironment(config *Config, envPair string) (applied bool, err *co
 			}
 		}
 		if !success {
-			return false, &configPathError{name, fmt.Sprintf("couldn't resolve path component: `%s`", component), nil}
+			return false, "", &configPathError{name, fmt.Sprintf("couldn't resolve path component: `%s`", component), nil}
 		}
 		v = v.FieldByName(nextField.Name)
 		// dereference pointer field if necessary, initialize new value if necessary
@@ -1101,9 +1186,9 @@ func mungeFromEnvironment(config *Config, envPair string) (applied bool, err *co
 	}
 	yamlErr := yaml.Unmarshal([]byte(value), v.Addr().Interface())
 	if yamlErr != nil {
-		return false, &configPathError{name, "couldn't deserialize YAML", yamlErr}
+		return false, "", &configPathError{name, "couldn't deserialize YAML", yamlErr}
 	}
-	return true, nil
+	return true, name, nil
 }
 
 // LoadConfig loads the given YAML configuration file.
@@ -1115,7 +1200,7 @@ func LoadConfig(filename string) (config *Config, err error) {
 
 	if config.AllowEnvironmentOverrides {
 		for _, envPair := range os.Environ() {
-			applied, envErr := mungeFromEnvironment(config, envPair)
+			applied, name, envErr := mungeFromEnvironment(config, envPair)
 			if envErr != nil {
 				if envErr.fatalErr != nil {
 					return nil, envErr
@@ -1123,7 +1208,7 @@ func LoadConfig(filename string) (config *Config, err error) {
 					log.Println(envErr.Error())
 				}
 			} else if applied {
-				log.Printf("applied environment override: %s\n", envPair)
+				log.Printf("applied environment override: %s\n", name)
 			}
 		}
 	}
@@ -1162,6 +1247,23 @@ func LoadConfig(filename string) (config *Config, err error) {
 		}
 	}
 
+	if config.Server.IdleTimeouts.Registration <= 0 {
+		config.Server.IdleTimeouts.Registration = time.Minute
+	}
+	if config.Server.IdleTimeouts.Ping <= 0 {
+		config.Server.IdleTimeouts.Ping = time.Minute + 30*time.Second
+	}
+	if config.Server.IdleTimeouts.Disconnect <= 0 {
+		config.Server.IdleTimeouts.Disconnect = 2*time.Minute + 30*time.Second
+	}
+
+	if !(config.Server.IdleTimeouts.Ping < config.Server.IdleTimeouts.Disconnect) {
+		return nil, fmt.Errorf(
+			"ping timeout %v must be strictly less than disconnect timeout %v, to give the client time to respond",
+			config.Server.IdleTimeouts.Ping, config.Server.IdleTimeouts.Disconnect,
+		)
+	}
+
 	if config.Server.CoerceIdent != "" {
 		if config.Server.CheckIdent {
 			return nil, errors.New("Can't configure both check-ident and coerce-ident")
@@ -1390,15 +1492,38 @@ func LoadConfig(filename string) (config *Config, err error) {
 		config.Accounts.VHosts.validRegexp = defaultValidVhostRegex
 	}
 
-	saslCapValue := "PLAIN,EXTERNAL,SCRAM-SHA-256"
-	if !config.Accounts.AdvertiseSCRAM {
-		saslCapValue = "PLAIN,EXTERNAL"
-	}
-	config.Server.capValues[caps.SASL] = saslCapValue
-	if !config.Accounts.AuthenticationEnabled {
+	if config.Accounts.AuthenticationEnabled {
+		saslCapValues := []string{"PLAIN", "EXTERNAL"}
+		if config.Accounts.AdvertiseSCRAM {
+			saslCapValues = append(saslCapValues, "SCRAM-SHA-256")
+		}
+		if config.Accounts.OAuth2.Enabled {
+			saslCapValues = append(saslCapValues, "OAUTHBEARER")
+		}
+		if config.Accounts.OAuth2.Enabled || config.Accounts.JWTAuth.Enabled {
+			saslCapValues = append(saslCapValues, "IRCV3BEARER")
+		}
+		config.Server.capValues[caps.SASL] = strings.Join(saslCapValues, ",")
+	} else {
 		config.Server.supportedCaps.Disable(caps.SASL)
 	}
 
+	if config.Server.OperThrottle <= 0 {
+		config.Server.OperThrottle = 10 * time.Second
+	}
+
+	if err := config.Accounts.OAuth2.Postprocess(); err != nil {
+		return nil, err
+	}
+
+	if err := config.Accounts.JWTAuth.Postprocess(); err != nil {
+		return nil, err
+	}
+
+	if config.Accounts.OAuth2.Enabled && config.Accounts.OAuth2.AuthScript && !config.Accounts.AuthScript.Enabled {
+		return nil, fmt.Errorf("oauth2 is enabled with auth-script, but no auth-script is enabled")
+	}
+
 	if !config.Accounts.Registration.Enabled {
 		config.Server.supportedCaps.Disable(caps.AccountRegistration)
 	} else {
@@ -1486,12 +1611,13 @@ func LoadConfig(filename string) (config *Config, err error) {
 	// in the current implementation, we disable history by creating a history buffer
 	// with zero capacity. but the `enabled` config option MUST be respected regardless
 	// of this detail
-	if !config.History.Enabled {
+	if !config.History.Enabled || config.History.ChathistoryMax == 0 {
 		config.History.ChannelLength = 0
 		config.History.ClientLength = 0
 		config.Server.supportedCaps.Disable(caps.Chathistory)
 		config.Server.supportedCaps.Disable(caps.EventPlayback)
 		config.Server.supportedCaps.Disable(caps.ZNCPlayback)
+		config.Server.supportedCaps.Disable(caps.MessageRedaction)
 	}
 
 	if !config.History.Enabled || !config.History.Persistent.Enabled {
@@ -1522,7 +1648,17 @@ func LoadConfig(filename string) (config *Config, err error) {
 		}
 	}
 
+	if !config.History.Retention.AllowIndividualDelete {
+		config.Server.supportedCaps.Disable(caps.MessageRedaction) // #2215
+	}
+
 	config.Roleplay.addSuffix = utils.BoolDefaultTrue(config.Roleplay.AddSuffix)
+	if config.Roleplay.NPCNickMask == "" {
+		config.Roleplay.NPCNickMask = defaultNPCNickMask
+	}
+	if config.Roleplay.SceneNickMask == "" {
+		config.Roleplay.SceneNickMask = defaultSceneNickMask
+	}
 
 	config.Datastore.MySQL.ExpireTime = time.Duration(config.History.Restrictions.ExpireTime)
 	config.Datastore.MySQL.TrackAccountMessages = config.History.Retention.EnableAccountIndexing
@@ -1540,11 +1676,65 @@ func LoadConfig(filename string) (config *Config, err error) {
 		}
 	}
 
+	if !config.Metadata.Enabled {
+		config.Server.supportedCaps.Disable(caps.Metadata)
+	} else {
+		metadataValues := make([]string, 0, 4)
+		metadataValues = append(metadataValues, "before-connect")
+		// these are required for normal operation, so set sane defaults:
+		if config.Metadata.MaxSubs == 0 {
+			config.Metadata.MaxSubs = 10
+		}
+		metadataValues = append(metadataValues, fmt.Sprintf("max-subs=%d", config.Metadata.MaxSubs))
+		if config.Metadata.MaxKeys == 0 {
+			config.Metadata.MaxKeys = 10
+		}
+		metadataValues = append(metadataValues, fmt.Sprintf("max-keys=%d", config.Metadata.MaxKeys))
+		// this is not required since we enforce a hardcoded upper bound on key+value
+		if config.Metadata.MaxValueBytes > 0 {
+			metadataValues = append(metadataValues, fmt.Sprintf("max-value-bytes=%d", config.Metadata.MaxValueBytes))
+		}
+		config.Server.capValues[caps.Metadata] = strings.Join(metadataValues, ",")
+	}
+
 	err = config.processExtjwt()
 	if err != nil {
 		return nil, err
 	}
 
+	if config.WebPush.Enabled {
+		if config.Accounts.Multiclient.AlwaysOn == PersistentDisabled {
+			return nil, fmt.Errorf("Cannot enable webpush if always-on is disabled")
+		}
+		if config.WebPush.Timeout == 0 {
+			config.WebPush.Timeout = 10 * time.Second
+		}
+		if config.WebPush.Subscriber == "" {
+			config.WebPush.Subscriber = "https://ergo.chat/about"
+		}
+		if config.WebPush.MaxSubscriptions <= 0 {
+			config.WebPush.MaxSubscriptions = 1
+		}
+		if config.WebPush.Expiration == 0 {
+			config.WebPush.Expiration = custime.Duration(14 * 24 * time.Hour)
+		} else if config.WebPush.Expiration < custime.Duration(3*24*time.Hour) {
+			return nil, fmt.Errorf("webpush.expiration is too short (should be several days)")
+		}
+	} else {
+		config.Server.supportedCaps.Disable(caps.WebPush)
+		config.Server.supportedCaps.Disable(caps.SojuWebPush)
+	}
+
+	err = config.processAPI()
+	if err != nil {
+		return nil, err
+	}
+
+	config.Server.CommandAliases, err = normalizeCommandAliases(config.Server.CommandAliases)
+	if err != nil {
+		return nil, err
+	}
+
 	// now that all postprocessing is complete, regenerate ISUPPORT:
 	err = config.generateISupport()
 	if err != nil {
@@ -1589,9 +1779,18 @@ func (config *Config) generateISupport() (err error) {
 	isupport.Initialize()
 	isupport.Add("AWAYLEN", strconv.Itoa(config.Limits.AwayLen))
 	isupport.Add("BOT", "B")
-	isupport.Add("CASEMAPPING", "ascii")
+	var casemappingToken string
+	switch config.Server.Casemapping {
+	default:
+		casemappingToken = "ascii" // this is published for ascii, precis, or permissive
+	case CasemappingRFC1459:
+		casemappingToken = "rfc1459"
+	case CasemappingRFC1459Strict:
+		casemappingToken = "rfc1459-strict"
+	}
+	isupport.Add("CASEMAPPING", casemappingToken)
 	isupport.Add("CHANLIMIT", fmt.Sprintf("%s:%d", chanTypes, config.Channels.MaxChannelsPerClient))
-	isupport.Add("CHANMODES", chanmodesToken)
+	isupport.Add("CHANMODES", modes.ChanmodesToken())
 	if config.History.Enabled && config.History.ChathistoryMax > 0 {
 		isupport.Add("CHATHISTORY", strconv.Itoa(config.History.ChathistoryMax))
 		// Kiwi expects this legacy token name:
@@ -1620,6 +1819,8 @@ func (config *Config) generateISupport() (err error) {
 		isupport.Add("RPCHAN", "E")
 		isupport.Add("RPUSER", "E")
 	}
+	isupport.Add("SAFELIST", "")
+	isupport.Add("SAFERATE", "")
 	isupport.Add("STATUSMSG", "~&@%+")
 	isupport.Add("TARGMAX", fmt.Sprintf("NAMES:1,LIST:1,KICK:,WHOIS:1,USERHOST:10,PRIVMSG:%s,TAGMSG:%s,NOTICE:%s,MONITOR:%d", maxTargetsString, maxTargetsString, maxTargetsString, config.Limits.MonitorEntries))
 	isupport.Add("TOPICLEN", strconv.Itoa(config.Limits.TopicLen))
@@ -1629,8 +1830,21 @@ func (config *Config) generateISupport() (err error) {
 	if config.Server.EnforceUtf8 {
 		isupport.Add("UTF8ONLY", "")
 	}
+	if config.WebPush.Enabled {
+		// XXX we typically don't have this at config parse time, so we'll have to regenerate
+		// the cached reply later
+		if config.WebPush.vapidKeys != nil {
+			isupport.Add("VAPID", config.WebPush.vapidKeys.PublicKeyString())
+		}
+	}
 	isupport.Add("WHOX", "")
 
+	for key, value := range config.Server.AdditionalISupport {
+		if !isupport.Contains(key) {
+			isupport.Add(key, value)
+		}
+	}
+
 	err = isupport.RegenerateCachedReply()
 	return
 }
@@ -1732,6 +1946,9 @@ func (config *Config) loadMOTD() error {
 			if config.Server.MOTDFormatting {
 				lineToSend = ircfmt.Unescape(lineToSend)
 			}
+			if config.Server.EnforceUtf8 && !utf8.ValidString(lineToSend) {
+				return fmt.Errorf("Line %d of MOTD contains invalid UTF8", i+1)
+			}
 			// "- " is the required prefix for MOTD
 			lineToSend = fmt.Sprintf("- %s", lineToSend)
 			config.Server.motdLines = append(config.Server.motdLines, lineToSend)
@@ -1739,3 +1956,22 @@ func (config *Config) loadMOTD() error {
 	}
 	return nil
 }
+
+func normalizeCommandAliases(aliases map[string]string) (normalizedAliases map[string]string, err error) {
+	if len(aliases) == 0 {
+		return nil, nil
+	}
+	normalizedAliases = make(map[string]string, len(aliases))
+	for alias, command := range aliases {
+		alias = strings.ToUpper(alias)
+		command = strings.ToUpper(command)
+		if _, found := Commands[alias]; found {
+			return nil, fmt.Errorf("Command alias `%s` collides with a real Ergo command", alias)
+		}
+		if _, found := Commands[command]; !found {
+			return nil, fmt.Errorf("Command alias `%s` mapped to non-existent Ergo command `%s`", alias, command)
+		}
+		normalizedAliases[alias] = command
+	}
+	return normalizedAliases, nil
+}
diff --git a/irc/config_test.go b/irc/config_test.go
index 3d55865b..05466daa 100644
--- a/irc/config_test.go
+++ b/irc/config_test.go
@@ -28,7 +28,7 @@ func TestEnvironmentOverrides(t *testing.T) {
 		`ORAGONO__SERVER__IP_CLOAKING={"enabled": true, "enabled-for-always-on": true, "netname": "irc", "cidr-len-ipv4": 32, "cidr-len-ipv6": 64, "num-bits": 64}`,
 	}
 	for _, envPair := range env {
-		_, err := mungeFromEnvironment(&config, envPair)
+		_, _, err := mungeFromEnvironment(&config, envPair)
 		if err != nil {
 			t.Errorf("couldn't apply override `%s`: %v", envPair, err)
 		}
@@ -93,7 +93,7 @@ func TestEnvironmentOverrideErrors(t *testing.T) {
 	}
 
 	for _, env := range invalidEnvs {
-		success, err := mungeFromEnvironment(&config, env)
+		success, _, err := mungeFromEnvironment(&config, env)
 		if err == nil || success {
 			t.Errorf("accepted invalid env override `%s`", env)
 		}
diff --git a/irc/database.go b/irc/database.go
index a20e269e..b144c74b 100644
--- a/irc/database.go
+++ b/irc/database.go
@@ -18,6 +18,7 @@ import (
 	"github.com/ergochat/ergo/irc/datastore"
 	"github.com/ergochat/ergo/irc/modes"
 	"github.com/ergochat/ergo/irc/utils"
+	"github.com/ergochat/ergo/irc/webpush"
 
 	"github.com/tidwall/buntdb"
 )
@@ -27,15 +28,17 @@ const (
 
 	// 'version' of the database schema
 	// latest schema of the db
-	latestDbSchema = 23
+	latestDbSchema = 24
 )
 
 var (
 	schemaVersionUUID = utils.UUID{0, 255, 85, 13, 212, 10, 191, 121, 245, 152, 142, 89, 97, 141, 219, 87}    // AP9VDdQKv3n1mI5ZYY3bVw
 	cloakSecretUUID   = utils.UUID{170, 214, 184, 208, 116, 181, 67, 75, 161, 23, 233, 16, 113, 251, 94, 229} // qta40HS1Q0uhF-kQcfte5Q
+	vapidKeysUUID     = utils.UUID{87, 215, 189, 5, 65, 105, 249, 44, 65, 96, 170, 56, 187, 110, 12, 235}     // V9e9BUFp-SxBYKo4u24M6w
 
 	keySchemaVersion = bunt.BuntKey(datastore.TableMetadata, schemaVersionUUID)
 	keyCloakSecret   = bunt.BuntKey(datastore.TableMetadata, cloakSecretUUID)
+	keyVAPIDKeys     = bunt.BuntKey(datastore.TableMetadata, vapidKeysUUID)
 )
 
 type SchemaChanger func(*Config, *buntdb.Tx) error
@@ -80,6 +83,15 @@ func initializeDB(path string) error {
 		// set schema version
 		tx.Set(keySchemaVersion, strconv.Itoa(latestDbSchema), nil)
 		tx.Set(keyCloakSecret, utils.GenerateSecretKey(), nil)
+		vapidKeys, err := webpush.GenerateVAPIDKeys()
+		if err != nil {
+			return err
+		}
+		j, err := json.Marshal(vapidKeys)
+		if err != nil {
+			return err
+		}
+		tx.Set(keyVAPIDKeys, string(j), nil)
 		return nil
 	})
 
@@ -150,7 +162,7 @@ func retrieveSchemaVersion(tx *buntdb.Tx) (version int, err error) {
 func performAutoUpgrade(currentVersion int, config *Config) (err error) {
 	path := config.Datastore.Path
 	log.Printf("attempting to auto-upgrade schema from version %d to %d\n", currentVersion, latestDbSchema)
-	timestamp := time.Now().UTC().Format("2006-01-02-15:04:05.000Z")
+	timestamp := time.Now().UTC().Format("2006-01-02-15.04.05.000Z")
 	backupPath := fmt.Sprintf("%s.v%d.%s.bak", path, currentVersion, timestamp)
 	log.Printf("making a backup of current database at %s\n", backupPath)
 	err = utils.CopyFile(path, backupPath)
@@ -233,6 +245,16 @@ func StoreCloakSecret(dstore datastore.Datastore, secret string) {
 	dstore.Set(datastore.TableMetadata, cloakSecretUUID, []byte(secret), time.Time{})
 }
 
+func LoadVAPIDKeys(dstore datastore.Datastore) (*webpush.VAPIDKeys, error) {
+	val, err := dstore.Get(datastore.TableMetadata, vapidKeysUUID)
+	if err != nil {
+		return nil, err
+	}
+	result := new(webpush.VAPIDKeys)
+	err = json.Unmarshal([]byte(val), result)
+	return result, nil
+}
+
 func schemaChangeV1toV2(config *Config, tx *buntdb.Tx) error {
 	// == version 1 -> 2 ==
 	// account key changes and account.verified key bugfix.
@@ -1218,6 +1240,20 @@ func schemaChangeV22ToV23(config *Config, tx *buntdb.Tx) error {
 	return nil
 }
 
+// webpush signing key
+func schemaChangeV23ToV24(config *Config, tx *buntdb.Tx) error {
+	keys, err := webpush.GenerateVAPIDKeys()
+	if err != nil {
+		return err
+	}
+	j, err := json.Marshal(keys)
+	if err != nil {
+		return err
+	}
+	tx.Set(keyVAPIDKeys, string(j), nil)
+	return nil
+}
+
 func getSchemaChange(initialVersion int) (result SchemaChange, ok bool) {
 	for _, change := range allChanges {
 		if initialVersion == change.InitialVersion {
@@ -1338,4 +1374,9 @@ var allChanges = []SchemaChange{
 		TargetVersion:  23,
 		Changer:        schemaChangeV22ToV23,
 	},
+	{
+		InitialVersion: 23,
+		TargetVersion:  24,
+		Changer:        schemaChangeV23ToV24,
+	},
 }
diff --git a/irc/email/dkim.go b/irc/email/dkim.go
index 10952478..b4324d2c 100644
--- a/irc/email/dkim.go
+++ b/irc/email/dkim.go
@@ -4,9 +4,18 @@
 package email
 
 import (
+	"bytes"
+	"crypto"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
 	"errors"
-	dkim "github.com/toorop/go-dkim"
+	"fmt"
+
 	"os"
+
+	dkim "github.com/emersion/go-msgauth/dkim"
 )
 
 var (
@@ -17,38 +26,77 @@ type DKIMConfig struct {
 	Domain   string
 	Selector string
 	KeyFile  string `yaml:"key-file"`
-	keyBytes []byte
+	privKey  crypto.Signer
+}
+
+func (dkim *DKIMConfig) Enabled() bool {
+	return dkim.Domain != ""
 }
 
 func (dkim *DKIMConfig) Postprocess() (err error) {
-	if dkim.Domain != "" {
-		if dkim.Selector == "" || dkim.KeyFile == "" {
-			return ErrMissingFields
-		}
-		dkim.keyBytes, err = os.ReadFile(dkim.KeyFile)
-		if err != nil {
-			return err
-		}
+	if !dkim.Enabled() {
+		return nil
 	}
+
+	if dkim.Selector == "" || dkim.KeyFile == "" {
+		return ErrMissingFields
+	}
+
+	keyBytes, err := os.ReadFile(dkim.KeyFile)
+	if err != nil {
+		return fmt.Errorf("Could not read DKIM key file: %w", err)
+	}
+	dkim.privKey, err = parseDKIMPrivKey(keyBytes)
+	if err != nil {
+		return fmt.Errorf("Could not parse DKIM key file: %w", err)
+	}
+
 	return nil
 }
 
-var defaultOptions = dkim.SigOptions{
-	Version:               1,
-	Canonicalization:      "relaxed/relaxed",
-	Algo:                  "rsa-sha256",
-	Headers:               []string{"from", "to", "subject", "message-id", "date"},
-	BodyLength:            0,
-	QueryMethods:          []string{"dns/txt"},
-	AddSignatureTimestamp: true,
-	SignatureExpireIn:     0,
+func parseDKIMPrivKey(input []byte) (crypto.Signer, error) {
+	if len(input) == 0 {
+		return nil, errors.New("DKIM private key is empty")
+	}
+
+	// raw ed25519 private key format
+	if len(input) == ed25519.PrivateKeySize {
+		return ed25519.PrivateKey(input), nil
+	}
+
+	d, _ := pem.Decode(input)
+	if d == nil {
+		return nil, errors.New("Invalid PEM data for DKIM private key")
+	}
+
+	if rsaKey, err := x509.ParsePKCS1PrivateKey(d.Bytes); err == nil {
+		return rsaKey, nil
+	}
+
+	if k, err := x509.ParsePKCS8PrivateKey(d.Bytes); err == nil {
+		switch key := k.(type) {
+		case *rsa.PrivateKey:
+			return key, nil
+		case ed25519.PrivateKey:
+			return key, nil
+		default:
+			return nil, fmt.Errorf("Unacceptable type for DKIM private key: %T", k)
+		}
+	}
+
+	return nil, errors.New("No acceptable format for DKIM private key")
 }
 
 func DKIMSign(message []byte, dkimConfig DKIMConfig) (result []byte, err error) {
-	options := defaultOptions
-	options.PrivateKey = dkimConfig.keyBytes
-	options.Domain = dkimConfig.Domain
-	options.Selector = dkimConfig.Selector
-	err = dkim.Sign(&message, options)
-	return message, err
+	options := dkim.SignOptions{
+		Domain:                 dkimConfig.Domain,
+		Selector:               dkimConfig.Selector,
+		Signer:                 dkimConfig.privKey,
+		HeaderCanonicalization: dkim.CanonicalizationRelaxed,
+		BodyCanonicalization:   dkim.CanonicalizationRelaxed,
+	}
+	input := bytes.NewBuffer(message)
+	output := bytes.NewBuffer(make([]byte, 0, len(message)+1024))
+	err = dkim.Sign(output, input, &options)
+	return output.Bytes(), err
 }
diff --git a/irc/email/email.go b/irc/email/email.go
index c87840fb..a23f9440 100644
--- a/irc/email/email.go
+++ b/irc/email/email.go
@@ -75,6 +75,9 @@ type MailtoConfig struct {
 	Sender                 string
 	HeloDomain             string `yaml:"helo-domain"`
 	RequireTLS             bool   `yaml:"require-tls"`
+	Protocol               string `yaml:"protocol"`
+	LocalAddress           string `yaml:"local-address"`
+	localAddress           net.Addr
 	VerifyMessageSubject   string `yaml:"verify-message-subject"`
 	DKIM                   DKIMConfig
 	MTAReal                MTAConfig       `yaml:"mta"`
@@ -159,6 +162,25 @@ func (config *MailtoConfig) Postprocess(heloDomain string) (err error) {
 		}
 	}
 
+	config.Protocol = strings.ToLower(config.Protocol)
+	if config.Protocol == "" {
+		config.Protocol = "tcp"
+	}
+	if !(config.Protocol == "tcp" || config.Protocol == "tcp4" || config.Protocol == "tcp6") {
+		return fmt.Errorf("Invalid protocol for email sending: `%s`", config.Protocol)
+	}
+
+	if config.LocalAddress != "" {
+		ipAddr := net.ParseIP(config.LocalAddress)
+		if ipAddr == nil {
+			return fmt.Errorf("Could not parse local-address for email sending: `%s`", config.LocalAddress)
+		}
+		config.localAddress = &net.TCPAddr{
+			IP:   ipAddr,
+			Port: 0,
+		}
+	}
+
 	if config.MTAConfig.Server != "" {
 		// smarthost, nothing more to validate
 		return nil
@@ -211,7 +233,7 @@ func SendMail(config MailtoConfig, recipient string, msg []byte) (err error) {
 		}
 	}
 
-	if config.DKIM.Domain != "" {
+	if config.DKIM.Enabled() {
 		msg, err = DKIMSign(msg, config.DKIM)
 		if err != nil {
 			return
@@ -241,6 +263,6 @@ func SendMail(config MailtoConfig, recipient string, msg []byte) (err error) {
 
 	return smtp.SendMail(
 		addr, auth, config.HeloDomain, config.Sender, []string{recipient}, msg,
-		config.RequireTLS, implicitTLS, config.Timeout,
+		config.RequireTLS, implicitTLS, config.Protocol, config.localAddress, config.Timeout,
 	)
 }
diff --git a/irc/errors.go b/irc/errors.go
index 804cfce2..6c3a790a 100644
--- a/irc/errors.go
+++ b/irc/errors.go
@@ -33,6 +33,7 @@ var (
 	errAccountVerificationInvalidCode = errors.New("Invalid account verification code")
 	errAccountUpdateFailed            = errors.New(`Error while updating your account information`)
 	errAccountMustHoldNick            = errors.New(`You must hold that nickname in order to register it`)
+	errAuthRequired                   = errors.New("You must be logged into an account to do this")
 	errAuthzidAuthcidMismatch         = errors.New(`authcid and authzid must be the same`)
 	errCertfpAlreadyExists            = errors.New(`An account already exists for your certificate fingerprint`)
 	errChannelNotOwnedByAccount       = errors.New("Channel not owned by the specified account")
@@ -76,6 +77,7 @@ var (
 	errValidEmailRequired             = errors.New("A valid email address is required for account registration")
 	errInvalidAccountRename           = errors.New("Account renames can only change the casefolding of the account name")
 	errNameReserved                   = errors.New(`Name reserved due to a prior registration`)
+	errInvalidBearerTokenType         = errors.New("invalid bearer token type")
 )
 
 // String Errors
diff --git a/irc/flock/flock.go b/irc/flock/flock.go
index 42d89270..5f4f5913 100644
--- a/irc/flock/flock.go
+++ b/irc/flock/flock.go
@@ -1,4 +1,4 @@
-//go:build !plan9
+//go:build !(plan9 || solaris)
 
 package flock
 
diff --git a/irc/flock/flock_plan9.go b/irc/flock/flock_unsupported.go
similarity index 79%
rename from irc/flock/flock_plan9.go
rename to irc/flock/flock_unsupported.go
index 06ffeb7c..8cb5e587 100644
--- a/irc/flock/flock_plan9.go
+++ b/irc/flock/flock_unsupported.go
@@ -1,4 +1,4 @@
-//go:build plan9
+//go:build plan9 || solaris
 
 package flock
 
diff --git a/irc/gateways.go b/irc/gateways.go
index cbc9c4c6..e8ab60ab 100644
--- a/irc/gateways.go
+++ b/irc/gateways.go
@@ -32,6 +32,7 @@ type webircConfig struct {
 	Fingerprint    *string // legacy name for certfp, #1050
 	Certfp         string
 	Hosts          []string
+	AcceptHostname bool `yaml:"accept-hostname"`
 	allowedNets    []net.IPNet
 }
 
@@ -91,7 +92,7 @@ func (client *Client) ApplyProxiedIP(session *Session, proxiedIP net.IP, tls boo
 	client.server.connectionLimiter.RemoveClient(flatip.FromNetIP(session.realIP))
 
 	// given IP is sane! override the client's current IP
-	client.server.logger.Info("connect-ip", "Accepted proxy IP for client", proxiedIP.String())
+	client.server.logger.Info("connect-ip", session.connID, "Accepted proxy IP for client", proxiedIP.String())
 
 	client.stateMutex.Lock()
 	defer client.stateMutex.Unlock()
diff --git a/irc/getters.go b/irc/getters.go
index baf86cc6..fc85bce3 100644
--- a/irc/getters.go
+++ b/irc/getters.go
@@ -7,22 +7,21 @@ import (
 	"fmt"
 	"maps"
 	"net"
+	"slices"
 	"time"
 
 	"github.com/ergochat/ergo/irc/caps"
+	"github.com/ergochat/ergo/irc/connection_limits"
 	"github.com/ergochat/ergo/irc/languages"
 	"github.com/ergochat/ergo/irc/modes"
 	"github.com/ergochat/ergo/irc/utils"
+	"github.com/ergochat/ergo/irc/webpush"
 )
 
 func (server *Server) Config() (config *Config) {
 	return server.config.Load()
 }
 
-func (server *Server) ChannelRegistrationEnabled() bool {
-	return server.Config().Channels.Registration.Enabled
-}
-
 func (server *Server) GetOperator(name string) (oper *Oper) {
 	name, err := CasefoldName(name)
 	if err != nil {
@@ -58,6 +57,7 @@ type SessionData struct {
 	certfp    string
 	deviceID  string
 	connInfo  string
+	connID    string
 	sessionID int64
 	caps      []string
 }
@@ -78,6 +78,7 @@ func (client *Client) AllSessionData(currentSession *Session, hasPrivs bool) (da
 			hostname:  session.rawHostname,
 			certfp:    session.certfp,
 			deviceID:  session.deviceID,
+			connID:    session.connID,
 			sessionID: session.sessionID,
 		}
 		if session.proxiedIP != nil {
@@ -111,8 +112,8 @@ func (client *Client) AddSession(session *Session) (success bool, numSessions in
 	newSessions[len(newSessions)-1] = session
 	if client.accountSettings.AutoreplayMissed || session.deviceID != "" {
 		lastSeen = client.lastSeen[session.deviceID]
-		client.setLastSeen(time.Now().UTC(), session.deviceID)
 	}
+	client.setLastSeen(time.Now().UTC(), session.deviceID)
 	client.sessions = newSessions
 	wasAway = client.awayMessage
 	if client.autoAwayEnabledNoMutex(config) {
@@ -224,6 +225,13 @@ func (session *Session) SetAway(awayMessage string) (wasAway, nowAway string) {
 	return
 }
 
+func (session *Session) ConnID() string {
+	if session == nil {
+		return "*"
+	}
+	return session.connID
+}
+
 func (client *Client) autoAwayEnabledNoMutex(config *Config) bool {
 	return client.registered && client.alwaysOn &&
 		persistenceEnabled(config.Accounts.Multiclient.AutoAway, client.accountSettings.AutoAway)
@@ -490,6 +498,9 @@ func (client *Client) checkAlwaysOnExpirationNoMutex(config *Config, ignoreRegis
 	if !((client.registered || ignoreRegistration) && client.alwaysOn) {
 		return false
 	}
+	if len(client.lastSeen) == 0 {
+		return true // #2252: do not precreate the client if it was never logged into at all
+	}
 	deadline := time.Duration(config.Accounts.Multiclient.AlwaysOnExpiration)
 	if deadline == 0 {
 		return false
@@ -508,11 +519,18 @@ func (client *Client) GetReadMarker(cfname string) (result string) {
 	t, ok := client.readMarkers[cfname]
 	client.stateMutex.RUnlock()
 	if ok {
-		return fmt.Sprintf("timestamp=%s", t.Format(IRCv3TimestampFormat))
+		return fmt.Sprintf("timestamp=%s", t.Format(utils.IRCv3TimestampFormat))
 	}
 	return "*"
 }
 
+func (client *Client) getMarkreadTime(cfname string) (timestamp time.Time, ok bool) {
+	client.stateMutex.RLock()
+	timestamp, ok = client.readMarkers[cfname]
+	client.stateMutex.RUnlock()
+	return
+}
+
 func (client *Client) copyReadMarkers() (result map[string]time.Time) {
 	client.stateMutex.RLock()
 	defer client.stateMutex.RUnlock()
@@ -551,6 +569,28 @@ func updateLRUMap(lru map[string]time.Time, key string, val time.Time, maxItems
 	return val
 }
 
+func (client *Client) addClearablePushMessage(cftarget string, messageTime time.Time) {
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	if client.clearablePushMessages == nil {
+		client.clearablePushMessages = make(map[string]time.Time)
+	}
+	updateLRUMap(client.clearablePushMessages, cftarget, messageTime, maxReadMarkers)
+}
+
+func (client *Client) clearClearablePushMessage(cftarget string, readTimestamp time.Time) (ok bool) {
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	pushMessageTime, ok := client.clearablePushMessages[cftarget]
+	if ok && utils.ReadMarkerLessThanOrEqual(pushMessageTime, readTimestamp) {
+		delete(client.clearablePushMessages, cftarget)
+		return true
+	}
+	return false
+}
+
 func (client *Client) shouldFlushTimestamps() (result bool) {
 	client.stateMutex.Lock()
 	defer client.stateMutex.Unlock()
@@ -566,6 +606,134 @@ func (client *Client) setKlined() {
 	client.stateMutex.Unlock()
 }
 
+func (client *Client) refreshPushSubscription(endpoint string, keys webpush.Keys) bool {
+	// do not mark dirty --- defer the write to periodic maintenance
+	now := time.Now().UTC()
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	sub, ok := client.pushSubscriptions[endpoint]
+	if ok && sub.Keys.Equal(keys) {
+		sub.LastRefresh = now
+		return true
+	}
+	return false // subscription doesn't exist, we need to send a test message
+}
+
+func (client *Client) addPushSubscription(endpoint string, keys webpush.Keys) error {
+	changed := false
+
+	defer func() {
+		if changed {
+			client.markDirty(IncludeAllAttrs)
+		}
+	}()
+
+	config := client.server.Config()
+	now := time.Now().UTC()
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	if client.pushSubscriptions == nil {
+		client.pushSubscriptions = make(map[string]*pushSubscription)
+	}
+
+	sub, ok := client.pushSubscriptions[endpoint]
+	if ok {
+		changed = !sub.Keys.Equal(keys)
+		sub.Keys = keys
+		sub.LastRefresh = now
+	} else {
+		if len(client.pushSubscriptions) >= config.WebPush.MaxSubscriptions {
+			return errLimitExceeded
+		}
+		changed = true
+		sub = newPushSubscription(storedPushSubscription{
+			Endpoint:    endpoint,
+			Keys:        keys,
+			LastRefresh: now,
+			LastSuccess: now, // assume we just sent a successful message to confirm the sub
+		})
+		client.pushSubscriptions[endpoint] = sub
+	}
+
+	if changed {
+		client.rebuildPushSubscriptionCache()
+	}
+
+	return nil
+}
+
+func (client *Client) hasPushSubscriptions() bool {
+	return client.pushSubscriptionsExist.Load() != 0
+}
+
+func (client *Client) getPushSubscriptions(refresh bool) []storedPushSubscription {
+	if refresh {
+		func() {
+			client.stateMutex.Lock()
+			defer client.stateMutex.Unlock()
+			client.rebuildPushSubscriptionCache()
+		}()
+	}
+
+	client.stateMutex.RLock()
+	defer client.stateMutex.RUnlock()
+	return client.cachedPushSubscriptions
+}
+
+func (client *Client) rebuildPushSubscriptionCache() {
+	// must hold write lock
+	if len(client.pushSubscriptions) == 0 {
+		client.cachedPushSubscriptions = nil
+		client.pushSubscriptionsExist.Store(0)
+		return
+	}
+
+	client.cachedPushSubscriptions = make([]storedPushSubscription, 0, len(client.pushSubscriptions))
+	for _, subscription := range client.pushSubscriptions {
+		client.cachedPushSubscriptions = append(client.cachedPushSubscriptions, subscription.storedPushSubscription)
+	}
+	client.pushSubscriptionsExist.Store(1)
+}
+
+func (client *Client) deletePushSubscription(endpoint string, writeback bool) (changed bool) {
+	defer func() {
+		if writeback && changed {
+			client.markDirty(IncludeAllAttrs)
+		}
+	}()
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	_, ok := client.pushSubscriptions[endpoint]
+	if ok {
+		changed = true
+		delete(client.pushSubscriptions, endpoint)
+		client.rebuildPushSubscriptionCache()
+	}
+	return
+}
+
+func (client *Client) recordPush(endpoint string, success bool) {
+	now := time.Now().UTC()
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	subscription, ok := client.pushSubscriptions[endpoint]
+	if !ok {
+		return
+	}
+	if success {
+		subscription.LastSuccess = now
+	}
+	// TODO we may want to track failures in some way in the future
+}
+
 func (channel *Channel) Name() string {
 	channel.stateMutex.RLock()
 	defer channel.stateMutex.RUnlock()
@@ -616,9 +784,11 @@ func (channel *Channel) Founder() string {
 
 func (channel *Channel) HighestUserMode(client *Client) (result modes.Mode) {
 	channel.stateMutex.RLock()
-	clientModes := channel.members[client].modes
-	channel.stateMutex.RUnlock()
-	return clientModes.HighestChannelUserMode()
+	defer channel.stateMutex.RUnlock()
+	if clientData, ok := channel.members[client]; ok {
+		return clientData.modes.HighestChannelUserMode()
+	}
+	return
 }
 
 func (channel *Channel) Settings() (result ChannelSettings) {
@@ -629,10 +799,12 @@ func (channel *Channel) Settings() (result ChannelSettings) {
 }
 
 func (channel *Channel) SetSettings(settings ChannelSettings) {
+	defer channel.MarkDirty(IncludeSettings)
+
 	channel.stateMutex.Lock()
+	defer channel.stateMutex.Unlock()
+
 	channel.settings = settings
-	channel.stateMutex.Unlock()
-	channel.MarkDirty(IncludeSettings)
 }
 
 func (channel *Channel) setForward(forward string) {
@@ -659,3 +831,262 @@ func (channel *Channel) UUID() utils.UUID {
 	defer channel.stateMutex.RUnlock()
 	return channel.uuid
 }
+
+func (session *Session) isSubscribedTo(key string) bool {
+	session.client.stateMutex.RLock()
+	defer session.client.stateMutex.RUnlock()
+
+	return session.metadataSubscriptions.Has(key)
+}
+
+func (session *Session) SubscribeTo(keys ...string) ([]string, error) {
+	maxSubs := session.client.server.Config().Metadata.MaxSubs
+
+	session.client.stateMutex.Lock()
+	defer session.client.stateMutex.Unlock()
+
+	if session.metadataSubscriptions == nil {
+		session.metadataSubscriptions = make(utils.HashSet[string])
+	}
+
+	var added []string
+
+	for _, k := range keys {
+		if !session.metadataSubscriptions.Has(k) {
+			if len(session.metadataSubscriptions) > maxSubs {
+				return added, errMetadataTooManySubs
+			}
+			added = append(added, k)
+			session.metadataSubscriptions.Add(k)
+		}
+	}
+
+	return added, nil
+}
+
+func (session *Session) UnsubscribeFrom(keys ...string) []string {
+	session.client.stateMutex.Lock()
+	defer session.client.stateMutex.Unlock()
+
+	var removed []string
+
+	for k := range session.metadataSubscriptions {
+		if slices.Contains(keys, k) {
+			removed = append(removed, k)
+			session.metadataSubscriptions.Remove(k)
+		}
+	}
+
+	return removed
+}
+
+func (session *Session) MetadataSubscriptions() utils.HashSet[string] {
+	session.client.stateMutex.Lock()
+	defer session.client.stateMutex.Unlock()
+
+	return maps.Clone(session.metadataSubscriptions)
+}
+
+func (channel *Channel) GetMetadata(key string) (string, bool) {
+	channel.stateMutex.RLock()
+	defer channel.stateMutex.RUnlock()
+
+	val, ok := channel.metadata[key]
+	return val, ok
+}
+
+func (channel *Channel) SetMetadata(key string, value string, limit int) (updated bool, err error) {
+	defer channel.MarkDirty(IncludeAllAttrs)
+
+	channel.stateMutex.Lock()
+	defer channel.stateMutex.Unlock()
+
+	if channel.metadata == nil {
+		channel.metadata = make(map[string]string)
+	}
+
+	existing, ok := channel.metadata[key]
+	if !ok && len(channel.metadata) >= limit {
+		return false, errLimitExceeded
+	}
+	updated = !ok || value != existing
+	if updated {
+		channel.metadata[key] = value
+	}
+	return updated, nil
+}
+
+func (channel *Channel) ListMetadata() map[string]string {
+	channel.stateMutex.RLock()
+	defer channel.stateMutex.RUnlock()
+
+	return maps.Clone(channel.metadata)
+}
+
+func (channel *Channel) DeleteMetadata(key string) (updated bool) {
+	defer channel.MarkDirty(IncludeAllAttrs)
+
+	channel.stateMutex.Lock()
+	defer channel.stateMutex.Unlock()
+
+	_, updated = channel.metadata[key]
+	if updated {
+		delete(channel.metadata, key)
+	}
+	return updated
+}
+
+func (channel *Channel) ClearMetadata() map[string]string {
+	defer channel.MarkDirty(IncludeAllAttrs)
+	channel.stateMutex.Lock()
+	defer channel.stateMutex.Unlock()
+
+	oldMap := channel.metadata
+	channel.metadata = nil
+
+	return oldMap
+}
+
+func (channel *Channel) CountMetadata() int {
+	channel.stateMutex.RLock()
+	defer channel.stateMutex.RUnlock()
+
+	return len(channel.metadata)
+}
+
+func (client *Client) GetMetadata(key string) (string, bool) {
+	client.stateMutex.RLock()
+	defer client.stateMutex.RUnlock()
+
+	val, ok := client.metadata[key]
+	return val, ok
+}
+
+func (client *Client) SetMetadata(key string, value string, limit int) (updated bool, err error) {
+	var alwaysOn bool
+	defer func() {
+		if alwaysOn && updated {
+			client.markDirty(IncludeMetadata)
+		}
+	}()
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	alwaysOn = client.registered && client.alwaysOn
+
+	if client.metadata == nil {
+		client.metadata = make(map[string]string)
+	}
+
+	existing, ok := client.metadata[key]
+	if !ok && len(client.metadata) >= limit {
+		return false, errLimitExceeded
+	}
+	updated = !ok || value != existing
+	if updated {
+		client.metadata[key] = value
+	}
+	return updated, nil
+}
+
+func (client *Client) UpdateMetadataFromPrereg(preregData map[string]string, limit int) (updates map[string]string) {
+	var alwaysOn bool
+	defer func() {
+		if alwaysOn && len(updates) > 0 {
+			client.markDirty(IncludeMetadata)
+		}
+	}()
+
+	updates = make(map[string]string, len(preregData))
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	alwaysOn = client.registered && client.alwaysOn
+
+	if client.metadata == nil {
+		client.metadata = make(map[string]string)
+	}
+
+	for k, v := range preregData {
+		// do not overwrite any existing keys
+		_, ok := client.metadata[k]
+		if ok {
+			continue
+		}
+		if len(client.metadata) >= limit {
+			return // we know this is a new key
+		}
+		client.metadata[k] = v
+		updates[k] = v
+	}
+
+	return
+}
+
+func (client *Client) ListMetadata() map[string]string {
+	client.stateMutex.RLock()
+	defer client.stateMutex.RUnlock()
+
+	return maps.Clone(client.metadata)
+}
+
+func (client *Client) DeleteMetadata(key string) (updated bool) {
+	defer func() {
+		if updated {
+			client.markDirty(IncludeMetadata)
+		}
+	}()
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	_, updated = client.metadata[key]
+	if updated {
+		delete(client.metadata, key)
+	}
+	return updated
+}
+
+func (client *Client) ClearMetadata() (oldMap map[string]string) {
+	defer func() {
+		if len(oldMap) > 0 {
+			client.markDirty(IncludeMetadata)
+		}
+	}()
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	oldMap = client.metadata
+	client.metadata = nil
+
+	return oldMap
+}
+
+func (client *Client) CountMetadata() int {
+	client.stateMutex.RLock()
+	defer client.stateMutex.RUnlock()
+
+	return len(client.metadata)
+}
+
+func (client *Client) checkMetadataThrottle() (throttled bool, remainingTime time.Duration) {
+	config := client.server.Config()
+	if !config.Metadata.ClientThrottle.Enabled {
+		return false, 0
+	}
+
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+
+	// copy client.metadataThrottle locally and then back for processing
+	var throttle connection_limits.GenericThrottle
+	throttle.ThrottleDetails = client.metadataThrottle
+	throttle.Duration = config.Metadata.ClientThrottle.Duration
+	throttle.Limit = config.Metadata.ClientThrottle.MaxAttempts
+	throttled, remainingTime = throttle.Touch()
+	client.metadataThrottle = throttle.ThrottleDetails
+	return
+}
diff --git a/irc/handlers.go b/irc/handlers.go
index 520f26c1..b74800f0 100644
--- a/irc/handlers.go
+++ b/irc/handlers.go
@@ -8,13 +8,14 @@ package irc
 
 import (
 	"bytes"
-	"encoding/base64"
 	"fmt"
+	"maps"
 	"net"
 	"os"
 	"runtime"
 	"runtime/debug"
 	"runtime/pprof"
+	"slices"
 	"sort"
 	"strconv"
 	"strings"
@@ -31,8 +32,10 @@ import (
 	"github.com/ergochat/ergo/irc/history"
 	"github.com/ergochat/ergo/irc/jwt"
 	"github.com/ergochat/ergo/irc/modes"
+	"github.com/ergochat/ergo/irc/oauth2"
 	"github.com/ergochat/ergo/irc/sno"
 	"github.com/ergochat/ergo/irc/utils"
+	"github.com/ergochat/ergo/irc/webpush"
 )
 
 // helper function to parse ACC callbacks, e.g., mailto:person@example.com, tel:16505551234
@@ -136,7 +139,7 @@ func sendSuccessfulAccountAuth(service *ircService, client *Client, rb *Response
 		}
 	}
 
-	client.server.logger.Info("accounts", "client", details.nick, "logged into account", details.accountName)
+	client.server.logger.Info("accounts", rb.session.ConnID(), details.nick, "logged into account", details.accountName)
 }
 
 func (server *Server) sendLoginSnomask(nickMask, accountName string) {
@@ -148,11 +151,8 @@ func (server *Server) sendLoginSnomask(nickMask, accountName string) {
 // to indicate that it should be removed from the list
 func acceptHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) bool {
 	for _, tNick := range strings.Split(msg.Params[0], ",") {
-		add := true
-		if strings.HasPrefix(tNick, "-") {
-			add = false
-			tNick = strings.TrimPrefix(tNick, "-")
-		}
+		tNick, negPrefix := strings.CutPrefix(tNick, "-")
+		add := !negPrefix
 
 		target := server.clients.Get(tNick)
 		if target == nil {
@@ -178,6 +178,10 @@ func acceptHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respo
 	return false
 }
 
+const (
+	saslMaxResponseLength = 8192 // implementation-defined sanity check, long enough for bearer tokens
+)
+
 // AUTHENTICATE [<mechanism>|<data>|*]
 func authenticateHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) bool {
 	session := rb.session
@@ -201,18 +205,21 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.Message, rb
 		return false
 	}
 
-	// start new sasl session
+	// start new sasl session: parameter is the authentication mechanism
 	if session.sasl.mechanism == "" {
-		throttled, remainingTime := client.loginThrottle.Touch()
-		if throttled {
-			rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(),
-				fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime.Round(time.Millisecond)))
-			return false
-		}
-
 		mechanism := strings.ToUpper(msg.Params[0])
 		_, mechanismIsEnabled := EnabledSaslMechanisms[mechanism]
 
+		// The spec says: "The AUTHENTICATE command MUST be used before registration
+		// is complete and with the sasl capability enabled." Enforcing this universally
+		// would simplify the implementation somewhat, but we've never enforced it before
+		// and I don't want to break working clients that use PLAIN or EXTERNAL
+		// and violate this MUST (e.g. by sending CAP END too early).
+		if client.registered && !(mechanism == "PLAIN" || mechanism == "EXTERNAL") {
+			rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL is only allowed before connection registration"))
+			return false
+		}
+
 		if mechanismIsEnabled {
 			session.sasl.mechanism = mechanism
 			if !config.Server.Compatibility.SendUnprefixedSasl {
@@ -230,46 +237,28 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.Message, rb
 		return false
 	}
 
-	// continue existing sasl session
-	rawData := msg.Params[0]
-
-	// https://ircv3.net/specs/extensions/sasl-3.1:
-	// "The response is encoded in Base64 (RFC 4648), then split to 400-byte chunks,
-	// and each chunk is sent as a separate AUTHENTICATE command."
-	saslMaxArgLength := 400
-	if len(rawData) > saslMaxArgLength {
+	// continue existing sasl session: parameter is a message chunk
+	done, value, err := session.sasl.value.Add(msg.Params[0])
+	if err == nil {
+		if done {
+			// call actual handler
+			handler := EnabledSaslMechanisms[session.sasl.mechanism]
+			return handler(server, client, session, value, rb)
+		} else {
+			return false // wait for continuation line
+		}
+	}
+	// else: error handling
+	switch err {
+	case ircutils.ErrSASLTooLong:
 		rb.Add(nil, server.name, ERR_SASLTOOLONG, details.nick, client.t("SASL message too long"))
-		session.sasl.Clear()
-		return false
-	} else if len(rawData) == saslMaxArgLength {
-		// allow 4 'continuation' lines before rejecting for length
-		if len(session.sasl.value) >= saslMaxArgLength*4 {
-			rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL authentication failed: Passphrase too long"))
-			session.sasl.Clear()
-			return false
-		}
-		session.sasl.value += rawData
-		return false
+	case ircutils.ErrSASLLimitExceeded:
+		rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL authentication failed: Passphrase too long"))
+	default:
+		rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL authentication failed: Invalid b64 encoding"))
 	}
-	if rawData != "+" {
-		session.sasl.value += rawData
-	}
-
-	var data []byte
-	var err error
-	if session.sasl.value != "+" {
-		data, err = base64.StdEncoding.DecodeString(session.sasl.value)
-		session.sasl.value = ""
-		if err != nil {
-			rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL authentication failed: Invalid b64 encoding"))
-			session.sasl.Clear()
-			return false
-		}
-	}
-
-	// call actual handler
-	handler := EnabledSaslMechanisms[session.sasl.mechanism]
-	return handler(server, client, session, data, rb)
+	session.sasl.Clear()
+	return false
 }
 
 // AUTHENTICATE PLAIN
@@ -317,6 +306,27 @@ func authPlainHandler(server *Server, client *Client, session *Session, value []
 	return false
 }
 
+// AUTHENTICATE IRCV3BEARER
+func authIRCv3BearerHandler(server *Server, client *Client, session *Session, value []byte, rb *ResponseBuffer) bool {
+	defer session.sasl.Clear()
+
+	// <authzid> \x00 <type> \x00 <token>
+	splitValue := bytes.SplitN(value, []byte{'\000'}, 3)
+	if len(splitValue) != 3 {
+		rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), client.t("SASL authentication failed: Invalid auth blob"))
+		return false
+	}
+
+	err := server.accounts.AuthenticateByBearerToken(client, string(splitValue[1]), string(splitValue[2]))
+	if err != nil {
+		sendAuthErrorResponse(client, rb, err)
+		return false
+	}
+
+	sendSuccessfulAccountAuth(nil, client, rb, true)
+	return false
+}
+
 func sendAuthErrorResponse(client *Client, rb *ResponseBuffer, err error) {
 	msg := authErrorToMessage(client.server, err)
 	rb.Add(nil, client.server.name, ERR_SASLFAIL, client.nick, fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg)))
@@ -331,7 +341,7 @@ func authErrorToMessage(server *Server, err error) (msg string) {
 	}
 
 	switch err {
-	case errAccountDoesNotExist, errAccountUnverified, errAccountInvalidCredentials, errAuthzidAuthcidMismatch, errNickAccountMismatch, errAccountSuspended:
+	case errAccountDoesNotExist, errAccountUnverified, errAccountInvalidCredentials, errAuthzidAuthcidMismatch, errNickAccountMismatch, errAccountSuspended, oauth2.ErrInvalidToken:
 		return err.Error()
 	default:
 		// don't expose arbitrary error messages to the user
@@ -351,28 +361,18 @@ func authExternalHandler(server *Server, client *Client, session *Session, value
 
 	// EXTERNAL doesn't carry an authentication ID (this is determined from the
 	// certificate), but does carry an optional authorization ID.
-	var authzid string
+	authzid := string(value)
+	var deviceID string
 	var err error
-	if len(value) != 0 {
-		authzid, err = CasefoldName(string(value))
-		if err != nil {
-			err = errAuthzidAuthcidMismatch
-		}
+	// see #843: strip the device ID for the benefit of clients that don't
+	// distinguish user/ident from account name
+	if strudelIndex := strings.IndexByte(authzid, '@'); strudelIndex != -1 {
+		authzid, deviceID = authzid[:strudelIndex], authzid[strudelIndex+1:]
 	}
 
 	if err == nil {
-		// see #843: strip the device ID for the benefit of clients that don't
-		// distinguish user/ident from account name
-		if strudelIndex := strings.IndexByte(authzid, '@'); strudelIndex != -1 {
-			var deviceID string
-			authzid, deviceID = authzid[:strudelIndex], authzid[strudelIndex+1:]
-			if !client.registered {
-				rb.session.deviceID = deviceID
-			}
-		}
 		err = server.accounts.AuthenticateByCertificate(client, rb.session.certfp, rb.session.peerCerts, authzid)
 	}
-
 	if err != nil {
 		sendAuthErrorResponse(client, rb, err)
 		return false
@@ -381,6 +381,9 @@ func authExternalHandler(server *Server, client *Client, session *Session, value
 	}
 
 	sendSuccessfulAccountAuth(nil, client, rb, true)
+	if !client.registered && deviceID != "" {
+		rb.session.deviceID = deviceID
+	}
 	return false
 }
 
@@ -395,6 +398,12 @@ func authScramHandler(server *Server, client *Client, session *Session, value []
 
 	// first message? if so, initialize the SCRAM conversation
 	if session.sasl.scramConv == nil {
+		if throttled, remainingTime := client.checkLoginThrottle(); throttled {
+			rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(),
+				fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime.Round(time.Millisecond)))
+			continueAuth = false
+			return false
+		}
 		session.sasl.scramConv = server.accounts.NewScramConversation()
 	}
 
@@ -418,9 +427,8 @@ func authScramHandler(server *Server, client *Client, session *Session, value []
 			account, err := server.accounts.LoadAccount(authcid)
 			if err == nil {
 				server.accounts.Login(client, account)
-				if fixupNickEqualsAccount(client, rb, server.Config(), "") {
-					sendSuccessfulAccountAuth(nil, client, rb, true)
-				}
+				// fixupNickEqualsAccount is not needed for unregistered clients
+				sendSuccessfulAccountAuth(nil, client, rb, true)
 			} else {
 				server.logger.Error("internal", "SCRAM succeeded but couldn't load account", authcid, err.Error())
 				rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed"))
@@ -433,7 +441,7 @@ func authScramHandler(server *Server, client *Client, session *Session, value []
 
 	response, err := session.sasl.scramConv.Step(string(value))
 	if err == nil {
-		rb.Add(nil, server.name, "AUTHENTICATE", base64.StdEncoding.EncodeToString([]byte(response)))
+		sendSASLChallenge(server, rb, []byte(response))
 	} else {
 		continueAuth = false
 		rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), err.Error())
@@ -443,6 +451,58 @@ func authScramHandler(server *Server, client *Client, session *Session, value []
 	return false
 }
 
+// AUTHENTICATE OAUTHBEARER
+func authOauthBearerHandler(server *Server, client *Client, session *Session, value []byte, rb *ResponseBuffer) bool {
+	if !server.Config().Accounts.OAuth2.Enabled {
+		rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), "SASL authentication failed: mechanism not enabled")
+		return false
+	}
+
+	if session.sasl.oauthConv == nil {
+		session.sasl.oauthConv = oauth2.NewOAuthBearerServer(
+			func(opts oauth2.OAuthBearerOptions) *oauth2.OAuthBearerError {
+				err := server.accounts.AuthenticateByOAuthBearer(client, opts)
+				switch err {
+				case nil:
+					return nil
+				case oauth2.ErrInvalidToken:
+					return &oauth2.OAuthBearerError{Status: "invalid_token", Schemes: "bearer"}
+				case errFeatureDisabled:
+					return &oauth2.OAuthBearerError{Status: "invalid_request", Schemes: "bearer"}
+				default:
+					// this is probably a misconfiguration or infrastructure error so we should log it
+					server.logger.Error("internal", "failed to validate OAUTHBEARER token", err.Error())
+					// tell the client it was their fault even though it probably wasn't:
+					return &oauth2.OAuthBearerError{Status: "invalid_request", Schemes: "bearer"}
+				}
+			},
+		)
+	}
+
+	challenge, done, err := session.sasl.oauthConv.Next(value)
+	if done {
+		if err == nil {
+			sendSuccessfulAccountAuth(nil, client, rb, true)
+		} else {
+			rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), ircutils.SanitizeText(err.Error(), 350))
+		}
+		session.sasl.Clear()
+	} else {
+		// ignore `err`, we need to relay the challenge (which may contain a JSON-encoded error)
+		// to the client
+		sendSASLChallenge(server, rb, challenge)
+	}
+	return false
+}
+
+// helper to b64 a sasl response and chunk it into 400-byte lines
+// as per https://ircv3.net/specs/extensions/sasl-3.1
+func sendSASLChallenge(server *Server, rb *ResponseBuffer, challenge []byte) {
+	for _, chunk := range ircutils.EncodeSASLResponse(challenge) {
+		rb.Add(nil, server.name, "AUTHENTICATE", chunk)
+	}
+}
+
 // AWAY [<message>]
 func awayHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) bool {
 	// #1996: `AWAY :` is treated the same as `AWAY`
@@ -640,11 +700,13 @@ func chathistoryHandler(server *Server, client *Client, msg ircmsg.Message, rb *
 	var channel *Channel
 	var sequence history.Sequence
 	var err error
-	var listTargets bool
+	var disabled, listTargets bool
 	var targets []history.TargetListing
 	defer func() {
 		// errors are sent either without a batch, or in a draft/labeled-response batch as usual
-		if err == utils.ErrInvalidParams {
+		if disabled {
+			rb.Add(nil, server.name, "FAIL", "CHATHISTORY", "MESSAGE_ERROR", msg.Params[0], client.t("That feature is disabled"))
+		} else if err == utils.ErrInvalidParams {
 			rb.Add(nil, server.name, "FAIL", "CHATHISTORY", "INVALID_PARAMS", msg.Params[0], client.t("Invalid parameters"))
 		} else if !listTargets && sequence == nil {
 			rb.Add(nil, server.name, "FAIL", "CHATHISTORY", "INVALID_TARGET", msg.Params[0], utils.SafeErrorParam(target), client.t("Messages could not be retrieved"))
@@ -658,7 +720,7 @@ func chathistoryHandler(server *Server, client *Client, msg ircmsg.Message, rb *
 				for _, target := range targets {
 					name := server.UnfoldName(target.CfName)
 					rb.Add(nil, server.name, "CHATHISTORY", "TARGETS", name,
-						target.Time.Format(IRCv3TimestampFormat))
+						target.Time.Format(utils.IRCv3TimestampFormat))
 				}
 			} else if channel != nil {
 				channel.replayHistoryItems(rb, items, true)
@@ -670,7 +732,8 @@ func chathistoryHandler(server *Server, client *Client, msg ircmsg.Message, rb *
 
 	config := server.Config()
 	maxChathistoryLimit := config.History.ChathistoryMax
-	if maxChathistoryLimit == 0 {
+	if !config.History.Enabled || maxChathistoryLimit == 0 {
+		disabled = true
 		return
 	}
 	preposition := strings.ToLower(msg.Params[0])
@@ -693,7 +756,15 @@ func chathistoryHandler(server *Server, client *Client, msg ircmsg.Message, rb *
 			msgid, err = history.NormalizeMsgid(value), nil
 			return
 		} else if identifier == "timestamp" {
-			timestamp, err = time.Parse(IRCv3TimestampFormat, value)
+			timestamp, err = time.Parse(utils.IRCv3TimestampFormat, value)
+			if err == nil {
+				timestamp = timestamp.UTC()
+				if timestamp.Before(unixEpoch) {
+					timestamp = unixEpoch
+				} else if timestamp.After(year2262Problem) {
+					timestamp = year2262Problem
+				}
+			}
 			return
 		}
 		return
@@ -704,7 +775,7 @@ func chathistoryHandler(server *Server, client *Client, msg ircmsg.Message, rb *
 			return maxChathistoryLimit
 		}
 		limit, err := strconv.Atoi(msg.Params[paramIndex])
-		if err != nil || limit == 0 || limit > maxChathistoryLimit {
+		if err != nil || limit <= 0 || limit > maxChathistoryLimit {
 			limit = maxChathistoryLimit
 		}
 		return
@@ -795,7 +866,6 @@ func debugHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respon
 	switch param {
 	case "GCSTATS":
 		stats := debug.GCStats{
-			Pause:          make([]time.Duration, 10),
 			PauseQuantiles: make([]time.Duration, 5),
 		}
 		debug.ReadGCStats(&stats)
@@ -1261,6 +1331,15 @@ func isonHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respons
 	return false
 }
 
+// ISUPPORT
+func isupportHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) bool {
+	server.RplISupport(client, rb)
+	if !client.registered {
+		rb.session.isupportSentPrereg = true
+	}
+	return false
+}
+
 // JOIN <channel>{,<channel>} [<key>{,<key>}]
 func joinHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) bool {
 	// #1417: allow `JOIN 0` with a confirmation code
@@ -1568,7 +1647,7 @@ func klineHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respon
 	// get comment(s)
 	reason, operReason := getReasonsFromParams(msg.Params, currentArg)
 
-	err = server.klines.AddMask(mask, duration, reason, operReason, operName)
+	err = server.klines.AddMask(mask, duration, false, reason, operReason, operName)
 	if err != nil {
 		rb.Notice(fmt.Sprintf(client.t("Could not successfully save new K-LINE: %s"), err.Error()))
 		return false
@@ -1783,14 +1862,14 @@ func cmodeHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respon
 	if 1 < len(msg.Params) {
 		// parse out real mode changes
 		params := msg.Params[1:]
-		var unknown map[rune]bool
+		var unknown []rune
 		changes, unknown = modes.ParseChannelModeChanges(params...)
 
 		// alert for unknown mode changes
-		for char := range unknown {
+		for _, char := range unknown {
 			rb.Add(nil, server.name, ERR_UNKNOWNMODE, client.nick, string(char), client.t("is an unknown mode character to me"))
 		}
-		if len(unknown) == 1 && len(changes) == 0 {
+		if len(unknown) != 0 && len(changes) == 0 {
 			return false
 		}
 	}
@@ -1874,10 +1953,10 @@ func umodeHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respon
 		changes, unknown := modes.ParseUserModeChanges(params...)
 
 		// alert for unknown mode changes
-		for char := range unknown {
+		for _, char := range unknown {
 			rb.Add(nil, server.name, ERR_UNKNOWNMODE, cDetails.nick, string(char), client.t("is an unknown mode character to me"))
 		}
-		if len(unknown) == 1 && len(changes) == 0 {
+		if len(unknown) != 0 && len(changes) == 0 {
 			return false
 		}
 
@@ -2124,6 +2203,7 @@ func validateLineLen(msgType history.ItemType, source, target, payload string) (
 	default:
 		return true
 	}
+	limit -= len(target)
 	limit -= len(payload)
 	return limit >= 0
 }
@@ -2144,27 +2224,30 @@ func validateSplitMessageLen(msgType history.ItemType, source, target string, me
 
 // helper to store a batched PRIVMSG in the session object
 func absorbBatchedMessage(server *Server, client *Client, msg ircmsg.Message, batchTag string, histType history.ItemType, rb *ResponseBuffer) {
-	var errorCode, errorMessage string
+	var failParams []string
 	defer func() {
-		if errorCode != "" {
+		if failParams != nil {
 			if histType != history.Notice {
-				rb.Add(nil, server.name, "FAIL", "BATCH", errorCode, errorMessage)
+				params := make([]string, 1+len(failParams))
+				params[0] = "BATCH"
+				copy(params[1:], failParams)
+				rb.Add(nil, server.name, "FAIL", params...)
 			}
 			rb.session.EndMultilineBatch("")
 		}
 	}()
 
 	if batchTag != rb.session.batch.label {
-		errorCode, errorMessage = "MULTILINE_INVALID", client.t("Incorrect batch tag sent")
+		failParams = []string{"MULTILINE_INVALID", client.t("Incorrect batch tag sent")}
 		return
 	} else if len(msg.Params) < 2 {
-		errorCode, errorMessage = "MULTILINE_INVALID", client.t("Invalid multiline batch")
+		failParams = []string{"MULTILINE_INVALID", client.t("Invalid multiline batch")}
 		return
 	}
 	rb.session.batch.command = msg.Command
 	isConcat, _ := msg.GetTag(caps.MultilineConcatTag)
 	if isConcat && len(msg.Params[1]) == 0 {
-		errorCode, errorMessage = "MULTILINE_INVALID", client.t("Cannot send a blank line with the multiline concat tag")
+		failParams = []string{"MULTILINE_INVALID", client.t("Cannot send a blank line with the multiline concat tag")}
 		return
 	}
 	if !isConcat && len(rb.session.batch.message.Split) != 0 {
@@ -2174,9 +2257,17 @@ func absorbBatchedMessage(server *Server, client *Client, msg ircmsg.Message, ba
 	rb.session.batch.lenBytes += len(msg.Params[1])
 	config := server.Config()
 	if config.Limits.Multiline.MaxBytes < rb.session.batch.lenBytes {
-		errorCode, errorMessage = "MULTILINE_MAX_BYTES", strconv.Itoa(config.Limits.Multiline.MaxBytes)
+		failParams = []string{
+			"MULTILINE_MAX_BYTES",
+			strconv.Itoa(config.Limits.Multiline.MaxBytes),
+			fmt.Sprintf(client.t("Multiline batch byte limit %d exceeded"), config.Limits.Multiline.MaxBytes),
+		}
 	} else if config.Limits.Multiline.MaxLines != 0 && config.Limits.Multiline.MaxLines < rb.session.batch.message.LenLines() {
-		errorCode, errorMessage = "MULTILINE_MAX_LINES", strconv.Itoa(config.Limits.Multiline.MaxLines)
+		failParams = []string{
+			"MULTILINE_MAX_LINES",
+			strconv.Itoa(config.Limits.Multiline.MaxLines),
+			fmt.Sprintf(client.t("Multiline batch line limit %d exceeded"), config.Limits.Multiline.MaxLines),
+		}
 	}
 }
 
@@ -2385,6 +2476,20 @@ func dispatchMessageToTarget(client *Client, tags map[string]string, histType hi
 			Tags:    tags,
 		}
 		client.addHistoryItem(user, item, &details, &tDetails, config)
+
+		if config.WebPush.Enabled && histType != history.Tagmsg && user.hasPushSubscriptions() && client != user {
+			pushMsgBytes, err := webpush.MakePushMessage(command, nickMaskString, accountName, tnick, message)
+			if err == nil {
+				user.dispatchPushMessage(pushMessage{
+					msg:      pushMsgBytes,
+					urgency:  webpush.UrgencyHigh,
+					cftarget: details.nickCasefolded,
+					time:     message.Time,
+				})
+			} else {
+				server.logger.Error("internal", "can't serialize push message", err.Error())
+			}
+		}
 	}
 }
 
@@ -2443,8 +2548,19 @@ func operHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respons
 		return false
 	}
 
+	config := server.Config()
+	now := time.Now()
+	nextAllowableAttempt := rb.session.lastOperAttempt.Add(config.Server.OperThrottle)
+	if now.Before(nextAllowableAttempt) {
+		timeLeft := nextAllowableAttempt.Sub(now).Round(time.Millisecond)
+		rb.Add(nil, server.name, ERR_NOOPERHOST, client.Nick(), fmt.Sprintf(client.t("You must wait %v before issuing OPER again"), timeLeft))
+		return false
+	}
+
+	rb.session.lastOperAttempt = now
+
 	// must pass at least one check, and all enabled checks
-	var checkPassed, checkFailed, passwordFailed bool
+	var checkPassed, checkFailed, certFailed, passwordFailed bool
 	oper := server.GetOperator(msg.Params[0])
 	if oper != nil {
 		if oper.Certfp != "" {
@@ -2452,11 +2568,13 @@ func operHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respons
 				checkPassed = true
 			} else {
 				checkFailed = true
+				certFailed = true
 			}
 		}
 		if !checkFailed && oper.Pass != nil {
 			if len(msg.Params) == 1 {
 				checkFailed = true
+				passwordFailed = true
 			} else if bcrypt.CompareHashAndPassword(oper.Pass, []byte(msg.Params[1])) != nil {
 				checkFailed = true
 				passwordFailed = true
@@ -2467,14 +2585,21 @@ func operHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respons
 	}
 
 	if !checkPassed || checkFailed {
-		rb.Add(nil, server.name, ERR_PASSWDMISMATCH, client.Nick(), client.t("Password incorrect"))
-		// #951: only disconnect them if we actually tried to check a password for them
-		if passwordFailed {
-			client.Quit(client.t("Password incorrect"), rb.session)
-			return true
+		rb.Add(nil, server.name, ERR_NOOPERHOST, client.Nick(), client.t("OPER failed; check the server logs for details."))
+
+		// hopefully not too spammy given the throttling:
+		if oper == nil {
+			server.logger.Info("opers", "OPER failed with invalid oper name", msg.Params[0])
+		} else if certFailed {
+			server.logger.Info("opers", "OPER attempt for", msg.Params[0], "failed with invalid certfp")
+		} else if passwordFailed {
+			server.logger.Info("opers", "OPER attempt for", msg.Params[0], "failed with invalid password")
 		} else {
-			return false
+			// should not be possible given config validation
+			server.logger.Info("opers", "OPER attempt for", msg.Params[0], "failed with invalid config")
 		}
+
+		return false
 	}
 
 	if oper != nil {
@@ -2807,11 +2932,23 @@ func quitHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respons
 
 // REGISTER < account | * > < email | * > <password>
 func registerHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) (exiting bool) {
-	accountName := client.Nick()
-	if accountName == "*" {
+	var accountName string
+	if client.registered {
+		accountName = client.Nick()
+	} else {
 		accountName = client.preregNick
 	}
 
+	config := server.Config()
+	if client.registered && config.Accounts.NickReservation.ForceGuestFormat {
+		matches := config.Accounts.NickReservation.guestRegexp.FindStringSubmatch(accountName)
+		if matches == nil || len(matches) < 2 {
+			rb.Add(nil, server.name, "FAIL", "REGISTER", "INVALID_USERNAME", utils.SafeErrorParam(accountName), client.t("Username invalid or not given"))
+			return
+		}
+		accountName = matches[1]
+	}
+
 	switch msg.Params[0] {
 	case "*", accountName:
 		// ok
@@ -2828,7 +2965,6 @@ func registerHandler(server *Server, client *Client, msg ircmsg.Message, rb *Res
 		return
 	}
 
-	config := server.Config()
 	if !config.Accounts.Registration.Enabled {
 		rb.Add(nil, server.name, "FAIL", "REGISTER", "DISALLOWED", accountName, client.t("Account registration is disabled"))
 		return
@@ -2874,7 +3010,7 @@ func registerHandler(server *Server, client *Client, msg ircmsg.Message, rb *Res
 			announcePendingReg(client, rb, accountName)
 		}
 	case errAccountAlreadyRegistered, errAccountAlreadyUnregistered, errAccountMustHoldNick:
-		rb.Add(nil, server.name, "FAIL", "REGISTER", "USERNAME_EXISTS", accountName, client.t("Username is already registered or otherwise unavailable"))
+		rb.Add(nil, server.name, "FAIL", "REGISTER", "ACCOUNT_EXISTS", accountName, client.t("Username is already registered or otherwise unavailable"))
 	case errAccountBadPassphrase:
 		rb.Add(nil, server.name, "FAIL", "REGISTER", "INVALID_PASSWORD", accountName, client.t("Password was invalid"))
 	default:
@@ -2952,13 +3088,14 @@ func markReadHandler(server *Server, client *Client, msg ircmsg.Message, rb *Res
 
 	// "MARKREAD client set command": MARKREAD <target> <timestamp>
 	readTimestamp := strings.TrimPrefix(msg.Params[1], "timestamp=")
-	readTime, err := time.Parse(IRCv3TimestampFormat, readTimestamp)
+	readTime, err := time.Parse(utils.IRCv3TimestampFormat, readTimestamp)
 	if err != nil {
 		rb.Add(nil, server.name, "FAIL", "MARKREAD", "INVALID_PARAMS", utils.SafeErrorParam(readTimestamp), client.t("Invalid timestamp"))
 		return
 	}
+	readTime = readTime.UTC()
 	result := client.SetReadMarker(cftarget, readTime)
-	readTimestamp = fmt.Sprintf("timestamp=%s", result.Format(IRCv3TimestampFormat))
+	readTimestamp = fmt.Sprintf("timestamp=%s", result.Format(utils.IRCv3TimestampFormat))
 	// inform the originating session whether it was a success or a no-op:
 	rb.Add(nil, server.name, "MARKREAD", unfoldedTarget, readTimestamp)
 	if result.Equal(readTime) {
@@ -2969,10 +3106,303 @@ func markReadHandler(server *Server, client *Client, msg ircmsg.Message, rb *Res
 				session.Send(nil, server.name, "MARKREAD", unfoldedTarget, readTimestamp)
 			}
 		}
+		if client.clearClearablePushMessage(cftarget, readTime) {
+			line, err := webpush.MakePushLine(time.Now().UTC(), "*", server.name, "MARKREAD", unfoldedTarget, readTimestamp)
+			if err == nil {
+				client.dispatchPushMessage(pushMessage{
+					msg:                 line,
+					originatingEndpoint: rb.session.webPushEndpoint,
+					urgency:             webpush.UrgencyNormal, // copied from soju
+				})
+			} else {
+				server.logger.Error("internal", "couldn't serialize MARKREAD push message", err.Error())
+			}
+		}
 	}
 	return
 }
 
+// METADATA <target> <subcommand> [<and so on>...]
+func metadataHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) (exiting bool) {
+	config := server.Config()
+	if !config.Metadata.Enabled {
+		rb.Add(nil, server.name, "FAIL", "METADATA", "FORBIDDEN", utils.SafeErrorParam(msg.Params[0]), "Metadata is disabled on this server")
+		return
+	}
+
+	subcommand := strings.ToLower(msg.Params[1])
+	needsKey := subcommand == "set" || subcommand == "get" || subcommand == "sub" || subcommand == "unsub"
+	if needsKey && len(msg.Params) < 3 {
+		rb.Add(nil, server.name, ERR_NEEDMOREPARAMS, client.Nick(), msg.Command, client.t("Not enough parameters"))
+		return
+	}
+
+	switch subcommand {
+	case "sub", "unsub", "subs":
+		// these are session-local and function the same whether or not the client is registered
+		return metadataSubsHandler(client, subcommand, msg.Params, rb)
+	case "get", "set", "list", "clear", "sync":
+		if client.registered {
+			return metadataRegisteredHandler(client, config, subcommand, msg.Params, rb)
+		} else {
+			return metadataUnregisteredHandler(client, config, subcommand, msg.Params, rb)
+		}
+	default:
+		rb.Add(nil, server.name, "FAIL", "METADATA", "SUBCOMMAND_INVALID", utils.SafeErrorParam(msg.Params[1]), client.t("Invalid subcommand"))
+		return
+	}
+}
+
+// metadataRegisteredHandler handles metadata-modifying commands from registered clients
+func metadataRegisteredHandler(client *Client, config *Config, subcommand string, params []string, rb *ResponseBuffer) (exiting bool) {
+	server := client.server
+	target := params[0]
+
+	noKeyPerms := func(key string) {
+		rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_NO_PERMISSION", target, key, client.t("You do not have permission to perform this action"))
+	}
+
+	if target == "*" {
+		target = client.Nick()
+	}
+
+	var targetObj MetadataHaver
+	var targetClient *Client
+	var targetChannel *Channel
+	if strings.HasPrefix(target, "#") {
+		targetChannel = server.channels.Get(target)
+		if targetChannel != nil {
+			targetObj = targetChannel
+			target = targetChannel.Name() // canonicalize case
+		}
+	} else {
+		targetClient = server.clients.Get(target)
+		if targetClient != nil {
+			targetObj = targetClient
+			target = targetClient.Nick() // canonicalize case
+		}
+	}
+	if targetObj == nil {
+		rb.Add(nil, server.name, "FAIL", "METADATA", "INVALID_TARGET", target, client.t("Invalid metadata target"))
+		return
+	}
+
+	switch subcommand {
+	case "set":
+		key := params[2]
+		if metadataKeyIsEvil(key) {
+			rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_INVALID", utils.SafeErrorParam(key), client.t("Invalid key name"))
+			return
+		}
+
+		if !metadataCanIEditThisKey(client, targetObj, key) {
+			noKeyPerms(key)
+			return
+		}
+
+		// only rate limit clients changing their own metadata:
+		// channel metadata updates are not any more costly than a PRIVMSG
+		if client == targetClient {
+			if throttled, remainingTime := client.checkMetadataThrottle(); throttled {
+				retryAfter := strconv.Itoa(int(remainingTime.Seconds()) + 1)
+				rb.Add(nil, server.name, "FAIL", "METADATA", "RATE_LIMITED",
+					target, utils.SafeErrorParam(key), retryAfter,
+					fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime.Round(time.Millisecond)))
+				return
+			}
+		}
+
+		if len(params) > 3 {
+			value := params[3]
+
+			config := client.server.Config()
+			if failMsg := metadataValueIsEvil(config, key, value); failMsg != "" {
+				rb.Add(nil, server.name, "FAIL", "METADATA", "VALUE_INVALID", client.t(failMsg))
+				return
+			}
+
+			updated, err := targetObj.SetMetadata(key, value, config.Metadata.MaxKeys)
+			if err != nil {
+				// errLimitExceeded is the only possible error
+				rb.Add(nil, server.name, "FAIL", "METADATA", "LIMIT_REACHED", client.t("Too many metadata keys"))
+				return
+			}
+			// echo the value to the client whether or not there was a real update
+			rb.Add(nil, server.name, RPL_KEYVALUE, client.Nick(), target, key, "*", value)
+			if updated {
+				notifySubscribers(server, rb.session, targetObj, target, key, value, true)
+			}
+		} else {
+			if updated := targetObj.DeleteMetadata(key); updated {
+				notifySubscribers(server, rb.session, targetObj, target, key, "", false)
+				rb.Add(nil, server.name, RPL_KEYNOTSET, client.Nick(), target, key, client.t("Key deleted"))
+			} else {
+				rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_NOT_SET", utils.SafeErrorParam(key), client.t("Metadata key not set"))
+			}
+		}
+
+	case "get":
+		if !metadataCanISeeThisTarget(client, targetObj) {
+			noKeyPerms("*")
+			return
+		}
+
+		batchId := rb.StartNestedBatch("metadata", target)
+		defer rb.EndNestedBatch(batchId)
+
+		for _, key := range params[2:] {
+			if metadataKeyIsEvil(key) {
+				rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_INVALID", utils.SafeErrorParam(key), client.t("Invalid key name"))
+				continue
+			}
+
+			val, ok := targetObj.GetMetadata(key)
+			if !ok {
+				rb.Add(nil, server.name, RPL_KEYNOTSET, client.Nick(), target, key, client.t("Key is not set"))
+				continue
+			}
+
+			visibility := "*"
+			rb.Add(nil, server.name, RPL_KEYVALUE, client.Nick(), target, key, visibility, val)
+		}
+
+	case "list":
+		playMetadataList(rb, client.Nick(), target, targetObj.ListMetadata())
+
+	case "clear":
+		if !metadataCanIEditThisTarget(client, targetObj) {
+			noKeyPerms("*")
+			return
+		}
+
+		values := targetObj.ClearMetadata()
+
+		playMetadataList(rb, client.Nick(), target, values)
+
+	case "sync":
+		if targetChannel != nil {
+			syncChannelMetadata(server, rb, targetChannel)
+		}
+		if targetClient != nil {
+			syncClientMetadata(server, rb, targetClient)
+		}
+	}
+
+	return
+}
+
+// metadataUnregisteredHandler handles metadata-modifying commands for pre-connection-registration
+// clients. these operations act on a session-local buffer; if/when the client completes registration,
+// they are applied to the final Client object (possibly a different client if there was a reattach)
+// on a best-effort basis.
+func metadataUnregisteredHandler(client *Client, config *Config, subcommand string, params []string, rb *ResponseBuffer) (exiting bool) {
+	server := client.server
+	if params[0] != "*" {
+		rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_NO_PERMISSION", utils.SafeErrorParam(params[0]), "*", client.t("You can only modify your own metadata before completing connection registration"))
+		return
+	}
+
+	switch subcommand {
+	case "set":
+		if rb.session.metadataPreregVals == nil {
+			rb.session.metadataPreregVals = make(map[string]string)
+		}
+		key := params[2]
+		if metadataKeyIsEvil(key) {
+			rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_INVALID", utils.SafeErrorParam(key), client.t("Invalid key name"))
+			return
+		}
+		if len(params) >= 4 {
+			value := params[3]
+			// enforce a sane limit on prereg keys. we don't need to enforce the exact limit,
+			// that will be done when applying the buffer after registration
+			if len(rb.session.metadataPreregVals) > config.Metadata.MaxKeys {
+				rb.Add(nil, server.name, "FAIL", "METADATA", "LIMIT_REACHED", client.t("Too many metadata keys"))
+				return
+			}
+			if failMsg := metadataValueIsEvil(config, key, value); failMsg != "" {
+				rb.Add(nil, server.name, "FAIL", "METADATA", "VALUE_INVALID", client.t(failMsg))
+				return
+			}
+			rb.session.metadataPreregVals[key] = value
+			rb.Add(nil, server.name, RPL_KEYVALUE, "*", "*", key, "*", value)
+		} else {
+			// unset
+			_, present := rb.session.metadataPreregVals[key]
+			if present {
+				delete(rb.session.metadataPreregVals, key)
+				rb.Add(nil, server.name, RPL_KEYNOTSET, "*", "*", key, client.t("Key deleted"))
+			} else {
+				rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_NOT_SET", utils.SafeErrorParam(key), client.t("Metadata key not set"))
+			}
+		}
+	case "list":
+		playMetadataList(rb, "*", "*", rb.session.metadataPreregVals)
+	case "clear":
+		oldMetadata := rb.session.metadataPreregVals
+		rb.session.metadataPreregVals = nil
+		playMetadataList(rb, "*", "*", oldMetadata)
+	case "sync":
+		rb.Add(nil, server.name, RPL_METADATASYNCLATER, "*", utils.SafeErrorParam(params[1]), "60") // lol
+	}
+	return false
+}
+
+// metadataSubsHandler handles subscription-related commands;
+// these are handled the same whether the client is registered or not
+func metadataSubsHandler(client *Client, subcommand string, params []string, rb *ResponseBuffer) (exiting bool) {
+	server := client.server
+	switch subcommand {
+	case "sub":
+		keys := params[2:]
+		for _, key := range keys {
+			if metadataKeyIsEvil(key) {
+				rb.Add(nil, server.name, "FAIL", "METADATA", "KEY_INVALID", utils.SafeErrorParam(key), client.t("Invalid key name"))
+				return
+			}
+		}
+		added, err := rb.session.SubscribeTo(keys...)
+		if err == errMetadataTooManySubs {
+			bad := keys[len(added)] // get the key that broke the camel's back
+			rb.Add(nil, server.name, "FAIL", "METADATA", "TOO_MANY_SUBS", utils.SafeErrorParam(bad), client.t("Too many subscriptions"))
+		}
+
+		lineLength := MaxLineLen - len(server.name) - len(RPL_METADATASUBOK) - len(client.Nick()) - 10
+
+		chunked := utils.ChunkifyParams(slices.Values(added), lineLength)
+		for _, line := range chunked {
+			params := append([]string{client.Nick()}, line...)
+			rb.Add(nil, server.name, RPL_METADATASUBOK, params...)
+		}
+
+	case "unsub":
+		keys := params[2:]
+		removed := rb.session.UnsubscribeFrom(keys...)
+
+		lineLength := MaxLineLen - len(server.name) - len(RPL_METADATAUNSUBOK) - len(client.Nick()) - 10
+		chunked := utils.ChunkifyParams(slices.Values(removed), lineLength)
+		for _, line := range chunked {
+			params := append([]string{client.Nick()}, line...)
+			rb.Add(nil, server.name, RPL_METADATAUNSUBOK, params...)
+		}
+
+	case "subs":
+		lineLength := MaxLineLen - len(server.name) - len(RPL_METADATASUBS) - len(client.Nick()) - 10
+
+		subs := rb.session.MetadataSubscriptions()
+
+		batchID := rb.StartNestedBatch("metadata-subs")
+		defer rb.EndNestedBatch(batchID)
+
+		chunked := utils.ChunkifyParams(maps.Keys(subs), lineLength)
+		for _, line := range chunked {
+			params := append([]string{client.Nick()}, line...)
+			rb.Add(nil, server.name, RPL_METADATASUBS, params...)
+		}
+	}
+	return false
+}
+
 // REHASH
 func rehashHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) bool {
 	nick := client.Nick()
@@ -3334,6 +3764,10 @@ func userHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respons
 		rb.Add(nil, server.name, ERR_NEEDMOREPARAMS, client.Nick(), "USER", client.t("Not enough parameters"))
 		return false
 	}
+	config := server.Config()
+	if config.Limits.RealnameLen > 0 && len(realname) > config.Limits.RealnameLen {
+		realname = ircmsg.TruncateUTF8Safe(realname, config.Limits.RealnameLen)
+	}
 
 	// #843: we accept either: `USER user:pass@clientid` or `USER user@clientid`
 	if strudelIndex := strings.IndexByte(username, '@'); strudelIndex != -1 {
@@ -3468,8 +3902,9 @@ func webircHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respo
 		}
 	}
 
+	config := server.Config()
 	givenPassword := []byte(msg.Params[0])
-	for _, info := range server.Config().Server.WebIRC {
+	for _, info := range config.Server.WebIRC {
 		if utils.IPInNets(client.realIP, info.allowedNets) {
 			// confirm password and/or fingerprint
 			if 0 < len(info.Password) && bcrypt.CompareHashAndPassword(info.Password, givenPassword) != nil {
@@ -3479,11 +3914,23 @@ func webircHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respo
 				continue
 			}
 
-			err, quitMsg := client.ApplyProxiedIP(rb.session, net.ParseIP(msg.Params[3]), secure)
+			candidateIP := msg.Params[3]
+			err, quitMsg := client.ApplyProxiedIP(rb.session, net.ParseIP(candidateIP), secure)
 			if err != nil {
 				client.Quit(quitMsg, rb.session)
 				return true
 			} else {
+				if info.AcceptHostname {
+					candidateHostname := msg.Params[2]
+					if candidateHostname != candidateIP {
+						if utils.IsHostname(candidateHostname) {
+							rb.session.rawHostname = candidateHostname
+						} else {
+							// log this at debug level since it may be spammy
+							server.logger.Debug("internal", "invalid hostname from WEBIRC", candidateHostname)
+						}
+					}
+				}
 				return false
 			}
 		}
@@ -3493,6 +3940,89 @@ func webircHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respo
 	return true
 }
 
+// WEBPUSH <subcommand> <endpoint> [key]
+func webpushHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) bool {
+	subcommand := strings.ToUpper(msg.Params[0])
+
+	config := server.Config()
+	if !config.WebPush.Enabled {
+		rb.Add(nil, server.name, "FAIL", "WEBPUSH", "FORBIDDEN", subcommand, client.t("Web push is disabled"))
+		return false
+	}
+
+	if client.Account() == "" {
+		rb.Add(nil, server.name, "FAIL", "WEBPUSH", "FORBIDDEN", subcommand, client.t("You must be logged in to receive push messages"))
+		return false
+	}
+
+	// XXX web push can be used to deanonymize a Tor hidden service, but we do not know
+	// whether an Ergo deployment with a Tor listener is intended to run as a hidden
+	// service, or as a single onion service where Tor is optional. Hidden service operators
+	// should disable web push. However, as a sanity check, disallow enabling it over a Tor
+	// connection:
+	if rb.session.isTor {
+		rb.Add(nil, server.name, "FAIL", "WEBPUSH", "FORBIDDEN", subcommand, client.t("Web push cannot be enabled over Tor"))
+		return false
+	}
+
+	endpoint := msg.Params[1]
+
+	if err := webpush.SanityCheckWebPushEndpoint(endpoint); err != nil {
+		rb.Add(nil, server.name, "FAIL", "WEBPUSH", "INVALID_PARAMS", subcommand, client.t("Invalid web push URL"))
+		return false
+	}
+
+	switch subcommand {
+	case "REGISTER":
+		// allow web push enable even if they are not always-on (they just won't get push messages)
+		if len(msg.Params) < 3 {
+			rb.Add(nil, server.name, "FAIL", "WEBPUSH", "INVALID_PARAMS", subcommand, client.t("Insufficient parameters for WEBPUSH REGISTER"))
+			return false
+		}
+		keys, err := webpush.DecodeSubscriptionKeys(msg.Params[2])
+		if err != nil {
+			rb.Add(nil, server.name, "FAIL", "WEBPUSH", "INVALID_PARAMS", subcommand, client.t("Invalid subscription keys for WEBPUSH REGISTER"))
+			return false
+		}
+		if client.refreshPushSubscription(endpoint, keys) {
+			// success, don't send a test message
+			rb.Add(nil, server.name, "WEBPUSH", "REGISTER", msg.Params[1], msg.Params[2])
+			rb.session.webPushEndpoint = endpoint
+			return false
+		}
+		// send a test message
+		if err := client.sendPush(
+			endpoint,
+			keys,
+			webpush.UrgencyHigh,
+			webpush.PingMessage,
+		); err == nil {
+			if err := client.addPushSubscription(endpoint, keys); err == nil {
+				rb.Add(nil, server.name, "WEBPUSH", "REGISTER", msg.Params[1], msg.Params[2])
+				rb.session.webPushEndpoint = endpoint
+				if !client.AlwaysOn() {
+					rb.Add(nil, server.name, "WARN", "WEBPUSH", "PERSISTENCE_REQUIRED", client.t("You have enabled push notifications, but you will not receive them unless you become always-on. Try: /msg nickserv set always-on true"))
+				}
+			} else if err == errLimitExceeded {
+				rb.Add(nil, server.name, "FAIL", "WEBPUSH", "FORBIDDEN", "REGISTER", client.t("You have too many push subscriptions already"))
+			} else {
+				server.logger.Error("webpush", "Failed to add webpush subscription", err.Error())
+				rb.Add(nil, server.name, "FAIL", "WEBPUSH", "INTERNAL_ERROR", "REGISTER", client.t("An error occurred"))
+			}
+		} else {
+			server.logger.Debug("webpush", "WEBPUSH REGISTER failed validation", endpoint, err.Error())
+			rb.Add(nil, server.name, "FAIL", "WEBPUSH", "INVALID_PARAMS", "REGISTER", client.t("Test push message failed to send"))
+		}
+	case "UNREGISTER":
+		client.deletePushSubscription(endpoint, true)
+		rb.session.webPushEndpoint = ""
+		// this always succeeds
+		rb.Add(nil, server.name, "WEBPUSH", "UNREGISTER", endpoint)
+	}
+
+	return false
+}
+
 type whoxFields uint32 // bitset to hold the WHOX field values, 'a' through 'z'
 
 func (fields whoxFields) Add(field rune) (result whoxFields) {
@@ -3903,9 +4433,9 @@ func zncHandler(server *Server, client *Client, msg ircmsg.Message, rb *Response
 // fake handler for unknown commands
 func unknownCommandHandler(server *Server, client *Client, msg ircmsg.Message, rb *ResponseBuffer) bool {
 	var message string
-	if strings.HasPrefix(msg.Command, "/") {
+	if trimmedCmd, initialSlash := strings.CutPrefix(msg.Command, "/"); initialSlash {
 		message = fmt.Sprintf(client.t("Unknown command; if you are using /QUOTE, the correct syntax is /QUOTE %[1]s, not /QUOTE %[2]s"),
-			strings.TrimPrefix(msg.Command, "/"), msg.Command)
+			trimmedCmd, msg.Command)
 	} else {
 		message = client.t("Unknown command")
 	}
diff --git a/irc/help.go b/irc/help.go
index 343bd717..ee1fb762 100644
--- a/irc/help.go
+++ b/irc/help.go
@@ -238,11 +238,10 @@ Get an explanation of <argument>, or "index" for a list of help topics.`,
 	"history": {
 		text: `HISTORY <target> [limit]
 
-Replay message history. <target> can be a channel name, "me" to replay direct
-message history, or a nickname to replay another client's direct message
-history (they must be logged into the same account as you). [limit] can be
-either an integer (the maximum number of messages to replay), or a time
-duration like 10m or 1h (the time window within which to replay messages).`,
+Replay message history. <target> can be a channel name or a nickname you have
+direct message history with. [limit] can be either an integer (the maximum
+number of messages to replay), or a time duration like 10m or 1h (the time
+window within which to replay messages).`,
 	},
 	"info": {
 		text: `INFO
@@ -259,6 +258,11 @@ appropriate channel privs.`,
 		text: `ISON <nickname>{ <nickname>}
 
 Returns whether the given nicks exist on the network.`,
+	},
+	"isupport": {
+		text: `ISUPPORT
+
+Returns RPL_ISUPPORT lines describing the server's capabilities.`,
 	},
 	"join": {
 		text: `JOIN <channel>{,<channel>} [<key>{,<key>}]
@@ -334,6 +338,12 @@ command is processed by that server.`,
 MARKREAD updates an IRCv3 read message marker. It is not intended for use by
 end users. For more details, see the latest draft of the read-marker
 specification.`,
+	},
+	"metadata": {
+		text: `METADATA <target> <subcommand> [<everything else>...]
+
+Retrieve and meddle with metadata for the given target.
+Have a look at https://ircv3.net/specs/extensions/metadata for interesting technical information.`,
 	},
 	"mode": {
 		text: `MODE <target> [<modestring> [<mode arguments>...]]
@@ -605,6 +615,11 @@ ircv3.net/specs/extensions/webirc.html
 the connection from the client to the gateway, such as:
 
 - tls: this flag indicates that the client->gateway connection is secure`,
+	},
+	"webpush": {
+		text: `WEBPUSH <subcommand> [arguments]
+
+Configures web push settings. Not for direct use by end users.`,
 	},
 	"who": {
 		text: `WHO <name> [o]
diff --git a/irc/histserv.go b/irc/histserv.go
index f0cb2285..35b2e9b4 100644
--- a/irc/histserv.go
+++ b/irc/histserv.go
@@ -164,7 +164,7 @@ func histservExportHandler(service *ircService, server *Server, client *Client,
 
 	config := server.Config()
 	// don't include the account name in the filename because of escaping concerns
-	filename := fmt.Sprintf("%s-%s.json", utils.GenerateSecretToken(), time.Now().UTC().Format(IRCv3TimestampFormat))
+	filename := fmt.Sprintf("%s-%s.json", utils.GenerateSecretToken(), time.Now().UTC().Format(utils.IRCv3TimestampFormat))
 	pathname := config.getOutputPath(filename)
 	outfile, err := os.Create(pathname)
 	if err != nil {
@@ -177,7 +177,7 @@ func histservExportHandler(service *ircService, server *Server, client *Client,
 }
 
 func histservExportAndNotify(service *ircService, server *Server, cfAccount string, outfile *os.File, filename, alertNick string) {
-	defer server.HandlePanic()
+	defer server.HandlePanic(nil)
 
 	defer outfile.Close()
 	writer := bufio.NewWriter(outfile)
diff --git a/irc/import.go b/irc/import.go
index 1fb2da32..2f5a6dc5 100644
--- a/irc/import.go
+++ b/irc/import.go
@@ -17,6 +17,7 @@ import (
 	"github.com/ergochat/ergo/irc/datastore"
 	"github.com/ergochat/ergo/irc/modes"
 	"github.com/ergochat/ergo/irc/utils"
+	"github.com/ergochat/ergo/irc/webpush"
 )
 
 const (
@@ -24,7 +25,7 @@ const (
 	// XXX instead of referencing, e.g., keyAccountExists, we should write in the string literal
 	// (to ensure that no matter what code changes happen elsewhere, we're still producing a
 	// db of the hardcoded version)
-	importDBSchemaVersion = 23
+	importDBSchemaVersion = 24
 )
 
 type userImport struct {
@@ -82,6 +83,15 @@ func doImportDBGeneric(config *Config, dbImport databaseImport, credsType Creden
 
 	tx.Set(keySchemaVersion, strconv.Itoa(importDBSchemaVersion), nil)
 	tx.Set(keyCloakSecret, utils.GenerateSecretKey(), nil)
+	vapidKeys, err := webpush.GenerateVAPIDKeys()
+	if err != nil {
+		return err
+	}
+	vapidKeysJSON, err := json.Marshal(vapidKeys)
+	if err != nil {
+		return err
+	}
+	tx.Set(keyVAPIDKeys, string(vapidKeysJSON), nil)
 
 	cfUsernames := make(utils.HashSet[string])
 	skeletonToUsername := make(map[string]string)
diff --git a/irc/isupport/list.go b/irc/isupport/list.go
index baafa146..bbdb04eb 100644
--- a/irc/isupport/list.go
+++ b/irc/isupport/list.go
@@ -5,12 +5,18 @@ package isupport
 
 import (
 	"fmt"
-	"sort"
+	"slices"
 	"strings"
 )
 
 const (
-	maxLastArgLength = 400
+	maxPayloadLength = 380
+
+	/* Modern: "As the maximum number of message parameters to any reply is 15,
+	the maximum number of RPL_ISUPPORT tokens that can be advertised is 13."
+	<nickname> [up to 13 parameters] <human-readable trailing>
+	*/
+	maxParameters = 13
 )
 
 // List holds a list of ISUPPORT tokens
@@ -41,6 +47,12 @@ func (il *List) AddNoValue(name string) {
 	il.Tokens[name] = ""
 }
 
+// Contains returns whether the list already contains a token
+func (il *List) Contains(name string) bool {
+	_, ok := il.Tokens[name]
+	return ok
+}
+
 // getTokenString gets the appropriate string for a token+value.
 func getTokenString(name string, value string) string {
 	if len(value) == 0 {
@@ -52,7 +64,7 @@ func getTokenString(name string, value string) string {
 
 // GetDifference returns the difference between two token lists.
 func (il *List) GetDifference(newil *List) [][]string {
-	var outTokens sort.StringSlice
+	var outTokens []string
 
 	// append removed tokens
 	for name := range il.Tokens {
@@ -78,7 +90,7 @@ func (il *List) GetDifference(newil *List) [][]string {
 		outTokens = append(outTokens, token)
 	}
 
-	sort.Sort(outTokens)
+	slices.Sort(outTokens)
 
 	// create output list
 	replies := make([][]string, 0)
@@ -86,7 +98,7 @@ func (il *List) GetDifference(newil *List) [][]string {
 	var cache []string // Token list cache
 
 	for _, token := range outTokens {
-		if len(token)+length <= maxLastArgLength {
+		if len(token)+length <= maxPayloadLength {
 			// account for the space separating tokens
 			if len(cache) > 0 {
 				length++
@@ -95,7 +107,7 @@ func (il *List) GetDifference(newil *List) [][]string {
 			length += len(token)
 		}
 
-		if len(cache) == 13 || len(token)+length >= maxLastArgLength {
+		if len(cache) == maxParameters || len(token)+length >= maxPayloadLength {
 			replies = append(replies, cache)
 			cache = make([]string, 0)
 			length = 0
@@ -109,40 +121,54 @@ func (il *List) GetDifference(newil *List) [][]string {
 	return replies
 }
 
+func validateToken(token string) error {
+	if len(token) == 0 || token[0] == ':' || strings.Contains(token, " ") {
+		return fmt.Errorf("bad isupport token (cannot be sent as IRC parameter): `%s`", token)
+	}
+
+	if strings.ContainsAny(token, "\n\r\x00") {
+		return fmt.Errorf("bad isupport token (contains forbidden octets)")
+	}
+
+	// technically a token can be maxPayloadLength if it occurs alone,
+	// but fail it just to be safe
+	if len(token) >= maxPayloadLength {
+		return fmt.Errorf("bad isupport token (too long): `%s`", token)
+	}
+
+	return nil
+}
+
 // RegenerateCachedReply regenerates the cached RPL_ISUPPORT reply
 func (il *List) RegenerateCachedReply() (err error) {
-	il.CachedReply = make([][]string, 0)
-	var length int     // Length of the current cache
-	var cache []string // Token list cache
-
-	// make sure we get a sorted list of tokens, needed for tests and looks nice
-	var tokens sort.StringSlice
-	for name := range il.Tokens {
-		tokens = append(tokens, name)
+	var tokens []string
+	for name, value := range il.Tokens {
+		token := getTokenString(name, value)
+		if tokenErr := validateToken(token); tokenErr == nil {
+			tokens = append(tokens, token)
+		} else {
+			err = tokenErr
+		}
 	}
-	sort.Sort(tokens)
+	// make sure we get a sorted list of tokens, needed for tests and looks nice
+	slices.Sort(tokens)
 
-	for _, name := range tokens {
-		token := getTokenString(name, il.Tokens[name])
-		if token[0] == ':' || strings.Contains(token, " ") {
-			err = fmt.Errorf("bad isupport token (cannot contain spaces or start with :): %s", token)
-			continue
-		}
+	var cache []string // Tokens in current line
+	var length int     // Length of the current line
 
-		if len(token)+length <= maxLastArgLength {
-			// account for the space separating tokens
-			if len(cache) > 0 {
-				length++
-			}
-			cache = append(cache, token)
-			length += len(token)
-		}
-
-		if len(cache) == 13 || len(token)+length >= maxLastArgLength {
+	for _, token := range tokens {
+		// account for the space separating tokens
+		if len(cache) == maxParameters || (len(token)+1)+length > maxPayloadLength {
 			il.CachedReply = append(il.CachedReply, cache)
-			cache = make([]string, 0)
+			cache = nil
 			length = 0
 		}
+
+		if len(cache) > 0 {
+			length++
+		}
+		length += len(token)
+		cache = append(cache, token)
 	}
 
 	if len(cache) > 0 {
diff --git a/irc/isupport/list_test.go b/irc/isupport/list_test.go
index 47fb72ef..2041ea17 100644
--- a/irc/isupport/list_test.go
+++ b/irc/isupport/list_test.go
@@ -37,7 +37,7 @@ func TestISUPPORT(t *testing.T) {
 	}
 
 	if !reflect.DeepEqual(tListLong.CachedReply, longReplies) {
-		t.Errorf("Multiple output replies did not match, got [%v]", longReplies)
+		t.Errorf("Multiple output replies did not match, got [%v]", tListLong.CachedReply)
 	}
 
 	// create first list
diff --git a/irc/jwt/bearer.go b/irc/jwt/bearer.go
new file mode 100644
index 00000000..4526ae8a
--- /dev/null
+++ b/irc/jwt/bearer.go
@@ -0,0 +1,158 @@
+// Copyright (c) 2024 Shivaram Lingamneni <slingamn@cs.stanford.edu>
+// released under the MIT license
+
+package jwt
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	jwt "github.com/golang-jwt/jwt/v5"
+)
+
+var (
+	ErrAuthDisabled        = fmt.Errorf("JWT authentication is disabled")
+	ErrNoValidAccountClaim = fmt.Errorf("JWT token did not contain an acceptable account name claim")
+)
+
+// JWTAuthConfig is the config for Ergo to accept JWTs via draft/bearer
+type JWTAuthConfig struct {
+	Enabled    bool                 `yaml:"enabled"`
+	Autocreate bool                 `yaml:"autocreate"`
+	Tokens     []JWTAuthTokenConfig `yaml:"tokens"`
+}
+
+type JWTAuthTokenConfig struct {
+	Algorithm     string `yaml:"algorithm"`
+	KeyString     string `yaml:"key"`
+	KeyFile       string `yaml:"key-file"`
+	key           any
+	parser        *jwt.Parser
+	AccountClaims []string `yaml:"account-claims"`
+	StripDomain   string   `yaml:"strip-domain"`
+}
+
+func (j *JWTAuthConfig) Postprocess() error {
+	if !j.Enabled {
+		return nil
+	}
+
+	if len(j.Tokens) == 0 {
+		return fmt.Errorf("JWT authentication enabled, but no valid tokens defined")
+	}
+
+	for i := range j.Tokens {
+		if err := j.Tokens[i].Postprocess(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (j *JWTAuthTokenConfig) Postprocess() error {
+	keyBytes, err := j.keyBytes()
+	if err != nil {
+		return err
+	}
+
+	j.Algorithm = strings.ToLower(j.Algorithm)
+
+	var methods []string
+	switch j.Algorithm {
+	case "hmac":
+		j.key = keyBytes
+		methods = []string{"HS256", "HS384", "HS512"}
+	case "rsa":
+		rsaKey, err := jwt.ParseRSAPublicKeyFromPEM(keyBytes)
+		if err != nil {
+			return err
+		}
+		j.key = rsaKey
+		methods = []string{"RS256", "RS384", "RS512"}
+	case "eddsa":
+		eddsaKey, err := jwt.ParseEdPublicKeyFromPEM(keyBytes)
+		if err != nil {
+			return err
+		}
+		j.key = eddsaKey
+		methods = []string{"EdDSA"}
+	default:
+		return fmt.Errorf("invalid jwt algorithm: %s", j.Algorithm)
+	}
+	j.parser = jwt.NewParser(jwt.WithValidMethods(methods))
+
+	if len(j.AccountClaims) == 0 {
+		return fmt.Errorf("JWT auth enabled, but no account-claims specified")
+	}
+
+	j.StripDomain = strings.ToLower(j.StripDomain)
+	return nil
+}
+
+func (j *JWTAuthConfig) Validate(t string) (accountName string, err error) {
+	if !j.Enabled || len(j.Tokens) == 0 {
+		return "", ErrAuthDisabled
+	}
+
+	for i := range j.Tokens {
+		accountName, err = j.Tokens[i].Validate(t)
+		if err == nil {
+			return
+		}
+	}
+	return
+}
+
+func (j *JWTAuthTokenConfig) keyBytes() (result []byte, err error) {
+	if j.KeyFile != "" {
+		o, err := os.Open(j.KeyFile)
+		if err != nil {
+			return nil, err
+		}
+		defer o.Close()
+		return io.ReadAll(o)
+	}
+	if j.KeyString != "" {
+		return []byte(j.KeyString), nil
+	}
+	return nil, fmt.Errorf("JWT auth enabled, but no JWT key specified")
+}
+
+// implements jwt.Keyfunc
+func (j *JWTAuthTokenConfig) keyFunc(_ *jwt.Token) (interface{}, error) {
+	return j.key, nil
+}
+
+func (j *JWTAuthTokenConfig) Validate(t string) (accountName string, err error) {
+	token, err := j.parser.Parse(t, j.keyFunc)
+	if err != nil {
+		return "", err
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		// impossible with Parse (as opposed to ParseWithClaims)
+		return "", fmt.Errorf("unexpected type from parsed token claims: %T", claims)
+	}
+
+	for _, c := range j.AccountClaims {
+		if v, ok := claims[c]; ok {
+			if vstr, ok := v.(string); ok {
+				// validate and strip email addresses:
+				if idx := strings.IndexByte(vstr, '@'); idx != -1 {
+					suffix := vstr[idx+1:]
+					vstr = vstr[:idx]
+					if strings.ToLower(suffix) != j.StripDomain {
+						continue
+					}
+				}
+				return vstr, nil // success
+			}
+		}
+	}
+
+	return "", ErrNoValidAccountClaim
+}
diff --git a/irc/jwt/bearer_test.go b/irc/jwt/bearer_test.go
new file mode 100644
index 00000000..3d4cd406
--- /dev/null
+++ b/irc/jwt/bearer_test.go
@@ -0,0 +1,143 @@
+package jwt
+
+import (
+	"testing"
+
+	jwt "github.com/golang-jwt/jwt/v5"
+)
+
+const (
+	rsaTestPubKey = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhcCcXrfR/GmoPKxBi0H
+cUl2pUl4acq2m3abFtMMoYTydJdEhgYWfsXuragyEIVkJU1ZnrgedW0QJUcANRGO
+hP/B+MjBevDNsRXQECfhyjfzhz6KWZb4i7C2oImJuAjq/F4qGLdEGQDBpAzof8qv
+9Zt5iN3GXY/EQtQVMFyR/7BPcbPLbHlOtzZ6tVEioXuUxQoai7x3Kc0jIcPWuyGa
+Q04IvsgdaWO6oH4fhPfyVsmX37rYUn79zcqPHS4ieWM1KN9qc7W+/UJIeiwAStpJ
+8gv+OSMrijRZGgQGCeOO5U59GGJC4mqUczB+JFvrlAIv0rggNpl+qalngosNxukB
+uQIDAQAB
+-----END PUBLIC KEY-----`
+
+	rsaTestPrivKey = `-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDCFwJxet9H8aag
+8rEGLQdxSXalSXhpyrabdpsW0wyhhPJ0l0SGBhZ+xe6tqDIQhWQlTVmeuB51bRAl
+RwA1EY6E/8H4yMF68M2xFdAQJ+HKN/OHPopZlviLsLagiYm4COr8XioYt0QZAMGk
+DOh/yq/1m3mI3cZdj8RC1BUwXJH/sE9xs8tseU63Nnq1USKhe5TFChqLvHcpzSMh
+w9a7IZpDTgi+yB1pY7qgfh+E9/JWyZffuthSfv3Nyo8dLiJ5YzUo32pztb79Qkh6
+LABK2knyC/45IyuKNFkaBAYJ447lTn0YYkLiapRzMH4kW+uUAi/SuCA2mX6pqWeC
+iw3G6QG5AgMBAAECggEARaAnejoP2ykvE1G8e3Cv2M33x/eBQMI9m6uCmz9+qnqc
+14JkTIfmjffHVXie7RpNAKys16lJE+rZ/eVoh6EStVdiaDLsZYP45evjRcho0Tgd
+Hokq7FSiOMpd2V09kE1yrrHA/DjSLv38eTNAPIejc8IgaR7VyD6Is0iNiVnL7iLa
+mj1zB6+dSeQ5ICYkrihb1gA+SvECsjLZ/5XESXEdHJvxhC0vLAdHmdQf3BPPlrGg
+VHondxL5gt6MFykpOxTFA6f5JkSefhUR/2OcCDpMs6a5GUytjl3rA3aGT6v3CbnR
+ykD6PzyC20EUADQYF2pmJfzbxyRqfNdbSJwQv5QQYQKBgQD4rFdvgZC97L7WhZ5T
+axW8hRW2dH24GIqFT4ZnCg0suyMNshyGvDMuBfGvokN/yACmvsdE0/f57esar+ye
+l9RC+CzGUch08Ke5WdqwACOCNDpx0kJcXKTuLIgkvthdla/oAQQ9T7OgEwDrvaR0
+m8s/Z7Hb3hLD3xdOt6Xjrv/6xQKBgQDHzvbcIkhmWdvaPDT9NEu7psR/fxF5UjqU
+Cca/bfHhySRQs3A1CF57pfwpUqAcSivNf7O+3NI62AKoyMDYv0ek2h6hGk6g5GJ1
+SuXYfjcbkL6SWNV0InsgmzCjvxhyms83xZq7uMClEBvkiKVMdt6zFkwW9eRKtUuZ
+pzVK5RfqZQKBgF5SME/xGw+O7su7ntQROAtrh1LPWKgtVs093sLSgzDGQoN9XWiV
+lewNASEXMPcUy3pzvm2S4OoBnj1fISb+e9py+7i1aI1CgrvBIzvCsbU/TjPCBr21
+vjFA3trhMHw+vJwJVqxSwNUkoCLKqcg5F5yTHllBIGj/A34uFlQIGrvpAoGAextm
+d+1bhExbLBQqZdOh0cWHjjKBVqm2U93OKcYY4Q9oI5zbRqGYbUCwo9k3sxZz9JJ4
+8eDmWsEaqlm+kA0SnFyTwJkP1wvAKhpykTf6xi4hbNP0+DACgu17Q3iLHJmLkQZc
+Nss3TrwlI2KZzgnzXo4fZYotFWasZMhkCngqiw0CgYEAmz2D70RYEauUNE1+zLhS
+6Ox5+PF/8Z0rZOlTghMTfqYcDJa+qQe9pJp7RPgilsgemqo0XtgLKz3ATE5FmMa4
+HRRGXPkMNu6Hzz4Yk4eM/yJqckoEc8azV25myqQ+7QXTwZEvxVbtUWZtxfImGwq+
+s/uzBKNwWf9UPTeIt+4JScg=
+-----END PRIVATE KEY-----`
+)
+
+func TestJWTBearerAuth(t *testing.T) {
+	j := JWTAuthConfig{
+		Enabled: true,
+		Tokens: []JWTAuthTokenConfig{
+			{
+				Algorithm:     "rsa",
+				KeyString:     rsaTestPubKey,
+				AccountClaims: []string{"preferred_username", "email"},
+				StripDomain:   "example.com",
+			},
+		},
+	}
+
+	if err := j.Postprocess(); err != nil {
+		t.Fatal(err)
+	}
+
+	// fixed test vector signed with the RSA privkey:
+	token := "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzbGluZ2FtbiJ9.caPZw2Dl4KZN-SErD5-WZB_lPPveHXaMCoUHxNebb94G9w3VaWDIRdngVU99JKx5nE_yRtpewkHHvXsQnNA_M63GBXGK7afXB8e-kV33QF3v9pXALMP5SzRwMgokyxas0RgHu4e4L0d7dn9o_nkdXp34GX3Pn1MVkUGBH6GdlbOdDHrs04pPQ0Qj-O2U0AIpnZq-X_GQs9ECJo4TlPKWR7Jlq5l9bS0dBnohea4FuqJr232je-dlRVkbCa7nrnFmsIsezsgA3Jb_j9Zu_iv460t_d2eaytbVp9P-DOVfzUfkBsKs-81URQEnTjW6ut445AJz2pxjX92X0GdmORpAkQ"
+	accountName, err := j.Validate(token)
+	if err != nil {
+		t.Errorf("could not validate valid token: %v", err)
+	}
+	if accountName != "slingamn" {
+		t.Errorf("incorrect account name for token: `%s`", accountName)
+	}
+
+	// programmatically sign a new token, validate it
+	privKey, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(rsaTestPrivKey))
+	if err != nil {
+		t.Fatal(err)
+	}
+	jTok := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims(map[string]any{"preferred_username": "slingamn"}))
+	token, err = jTok.SignedString(privKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	accountName, err = j.Validate(token)
+	if err != nil {
+		t.Errorf("could not validate valid token: %v", err)
+	}
+	if accountName != "slingamn" {
+		t.Errorf("incorrect account name for token: `%s`", accountName)
+	}
+
+	// test expiration
+	jTok = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims(map[string]any{"preferred_username": "slingamn", "exp": 1675740865}))
+	token, err = jTok.SignedString(privKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+	accountName, err = j.Validate(token)
+	if err == nil {
+		t.Errorf("validated expired token")
+	}
+
+	// test for the infamous algorithm confusion bug
+	jTok = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(map[string]any{"preferred_username": "slingamn"}))
+	token, err = jTok.SignedString([]byte(rsaTestPubKey))
+	if err != nil {
+		t.Fatal(err)
+	}
+	accountName, err = j.Validate(token)
+	if err == nil {
+		t.Errorf("validated HS256 token despite RSA being required")
+	}
+
+	// test no valid claims
+	jTok = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims(map[string]any{"sub": "slingamn"}))
+	token, err = jTok.SignedString(privKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	accountName, err = j.Validate(token)
+	if err != ErrNoValidAccountClaim {
+		t.Errorf("expected ErrNoValidAccountClaim, got: %v", err)
+	}
+
+	// test email addresses
+	jTok = jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims(map[string]any{"email": "Slingamn@example.com"}))
+	token, err = jTok.SignedString(privKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	accountName, err = j.Validate(token)
+	if err != nil {
+		t.Errorf("could not validate valid token: %v", err)
+	}
+	if accountName != "Slingamn" {
+		t.Errorf("incorrect account name for token: `%s`", accountName)
+	}
+}
diff --git a/irc/jwt/extjwt.go b/irc/jwt/extjwt.go
index 78ca86c5..ea764667 100644
--- a/irc/jwt/extjwt.go
+++ b/irc/jwt/extjwt.go
@@ -6,18 +6,15 @@ package jwt
 
 import (
 	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
 	"errors"
-	"fmt"
 	"os"
 	"time"
 
-	"github.com/golang-jwt/jwt"
+	jwt "github.com/golang-jwt/jwt/v5"
 )
 
 var (
-	ErrNoKeys = errors.New("No signing keys are enabled")
+	ErrNoKeys = errors.New("No EXTJWT signing keys are enabled")
 )
 
 type MapClaims jwt.MapClaims
@@ -38,22 +35,10 @@ func (t *JwtServiceConfig) Postprocess() (err error) {
 		if err != nil {
 			return err
 		}
-		d, _ := pem.Decode(keyBytes)
+		t.rsaPrivateKey, err = jwt.ParseRSAPrivateKeyFromPEM(keyBytes)
 		if err != nil {
 			return err
 		}
-		t.rsaPrivateKey, err = x509.ParsePKCS1PrivateKey(d.Bytes)
-		if err != nil {
-			privateKey, err := x509.ParsePKCS8PrivateKey(d.Bytes)
-			if err != nil {
-				return err
-			}
-			if rsaPrivateKey, ok := privateKey.(*rsa.PrivateKey); ok {
-				t.rsaPrivateKey = rsaPrivateKey
-			} else {
-				return fmt.Errorf("Non-RSA key type for extjwt: %T", privateKey)
-			}
-		}
 	}
 	return nil
 }
diff --git a/irc/kline.go b/irc/kline.go
index bc1e9123..6cefea02 100644
--- a/irc/kline.go
+++ b/irc/kline.go
@@ -66,11 +66,12 @@ func (km *KLineManager) AllBans() map[string]IPBanInfo {
 }
 
 // AddMask adds to the blocked list.
-func (km *KLineManager) AddMask(mask string, duration time.Duration, reason, operReason, operName string) error {
+func (km *KLineManager) AddMask(mask string, duration time.Duration, requireSASL bool, reason, operReason, operName string) error {
 	km.persistenceMutex.Lock()
 	defer km.persistenceMutex.Unlock()
 
 	info := IPBanInfo{
+		RequireSASL: requireSASL,
 		Reason:      reason,
 		OperReason:  operReason,
 		OperName:    operName,
@@ -208,13 +209,14 @@ func (km *KLineManager) CheckMasks(masks ...string) (isBanned bool, info IPBanIn
 	for _, entryInfo := range km.entries {
 		for _, mask := range masks {
 			if entryInfo.Matcher.MatchString(mask) {
-				return true, entryInfo.Info
+				// apply the most stringent ban (unconditional bans override require-sasl)
+				if !isBanned || info.RequireSASL {
+					isBanned, info = true, entryInfo.Info
+				}
 			}
 		}
 	}
 
-	// no matches!
-	isBanned = false
 	return
 }
 
diff --git a/irc/listeners.go b/irc/listeners.go
index 6cc91298..a1f7b988 100644
--- a/irc/listeners.go
+++ b/irc/listeners.go
@@ -5,6 +5,7 @@ package irc
 
 import (
 	"errors"
+	"io/fs"
 	"net"
 	"net/http"
 	"os"
@@ -29,7 +30,7 @@ type IRCListener interface {
 
 // NewListener creates a new listener according to the specifications in the config file
 func NewListener(server *Server, addr string, config utils.ListenerConfig, bindMode os.FileMode) (result IRCListener, err error) {
-	baseListener, err := createBaseListener(addr, bindMode)
+	baseListener, err := createBaseListener(server, addr, bindMode)
 	if err != nil {
 		return
 	}
@@ -43,11 +44,14 @@ func NewListener(server *Server, addr string, config utils.ListenerConfig, bindM
 	}
 }
 
-func createBaseListener(addr string, bindMode os.FileMode) (listener net.Listener, err error) {
+func createBaseListener(server *Server, addr string, bindMode os.FileMode) (listener net.Listener, err error) {
 	addr = strings.TrimPrefix(addr, "unix:")
 	if strings.HasPrefix(addr, "/") {
 		// https://stackoverflow.com/a/34881585
-		os.Remove(addr)
+		removeErr := os.Remove(addr)
+		if removeErr != nil && !errors.Is(removeErr, fs.ErrNotExist) {
+			server.logger.Warning("listeners", "could not delete unix domain listener", addr, removeErr.Error())
+		}
 		listener, err = net.Listen("unix", addr)
 		if err == nil && bindMode != 0 {
 			os.Chmod(addr, bindMode)
diff --git a/irc/message_cache.go b/irc/message_cache.go
index 2d731823..f56568b3 100644
--- a/irc/message_cache.go
+++ b/irc/message_cache.go
@@ -45,7 +45,7 @@ type MessageCache struct {
 
 func addAllTags(msg *ircmsg.Message, tags map[string]string, serverTime time.Time, msgid, accountName string, isBot bool) {
 	msg.UpdateTags(tags)
-	msg.SetTag("time", serverTime.Format(IRCv3TimestampFormat))
+	msg.SetTag("time", serverTime.Format(utils.IRCv3TimestampFormat))
 	if accountName != "*" {
 		msg.SetTag("account", accountName)
 	}
diff --git a/irc/metadata.go b/irc/metadata.go
new file mode 100644
index 00000000..80b0b063
--- /dev/null
+++ b/irc/metadata.go
@@ -0,0 +1,174 @@
+package irc
+
+import (
+	"errors"
+	"iter"
+	"maps"
+	"regexp"
+	"unicode/utf8"
+
+	"github.com/ergochat/ergo/irc/caps"
+	"github.com/ergochat/ergo/irc/modes"
+)
+
+const (
+	// metadata key + value need to be relayable on a single IRC RPL_KEYVALUE line
+	maxCombinedMetadataLenBytes = 350
+)
+
+var (
+	errMetadataTooManySubs = errors.New("too many subscriptions")
+	errMetadataNotFound    = errors.New("key not found")
+)
+
+type MetadataHaver interface {
+	SetMetadata(key string, value string, limit int) (updated bool, err error)
+	GetMetadata(key string) (string, bool)
+	DeleteMetadata(key string) (updated bool)
+	ListMetadata() map[string]string
+	ClearMetadata() map[string]string
+	CountMetadata() int
+}
+
+func notifySubscribers(server *Server, session *Session, targetObj MetadataHaver, targetName, key, value string, set bool) {
+	var recipientSessions iter.Seq[*Session]
+
+	switch target := targetObj.(type) {
+	case *Client:
+		// TODO this case is expensive and might warrant rate-limiting
+		friends := target.FriendsMonitors(caps.Metadata)
+		// broadcast metadata update to other connected sessions
+		for _, s := range target.Sessions() {
+			friends.Add(s)
+		}
+		recipientSessions = maps.Keys(friends)
+	case *Channel:
+		recipientSessions = target.sessionsWithCaps(caps.Metadata)
+	default:
+		return // impossible
+	}
+
+	broadcastMetadataUpdate(server, recipientSessions, session, targetName, key, value, set)
+}
+
+func broadcastMetadataUpdate(server *Server, sessions iter.Seq[*Session], originator *Session, target, key, value string, set bool) {
+	for s := range sessions {
+		// don't notify the session that made the change
+		if s == originator || !s.isSubscribedTo(key) {
+			continue
+		}
+
+		if set {
+			s.Send(nil, server.name, "METADATA", target, key, "*", value)
+		} else {
+			s.Send(nil, server.name, "METADATA", target, key, "*")
+		}
+	}
+}
+
+func syncClientMetadata(server *Server, rb *ResponseBuffer, target *Client) {
+	batchId := rb.StartNestedBatch("metadata", target.Nick())
+	defer rb.EndNestedBatch(batchId)
+
+	subs := rb.session.MetadataSubscriptions()
+	values := target.ListMetadata()
+	for k, v := range values {
+		if subs.Has(k) {
+			visibility := "*"
+			rb.Add(nil, server.name, "METADATA", target.Nick(), k, visibility, v)
+		}
+	}
+}
+
+func syncChannelMetadata(server *Server, rb *ResponseBuffer, channel *Channel) {
+	batchId := rb.StartNestedBatch("metadata", channel.Name())
+	defer rb.EndNestedBatch(batchId)
+
+	subs := rb.session.MetadataSubscriptions()
+	chname := channel.Name()
+
+	values := channel.ListMetadata()
+	for k, v := range values {
+		if subs.Has(k) {
+			visibility := "*"
+			rb.Add(nil, server.name, "METADATA", chname, k, visibility, v)
+		}
+	}
+
+	for _, client := range channel.Members() {
+		values := client.ListMetadata()
+		for k, v := range values {
+			if subs.Has(k) {
+				visibility := "*"
+				rb.Add(nil, server.name, "METADATA", client.Nick(), k, visibility, v)
+			}
+		}
+	}
+}
+
+func playMetadataList(rb *ResponseBuffer, nick, target string, values map[string]string) {
+	batchId := rb.StartNestedBatch("metadata", target)
+	defer rb.EndNestedBatch(batchId)
+
+	for key, val := range values {
+		visibility := "*"
+		rb.Add(nil, rb.session.client.server.name, RPL_KEYVALUE, nick, target, key, visibility, val)
+	}
+}
+
+func playMetadataVerbBatch(rb *ResponseBuffer, target string, values map[string]string) {
+	batchId := rb.StartNestedBatch("metadata", target)
+	defer rb.EndNestedBatch(batchId)
+
+	for key, val := range values {
+		visibility := "*"
+		rb.Add(nil, rb.session.client.server.name, "METADATA", target, key, visibility, val)
+	}
+}
+
+var validMetadataKeyRegexp = regexp.MustCompile("^[a-z0-9_./-]+$")
+
+func metadataKeyIsEvil(key string) bool {
+	return !validMetadataKeyRegexp.MatchString(key)
+}
+
+func metadataValueIsEvil(config *Config, key, value string) (failMsg string) {
+	if !globalUtf8EnforcementSetting && !utf8.ValidString(value) {
+		return `METADATA values must be UTF-8`
+	}
+
+	if len(key)+len(value) > maxCombinedMetadataLenBytes ||
+		(config.Metadata.MaxValueBytes > 0 && len(value) > config.Metadata.MaxValueBytes) {
+
+		return `Value is too long`
+	}
+
+	return "" // success
+}
+
+func metadataCanIEditThisKey(client *Client, targetObj MetadataHaver, key string) bool {
+	// no key-specific logic as yet
+	return metadataCanIEditThisTarget(client, targetObj)
+}
+
+func metadataCanIEditThisTarget(client *Client, targetObj MetadataHaver) bool {
+	switch target := targetObj.(type) {
+	case *Client:
+		return client == target || client.HasRoleCapabs("metadata")
+	case *Channel:
+		return target.ClientIsAtLeast(client, modes.Operator) || client.HasRoleCapabs("metadata")
+	default:
+		return false // impossible
+	}
+}
+
+func metadataCanISeeThisTarget(client *Client, targetObj MetadataHaver) bool {
+	switch target := targetObj.(type) {
+	case *Client:
+		return true
+	case *Channel:
+		return target.hasClient(client) || client.HasRoleCapabs("metadata")
+	default:
+		return false // impossible
+	}
+}
diff --git a/irc/metadata_test.go b/irc/metadata_test.go
new file mode 100644
index 00000000..c90dbcec
--- /dev/null
+++ b/irc/metadata_test.go
@@ -0,0 +1,25 @@
+package irc
+
+import "testing"
+
+func TestKeyCheck(t *testing.T) {
+	cases := []struct {
+		input  string
+		isEvil bool
+	}{
+		{"ImNormalButIHaveCaps", true},
+		{"imnormalandidonthavecaps", false},
+		{"ergo.chat/vendor-extension", false},
+		{"", true},
+		{":imevil", true},
+		{"im:evil", true},
+		{"key£with$not%allowed^chars", true},
+		{"key.thats_completely/normal-and.fine", false},
+	}
+
+	for _, c := range cases {
+		if metadataKeyIsEvil(c.input) != c.isEvil {
+			t.Errorf("%s should have returned %v. but it didn't. so that's not great", c.input, c.isEvil)
+		}
+	}
+}
diff --git a/irc/modes.go b/irc/modes.go
index e1053ae8..3e7114d1 100644
--- a/irc/modes.go
+++ b/irc/modes.go
@@ -116,7 +116,7 @@ func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool,
 }
 
 // parseDefaultModes uses the provided mode change parser to parse the rawModes.
-func parseDefaultModes(rawModes string, parser func(params ...string) (modes.ModeChanges, map[rune]bool)) modes.Modes {
+func parseDefaultModes(rawModes string, parser func(params ...string) (modes.ModeChanges, []rune)) modes.Modes {
 	modeChangeStrings := strings.Fields(rawModes)
 	modeChanges, _ := parser(modeChangeStrings...)
 	defaultModes := make(modes.Modes, 0)
@@ -158,7 +158,6 @@ func (channel *Channel) ApplyChannelModeChanges(client *Client, isSamode bool, c
 
 	var alreadySentPrivError bool
 
-	maskOpCount := 0
 	chname := channel.Name()
 	details := client.Details()
 
@@ -192,6 +191,11 @@ func (channel *Channel) ApplyChannelModeChanges(client *Client, isSamode bool, c
 		}
 	}
 
+	// should we send 324 RPL_CHANNELMODEIS? standard behavior is to send it for
+	// `MODE #channel`, i.e., an empty list of intended changes, but Ergo will
+	// also send it for no-op changes to zero-argument modes like +i
+	shouldSendModeIsLine := len(changes) == 0
+
 	for _, change := range changes {
 		if !hasPrivs(change) {
 			if !alreadySentPrivError {
@@ -203,7 +207,6 @@ func (channel *Channel) ApplyChannelModeChanges(client *Client, isSamode bool, c
 
 		switch change.Mode {
 		case modes.BanMask, modes.ExceptMask, modes.InviteMask:
-			maskOpCount += 1
 			if change.Op == modes.List {
 				channel.ShowMaskList(client, change.Mode, rb)
 				continue
@@ -212,7 +215,7 @@ func (channel *Channel) ApplyChannelModeChanges(client *Client, isSamode bool, c
 			mask := change.Arg
 			switch change.Op {
 			case modes.Add:
-				if channel.lists[change.Mode].Length() >= client.server.Config().Limits.ChanListModes {
+				if !isSamode && channel.lists[change.Mode].Length() >= client.server.Config().Limits.ChanListModes {
 					if !listFullWarned[change.Mode] {
 						rb.Add(nil, client.server.name, ERR_BANLISTFULL, details.nick, chname, change.Mode.String(), client.t("Channel list is full"))
 						listFullWarned[change.Mode] = true
@@ -263,9 +266,9 @@ func (channel *Channel) ApplyChannelModeChanges(client *Client, isSamode bool, c
 			case modes.Add:
 				ch := client.server.channels.Get(change.Arg)
 				if ch == nil {
-					rb.Add(nil, client.server.name, ERR_INVALIDMODEPARAM, details.nick, chname, string(change.Mode), utils.SafeErrorParam(change.Arg), fmt.Sprintf(client.t("No such channel")))
+					rb.Add(nil, client.server.name, ERR_INVALIDMODEPARAM, details.nick, chname, string(change.Mode), utils.SafeErrorParam(change.Arg), client.t("No such channel"))
 				} else if ch == channel {
-					rb.Add(nil, client.server.name, ERR_INVALIDMODEPARAM, details.nick, chname, string(change.Mode), utils.SafeErrorParam(change.Arg), fmt.Sprintf(client.t("You can't forward a channel to itself")))
+					rb.Add(nil, client.server.name, ERR_INVALIDMODEPARAM, details.nick, chname, string(change.Mode), utils.SafeErrorParam(change.Arg), client.t("You can't forward a channel to itself"))
 				} else {
 					if isSamode || ch.ClientIsAtLeast(client, modes.ChannelOperator) {
 						change.Arg = ch.Name()
@@ -313,11 +316,14 @@ func (channel *Channel) ApplyChannelModeChanges(client *Client, isSamode bool, c
 		default:
 			// all channel modes with no args, e.g., InviteOnly, Secret
 			if change.Op == modes.List {
+				shouldSendModeIsLine = true
 				continue
 			}
 
 			if channel.flags.SetMode(change.Mode, change.Op == modes.Add) {
 				applied = append(applied, change)
+			} else {
+				shouldSendModeIsLine = true
 			}
 		}
 	}
@@ -337,8 +343,7 @@ func (channel *Channel) ApplyChannelModeChanges(client *Client, isSamode bool, c
 		channel.MarkDirty(includeFlags)
 	}
 
-	// #649: don't send 324 RPL_CHANNELMODEIS if we were only working with mask lists
-	if len(applied) == 0 && !alreadySentPrivError && (maskOpCount == 0 || maskOpCount < len(changes)) {
+	if len(applied) == 0 && !alreadySentPrivError && shouldSendModeIsLine {
 		args := append([]string{details.nick, chname}, channel.modeStrings(client)...)
 		rb.Add(nil, client.server.name, RPL_CHANNELMODEIS, args...)
 		rb.Add(nil, client.server.name, RPL_CREATIONTIME, details.nick, chname, strconv.FormatInt(channel.createdTime.Unix(), 10))
diff --git a/irc/modes/modes.go b/irc/modes/modes.go
index ad160169..5f0eb6b6 100644
--- a/irc/modes/modes.go
+++ b/irc/modes/modes.go
@@ -7,7 +7,7 @@ package modes
 
 import (
 	"fmt"
-	"sort"
+	"slices"
 	"strings"
 
 	"github.com/ergochat/ergo/irc/utils"
@@ -189,10 +189,7 @@ func GetLowestChannelModePrefix(prefixes string) (lowest Mode) {
 //
 
 // ParseUserModeChanges returns the valid changes, and the list of unknown chars.
-func ParseUserModeChanges(params ...string) (ModeChanges, map[rune]bool) {
-	changes := make(ModeChanges, 0)
-	unknown := make(map[rune]bool)
-
+func ParseUserModeChanges(params ...string) (changes ModeChanges, unknown []rune) {
 	op := List
 
 	if 0 < len(params) {
@@ -219,19 +216,11 @@ func ParseUserModeChanges(params ...string) (ModeChanges, map[rune]bool) {
 				}
 			}
 
-			var isKnown bool
-			for _, supportedMode := range SupportedUserModes {
-				if rune(supportedMode) == mode {
-					isKnown = true
-					break
-				}
+			if slices.Contains(SupportedUserModes, Mode(mode)) {
+				changes = append(changes, change)
+			} else {
+				unknown = append(unknown, mode)
 			}
-			if !isKnown {
-				unknown[mode] = true
-				continue
-			}
-
-			changes = append(changes, change)
 		}
 	}
 
@@ -239,10 +228,7 @@ func ParseUserModeChanges(params ...string) (ModeChanges, map[rune]bool) {
 }
 
 // ParseChannelModeChanges returns the valid changes, and the list of unknown chars.
-func ParseChannelModeChanges(params ...string) (ModeChanges, map[rune]bool) {
-	changes := make(ModeChanges, 0)
-	unknown := make(map[rune]bool)
-
+func ParseChannelModeChanges(params ...string) (changes ModeChanges, unknown []rune) {
 	op := List
 
 	if 0 < len(params) {
@@ -304,25 +290,11 @@ func ParseChannelModeChanges(params ...string) (ModeChanges, map[rune]bool) {
 				}
 			}
 
-			var isKnown bool
-			for _, supportedMode := range SupportedChannelModes {
-				if rune(supportedMode) == mode {
-					isKnown = true
-					break
-				}
+			if slices.Contains(SupportedChannelModes, Mode(mode)) || slices.Contains(ChannelUserModes, Mode(mode)) {
+				changes = append(changes, change)
+			} else {
+				unknown = append(unknown, mode)
 			}
-			for _, supportedMode := range ChannelUserModes {
-				if rune(supportedMode) == mode {
-					isKnown = true
-					break
-				}
-			}
-			if !isKnown {
-				unknown[mode] = true
-				continue
-			}
-
-			changes = append(changes, change)
 		}
 	}
 
@@ -428,33 +400,37 @@ func (set *ModeSet) HighestChannelUserMode() (result Mode) {
 	return
 }
 
-type ByCodepoint Modes
+var (
+	rplMyInfo1, rplMyInfo2, rplMyInfo3, chanmodesToken string
+)
 
-func (a ByCodepoint) Len() int           { return len(a) }
-func (a ByCodepoint) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a ByCodepoint) Less(i, j int) bool { return a[i] < a[j] }
+func init() {
+	initRplMyInfo()
+	initChanmodesToken()
+}
 
-func RplMyInfo() (param1, param2, param3 string) {
+func initRplMyInfo() {
+	// initialize constant strings published in initial numerics
 	userModes := make(Modes, len(SupportedUserModes), len(SupportedUserModes)+1)
 	copy(userModes, SupportedUserModes)
 	// TLS is not in SupportedUserModes because it can't be modified
 	userModes = append(userModes, TLS)
-	sort.Sort(ByCodepoint(userModes))
+	slices.Sort(userModes)
 
 	channelModes := make(Modes, len(SupportedChannelModes)+len(ChannelUserModes))
 	copy(channelModes, SupportedChannelModes)
 	copy(channelModes[len(SupportedChannelModes):], ChannelUserModes)
-	sort.Sort(ByCodepoint(channelModes))
+	slices.Sort(channelModes)
 
 	// XXX enumerate these by hand, i can't see any way to DRY this
 	channelParametrizedModes := Modes{BanMask, ExceptMask, InviteMask, Key, UserLimit, Forward}
 	channelParametrizedModes = append(channelParametrizedModes, ChannelUserModes...)
-	sort.Sort(ByCodepoint(channelParametrizedModes))
+	slices.Sort(channelParametrizedModes)
 
-	return userModes.String(), channelModes.String(), channelParametrizedModes.String()
+	rplMyInfo1, rplMyInfo2, rplMyInfo3 = userModes.String(), channelModes.String(), channelParametrizedModes.String()
 }
 
-func ChanmodesToken() (result string) {
+func initChanmodesToken() {
 	// https://modern.ircdocs.horse#chanmodes-parameter
 	// type A: listable modes with parameters
 	A := Modes{BanMask, ExceptMask, InviteMask}
@@ -465,10 +441,18 @@ func ChanmodesToken() (result string) {
 	// type D: modes without parameters
 	D := Modes{InviteOnly, Moderated, NoOutside, OpOnlyTopic, ChanRoleplaying, Secret, NoCTCP, RegisteredOnly, RegisteredOnlySpeak, Auditorium, OpModerated}
 
-	sort.Sort(ByCodepoint(A))
-	sort.Sort(ByCodepoint(B))
-	sort.Sort(ByCodepoint(C))
-	sort.Sort(ByCodepoint(D))
+	slices.Sort(A)
+	slices.Sort(B)
+	slices.Sort(C)
+	slices.Sort(D)
 
-	return fmt.Sprintf("%s,%s,%s,%s", A.String(), B.String(), C.String(), D.String())
+	chanmodesToken = fmt.Sprintf("%s,%s,%s,%s", A.String(), B.String(), C.String(), D.String())
+}
+
+func RplMyInfo() (param1, param2, param3 string) {
+	return rplMyInfo1, rplMyInfo2, rplMyInfo3
+}
+
+func ChanmodesToken() (result string) {
+	return chanmodesToken
 }
diff --git a/irc/modes/modes_test.go b/irc/modes/modes_test.go
index 67d28c2f..03f42c33 100644
--- a/irc/modes/modes_test.go
+++ b/irc/modes/modes_test.go
@@ -5,6 +5,7 @@ package modes
 
 import (
 	"reflect"
+	"slices"
 	"strings"
 	"testing"
 )
@@ -16,7 +17,7 @@ func assertEqual(supplied, expected interface{}, t *testing.T) {
 }
 
 func TestParseUserModeChanges(t *testing.T) {
-	emptyUnknown := make(map[rune]bool)
+	var emptyUnknown []rune
 	changes, unknown := ParseUserModeChanges("+i")
 	assertEqual(unknown, emptyUnknown, t)
 	assertEqual(changes, ModeChanges{ModeChange{Op: Add, Mode: Invisible}}, t)
@@ -48,10 +49,11 @@ func TestParseUserModeChanges(t *testing.T) {
 }
 
 func TestIssue874(t *testing.T) {
-	emptyUnknown := make(map[rune]bool)
+	var emptyModeChanges ModeChanges
+	var emptyUnknown []rune
 	modes, unknown := ParseChannelModeChanges("+k")
 	assertEqual(unknown, emptyUnknown, t)
-	assertEqual(modes, ModeChanges{}, t)
+	assertEqual(modes, emptyModeChanges, t)
 
 	modes, unknown = ParseChannelModeChanges("+k", "beer")
 	assertEqual(unknown, emptyUnknown, t)
@@ -151,7 +153,7 @@ func TestParseChannelModeChanges(t *testing.T) {
 	}
 
 	modes, unknown = ParseChannelModeChanges("+tx")
-	if len(unknown) != 1 || !unknown['x'] {
+	if len(unknown) != 1 || !slices.Contains(unknown, 'x') {
 		t.Errorf("expected that x is an unknown mode, instead: %v", unknown)
 	}
 	expected = ModeChange{
diff --git a/irc/monitor.go b/irc/monitor.go
index 9131e81b..46ab46e6 100644
--- a/irc/monitor.go
+++ b/irc/monitor.go
@@ -38,7 +38,7 @@ func (manager *MonitorManager) AddMonitors(users utils.HashSet[*Session], cfnick
 }
 
 // AlertAbout alerts everyone monitoring `client`'s nick that `client` is now {on,off}line.
-func (manager *MonitorManager) AlertAbout(nick, cfnick string, online bool) {
+func (manager *MonitorManager) AlertAbout(nick, cfnick string, online bool, client *Client) {
 	var watchers []*Session
 	// safely copy the list of clients watching our nick
 	manager.RLock()
@@ -52,8 +52,21 @@ func (manager *MonitorManager) AlertAbout(nick, cfnick string, online bool) {
 		command = RPL_MONONLINE
 	}
 
+	var metadata map[string]string
+	if online && client != nil {
+		metadata = client.ListMetadata()
+	}
+
 	for _, session := range watchers {
 		session.Send(nil, session.client.server.name, command, session.client.Nick(), nick)
+
+		if metadata != nil && session.capabilities.Has(caps.Metadata) {
+			for key := range session.MetadataSubscriptions() {
+				if val, ok := metadata[key]; ok {
+					session.Send(nil, client.server.name, "METADATA", nick, key, "*", val)
+				}
+			}
+		}
 	}
 }
 
diff --git a/irc/mysql/history.go b/irc/mysql/history.go
index 4b967104..5f9eff10 100644
--- a/irc/mysql/history.go
+++ b/irc/mysql/history.go
@@ -961,7 +961,7 @@ func (mysql *MySQL) listCorrespondentsInternal(ctx context.Context, target strin
 		}
 		results = append(results, history.TargetListing{
 			CfName: correspondent,
-			Time:   time.Unix(0, nanotime),
+			Time:   time.Unix(0, nanotime).UTC(),
 		})
 	}
 
@@ -1014,7 +1014,7 @@ func (mysql *MySQL) ListChannels(cfchannels []string) (results []history.TargetL
 		}
 		results = append(results, history.TargetListing{
 			CfName: target,
-			Time:   time.Unix(0, nanotime),
+			Time:   time.Unix(0, nanotime).UTC(),
 		})
 	}
 	return
diff --git a/irc/nickname.go b/irc/nickname.go
index b180c005..28781fff 100644
--- a/irc/nickname.go
+++ b/irc/nickname.go
@@ -43,6 +43,8 @@ func performNickChange(server *Server, client *Client, target *Client, session *
 		}
 	} else if err == errNicknameReserved {
 		if !isSanick {
+			// see #1594 for context: ERR_NICKNAMEINUSE can confuse clients if the nickname is not
+			// literally in use:
 			if !client.registered {
 				rb.Add(nil, server.name, ERR_NICKNAMEINUSE, details.nick, utils.SafeErrorParam(nickname), client.t("Nickname is reserved by a different account"))
 			}
@@ -120,13 +122,17 @@ func performNickChange(server *Server, client *Client, target *Client, session *
 	}
 
 	for _, channel := range target.Channels() {
-		channel.AddHistoryItem(histItem, details.account)
+		if channel.memberIsVisible(client) {
+			channel.AddHistoryItem(histItem, details.account)
+		}
 	}
 
 	newCfnick := target.NickCasefolded()
-	if newCfnick != details.nickCasefolded {
-		client.server.monitorManager.AlertAbout(details.nick, details.nickCasefolded, false)
-		client.server.monitorManager.AlertAbout(assignedNickname, newCfnick, true)
+	// send MONITOR updates only for nick changes, not for new connection registration;
+	// defer MONITOR for new connection registration until pre-registration metadata is applied
+	if hadNick && newCfnick != details.nickCasefolded {
+		client.server.monitorManager.AlertAbout(details.nick, details.nickCasefolded, false, nil)
+		client.server.monitorManager.AlertAbout(assignedNickname, newCfnick, true, target)
 	}
 	return nil
 }
diff --git a/irc/nickserv.go b/irc/nickserv.go
index 94004070..c973dc89 100644
--- a/irc/nickserv.go
+++ b/irc/nickserv.go
@@ -241,6 +241,18 @@ indicate an empty password, use * instead.`,
 		"password": {
 			aliasOf: "passwd",
 		},
+		"push": {
+			handler: nsPushHandler,
+			help: `Syntax: $bPUSH LIST$b
+Or:     $bPUSH DELETE <endpoint>$b
+
+PUSH lets you view or modify the state of your push subscriptions.`,
+			helpShort: `$bPUSH$b lets you view or modify your push subscriptions.`,
+			enabled: func(config *Config) bool {
+				return config.WebPush.Enabled
+			},
+			minParams: 1,
+		},
 		"get": {
 			handler: nsGetHandler,
 			help: `Syntax: $bGET <setting>$b
@@ -1043,10 +1055,10 @@ func nsSaregisterHandler(service *ircService, server *Server, client *Client, co
 		var failCode string
 		if err == errAccountAlreadyRegistered || err == errAccountAlreadyVerified {
 			errMsg = client.t("Account already exists")
-			failCode = "USERNAME_EXISTS"
+			failCode = "ACCOUNT_EXISTS"
 		} else if err == errNameReserved {
 			errMsg = client.t(err.Error())
-			failCode = "USERNAME_EXISTS"
+			failCode = "ACCOUNT_EXISTS"
 		} else if err == errAccountBadPassphrase {
 			errMsg = client.t("Passphrase contains forbidden characters or is otherwise invalid")
 			failCode = "INVALID_PASSWORD"
@@ -1310,21 +1322,24 @@ func nsClientsListHandler(service *ircService, server *Server, client *Client, p
 			service.Notice(rb, fmt.Sprintf(client.t("Client %d:"), session.sessionID))
 		}
 		if session.deviceID != "" {
-			service.Notice(rb, fmt.Sprintf(client.t("Device ID:   %s"), session.deviceID))
+			service.Notice(rb, fmt.Sprintf(client.t("Device ID:    %s"), session.deviceID))
 		}
-		service.Notice(rb, fmt.Sprintf(client.t("IP address:  %s"), session.ip.String()))
-		service.Notice(rb, fmt.Sprintf(client.t("Hostname:    %s"), session.hostname))
 		if hasPrivs {
-			service.Notice(rb, fmt.Sprintf(client.t("Connection:  %s"), session.connInfo))
+			service.Notice(rb, fmt.Sprintf(client.t("Debug log ID: %s"), session.connID))
 		}
-		service.Notice(rb, fmt.Sprintf(client.t("Created at:  %s"), session.ctime.Format(time.RFC1123)))
-		service.Notice(rb, fmt.Sprintf(client.t("Last active: %s"), session.atime.Format(time.RFC1123)))
+		service.Notice(rb, fmt.Sprintf(client.t("IP address:   %s"), session.ip.String()))
+		service.Notice(rb, fmt.Sprintf(client.t("Hostname:     %s"), session.hostname))
+		if hasPrivs {
+			service.Notice(rb, fmt.Sprintf(client.t("Connection:   %s"), session.connInfo))
+		}
+		service.Notice(rb, fmt.Sprintf(client.t("Created at:   %s"), session.ctime.Format(time.RFC1123)))
+		service.Notice(rb, fmt.Sprintf(client.t("Last active:  %s"), session.atime.Format(time.RFC1123)))
 		if session.certfp != "" {
-			service.Notice(rb, fmt.Sprintf(client.t("Certfp:      %s"), session.certfp))
+			service.Notice(rb, fmt.Sprintf(client.t("Certfp:       %s"), session.certfp))
 		}
 		for _, capStr := range session.caps {
 			if capStr != "" {
-				service.Notice(rb, fmt.Sprintf(client.t("IRCv3 CAPs:  %s"), capStr))
+				service.Notice(rb, fmt.Sprintf(client.t("IRCv3 CAPs:   %s"), capStr))
 			}
 		}
 	}
@@ -1398,6 +1413,11 @@ func nsCertHandler(service *ircService, server *Server, client *Client, command
 	case "add", "del":
 		if 2 <= len(params) {
 			target, certfp = params[0], params[1]
+			if cftarget, err := CasefoldName(target); err == nil && client.Account() == cftarget {
+				// If the target is equal to the account, then the user accidentally invoked operator
+				// syntax (cert add mynick <fp>) instead of self syntax (cert add <fp>).
+				target = ""
+			}
 		} else if len(params) == 1 {
 			certfp = params[0]
 		} else if len(params) == 0 && verb == "add" && rb.session.certfp != "" {
@@ -1651,3 +1671,48 @@ func nsRenameHandler(service *ircService, server *Server, client *Client, comman
 		}
 	}
 }
+
+func nsPushHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
+	switch strings.ToUpper(params[0]) {
+	case "LIST":
+		target := client
+		if len(params) > 1 && client.HasRoleCapabs("accreg") {
+			target = server.clients.Get(params[1])
+			if target == nil {
+				service.Notice(rb, client.t("No such nick"))
+				return
+			}
+		}
+		subscriptions := target.getPushSubscriptions(true)
+		service.Notice(rb, fmt.Sprintf(client.t("Nickname %[1]s has %[2]d push subscription(s)"), target.Nick(), len(subscriptions)))
+		for i, subscription := range subscriptions {
+			service.Notice(rb, fmt.Sprintf(client.t("Subscription %d:"), i+1))
+			service.Notice(rb, fmt.Sprintf(client.t("Endpoint:     %s"), subscription.Endpoint))
+			service.Notice(rb, fmt.Sprintf(client.t("Last renewal: %s"), subscription.LastRefresh.Format(time.RFC1123)))
+			service.Notice(rb, fmt.Sprintf(client.t("Last push:    %s"), subscription.LastSuccess.Format(time.RFC1123)))
+		}
+	case "DELETE":
+		if len(params) < 2 {
+			service.Notice(rb, client.t("Invalid parameters"))
+			return
+		}
+		target := client
+		endpoint := params[1]
+		if len(params) > 2 && client.HasRoleCapabs("accreg") {
+			target = server.clients.Get(params[1])
+			if target == nil {
+				service.Notice(rb, client.t("No such nick"))
+				return
+			}
+			endpoint = params[2]
+		}
+		changed := target.deletePushSubscription(endpoint, true)
+		if changed {
+			service.Notice(rb, client.t("Successfully deleted push subscription"))
+		} else {
+			service.Notice(rb, client.t("Push subscription not found"))
+		}
+	default:
+		service.Notice(rb, client.t("Invalid parameters"))
+	}
+}
diff --git a/irc/numerics.go b/irc/numerics.go
index 97d4604d..fb2c1f07 100644
--- a/irc/numerics.go
+++ b/irc/numerics.go
@@ -183,6 +183,13 @@ const (
 	RPL_MONLIST            = "732"
 	RPL_ENDOFMONLIST       = "733"
 	ERR_MONLISTFULL        = "734"
+	RPL_WHOISKEYVALUE      = "760" // metadata numerics
+	RPL_KEYVALUE           = "761"
+	RPL_KEYNOTSET          = "766"
+	RPL_METADATASUBOK      = "770"
+	RPL_METADATAUNSUBOK    = "771"
+	RPL_METADATASUBS       = "772"
+	RPL_METADATASYNCLATER  = "774" // end metadata numerics
 	RPL_LOGGEDIN           = "900"
 	RPL_LOGGEDOUT          = "901"
 	ERR_NICKLOCKED         = "902"
diff --git a/irc/oauth2/oauth2.go b/irc/oauth2/oauth2.go
new file mode 100644
index 00000000..3228390e
--- /dev/null
+++ b/irc/oauth2/oauth2.go
@@ -0,0 +1,108 @@
+// Copyright 2022-2023 Simon Ser <contact@emersion.fr>
+// Derived from https://git.sr.ht/~emersion/soju/tree/36d6cb19a4f90d217d55afb0b15318321baaad09/item/auth/oauth2.go
+// Originally released under the AGPLv3, relicensed to the Ergo project under the MIT license
+// Modifications copyright 2024 Shivaram Lingamneni <slingamn@cs.stanford.edu>
+// Released under the MIT license
+
+package oauth2
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+var (
+	ErrAuthDisabled = fmt.Errorf("OAuth 2.0 authentication is disabled")
+
+	// all cases where the infrastructure is working correctly, but we determined
+	// that the user supplied an invalid token
+	ErrInvalidToken = fmt.Errorf("OAuth 2.0 bearer token invalid")
+)
+
+type OAuth2BearerConfig struct {
+	Enabled              bool          `yaml:"enabled"`
+	Autocreate           bool          `yaml:"autocreate"`
+	AuthScript           bool          `yaml:"auth-script"`
+	IntrospectionURL     string        `yaml:"introspection-url"`
+	IntrospectionTimeout time.Duration `yaml:"introspection-timeout"`
+	// omit for `none`, required for `client_secret_basic`
+	ClientID     string `yaml:"client-id"`
+	ClientSecret string `yaml:"client-secret"`
+}
+
+func (o *OAuth2BearerConfig) Postprocess() error {
+	if !o.Enabled {
+		return nil
+	}
+
+	if o.IntrospectionTimeout == 0 {
+		return fmt.Errorf("a nonzero oauthbearer introspection timeout is required (try 10s)")
+	}
+
+	if _, err := url.Parse(o.IntrospectionURL); err != nil {
+		return fmt.Errorf("invalid introspection-url: %w", err)
+	}
+
+	return nil
+}
+
+func (o *OAuth2BearerConfig) Introspect(ctx context.Context, token string) (username string, err error) {
+	if !o.Enabled {
+		return "", ErrAuthDisabled
+	}
+
+	ctx, cancel := context.WithTimeout(ctx, o.IntrospectionTimeout)
+	defer cancel()
+
+	reqValues := make(url.Values)
+	reqValues.Set("token", token)
+
+	reqBody := strings.NewReader(reqValues.Encode())
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, o.IntrospectionURL, reqBody)
+	if err != nil {
+		return "", fmt.Errorf("failed to create OAuth 2.0 introspection request: %w", err)
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	if o.ClientID != "" {
+		req.SetBasicAuth(url.QueryEscape(o.ClientID), url.QueryEscape(o.ClientSecret))
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("failed to send OAuth 2.0 introspection request: %v", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("OAuth 2.0 introspection error: %v", resp.Status)
+	}
+
+	var data oauth2Introspection
+	if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
+		return "", fmt.Errorf("failed to decode OAuth 2.0 introspection response: %v", err)
+	}
+
+	if !data.Active {
+		return "", ErrInvalidToken
+	}
+	if data.Username == "" {
+		// We really need the username here, otherwise an OAuth 2.0 user can
+		// impersonate any other user.
+		return "", fmt.Errorf("missing username in OAuth 2.0 introspection response")
+	}
+
+	return data.Username, nil
+}
+
+type oauth2Introspection struct {
+	Active   bool   `json:"active"`
+	Username string `json:"username"`
+}
diff --git a/irc/oauth2/sasl.go b/irc/oauth2/sasl.go
new file mode 100644
index 00000000..58da091d
--- /dev/null
+++ b/irc/oauth2/sasl.go
@@ -0,0 +1,172 @@
+package oauth2
+
+/*
+https://github.com/emersion/go-sasl/blob/e73c9f7bad438a9bf3f5b28e661b74d752ecafdd/oauthbearer.go
+
+Copyright 2019-2022 Simon Ser, Frode Aannevik, Max Mazurov
+Released under the MIT license
+*/
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+var (
+	ErrUnexpectedClientResponse = errors.New("unexpected client response")
+)
+
+// The OAUTHBEARER mechanism name.
+const OAuthBearer = "OAUTHBEARER"
+
+type OAuthBearerError struct {
+	Status  string `json:"status"`
+	Schemes string `json:"schemes"`
+	Scope   string `json:"scope"`
+}
+
+type OAuthBearerOptions struct {
+	Username string `json:"username,omitempty"`
+	Token    string `json:"token,omitempty"`
+	Host     string `json:"host,omitempty"`
+	Port     int    `json:"port,omitempty"`
+}
+
+func (err *OAuthBearerError) Error() string {
+	return fmt.Sprintf("OAUTHBEARER authentication error (%v)", err.Status)
+}
+
+type OAuthBearerAuthenticator func(opts OAuthBearerOptions) *OAuthBearerError
+
+type OAuthBearerServer struct {
+	done         bool
+	failErr      error
+	authenticate OAuthBearerAuthenticator
+}
+
+func (a *OAuthBearerServer) fail(descr string) ([]byte, bool, error) {
+	blob, err := json.Marshal(OAuthBearerError{
+		Status:  "invalid_request",
+		Schemes: "bearer",
+	})
+	if err != nil {
+		panic(err) // wtf
+	}
+	a.failErr = errors.New(descr)
+	return blob, false, nil
+}
+
+func (a *OAuthBearerServer) Next(response []byte) (challenge []byte, done bool, err error) {
+	// Per RFC, we cannot just send an error, we need to return JSON-structured
+	// value as a challenge and then after getting dummy response from the
+	// client stop the exchange.
+	if a.failErr != nil {
+		// Server libraries (go-smtp, go-imap) will not call Next on
+		// protocol-specific SASL cancel response ('*'). However, GS2 (and
+		// indirectly OAUTHBEARER) defines a protocol-independent way to do so
+		// using 0x01.
+		if len(response) != 1 && response[0] != 0x01 {
+			return nil, true, errors.New("unexpected response")
+		}
+		return nil, true, a.failErr
+	}
+
+	if a.done {
+		err = ErrUnexpectedClientResponse
+		return
+	}
+
+	// Generate empty challenge.
+	if response == nil {
+		return []byte{}, false, nil
+	}
+
+	a.done = true
+
+	// Cut n,a=username,\x01host=...\x01auth=...
+	// into
+	//   n
+	//   a=username
+	//   \x01host=...\x01auth=...\x01\x01
+	parts := bytes.SplitN(response, []byte{','}, 3)
+	if len(parts) != 3 {
+		return a.fail("Invalid response")
+	}
+	flag := parts[0]
+	authzid := parts[1]
+	if !bytes.Equal(flag, []byte{'n'}) {
+		return a.fail("Invalid response, missing 'n' in gs2-cb-flag")
+	}
+	opts := OAuthBearerOptions{}
+	if len(authzid) > 0 {
+		if !bytes.HasPrefix(authzid, []byte("a=")) {
+			return a.fail("Invalid response, missing 'a=' in gs2-authzid")
+		}
+		opts.Username = string(bytes.TrimPrefix(authzid, []byte("a=")))
+	}
+
+	// Cut \x01host=...\x01auth=...\x01\x01
+	// into
+	//   *empty*
+	//   host=...
+	//   auth=...
+	//   *empty*
+	//
+	// Note that this code does not do a lot of checks to make sure the input
+	// follows the exact format specified by RFC.
+	params := bytes.Split(parts[2], []byte{0x01})
+	for _, p := range params {
+		// Skip empty fields (one at start and end).
+		if len(p) == 0 {
+			continue
+		}
+
+		pParts := bytes.SplitN(p, []byte{'='}, 2)
+		if len(pParts) != 2 {
+			return a.fail("Invalid response, missing '='")
+		}
+
+		switch string(pParts[0]) {
+		case "host":
+			opts.Host = string(pParts[1])
+		case "port":
+			port, err := strconv.ParseUint(string(pParts[1]), 10, 16)
+			if err != nil {
+				return a.fail("Invalid response, malformed 'port' value")
+			}
+			opts.Port = int(port)
+		case "auth":
+			const prefix = "bearer "
+			strValue := string(pParts[1])
+			// Token type is case-insensitive.
+			if !strings.HasPrefix(strings.ToLower(strValue), prefix) {
+				return a.fail("Unsupported token type")
+			}
+			opts.Token = strValue[len(prefix):]
+		default:
+			return a.fail("Invalid response, unknown parameter: " + string(pParts[0]))
+		}
+	}
+
+	authzErr := a.authenticate(opts)
+	if authzErr != nil {
+		blob, err := json.Marshal(authzErr)
+		if err != nil {
+			panic(err) // wtf
+		}
+		a.failErr = authzErr
+		return blob, false, nil
+	}
+
+	return nil, true, nil
+}
+
+func NewOAuthBearerServer(auth OAuthBearerAuthenticator) *OAuthBearerServer {
+	return &OAuthBearerServer{
+		authenticate: auth,
+	}
+}
diff --git a/irc/panic.go b/irc/panic.go
index ae0b92f4..4dd0ba5f 100644
--- a/irc/panic.go
+++ b/irc/panic.go
@@ -6,14 +6,19 @@ package irc
 import (
 	"fmt"
 	"runtime/debug"
+	"time"
 )
 
 // HandlePanic is a general-purpose panic handler for ad-hoc goroutines.
 // Because of the semantics of `recover`, it must be called directly
 // from the routine on whose call stack the panic would occur, with `defer`,
 // e.g. `defer server.HandlePanic()`
-func (server *Server) HandlePanic() {
+func (server *Server) HandlePanic(restartable func()) {
 	if r := recover(); r != nil {
 		server.logger.Error("internal", fmt.Sprintf("Panic encountered: %v\n%s", r, debug.Stack()))
+		if restartable != nil {
+			time.Sleep(time.Second)
+			go restartable()
+		}
 	}
 }
diff --git a/irc/passwd/bcrypt.go b/irc/passwd/bcrypt.go
index d4daf298..a7dfc1e4 100644
--- a/irc/passwd/bcrypt.go
+++ b/irc/passwd/bcrypt.go
@@ -3,8 +3,11 @@
 
 package passwd
 
-import "golang.org/x/crypto/bcrypt"
-import "golang.org/x/crypto/sha3"
+import (
+	"crypto/sha3"
+
+	"golang.org/x/crypto/bcrypt"
+)
 
 const (
 	MinCost     = bcrypt.MinCost
diff --git a/irc/roleplay.go b/irc/roleplay.go
index 97625644..363d70fb 100644
--- a/irc/roleplay.go
+++ b/irc/roleplay.go
@@ -13,8 +13,8 @@ import (
 )
 
 const (
-	npcNickMask   = "*%s*!%s@npc.fakeuser.invalid"
-	sceneNickMask = "=Scene=!%s@npc.fakeuser.invalid"
+	defaultNPCNickMask   = "*%s*!%s@npc.fakeuser.invalid"
+	defaultSceneNickMask = "=Scene=!%s@npc.fakeuser.invalid"
 )
 
 func sendRoleplayMessage(server *Server, client *Client, source string, targetString string, isScene, isAction bool, messageParts []string, rb *ResponseBuffer) {
@@ -30,7 +30,7 @@ func sendRoleplayMessage(server *Server, client *Client, source string, targetSt
 
 	var sourceMask string
 	if isScene {
-		sourceMask = fmt.Sprintf(sceneNickMask, client.Nick())
+		sourceMask = fmt.Sprintf(server.Config().Roleplay.SceneNickMask, client.Nick())
 	} else {
 		cfSource, cfSourceErr := CasefoldName(source)
 		skelSource, skelErr := Skeleton(source)
@@ -39,7 +39,7 @@ func sendRoleplayMessage(server *Server, client *Client, source string, targetSt
 			rb.Add(nil, client.server.name, ERR_CANNOTSENDRP, targetString, client.t("Invalid roleplay name"))
 			return
 		}
-		sourceMask = fmt.Sprintf(npcNickMask, source, client.Nick())
+		sourceMask = fmt.Sprintf(server.Config().Roleplay.NPCNickMask, source, client.Nick())
 	}
 
 	// block attempts to send CTCP messages to Tor clients
diff --git a/irc/server.go b/irc/server.go
index fbf95beb..641d63f2 100644
--- a/irc/server.go
+++ b/irc/server.go
@@ -36,26 +36,16 @@ import (
 	"github.com/ergochat/ergo/irc/mysql"
 	"github.com/ergochat/ergo/irc/sno"
 	"github.com/ergochat/ergo/irc/utils"
+	"github.com/ergochat/ergo/irc/webpush"
 )
 
 const (
 	alwaysOnMaintenanceInterval = 30 * time.Minute
-)
+	pushMaintenanceInterval     = 24 * time.Hour
 
-var (
 	// common error line to sub values into
 	errorMsg = "ERROR :%s\r\n"
 
-	// three final parameters of 004 RPL_MYINFO, enumerating our supported modes
-	rplMyInfo1, rplMyInfo2, rplMyInfo3 = modes.RplMyInfo()
-
-	// CHANMODES isupport token
-	chanmodesToken = modes.ChanmodesToken()
-
-	// whitelist of caps to serve on the STS-only listener. In particular,
-	// never advertise SASL, to discourage people from sending their passwords:
-	stsOnlyCaps = caps.NewSet(caps.STS, caps.MessageTags, caps.ServerTime, caps.Batch, caps.LabeledResponse, caps.EchoMessage, caps.Nope)
-
 	// we only have standard channels for now. TODO: any updates to this
 	// will also need to be reflected in CasefoldChannel
 	chanTypes = "#"
@@ -63,6 +53,17 @@ var (
 	throttleMessage = "You have attempted to connect too many times within a short duration. Wait a while, and you will be able to connect."
 )
 
+var (
+	// whitelist of caps to serve on the STS-only listener. In particular,
+	// never advertise SASL, to discourage people from sending their passwords:
+	stsOnlyCaps = caps.NewSet(caps.STS, caps.MessageTags, caps.ServerTime, caps.Batch, caps.LabeledResponse, caps.EchoMessage, caps.Nope)
+
+	httpVerbs = utils.SetLiteral("CONNECT", "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT", "TRACE")
+
+	unixEpoch       = time.Unix(0, 0).UTC()
+	year2262Problem = time.Unix(0, 1<<63-1).UTC() // this is the maximum time for which (*time.Time).UnixNano() is well-defined
+)
+
 // Server is the main Oragono server.
 type Server struct {
 	accepts           AcceptManager
@@ -95,7 +96,13 @@ type Server struct {
 	stats             Stats
 	semaphores        ServerSemaphores
 	flock             flock.Flocker
+	connIDCounter     atomic.Uint64
 	defcon            atomic.Uint32
+
+	// API stuff
+	apiHandler  http.Handler // always initialized
+	apiListener *utils.ReloadableListener
+	apiServer   *http.Server // nil if API is not enabled
 }
 
 // NewServer returns a new Oragono server.
@@ -122,6 +129,8 @@ func NewServer(config *Config, logger *logger.Manager) (*Server, error) {
 	server.monitorManager.Initialize()
 	server.snomasks.Initialize()
 
+	server.apiHandler = newAPIHandler(server)
+
 	if err := server.applyConfig(config); err != nil {
 		return nil, err
 	}
@@ -134,6 +143,7 @@ func NewServer(config *Config, logger *logger.Manager) (*Server, error) {
 	}
 
 	time.AfterFunc(alwaysOnMaintenanceInterval, server.periodicAlwaysOnMaintenance)
+	time.AfterFunc(pushMaintenanceInterval, server.periodicPushMaintenance)
 
 	return server, nil
 }
@@ -266,7 +276,7 @@ func (server *Server) periodicAlwaysOnMaintenance() {
 		time.AfterFunc(alwaysOnMaintenanceInterval, server.periodicAlwaysOnMaintenance)
 	}()
 
-	defer server.HandlePanic()
+	defer server.HandlePanic(nil)
 
 	server.logger.Info("accounts", "Performing periodic always-on client checks")
 	server.performAlwaysOnMaintenance(true, true)
@@ -290,6 +300,47 @@ func (server *Server) performAlwaysOnMaintenance(checkExpiration, flushTimestamp
 	}
 }
 
+func (server *Server) periodicPushMaintenance() {
+	defer func() {
+		// reschedule whether or not there was a panic
+		time.AfterFunc(pushMaintenanceInterval, server.periodicPushMaintenance)
+	}()
+
+	defer server.HandlePanic(nil)
+
+	if server.Config().WebPush.Enabled {
+		server.logger.Info("webpush", "Performing periodic push subscription maintenance")
+		server.performPushMaintenance()
+	} // else: reschedule and check again later, the operator may enable it via rehash
+}
+
+func (server *Server) performPushMaintenance() {
+	expiration := time.Duration(server.Config().WebPush.Expiration)
+	for _, client := range server.clients.AllWithPushSubscriptions() {
+		for _, sub := range client.getPushSubscriptions(true) {
+			now := time.Now()
+			// require both periodic successful push messages and renewal of the subscription via WEBPUSH REGISTER
+			if now.Sub(sub.LastSuccess) > expiration || now.Sub(sub.LastRefresh) > expiration {
+				server.logger.Debug("webpush", "expiring push subscription for client", client.Nick(), sub.Endpoint)
+				client.deletePushSubscription(sub.Endpoint, false)
+			} else if now.Sub(sub.LastSuccess) > expiration/2 {
+				// we haven't pushed to them recently, make an attempt
+				server.logger.Debug("webpush", "pinging push subscription for client", client.Nick(), sub.Endpoint)
+				client.sendAndTrackPush(
+					sub.Endpoint, sub.Keys,
+					pushMessage{
+						msg:     webpush.PingMessage,
+						urgency: webpush.UrgencyNormal,
+					},
+					false,
+				)
+			}
+		}
+		// persist all push subscriptions on the assumption that the timestamps have changed
+		client.Store(IncludePushSubscriptions)
+	}
+}
+
 // handles server.ip-check-script.exempt-sasl:
 // run the ip check script at the end of the handshake, only for anonymous connections
 func (server *Server) checkBanScriptExemptSASL(config *Config, session *Session) (outcome AuthOutcome) {
@@ -302,7 +353,7 @@ func (server *Server) checkBanScriptExemptSASL(config *Config, session *Session)
 		return authSuccess
 	}
 	if output.Result == IPBanned || output.Result == IPRequireSASL {
-		server.logger.Info("connect-ip", "Rejecting unauthenticated client due to ip-check-script", ipaddr.String())
+		server.logger.Info("connect-ip", session.connID, "Rejecting unauthenticated client due to ip-check-script", ipaddr.String())
 		if output.BanMessage != "" {
 			session.client.requireSASLMessage = output.BanMessage
 		}
@@ -314,9 +365,7 @@ func (server *Server) checkBanScriptExemptSASL(config *Config, session *Session)
 func (server *Server) tryRegister(c *Client, session *Session) (exiting bool) {
 	// XXX PROXY or WEBIRC MUST be sent as the first line of the session;
 	// if we are here at all that means we have the final value of the IP
-	if session.rawHostname == "" {
-		session.client.lookupHostname(session, false)
-	}
+	c.finalizeHostname(session)
 
 	// try to complete registration normally
 	// XXX(#1057) username can be filled in by an ident query without the client
@@ -379,16 +428,27 @@ func (server *Server) tryRegister(c *Client, session *Session) (exiting bool) {
 		c.SetMode(defaultMode, true)
 	}
 
+	c.applyPreregMetadata(session)
+
+	c.server.monitorManager.AlertAbout(c.Nick(), c.NickCasefolded(), true, c)
+
+	// this is not a reattach, so if the client is always-on, this is the first time
+	// the Client object was created during the current server uptime. mark dirty in
+	// order to persist the realname and the user modes:
+	if c.AlwaysOn() {
+		c.markDirty(IncludeAllAttrs)
+	}
+
 	// count new user in statistics (before checking KLINEs, see #1303)
 	server.stats.Register(c.HasMode(modes.Invisible))
 
 	// check KLINEs (#671: ignore KLINEs for loopback connections)
 	if !session.IP().IsLoopback() || session.isTor {
 		isBanned, info := server.klines.CheckMasks(c.AllNickmasks()...)
-		if isBanned {
+		if isBanned && !(info.RequireSASL && session.client.Account() != "") {
 			c.setKlined()
 			c.Quit(info.BanMessage(c.t("You are banned from this server (%s)")), nil)
-			server.logger.Info("connect", "Client rejected by k-line", c.NickMaskString())
+			server.logger.Info("connect", session.connID, "Client rejected by k-line", c.NickMaskString())
 			return true
 		}
 	}
@@ -420,7 +480,7 @@ func (server *Server) playRegistrationBurst(session *Session) {
 	c := session.client
 	// continue registration
 	d := c.Details()
-	server.logger.Info("connect", fmt.Sprintf("Client connected [%s] [u:%s] [r:%s]", d.nick, d.username, d.realname))
+	server.logger.Info("connect", session.connID, fmt.Sprintf("Client connected [%s] [u:%s] [r:%s]", d.nick, d.username, d.realname))
 	server.snomasks.Send(sno.LocalConnects, fmt.Sprintf("Client connected [%s] [u:%s] [h:%s] [ip:%s] [r:%s]", d.nick, d.username, session.rawHostname, session.IP().String(), d.realname))
 	if d.account != "" {
 		server.sendLoginSnomask(d.nickMask, d.accountName)
@@ -433,10 +493,16 @@ func (server *Server) playRegistrationBurst(session *Session) {
 	session.Send(nil, server.name, RPL_WELCOME, d.nick, fmt.Sprintf(c.t("Welcome to the %s IRC Network %s"), config.Network.Name, d.nick))
 	session.Send(nil, server.name, RPL_YOURHOST, d.nick, fmt.Sprintf(c.t("Your host is %[1]s, running version %[2]s"), server.name, Ver))
 	session.Send(nil, server.name, RPL_CREATED, d.nick, fmt.Sprintf(c.t("This server was created %s"), server.ctime.Format(time.RFC1123)))
+	rplMyInfo1, rplMyInfo2, rplMyInfo3 := modes.RplMyInfo()
 	session.Send(nil, server.name, RPL_MYINFO, d.nick, server.name, Ver, rplMyInfo1, rplMyInfo2, rplMyInfo3)
 
 	rb := NewResponseBuffer(session)
-	server.RplISupport(c, rb)
+	if !(rb.session.capabilities.Has(caps.ExtendedISupport) && rb.session.isupportSentPrereg) {
+		server.RplISupport(c, rb)
+	}
+	if session.capabilities.Has(caps.Metadata) {
+		playMetadataVerbBatch(rb, d.nick, c.ListMetadata())
+	}
 	if d.account != "" && session.capabilities.Has(caps.Persistence) {
 		reportPersistenceStatus(c, rb, false)
 	}
@@ -458,15 +524,22 @@ func (server *Server) playRegistrationBurst(session *Session) {
 
 // RplISupport outputs our ISUPPORT lines to the client. This is used on connection and in VERSION responses.
 func (server *Server) RplISupport(client *Client, rb *ResponseBuffer) {
-	translatedISupport := client.t("are supported by this server")
+	server.sendRplISupportLines(client, rb, server.Config().Server.isupport.CachedReply)
+}
+
+func (server *Server) sendRplISupportLines(client *Client, rb *ResponseBuffer, lines [][]string) {
+	if rb.session.capabilities.Has(caps.ExtendedISupport) {
+		batchID := rb.StartNestedBatch(caps.ExtendedISupportBatchType)
+		defer rb.EndNestedBatch(batchID)
+	}
+	finalText := "are supported by this server"
 	nick := client.Nick()
-	config := server.Config()
-	for _, cachedTokenLine := range config.Server.isupport.CachedReply {
+	for _, cachedTokenLine := range lines {
 		length := len(cachedTokenLine) + 2
 		tokenline := make([]string, length)
 		tokenline[0] = nick
 		copy(tokenline[1:], cachedTokenLine)
-		tokenline[length-1] = translatedISupport
+		tokenline[length-1] = finalText
 		rb.Add(nil, server.name, RPL_ISUPPORT, tokenline...)
 	}
 }
@@ -564,7 +637,6 @@ func (client *Client) getWhoisOf(target *Client, hasPrivs bool, rb *ResponseBuff
 	if target.HasMode(modes.Bot) {
 		rb.Add(nil, client.server.name, RPL_WHOISBOT, cnick, tnick, fmt.Sprintf(ircfmt.Unescape(client.t("is a $bBot$b on %s")), client.server.Config().Network.Name))
 	}
-
 	if client == target || oper.HasRoleCapab("ban") {
 		for _, session := range target.Sessions() {
 			if session.certfp != "" {
@@ -576,12 +648,17 @@ func (client *Client) getWhoisOf(target *Client, hasPrivs bool, rb *ResponseBuff
 	if away, awayMessage := target.Away(); away {
 		rb.Add(nil, client.server.name, RPL_AWAY, cnick, tnick, awayMessage)
 	}
+	if rb.session.capabilities.Has(caps.Metadata) {
+		for key, value := range target.ListMetadata() {
+			rb.Add(nil, client.server.name, RPL_WHOISKEYVALUE, cnick, tnick, key, "*", value)
+		}
+	}
 }
 
 // rehash reloads the config and applies the changes from the config file.
 func (server *Server) rehash() error {
 	// #1570; this needs its own panic handling because it can be invoked via SIGHUP
-	defer server.HandlePanic()
+	defer server.HandlePanic(nil)
 
 	server.logger.Info("server", "Attempting rehash")
 
@@ -619,6 +696,9 @@ func (server *Server) applyConfig(config *Config) (err error) {
 		globalCasemappingSetting = config.Server.Casemapping
 		globalUtf8EnforcementSetting = config.Server.EnforceUtf8
 		MaxLineLen = config.Server.MaxLineLen
+		RegisterTimeout = config.Server.IdleTimeouts.Registration
+		PingTimeout = config.Server.IdleTimeouts.Ping
+		DisconnectTimeout = config.Server.IdleTimeouts.Disconnect
 	} else {
 		// enforce configs that can't be changed after launch:
 		if server.name != config.Server.Name {
@@ -644,6 +724,8 @@ func (server *Server) applyConfig(config *Config) (err error) {
 			return fmt.Errorf("Cannot enable MySQL after launching the server, rehash aborted")
 		} else if oldConfig.Server.MaxLineLen != config.Server.MaxLineLen {
 			return fmt.Errorf("Cannot change max-line-len after launching the server, rehash aborted")
+		} else if oldConfig.Server.IdleTimeouts != config.Server.IdleTimeouts {
+			return fmt.Errorf("Cannot change idle-timeouts after launching the server, rehash aborted")
 		}
 	}
 
@@ -702,9 +784,6 @@ func (server *Server) applyConfig(config *Config) (err error) {
 		if !oldConfig.Accounts.NickReservation.Enabled {
 			server.accounts.buildNickToAccountIndex(config)
 		}
-		if !oldConfig.Channels.Registration.Enabled {
-			server.channels.loadRegisteredChannels(config)
-		}
 		// resize history buffers as needed
 		if config.historyChangedFrom(oldConfig) {
 			for _, channel := range server.channels.Channels() {
@@ -738,6 +817,16 @@ func (server *Server) applyConfig(config *Config) (err error) {
 		return fmt.Errorf("Could not load cloak secret: %w", err)
 	}
 	config.Server.Cloaks.SetSecret(cloakSecret)
+	// similarly bring the VAPID keys into the config, which requires regenerating the 005
+	if config.WebPush.Enabled {
+		config.WebPush.vapidKeys, err = LoadVAPIDKeys(server.dstore)
+		if err != nil {
+			return fmt.Errorf("Could not load VAPID keys: %w", err)
+		}
+		if err = config.generateISupport(); err != nil {
+			return fmt.Errorf("Could not regenerate cached 005 for VAPID: %w", err)
+		}
+	}
 
 	// activate the new config
 	server.config.Store(config)
@@ -780,6 +869,8 @@ func (server *Server) applyConfig(config *Config) (err error) {
 
 	server.setupPprofListener(config)
 
+	server.setupAPIListener(config)
+
 	// set RPL_ISUPPORT
 	var newISupportReplies [][]string
 	if oldConfig != nil {
@@ -799,13 +890,19 @@ func (server *Server) applyConfig(config *Config) (err error) {
 	}
 
 	if !initial {
-		// push new info to all of our clients
-		for _, sClient := range server.clients.AllClients() {
-			for _, tokenline := range newISupportReplies {
-				sClient.Send(nil, server.name, RPL_ISUPPORT, append([]string{sClient.nick}, tokenline...)...)
+		// send 005 updates (somewhat rare)
+		if len(newISupportReplies) != 0 {
+			for _, sClient := range server.clients.AllClients() {
+				for _, session := range sClient.Sessions() {
+					rb := NewResponseBuffer(session)
+					server.sendRplISupportLines(sClient, rb, newISupportReplies)
+					rb.Send(false)
+				}
 			}
+		}
 
-			if sendRawOutputNotice {
+		if sendRawOutputNotice {
+			for _, sClient := range server.clients.AllClients() {
 				sClient.Notice(sClient.t("This server is in debug mode and is logging all user I/O. If you do not wish for everything you send to be readable by the server owner(s), please disconnect."))
 			}
 		}
@@ -815,6 +912,9 @@ func (server *Server) applyConfig(config *Config) (err error) {
 	if config.Accounts.RequireSasl.Enabled && config.Accounts.Registration.Enabled {
 		server.logger.Warning("server", "Warning: although require-sasl is enabled, users can still register accounts. If your server is not intended to be public, you must set accounts.registration.enabled to false.")
 	}
+	if config.History.Enabled && config.History.ChathistoryMax == 0 {
+		server.logger.Warning("server", "Warning: for history to work correctly, you must set history.chathistory-maxmessages (see default.yaml for a recommendation).")
+	}
 
 	return err
 }
@@ -842,6 +942,46 @@ func (server *Server) setupPprofListener(config *Config) {
 	}
 }
 
+func (server *Server) setupAPIListener(config *Config) {
+	if server.apiServer != nil {
+		if !config.API.Enabled || (config.API.Listener != server.apiServer.Addr) {
+			server.logger.Info("server", "Stopping API listener", server.apiServer.Addr)
+			server.apiServer.Close()
+			server.apiListener = nil
+			server.apiServer = nil
+		}
+	}
+	if !config.API.Enabled {
+		return
+	}
+	listenerConfig := utils.ListenerConfig{
+		TLSConfig: config.API.tlsConfig,
+	}
+	if server.apiListener != nil {
+		server.apiListener.Reload(listenerConfig)
+		return
+	}
+	listener, err := net.Listen("tcp", config.API.Listener)
+	if err != nil {
+		server.logger.Error("server", "Couldn't create API listener", config.API.Listener, err.Error())
+		return
+	}
+	server.apiListener = utils.NewReloadableListener(listener, listenerConfig)
+	server.apiServer = &http.Server{
+		Addr:           config.API.Listener, // just informational since we created the listener ourselves
+		Handler:        server.apiHandler,
+		ReadTimeout:    10 * time.Second,
+		WriteTimeout:   10 * time.Second,
+		MaxHeaderBytes: 16384,
+	}
+	go func(hs *http.Server, listener net.Listener) {
+		if err := hs.Serve(listener); err != nil {
+			server.logger.Error("server", "API listener failed", err.Error())
+		}
+	}(server.apiServer, server.apiListener)
+	server.logger.Info("server", "Started API listener", server.apiServer.Addr)
+}
+
 func (server *Server) loadDatastore(config *Config) error {
 	// open the datastore and load server state for which it (rather than config)
 	// is the source of truth
@@ -1114,6 +1254,16 @@ func (server *Server) UnfoldName(cfname string) (name string) {
 	return server.clients.UnfoldNick(cfname)
 }
 
+// generateConnectionID generates a unique string identifier for an incoming connection.
+// this identifier is only used for debug logging.
+func (server *Server) generateConnectionID() string {
+	id := server.connIDCounter.Add(1)
+	// pad with leading zeroes to a minimum length of 5 hex digits. this enhances greppability;
+	// the identifier length will be 6 for the first 1048576 connections, which is less important
+	// but makes the log slightly easier to read
+	return fmt.Sprintf("s%05x", id)
+}
+
 // elistMatcher takes and matches ELIST conditions
 type elistMatcher struct {
 	MinClientsActive bool
diff --git a/irc/services.go b/irc/services.go
index 7bd9c5f1..8e243f4b 100644
--- a/irc/services.go
+++ b/irc/services.go
@@ -7,7 +7,7 @@ import (
 	"bytes"
 	"fmt"
 	"log"
-	"sort"
+	"slices"
 	"strings"
 	"time"
 
@@ -223,7 +223,6 @@ func serviceRunCommand(service *ircService, server *Server, client *Client, cmd
 		return
 	}
 
-	server.logger.Debug("services", fmt.Sprintf("Client %s ran %s command %s", client.Nick(), service.Name, commandName))
 	if commandName == "help" {
 		serviceHelpHandler(service, server, client, params, rb)
 	} else {
@@ -251,7 +250,7 @@ func serviceHelpHandler(service *ircService, server *Server, client *Client, par
 			client.t("Here are the commands you can use:"),
 		}...)
 		// show general help
-		var shownHelpLines sort.StringSlice
+		var shownHelpLines []string
 		var disabledCommands bool
 		for _, commandInfo := range service.Commands {
 			// skip commands user can't access
@@ -269,13 +268,13 @@ func serviceHelpHandler(service *ircService, server *Server, client *Client, par
 			shownHelpLines = append(shownHelpLines, "    "+ircfmt.Unescape(client.t(commandInfo.helpShort)))
 		}
 
+		// sort help lines
+		slices.Sort(shownHelpLines)
+
 		if disabledCommands {
 			shownHelpLines = append(shownHelpLines, "    "+client.t("... and other commands which have been disabled"))
 		}
 
-		// sort help lines
-		sort.Sort(shownHelpLines)
-
 		// push out help text
 		for _, line := range helpBannerLines {
 			sendNotice(line)
diff --git a/irc/smtp/smtp.go b/irc/smtp/smtp.go
index f43d23d5..adf7a48f 100644
--- a/irc/smtp/smtp.go
+++ b/irc/smtp/smtp.go
@@ -55,17 +55,18 @@ type Client struct {
 
 // Dial returns a new Client connected to an SMTP server at addr.
 // The addr must include a port, as in "mail.example.com:smtp".
-func Dial(addr string, timeout time.Duration, implicitTLS bool) (*Client, error) {
+func Dial(protocol, addr string, localAddress net.Addr, timeout time.Duration, implicitTLS bool) (*Client, error) {
 	var conn net.Conn
 	var err error
 	dialer := net.Dialer{
-		Timeout: timeout,
+		Timeout:   timeout,
+		LocalAddr: localAddress,
 	}
 	start := time.Now()
 	if !implicitTLS {
-		conn, err = dialer.Dial("tcp", addr)
+		conn, err = dialer.Dial(protocol, addr)
 	} else {
-		conn, err = tls.DialWithDialer(&dialer, "tcp", addr, nil)
+		conn, err = tls.DialWithDialer(&dialer, protocol, addr, nil)
 	}
 	if err != nil {
 		return nil, err
@@ -232,7 +233,7 @@ func (c *Client) Auth(a Auth) error {
 	}
 	resp64 := make([]byte, encoding.EncodedLen(len(resp)))
 	encoding.Encode(resp64, resp)
-	code, msg64, err := c.cmd(0, strings.TrimSpace(fmt.Sprintf("AUTH %s %s", mech, resp64)))
+	code, msg64, err := c.cmd(0, "%s", strings.TrimSpace(fmt.Sprintf("AUTH %s %s", mech, resp64)))
 	for err == nil {
 		var msg []byte
 		switch code {
@@ -258,7 +259,7 @@ func (c *Client) Auth(a Auth) error {
 		}
 		resp64 = make([]byte, encoding.EncodedLen(len(resp)))
 		encoding.Encode(resp64, resp)
-		code, msg64, err = c.cmd(0, string(resp64))
+		code, msg64, err = c.cmd(0, "%s", resp64)
 	}
 	return err
 }
@@ -341,7 +342,7 @@ var testHookStartTLS func(*tls.Config) // nil, except for tests
 // functionality. Higher-level packages exist outside of the standard
 // library.
 // XXX: modified in Ergo to add `requireTLS`, `heloDomain`, and `timeout` arguments
-func SendMail(addr string, a Auth, heloDomain string, from string, to []string, msg []byte, requireTLS, implicitTLS bool, timeout time.Duration) error {
+func SendMail(addr string, a Auth, heloDomain string, from string, to []string, msg []byte, requireTLS, implicitTLS bool, protocol string, localAddress net.Addr, timeout time.Duration) error {
 	if err := validateLine(from); err != nil {
 		return err
 	}
@@ -350,7 +351,7 @@ func SendMail(addr string, a Auth, heloDomain string, from string, to []string,
 			return err
 		}
 	}
-	c, err := Dial(addr, timeout, implicitTLS)
+	c, err := Dial(protocol, addr, localAddress, timeout, implicitTLS)
 	if err != nil {
 		return err
 	}
diff --git a/irc/strings.go b/irc/strings.go
index b67bdac6..03e13c41 100644
--- a/irc/strings.go
+++ b/irc/strings.go
@@ -60,6 +60,10 @@ const (
 	// confusables detection: standard skeleton algorithm (which may be ineffective
 	// over the larger set of permitted identifiers)
 	CasemappingPermissive
+	// rfc1459 is a legacy mapping as defined here: https://modern.ircdocs.horse/#casemapping-parameter
+	CasemappingRFC1459
+	// rfc1459-strict is a legacy mapping as defined here: https://modern.ircdocs.horse/#casemapping-parameter
+	CasemappingRFC1459Strict
 )
 
 // XXX this is a global variable without explicit synchronization.
@@ -69,7 +73,7 @@ var globalCasemappingSetting Casemapping = CasemappingPRECIS
 
 // XXX analogous unsynchronized global variable controlling utf8 validation
 // if this is off, you get the traditional IRC behavior (relaying any valid RFC1459
-// octets) and invalid utf8 messages are silently dropped for websocket clients only.
+// octets), and websocket listeners are disabled.
 // if this is on, invalid utf8 inputs get a FAIL reply.
 var globalUtf8EnforcementSetting bool
 
@@ -110,6 +114,10 @@ func casefoldWithSetting(str string, setting Casemapping) (string, error) {
 		return foldASCII(str)
 	case CasemappingPermissive:
 		return foldPermissive(str)
+	case CasemappingRFC1459:
+		return foldRFC1459(str, false)
+	case CasemappingRFC1459Strict:
+		return foldRFC1459(str, true)
 	}
 }
 
@@ -214,7 +222,7 @@ func Skeleton(name string) (string, error) {
 	switch globalCasemappingSetting {
 	default:
 		return realSkeleton(name)
-	case CasemappingASCII:
+	case CasemappingASCII, CasemappingRFC1459, CasemappingRFC1459Strict:
 		// identity function is fine because we independently case-normalize in Casefold
 		return name, nil
 	}
@@ -302,6 +310,23 @@ func foldASCII(str string) (result string, err error) {
 	return strings.ToLower(str), nil
 }
 
+var (
+	rfc1459Replacer       = strings.NewReplacer("[", "{", "]", "}", "\\", "|", "~", "^")
+	rfc1459StrictReplacer = strings.NewReplacer("[", "{", "]", "}", "\\", "|")
+)
+
+func foldRFC1459(str string, strict bool) (result string, err error) {
+	asciiFold, err := foldASCII(str)
+	if err != nil {
+		return "", err
+	}
+	replacer := rfc1459Replacer
+	if strict {
+		replacer = rfc1459StrictReplacer
+	}
+	return replacer.Replace(asciiFold), nil
+}
+
 func IsPrintableASCII(str string) bool {
 	for i := 0; i < len(str); i++ {
 		// allow space here because it's technically printable;
diff --git a/irc/strings_test.go b/irc/strings_test.go
index 4ee5d1a9..8c9d11f5 100644
--- a/irc/strings_test.go
+++ b/irc/strings_test.go
@@ -279,3 +279,31 @@ func TestFoldASCIIInvalid(t *testing.T) {
 		t.Errorf("control characters should be invalid in identifiers")
 	}
 }
+
+func TestFoldRFC1459(t *testing.T) {
+	folder := func(str string) (string, error) {
+		return foldRFC1459(str, false)
+	}
+	tester := func(first, second string, equal bool) {
+		validFoldTester(first, second, equal, folder, t)
+	}
+	tester("shivaram", "SHIVARAM", true)
+	tester("shivaram[a]", "shivaram{a}", true)
+	tester("shivaram\\a]", "shivaram{a}", false)
+	tester("shivaram\\a]", "shivaram|a}", true)
+	tester("shivaram~a]", "shivaram^a}", true)
+}
+
+func TestFoldRFC1459Strict(t *testing.T) {
+	folder := func(str string) (string, error) {
+		return foldRFC1459(str, true)
+	}
+	tester := func(first, second string, equal bool) {
+		validFoldTester(first, second, equal, folder, t)
+	}
+	tester("shivaram", "SHIVARAM", true)
+	tester("shivaram[a]", "shivaram{a}", true)
+	tester("shivaram\\a]", "shivaram{a}", false)
+	tester("shivaram\\a]", "shivaram|a}", true)
+	tester("shivaram~a]", "shivaram^a}", false)
+}
diff --git a/irc/uban.go b/irc/uban.go
index 8f0e646a..f828e0c1 100644
--- a/irc/uban.go
+++ b/irc/uban.go
@@ -163,7 +163,7 @@ func ubanAddHandler(client *Client, target ubanTarget, params []string, rb *Resp
 	case ubanCIDR:
 		err = ubanAddCIDR(client, target, duration, requireSASL, operReason, rb)
 	case ubanNickmask:
-		err = ubanAddNickmask(client, target, duration, operReason, rb)
+		err = ubanAddNickmask(client, target, duration, requireSASL, operReason, rb)
 	case ubanNick:
 		err = ubanAddAccount(client, target, duration, operReason, rb)
 	}
@@ -242,8 +242,8 @@ func ubanAddCIDR(client *Client, target ubanTarget, duration time.Duration, requ
 	return
 }
 
-func ubanAddNickmask(client *Client, target ubanTarget, duration time.Duration, operReason string, rb *ResponseBuffer) (err error) {
-	err = client.server.klines.AddMask(target.nickOrMask, duration, "", operReason, client.Oper().Name)
+func ubanAddNickmask(client *Client, target ubanTarget, duration time.Duration, requireSASL bool, operReason string, rb *ResponseBuffer) (err error) {
+	err = client.server.klines.AddMask(target.nickOrMask, duration, requireSASL, "", operReason, client.Oper().Name)
 	if err == nil {
 		rb.Notice(fmt.Sprintf(client.t("Successfully added UBAN for %s"), target.nickOrMask))
 	} else {
@@ -455,7 +455,7 @@ func ubanInfoNick(client *Client, target ubanTarget, rb *ResponseBuffer) {
 			rb.Notice(client.t("Warning: banning this IP or a network that contains it may affect other users. Use /UBAN INFO on the candidate IP or network for more information."))
 		}
 	} else {
-		rb.Notice(fmt.Sprintf(client.t("No client is currently using that nickname")))
+		rb.Notice(client.t("No client is currently using that nickname"))
 	}
 
 	account, err := client.server.accounts.LoadAccount(target.nickOrMask)
diff --git a/irc/utils/chunks.go b/irc/utils/chunks.go
new file mode 100644
index 00000000..30376626
--- /dev/null
+++ b/irc/utils/chunks.go
@@ -0,0 +1,28 @@
+package utils
+
+import "iter"
+
+func ChunkifyParams(params iter.Seq[string], maxChars int) [][]string {
+	var chunked [][]string
+
+	var acc []string
+	var length = 0
+
+	for p := range params {
+		length = length + len(p) + 1 // (accounting for the space)
+
+		if length > maxChars {
+			chunked = append(chunked, acc)
+			acc = []string{}
+			length = 0
+		}
+
+		acc = append(acc, p)
+	}
+
+	if len(acc) != 0 {
+		chunked = append(chunked, acc)
+	}
+
+	return chunked
+}
diff --git a/irc/utils/sync.go b/irc/utils/sync.go
deleted file mode 100644
index 563f6185..00000000
--- a/irc/utils/sync.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package utils
-
-import (
-	"sync"
-	"sync/atomic"
-)
-
-// Once is a fork of sync.Once to expose a Done() method.
-type Once struct {
-	done uint32
-	m    sync.Mutex
-}
-
-func (o *Once) Do(f func()) {
-	if atomic.LoadUint32(&o.done) == 0 {
-		o.doSlow(f)
-	}
-}
-
-func (o *Once) doSlow(f func()) {
-	o.m.Lock()
-	defer o.m.Unlock()
-	if o.done == 0 {
-		defer atomic.StoreUint32(&o.done, 1)
-		f()
-	}
-}
-
-func (o *Once) Done() bool {
-	return atomic.LoadUint32(&o.done) == 1
-}
diff --git a/irc/utils/text.go b/irc/utils/text.go
index c42368c6..1fea5e7b 100644
--- a/irc/utils/text.go
+++ b/irc/utils/text.go
@@ -95,6 +95,20 @@ func (sm *SplitMessage) Is512() bool {
 	return sm.Split == nil
 }
 
+func (sm *SplitMessage) CombinedValue() string {
+	if sm.Split == nil {
+		return sm.Message
+	}
+	var buf strings.Builder
+	for i := range sm.Split {
+		if i != 0 && !sm.Split[i].Concat {
+			buf.WriteRune('\n')
+		}
+		buf.WriteString(sm.Split[i].Message)
+	}
+	return buf.String()
+}
+
 // TokenLineBuilder is a helper for building IRC lines composed of delimited tokens,
 // with a maximum line length.
 type TokenLineBuilder struct {
diff --git a/irc/utils/text_test.go b/irc/utils/text_test.go
index a0b4ca45..420f4c44 100644
--- a/irc/utils/text_test.go
+++ b/irc/utils/text_test.go
@@ -66,3 +66,15 @@ func BenchmarkTokenLines(b *testing.B) {
 		tl.Lines()
 	}
 }
+
+func TestCombinedValue(t *testing.T) {
+	var split = SplitMessage{
+		Split: []MessagePair{
+			{"hi", false},
+			{"hi", false},
+			{" again", true},
+			{"you", false},
+		},
+	}
+	assertEqual(split.CombinedValue(), "hi\nhi again\nyou", t)
+}
diff --git a/irc/utils/time.go b/irc/utils/time.go
new file mode 100644
index 00000000..1f04948a
--- /dev/null
+++ b/irc/utils/time.go
@@ -0,0 +1,15 @@
+package utils
+
+import (
+	"time"
+)
+
+// ReadMarkerLessThanOrEqual compares times from the standpoint of
+// draft/read-marker (the presentation format of which truncates the time
+// to the millisecond). In future we might want to consider proactively rounding,
+// instead of truncating, the time, but this has complex implications.
+func ReadMarkerLessThanOrEqual(t1, t2 time.Time) bool {
+	t1 = t1.Truncate(time.Millisecond)
+	t2 = t2.Truncate(time.Millisecond)
+	return t1.Before(t2) || t1.Equal(t2)
+}
diff --git a/irc/version.go b/irc/version.go
index 3f74041b..f7a311a6 100644
--- a/irc/version.go
+++ b/irc/version.go
@@ -7,7 +7,7 @@ import "fmt"
 
 const (
 	// SemVer is the semantic version of Ergo.
-	SemVer = "2.13.0"
+	SemVer = "2.17.0-rc1"
 )
 
 var (
diff --git a/irc/webpush/highlight.go b/irc/webpush/highlight.go
new file mode 100644
index 00000000..a189ce88
--- /dev/null
+++ b/irc/webpush/highlight.go
@@ -0,0 +1,60 @@
+// Copyright (c) 2021-2024 Simon Ser <contact@emersion.fr>
+// Originally released under the AGPLv3, relicensed to the Ergo project under the MIT license
+
+package webpush
+
+import (
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+func isWordBoundary(r rune) bool {
+	switch r {
+	case '-', '_', '|': // inspired from weechat.look.highlight_regex
+		return false
+	default:
+		return !unicode.IsLetter(r) && !unicode.IsNumber(r)
+	}
+}
+
+func isURIPrefix(text string) bool {
+	if i := strings.LastIndexFunc(text, unicode.IsSpace); i >= 0 {
+		text = text[i:]
+	}
+
+	i := strings.Index(text, "://")
+	if i < 0 {
+		return false
+	}
+
+	// See RFC 3986 section 3
+	r, _ := utf8.DecodeLastRuneInString(text[:i])
+	switch r {
+	case '+', '-', '.':
+		return true
+	default:
+		return ('0' <= r && r <= '9') || ('a' <= r && r <= 'z') || ('A' <= r && r <= 'Z')
+	}
+}
+
+func IsHighlight(text, nick string) bool {
+	if len(nick) == 0 {
+		return false
+	}
+
+	for {
+		i := strings.Index(text, nick)
+		if i < 0 {
+			return false
+		}
+
+		left, _ := utf8.DecodeLastRuneInString(text[:i])
+		right, _ := utf8.DecodeRuneInString(text[i+len(nick):])
+		if isWordBoundary(left) && isWordBoundary(right) && !isURIPrefix(text[:i]) {
+			return true
+		}
+
+		text = text[i+len(nick):]
+	}
+}
diff --git a/irc/webpush/security.go b/irc/webpush/security.go
new file mode 100644
index 00000000..378750bf
--- /dev/null
+++ b/irc/webpush/security.go
@@ -0,0 +1,66 @@
+// Copyright (c) 2024 Shivaram Lingamneni <slingamn@cs.stanford.edu>
+// Released under the MIT license
+// Some portions of this code are:
+// Copyright (c) 2024 Simon Ser <contact@emersion.fr>
+// Originally released under the AGPLv3, relicensed to the Ergo project under the MIT license
+
+package webpush
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"net/netip"
+	"net/url"
+	"syscall"
+)
+
+var (
+	errInternalIP = errors.New("dialing an internal IP is forbidden")
+)
+
+func SanityCheckWebPushEndpoint(endpoint string) error {
+	u, err := url.Parse(endpoint)
+	if err != nil {
+		return err
+	}
+	if u.Scheme != "https" {
+		return fmt.Errorf("scheme must be HTTPS")
+	}
+	return nil
+}
+
+// makeExternalOnlyClient builds an http.Client that can only connect
+// to external IP addresses.
+func makeExternalOnlyClient() *http.Client {
+	dialer := &net.Dialer{
+		Control: func(network, address string, c syscall.RawConn) error {
+			ip, _, err := net.SplitHostPort(address)
+			if err != nil {
+				return err
+			}
+
+			parsedIP, err := netip.ParseAddr(ip)
+			if err != nil {
+				return err
+			}
+
+			if isInternalIP(parsedIP) {
+				return errInternalIP
+			}
+
+			return nil
+		},
+	}
+
+	return &http.Client{
+		Transport: &http.Transport{
+			DialContext: dialer.DialContext,
+		},
+	}
+}
+
+func isInternalIP(ip netip.Addr) bool {
+	return ip.IsLoopback() || ip.IsMulticast() || ip.IsPrivate()
+}
diff --git a/irc/webpush/security_test.go b/irc/webpush/security_test.go
new file mode 100644
index 00000000..813f07f4
--- /dev/null
+++ b/irc/webpush/security_test.go
@@ -0,0 +1,21 @@
+package webpush
+
+import (
+	"errors"
+	"testing"
+)
+
+func TestExternalOnlyHTTPClient(t *testing.T) {
+	client := makeExternalOnlyClient()
+
+	for _, url := range []string{
+		"https://127.0.0.2/test",
+		"https://127.0.0.2:8201",
+		"https://127.0.0.2:8201/asdf",
+	} {
+		_, err := client.Get(url)
+		if err == nil || !errors.Is(err, errInternalIP) {
+			t.Errorf("%s was not forbidden as expected (got %v)", url, err)
+		}
+	}
+}
diff --git a/irc/webpush/webpush.go b/irc/webpush/webpush.go
new file mode 100644
index 00000000..a97d7ed4
--- /dev/null
+++ b/irc/webpush/webpush.go
@@ -0,0 +1,148 @@
+// Copyright (c) 2024 Shivaram Lingamneni <slingamn@cs.stanford.edu>
+// Released under the MIT license
+// Some portions of this code are:
+// Copyright (c) 2021-2024 Simon Ser <contact@emersion.fr>
+// Originally released under the AGPLv3, relicensed to the Ergo project under the MIT license
+
+package webpush
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/ergochat/irc-go/ircmsg"
+	webpush "github.com/ergochat/webpush-go/v2"
+
+	"github.com/ergochat/ergo/irc/utils"
+)
+
+// alias some public types and names from webpush-go
+type VAPIDKeys = webpush.VAPIDKeys
+type Keys = webpush.Keys
+
+var (
+	GenerateVAPIDKeys = webpush.GenerateVAPIDKeys
+)
+
+// Urgency is a uint8 representation of urgency to save a few
+// bytes on channel sizes.
+type Urgency uint8
+
+const (
+	// UrgencyVeryLow requires device state: on power and Wi-Fi
+	UrgencyVeryLow Urgency = iota // "very-low"
+	// UrgencyLow requires device state: on either power or Wi-Fi
+	UrgencyLow // "low"
+	// UrgencyNormal excludes device state: low battery
+	UrgencyNormal // "normal"
+	// UrgencyHigh admits device state: low battery
+	UrgencyHigh // "high"
+)
+
+var (
+	// PingMessage is a valid IRC message that we can send to test that the subscription
+	// is valid (i.e. responds to POSTs with a 20x). We do not expect that the client will
+	// actually connect to IRC and send PONG (although it might be nice to have a way to
+	// hint to a client that they should reconnect to renew their subscription?)
+	PingMessage = []byte("PING webpush")
+)
+
+func convertUrgency(u Urgency) webpush.Urgency {
+	switch u {
+	case UrgencyVeryLow:
+		return webpush.UrgencyVeryLow
+	case UrgencyLow:
+		return webpush.UrgencyLow
+	case UrgencyNormal:
+		return webpush.UrgencyNormal
+	case UrgencyHigh:
+		return webpush.UrgencyHigh
+	default:
+		return webpush.UrgencyNormal // shouldn't happen
+	}
+}
+
+var httpClient webpush.HTTPClient = makeExternalOnlyClient()
+
+var (
+	Err404 = errors.New("endpoint returned a 404, indicating that the push subscription is no longer valid")
+
+	errInvalidKey = errors.New("invalid key format")
+)
+
+func DecodeSubscriptionKeys(keysParam string) (keys webpush.Keys, err error) {
+	// The keys parameter is tag-encoded, with each tag value being URL-safe base64 encoded:
+	// * One public key with the name p256dh set to the client's P-256 ECDH public key.
+	// * One shared key with the name auth set to a 16-byte client-generated authentication secret.
+	// since we don't have a separate tag parser implementation, wrap it in a fake IRC line for parsing:
+	fakeIRCLine := fmt.Sprintf("@%s PING", keysParam)
+	ircMsg, err := ircmsg.ParseLine(fakeIRCLine)
+	if err != nil {
+		return
+	}
+	_, auth := ircMsg.GetTag("auth")
+	_, p256 := ircMsg.GetTag("p256dh")
+	return webpush.DecodeSubscriptionKeys(auth, p256)
+}
+
+// MakePushMessage serializes a utils.SplitMessage as a web push message (the args are in
+// logical order)
+func MakePushMessage(command, nuh, accountName, target string, msg utils.SplitMessage) ([]byte, error) {
+	var messageForPush string
+	if msg.Is512() {
+		messageForPush = msg.Message
+	} else {
+		messageForPush = msg.Split[0].Message
+	}
+	return MakePushLine(msg.Time, accountName, nuh, command, target, messageForPush)
+}
+
+// MakePushLine serializes an arbitrary IRC line as a web push message (the args are in
+// IRC syntax order)
+func MakePushLine(time time.Time, accountName, source, command string, params ...string) ([]byte, error) {
+	pushMessage := ircmsg.MakeMessage(nil, source, command, params...)
+	pushMessage.SetTag("time", time.Format(utils.IRCv3TimestampFormat))
+	// "*" is canonical for the unset form of the unfolded account name, but check both:
+	if accountName != "*" && accountName != "" {
+		pushMessage.SetTag("account", accountName)
+	}
+	if line, err := pushMessage.LineBytesStrict(false, 512); err == nil {
+		// strip final \r\n
+		return line[:len(line)-2], nil
+	} else {
+		return nil, err
+	}
+}
+
+func SendWebPush(ctx context.Context, endpoint string, keys Keys, vapidKeys *VAPIDKeys, urgency Urgency, subscriber string, msg []byte) error {
+	wpsub := webpush.Subscription{
+		Endpoint: endpoint,
+		Keys:     keys,
+	}
+
+	options := webpush.Options{
+		HTTPClient: httpClient,
+		VAPIDKeys:  vapidKeys,
+		Subscriber: subscriber,
+		TTL:        7 * 24 * 60 * 60, // seconds
+		Urgency:    convertUrgency(urgency),
+		RecordSize: 2048,
+	}
+
+	resp, err := webpush.SendNotification(ctx, msg, &wpsub, &options)
+	if err != nil {
+		return err
+	}
+	resp.Body.Close()
+
+	if resp.StatusCode == http.StatusNotFound {
+		return Err404
+	} else if 200 <= resp.StatusCode && resp.StatusCode < 300 {
+		return nil
+	} else {
+		return fmt.Errorf("HTTP error: %v", resp.Status)
+	}
+}
diff --git a/irc/webpush/webpush_test.go b/irc/webpush/webpush_test.go
new file mode 100644
index 00000000..4e227fd5
--- /dev/null
+++ b/irc/webpush/webpush_test.go
@@ -0,0 +1,57 @@
+package webpush
+
+import (
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/ergochat/irc-go/ircmsg"
+
+	"github.com/ergochat/ergo/irc/utils"
+)
+
+func TestBuildPushLine(t *testing.T) {
+	now, err := time.Parse(utils.IRCv3TimestampFormat, "2025-01-12T00:55:44.403Z")
+	if err != nil {
+		panic(err)
+	}
+
+	line, err := MakePushLine(now, "*", "ergo.test", "MARKREAD", "#ergo", "timestamp=2025-01-12T00:07:57.972Z")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(line) != "@time=2025-01-12T00:55:44.403Z :ergo.test MARKREAD #ergo timestamp=2025-01-12T00:07:57.972Z" {
+		t.Errorf("got wrong line output: %s", line)
+	}
+}
+
+func TestBuildPushMessage(t *testing.T) {
+	now, err := time.Parse(utils.IRCv3TimestampFormat, "2025-01-12T01:05:04.422Z")
+	if err != nil {
+		panic(err)
+	}
+
+	lineBytes, err := MakePushMessage("PRIVMSG", "shivaram!~u@kca7nfgniet7q.irc", "shivaram", "#redacted", utils.SplitMessage{
+		Message: "[redacted message contents]",
+		Msgid:   "t8st5bb4b9qhed3zs3pwspinca",
+		Time:    now,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	line := string(lineBytes)
+	parsed, err := ircmsg.ParseLineStrict(line, false, 512)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if ok, account := parsed.GetTag("account"); !ok || account != "shivaram" {
+		t.Fatalf("bad account tag %s", account)
+	}
+	if ok, timestamp := parsed.GetTag("time"); !ok || timestamp != "2025-01-12T01:05:04.422Z" {
+		t.Fatal("bad time")
+	}
+	idx := strings.IndexByte(line, ' ')
+	if line[idx+1:] != ":shivaram!~u@kca7nfgniet7q.irc PRIVMSG #redacted :[redacted message contents]" {
+		t.Fatal("bad line")
+	}
+}
diff --git a/irctest b/irctest
index 6425e707..13a76e45 160000
--- a/irctest
+++ b/irctest
@@ -1 +1 @@
-Subproject commit 6425e707acb092386b859ef738ee401a0021f65b
+Subproject commit 13a76e4501749dbc1a604e16978e128ff40edace
diff --git a/traditional.yaml b/traditional.yaml
index 22d2b550..0e36ec8c 100644
--- a/traditional.yaml
+++ b/traditional.yaml
@@ -74,6 +74,7 @@ server:
         max-connections-per-duration: 64
 
     # strict transport security, to get clients to automagically use TLS
+    # (irrelevant in the recommended configuration, with no public plaintext listener)
     sts:
         # whether to advertise STS
         #
@@ -108,9 +109,10 @@ server:
     # the recommended default is 'ascii' (traditional ASCII-only identifiers).
     # the other options are 'precis', which allows UTF8 identifiers that are "sane"
     # (according to UFC 8265), with additional mitigations for homoglyph attacks,
-    # and 'permissive', which allows identifiers containing unusual characters like
+    # 'permissive', which allows identifiers containing unusual characters like
     # emoji, at the cost of increased vulnerability to homoglyph attacks and potential
-    # client compatibility problems. we recommend leaving this value at its default;
+    # client compatibility problems, and the legacy mappings 'rfc1459' and
+    # 'rfc1459-strict'. we recommend leaving this value at its default;
     # however, note that changing it once the network is already up and running is
     # problematic.
     casemapping: "ascii"
@@ -152,6 +154,17 @@ server:
     # if this is true, the motd is escaped using formatting codes like $c, $b, and $i
     motd-formatting: true
 
+    # idle timeouts for inactive clients
+    idle-timeouts:
+        # give the client this long to complete connection registration (i.e. the initial
+        # IRC handshake, including capability negotiation and SASL)
+        registration: 60s
+        # if the client hasn't sent anything for this long, send them a PING
+        ping: 1m30s
+        # if the client hasn't sent anything for this long (including the PONG to the
+        # above PING), disconnect them
+        disconnect: 2m30s
+
     # relaying using the RELAYMSG command
     relaymsg:
         # is relaymsg enabled at all?
@@ -192,6 +205,9 @@ server:
                 # - "192.168.1.1"
                 # - "192.168.10.1/24"
 
+            # whether to accept the hostname parameter on the WEBIRC line as the IRC hostname
+            accept-hostname: true
+
     # maximum length of clients' sendQ in bytes
     # this should be big enough to hold bursts of channel/direct messages
     max-sendq: 96k
@@ -325,6 +341,10 @@ server:
     secure-nets:
         # - "10.0.0.0/8"
 
+    # allow attempts to OPER with a password at most this often. defaults to
+    # 10 seconds when unset.
+    oper-throttle: 10s
+
     # Ergo will write files to disk under certain circumstances, e.g.,
     # CPU profiling or data export. by default, these files will be written
     # to the working directory. set this to customize:
@@ -343,6 +363,17 @@ server:
     # if you don't want to publicize how popular the server is
     suppress-lusers: false
 
+    # publish additional key-value pairs in ISUPPORT (the 005 numeric).
+    # keys that collide with a key published by Ergo will be silently ignored.
+    additional-isupport:
+        #"draft/FILEHOST": "https://example.com/filehost"
+        #"draft/bazbat": "" # empty string means no value
+
+    # optionally map command alias names to existing ergo commands. most deployments
+    # should ignore this.
+    #command-aliases:
+        #"UMGEBUNG": "AMBIANCE"
+
 # account options
 accounts:
     # is account authentication enabled, i.e., can users log into existing accounts?
@@ -378,6 +409,10 @@ accounts:
             sender: "admin@my.network"
             require-tls: true
             helo-domain: "my.network" # defaults to server name if unset
+            # set to `tcp4` to force sending over IPv4, `tcp6` to force IPv6:
+            # protocol: "tcp4"
+            # set to force a specific source/local IPv4 or IPv6 address:
+            # local-address: "1.2.3.4"
             # options to enable DKIM signing of outgoing emails (recommended, but
             # requires creating a DNS entry for the public key):
             # dkim:
@@ -474,7 +509,7 @@ accounts:
         # 1. these nicknames cannot be registered or reserved
         # 2. if a client is automatically renamed by the server,
         #    this is the template that will be used (e.g., Guest-nccj6rgmt97cg)
-        # 3. if enforce-guest-format (see below) is enabled, clients without
+        # 3. if force-guest-format (see below) is enabled, clients without
         #    a registered account will have this template applied to their
         #    nicknames (e.g., 'katie' will become 'Guest-katie')
         guest-nickname-format: "Guest-*"
@@ -559,6 +594,40 @@ accounts:
         # how many scripts are allowed to run at once? 0 for no limit:
         max-concurrency: 64
 
+    # support for login via OAuth2 bearer tokens
+    oauth2:
+        enabled: false
+        # should we automatically create users on presentation of a valid token?
+        autocreate: true
+        # enable this to use auth-script for validation:
+        auth-script: false
+        introspection-url: "https://example.com/api/oidc/introspection"
+        introspection-timeout: 10s
+        # omit for auth method `none`; required for auth method `client_secret_basic`:
+        client-id: "ergo"
+        client-secret: "4TA0I7mJ3fUUcW05KJiODg"
+
+    # support for login via JWT bearer tokens
+    jwt-auth:
+        enabled: false
+        # should we automatically create users on presentation of a valid token?
+        autocreate: true
+        # any of these token definitions can be accepted, allowing for key rotation
+        tokens:
+            -
+                algorithm: "hmac" # either 'hmac', 'rsa', or 'eddsa' (ed25519)
+                # hmac takes a symmetric key, rsa and eddsa take PEM-encoded public keys;
+                # either way, the key can be specified either as a YAML string:
+                key: "nANiZ1De4v6WnltCHN2H7Q"
+                # or as a path to the file containing the key:
+                #key-file: "jwt_pubkey.pem"
+                # list of JWT claim names to search for the user's account name (make sure the format
+                # is what you expect, especially if using "sub"):
+                account-claims: ["preferred_username"]
+                # if a claim is formatted as an email address, require it to have the following domain,
+                # and then strip off the domain and use the local-part as the account name:
+                #strip-domain: "example.com"
+
 # channel options
 channels:
     # modes that are set when new channels are created
@@ -641,6 +710,7 @@ oper-classes:
             - "history"      # modify or delete history messages
             - "defcon"       # use the DEFCON command (restrict server capabilities)
             - "massmessage"  # message all users on the server
+            - "metadata"     # modify arbitrary metadata on channels and users
 
 # ircd operators
 opers:
@@ -705,7 +775,7 @@ logging:
         # be logged, even if you explicitly include it
         #
         # useful types include:
-        #   *               everything (usually used with exclusing some types below)
+        #   *               everything (usually used with excluding some types below)
         #   server          server startup, rehash, and shutdown events
         #   accounts        account registration and authentication
         #   channels        channel creation and operations
@@ -749,7 +819,7 @@ lock-file: "ircd.lock"
 
 # datastore configuration
 datastore:
-    # path to the datastore
+    # path to the database file (used to store account and channel registrations):
     path: ircd.db
 
     # if the database schema requires an upgrade, `autoupgrade` will attempt to
@@ -792,6 +862,9 @@ limits:
     # identlen is the max ident length allowed
     identlen: 20
 
+    # realnamelen is the maximum realname length allowed
+    realnamelen: 150
+
     # channellen is the max channel length allowed
     channellen: 64
 
@@ -811,7 +884,7 @@ limits:
     whowas-entries: 100
 
     # maximum length of channel lists (beI modes)
-    chan-list-modes: 60
+    chan-list-modes: 100
 
     # maximum number of messages to accept during registration (prevents
     # DoS / resource exhaustion attacks):
@@ -848,6 +921,7 @@ fakelag:
         "MARKREAD":    16
         "MONITOR":     1
         "WHO":         4
+        "WEBPUSH":     1
 
 # the roleplay commands are semi-standardized extensions to IRC that allow
 # sending and receiving messages from pseudo-nicknames. this can be used either
@@ -866,6 +940,12 @@ roleplay:
     # add the real nickname, in parentheses, to the end of every roleplay message?
     add-suffix: true
 
+    # allow customizing the NUH's sent for NPC and SCENE commands
+    # NPC: the first %s is the NPC name, the second is the user's real nick
+    #npc-nick-mask: "*%s*!%s@npc.fakeuser.invalid"
+    # SCENE: the %s is the client's real nick
+    #scene-nick-mask: "=Scene=!%s@npc.fakeuser.invalid"
+
 # external services can integrate with the ircd using JSON Web Tokens (https://jwt.io).
 # in effect, the server can sign a token attesting that the client is present on
 # the server, is a member of a particular channel, etc.
@@ -993,3 +1073,56 @@ history:
 # whether to allow customization of the config at runtime using environment variables,
 # e.g., ERGO__SERVER__MAX_SENDQ=128k. see the manual for more details.
 allow-environment-overrides: true
+
+# metadata support for setting key/value data on channels and nicknames.
+metadata:
+    # can clients store metadata?
+    enabled: true
+    # how many keys can a client subscribe to?
+    max-subs: 100
+    # how many keys can be stored per entity?
+    max-keys: 100
+    # rate limiting for client metadata updates, which are expensive to process
+    client-throttle:
+        enabled: true
+        duration: 2m
+        max-attempts: 10
+
+# experimental support for mobile push notifications
+# see the manual for potential security, privacy, and performance implications.
+# DO NOT enable if you are running a Tor or I2P hidden service (i.e. one
+# with no public IP listeners, only Tor/I2P listeners).
+webpush:
+    # are push notifications enabled at all?
+    enabled: false
+    # request timeout for POST'ing the http notification
+    timeout: 10s
+    # delay sending the notification for this amount of time, then suppress it
+    # if the client sent MARKREAD to indicate that it was read on another device
+    delay: 0s
+    # subscriber field for the VAPID JWT authorization:
+    #subscriber: "https://your-website.com/"
+    # maximum number of push subscriptions per user
+    max-subscriptions: 4
+    # expiration time for a push subscription; it must be renewed within this time
+    # by the client reconnecting to IRC. we also detect whether the client is no longer
+    # successfully receiving push messages.
+    expiration: 14d
+
+# HTTP API. we strongly recommend leaving this disabled unless you have a specific
+# need for it.
+api:
+    # is the API enabled at all?
+    enabled: false
+    # listen address:
+    listener: "127.0.0.1:8089"
+    # serve over TLS (strongly recommended if the listener is public):
+    #tls:
+        #cert: fullchain.pem
+        #key: privkey.pem
+    # one or more static bearer tokens accepted for HTTP bearer authentication.
+    # these must be strong, unique, high-entropy printable ASCII strings.
+    # to generate a new token, use `ergo gentoken` or:
+    # python3 -c "import secrets; print(secrets.token_urlsafe(32))"
+    bearer-tokens:
+        - "example"
diff --git a/vendor/github.com/toorop/go-dkim/LICENSE b/vendor/github.com/emersion/go-msgauth/LICENSE
similarity index 94%
rename from vendor/github.com/toorop/go-dkim/LICENSE
rename to vendor/github.com/emersion/go-msgauth/LICENSE
index f1afb74f..60fef8a4 100644
--- a/vendor/github.com/toorop/go-dkim/LICENSE
+++ b/vendor/github.com/emersion/go-msgauth/LICENSE
@@ -1,6 +1,6 @@
-The MIT License (MIT)
+MIT License
 
-Copyright (c) 2015 Stéphane Depierrepont
+Copyright (c) 2017 emersion
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -19,4 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
-
diff --git a/vendor/github.com/emersion/go-msgauth/dkim/canonical.go b/vendor/github.com/emersion/go-msgauth/dkim/canonical.go
new file mode 100644
index 00000000..64ffd0a9
--- /dev/null
+++ b/vendor/github.com/emersion/go-msgauth/dkim/canonical.go
@@ -0,0 +1,199 @@
+package dkim
+
+import (
+	"io"
+	"strings"
+)
+
+// Canonicalization is a canonicalization algorithm.
+type Canonicalization string
+
+const (
+	CanonicalizationSimple  Canonicalization = "simple"
+	CanonicalizationRelaxed                  = "relaxed"
+)
+
+type canonicalizer interface {
+	CanonicalizeHeader(s string) string
+	CanonicalizeBody(w io.Writer) io.WriteCloser
+}
+
+var canonicalizers = map[Canonicalization]canonicalizer{
+	CanonicalizationSimple:  new(simpleCanonicalizer),
+	CanonicalizationRelaxed: new(relaxedCanonicalizer),
+}
+
+// crlfFixer fixes any lone LF without a preceding CR.
+type crlfFixer struct {
+	cr bool
+}
+
+func (cf *crlfFixer) Fix(b []byte) []byte {
+	res := make([]byte, 0, len(b))
+	for _, ch := range b {
+		prevCR := cf.cr
+		cf.cr = false
+		switch ch {
+		case '\r':
+			cf.cr = true
+		case '\n':
+			if !prevCR {
+				res = append(res, '\r')
+			}
+		}
+		res = append(res, ch)
+	}
+	return res
+}
+
+type simpleCanonicalizer struct{}
+
+func (c *simpleCanonicalizer) CanonicalizeHeader(s string) string {
+	return s
+}
+
+type simpleBodyCanonicalizer struct {
+	w         io.Writer
+	crlfBuf   []byte
+	crlfFixer crlfFixer
+}
+
+func (c *simpleBodyCanonicalizer) Write(b []byte) (int, error) {
+	written := len(b)
+	b = append(c.crlfBuf, b...)
+
+	b = c.crlfFixer.Fix(b)
+
+	end := len(b)
+	// If it ends with \r, maybe the next write will begin with \n
+	if end > 0 && b[end-1] == '\r' {
+		end--
+	}
+	// Keep all \r\n sequences
+	for end >= 2 {
+		prev := b[end-2]
+		cur := b[end-1]
+		if prev != '\r' || cur != '\n' {
+			break
+		}
+		end -= 2
+	}
+
+	c.crlfBuf = b[end:]
+
+	var err error
+	if end > 0 {
+		_, err = c.w.Write(b[:end])
+	}
+	return written, err
+}
+
+func (c *simpleBodyCanonicalizer) Close() error {
+	// Flush crlfBuf if it ends with a single \r (without a matching \n)
+	if len(c.crlfBuf) > 0 && c.crlfBuf[len(c.crlfBuf)-1] == '\r' {
+		if _, err := c.w.Write(c.crlfBuf); err != nil {
+			return err
+		}
+	}
+	c.crlfBuf = nil
+
+	if _, err := c.w.Write([]byte(crlf)); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *simpleCanonicalizer) CanonicalizeBody(w io.Writer) io.WriteCloser {
+	return &simpleBodyCanonicalizer{w: w}
+}
+
+type relaxedCanonicalizer struct{}
+
+func (c *relaxedCanonicalizer) CanonicalizeHeader(s string) string {
+	k, v, ok := strings.Cut(s, ":")
+	if !ok {
+		return strings.TrimSpace(strings.ToLower(s)) + ":" + crlf
+	}
+
+	k = strings.TrimSpace(strings.ToLower(k))
+	v = strings.Join(strings.FieldsFunc(v, func(r rune) bool {
+		return r == ' ' || r == '\t' || r == '\n' || r == '\r'
+	}), " ")
+	return k + ":" + v + crlf
+}
+
+type relaxedBodyCanonicalizer struct {
+	w         io.Writer
+	crlfBuf   []byte
+	wsp       bool
+	written   bool
+	crlfFixer crlfFixer
+}
+
+func (c *relaxedBodyCanonicalizer) Write(b []byte) (int, error) {
+	written := len(b)
+
+	b = c.crlfFixer.Fix(b)
+
+	canonical := make([]byte, 0, len(b))
+	for _, ch := range b {
+		if ch == ' ' || ch == '\t' {
+			c.wsp = true
+		} else if ch == '\r' || ch == '\n' {
+			c.wsp = false
+			c.crlfBuf = append(c.crlfBuf, ch)
+		} else {
+			if len(c.crlfBuf) > 0 {
+				canonical = append(canonical, c.crlfBuf...)
+				c.crlfBuf = c.crlfBuf[:0]
+			}
+			if c.wsp {
+				canonical = append(canonical, ' ')
+				c.wsp = false
+			}
+
+			canonical = append(canonical, ch)
+		}
+	}
+
+	if !c.written && len(canonical) > 0 {
+		c.written = true
+	}
+
+	_, err := c.w.Write(canonical)
+	return written, err
+}
+
+func (c *relaxedBodyCanonicalizer) Close() error {
+	if c.written {
+		if _, err := c.w.Write([]byte(crlf)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *relaxedCanonicalizer) CanonicalizeBody(w io.Writer) io.WriteCloser {
+	return &relaxedBodyCanonicalizer{w: w}
+}
+
+type limitedWriter struct {
+	W io.Writer
+	N int64
+}
+
+func (w *limitedWriter) Write(b []byte) (int, error) {
+	if w.N <= 0 {
+		return len(b), nil
+	}
+
+	skipped := 0
+	if int64(len(b)) > w.N {
+		b = b[:w.N]
+		skipped = int(int64(len(b)) - w.N)
+	}
+
+	n, err := w.W.Write(b)
+	w.N -= int64(n)
+	return n + skipped, err
+}
diff --git a/vendor/github.com/emersion/go-msgauth/dkim/dkim.go b/vendor/github.com/emersion/go-msgauth/dkim/dkim.go
new file mode 100644
index 00000000..d9d51cc6
--- /dev/null
+++ b/vendor/github.com/emersion/go-msgauth/dkim/dkim.go
@@ -0,0 +1,23 @@
+// Package dkim creates and verifies DKIM signatures, as specified in RFC 6376.
+//
+// # FAQ
+//
+// Why can't I verify a [net/mail.Message] directly? A [net/mail.Message]
+// header is already parsed, and whitespace characters (especially continuation
+// lines) are removed. Thus, the signature computed from the parsed header is
+// not the same as the one computed from the raw header.
+//
+// How can I publish my public key? You have to add a TXT record to your DNS
+// zone. See [RFC 6376 appendix C]. You can use the dkim-keygen tool included
+// in go-msgauth to generate the key and the TXT record.
+//
+// [RFC 6376 appendix C]: https://tools.ietf.org/html/rfc6376#appendix-C
+package dkim
+
+import (
+	"time"
+)
+
+var now = time.Now
+
+const headerFieldName = "DKIM-Signature"
diff --git a/vendor/github.com/emersion/go-msgauth/dkim/header.go b/vendor/github.com/emersion/go-msgauth/dkim/header.go
new file mode 100644
index 00000000..09f90212
--- /dev/null
+++ b/vendor/github.com/emersion/go-msgauth/dkim/header.go
@@ -0,0 +1,172 @@
+package dkim
+
+import (
+	"bufio"
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"net/textproto"
+	"sort"
+	"strings"
+)
+
+const crlf = "\r\n"
+
+type header []string
+
+func readHeader(r *bufio.Reader) (header, error) {
+	tr := textproto.NewReader(r)
+
+	var h header
+	for {
+		l, err := tr.ReadLine()
+		if err != nil {
+			return h, fmt.Errorf("failed to read header: %v", err)
+		}
+
+		if len(l) == 0 {
+			break
+		} else if len(h) > 0 && (l[0] == ' ' || l[0] == '\t') {
+			// This is a continuation line
+			h[len(h)-1] += l + crlf
+		} else {
+			h = append(h, l+crlf)
+		}
+	}
+
+	return h, nil
+}
+
+func writeHeader(w io.Writer, h header) error {
+	for _, kv := range h {
+		if _, err := w.Write([]byte(kv)); err != nil {
+			return err
+		}
+	}
+	_, err := w.Write([]byte(crlf))
+	return err
+}
+
+func foldHeaderField(kv string) string {
+	buf := bytes.NewBufferString(kv)
+
+	line := make([]byte, 75) // 78 - len("\r\n\s")
+	first := true
+	var fold strings.Builder
+	for len, err := buf.Read(line); err != io.EOF; len, err = buf.Read(line) {
+		if first {
+			first = false
+		} else {
+			fold.WriteString("\r\n ")
+		}
+		fold.Write(line[:len])
+	}
+
+	return fold.String() + crlf
+}
+
+func parseHeaderField(s string) (string, string) {
+	key, value, _ := strings.Cut(s, ":")
+	return strings.TrimSpace(key), strings.TrimSpace(value)
+}
+
+func parseHeaderParams(s string) (map[string]string, error) {
+	pairs := strings.Split(s, ";")
+	params := make(map[string]string)
+	for _, s := range pairs {
+		key, value, ok := strings.Cut(s, "=")
+		if !ok {
+			if strings.TrimSpace(s) == "" {
+				continue
+			}
+			return params, errors.New("dkim: malformed header params")
+		}
+
+		trimmedKey := strings.TrimSpace(key)
+		_, present := params[trimmedKey]
+		if present {
+			return params, errors.New("dkim: duplicate tag name")
+		}
+		params[trimmedKey] = strings.TrimSpace(value)
+	}
+	return params, nil
+}
+
+func formatHeaderParams(headerFieldName string, params map[string]string) string {
+	keys, bvalue, bfound := sortParams(params)
+
+	s := headerFieldName + ":"
+	var line string
+
+	for _, k := range keys {
+		v := params[k]
+		nextLength := 3 + len(line) + len(v) + len(k)
+		if nextLength > 75 {
+			s += line + crlf
+			line = ""
+		}
+		line = fmt.Sprintf("%v %v=%v;", line, k, v)
+	}
+
+	if line != "" {
+		s += line
+	}
+
+	if bfound {
+		bfiled := foldHeaderField(" b=" + bvalue)
+		s += crlf + bfiled
+	}
+
+	return s
+}
+
+func sortParams(params map[string]string) ([]string, string, bool) {
+	keys := make([]string, 0, len(params))
+	bfound := false
+	var bvalue string
+	for k := range params {
+		if k == "b" {
+			bvalue = params["b"]
+			bfound = true
+		} else {
+			keys = append(keys, k)
+		}
+	}
+	sort.Strings(keys)
+	return keys, bvalue, bfound
+}
+
+type headerPicker struct {
+	h      header
+	picked map[string]int
+}
+
+func newHeaderPicker(h header) *headerPicker {
+	return &headerPicker{
+		h:      h,
+		picked: make(map[string]int),
+	}
+}
+
+func (p *headerPicker) Pick(key string) string {
+	key = strings.ToLower(key)
+
+	at := p.picked[key]
+	for i := len(p.h) - 1; i >= 0; i-- {
+		kv := p.h[i]
+		k, _ := parseHeaderField(kv)
+
+		if !strings.EqualFold(k, key) {
+			continue
+		}
+
+		if at == 0 {
+			p.picked[key]++
+			return kv
+		}
+		at--
+	}
+
+	return ""
+}
diff --git a/vendor/github.com/emersion/go-msgauth/dkim/query.go b/vendor/github.com/emersion/go-msgauth/dkim/query.go
new file mode 100644
index 00000000..45134cdd
--- /dev/null
+++ b/vendor/github.com/emersion/go-msgauth/dkim/query.go
@@ -0,0 +1,184 @@
+package dkim
+
+import (
+	"crypto"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"net"
+	"strings"
+
+	"golang.org/x/crypto/ed25519"
+)
+
+type verifier interface {
+	Public() crypto.PublicKey
+	Verify(hash crypto.Hash, hashed []byte, sig []byte) error
+}
+
+type rsaVerifier struct {
+	*rsa.PublicKey
+}
+
+func (v rsaVerifier) Public() crypto.PublicKey {
+	return v.PublicKey
+}
+
+func (v rsaVerifier) Verify(hash crypto.Hash, hashed, sig []byte) error {
+	return rsa.VerifyPKCS1v15(v.PublicKey, hash, hashed, sig)
+}
+
+type ed25519Verifier struct {
+	ed25519.PublicKey
+}
+
+func (v ed25519Verifier) Public() crypto.PublicKey {
+	return v.PublicKey
+}
+
+func (v ed25519Verifier) Verify(hash crypto.Hash, hashed, sig []byte) error {
+	if !ed25519.Verify(v.PublicKey, hashed, sig) {
+		return errors.New("dkim: invalid Ed25519 signature")
+	}
+	return nil
+}
+
+type queryResult struct {
+	Verifier  verifier
+	KeyAlgo   string
+	HashAlgos []string
+	Notes     string
+	Services  []string
+	Flags     []string
+}
+
+// QueryMethod is a DKIM query method.
+type QueryMethod string
+
+const (
+	// DNS TXT resource record (RR) lookup algorithm
+	QueryMethodDNSTXT QueryMethod = "dns/txt"
+)
+
+type txtLookupFunc func(domain string) ([]string, error)
+type queryFunc func(domain, selector string, txtLookup txtLookupFunc) (*queryResult, error)
+
+var queryMethods = map[QueryMethod]queryFunc{
+	QueryMethodDNSTXT: queryDNSTXT,
+}
+
+func queryDNSTXT(domain, selector string, txtLookup txtLookupFunc) (*queryResult, error) {
+	if txtLookup == nil {
+		txtLookup = net.LookupTXT
+	}
+
+	txts, err := txtLookup(selector + "._domainkey." + domain)
+	if netErr, ok := err.(net.Error); ok && netErr.Temporary() {
+		return nil, tempFailError("key unavailable: " + err.Error())
+	} else if err != nil {
+		return nil, permFailError("no key for signature: " + err.Error())
+	}
+
+	// net.LookupTXT will concatenate strings contained in a single TXT record.
+	// In other words, net.LookupTXT returns one entry per TXT record, even if
+	// a record contains multiple strings.
+	//
+	// RFC 6376 section 3.6.2.2 says multiple TXT records lead to undefined
+	// behavior, so reject that.
+	switch len(txts) {
+	case 0:
+		return nil, permFailError("no valid key found")
+	case 1:
+		return parsePublicKey(txts[0])
+	default:
+		return nil, permFailError("multiple TXT records found for key")
+	}
+}
+
+func parsePublicKey(s string) (*queryResult, error) {
+	params, err := parseHeaderParams(s)
+	if err != nil {
+		return nil, permFailError("key record error: " + err.Error())
+	}
+
+	res := new(queryResult)
+
+	if v, ok := params["v"]; ok && v != "DKIM1" {
+		return nil, permFailError("incompatible public key version")
+	}
+
+	p, ok := params["p"]
+	if !ok {
+		return nil, permFailError("key syntax error: missing public key data")
+	}
+	if p == "" {
+		return nil, permFailError("key revoked")
+	}
+	p = strings.ReplaceAll(p, " ", "")
+	b, err := base64.StdEncoding.DecodeString(p)
+	if err != nil {
+		return nil, permFailError("key syntax error: " + err.Error())
+	}
+	switch params["k"] {
+	case "rsa", "":
+		pub, err := x509.ParsePKIXPublicKey(b)
+		if err != nil {
+			// RFC 6376 is inconsistent about whether RSA public keys should
+			// be formatted as RSAPublicKey or SubjectPublicKeyInfo.
+			// Erratum 3017 (https://www.rfc-editor.org/errata/eid3017) proposes
+			// allowing both.
+			pub, err = x509.ParsePKCS1PublicKey(b)
+			if err != nil {
+				return nil, permFailError("key syntax error: " + err.Error())
+			}
+		}
+		rsaPub, ok := pub.(*rsa.PublicKey)
+		if !ok {
+			return nil, permFailError("key syntax error: not an RSA public key")
+		}
+		// RFC 8301 section 3.2: verifiers MUST NOT consider signatures using
+		// RSA keys of less than 1024 bits as valid signatures.
+		if rsaPub.Size()*8 < 1024 {
+			return nil, permFailError(fmt.Sprintf("key is too short: want 1024 bits, has %v bits", rsaPub.Size()*8))
+		}
+		res.Verifier = rsaVerifier{rsaPub}
+		res.KeyAlgo = "rsa"
+	case "ed25519":
+		if len(b) != ed25519.PublicKeySize {
+			return nil, permFailError(fmt.Sprintf("invalid Ed25519 public key size: %v bytes", len(b)))
+		}
+		ed25519Pub := ed25519.PublicKey(b)
+		res.Verifier = ed25519Verifier{ed25519Pub}
+		res.KeyAlgo = "ed25519"
+	default:
+		return nil, permFailError("unsupported key algorithm")
+	}
+
+	if hashesStr, ok := params["h"]; ok {
+		res.HashAlgos = parseTagList(hashesStr)
+	}
+	if notes, ok := params["n"]; ok {
+		res.Notes = notes
+	}
+	if servicesStr, ok := params["s"]; ok {
+		services := parseTagList(servicesStr)
+
+		hasWildcard := false
+		for _, s := range services {
+			if s == "*" {
+				hasWildcard = true
+				break
+			}
+		}
+		if !hasWildcard {
+			res.Services = services
+		}
+	}
+	if flagsStr, ok := params["t"]; ok {
+		res.Flags = parseTagList(flagsStr)
+	}
+
+	return res, nil
+}
diff --git a/vendor/github.com/emersion/go-msgauth/dkim/sign.go b/vendor/github.com/emersion/go-msgauth/dkim/sign.go
new file mode 100644
index 00000000..c4ba8c3c
--- /dev/null
+++ b/vendor/github.com/emersion/go-msgauth/dkim/sign.go
@@ -0,0 +1,346 @@
+package dkim
+
+import (
+	"bufio"
+	"bytes"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+	"time"
+
+	"golang.org/x/crypto/ed25519"
+)
+
+var randReader io.Reader = rand.Reader
+
+// SignOptions is used to configure Sign. Domain, Selector and Signer are
+// mandatory.
+type SignOptions struct {
+	// The SDID claiming responsibility for an introduction of a message into the
+	// mail stream. Hence, the SDID value is used to form the query for the public
+	// key. The SDID MUST correspond to a valid DNS name under which the DKIM key
+	// record is published.
+	//
+	// This can't be empty.
+	Domain string
+	// The selector subdividing the namespace for the domain.
+	//
+	// This can't be empty.
+	Selector string
+	// The Agent or User Identifier (AUID) on behalf of which the SDID is taking
+	// responsibility.
+	//
+	// This is optional.
+	Identifier string
+
+	// The key used to sign the message.
+	//
+	// Supported Signer.Public() values are *rsa.PublicKey and
+	// ed25519.PublicKey.
+	Signer crypto.Signer
+	// The hash algorithm used to sign the message. If zero, a default hash will
+	// be chosen.
+	//
+	// The only supported hash algorithm is crypto.SHA256.
+	Hash crypto.Hash
+
+	// Header and body canonicalization algorithms.
+	//
+	// If empty, CanonicalizationSimple is used.
+	HeaderCanonicalization Canonicalization
+	BodyCanonicalization   Canonicalization
+
+	// A list of header fields to include in the signature. If nil, all headers
+	// will be included. If not nil, "From" MUST be in the list.
+	//
+	// See RFC 6376 section 5.4.1 for recommended header fields.
+	HeaderKeys []string
+
+	// The expiration time. A zero value means no expiration.
+	Expiration time.Time
+
+	// A list of query methods used to retrieve the public key.
+	//
+	// If nil, it is implicitly defined as QueryMethodDNSTXT.
+	QueryMethods []QueryMethod
+}
+
+// Signer generates a DKIM signature.
+//
+// The whole message header and body must be written to the Signer. Close should
+// always be called (either after the whole message has been written, or after
+// an error occurred and the signer won't be used anymore). Close may return an
+// error in case signing fails.
+//
+// After a successful Close, Signature can be called to retrieve the
+// DKIM-Signature header field that the caller should prepend to the message.
+type Signer struct {
+	pw        *io.PipeWriter
+	done      <-chan error
+	sigParams map[string]string // only valid after done received nil
+}
+
+// NewSigner creates a new signer. It returns an error if SignOptions is
+// invalid.
+func NewSigner(options *SignOptions) (*Signer, error) {
+	if options == nil {
+		return nil, fmt.Errorf("dkim: no options specified")
+	}
+	if options.Domain == "" {
+		return nil, fmt.Errorf("dkim: no domain specified")
+	}
+	if options.Selector == "" {
+		return nil, fmt.Errorf("dkim: no selector specified")
+	}
+	if options.Signer == nil {
+		return nil, fmt.Errorf("dkim: no signer specified")
+	}
+
+	headerCan := options.HeaderCanonicalization
+	if headerCan == "" {
+		headerCan = CanonicalizationSimple
+	}
+	if _, ok := canonicalizers[headerCan]; !ok {
+		return nil, fmt.Errorf("dkim: unknown header canonicalization %q", headerCan)
+	}
+
+	bodyCan := options.BodyCanonicalization
+	if bodyCan == "" {
+		bodyCan = CanonicalizationSimple
+	}
+	if _, ok := canonicalizers[bodyCan]; !ok {
+		return nil, fmt.Errorf("dkim: unknown body canonicalization %q", bodyCan)
+	}
+
+	var keyAlgo string
+	switch options.Signer.Public().(type) {
+	case *rsa.PublicKey:
+		keyAlgo = "rsa"
+	case ed25519.PublicKey:
+		keyAlgo = "ed25519"
+	default:
+		return nil, fmt.Errorf("dkim: unsupported key algorithm %T", options.Signer.Public())
+	}
+
+	hash := options.Hash
+	var hashAlgo string
+	switch options.Hash {
+	case 0: // sha256 is the default
+		hash = crypto.SHA256
+		fallthrough
+	case crypto.SHA256:
+		hashAlgo = "sha256"
+	case crypto.SHA1:
+		return nil, fmt.Errorf("dkim: hash algorithm too weak: sha1")
+	default:
+		return nil, fmt.Errorf("dkim: unsupported hash algorithm")
+	}
+
+	if options.HeaderKeys != nil {
+		ok := false
+		for _, k := range options.HeaderKeys {
+			if strings.EqualFold(k, "From") {
+				ok = true
+				break
+			}
+		}
+		if !ok {
+			return nil, fmt.Errorf("dkim: the From header field must be signed")
+		}
+	}
+
+	done := make(chan error, 1)
+	pr, pw := io.Pipe()
+
+	s := &Signer{
+		pw:   pw,
+		done: done,
+	}
+
+	closeReadWithError := func(err error) {
+		pr.CloseWithError(err)
+		done <- err
+	}
+
+	go func() {
+		defer close(done)
+
+		// Read header
+		br := bufio.NewReader(pr)
+		h, err := readHeader(br)
+		if err != nil {
+			closeReadWithError(err)
+			return
+		}
+
+		// Hash body
+		hasher := hash.New()
+		can := canonicalizers[bodyCan].CanonicalizeBody(hasher)
+		if _, err := io.Copy(can, br); err != nil {
+			closeReadWithError(err)
+			return
+		}
+		if err := can.Close(); err != nil {
+			closeReadWithError(err)
+			return
+		}
+		bodyHashed := hasher.Sum(nil)
+
+		params := map[string]string{
+			"v":  "1",
+			"a":  keyAlgo + "-" + hashAlgo,
+			"bh": base64.StdEncoding.EncodeToString(bodyHashed),
+			"c":  string(headerCan) + "/" + string(bodyCan),
+			"d":  options.Domain,
+			//"l": "", // TODO
+			"s": options.Selector,
+			"t": formatTime(now()),
+			//"z": "", // TODO
+		}
+
+		var headerKeys []string
+		if options.HeaderKeys != nil {
+			headerKeys = options.HeaderKeys
+		} else {
+			for _, kv := range h {
+				k, _ := parseHeaderField(kv)
+				headerKeys = append(headerKeys, k)
+			}
+		}
+		params["h"] = formatTagList(headerKeys)
+
+		if options.Identifier != "" {
+			params["i"] = options.Identifier
+		}
+
+		if options.QueryMethods != nil {
+			methods := make([]string, len(options.QueryMethods))
+			for i, method := range options.QueryMethods {
+				methods[i] = string(method)
+			}
+			params["q"] = formatTagList(methods)
+		}
+
+		if !options.Expiration.IsZero() {
+			params["x"] = formatTime(options.Expiration)
+		}
+
+		// Hash and sign headers
+		hasher.Reset()
+		picker := newHeaderPicker(h)
+		for _, k := range headerKeys {
+			kv := picker.Pick(k)
+			if kv == "" {
+				// The Signer MAY include more instances of a header field name
+				// in "h=" than there are actual corresponding header fields so
+				// that the signature will not verify if additional header
+				// fields of that name are added.
+				continue
+			}
+
+			kv = canonicalizers[headerCan].CanonicalizeHeader(kv)
+			if _, err := io.WriteString(hasher, kv); err != nil {
+				closeReadWithError(err)
+				return
+			}
+		}
+
+		params["b"] = ""
+		sigField := formatSignature(params)
+		sigField = canonicalizers[headerCan].CanonicalizeHeader(sigField)
+		sigField = strings.TrimRight(sigField, crlf)
+		if _, err := io.WriteString(hasher, sigField); err != nil {
+			closeReadWithError(err)
+			return
+		}
+		hashed := hasher.Sum(nil)
+
+		// Don't pass Hash to Sign for ed25519 as it doesn't support it
+		// and will return an error ("ed25519: cannot sign hashed message").
+		if keyAlgo == "ed25519" {
+			hash = crypto.Hash(0)
+		}
+
+		sig, err := options.Signer.Sign(randReader, hashed, hash)
+		if err != nil {
+			closeReadWithError(err)
+			return
+		}
+		params["b"] = base64.StdEncoding.EncodeToString(sig)
+
+		s.sigParams = params
+		closeReadWithError(nil)
+	}()
+
+	return s, nil
+}
+
+// Write implements io.WriteCloser.
+func (s *Signer) Write(b []byte) (n int, err error) {
+	return s.pw.Write(b)
+}
+
+// Close implements io.WriteCloser. The error return by Close must be checked.
+func (s *Signer) Close() error {
+	if err := s.pw.Close(); err != nil {
+		return err
+	}
+	return <-s.done
+}
+
+// Signature returns the whole DKIM-Signature header field. It can only be
+// called after a successful Signer.Close call.
+//
+// The returned value contains both the header field name, its value and the
+// final CRLF.
+func (s *Signer) Signature() string {
+	if s.sigParams == nil {
+		panic("dkim: Signer.Signature must only be called after a succesful Signer.Close")
+	}
+	return formatSignature(s.sigParams)
+}
+
+// Sign signs a message. It reads it from r and writes the signed version to w.
+func Sign(w io.Writer, r io.Reader, options *SignOptions) error {
+	s, err := NewSigner(options)
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	// We need to keep the message in a buffer so we can write the new DKIM
+	// header field before the rest of the message
+	var b bytes.Buffer
+	mw := io.MultiWriter(&b, s)
+
+	if _, err := io.Copy(mw, r); err != nil {
+		return err
+	}
+	if err := s.Close(); err != nil {
+		return err
+	}
+
+	if _, err := io.WriteString(w, s.Signature()); err != nil {
+		return err
+	}
+	_, err = io.Copy(w, &b)
+	return err
+}
+
+func formatSignature(params map[string]string) string {
+	sig := formatHeaderParams(headerFieldName, params)
+	return sig
+}
+
+func formatTagList(l []string) string {
+	return strings.Join(l, ":")
+}
+
+func formatTime(t time.Time) string {
+	return strconv.FormatInt(t.Unix(), 10)
+}
diff --git a/vendor/github.com/emersion/go-msgauth/dkim/verify.go b/vendor/github.com/emersion/go-msgauth/dkim/verify.go
new file mode 100644
index 00000000..ce942644
--- /dev/null
+++ b/vendor/github.com/emersion/go-msgauth/dkim/verify.go
@@ -0,0 +1,462 @@
+package dkim
+
+import (
+	"bufio"
+	"crypto"
+	"crypto/subtle"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+	"unicode"
+)
+
+type permFailError string
+
+func (err permFailError) Error() string {
+	return "dkim: " + string(err)
+}
+
+// IsPermFail returns true if the error returned by Verify is a permanent
+// failure. A permanent failure is for instance a missing required field or a
+// malformed header.
+func IsPermFail(err error) bool {
+	_, ok := err.(permFailError)
+	return ok
+}
+
+type tempFailError string
+
+func (err tempFailError) Error() string {
+	return "dkim: " + string(err)
+}
+
+// IsTempFail returns true if the error returned by Verify is a temporary
+// failure.
+func IsTempFail(err error) bool {
+	_, ok := err.(tempFailError)
+	return ok
+}
+
+type failError string
+
+func (err failError) Error() string {
+	return "dkim: " + string(err)
+}
+
+// isFail returns true if the error returned by Verify is a signature error.
+func isFail(err error) bool {
+	_, ok := err.(failError)
+	return ok
+}
+
+// ErrTooManySignatures is returned by Verify when the message exceeds the
+// maximum number of signatures.
+var ErrTooManySignatures = errors.New("dkim: too many signatures")
+
+var requiredTags = []string{"v", "a", "b", "bh", "d", "h", "s"}
+
+// A Verification is produced by Verify when it checks if one signature is
+// valid. If the signature is valid, Err is nil.
+type Verification struct {
+	// The SDID claiming responsibility for an introduction of a message into the
+	// mail stream.
+	Domain string
+	// The Agent or User Identifier (AUID) on behalf of which the SDID is taking
+	// responsibility.
+	Identifier string
+
+	// The list of signed header fields.
+	HeaderKeys []string
+
+	// The time that this signature was created. If unknown, it's set to zero.
+	Time time.Time
+	// The expiration time. If the signature doesn't expire, it's set to zero.
+	Expiration time.Time
+
+	// Err is nil if the signature is valid.
+	Err error
+}
+
+type signature struct {
+	i int
+	v string
+}
+
+// VerifyOptions allows to customize the default signature verification
+// behavior.
+type VerifyOptions struct {
+	// LookupTXT returns the DNS TXT records for the given domain name. If nil,
+	// net.LookupTXT is used.
+	LookupTXT func(domain string) ([]string, error)
+	// MaxVerifications controls the maximum number of signature verifications
+	// to perform. If more signatures are present, the first MaxVerifications
+	// signatures are verified, the rest are ignored and ErrTooManySignatures
+	// is returned. If zero, there is no maximum.
+	MaxVerifications int
+}
+
+// Verify checks if a message's signatures are valid. It returns one
+// verification per signature.
+//
+// There is no guarantee that the reader will be completely consumed.
+func Verify(r io.Reader) ([]*Verification, error) {
+	return VerifyWithOptions(r, nil)
+}
+
+// VerifyWithOptions performs the same task as Verify, but allows specifying
+// verification options.
+func VerifyWithOptions(r io.Reader, options *VerifyOptions) ([]*Verification, error) {
+	// Read header
+	bufr := bufio.NewReader(r)
+	h, err := readHeader(bufr)
+	if err != nil {
+		return nil, err
+	}
+
+	// Scan header fields for signatures
+	var signatures []*signature
+	for i, kv := range h {
+		k, v := parseHeaderField(kv)
+		if strings.EqualFold(k, headerFieldName) {
+			signatures = append(signatures, &signature{i, v})
+		}
+	}
+
+	tooManySignatures := false
+	if options != nil && options.MaxVerifications > 0 && len(signatures) > options.MaxVerifications {
+		tooManySignatures = true
+		signatures = signatures[:options.MaxVerifications]
+	}
+
+	var verifs []*Verification
+	if len(signatures) == 1 {
+		// If there is only one signature - just verify it.
+		v, err := verify(h, bufr, h[signatures[0].i], signatures[0].v, options)
+		if err != nil && !IsTempFail(err) && !IsPermFail(err) && !isFail(err) {
+			return nil, err
+		}
+		v.Err = err
+		verifs = []*Verification{v}
+	} else {
+		verifs, err = parallelVerify(bufr, h, signatures, options)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if tooManySignatures {
+		return verifs, ErrTooManySignatures
+	}
+	return verifs, nil
+}
+
+func parallelVerify(r io.Reader, h header, signatures []*signature, options *VerifyOptions) ([]*Verification, error) {
+	pipeWriters := make([]*io.PipeWriter, len(signatures))
+	// We can't pass pipeWriter to io.MultiWriter directly,
+	// we need a slice of io.Writer, but we also need *io.PipeWriter
+	// to call Close on it.
+	writers := make([]io.Writer, len(signatures))
+	chans := make([]chan *Verification, len(signatures))
+
+	for i, sig := range signatures {
+		// Be careful with loop variables and goroutines.
+		i, sig := i, sig
+
+		chans[i] = make(chan *Verification, 1)
+
+		pr, pw := io.Pipe()
+		writers[i] = pw
+		pipeWriters[i] = pw
+
+		go func() {
+			v, err := verify(h, pr, h[sig.i], sig.v, options)
+
+			// Make sure we consume the whole reader, otherwise io.Copy on
+			// other side can block forever.
+			io.Copy(ioutil.Discard, pr)
+
+			v.Err = err
+			chans[i] <- v
+		}()
+	}
+
+	if _, err := io.Copy(io.MultiWriter(writers...), r); err != nil {
+		return nil, err
+	}
+	for _, wr := range pipeWriters {
+		wr.Close()
+	}
+
+	verifications := make([]*Verification, len(signatures))
+	for i, ch := range chans {
+		verifications[i] = <-ch
+	}
+
+	// Return unexpected failures as a separate error.
+	for _, v := range verifications {
+		err := v.Err
+		if err != nil && !IsTempFail(err) && !IsPermFail(err) && !isFail(err) {
+			v.Err = nil
+			return verifications, err
+		}
+	}
+	return verifications, nil
+}
+
+func verify(h header, r io.Reader, sigField, sigValue string, options *VerifyOptions) (*Verification, error) {
+	verif := new(Verification)
+
+	params, err := parseHeaderParams(sigValue)
+	if err != nil {
+		return verif, permFailError("malformed signature tags: " + err.Error())
+	}
+
+	if params["v"] != "1" {
+		return verif, permFailError("incompatible signature version")
+	}
+
+	verif.Domain = stripWhitespace(params["d"])
+
+	for _, tag := range requiredTags {
+		if _, ok := params[tag]; !ok {
+			return verif, permFailError("signature missing required tag")
+		}
+	}
+
+	if i, ok := params["i"]; ok {
+		verif.Identifier = stripWhitespace(i)
+		if !strings.HasSuffix(verif.Identifier, "@"+verif.Domain) && !strings.HasSuffix(verif.Identifier, "."+verif.Domain) {
+			return verif, permFailError("domain mismatch")
+		}
+	} else {
+		verif.Identifier = "@" + verif.Domain
+	}
+
+	headerKeys := parseTagList(params["h"])
+	ok := false
+	for _, k := range headerKeys {
+		if strings.EqualFold(k, "from") {
+			ok = true
+			break
+		}
+	}
+	if !ok {
+		return verif, permFailError("From field not signed")
+	}
+	verif.HeaderKeys = headerKeys
+
+	if timeStr, ok := params["t"]; ok {
+		t, err := parseTime(timeStr)
+		if err != nil {
+			return verif, permFailError("malformed time: " + err.Error())
+		}
+		verif.Time = t
+	}
+	if expiresStr, ok := params["x"]; ok {
+		t, err := parseTime(expiresStr)
+		if err != nil {
+			return verif, permFailError("malformed expiration time: " + err.Error())
+		}
+		verif.Expiration = t
+		if now().After(t) {
+			return verif, permFailError("signature has expired")
+		}
+	}
+
+	// Query public key
+	// TODO: compute hash in parallel
+	methods := []string{string(QueryMethodDNSTXT)}
+	if methodsStr, ok := params["q"]; ok {
+		methods = parseTagList(methodsStr)
+	}
+	var res *queryResult
+	for _, method := range methods {
+		if query, ok := queryMethods[QueryMethod(method)]; ok {
+			if options != nil {
+				res, err = query(verif.Domain, stripWhitespace(params["s"]), options.LookupTXT)
+			} else {
+				res, err = query(verif.Domain, stripWhitespace(params["s"]), nil)
+			}
+			break
+		}
+	}
+	if err != nil {
+		return verif, err
+	} else if res == nil {
+		return verif, permFailError("unsupported public key query method")
+	}
+
+	// Parse algos
+	keyAlgo, hashAlgo, ok := strings.Cut(stripWhitespace(params["a"]), "-")
+	if !ok {
+		return verif, permFailError("malformed algorithm name")
+	}
+
+	// Check hash algo
+	if res.HashAlgos != nil {
+		ok := false
+		for _, algo := range res.HashAlgos {
+			if algo == hashAlgo {
+				ok = true
+				break
+			}
+		}
+		if !ok {
+			return verif, permFailError("inappropriate hash algorithm")
+		}
+	}
+	var hash crypto.Hash
+	switch hashAlgo {
+	case "sha1":
+		// RFC 8301 section 3.1: rsa-sha1 MUST NOT be used for signing or
+		// verifying.
+		return verif, permFailError(fmt.Sprintf("hash algorithm too weak: %v", hashAlgo))
+	case "sha256":
+		hash = crypto.SHA256
+	default:
+		return verif, permFailError("unsupported hash algorithm")
+	}
+
+	// Check key algo
+	if res.KeyAlgo != keyAlgo {
+		return verif, permFailError("inappropriate key algorithm")
+	}
+
+	if res.Services != nil {
+		ok := false
+		for _, s := range res.Services {
+			if s == "email" {
+				ok = true
+				break
+			}
+		}
+		if !ok {
+			return verif, permFailError("inappropriate service")
+		}
+	}
+
+	headerCan, bodyCan := parseCanonicalization(params["c"])
+	if _, ok := canonicalizers[headerCan]; !ok {
+		return verif, permFailError("unsupported header canonicalization algorithm")
+	}
+	if _, ok := canonicalizers[bodyCan]; !ok {
+		return verif, permFailError("unsupported body canonicalization algorithm")
+	}
+
+	// The body length "l" parameter is insecure, because it allows parts of
+	// the message body to not be signed. Reject messages which have it set.
+	if _, ok := params["l"]; ok {
+		// TODO: technically should be policyError
+		return verif, failError("message contains an insecure body length tag")
+	}
+
+	// Parse body hash and signature
+	bodyHashed, err := decodeBase64String(params["bh"])
+	if err != nil {
+		return verif, permFailError("malformed body hash: " + err.Error())
+	}
+	sig, err := decodeBase64String(params["b"])
+	if err != nil {
+		return verif, permFailError("malformed signature: " + err.Error())
+	}
+
+	// Check body hash
+	hasher := hash.New()
+	wc := canonicalizers[bodyCan].CanonicalizeBody(hasher)
+	if _, err := io.Copy(wc, r); err != nil {
+		return verif, err
+	}
+	if err := wc.Close(); err != nil {
+		return verif, err
+	}
+	if subtle.ConstantTimeCompare(hasher.Sum(nil), bodyHashed) != 1 {
+		return verif, failError("body hash did not verify")
+	}
+
+	// Compute data hash
+	hasher.Reset()
+	picker := newHeaderPicker(h)
+	for _, key := range headerKeys {
+		kv := picker.Pick(key)
+		if kv == "" {
+			// The field MAY contain names of header fields that do not exist
+			// when signed; nonexistent header fields do not contribute to the
+			// signature computation
+			continue
+		}
+
+		kv = canonicalizers[headerCan].CanonicalizeHeader(kv)
+		if _, err := hasher.Write([]byte(kv)); err != nil {
+			return verif, err
+		}
+	}
+	canSigField := removeSignature(sigField)
+	canSigField = canonicalizers[headerCan].CanonicalizeHeader(canSigField)
+	canSigField = strings.TrimRight(canSigField, "\r\n")
+	if _, err := hasher.Write([]byte(canSigField)); err != nil {
+		return verif, err
+	}
+	hashed := hasher.Sum(nil)
+
+	// Check signature
+	if err := res.Verifier.Verify(hash, hashed, sig); err != nil {
+		return verif, failError("signature did not verify: " + err.Error())
+	}
+
+	return verif, nil
+}
+
+func parseTagList(s string) []string {
+	tags := strings.Split(s, ":")
+	for i, t := range tags {
+		tags[i] = stripWhitespace(t)
+	}
+	return tags
+}
+
+func parseCanonicalization(s string) (headerCan, bodyCan Canonicalization) {
+	headerCan = CanonicalizationSimple
+	bodyCan = CanonicalizationSimple
+
+	cans := strings.SplitN(stripWhitespace(s), "/", 2)
+	if cans[0] != "" {
+		headerCan = Canonicalization(cans[0])
+	}
+	if len(cans) > 1 {
+		bodyCan = Canonicalization(cans[1])
+	}
+	return
+}
+
+func parseTime(s string) (time.Time, error) {
+	sec, err := strconv.ParseInt(stripWhitespace(s), 10, 64)
+	if err != nil {
+		return time.Time{}, err
+	}
+	return time.Unix(sec, 0), nil
+}
+
+func decodeBase64String(s string) ([]byte, error) {
+	return base64.StdEncoding.DecodeString(stripWhitespace(s))
+}
+
+func stripWhitespace(s string) string {
+	return strings.Map(func(r rune) rune {
+		if unicode.IsSpace(r) {
+			return -1
+		}
+		return r
+	}, s)
+}
+
+var sigRegex = regexp.MustCompile(`(b\s*=)[^;]+`)
+
+func removeSignature(s string) string {
+	return sigRegex.ReplaceAllString(s, "$1")
+}
diff --git a/vendor/github.com/ergochat/irc-go/ircmsg/message.go b/vendor/github.com/ergochat/irc-go/ircmsg/message.go
index 7a7e1305..ae27c37b 100644
--- a/vendor/github.com/ergochat/irc-go/ircmsg/message.go
+++ b/vendor/github.com/ergochat/irc-go/ircmsg/message.go
@@ -196,6 +196,15 @@ func trimInitialSpaces(str string) string {
 	return str[i:]
 }
 
+func isASCII(str string) bool {
+	for i := 0; i < len(str); i++ {
+		if str[i] > 127 {
+			return false
+		}
+	}
+	return true
+}
+
 func parseLine(line string, maxTagDataLength int, truncateLen int) (ircmsg Message, err error) {
 	// remove either \n or \r\n from the end of the line:
 	line = strings.TrimSuffix(line, "\n")
@@ -265,11 +274,16 @@ func parseLine(line string, maxTagDataLength int, truncateLen int) (ircmsg Messa
 		commandEnd = len(line)
 		paramStart = len(line)
 	}
-	// normalize command to uppercase:
-	ircmsg.Command = strings.ToUpper(line[:commandEnd])
-	if len(ircmsg.Command) == 0 {
+	baseCommand := line[:commandEnd]
+	if len(baseCommand) == 0 {
 		return ircmsg, ErrorLineIsEmpty
 	}
+	// technically this must be either letters or a 3-digit numeric:
+	if !isASCII(baseCommand) {
+		return ircmsg, ErrorLineContainsBadChar
+	}
+	// normalize command to uppercase:
+	ircmsg.Command = strings.ToUpper(baseCommand)
 	line = line[paramStart:]
 
 	for {
diff --git a/vendor/github.com/ergochat/irc-go/ircutils/sasl.go b/vendor/github.com/ergochat/irc-go/ircutils/sasl.go
new file mode 100644
index 00000000..31d3d0de
--- /dev/null
+++ b/vendor/github.com/ergochat/irc-go/ircutils/sasl.go
@@ -0,0 +1,111 @@
+package ircutils
+
+import (
+	"encoding/base64"
+	"errors"
+)
+
+var (
+	ErrSASLLimitExceeded = errors.New("SASL total response size exceeded configured limit")
+	ErrSASLTooLong       = errors.New("SASL response chunk exceeded 400-byte limit")
+)
+
+// EncodeSASLResponse encodes a raw SASL response as parameters to successive
+// AUTHENTICATE commands, as described in the IRCv3 SASL specification.
+func EncodeSASLResponse(raw []byte) (result []string) {
+	// https://ircv3.net/specs/extensions/sasl-3.1#the-authenticate-command
+	// "The response is encoded in Base64 (RFC 4648), then split to 400-byte chunks,
+	// and each chunk is sent as a separate AUTHENTICATE command. Empty (zero-length)
+	// responses are sent as AUTHENTICATE +. If the last chunk was exactly 400 bytes
+	// long, it must also be followed by AUTHENTICATE + to signal end of response."
+
+	if len(raw) == 0 {
+		return []string{"+"}
+	}
+
+	response := base64.StdEncoding.EncodeToString(raw)
+	result = make([]string, 0, (len(response)/400)+1)
+	lastLen := 0
+	for len(response) > 0 {
+		// TODO once we require go 1.21, this can be: lastLen = min(len(response), 400)
+		lastLen = len(response)
+		if lastLen > 400 {
+			lastLen = 400
+		}
+		result = append(result, response[:lastLen])
+		response = response[lastLen:]
+	}
+
+	if lastLen == 400 {
+		result = append(result, "+")
+	}
+
+	return result
+}
+
+// SASLBuffer handles buffering and decoding SASL responses sent as parameters
+// to AUTHENTICATE commands, as described in the IRCv3 SASL specification.
+// Do not copy a SASLBuffer after first use.
+type SASLBuffer struct {
+	maxLength int
+	buf       []byte
+}
+
+// NewSASLBuffer returns a new SASLBuffer. maxLength is the maximum amount of
+// data to buffer (0 for no limit).
+func NewSASLBuffer(maxLength int) *SASLBuffer {
+	result := new(SASLBuffer)
+	result.Initialize(maxLength)
+	return result
+}
+
+// Initialize initializes a SASLBuffer in place.
+func (b *SASLBuffer) Initialize(maxLength int) {
+	b.maxLength = maxLength
+}
+
+// Add processes an additional SASL response chunk sent via AUTHENTICATE.
+// If the response is complete, it resets the buffer and returns the decoded
+// response along with any decoding or protocol errors detected.
+func (b *SASLBuffer) Add(value string) (done bool, output []byte, err error) {
+	if value == "+" {
+		// total size is a multiple of 400 (possibly 0)
+		output = b.buf
+		b.Clear()
+		return true, output, nil
+	}
+
+	if len(value) > 400 {
+		b.Clear()
+		return true, nil, ErrSASLTooLong
+	}
+
+	curLen := len(b.buf)
+	chunkDecodedLen := base64.StdEncoding.DecodedLen(len(value))
+	if b.maxLength != 0 && (curLen+chunkDecodedLen) > b.maxLength {
+		b.Clear()
+		return true, nil, ErrSASLLimitExceeded
+	}
+
+	// "append-make pattern" as in the bytes.Buffer implementation:
+	b.buf = append(b.buf, make([]byte, chunkDecodedLen)...)
+	n, err := base64.StdEncoding.Decode(b.buf[curLen:], []byte(value))
+	b.buf = b.buf[0 : curLen+n]
+	if err != nil {
+		b.Clear()
+		return true, nil, err
+	}
+	if len(value) < 400 {
+		output = b.buf
+		b.Clear()
+		return true, output, nil
+	} else {
+		return false, nil, nil
+	}
+}
+
+// Clear resets the buffer state.
+func (b *SASLBuffer) Clear() {
+	// we can't reuse this buffer in general since we may have returned it
+	b.buf = nil
+}
diff --git a/vendor/github.com/ergochat/webpush-go/v2/.check-gofmt.sh b/vendor/github.com/ergochat/webpush-go/v2/.check-gofmt.sh
new file mode 100644
index 00000000..48a1aa36
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/.check-gofmt.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+SOURCES="."
+
+if [ "$1" = "--fix" ]; then
+	exec gofmt -s -w $SOURCES
+fi
+
+if [ -n "$(gofmt -s -l $SOURCES)" ]; then
+    echo "Go code is not formatted correctly with \`gofmt -s\`:"
+    gofmt -s -d $SOURCES
+    exit 1
+fi
diff --git a/vendor/github.com/ergochat/webpush-go/v2/.gitignore b/vendor/github.com/ergochat/webpush-go/v2/.gitignore
new file mode 100644
index 00000000..3ab8789b
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/.gitignore
@@ -0,0 +1,6 @@
+vendor/**
+
+.DS_Store
+*.out
+
+*.swp
diff --git a/vendor/github.com/ergochat/webpush-go/v2/CHANGELOG.md b/vendor/github.com/ergochat/webpush-go/v2/CHANGELOG.md
new file mode 100644
index 00000000..7ac1a515
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/CHANGELOG.md
@@ -0,0 +1,14 @@
+# Changelog
+All notable changes to webpush-go will be documented in this file.
+
+## [2.0.0] - 2025-01-16
+
+* Update the `Keys` struct definition to store `Auth` as `[16]byte` and `P256dh` as `*ecdh.PublicKey`
+    * `Keys` can no longer be compared with `==`; use `(*Keys.Equal)` instead
+    * The JSON representation has not changed and is backwards and forwards compatible with v1
+    * `DecodeSubscriptionKeys` is a helper to decode base64-encoded auth and p256dh parameters into a `Keys`, with validation
+* Update the `VAPIDKeys` struct to contain a `(*ecdsa.PrivateKey)`
+    * `VAPIDKeys` can no longer be compared with `==`; use `(*VAPIDKeys).Equal` instead
+    * The JSON representation is now a JSON string containing the PEM of the PKCS8-encoded private key
+    * To parse the legacy representation (raw bytes of the private key encoded in base64), use `DecodeLegacyVAPIDPrivateKey`
+* Renamed `SendNotificationWithContext` to `SendNotification`, removing the earlier `SendNotification` API. (Pass `context.Background()` as the context to restore the former behavior.)
diff --git a/vendor/github.com/ergochat/webpush-go/v2/LICENSE b/vendor/github.com/ergochat/webpush-go/v2/LICENSE
new file mode 100644
index 00000000..161eac77
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016 Ethan Holmes
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/ergochat/webpush-go/v2/Makefile b/vendor/github.com/ergochat/webpush-go/v2/Makefile
new file mode 100644
index 00000000..7b72a66f
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/Makefile
@@ -0,0 +1,6 @@
+.PHONY: test
+
+test:
+	go test .
+	go vet .
+	./.check-gofmt.sh
diff --git a/vendor/github.com/ergochat/webpush-go/v2/README.md b/vendor/github.com/ergochat/webpush-go/v2/README.md
new file mode 100644
index 00000000..80c5e876
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/README.md
@@ -0,0 +1,65 @@
+# webpush-go
+
+[![GoDoc](https://godoc.org/github.com/ergochat/webpush-go?status.svg)](https://godoc.org/github.com/ergochat/webpush-go)
+
+Web Push API Encryption with VAPID support.
+
+This library is a fork of [SherClockHolmes/webpush-go](https://github.com/SherClockHolmes/webpush-go). See CHANGELOG.md for details on migrating from the upstream library.
+
+```bash
+go get -u github.com/ergochat/webpush-go/v2
+```
+
+## Example
+
+For a full example, refer to the code in the [example](example/) directory.
+
+```go
+package main
+
+import (
+	"encoding/json"
+
+	webpush "github.com/ergochat/webpush-go/v2"
+)
+
+func main() {
+	// Decode subscription
+	s := &webpush.Subscription{}
+	json.Unmarshal([]byte("<YOUR_SUBSCRIPTION>"), s)
+	vapidKeys := new(webpush.VAPIDKeys)
+	json.Unmarshal([]byte("<YOUR_VAPID_KEYS">), vapidKeys)
+
+	// Send Notification
+	resp, err := webpush.SendNotification([]byte("Test"), s, &webpush.Options{
+		Subscriber:      "example@example.com",
+		VAPIDKeys:       vapidKeys,
+		TTL:             3600, // seconds
+	})
+	if err != nil {
+		// TODO: Handle error
+	}
+	defer resp.Body.Close()
+}
+```
+
+### Generating VAPID Keys
+
+Use the helper method `GenerateVAPIDKeys` to generate the VAPID key pair.
+
+```golang
+vapidKeys, err := webpush.GenerateVAPIDKeys()
+if err != nil {
+	// TODO: Handle error
+}
+```
+
+## Development
+
+1. Install [Go 1.20+](https://golang.org/)
+2. `go mod vendor`
+3. `go test`
+
+#### For other language implementations visit:
+
+[WebPush Libs](https://github.com/web-push-libs)
diff --git a/vendor/github.com/ergochat/webpush-go/v2/legacy.go b/vendor/github.com/ergochat/webpush-go/v2/legacy.go
new file mode 100644
index 00000000..b151da99
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/legacy.go
@@ -0,0 +1,76 @@
+package webpush
+
+import (
+	"crypto/ecdh"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"encoding/base64"
+	"fmt"
+	"math/big"
+)
+
+// ecdhPublicKeyToECDSA converts an ECDH key to an ECDSA key.
+// This is deprecated as per https://github.com/golang/go/issues/63963
+// but we need to do it in order to parse the legacy private key format.
+func ecdhPublicKeyToECDSA(key *ecdh.PublicKey) (*ecdsa.PublicKey, error) {
+	rawKey := key.Bytes()
+	switch key.Curve() {
+	case ecdh.P256():
+		return &ecdsa.PublicKey{
+			Curve: elliptic.P256(),
+			X:     big.NewInt(0).SetBytes(rawKey[1:33]),
+			Y:     big.NewInt(0).SetBytes(rawKey[33:]),
+		}, nil
+	case ecdh.P384():
+		return &ecdsa.PublicKey{
+			Curve: elliptic.P384(),
+			X:     big.NewInt(0).SetBytes(rawKey[1:49]),
+			Y:     big.NewInt(0).SetBytes(rawKey[49:]),
+		}, nil
+	case ecdh.P521():
+		return &ecdsa.PublicKey{
+			Curve: elliptic.P521(),
+			X:     big.NewInt(0).SetBytes(rawKey[1:67]),
+			Y:     big.NewInt(0).SetBytes(rawKey[67:]),
+		}, nil
+	default:
+		return nil, fmt.Errorf("cannot convert non-NIST *ecdh.PublicKey to *ecdsa.PublicKey")
+	}
+}
+
+func ecdhPrivateKeyToECDSA(key *ecdh.PrivateKey) (*ecdsa.PrivateKey, error) {
+	// see https://github.com/golang/go/issues/63963
+	pubKey, err := ecdhPublicKeyToECDSA(key.PublicKey())
+	if err != nil {
+		return nil, fmt.Errorf("converting PublicKey part of *ecdh.PrivateKey: %w", err)
+	}
+	return &ecdsa.PrivateKey{
+		PublicKey: *pubKey,
+		D:         big.NewInt(0).SetBytes(key.Bytes()),
+	}, nil
+}
+
+// DecodeLegacyVAPIDPrivateKey decodes the legacy string private key format
+// returned by GenerateVAPIDKeys in v1.
+func DecodeLegacyVAPIDPrivateKey(key string) (*VAPIDKeys, error) {
+	bytes, err := decodeSubscriptionKey(key)
+	if err != nil {
+		return nil, err
+	}
+
+	ecdhPrivKey, err := ecdh.P256().NewPrivateKey(bytes)
+	if err != nil {
+		return nil, err
+	}
+
+	ecdsaPrivKey, err := ecdhPrivateKeyToECDSA(ecdhPrivKey)
+	if err != nil {
+		return nil, err
+	}
+
+	publicKey := base64.RawURLEncoding.EncodeToString(ecdhPrivKey.PublicKey().Bytes())
+	return &VAPIDKeys{
+		privateKey: ecdsaPrivKey,
+		publicKey:  publicKey,
+	}, nil
+}
diff --git a/vendor/github.com/ergochat/webpush-go/v2/urgency.go b/vendor/github.com/ergochat/webpush-go/v2/urgency.go
new file mode 100644
index 00000000..97c4a32b
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/urgency.go
@@ -0,0 +1,26 @@
+package webpush
+
+// Urgency indicates to the push service how important a message is to the user.
+// This can be used by the push service to help conserve the battery life of a user's device
+// by only waking up for important messages when battery is low.
+type Urgency string
+
+const (
+	// UrgencyVeryLow requires device state: on power and Wi-Fi
+	UrgencyVeryLow Urgency = "very-low"
+	// UrgencyLow requires device state: on either power or Wi-Fi
+	UrgencyLow Urgency = "low"
+	// UrgencyNormal excludes device state: low battery
+	UrgencyNormal Urgency = "normal"
+	// UrgencyHigh admits device state: low battery
+	UrgencyHigh Urgency = "high"
+)
+
+// Checking allowable values for the urgency header
+func isValidUrgency(urgency Urgency) bool {
+	switch urgency {
+	case UrgencyVeryLow, UrgencyLow, UrgencyNormal, UrgencyHigh:
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/ergochat/webpush-go/v2/vapid.go b/vendor/github.com/ergochat/webpush-go/v2/vapid.go
new file mode 100644
index 00000000..f4b0b536
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/vapid.go
@@ -0,0 +1,177 @@
+package webpush
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	jwt "github.com/golang-jwt/jwt/v5"
+)
+
+// VAPIDKeys is a public-private keypair for use in VAPID.
+// It marshals to a JSON string containing the PEM of the PKCS8
+// of the private key.
+type VAPIDKeys struct {
+	privateKey *ecdsa.PrivateKey
+	publicKey  string // raw bytes encoding in urlsafe base64, as per RFC
+}
+
+// PublicKeyString returns the base64url-encoded uncompressed public key of the keypair,
+// as defined in RFC8292.
+func (v *VAPIDKeys) PublicKeyString() string {
+	return v.publicKey
+}
+
+// PrivateKey returns the private key of the keypair.
+func (v *VAPIDKeys) PrivateKey() *ecdsa.PrivateKey {
+	return v.privateKey
+}
+
+// Equal compares two VAPIDKeys for equality.
+func (v *VAPIDKeys) Equal(o *VAPIDKeys) bool {
+	return v.privateKey.Equal(o.privateKey)
+}
+
+var _ json.Marshaler = (*VAPIDKeys)(nil)
+var _ json.Unmarshaler = (*VAPIDKeys)(nil)
+
+// MarshalJSON implements json.Marshaler, allowing serialization to JSON.
+func (v *VAPIDKeys) MarshalJSON() ([]byte, error) {
+	pkcs8bytes, err := x509.MarshalPKCS8PrivateKey(v.privateKey)
+	if err != nil {
+		return nil, err
+	}
+	pemBlock := pem.Block{
+		Type:  "PRIVATE KEY",
+		Bytes: pkcs8bytes,
+	}
+	pemBytes := pem.EncodeToMemory(&pemBlock)
+	if pemBytes == nil {
+		return nil, fmt.Errorf("could not encode VAPID keys as PEM")
+	}
+	return json.Marshal(string(pemBytes))
+}
+
+// MarshalJSON implements json.Unmarshaler, allowing deserialization from JSON.
+func (v *VAPIDKeys) UnmarshalJSON(b []byte) error {
+	var pemKey string
+	if err := json.Unmarshal(b, &pemKey); err != nil {
+		return err
+	}
+	pemBlock, _ := pem.Decode([]byte(pemKey))
+	if pemBlock == nil {
+		return fmt.Errorf("could not decode PEM block with VAPID keys")
+	}
+	privKey, err := x509.ParsePKCS8PrivateKey(pemBlock.Bytes)
+	if err != nil {
+		return err
+	}
+	privateKey, ok := privKey.(*ecdsa.PrivateKey)
+	if !ok {
+		return fmt.Errorf("Invalid type of private key %T", privateKey)
+	}
+	if privateKey.Curve != elliptic.P256() {
+		return fmt.Errorf("Invalid curve for private key %v", privateKey.Curve)
+	}
+	publicKeyStr, err := makePublicKeyString(privateKey)
+	if err != nil {
+		return err // should not be possible since we confirmed P256 already
+	}
+
+	// success
+	v.privateKey = privateKey
+	v.publicKey = publicKeyStr
+	return nil
+}
+
+// GenerateVAPIDKeys generates a VAPID keypair (an ECDSA keypair on
+// the P-256 curve).
+func GenerateVAPIDKeys() (result *VAPIDKeys, err error) {
+	private, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return
+	}
+
+	pubKeyECDH, err := private.PublicKey.ECDH()
+	if err != nil {
+		return
+	}
+	publicKey := base64.RawURLEncoding.EncodeToString(pubKeyECDH.Bytes())
+
+	return &VAPIDKeys{
+		privateKey: private,
+		publicKey:  publicKey,
+	}, nil
+}
+
+// ECDSAToVAPIDKeys wraps an existing ecdsa.PrivateKey in VAPIDKeys for use in
+// VAPID header signing.
+func ECDSAToVAPIDKeys(privKey *ecdsa.PrivateKey) (result *VAPIDKeys, err error) {
+	if privKey.Curve != elliptic.P256() {
+		return nil, fmt.Errorf("Invalid curve for private key %v", privKey.Curve)
+	}
+	publicKeyString, err := makePublicKeyString(privKey)
+	if err != nil {
+		return nil, err
+	}
+	return &VAPIDKeys{
+		privateKey: privKey,
+		publicKey:  publicKeyString,
+	}, nil
+}
+
+func makePublicKeyString(privKey *ecdsa.PrivateKey) (result string, err error) {
+	// to get the raw bytes we have to convert the public key to *ecdh.PublicKey
+	// this type assertion (from the crypto.PublicKey returned by (*ecdsa.PrivateKey).Public()
+	// to *ecdsa.PublicKey) cannot fail:
+	publicKey, err := privKey.Public().(*ecdsa.PublicKey).ECDH()
+	if err != nil {
+		return // should not be possible if we confirmed P256 already
+	}
+	return base64.RawURLEncoding.EncodeToString(publicKey.Bytes()), nil
+}
+
+// getVAPIDAuthorizationHeader
+func getVAPIDAuthorizationHeader(
+	endpoint string,
+	subscriber string,
+	vapidKeys *VAPIDKeys,
+	expiration time.Time,
+) (string, error) {
+	if expiration.IsZero() {
+		expiration = time.Now().Add(time.Hour * 12)
+	}
+
+	// Create the JWT token
+	subURL, err := url.Parse(endpoint)
+	if err != nil {
+		return "", err
+	}
+
+	// Unless subscriber is an HTTPS URL, assume an e-mail address
+	if !strings.HasPrefix(subscriber, "https:") && !strings.HasPrefix(subscriber, "mailto:") {
+		subscriber = "mailto:" + subscriber
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{
+		"aud": subURL.Scheme + "://" + subURL.Host,
+		"exp": expiration.Unix(),
+		"sub": subscriber,
+	})
+
+	// Sign token with private key
+	jwtString, err := token.SignedString(vapidKeys.privateKey)
+	if err != nil {
+		return "", err
+	}
+
+	return "vapid t=" + jwtString + ", k=" + vapidKeys.publicKey, nil
+}
diff --git a/vendor/github.com/ergochat/webpush-go/v2/webpush.go b/vendor/github.com/ergochat/webpush-go/v2/webpush.go
new file mode 100644
index 00000000..a20d67f0
--- /dev/null
+++ b/vendor/github.com/ergochat/webpush-go/v2/webpush.go
@@ -0,0 +1,323 @@
+package webpush
+
+import (
+	"bytes"
+	"context"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/ecdh"
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/binary"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"golang.org/x/crypto/hkdf"
+)
+
+const MaxRecordSize uint32 = 4096
+
+var (
+	ErrRecordSizeTooSmall = errors.New("record size too small for message")
+
+	invalidAuthKeyLength = errors.New("invalid auth key length (must be 16)")
+
+	defaultHTTPClient HTTPClient = &http.Client{}
+)
+
+// HTTPClient is an interface for sending the notification HTTP request / testing
+type HTTPClient interface {
+	Do(*http.Request) (*http.Response, error)
+}
+
+// Options are config and extra params needed to send a notification
+type Options struct {
+	HTTPClient      HTTPClient // Will replace with *http.Client by default if not included
+	RecordSize      uint32     // Limit the record size
+	Subscriber      string     // Sub in VAPID JWT token
+	Topic           string     // Set the Topic header to collapse a pending messages (Optional)
+	TTL             int        // Set the TTL on the endpoint POST request, in seconds
+	Urgency         Urgency    // Set the Urgency header to change a message priority (Optional)
+	VAPIDKeys       *VAPIDKeys // VAPID public-private keypair to generate the VAPID Authorization header
+	VapidExpiration time.Time  // optional expiration for VAPID JWT token (defaults to now + 12 hours)
+}
+
+// Keys represents a subscription's keys (its ECDH public key on the P-256 curve
+// and its 16-byte authentication secret).
+type Keys struct {
+	Auth   [16]byte
+	P256dh *ecdh.PublicKey
+}
+
+// Equal compares two Keys for equality.
+func (k *Keys) Equal(o Keys) bool {
+	return k.Auth == o.Auth && k.P256dh.Equal(o.P256dh)
+}
+
+var _ json.Marshaler = (*Keys)(nil)
+var _ json.Unmarshaler = (*Keys)(nil)
+
+type marshaledKeys struct {
+	Auth   string `json:"auth"`
+	P256dh string `json:"p256dh"`
+}
+
+// MarshalJSON implements json.Marshaler, allowing serialization to JSON.
+func (k *Keys) MarshalJSON() ([]byte, error) {
+	m := marshaledKeys{
+		Auth:   base64.RawStdEncoding.EncodeToString(k.Auth[:]),
+		P256dh: base64.RawStdEncoding.EncodeToString(k.P256dh.Bytes()),
+	}
+	return json.Marshal(&m)
+}
+
+// MarshalJSON implements json.Unmarshaler, allowing deserialization from JSON.
+func (k *Keys) UnmarshalJSON(b []byte) (err error) {
+	var m marshaledKeys
+	if err := json.Unmarshal(b, &m); err != nil {
+		return err
+	}
+	authBytes, err := decodeSubscriptionKey(m.Auth)
+	if err != nil {
+		return err
+	}
+	if len(authBytes) != 16 {
+		return fmt.Errorf("invalid auth bytes length %d (must be 16)", len(authBytes))
+	}
+	copy(k.Auth[:], authBytes)
+	rawDHKey, err := decodeSubscriptionKey(m.P256dh)
+	if err != nil {
+		return err
+	}
+	k.P256dh, err = ecdh.P256().NewPublicKey(rawDHKey)
+	return err
+}
+
+// DecodeSubscriptionKeys decodes and validates a base64-encoded pair of subscription keys
+// (the authentication secret and ECDH public key).
+func DecodeSubscriptionKeys(auth, p256dh string) (keys Keys, err error) {
+	authBytes, err := decodeSubscriptionKey(auth)
+	if err != nil {
+		return
+	}
+	if len(authBytes) != 16 {
+		err = invalidAuthKeyLength
+		return
+	}
+	copy(keys.Auth[:], authBytes)
+	dhBytes, err := decodeSubscriptionKey(p256dh)
+	if err != nil {
+		return
+	}
+	keys.P256dh, err = ecdh.P256().NewPublicKey(dhBytes)
+	if err != nil {
+		return
+	}
+	return
+}
+
+// Subscription represents a PushSubscription object from the Push API
+type Subscription struct {
+	Endpoint string `json:"endpoint"`
+	Keys     Keys   `json:"keys"`
+}
+
+// SendNotification sends a push notification to a subscription's endpoint,
+// applying encryption (RFC 8291) and adding a VAPID header (RFC 8292).
+func SendNotification(ctx context.Context, message []byte, s *Subscription, options *Options) (*http.Response, error) {
+	// Compose message body (RFC8291 encryption of the message)
+	body, err := EncryptNotification(message, s.Keys, options.RecordSize)
+	if err != nil {
+		return nil, err
+	}
+
+	// Get VAPID Authorization header
+	vapidAuthHeader, err := getVAPIDAuthorizationHeader(
+		s.Endpoint,
+		options.Subscriber,
+		options.VAPIDKeys,
+		options.VapidExpiration,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	// Compose and send the HTTP request
+	return sendNotification(ctx, s.Endpoint, options, vapidAuthHeader, body)
+}
+
+// EncryptNotification implements the encryption algorithm specified by RFC 8291 for web push
+// (RFC 8188's aes128gcm content-encoding, with the key material derived from
+// elliptic curve Diffie-Hellman over the P-256 curve).
+func EncryptNotification(message []byte, keys Keys, recordSize uint32) ([]byte, error) {
+	// Get the record size
+	if recordSize == 0 {
+		recordSize = MaxRecordSize
+	} else if recordSize < 128 {
+		return nil, ErrRecordSizeTooSmall
+	}
+
+	// Allocate buffer to hold the eventual message
+	// [ header block ] [ ciphertext ] [ 16 byte AEAD tag ], totaling RecordSize bytes
+	// the ciphertext is the encryption of: [ message ] [ \x02 ] [ 0 or more \x00 as needed ]
+	recordBuf := make([]byte, recordSize)
+	// remainingBuf tracks our current writing position in recordBuf:
+	remainingBuf := recordBuf
+
+	// Application server key pairs (single use)
+	localPrivateKey, err := ecdh.P256().GenerateKey(rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+	localPublicKey := localPrivateKey.PublicKey()
+
+	// Encryption Content-Coding Header
+	// +-----------+--------+-----------+---------------+
+	// | salt (16) | rs (4) | idlen (1) | keyid (idlen) |
+	// +-----------+--------+-----------+---------------+
+	// in our case the keyid is localPublicKey.Bytes(), so 65 bytes
+	// First, generate the salt
+	_, err = rand.Read(remainingBuf[:16])
+	if err != nil {
+		return nil, err
+	}
+	salt := remainingBuf[:16]
+	remainingBuf = remainingBuf[16:]
+	binary.BigEndian.PutUint32(remainingBuf[:], recordSize)
+	remainingBuf = remainingBuf[4:]
+	localPublicKeyBytes := localPublicKey.Bytes()
+	remainingBuf[0] = byte(len(localPublicKeyBytes))
+	remainingBuf = remainingBuf[1:]
+	copy(remainingBuf[:], localPublicKeyBytes)
+	remainingBuf = remainingBuf[len(localPublicKeyBytes):]
+
+	// Combine application keys with receiver's EC public key to derive ECDH shared secret
+	sharedECDHSecret, err := localPrivateKey.ECDH(keys.P256dh)
+	if err != nil {
+		return nil, fmt.Errorf("deriving shared secret: %w", err)
+	}
+
+	// ikm
+	prkInfoBuf := bytes.NewBuffer([]byte("WebPush: info\x00"))
+	prkInfoBuf.Write(keys.P256dh.Bytes())
+	prkInfoBuf.Write(localPublicKey.Bytes())
+
+	prkHKDF := hkdf.New(sha256.New, sharedECDHSecret, keys.Auth[:], prkInfoBuf.Bytes())
+	ikm, err := getHKDFKey(prkHKDF, 32)
+	if err != nil {
+		return nil, err
+	}
+
+	// Derive Content Encryption Key
+	contentEncryptionKeyInfo := []byte("Content-Encoding: aes128gcm\x00")
+	contentHKDF := hkdf.New(sha256.New, ikm, salt, contentEncryptionKeyInfo)
+	contentEncryptionKey, err := getHKDFKey(contentHKDF, 16)
+	if err != nil {
+		return nil, err
+	}
+
+	// Derive the Nonce
+	nonceInfo := []byte("Content-Encoding: nonce\x00")
+	nonceHKDF := hkdf.New(sha256.New, ikm, salt, nonceInfo)
+	nonce, err := getHKDFKey(nonceHKDF, 12)
+	if err != nil {
+		return nil, err
+	}
+
+	// Cipher
+	c, err := aes.NewCipher(contentEncryptionKey)
+	if err != nil {
+		return nil, err
+	}
+	gcm, err := cipher.NewGCM(c)
+	if err != nil {
+		return nil, err
+	}
+
+	// need 1 byte for the 0x02 delimiter, 16 bytes for the AEAD tag
+	if len(remainingBuf) < len(message)+17 {
+		return nil, ErrRecordSizeTooSmall
+	}
+	// Copy the message plaintext into the buffer
+	copy(remainingBuf[:], message[:])
+	// The plaintext to be encrypted will include the padding delimiter and the padding;
+	// cut off the final 16 bytes that are reserved for the AEAD tag
+	plaintext := remainingBuf[:len(remainingBuf)-16]
+	remainingBuf = remainingBuf[len(message):]
+	// Add padding delimiter
+	remainingBuf[0] = '\x02'
+	remainingBuf = remainingBuf[1:]
+	// The rest of the buffer is already zero-padded
+
+	// Encipher the plaintext in place, then add the AEAD tag at the end.
+	// "To reuse plaintext's storage for the encrypted output, use plaintext[:0]
+	// as dst. Otherwise, the remaining capacity of dst must not overlap plaintext."
+	gcm.Seal(plaintext[:0], nonce, plaintext, nil)
+
+	return recordBuf, nil
+}
+
+func sendNotification(ctx context.Context, endpoint string, options *Options, vapidAuthHeader string, body []byte) (*http.Response, error) {
+	// POST request
+	req, err := http.NewRequest("POST", endpoint, bytes.NewBuffer(body))
+	if err != nil {
+		return nil, err
+	}
+
+	if ctx != nil {
+		req = req.WithContext(ctx)
+	}
+
+	req.Header.Set("Content-Encoding", "aes128gcm")
+	req.Header.Set("Content-Type", "application/octet-stream")
+	req.Header.Set("TTL", strconv.Itoa(options.TTL))
+
+	// Сheck the optional headers
+	if len(options.Topic) > 0 {
+		req.Header.Set("Topic", options.Topic)
+	}
+
+	if isValidUrgency(options.Urgency) {
+		req.Header.Set("Urgency", string(options.Urgency))
+	}
+
+	req.Header.Set("Authorization", vapidAuthHeader)
+
+	// Send the request
+	var client HTTPClient
+	if options.HTTPClient != nil {
+		client = options.HTTPClient
+	} else {
+		client = defaultHTTPClient
+	}
+
+	return client.Do(req)
+}
+
+// decodeSubscriptionKey decodes a base64 subscription key.
+func decodeSubscriptionKey(key string) ([]byte, error) {
+	key = strings.TrimRight(key, "=")
+
+	if strings.IndexByte(key, '+') != -1 || strings.IndexByte(key, '/') != -1 {
+		return base64.RawStdEncoding.DecodeString(key)
+	}
+	return base64.RawURLEncoding.DecodeString(key)
+}
+
+// Returns a key of length "length" given an hkdf function
+func getHKDFKey(hkdf io.Reader, length int) ([]byte, error) {
+	key := make([]byte, length)
+	n, err := io.ReadFull(hkdf, key)
+	if n != len(key) || err != nil {
+		return key, err
+	}
+
+	return key, nil
+}
diff --git a/vendor/github.com/golang-jwt/jwt/MIGRATION_GUIDE.md b/vendor/github.com/golang-jwt/jwt/MIGRATION_GUIDE.md
deleted file mode 100644
index c4efbd2a..00000000
--- a/vendor/github.com/golang-jwt/jwt/MIGRATION_GUIDE.md
+++ /dev/null
@@ -1,22 +0,0 @@
-## Migration Guide (v3.2.1)
-
-Starting from [v3.2.1](https://github.com/golang-jwt/jwt/releases/tag/v3.2.1]), the import path has changed from `github.com/dgrijalva/jwt-go` to `github.com/golang-jwt/jwt`. Future releases will be using the `github.com/golang-jwt/jwt` import path and continue the existing versioning scheme of `v3.x.x+incompatible`. Backwards-compatible patches and fixes will be done on the `v3` release branch, where as new build-breaking features will be developed in a `v4` release, possibly including a SIV-style import path.
-
-### go.mod replacement
-
-In a first step, the easiest way is to use `go mod edit` to issue a replacement.
-
-```
-go mod edit -replace github.com/dgrijalva/jwt-go=github.com/golang-jwt/jwt@v3.2.1+incompatible
-go mod tidy
-```
-
-This will still keep the old import path in your code but replace it with the new package and also introduce a new indirect dependency to `github.com/golang-jwt/jwt`. Try to compile your project; it should still work.
-
-### Cleanup
-
-If your code still consistently builds, you can replace all occurences of `github.com/dgrijalva/jwt-go` with `github.com/golang-jwt/jwt`, either manually or by using tools such as `sed`. Finally, the `replace` directive in the `go.mod` file can be removed.
-
-## Older releases (before v3.2.0)
-
-The original migration guide for older releases can be found at https://github.com/dgrijalva/jwt-go/blob/master/MIGRATION_GUIDE.md.
\ No newline at end of file
diff --git a/vendor/github.com/golang-jwt/jwt/README.md b/vendor/github.com/golang-jwt/jwt/README.md
deleted file mode 100644
index 9b653e46..00000000
--- a/vendor/github.com/golang-jwt/jwt/README.md
+++ /dev/null
@@ -1,113 +0,0 @@
-# jwt-go
-
-[![build](https://github.com/golang-jwt/jwt/actions/workflows/build.yml/badge.svg)](https://github.com/golang-jwt/jwt/actions/workflows/build.yml)
-[![Go Reference](https://pkg.go.dev/badge/github.com/golang-jwt/jwt.svg)](https://pkg.go.dev/github.com/golang-jwt/jwt)
-
-A [go](http://www.golang.org) (or 'golang' for search engine friendliness) implementation of [JSON Web Tokens](https://datatracker.ietf.org/doc/html/rfc7519).
-
-**IMPORT PATH CHANGE:** Starting from [v3.2.1](https://github.com/golang-jwt/jwt/releases/tag/v3.2.1), the import path has changed from `github.com/dgrijalva/jwt-go` to `github.com/golang-jwt/jwt`. After the original author of the library suggested migrating the maintenance of `jwt-go`, a dedicated team of open source maintainers decided to clone the existing library into this repository. See [dgrijalva/jwt-go#462](https://github.com/dgrijalva/jwt-go/issues/462) for a detailed discussion on this topic.
-
-Future releases will be using the `github.com/golang-jwt/jwt` import path and continue the existing versioning scheme of `v3.x.x+incompatible`. Backwards-compatible patches and fixes will be done on the `v3` release branch, where as new build-breaking features will be developed in a `v4` release, possibly including a SIV-style import path.
-
-**SECURITY NOTICE:** Some older versions of Go have a security issue in the crypto/elliptic. Recommendation is to upgrade to at least 1.15 See issue [dgrijalva/jwt-go#216](https://github.com/dgrijalva/jwt-go/issues/216) for more detail.
-
-**SECURITY NOTICE:** It's important that you [validate the `alg` presented is what you expect](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/). This library attempts to make it easy to do the right thing by requiring key types match the expected alg, but you should take the extra step to verify it in your usage.  See the examples provided.
-
-### Supported Go versions
-
-Our support of Go versions is aligned with Go's [version release policy](https://golang.org/doc/devel/release#policy).
-So we will support a major version of Go until there are two newer major releases.
-We no longer support building jwt-go with unsupported Go versions, as these contain security vulnerabilities
-which will not be fixed.
-
-## What the heck is a JWT?
-
-JWT.io has [a great introduction](https://jwt.io/introduction) to JSON Web Tokens.
-
-In short, it's a signed JSON object that does something useful (for example, authentication).  It's commonly used for `Bearer` tokens in Oauth 2.  A token is made of three parts, separated by `.`'s.  The first two parts are JSON objects, that have been [base64url](https://datatracker.ietf.org/doc/html/rfc4648) encoded.  The last part is the signature, encoded the same way.
-
-The first part is called the header.  It contains the necessary information for verifying the last part, the signature.  For example, which encryption method was used for signing and what key was used.
-
-The part in the middle is the interesting bit.  It's called the Claims and contains the actual stuff you care about.  Refer to [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) for information about reserved keys and the proper way to add your own.
-
-## What's in the box?
-
-This library supports the parsing and verification as well as the generation and signing of JWTs.  Current supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.
-
-## Examples
-
-See [the project documentation](https://pkg.go.dev/github.com/golang-jwt/jwt) for examples of usage:
-
-* [Simple example of parsing and validating a token](https://pkg.go.dev/github.com/golang-jwt/jwt#example-Parse-Hmac)
-* [Simple example of building and signing a token](https://pkg.go.dev/github.com/golang-jwt/jwt#example-New-Hmac)
-* [Directory of Examples](https://pkg.go.dev/github.com/golang-jwt/jwt#pkg-examples)
-
-## Extensions
-
-This library publishes all the necessary components for adding your own signing methods.  Simply implement the `SigningMethod` interface and register a factory method using `RegisterSigningMethod`.  
-
-Here's an example of an extension that integrates with multiple Google Cloud Platform signing tools (AppEngine, IAM API, Cloud KMS): https://github.com/someone1/gcp-jwt-go
-
-## Compliance
-
-This library was last reviewed to comply with [RTF 7519](https://datatracker.ietf.org/doc/html/rfc7519) dated May 2015 with a few notable differences:
-
-* In order to protect against accidental use of [Unsecured JWTs](https://datatracker.ietf.org/doc/html/rfc7519#section-6), tokens using `alg=none` will only be accepted if the constant `jwt.UnsafeAllowNoneSignatureType` is provided as the key.
-
-## Project Status & Versioning
-
-This library is considered production ready.  Feedback and feature requests are appreciated.  The API should be considered stable.  There should be very few backwards-incompatible changes outside of major version updates (and only with good reason).
-
-This project uses [Semantic Versioning 2.0.0](http://semver.org).  Accepted pull requests will land on `main`.  Periodically, versions will be tagged from `main`.  You can find all the releases on [the project releases page](https://github.com/golang-jwt/jwt/releases).
-
-While we try to make it obvious when we make breaking changes, there isn't a great mechanism for pushing announcements out to users.  You may want to use this alternative package include: `gopkg.in/golang-jwt/jwt.v3`.  It will do the right thing WRT semantic versioning.
-
-**BREAKING CHANGES:*** 
-* Version 3.0.0 includes _a lot_ of changes from the 2.x line, including a few that break the API.  We've tried to break as few things as possible, so there should just be a few type signature changes.  A full list of breaking changes is available in `VERSION_HISTORY.md`.  See `MIGRATION_GUIDE.md` for more information on updating your code.
-
-## Usage Tips
-
-### Signing vs Encryption
-
-A token is simply a JSON object that is signed by its author. this tells you exactly two things about the data:
-
-* The author of the token was in the possession of the signing secret
-* The data has not been modified since it was signed
-
-It's important to know that JWT does not provide encryption, which means anyone who has access to the token can read its contents. If you need to protect (encrypt) the data, there is a companion spec, `JWE`, that provides this functionality. JWE is currently outside the scope of this library.
-
-### Choosing a Signing Method
-
-There are several signing methods available, and you should probably take the time to learn about the various options before choosing one.  The principal design decision is most likely going to be symmetric vs asymmetric.
-
-Symmetric signing methods, such as HSA, use only a single secret. This is probably the simplest signing method to use since any `[]byte` can be used as a valid secret. They are also slightly computationally faster to use, though this rarely is enough to matter. Symmetric signing methods work the best when both producers and consumers of tokens are trusted, or even the same system. Since the same secret is used to both sign and validate tokens, you can't easily distribute the key for validation.
-
-Asymmetric signing methods, such as RSA, use different keys for signing and verifying tokens. This makes it possible to produce tokens with a private key, and allow any consumer to access the public key for verification.
-
-### Signing Methods and Key Types
-
-Each signing method expects a different object type for its signing keys. See the package documentation for details. Here are the most common ones:
-
-* The [HMAC signing method](https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodHMAC) (`HS256`,`HS384`,`HS512`) expect `[]byte` values for signing and validation
-* The [RSA signing method](https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodRSA) (`RS256`,`RS384`,`RS512`) expect `*rsa.PrivateKey` for signing and `*rsa.PublicKey` for validation
-* The [ECDSA signing method](https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodECDSA) (`ES256`,`ES384`,`ES512`) expect `*ecdsa.PrivateKey` for signing and `*ecdsa.PublicKey` for validation
-
-### JWT and OAuth
-
-It's worth mentioning that OAuth and JWT are not the same thing. A JWT token is simply a signed JSON object. It can be used anywhere such a thing is useful. There is some confusion, though, as JWT is the most common type of bearer token used in OAuth2 authentication.
-
-Without going too far down the rabbit hole, here's a description of the interaction of these technologies:
-
-* OAuth is a protocol for allowing an identity provider to be separate from the service a user is logging in to. For example, whenever you use Facebook to log into a different service (Yelp, Spotify, etc), you are using OAuth.
-* OAuth defines several options for passing around authentication data. One popular method is called a "bearer token". A bearer token is simply a string that _should_ only be held by an authenticated user. Thus, simply presenting this token proves your identity. You can probably derive from here why a JWT might make a good bearer token.
-* Because bearer tokens are used for authentication, it's important they're kept secret. This is why transactions that use bearer tokens typically happen over SSL.
-
-### Troubleshooting
-
-This library uses descriptive error messages whenever possible. If you are not getting the expected result, have a look at the errors. The most common place people get stuck is providing the correct type of key to the parser. See the above section on signing methods and key types.
-
-## More
-
-Documentation can be found [on pkg.go.dev](https://pkg.go.dev/github.com/golang-jwt/jwt).
-
-The command line utility included in this project (cmd/jwt) provides a straightforward example of token creation and parsing as well as a useful tool for debugging your own integration. You'll also find several implementation examples in the documentation.
diff --git a/vendor/github.com/golang-jwt/jwt/claims.go b/vendor/github.com/golang-jwt/jwt/claims.go
deleted file mode 100644
index f1dba3cb..00000000
--- a/vendor/github.com/golang-jwt/jwt/claims.go
+++ /dev/null
@@ -1,146 +0,0 @@
-package jwt
-
-import (
-	"crypto/subtle"
-	"fmt"
-	"time"
-)
-
-// For a type to be a Claims object, it must just have a Valid method that determines
-// if the token is invalid for any supported reason
-type Claims interface {
-	Valid() error
-}
-
-// Structured version of Claims Section, as referenced at
-// https://tools.ietf.org/html/rfc7519#section-4.1
-// See examples for how to use this with your own claim types
-type StandardClaims struct {
-	Audience  string `json:"aud,omitempty"`
-	ExpiresAt int64  `json:"exp,omitempty"`
-	Id        string `json:"jti,omitempty"`
-	IssuedAt  int64  `json:"iat,omitempty"`
-	Issuer    string `json:"iss,omitempty"`
-	NotBefore int64  `json:"nbf,omitempty"`
-	Subject   string `json:"sub,omitempty"`
-}
-
-// Validates time based claims "exp, iat, nbf".
-// There is no accounting for clock skew.
-// As well, if any of the above claims are not in the token, it will still
-// be considered a valid claim.
-func (c StandardClaims) Valid() error {
-	vErr := new(ValidationError)
-	now := TimeFunc().Unix()
-
-	// The claims below are optional, by default, so if they are set to the
-	// default value in Go, let's not fail the verification for them.
-	if !c.VerifyExpiresAt(now, false) {
-		delta := time.Unix(now, 0).Sub(time.Unix(c.ExpiresAt, 0))
-		vErr.Inner = fmt.Errorf("token is expired by %v", delta)
-		vErr.Errors |= ValidationErrorExpired
-	}
-
-	if !c.VerifyIssuedAt(now, false) {
-		vErr.Inner = fmt.Errorf("Token used before issued")
-		vErr.Errors |= ValidationErrorIssuedAt
-	}
-
-	if !c.VerifyNotBefore(now, false) {
-		vErr.Inner = fmt.Errorf("token is not valid yet")
-		vErr.Errors |= ValidationErrorNotValidYet
-	}
-
-	if vErr.valid() {
-		return nil
-	}
-
-	return vErr
-}
-
-// Compares the aud claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (c *StandardClaims) VerifyAudience(cmp string, req bool) bool {
-	return verifyAud([]string{c.Audience}, cmp, req)
-}
-
-// Compares the exp claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (c *StandardClaims) VerifyExpiresAt(cmp int64, req bool) bool {
-	return verifyExp(c.ExpiresAt, cmp, req)
-}
-
-// Compares the iat claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (c *StandardClaims) VerifyIssuedAt(cmp int64, req bool) bool {
-	return verifyIat(c.IssuedAt, cmp, req)
-}
-
-// Compares the iss claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (c *StandardClaims) VerifyIssuer(cmp string, req bool) bool {
-	return verifyIss(c.Issuer, cmp, req)
-}
-
-// Compares the nbf claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (c *StandardClaims) VerifyNotBefore(cmp int64, req bool) bool {
-	return verifyNbf(c.NotBefore, cmp, req)
-}
-
-// ----- helpers
-
-func verifyAud(aud []string, cmp string, required bool) bool {
-	if len(aud) == 0 {
-		return !required
-	}
-	// use a var here to keep constant time compare when looping over a number of claims
-	result := false
-
-	var stringClaims string
-	for _, a := range aud {
-		if subtle.ConstantTimeCompare([]byte(a), []byte(cmp)) != 0 {
-			result = true
-		}
-		stringClaims = stringClaims + a
-	}
-
-	// case where "" is sent in one or many aud claims
-	if len(stringClaims) == 0 {
-		return !required
-	}
-
-	return result
-}
-
-func verifyExp(exp int64, now int64, required bool) bool {
-	if exp == 0 {
-		return !required
-	}
-	return now <= exp
-}
-
-func verifyIat(iat int64, now int64, required bool) bool {
-	if iat == 0 {
-		return !required
-	}
-	return now >= iat
-}
-
-func verifyIss(iss string, cmp string, required bool) bool {
-	if iss == "" {
-		return !required
-	}
-	if subtle.ConstantTimeCompare([]byte(iss), []byte(cmp)) != 0 {
-		return true
-	} else {
-		return false
-	}
-}
-
-func verifyNbf(nbf int64, now int64, required bool) bool {
-	if nbf == 0 {
-		return !required
-	}
-	return now >= nbf
-}
diff --git a/vendor/github.com/golang-jwt/jwt/errors.go b/vendor/github.com/golang-jwt/jwt/errors.go
deleted file mode 100644
index 1c93024a..00000000
--- a/vendor/github.com/golang-jwt/jwt/errors.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package jwt
-
-import (
-	"errors"
-)
-
-// Error constants
-var (
-	ErrInvalidKey      = errors.New("key is invalid")
-	ErrInvalidKeyType  = errors.New("key is of invalid type")
-	ErrHashUnavailable = errors.New("the requested hash function is unavailable")
-)
-
-// The errors that might occur when parsing and validating a token
-const (
-	ValidationErrorMalformed        uint32 = 1 << iota // Token is malformed
-	ValidationErrorUnverifiable                        // Token could not be verified because of signing problems
-	ValidationErrorSignatureInvalid                    // Signature validation failed
-
-	// Standard Claim validation errors
-	ValidationErrorAudience      // AUD validation failed
-	ValidationErrorExpired       // EXP validation failed
-	ValidationErrorIssuedAt      // IAT validation failed
-	ValidationErrorIssuer        // ISS validation failed
-	ValidationErrorNotValidYet   // NBF validation failed
-	ValidationErrorId            // JTI validation failed
-	ValidationErrorClaimsInvalid // Generic claims validation error
-)
-
-// Helper for constructing a ValidationError with a string error message
-func NewValidationError(errorText string, errorFlags uint32) *ValidationError {
-	return &ValidationError{
-		text:   errorText,
-		Errors: errorFlags,
-	}
-}
-
-// The error from Parse if token is not valid
-type ValidationError struct {
-	Inner  error  // stores the error returned by external dependencies, i.e.: KeyFunc
-	Errors uint32 // bitfield.  see ValidationError... constants
-	text   string // errors that do not have a valid error just have text
-}
-
-// Validation error is an error type
-func (e ValidationError) Error() string {
-	if e.Inner != nil {
-		return e.Inner.Error()
-	} else if e.text != "" {
-		return e.text
-	} else {
-		return "token is invalid"
-	}
-}
-
-// No errors
-func (e *ValidationError) valid() bool {
-	return e.Errors == 0
-}
diff --git a/vendor/github.com/golang-jwt/jwt/map_claims.go b/vendor/github.com/golang-jwt/jwt/map_claims.go
deleted file mode 100644
index 72c79f92..00000000
--- a/vendor/github.com/golang-jwt/jwt/map_claims.go
+++ /dev/null
@@ -1,120 +0,0 @@
-package jwt
-
-import (
-	"encoding/json"
-	"errors"
-	// "fmt"
-)
-
-// Claims type that uses the map[string]interface{} for JSON decoding
-// This is the default claims type if you don't supply one
-type MapClaims map[string]interface{}
-
-// VerifyAudience Compares the aud claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (m MapClaims) VerifyAudience(cmp string, req bool) bool {
-	var aud []string
-	switch v := m["aud"].(type) {
-	case string:
-		aud = append(aud, v)
-	case []string:
-		aud = v
-	case []interface{}:
-		for _, a := range v {
-			vs, ok := a.(string)
-			if !ok {
-				return false
-			}
-			aud = append(aud, vs)
-		}
-	}
-	return verifyAud(aud, cmp, req)
-}
-
-// Compares the exp claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool {
-	exp, ok := m["exp"]
-	if !ok {
-		return !req
-	}
-	switch expType := exp.(type) {
-	case float64:
-		return verifyExp(int64(expType), cmp, req)
-	case json.Number:
-		v, _ := expType.Int64()
-		return verifyExp(v, cmp, req)
-	}
-	return false
-}
-
-// Compares the iat claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool {
-	iat, ok := m["iat"]
-	if !ok {
-		return !req
-	}
-	switch iatType := iat.(type) {
-	case float64:
-		return verifyIat(int64(iatType), cmp, req)
-	case json.Number:
-		v, _ := iatType.Int64()
-		return verifyIat(v, cmp, req)
-	}
-	return false
-}
-
-// Compares the iss claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (m MapClaims) VerifyIssuer(cmp string, req bool) bool {
-	iss, _ := m["iss"].(string)
-	return verifyIss(iss, cmp, req)
-}
-
-// Compares the nbf claim against cmp.
-// If required is false, this method will return true if the value matches or is unset
-func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool {
-	nbf, ok := m["nbf"]
-	if !ok {
-		return !req
-	}
-	switch nbfType := nbf.(type) {
-	case float64:
-		return verifyNbf(int64(nbfType), cmp, req)
-	case json.Number:
-		v, _ := nbfType.Int64()
-		return verifyNbf(v, cmp, req)
-	}
-	return false
-}
-
-// Validates time based claims "exp, iat, nbf".
-// There is no accounting for clock skew.
-// As well, if any of the above claims are not in the token, it will still
-// be considered a valid claim.
-func (m MapClaims) Valid() error {
-	vErr := new(ValidationError)
-	now := TimeFunc().Unix()
-
-	if !m.VerifyExpiresAt(now, false) {
-		vErr.Inner = errors.New("Token is expired")
-		vErr.Errors |= ValidationErrorExpired
-	}
-
-	if !m.VerifyIssuedAt(now, false) {
-		vErr.Inner = errors.New("Token used before issued")
-		vErr.Errors |= ValidationErrorIssuedAt
-	}
-
-	if !m.VerifyNotBefore(now, false) {
-		vErr.Inner = errors.New("Token is not valid yet")
-		vErr.Errors |= ValidationErrorNotValidYet
-	}
-
-	if vErr.valid() {
-		return nil
-	}
-
-	return vErr
-}
diff --git a/vendor/github.com/golang-jwt/jwt/parser.go b/vendor/github.com/golang-jwt/jwt/parser.go
deleted file mode 100644
index d6901d9a..00000000
--- a/vendor/github.com/golang-jwt/jwt/parser.go
+++ /dev/null
@@ -1,148 +0,0 @@
-package jwt
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"strings"
-)
-
-type Parser struct {
-	ValidMethods         []string // If populated, only these methods will be considered valid
-	UseJSONNumber        bool     // Use JSON Number format in JSON decoder
-	SkipClaimsValidation bool     // Skip claims validation during token parsing
-}
-
-// Parse, validate, and return a token.
-// keyFunc will receive the parsed token and should return the key for validating.
-// If everything is kosher, err will be nil
-func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
-	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
-}
-
-func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
-	token, parts, err := p.ParseUnverified(tokenString, claims)
-	if err != nil {
-		return token, err
-	}
-
-	// Verify signing method is in the required set
-	if p.ValidMethods != nil {
-		var signingMethodValid = false
-		var alg = token.Method.Alg()
-		for _, m := range p.ValidMethods {
-			if m == alg {
-				signingMethodValid = true
-				break
-			}
-		}
-		if !signingMethodValid {
-			// signing method is not in the listed set
-			return token, NewValidationError(fmt.Sprintf("signing method %v is invalid", alg), ValidationErrorSignatureInvalid)
-		}
-	}
-
-	// Lookup key
-	var key interface{}
-	if keyFunc == nil {
-		// keyFunc was not provided.  short circuiting validation
-		return token, NewValidationError("no Keyfunc was provided.", ValidationErrorUnverifiable)
-	}
-	if key, err = keyFunc(token); err != nil {
-		// keyFunc returned an error
-		if ve, ok := err.(*ValidationError); ok {
-			return token, ve
-		}
-		return token, &ValidationError{Inner: err, Errors: ValidationErrorUnverifiable}
-	}
-
-	vErr := &ValidationError{}
-
-	// Validate Claims
-	if !p.SkipClaimsValidation {
-		if err := token.Claims.Valid(); err != nil {
-
-			// If the Claims Valid returned an error, check if it is a validation error,
-			// If it was another error type, create a ValidationError with a generic ClaimsInvalid flag set
-			if e, ok := err.(*ValidationError); !ok {
-				vErr = &ValidationError{Inner: err, Errors: ValidationErrorClaimsInvalid}
-			} else {
-				vErr = e
-			}
-		}
-	}
-
-	// Perform validation
-	token.Signature = parts[2]
-	if err = token.Method.Verify(strings.Join(parts[0:2], "."), token.Signature, key); err != nil {
-		vErr.Inner = err
-		vErr.Errors |= ValidationErrorSignatureInvalid
-	}
-
-	if vErr.valid() {
-		token.Valid = true
-		return token, nil
-	}
-
-	return token, vErr
-}
-
-// WARNING: Don't use this method unless you know what you're doing
-//
-// This method parses the token but doesn't validate the signature. It's only
-// ever useful in cases where you know the signature is valid (because it has
-// been checked previously in the stack) and you want to extract values from
-// it.
-func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
-	parts = strings.Split(tokenString, ".")
-	if len(parts) != 3 {
-		return nil, parts, NewValidationError("token contains an invalid number of segments", ValidationErrorMalformed)
-	}
-
-	token = &Token{Raw: tokenString}
-
-	// parse Header
-	var headerBytes []byte
-	if headerBytes, err = DecodeSegment(parts[0]); err != nil {
-		if strings.HasPrefix(strings.ToLower(tokenString), "bearer ") {
-			return token, parts, NewValidationError("tokenstring should not contain 'bearer '", ValidationErrorMalformed)
-		}
-		return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
-	}
-	if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
-		return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
-	}
-
-	// parse Claims
-	var claimBytes []byte
-	token.Claims = claims
-
-	if claimBytes, err = DecodeSegment(parts[1]); err != nil {
-		return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
-	}
-	dec := json.NewDecoder(bytes.NewBuffer(claimBytes))
-	if p.UseJSONNumber {
-		dec.UseNumber()
-	}
-	// JSON Decode.  Special case for map type to avoid weird pointer behavior
-	if c, ok := token.Claims.(MapClaims); ok {
-		err = dec.Decode(&c)
-	} else {
-		err = dec.Decode(&claims)
-	}
-	// Handle decode error
-	if err != nil {
-		return token, parts, &ValidationError{Inner: err, Errors: ValidationErrorMalformed}
-	}
-
-	// Lookup signature method
-	if method, ok := token.Header["alg"].(string); ok {
-		if token.Method = GetSigningMethod(method); token.Method == nil {
-			return token, parts, NewValidationError("signing method (alg) is unavailable.", ValidationErrorUnverifiable)
-		}
-	} else {
-		return token, parts, NewValidationError("signing method (alg) is unspecified.", ValidationErrorUnverifiable)
-	}
-
-	return token, parts, nil
-}
diff --git a/vendor/github.com/golang-jwt/jwt/signing_method.go b/vendor/github.com/golang-jwt/jwt/signing_method.go
deleted file mode 100644
index ed1f212b..00000000
--- a/vendor/github.com/golang-jwt/jwt/signing_method.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package jwt
-
-import (
-	"sync"
-)
-
-var signingMethods = map[string]func() SigningMethod{}
-var signingMethodLock = new(sync.RWMutex)
-
-// Implement SigningMethod to add new methods for signing or verifying tokens.
-type SigningMethod interface {
-	Verify(signingString, signature string, key interface{}) error // Returns nil if signature is valid
-	Sign(signingString string, key interface{}) (string, error)    // Returns encoded signature or error
-	Alg() string                                                   // returns the alg identifier for this method (example: 'HS256')
-}
-
-// Register the "alg" name and a factory function for signing method.
-// This is typically done during init() in the method's implementation
-func RegisterSigningMethod(alg string, f func() SigningMethod) {
-	signingMethodLock.Lock()
-	defer signingMethodLock.Unlock()
-
-	signingMethods[alg] = f
-}
-
-// Get a signing method from an "alg" string
-func GetSigningMethod(alg string) (method SigningMethod) {
-	signingMethodLock.RLock()
-	defer signingMethodLock.RUnlock()
-
-	if methodF, ok := signingMethods[alg]; ok {
-		method = methodF()
-	}
-	return
-}
diff --git a/vendor/github.com/golang-jwt/jwt/token.go b/vendor/github.com/golang-jwt/jwt/token.go
deleted file mode 100644
index 6b30ced1..00000000
--- a/vendor/github.com/golang-jwt/jwt/token.go
+++ /dev/null
@@ -1,104 +0,0 @@
-package jwt
-
-import (
-	"encoding/base64"
-	"encoding/json"
-	"strings"
-	"time"
-)
-
-// TimeFunc provides the current time when parsing token to validate "exp" claim (expiration time).
-// You can override it to use another time value.  This is useful for testing or if your
-// server uses a different time zone than your tokens.
-var TimeFunc = time.Now
-
-// Parse methods use this callback function to supply
-// the key for verification.  The function receives the parsed,
-// but unverified Token.  This allows you to use properties in the
-// Header of the token (such as `kid`) to identify which key to use.
-type Keyfunc func(*Token) (interface{}, error)
-
-// A JWT Token.  Different fields will be used depending on whether you're
-// creating or parsing/verifying a token.
-type Token struct {
-	Raw       string                 // The raw token.  Populated when you Parse a token
-	Method    SigningMethod          // The signing method used or to be used
-	Header    map[string]interface{} // The first segment of the token
-	Claims    Claims                 // The second segment of the token
-	Signature string                 // The third segment of the token.  Populated when you Parse a token
-	Valid     bool                   // Is the token valid?  Populated when you Parse/Verify a token
-}
-
-// Create a new Token.  Takes a signing method
-func New(method SigningMethod) *Token {
-	return NewWithClaims(method, MapClaims{})
-}
-
-func NewWithClaims(method SigningMethod, claims Claims) *Token {
-	return &Token{
-		Header: map[string]interface{}{
-			"typ": "JWT",
-			"alg": method.Alg(),
-		},
-		Claims: claims,
-		Method: method,
-	}
-}
-
-// Get the complete, signed token
-func (t *Token) SignedString(key interface{}) (string, error) {
-	var sig, sstr string
-	var err error
-	if sstr, err = t.SigningString(); err != nil {
-		return "", err
-	}
-	if sig, err = t.Method.Sign(sstr, key); err != nil {
-		return "", err
-	}
-	return strings.Join([]string{sstr, sig}, "."), nil
-}
-
-// Generate the signing string.  This is the
-// most expensive part of the whole deal.  Unless you
-// need this for something special, just go straight for
-// the SignedString.
-func (t *Token) SigningString() (string, error) {
-	var err error
-	parts := make([]string, 2)
-	for i := range parts {
-		var jsonValue []byte
-		if i == 0 {
-			if jsonValue, err = json.Marshal(t.Header); err != nil {
-				return "", err
-			}
-		} else {
-			if jsonValue, err = json.Marshal(t.Claims); err != nil {
-				return "", err
-			}
-		}
-
-		parts[i] = EncodeSegment(jsonValue)
-	}
-	return strings.Join(parts, "."), nil
-}
-
-// Parse, validate, and return a token.
-// keyFunc will receive the parsed token and should return the key for validating.
-// If everything is kosher, err will be nil
-func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
-	return new(Parser).Parse(tokenString, keyFunc)
-}
-
-func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
-	return new(Parser).ParseWithClaims(tokenString, claims, keyFunc)
-}
-
-// Encode JWT specific base64url encoding with padding stripped
-func EncodeSegment(seg []byte) string {
-	return base64.RawURLEncoding.EncodeToString(seg)
-}
-
-// Decode JWT specific base64url encoding with padding stripped
-func DecodeSegment(seg string) ([]byte, error) {
-	return base64.RawURLEncoding.DecodeString(seg)
-}
diff --git a/vendor/github.com/golang-jwt/jwt/.gitignore b/vendor/github.com/golang-jwt/jwt/v5/.gitignore
similarity index 100%
rename from vendor/github.com/golang-jwt/jwt/.gitignore
rename to vendor/github.com/golang-jwt/jwt/v5/.gitignore
diff --git a/vendor/github.com/golang-jwt/jwt/LICENSE b/vendor/github.com/golang-jwt/jwt/v5/LICENSE
similarity index 100%
rename from vendor/github.com/golang-jwt/jwt/LICENSE
rename to vendor/github.com/golang-jwt/jwt/v5/LICENSE
diff --git a/vendor/github.com/golang-jwt/jwt/v5/MIGRATION_GUIDE.md b/vendor/github.com/golang-jwt/jwt/v5/MIGRATION_GUIDE.md
new file mode 100644
index 00000000..ff9c57e1
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/MIGRATION_GUIDE.md
@@ -0,0 +1,195 @@
+# Migration Guide (v5.0.0)
+
+Version `v5` contains a major rework of core functionalities in the `jwt-go`
+library. This includes support for several validation options as well as a
+re-design of the `Claims` interface. Lastly, we reworked how errors work under
+the hood, which should provide a better overall developer experience.
+
+Starting from [v5.0.0](https://github.com/golang-jwt/jwt/releases/tag/v5.0.0),
+the import path will be:
+
+    "github.com/golang-jwt/jwt/v5"
+
+For most users, changing the import path *should* suffice. However, since we
+intentionally changed and cleaned some of the public API, existing programs
+might need to be updated. The following sections describe significant changes
+and corresponding updates for existing programs.
+
+## Parsing and Validation Options
+
+Under the hood, a new `Validator` struct takes care of validating the claims. A
+long awaited feature has been the option to fine-tune the validation of tokens.
+This is now possible with several `ParserOption` functions that can be appended
+to most `Parse` functions, such as `ParseWithClaims`. The most important options
+and changes are:
+  * Added `WithLeeway` to support specifying the leeway that is allowed when
+    validating time-based claims, such as `exp` or `nbf`.
+  * Changed default behavior to not check the `iat` claim. Usage of this claim
+    is OPTIONAL according to the JWT RFC. The claim itself is also purely
+    informational according to the RFC, so a strict validation failure is not
+    recommended. If you want to check for sensible values in these claims,
+    please use the `WithIssuedAt` parser option.
+  * Added `WithAudience`, `WithSubject` and `WithIssuer` to support checking for
+    expected `aud`, `sub` and `iss`.
+  * Added `WithStrictDecoding` and `WithPaddingAllowed` options to allow
+    previously global settings to enable base64 strict encoding and the parsing
+    of base64 strings with padding. The latter is strictly speaking against the
+    standard, but unfortunately some of the major identity providers issue some
+    of these incorrect tokens. Both options are disabled by default.
+
+## Changes to the `Claims` interface
+
+### Complete Restructuring
+
+Previously, the claims interface was satisfied with an implementation of a
+`Valid() error` function. This had several issues:
+  * The different claim types (struct claims, map claims, etc.) then contained
+    similar (but not 100 % identical) code of how this validation was done. This
+    lead to a lot of (almost) duplicate code and was hard to maintain
+  * It was not really semantically close to what a "claim" (or a set of claims)
+    really is; which is a list of defined key/value pairs with a certain
+    semantic meaning.
+
+Since all the validation functionality is now extracted into the validator, all
+`VerifyXXX` and `Valid` functions have been removed from the `Claims` interface.
+Instead, the interface now represents a list of getters to retrieve values with
+a specific meaning. This allows us to completely decouple the validation logic
+with the underlying storage representation of the claim, which could be a
+struct, a map or even something stored in a database.
+
+```go
+type Claims interface {
+	GetExpirationTime() (*NumericDate, error)
+	GetIssuedAt() (*NumericDate, error)
+	GetNotBefore() (*NumericDate, error)
+	GetIssuer() (string, error)
+	GetSubject() (string, error)
+	GetAudience() (ClaimStrings, error)
+}
+```
+
+Users that previously directly called the `Valid` function on their claims,
+e.g., to perform validation independently of parsing/verifying a token, can now
+use the `jwt.NewValidator` function to create a `Validator` independently of the
+`Parser`.
+
+```go
+var v = jwt.NewValidator(jwt.WithLeeway(5*time.Second))
+v.Validate(myClaims)
+```
+
+### Supported Claim Types and Removal of `StandardClaims`
+
+The two standard claim types supported by this library, `MapClaims` and
+`RegisteredClaims` both implement the necessary functions of this interface. The
+old `StandardClaims` struct, which has already been deprecated in `v4` is now
+removed.
+
+Users using custom claims, in most cases, will not experience any changes in the
+behavior as long as they embedded `RegisteredClaims`. If they created a new
+claim type from scratch, they now need to implemented the proper getter
+functions.
+
+### Migrating Application Specific Logic of the old `Valid`
+
+Previously, users could override the `Valid` method in a custom claim, for
+example to extend the validation with application-specific claims. However, this
+was always very dangerous, since once could easily disable the standard
+validation and signature checking.
+
+In order to avoid that, while still supporting the use-case, a new
+`ClaimsValidator` interface has been introduced. This interface consists of the
+`Validate() error` function. If the validator sees, that a `Claims` struct
+implements this interface, the errors returned to the `Validate` function will
+be *appended* to the regular standard validation. It is not possible to disable
+the standard validation anymore (even only by accident).
+
+Usage examples can be found in [example_test.go](./example_test.go), to build
+claims structs like the following.
+
+```go
+// MyCustomClaims includes all registered claims, plus Foo.
+type MyCustomClaims struct {
+	Foo string `json:"foo"`
+	jwt.RegisteredClaims
+}
+
+// Validate can be used to execute additional application-specific claims
+// validation.
+func (m MyCustomClaims) Validate() error {
+	if m.Foo != "bar" {
+		return errors.New("must be foobar")
+	}
+
+	return nil
+}
+```
+
+## Changes to the `Token` and `Parser` struct
+
+The previously global functions `DecodeSegment` and `EncodeSegment` were moved
+to the `Parser` and `Token` struct respectively. This will allow us in the
+future to configure the behavior of these two based on options supplied on the
+parser or the token (creation). This also removes two previously global
+variables and moves them to parser options `WithStrictDecoding` and
+`WithPaddingAllowed`.
+
+In order to do that, we had to adjust the way signing methods work. Previously
+they were given a base64 encoded signature in `Verify` and were expected to
+return a base64 encoded version of the signature in `Sign`, both as a `string`.
+However, this made it necessary to have `DecodeSegment` and `EncodeSegment`
+global and was a less than perfect design because we were repeating
+encoding/decoding steps for all signing methods. Now, `Sign` and `Verify`
+operate on a decoded signature as a `[]byte`, which feels more natural for a
+cryptographic operation anyway. Lastly, `Parse` and `SignedString` take care of
+the final encoding/decoding part.
+
+In addition to that, we also changed the `Signature` field on `Token` from a
+`string` to `[]byte` and this is also now populated with the decoded form. This
+is also more consistent, because the other parts of the JWT, mainly `Header` and
+`Claims` were already stored in decoded form in `Token`. Only the signature was
+stored in base64 encoded form, which was redundant with the information in the
+`Raw` field, which contains the complete token as base64.
+
+```go
+type Token struct {
+	Raw       string                 // Raw contains the raw token
+	Method    SigningMethod          // Method is the signing method used or to be used
+	Header    map[string]interface{} // Header is the first segment of the token in decoded form
+	Claims    Claims                 // Claims is the second segment of the token in decoded form
+	Signature []byte                 // Signature is the third segment of the token in decoded form
+	Valid     bool                   // Valid specifies if the token is valid
+}
+```
+
+Most (if not all) of these changes should not impact the normal usage of this
+library. Only users directly accessing the `Signature` field as well as
+developers of custom signing methods should be affected.
+
+# Migration Guide (v4.0.0)
+
+Starting from [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0),
+the import path will be:
+
+    "github.com/golang-jwt/jwt/v4"
+
+The `/v4` version will be backwards compatible with existing `v3.x.y` tags in
+this repo, as well as `github.com/dgrijalva/jwt-go`. For most users this should
+be a drop-in replacement, if you're having troubles migrating, please open an
+issue.
+
+You can replace all occurrences of `github.com/dgrijalva/jwt-go` or
+`github.com/golang-jwt/jwt` with `github.com/golang-jwt/jwt/v4`, either manually
+or by using tools such as `sed` or `gofmt`.
+
+And then you'd typically run:
+
+```
+go get github.com/golang-jwt/jwt/v4
+go mod tidy
+```
+
+# Older releases (before v3.2.0)
+
+The original migration guide for older releases can be found at
+https://github.com/dgrijalva/jwt-go/blob/master/MIGRATION_GUIDE.md.
diff --git a/vendor/github.com/golang-jwt/jwt/v5/README.md b/vendor/github.com/golang-jwt/jwt/v5/README.md
new file mode 100644
index 00000000..0bb636f2
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/README.md
@@ -0,0 +1,167 @@
+# jwt-go
+
+[![build](https://github.com/golang-jwt/jwt/actions/workflows/build.yml/badge.svg)](https://github.com/golang-jwt/jwt/actions/workflows/build.yml)
+[![Go
+Reference](https://pkg.go.dev/badge/github.com/golang-jwt/jwt/v5.svg)](https://pkg.go.dev/github.com/golang-jwt/jwt/v5)
+[![Coverage Status](https://coveralls.io/repos/github/golang-jwt/jwt/badge.svg?branch=main)](https://coveralls.io/github/golang-jwt/jwt?branch=main)
+
+A [go](http://www.golang.org) (or 'golang' for search engine friendliness)
+implementation of [JSON Web
+Tokens](https://datatracker.ietf.org/doc/html/rfc7519).
+
+Starting with [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0)
+this project adds Go module support, but maintains backward compatibility with
+older `v3.x.y` tags and upstream `github.com/dgrijalva/jwt-go`. See the
+[`MIGRATION_GUIDE.md`](./MIGRATION_GUIDE.md) for more information. Version
+v5.0.0 introduces major improvements to the validation of tokens, but is not
+entirely backward compatible. 
+
+> After the original author of the library suggested migrating the maintenance
+> of `jwt-go`, a dedicated team of open source maintainers decided to clone the
+> existing library into this repository. See
+> [dgrijalva/jwt-go#462](https://github.com/dgrijalva/jwt-go/issues/462) for a
+> detailed discussion on this topic.
+
+
+**SECURITY NOTICE:** Some older versions of Go have a security issue in the
+crypto/elliptic. The recommendation is to upgrade to at least 1.15 See issue
+[dgrijalva/jwt-go#216](https://github.com/dgrijalva/jwt-go/issues/216) for more
+detail.
+
+**SECURITY NOTICE:** It's important that you [validate the `alg` presented is
+what you
+expect](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/).
+This library attempts to make it easy to do the right thing by requiring key
+types to match the expected alg, but you should take the extra step to verify it in
+your usage.  See the examples provided.
+
+### Supported Go versions
+
+Our support of Go versions is aligned with Go's [version release
+policy](https://golang.org/doc/devel/release#policy). So we will support a major
+version of Go until there are two newer major releases. We no longer support
+building jwt-go with unsupported Go versions, as these contain security
+vulnerabilities that will not be fixed.
+
+## What the heck is a JWT?
+
+JWT.io has [a great introduction](https://jwt.io/introduction) to JSON Web
+Tokens.
+
+In short, it's a signed JSON object that does something useful (for example,
+authentication).  It's commonly used for `Bearer` tokens in Oauth 2.  A token is
+made of three parts, separated by `.`'s.  The first two parts are JSON objects,
+that have been [base64url](https://datatracker.ietf.org/doc/html/rfc4648)
+encoded.  The last part is the signature, encoded the same way.
+
+The first part is called the header.  It contains the necessary information for
+verifying the last part, the signature.  For example, which encryption method
+was used for signing and what key was used.
+
+The part in the middle is the interesting bit.  It's called the Claims and
+contains the actual stuff you care about.  Refer to [RFC
+7519](https://datatracker.ietf.org/doc/html/rfc7519) for information about
+reserved keys and the proper way to add your own.
+
+## What's in the box?
+
+This library supports the parsing and verification as well as the generation and
+signing of JWTs.  Current supported signing algorithms are HMAC SHA, RSA,
+RSA-PSS, and ECDSA, though hooks are present for adding your own.
+
+## Installation Guidelines
+
+1. To install the jwt package, you first need to have
+   [Go](https://go.dev/doc/install) installed, then you can use the command
+   below to add `jwt-go` as a dependency in your Go program.
+
+```sh
+go get -u github.com/golang-jwt/jwt/v5
+```
+
+2. Import it in your code:
+
+```go
+import "github.com/golang-jwt/jwt/v5"
+```
+
+## Usage
+
+A detailed usage guide, including how to sign and verify tokens can be found on
+our [documentation website](https://golang-jwt.github.io/jwt/usage/create/).
+
+## Examples
+
+See [the project documentation](https://pkg.go.dev/github.com/golang-jwt/jwt/v5)
+for examples of usage:
+
+* [Simple example of parsing and validating a
+  token](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#example-Parse-Hmac)
+* [Simple example of building and signing a
+  token](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#example-New-Hmac)
+* [Directory of
+  Examples](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#pkg-examples)
+
+## Compliance
+
+This library was last reviewed to comply with [RFC
+7519](https://datatracker.ietf.org/doc/html/rfc7519) dated May 2015 with a few
+notable differences:
+
+* In order to protect against accidental use of [Unsecured
+  JWTs](https://datatracker.ietf.org/doc/html/rfc7519#section-6), tokens using
+  `alg=none` will only be accepted if the constant
+  `jwt.UnsafeAllowNoneSignatureType` is provided as the key.
+
+## Project Status & Versioning
+
+This library is considered production ready.  Feedback and feature requests are
+appreciated.  The API should be considered stable.  There should be very few
+backward-incompatible changes outside of major version updates (and only with
+good reason).
+
+This project uses [Semantic Versioning 2.0.0](http://semver.org).  Accepted pull
+requests will land on `main`.  Periodically, versions will be tagged from
+`main`.  You can find all the releases on [the project releases
+page](https://github.com/golang-jwt/jwt/releases).
+
+**BREAKING CHANGES:** A full list of breaking changes is available in
+`VERSION_HISTORY.md`.  See [`MIGRATION_GUIDE.md`](./MIGRATION_GUIDE.md) for more information on updating
+your code.
+
+## Extensions
+
+This library publishes all the necessary components for adding your own signing
+methods or key functions.  Simply implement the `SigningMethod` interface and
+register a factory method using `RegisterSigningMethod` or provide a
+`jwt.Keyfunc`.
+
+A common use case would be integrating with different 3rd party signature
+providers, like key management services from various cloud providers or Hardware
+Security Modules (HSMs) or to implement additional standards.
+
+| Extension | Purpose                                                                                                  | Repo                                       |
+| --------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------ |
+| GCP       | Integrates with multiple Google Cloud Platform signing tools (AppEngine, IAM API, Cloud KMS)             | https://github.com/someone1/gcp-jwt-go     |
+| AWS       | Integrates with AWS Key Management Service, KMS                                                          | https://github.com/matelang/jwt-go-aws-kms |
+| JWKS      | Provides support for JWKS ([RFC 7517](https://datatracker.ietf.org/doc/html/rfc7517)) as a `jwt.Keyfunc` | https://github.com/MicahParks/keyfunc      |
+
+*Disclaimer*: Unless otherwise specified, these integrations are maintained by
+third parties and should not be considered as a primary offer by any of the
+mentioned cloud providers
+
+## More
+
+Go package documentation can be found [on
+pkg.go.dev](https://pkg.go.dev/github.com/golang-jwt/jwt/v5). Additional
+documentation can be found on [our project
+page](https://golang-jwt.github.io/jwt/).
+
+The command line utility included in this project (cmd/jwt) provides a
+straightforward example of token creation and parsing as well as a useful tool
+for debugging your own integration. You'll also find several implementation
+examples in the documentation.
+
+[golang-jwt](https://github.com/orgs/golang-jwt) incorporates a modified version
+of the JWT logo, which is distributed under the terms of the [MIT
+License](https://github.com/jsonwebtoken/jsonwebtoken.github.io/blob/master/LICENSE.txt).
diff --git a/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md b/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
new file mode 100644
index 00000000..2740597f
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+As of November 2024 (and until this document is updated), the latest version `v5` is supported. In critical cases, we might supply back-ported patches for `v4`.
+
+## Reporting a Vulnerability
+
+If you think you found a vulnerability, and even if you are not sure, please report it a [GitHub Security Advisory](https://github.com/golang-jwt/jwt/security/advisories/new). Please try be explicit, describe steps to reproduce the security issue with code example(s).
+
+You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
+
+## Public Discussions
+
+Please avoid publicly discussing a potential security vulnerability.
+
+Let's take this offline and find a solution first, this limits the potential impact as much as possible.
+
+We appreciate your help!
diff --git a/vendor/github.com/golang-jwt/jwt/VERSION_HISTORY.md b/vendor/github.com/golang-jwt/jwt/v5/VERSION_HISTORY.md
similarity index 94%
rename from vendor/github.com/golang-jwt/jwt/VERSION_HISTORY.md
rename to vendor/github.com/golang-jwt/jwt/v5/VERSION_HISTORY.md
index 637f2ba6..b5039e49 100644
--- a/vendor/github.com/golang-jwt/jwt/VERSION_HISTORY.md
+++ b/vendor/github.com/golang-jwt/jwt/v5/VERSION_HISTORY.md
@@ -1,13 +1,19 @@
-## `jwt-go` Version History
+# `jwt-go` Version History
 
-#### 3.2.2
+The following version history is kept for historic purposes. To retrieve the current changes of each version, please refer to the change-log of the specific release versions on https://github.com/golang-jwt/jwt/releases.
+
+## 4.0.0
+
+* Introduces support for Go modules. The `v4` version will be backwards compatible with `v3.x.y`.
+
+## 3.2.2
 
 * Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16 ([#28](https://github.com/golang-jwt/jwt/pull/28)).
 * Fixed a potential issue that could occur when the verification of `exp`, `iat` or `nbf` was not required and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork ([#40](https://github.com/golang-jwt/jwt/pull/40)).
 * Added support for EdDSA / ED25519 ([#36](https://github.com/golang-jwt/jwt/pull/36)).
 * Optimized allocations ([#33](https://github.com/golang-jwt/jwt/pull/33)).
 
-#### 3.2.1
+## 3.2.1
 
 * **Import Path Change**: See MIGRATION_GUIDE.md for tips on updating your code
 	* Changed the import path from `github.com/dgrijalva/jwt-go` to `github.com/golang-jwt/jwt`
@@ -113,17 +119,17 @@ It is likely the only integration change required here will be to change `func(t
 * Refactored the RSA implementation to be easier to read
 * Exposed helper methods `ParseRSAPrivateKeyFromPEM` and `ParseRSAPublicKeyFromPEM`
 
-#### 1.0.2
+## 1.0.2
 
 * Fixed bug in parsing public keys from certificates
 * Added more tests around the parsing of keys for RS256
 * Code refactoring in RS256 implementation.  No functional changes
 
-#### 1.0.1
+## 1.0.1
 
 * Fixed panic if RS256 signing method was passed an invalid key
 
-#### 1.0.0
+## 1.0.0
 
 * First versioned release
 * API stabilized
diff --git a/vendor/github.com/golang-jwt/jwt/v5/claims.go b/vendor/github.com/golang-jwt/jwt/v5/claims.go
new file mode 100644
index 00000000..d50ff3da
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/claims.go
@@ -0,0 +1,16 @@
+package jwt
+
+// Claims represent any form of a JWT Claims Set according to
+// https://datatracker.ietf.org/doc/html/rfc7519#section-4. In order to have a
+// common basis for validation, it is required that an implementation is able to
+// supply at least the claim names provided in
+// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1 namely `exp`,
+// `iat`, `nbf`, `iss`, `sub` and `aud`.
+type Claims interface {
+	GetExpirationTime() (*NumericDate, error)
+	GetIssuedAt() (*NumericDate, error)
+	GetNotBefore() (*NumericDate, error)
+	GetIssuer() (string, error)
+	GetSubject() (string, error)
+	GetAudience() (ClaimStrings, error)
+}
diff --git a/vendor/github.com/golang-jwt/jwt/doc.go b/vendor/github.com/golang-jwt/jwt/v5/doc.go
similarity index 100%
rename from vendor/github.com/golang-jwt/jwt/doc.go
rename to vendor/github.com/golang-jwt/jwt/v5/doc.go
diff --git a/vendor/github.com/golang-jwt/jwt/ecdsa.go b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
similarity index 83%
rename from vendor/github.com/golang-jwt/jwt/ecdsa.go
rename to vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
index 15e23435..c929e4a0 100644
--- a/vendor/github.com/golang-jwt/jwt/ecdsa.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
@@ -13,7 +13,7 @@ var (
 	ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
 )
 
-// Implements the ECDSA family of signing methods signing methods
+// SigningMethodECDSA implements the ECDSA family of signing methods.
 // Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification
 type SigningMethodECDSA struct {
 	Name      string
@@ -53,24 +53,16 @@ func (m *SigningMethodECDSA) Alg() string {
 	return m.Name
 }
 
-// Implements the Verify method from SigningMethod
+// Verify implements token verification for the SigningMethod.
 // For this verify method, key must be an ecdsa.PublicKey struct
-func (m *SigningMethodECDSA) Verify(signingString, signature string, key interface{}) error {
-	var err error
-
-	// Decode the signature
-	var sig []byte
-	if sig, err = DecodeSegment(signature); err != nil {
-		return err
-	}
-
+func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interface{}) error {
 	// Get the key
 	var ecdsaKey *ecdsa.PublicKey
 	switch k := key.(type) {
 	case *ecdsa.PublicKey:
 		ecdsaKey = k
 	default:
-		return ErrInvalidKeyType
+		return newError("ECDSA verify expects *ecdsa.PublicKey", ErrInvalidKeyType)
 	}
 
 	if len(sig) != 2*m.KeySize {
@@ -95,21 +87,21 @@ func (m *SigningMethodECDSA) Verify(signingString, signature string, key interfa
 	return ErrECDSAVerification
 }
 
-// Implements the Sign method from SigningMethod
+// Sign implements token signing for the SigningMethod.
 // For this signing method, key must be an ecdsa.PrivateKey struct
-func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string, error) {
+func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte, error) {
 	// Get the key
 	var ecdsaKey *ecdsa.PrivateKey
 	switch k := key.(type) {
 	case *ecdsa.PrivateKey:
 		ecdsaKey = k
 	default:
-		return "", ErrInvalidKeyType
+		return nil, newError("ECDSA sign expects *ecdsa.PrivateKey", ErrInvalidKeyType)
 	}
 
 	// Create the hasher
 	if !m.Hash.Available() {
-		return "", ErrHashUnavailable
+		return nil, ErrHashUnavailable
 	}
 
 	hasher := m.Hash.New()
@@ -120,7 +112,7 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string
 		curveBits := ecdsaKey.Curve.Params().BitSize
 
 		if m.CurveBits != curveBits {
-			return "", ErrInvalidKey
+			return nil, ErrInvalidKey
 		}
 
 		keyBytes := curveBits / 8
@@ -135,8 +127,8 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string
 		r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output.
 		s.FillBytes(out[keyBytes:])  // s is assigned to the second half of output.
 
-		return EncodeSegment(out), nil
+		return out, nil
 	} else {
-		return "", err
+		return nil, err
 	}
 }
diff --git a/vendor/github.com/golang-jwt/jwt/ecdsa_utils.go b/vendor/github.com/golang-jwt/jwt/v5/ecdsa_utils.go
similarity index 81%
rename from vendor/github.com/golang-jwt/jwt/ecdsa_utils.go
rename to vendor/github.com/golang-jwt/jwt/v5/ecdsa_utils.go
index db9f4be7..5700636d 100644
--- a/vendor/github.com/golang-jwt/jwt/ecdsa_utils.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/ecdsa_utils.go
@@ -8,11 +8,11 @@ import (
 )
 
 var (
-	ErrNotECPublicKey  = errors.New("Key is not a valid ECDSA public key")
-	ErrNotECPrivateKey = errors.New("Key is not a valid ECDSA private key")
+	ErrNotECPublicKey  = errors.New("key is not a valid ECDSA public key")
+	ErrNotECPrivateKey = errors.New("key is not a valid ECDSA private key")
 )
 
-// Parse PEM encoded Elliptic Curve Private Key Structure
+// ParseECPrivateKeyFromPEM parses a PEM encoded Elliptic Curve Private Key Structure
 func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) {
 	var err error
 
@@ -39,7 +39,7 @@ func ParseECPrivateKeyFromPEM(key []byte) (*ecdsa.PrivateKey, error) {
 	return pkey, nil
 }
 
-// Parse PEM encoded PKCS1 or PKCS8 public key
+// ParseECPublicKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 public key
 func ParseECPublicKeyFromPEM(key []byte) (*ecdsa.PublicKey, error) {
 	var err error
 
diff --git a/vendor/github.com/golang-jwt/jwt/ed25519.go b/vendor/github.com/golang-jwt/jwt/v5/ed25519.go
similarity index 52%
rename from vendor/github.com/golang-jwt/jwt/ed25519.go
rename to vendor/github.com/golang-jwt/jwt/v5/ed25519.go
index a2f8ddbe..c2138119 100644
--- a/vendor/github.com/golang-jwt/jwt/ed25519.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/ed25519.go
@@ -1,16 +1,17 @@
 package jwt
 
 import (
-	"errors"
-
+	"crypto"
 	"crypto/ed25519"
+	"crypto/rand"
+	"errors"
 )
 
 var (
 	ErrEd25519Verification = errors.New("ed25519: verification error")
 )
 
-// Implements the EdDSA family
+// SigningMethodEd25519 implements the EdDSA family.
 // Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification
 type SigningMethodEd25519 struct{}
 
@@ -30,27 +31,20 @@ func (m *SigningMethodEd25519) Alg() string {
 	return "EdDSA"
 }
 
-// Implements the Verify method from SigningMethod
+// Verify implements token verification for the SigningMethod.
 // For this verify method, key must be an ed25519.PublicKey
-func (m *SigningMethodEd25519) Verify(signingString, signature string, key interface{}) error {
-	var err error
+func (m *SigningMethodEd25519) Verify(signingString string, sig []byte, key interface{}) error {
 	var ed25519Key ed25519.PublicKey
 	var ok bool
 
 	if ed25519Key, ok = key.(ed25519.PublicKey); !ok {
-		return ErrInvalidKeyType
+		return newError("Ed25519 verify expects ed25519.PublicKey", ErrInvalidKeyType)
 	}
 
 	if len(ed25519Key) != ed25519.PublicKeySize {
 		return ErrInvalidKey
 	}
 
-	// Decode the signature
-	var sig []byte
-	if sig, err = DecodeSegment(signature); err != nil {
-		return err
-	}
-
 	// Verify the signature
 	if !ed25519.Verify(ed25519Key, []byte(signingString), sig) {
 		return ErrEd25519Verification
@@ -59,23 +53,27 @@ func (m *SigningMethodEd25519) Verify(signingString, signature string, key inter
 	return nil
 }
 
-// Implements the Sign method from SigningMethod
+// Sign implements token signing for the SigningMethod.
 // For this signing method, key must be an ed25519.PrivateKey
-func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) {
-	var ed25519Key ed25519.PrivateKey
+func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) ([]byte, error) {
+	var ed25519Key crypto.Signer
 	var ok bool
 
-	if ed25519Key, ok = key.(ed25519.PrivateKey); !ok {
-		return "", ErrInvalidKeyType
+	if ed25519Key, ok = key.(crypto.Signer); !ok {
+		return nil, newError("Ed25519 sign expects crypto.Signer", ErrInvalidKeyType)
 	}
 
-	// ed25519.Sign panics if private key not equal to ed25519.PrivateKeySize
-	// this allows to avoid recover usage
-	if len(ed25519Key) != ed25519.PrivateKeySize {
-		return "", ErrInvalidKey
+	if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok {
+		return nil, ErrInvalidKey
 	}
 
-	// Sign the string and return the encoded result
-	sig := ed25519.Sign(ed25519Key, []byte(signingString))
-	return EncodeSegment(sig), nil
+	// Sign the string and return the result. ed25519 performs a two-pass hash
+	// as part of its algorithm. Therefore, we need to pass a non-prehashed
+	// message into the Sign function, as indicated by crypto.Hash(0)
+	sig, err := ed25519Key.Sign(rand.Reader, []byte(signingString), crypto.Hash(0))
+	if err != nil {
+		return nil, err
+	}
+
+	return sig, nil
 }
diff --git a/vendor/github.com/golang-jwt/jwt/ed25519_utils.go b/vendor/github.com/golang-jwt/jwt/v5/ed25519_utils.go
similarity index 80%
rename from vendor/github.com/golang-jwt/jwt/ed25519_utils.go
rename to vendor/github.com/golang-jwt/jwt/v5/ed25519_utils.go
index c6357275..cdb5e68e 100644
--- a/vendor/github.com/golang-jwt/jwt/ed25519_utils.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/ed25519_utils.go
@@ -9,11 +9,11 @@ import (
 )
 
 var (
-	ErrNotEdPrivateKey = errors.New("Key is not a valid Ed25519 private key")
-	ErrNotEdPublicKey  = errors.New("Key is not a valid Ed25519 public key")
+	ErrNotEdPrivateKey = errors.New("key is not a valid Ed25519 private key")
+	ErrNotEdPublicKey  = errors.New("key is not a valid Ed25519 public key")
 )
 
-// Parse PEM-encoded Edwards curve private key
+// ParseEdPrivateKeyFromPEM parses a PEM-encoded Edwards curve private key
 func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) {
 	var err error
 
@@ -38,7 +38,7 @@ func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) {
 	return pkey, nil
 }
 
-// Parse PEM-encoded Edwards curve public key
+// ParseEdPublicKeyFromPEM parses a PEM-encoded Edwards curve public key
 func ParseEdPublicKeyFromPEM(key []byte) (crypto.PublicKey, error) {
 	var err error
 
diff --git a/vendor/github.com/golang-jwt/jwt/v5/errors.go b/vendor/github.com/golang-jwt/jwt/v5/errors.go
new file mode 100644
index 00000000..23bb616d
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/errors.go
@@ -0,0 +1,49 @@
+package jwt
+
+import (
+	"errors"
+	"strings"
+)
+
+var (
+	ErrInvalidKey                = errors.New("key is invalid")
+	ErrInvalidKeyType            = errors.New("key is of invalid type")
+	ErrHashUnavailable           = errors.New("the requested hash function is unavailable")
+	ErrTokenMalformed            = errors.New("token is malformed")
+	ErrTokenUnverifiable         = errors.New("token is unverifiable")
+	ErrTokenSignatureInvalid     = errors.New("token signature is invalid")
+	ErrTokenRequiredClaimMissing = errors.New("token is missing required claim")
+	ErrTokenInvalidAudience      = errors.New("token has invalid audience")
+	ErrTokenExpired              = errors.New("token is expired")
+	ErrTokenUsedBeforeIssued     = errors.New("token used before issued")
+	ErrTokenInvalidIssuer        = errors.New("token has invalid issuer")
+	ErrTokenInvalidSubject       = errors.New("token has invalid subject")
+	ErrTokenNotValidYet          = errors.New("token is not valid yet")
+	ErrTokenInvalidId            = errors.New("token has invalid id")
+	ErrTokenInvalidClaims        = errors.New("token has invalid claims")
+	ErrInvalidType               = errors.New("invalid type for claim")
+)
+
+// joinedError is an error type that works similar to what [errors.Join]
+// produces, with the exception that it has a nice error string; mainly its
+// error messages are concatenated using a comma, rather than a newline.
+type joinedError struct {
+	errs []error
+}
+
+func (je joinedError) Error() string {
+	msg := []string{}
+	for _, err := range je.errs {
+		msg = append(msg, err.Error())
+	}
+
+	return strings.Join(msg, ", ")
+}
+
+// joinErrors joins together multiple errors. Useful for scenarios where
+// multiple errors next to each other occur, e.g., in claims validation.
+func joinErrors(errs ...error) error {
+	return &joinedError{
+		errs: errs,
+	}
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v5/errors_go1_20.go b/vendor/github.com/golang-jwt/jwt/v5/errors_go1_20.go
new file mode 100644
index 00000000..a893d355
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/errors_go1_20.go
@@ -0,0 +1,47 @@
+//go:build go1.20
+// +build go1.20
+
+package jwt
+
+import (
+	"fmt"
+)
+
+// Unwrap implements the multiple error unwrapping for this error type, which is
+// possible in Go 1.20.
+func (je joinedError) Unwrap() []error {
+	return je.errs
+}
+
+// newError creates a new error message with a detailed error message. The
+// message will be prefixed with the contents of the supplied error type.
+// Additionally, more errors, that provide more context can be supplied which
+// will be appended to the message. This makes use of Go 1.20's possibility to
+// include more than one %w formatting directive in [fmt.Errorf].
+//
+// For example,
+//
+//	newError("no keyfunc was provided", ErrTokenUnverifiable)
+//
+// will produce the error string
+//
+//	"token is unverifiable: no keyfunc was provided"
+func newError(message string, err error, more ...error) error {
+	var format string
+	var args []any
+	if message != "" {
+		format = "%w: %s"
+		args = []any{err, message}
+	} else {
+		format = "%w"
+		args = []any{err}
+	}
+
+	for _, e := range more {
+		format += ": %w"
+		args = append(args, e)
+	}
+
+	err = fmt.Errorf(format, args...)
+	return err
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v5/errors_go_other.go b/vendor/github.com/golang-jwt/jwt/v5/errors_go_other.go
new file mode 100644
index 00000000..2ad542f0
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/errors_go_other.go
@@ -0,0 +1,78 @@
+//go:build !go1.20
+// +build !go1.20
+
+package jwt
+
+import (
+	"errors"
+	"fmt"
+)
+
+// Is implements checking for multiple errors using [errors.Is], since multiple
+// error unwrapping is not possible in versions less than Go 1.20.
+func (je joinedError) Is(err error) bool {
+	for _, e := range je.errs {
+		if errors.Is(e, err) {
+			return true
+		}
+	}
+
+	return false
+}
+
+// wrappedErrors is a workaround for wrapping multiple errors in environments
+// where Go 1.20 is not available. It basically uses the already implemented
+// functionality of joinedError to handle multiple errors with supplies a
+// custom error message that is identical to the one we produce in Go 1.20 using
+// multiple %w directives.
+type wrappedErrors struct {
+	msg string
+	joinedError
+}
+
+// Error returns the stored error string
+func (we wrappedErrors) Error() string {
+	return we.msg
+}
+
+// newError creates a new error message with a detailed error message. The
+// message will be prefixed with the contents of the supplied error type.
+// Additionally, more errors, that provide more context can be supplied which
+// will be appended to the message. Since we cannot use of Go 1.20's possibility
+// to include more than one %w formatting directive in [fmt.Errorf], we have to
+// emulate that.
+//
+// For example,
+//
+//	newError("no keyfunc was provided", ErrTokenUnverifiable)
+//
+// will produce the error string
+//
+//	"token is unverifiable: no keyfunc was provided"
+func newError(message string, err error, more ...error) error {
+	// We cannot wrap multiple errors here with %w, so we have to be a little
+	// bit creative. Basically, we are using %s instead of %w to produce the
+	// same error message and then throw the result into a custom error struct.
+	var format string
+	var args []any
+	if message != "" {
+		format = "%s: %s"
+		args = []any{err, message}
+	} else {
+		format = "%s"
+		args = []any{err}
+	}
+	errs := []error{err}
+
+	for _, e := range more {
+		format += ": %s"
+		args = append(args, e)
+		errs = append(errs, e)
+	}
+
+	err = &wrappedErrors{
+		msg:         fmt.Sprintf(format, args...),
+		joinedError: joinedError{errs: errs},
+	}
+	return err
+}
diff --git a/vendor/github.com/golang-jwt/jwt/hmac.go b/vendor/github.com/golang-jwt/jwt/v5/hmac.go
similarity index 53%
rename from vendor/github.com/golang-jwt/jwt/hmac.go
rename to vendor/github.com/golang-jwt/jwt/v5/hmac.go
index addbe5d4..aca600ce 100644
--- a/vendor/github.com/golang-jwt/jwt/hmac.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/hmac.go
@@ -6,7 +6,7 @@ import (
 	"errors"
 )
 
-// Implements the HMAC-SHA family of signing methods signing methods
+// SigningMethodHMAC implements the HMAC-SHA family of signing methods.
 // Expects key type of []byte for both signing and validation
 type SigningMethodHMAC struct {
 	Name string
@@ -45,18 +45,21 @@ func (m *SigningMethodHMAC) Alg() string {
 	return m.Name
 }
 
-// Verify the signature of HSXXX tokens.  Returns nil if the signature is valid.
-func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error {
+// Verify implements token verification for the SigningMethod. Returns nil if
+// the signature is valid. Key must be []byte.
+//
+// Note it is not advised to provide a []byte which was converted from a 'human
+// readable' string using a subset of ASCII characters. To maximize entropy, you
+// should ideally be providing a []byte key which was produced from a
+// cryptographically random source, e.g. crypto/rand. Additional information
+// about this, and why we intentionally are not supporting string as a key can
+// be found on our usage guide
+// https://golang-jwt.github.io/jwt/usage/signing_methods/#signing-methods-and-key-types.
+func (m *SigningMethodHMAC) Verify(signingString string, sig []byte, key interface{}) error {
 	// Verify the key is the right type
 	keyBytes, ok := key.([]byte)
 	if !ok {
-		return ErrInvalidKeyType
-	}
-
-	// Decode signature, for comparison
-	sig, err := DecodeSegment(signature)
-	if err != nil {
-		return err
+		return newError("HMAC verify expects []byte", ErrInvalidKeyType)
 	}
 
 	// Can we use the specified hashing method?
@@ -77,19 +80,25 @@ func (m *SigningMethodHMAC) Verify(signingString, signature string, key interfac
 	return nil
 }
 
-// Implements the Sign method from SigningMethod for this signing method.
-// Key must be []byte
-func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) (string, error) {
+// Sign implements token signing for the SigningMethod. Key must be []byte.
+//
+// Note it is not advised to provide a []byte which was converted from a 'human
+// readable' string using a subset of ASCII characters. To maximize entropy, you
+// should ideally be providing a []byte key which was produced from a
+// cryptographically random source, e.g. crypto/rand. Additional information
+// about this, and why we intentionally are not supporting string as a key can
+// be found on our usage guide https://golang-jwt.github.io/jwt/usage/signing_methods/.
+func (m *SigningMethodHMAC) Sign(signingString string, key interface{}) ([]byte, error) {
 	if keyBytes, ok := key.([]byte); ok {
 		if !m.Hash.Available() {
-			return "", ErrHashUnavailable
+			return nil, ErrHashUnavailable
 		}
 
 		hasher := hmac.New(m.Hash.New, keyBytes)
 		hasher.Write([]byte(signingString))
 
-		return EncodeSegment(hasher.Sum(nil)), nil
+		return hasher.Sum(nil), nil
 	}
 
-	return "", ErrInvalidKeyType
+	return nil, newError("HMAC sign expects []byte", ErrInvalidKeyType)
 }
diff --git a/vendor/github.com/golang-jwt/jwt/v5/map_claims.go b/vendor/github.com/golang-jwt/jwt/v5/map_claims.go
new file mode 100644
index 00000000..b2b51a1f
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/map_claims.go
@@ -0,0 +1,109 @@
+package jwt
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// MapClaims is a claims type that uses the map[string]interface{} for JSON
+// decoding. This is the default claims type if you don't supply one
+type MapClaims map[string]interface{}
+
+// GetExpirationTime implements the Claims interface.
+func (m MapClaims) GetExpirationTime() (*NumericDate, error) {
+	return m.parseNumericDate("exp")
+}
+
+// GetNotBefore implements the Claims interface.
+func (m MapClaims) GetNotBefore() (*NumericDate, error) {
+	return m.parseNumericDate("nbf")
+}
+
+// GetIssuedAt implements the Claims interface.
+func (m MapClaims) GetIssuedAt() (*NumericDate, error) {
+	return m.parseNumericDate("iat")
+}
+
+// GetAudience implements the Claims interface.
+func (m MapClaims) GetAudience() (ClaimStrings, error) {
+	return m.parseClaimsString("aud")
+}
+
+// GetIssuer implements the Claims interface.
+func (m MapClaims) GetIssuer() (string, error) {
+	return m.parseString("iss")
+}
+
+// GetSubject implements the Claims interface.
+func (m MapClaims) GetSubject() (string, error) {
+	return m.parseString("sub")
+}
+
+// parseNumericDate tries to parse a key in the map claims type as a number
+// date. This will succeed, if the underlying type is either a [float64] or a
+// [json.Number]. Otherwise, nil will be returned.
+func (m MapClaims) parseNumericDate(key string) (*NumericDate, error) {
+	v, ok := m[key]
+	if !ok {
+		return nil, nil
+	}
+
+	switch exp := v.(type) {
+	case float64:
+		if exp == 0 {
+			return nil, nil
+		}
+
+		return newNumericDateFromSeconds(exp), nil
+	case json.Number:
+		v, _ := exp.Float64()
+
+		return newNumericDateFromSeconds(v), nil
+	}
+
+	return nil, newError(fmt.Sprintf("%s is invalid", key), ErrInvalidType)
+}
+
+// parseClaimsString tries to parse a key in the map claims type as a
+// [ClaimsStrings] type, which can either be a string or an array of string.
+func (m MapClaims) parseClaimsString(key string) (ClaimStrings, error) {
+	var cs []string
+	switch v := m[key].(type) {
+	case string:
+		cs = append(cs, v)
+	case []string:
+		cs = v
+	case []interface{}:
+		for _, a := range v {
+			vs, ok := a.(string)
+			if !ok {
+				return nil, newError(fmt.Sprintf("%s is invalid", key), ErrInvalidType)
+			}
+			cs = append(cs, vs)
+		}
+	}
+
+	return cs, nil
+}
+
+// parseString tries to parse a key in the map claims type as a [string] type.
+// If the key does not exist, an empty string is returned. If the key has the
+// wrong type, an error is returned.
+func (m MapClaims) parseString(key string) (string, error) {
+	var (
+		ok  bool
+		raw interface{}
+		iss string
+	)
+	raw, ok = m[key]
+	if !ok {
+		return "", nil
+	}
+
+	iss, ok = raw.(string)
+	if !ok {
+		return "", newError(fmt.Sprintf("%s is invalid", key), ErrInvalidType)
+	}
+
+	return iss, nil
+}
diff --git a/vendor/github.com/golang-jwt/jwt/none.go b/vendor/github.com/golang-jwt/jwt/v5/none.go
similarity index 68%
rename from vendor/github.com/golang-jwt/jwt/none.go
rename to vendor/github.com/golang-jwt/jwt/v5/none.go
index f04d189d..685c2ea3 100644
--- a/vendor/github.com/golang-jwt/jwt/none.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/none.go
@@ -1,6 +1,6 @@
 package jwt
 
-// Implements the none signing method.  This is required by the spec
+// SigningMethodNone implements the none signing method.  This is required by the spec
 // but you probably should never use it.
 var SigningMethodNone *signingMethodNone
 
@@ -13,7 +13,7 @@ type unsafeNoneMagicConstant string
 
 func init() {
 	SigningMethodNone = &signingMethodNone{}
-	NoneSignatureTypeDisallowedError = NewValidationError("'none' signature type is not allowed", ValidationErrorSignatureInvalid)
+	NoneSignatureTypeDisallowedError = newError("'none' signature type is not allowed", ErrTokenUnverifiable)
 
 	RegisterSigningMethod(SigningMethodNone.Alg(), func() SigningMethod {
 		return SigningMethodNone
@@ -25,18 +25,15 @@ func (m *signingMethodNone) Alg() string {
 }
 
 // Only allow 'none' alg type if UnsafeAllowNoneSignatureType is specified as the key
-func (m *signingMethodNone) Verify(signingString, signature string, key interface{}) (err error) {
+func (m *signingMethodNone) Verify(signingString string, sig []byte, key interface{}) (err error) {
 	// Key must be UnsafeAllowNoneSignatureType to prevent accidentally
 	// accepting 'none' signing method
 	if _, ok := key.(unsafeNoneMagicConstant); !ok {
 		return NoneSignatureTypeDisallowedError
 	}
 	// If signing method is none, signature must be an empty string
-	if signature != "" {
-		return NewValidationError(
-			"'none' signing method with non-empty signature",
-			ValidationErrorSignatureInvalid,
-		)
+	if len(sig) != 0 {
+		return newError("'none' signing method with non-empty signature", ErrTokenUnverifiable)
 	}
 
 	// Accept 'none' signing method.
@@ -44,9 +41,10 @@ func (m *signingMethodNone) Verify(signingString, signature string, key interfac
 }
 
 // Only allow 'none' signing if UnsafeAllowNoneSignatureType is specified as the key
-func (m *signingMethodNone) Sign(signingString string, key interface{}) (string, error) {
+func (m *signingMethodNone) Sign(signingString string, key interface{}) ([]byte, error) {
 	if _, ok := key.(unsafeNoneMagicConstant); ok {
-		return "", nil
+		return []byte{}, nil
 	}
-	return "", NoneSignatureTypeDisallowedError
+
+	return nil, NoneSignatureTypeDisallowedError
 }
diff --git a/vendor/github.com/golang-jwt/jwt/v5/parser.go b/vendor/github.com/golang-jwt/jwt/v5/parser.go
new file mode 100644
index 00000000..054c7eb6
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/parser.go
@@ -0,0 +1,268 @@
+package jwt
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+const tokenDelimiter = "."
+
+type Parser struct {
+	// If populated, only these methods will be considered valid.
+	validMethods []string
+
+	// Use JSON Number format in JSON decoder.
+	useJSONNumber bool
+
+	// Skip claims validation during token parsing.
+	skipClaimsValidation bool
+
+	validator *Validator
+
+	decodeStrict bool
+
+	decodePaddingAllowed bool
+}
+
+// NewParser creates a new Parser with the specified options
+func NewParser(options ...ParserOption) *Parser {
+	p := &Parser{
+		validator: &Validator{},
+	}
+
+	// Loop through our parsing options and apply them
+	for _, option := range options {
+		option(p)
+	}
+
+	return p
+}
+
+// Parse parses, validates, verifies the signature and returns the parsed token.
+// keyFunc will receive the parsed token and should return the key for validating.
+func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
+	return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc)
+}
+
+// ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims
+// interface. This provides default values which can be overridden and allows a caller to use their own type, rather
+// than the default MapClaims implementation of Claims.
+//
+// Note: If you provide a custom claim implementation that embeds one of the standard claims (such as RegisteredClaims),
+// make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the
+// proper memory for it before passing in the overall claims, otherwise you might run into a panic.
+func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) {
+	token, parts, err := p.ParseUnverified(tokenString, claims)
+	if err != nil {
+		return token, err
+	}
+
+	// Verify signing method is in the required set
+	if p.validMethods != nil {
+		var signingMethodValid = false
+		var alg = token.Method.Alg()
+		for _, m := range p.validMethods {
+			if m == alg {
+				signingMethodValid = true
+				break
+			}
+		}
+		if !signingMethodValid {
+			// signing method is not in the listed set
+			return token, newError(fmt.Sprintf("signing method %v is invalid", alg), ErrTokenSignatureInvalid)
+		}
+	}
+
+	// Decode signature
+	token.Signature, err = p.DecodeSegment(parts[2])
+	if err != nil {
+		return token, newError("could not base64 decode signature", ErrTokenMalformed, err)
+	}
+	text := strings.Join(parts[0:2], ".")
+
+	// Lookup key(s)
+	if keyFunc == nil {
+		// keyFunc was not provided.  short circuiting validation
+		return token, newError("no keyfunc was provided", ErrTokenUnverifiable)
+	}
+
+	got, err := keyFunc(token)
+	if err != nil {
+		return token, newError("error while executing keyfunc", ErrTokenUnverifiable, err)
+	}
+
+	switch have := got.(type) {
+	case VerificationKeySet:
+		if len(have.Keys) == 0 {
+			return token, newError("keyfunc returned empty verification key set", ErrTokenUnverifiable)
+		}
+		// Iterate through keys and verify signature, skipping the rest when a match is found.
+		// Return the last error if no match is found.
+		for _, key := range have.Keys {
+			if err = token.Method.Verify(text, token.Signature, key); err == nil {
+				break
+			}
+		}
+	default:
+		err = token.Method.Verify(text, token.Signature, have)
+	}
+	if err != nil {
+		return token, newError("", ErrTokenSignatureInvalid, err)
+	}
+
+	// Validate Claims
+	if !p.skipClaimsValidation {
+		// Make sure we have at least a default validator
+		if p.validator == nil {
+			p.validator = NewValidator()
+		}
+
+		if err := p.validator.Validate(claims); err != nil {
+			return token, newError("", ErrTokenInvalidClaims, err)
+		}
+	}
+
+	// No errors so far, token is valid.
+	token.Valid = true
+
+	return token, nil
+}
+
+// ParseUnverified parses the token but doesn't validate the signature.
+//
+// WARNING: Don't use this method unless you know what you're doing.
+//
+// It's only ever useful in cases where you know the signature is valid (since it has already
+// been or will be checked elsewhere in the stack) and you want to extract values from it.
+func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token, parts []string, err error) {
+	var ok bool
+	parts, ok = splitToken(tokenString)
+	if !ok {
+		return nil, nil, newError("token contains an invalid number of segments", ErrTokenMalformed)
+	}
+
+	token = &Token{Raw: tokenString}
+
+	// parse Header
+	var headerBytes []byte
+	if headerBytes, err = p.DecodeSegment(parts[0]); err != nil {
+		return token, parts, newError("could not base64 decode header", ErrTokenMalformed, err)
+	}
+	if err = json.Unmarshal(headerBytes, &token.Header); err != nil {
+		return token, parts, newError("could not JSON decode header", ErrTokenMalformed, err)
+	}
+
+	// parse Claims
+	token.Claims = claims
+
+	claimBytes, err := p.DecodeSegment(parts[1])
+	if err != nil {
+		return token, parts, newError("could not base64 decode claim", ErrTokenMalformed, err)
+	}
+
+	// If `useJSONNumber` is enabled then we must use *json.Decoder to decode
+	// the claims. However, this comes with a performance penalty so only use
+	// it if we must and, otherwise, simple use json.Unmarshal.
+	if !p.useJSONNumber {
+		// JSON Unmarshal. Special case for map type to avoid weird pointer behavior.
+		if c, ok := token.Claims.(MapClaims); ok {
+			err = json.Unmarshal(claimBytes, &c)
+		} else {
+			err = json.Unmarshal(claimBytes, &claims)
+		}
+	} else {
+		dec := json.NewDecoder(bytes.NewBuffer(claimBytes))
+		dec.UseNumber()
+		// JSON Decode. Special case for map type to avoid weird pointer behavior.
+		if c, ok := token.Claims.(MapClaims); ok {
+			err = dec.Decode(&c)
+		} else {
+			err = dec.Decode(&claims)
+		}
+	}
+	if err != nil {
+		return token, parts, newError("could not JSON decode claim", ErrTokenMalformed, err)
+	}
+
+	// Lookup signature method
+	if method, ok := token.Header["alg"].(string); ok {
+		if token.Method = GetSigningMethod(method); token.Method == nil {
+			return token, parts, newError("signing method (alg) is unavailable", ErrTokenUnverifiable)
+		}
+	} else {
+		return token, parts, newError("signing method (alg) is unspecified", ErrTokenUnverifiable)
+	}
+
+	return token, parts, nil
+}
+
+// splitToken splits a token string into three parts: header, claims, and signature. It will only
+// return true if the token contains exactly two delimiters and three parts. In all other cases, it
+// will return nil parts and false.
+func splitToken(token string) ([]string, bool) {
+	parts := make([]string, 3)
+	header, remain, ok := strings.Cut(token, tokenDelimiter)
+	if !ok {
+		return nil, false
+	}
+	parts[0] = header
+	claims, remain, ok := strings.Cut(remain, tokenDelimiter)
+	if !ok {
+		return nil, false
+	}
+	parts[1] = claims
+	// One more cut to ensure the signature is the last part of the token and there are no more
+	// delimiters. This avoids an issue where malicious input could contain additional delimiters
+	// causing unecessary overhead parsing tokens.
+	signature, _, unexpected := strings.Cut(remain, tokenDelimiter)
+	if unexpected {
+		return nil, false
+	}
+	parts[2] = signature
+
+	return parts, true
+}
+
+// DecodeSegment decodes a JWT specific base64url encoding. This function will
+// take into account whether the [Parser] is configured with additional options,
+// such as [WithStrictDecoding] or [WithPaddingAllowed].
+func (p *Parser) DecodeSegment(seg string) ([]byte, error) {
+	encoding := base64.RawURLEncoding
+
+	if p.decodePaddingAllowed {
+		if l := len(seg) % 4; l > 0 {
+			seg += strings.Repeat("=", 4-l)
+		}
+		encoding = base64.URLEncoding
+	}
+
+	if p.decodeStrict {
+		encoding = encoding.Strict()
+	}
+	return encoding.DecodeString(seg)
+}
+
+// Parse parses, validates, verifies the signature and returns the parsed token.
+// keyFunc will receive the parsed token and should return the cryptographic key
+// for verifying the signature. The caller is strongly encouraged to set the
+// WithValidMethods option to validate the 'alg' claim in the token matches the
+// expected algorithm. For more details about the importance of validating the
+// 'alg' claim, see
+// https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
+func Parse(tokenString string, keyFunc Keyfunc, options ...ParserOption) (*Token, error) {
+	return NewParser(options...).Parse(tokenString, keyFunc)
+}
+
+// ParseWithClaims is a shortcut for NewParser().ParseWithClaims().
+//
+// Note: If you provide a custom claim implementation that embeds one of the
+// standard claims (such as RegisteredClaims), make sure that a) you either
+// embed a non-pointer version of the claims or b) if you are using a pointer,
+// allocate the proper memory for it before passing in the overall claims,
+// otherwise you might run into a panic.
+func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc, options ...ParserOption) (*Token, error) {
+	return NewParser(options...).ParseWithClaims(tokenString, claims, keyFunc)
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v5/parser_option.go b/vendor/github.com/golang-jwt/jwt/v5/parser_option.go
new file mode 100644
index 00000000..88a780fb
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/parser_option.go
@@ -0,0 +1,128 @@
+package jwt
+
+import "time"
+
+// ParserOption is used to implement functional-style options that modify the
+// behavior of the parser. To add new options, just create a function (ideally
+// beginning with With or Without) that returns an anonymous function that takes
+// a *Parser type as input and manipulates its configuration accordingly.
+type ParserOption func(*Parser)
+
+// WithValidMethods is an option to supply algorithm methods that the parser
+// will check. Only those methods will be considered valid. It is heavily
+// encouraged to use this option in order to prevent attacks such as
+// https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/.
+func WithValidMethods(methods []string) ParserOption {
+	return func(p *Parser) {
+		p.validMethods = methods
+	}
+}
+
+// WithJSONNumber is an option to configure the underlying JSON parser with
+// UseNumber.
+func WithJSONNumber() ParserOption {
+	return func(p *Parser) {
+		p.useJSONNumber = true
+	}
+}
+
+// WithoutClaimsValidation is an option to disable claims validation. This
+// option should only be used if you exactly know what you are doing.
+func WithoutClaimsValidation() ParserOption {
+	return func(p *Parser) {
+		p.skipClaimsValidation = true
+	}
+}
+
+// WithLeeway returns the ParserOption for specifying the leeway window.
+func WithLeeway(leeway time.Duration) ParserOption {
+	return func(p *Parser) {
+		p.validator.leeway = leeway
+	}
+}
+
+// WithTimeFunc returns the ParserOption for specifying the time func. The
+// primary use-case for this is testing. If you are looking for a way to account
+// for clock-skew, WithLeeway should be used instead.
+func WithTimeFunc(f func() time.Time) ParserOption {
+	return func(p *Parser) {
+		p.validator.timeFunc = f
+	}
+}
+
+// WithIssuedAt returns the ParserOption to enable verification
+// of issued-at.
+func WithIssuedAt() ParserOption {
+	return func(p *Parser) {
+		p.validator.verifyIat = true
+	}
+}
+
+// WithExpirationRequired returns the ParserOption to make exp claim required.
+// By default exp claim is optional.
+func WithExpirationRequired() ParserOption {
+	return func(p *Parser) {
+		p.validator.requireExp = true
+	}
+}
+
+// WithAudience configures the validator to require the specified audience in
+// the `aud` claim. Validation will fail if the audience is not listed in the
+// token or the `aud` claim is missing.
+//
+// NOTE: While the `aud` claim is OPTIONAL in a JWT, the handling of it is
+// application-specific. Since this validation API is helping developers in
+// writing secure application, we decided to REQUIRE the existence of the claim,
+// if an audience is expected.
+func WithAudience(aud string) ParserOption {
+	return func(p *Parser) {
+		p.validator.expectedAud = aud
+	}
+}
+
+// WithIssuer configures the validator to require the specified issuer in the
+// `iss` claim. Validation will fail if a different issuer is specified in the
+// token or the `iss` claim is missing.
+//
+// NOTE: While the `iss` claim is OPTIONAL in a JWT, the handling of it is
+// application-specific. Since this validation API is helping developers in
+// writing secure application, we decided to REQUIRE the existence of the claim,
+// if an issuer is expected.
+func WithIssuer(iss string) ParserOption {
+	return func(p *Parser) {
+		p.validator.expectedIss = iss
+	}
+}
+
+// WithSubject configures the validator to require the specified subject in the
+// `sub` claim. Validation will fail if a different subject is specified in the
+// token or the `sub` claim is missing.
+//
+// NOTE: While the `sub` claim is OPTIONAL in a JWT, the handling of it is
+// application-specific. Since this validation API is helping developers in
+// writing secure application, we decided to REQUIRE the existence of the claim,
+// if a subject is expected.
+func WithSubject(sub string) ParserOption {
+	return func(p *Parser) {
+		p.validator.expectedSub = sub
+	}
+}
+
+// WithPaddingAllowed will enable the codec used for decoding JWTs to allow
+// padding. Note that the JWS RFC7515 states that the tokens will utilize a
+// Base64url encoding with no padding. Unfortunately, some implementations of
+// JWT are producing non-standard tokens, and thus require support for decoding.
+func WithPaddingAllowed() ParserOption {
+	return func(p *Parser) {
+		p.decodePaddingAllowed = true
+	}
+}
+
+// WithStrictDecoding will switch the codec used for decoding JWTs into strict
+// mode. In this mode, the decoder requires that trailing padding bits are zero,
+// as described in RFC 4648 section 3.5.
+func WithStrictDecoding() ParserOption {
+	return func(p *Parser) {
+		p.decodeStrict = true
+	}
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v5/registered_claims.go b/vendor/github.com/golang-jwt/jwt/v5/registered_claims.go
new file mode 100644
index 00000000..77951a53
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/registered_claims.go
@@ -0,0 +1,63 @@
+package jwt
+
+// RegisteredClaims are a structured version of the JWT Claims Set,
+// restricted to Registered Claim Names, as referenced at
+// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
+//
+// This type can be used on its own, but then additional private and
+// public claims embedded in the JWT will not be parsed. The typical use-case
+// therefore is to embedded this in a user-defined claim type.
+//
+// See examples for how to use this with your own claim types.
+type RegisteredClaims struct {
+	// the `iss` (Issuer) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1
+	Issuer string `json:"iss,omitempty"`
+
+	// the `sub` (Subject) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2
+	Subject string `json:"sub,omitempty"`
+
+	// the `aud` (Audience) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3
+	Audience ClaimStrings `json:"aud,omitempty"`
+
+	// the `exp` (Expiration Time) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4
+	ExpiresAt *NumericDate `json:"exp,omitempty"`
+
+	// the `nbf` (Not Before) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5
+	NotBefore *NumericDate `json:"nbf,omitempty"`
+
+	// the `iat` (Issued At) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6
+	IssuedAt *NumericDate `json:"iat,omitempty"`
+
+	// the `jti` (JWT ID) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7
+	ID string `json:"jti,omitempty"`
+}
+
+// GetExpirationTime implements the Claims interface.
+func (c RegisteredClaims) GetExpirationTime() (*NumericDate, error) {
+	return c.ExpiresAt, nil
+}
+
+// GetNotBefore implements the Claims interface.
+func (c RegisteredClaims) GetNotBefore() (*NumericDate, error) {
+	return c.NotBefore, nil
+}
+
+// GetIssuedAt implements the Claims interface.
+func (c RegisteredClaims) GetIssuedAt() (*NumericDate, error) {
+	return c.IssuedAt, nil
+}
+
+// GetAudience implements the Claims interface.
+func (c RegisteredClaims) GetAudience() (ClaimStrings, error) {
+	return c.Audience, nil
+}
+
+// GetIssuer implements the Claims interface.
+func (c RegisteredClaims) GetIssuer() (string, error) {
+	return c.Issuer, nil
+}
+
+// GetSubject implements the Claims interface.
+func (c RegisteredClaims) GetSubject() (string, error) {
+	return c.Subject, nil
+}
diff --git a/vendor/github.com/golang-jwt/jwt/rsa.go b/vendor/github.com/golang-jwt/jwt/v5/rsa.go
similarity index 77%
rename from vendor/github.com/golang-jwt/jwt/rsa.go
rename to vendor/github.com/golang-jwt/jwt/v5/rsa.go
index e4caf1ca..83cbee6a 100644
--- a/vendor/github.com/golang-jwt/jwt/rsa.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/rsa.go
@@ -6,7 +6,7 @@ import (
 	"crypto/rsa"
 )
 
-// Implements the RSA family of signing methods signing methods
+// SigningMethodRSA implements the RSA family of signing methods.
 // Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
 type SigningMethodRSA struct {
 	Name string
@@ -44,22 +44,14 @@ func (m *SigningMethodRSA) Alg() string {
 	return m.Name
 }
 
-// Implements the Verify method from SigningMethod
+// Verify implements token verification for the SigningMethod
 // For this signing method, must be an *rsa.PublicKey structure.
-func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {
-	var err error
-
-	// Decode the signature
-	var sig []byte
-	if sig, err = DecodeSegment(signature); err != nil {
-		return err
-	}
-
+func (m *SigningMethodRSA) Verify(signingString string, sig []byte, key interface{}) error {
 	var rsaKey *rsa.PublicKey
 	var ok bool
 
 	if rsaKey, ok = key.(*rsa.PublicKey); !ok {
-		return ErrInvalidKeyType
+		return newError("RSA verify expects *rsa.PublicKey", ErrInvalidKeyType)
 	}
 
 	// Create hasher
@@ -73,20 +65,20 @@ func (m *SigningMethodRSA) Verify(signingString, signature string, key interface
 	return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
 }
 
-// Implements the Sign method from SigningMethod
+// Sign implements token signing for the SigningMethod
 // For this signing method, must be an *rsa.PrivateKey structure.
-func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {
+func (m *SigningMethodRSA) Sign(signingString string, key interface{}) ([]byte, error) {
 	var rsaKey *rsa.PrivateKey
 	var ok bool
 
 	// Validate type of key
 	if rsaKey, ok = key.(*rsa.PrivateKey); !ok {
-		return "", ErrInvalidKey
+		return nil, newError("RSA sign expects *rsa.PrivateKey", ErrInvalidKeyType)
 	}
 
 	// Create the hasher
 	if !m.Hash.Available() {
-		return "", ErrHashUnavailable
+		return nil, ErrHashUnavailable
 	}
 
 	hasher := m.Hash.New()
@@ -94,8 +86,8 @@ func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string,
 
 	// Sign the string and return the encoded bytes
 	if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil {
-		return EncodeSegment(sigBytes), nil
+		return sigBytes, nil
 	} else {
-		return "", err
+		return nil, err
 	}
 }
diff --git a/vendor/github.com/golang-jwt/jwt/rsa_pss.go b/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go
similarity index 83%
rename from vendor/github.com/golang-jwt/jwt/rsa_pss.go
rename to vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go
index c0147086..28c386ec 100644
--- a/vendor/github.com/golang-jwt/jwt/rsa_pss.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/rsa_pss.go
@@ -1,3 +1,4 @@
+//go:build go1.4
 // +build go1.4
 
 package jwt
@@ -8,7 +9,7 @@ import (
 	"crypto/rsa"
 )
 
-// Implements the RSAPSS family of signing methods signing methods
+// SigningMethodRSAPSS implements the RSAPSS family of signing methods signing methods
 type SigningMethodRSAPSS struct {
 	*SigningMethodRSA
 	Options *rsa.PSSOptions
@@ -79,23 +80,15 @@ func init() {
 	})
 }
 
-// Implements the Verify method from SigningMethod
+// Verify implements token verification for the SigningMethod.
 // For this verify method, key must be an rsa.PublicKey struct
-func (m *SigningMethodRSAPSS) Verify(signingString, signature string, key interface{}) error {
-	var err error
-
-	// Decode the signature
-	var sig []byte
-	if sig, err = DecodeSegment(signature); err != nil {
-		return err
-	}
-
+func (m *SigningMethodRSAPSS) Verify(signingString string, sig []byte, key interface{}) error {
 	var rsaKey *rsa.PublicKey
 	switch k := key.(type) {
 	case *rsa.PublicKey:
 		rsaKey = k
 	default:
-		return ErrInvalidKey
+		return newError("RSA-PSS verify expects *rsa.PublicKey", ErrInvalidKeyType)
 	}
 
 	// Create hasher
@@ -113,21 +106,21 @@ func (m *SigningMethodRSAPSS) Verify(signingString, signature string, key interf
 	return rsa.VerifyPSS(rsaKey, m.Hash, hasher.Sum(nil), sig, opts)
 }
 
-// Implements the Sign method from SigningMethod
+// Sign implements token signing for the SigningMethod.
 // For this signing method, key must be an rsa.PrivateKey struct
-func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) (string, error) {
+func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) ([]byte, error) {
 	var rsaKey *rsa.PrivateKey
 
 	switch k := key.(type) {
 	case *rsa.PrivateKey:
 		rsaKey = k
 	default:
-		return "", ErrInvalidKeyType
+		return nil, newError("RSA-PSS sign expects *rsa.PrivateKey", ErrInvalidKeyType)
 	}
 
 	// Create the hasher
 	if !m.Hash.Available() {
-		return "", ErrHashUnavailable
+		return nil, ErrHashUnavailable
 	}
 
 	hasher := m.Hash.New()
@@ -135,8 +128,8 @@ func (m *SigningMethodRSAPSS) Sign(signingString string, key interface{}) (strin
 
 	// Sign the string and return the encoded bytes
 	if sigBytes, err := rsa.SignPSS(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil), m.Options); err == nil {
-		return EncodeSegment(sigBytes), nil
+		return sigBytes, nil
 	} else {
-		return "", err
+		return nil, err
 	}
 }
diff --git a/vendor/github.com/golang-jwt/jwt/rsa_utils.go b/vendor/github.com/golang-jwt/jwt/v5/rsa_utils.go
similarity index 69%
rename from vendor/github.com/golang-jwt/jwt/rsa_utils.go
rename to vendor/github.com/golang-jwt/jwt/v5/rsa_utils.go
index 14c78c29..b3aeebbe 100644
--- a/vendor/github.com/golang-jwt/jwt/rsa_utils.go
+++ b/vendor/github.com/golang-jwt/jwt/v5/rsa_utils.go
@@ -8,12 +8,12 @@ import (
 )
 
 var (
-	ErrKeyMustBePEMEncoded = errors.New("Invalid Key: Key must be a PEM encoded PKCS1 or PKCS8 key")
-	ErrNotRSAPrivateKey    = errors.New("Key is not a valid RSA private key")
-	ErrNotRSAPublicKey     = errors.New("Key is not a valid RSA public key")
+	ErrKeyMustBePEMEncoded = errors.New("invalid key: Key must be a PEM encoded PKCS1 or PKCS8 key")
+	ErrNotRSAPrivateKey    = errors.New("key is not a valid RSA private key")
+	ErrNotRSAPublicKey     = errors.New("key is not a valid RSA public key")
 )
 
-// Parse PEM encoded PKCS1 or PKCS8 private key
+// ParseRSAPrivateKeyFromPEM parses a PEM encoded PKCS1 or PKCS8 private key
 func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error) {
 	var err error
 
@@ -39,7 +39,11 @@ func ParseRSAPrivateKeyFromPEM(key []byte) (*rsa.PrivateKey, error) {
 	return pkey, nil
 }
 
-// Parse PEM encoded PKCS1 or PKCS8 private key protected with password
+// ParseRSAPrivateKeyFromPEMWithPassword parses a PEM encoded PKCS1 or PKCS8 private key protected with password
+//
+// Deprecated: This function is deprecated and should not be used anymore. It uses the deprecated x509.DecryptPEMBlock
+// function, which was deprecated since RFC 1423 is regarded insecure by design. Unfortunately, there is no alternative
+// in the Go standard library for now. See https://github.com/golang/go/issues/8860.
 func ParseRSAPrivateKeyFromPEMWithPassword(key []byte, password string) (*rsa.PrivateKey, error) {
 	var err error
 
@@ -71,7 +75,7 @@ func ParseRSAPrivateKeyFromPEMWithPassword(key []byte, password string) (*rsa.Pr
 	return pkey, nil
 }
 
-// Parse PEM encoded PKCS1 or PKCS8 public key
+// ParseRSAPublicKeyFromPEM parses a certificate or a PEM encoded PKCS1 or PKIX public key
 func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error) {
 	var err error
 
@@ -87,7 +91,9 @@ func ParseRSAPublicKeyFromPEM(key []byte) (*rsa.PublicKey, error) {
 		if cert, err := x509.ParseCertificate(block.Bytes); err == nil {
 			parsedKey = cert.PublicKey
 		} else {
-			return nil, err
+			if parsedKey, err = x509.ParsePKCS1PublicKey(block.Bytes); err != nil {
+				return nil, err
+			}
 		}
 	}
 
diff --git a/vendor/github.com/golang-jwt/jwt/v5/signing_method.go b/vendor/github.com/golang-jwt/jwt/v5/signing_method.go
new file mode 100644
index 00000000..0d73631c
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/signing_method.go
@@ -0,0 +1,49 @@
+package jwt
+
+import (
+	"sync"
+)
+
+var signingMethods = map[string]func() SigningMethod{}
+var signingMethodLock = new(sync.RWMutex)
+
+// SigningMethod can be used add new methods for signing or verifying tokens. It
+// takes a decoded signature as an input in the Verify function and produces a
+// signature in Sign. The signature is then usually base64 encoded as part of a
+// JWT.
+type SigningMethod interface {
+	Verify(signingString string, sig []byte, key interface{}) error // Returns nil if signature is valid
+	Sign(signingString string, key interface{}) ([]byte, error)     // Returns signature or error
+	Alg() string                                                    // returns the alg identifier for this method (example: 'HS256')
+}
+
+// RegisterSigningMethod registers the "alg" name and a factory function for signing method.
+// This is typically done during init() in the method's implementation
+func RegisterSigningMethod(alg string, f func() SigningMethod) {
+	signingMethodLock.Lock()
+	defer signingMethodLock.Unlock()
+
+	signingMethods[alg] = f
+}
+
+// GetSigningMethod retrieves a signing method from an "alg" string
+func GetSigningMethod(alg string) (method SigningMethod) {
+	signingMethodLock.RLock()
+	defer signingMethodLock.RUnlock()
+
+	if methodF, ok := signingMethods[alg]; ok {
+		method = methodF()
+	}
+	return
+}
+
+// GetAlgorithms returns a list of registered "alg" names
+func GetAlgorithms() (algs []string) {
+	signingMethodLock.RLock()
+	defer signingMethodLock.RUnlock()
+
+	for alg := range signingMethods {
+		algs = append(algs, alg)
+	}
+	return
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v5/staticcheck.conf b/vendor/github.com/golang-jwt/jwt/v5/staticcheck.conf
new file mode 100644
index 00000000..53745d51
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/staticcheck.conf
@@ -0,0 +1 @@
+checks = ["all", "-ST1000", "-ST1003", "-ST1016", "-ST1023"]
diff --git a/vendor/github.com/golang-jwt/jwt/v5/token.go b/vendor/github.com/golang-jwt/jwt/v5/token.go
new file mode 100644
index 00000000..9c7f4ab0
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/token.go
@@ -0,0 +1,100 @@
+package jwt
+
+import (
+	"crypto"
+	"encoding/base64"
+	"encoding/json"
+)
+
+// Keyfunc will be used by the Parse methods as a callback function to supply
+// the key for verification.  The function receives the parsed, but unverified
+// Token.  This allows you to use properties in the Header of the token (such as
+// `kid`) to identify which key to use.
+//
+// The returned interface{} may be a single key or a VerificationKeySet containing
+// multiple keys.
+type Keyfunc func(*Token) (interface{}, error)
+
+// VerificationKey represents a public or secret key for verifying a token's signature.
+type VerificationKey interface {
+	crypto.PublicKey | []uint8
+}
+
+// VerificationKeySet is a set of public or secret keys. It is used by the parser to verify a token.
+type VerificationKeySet struct {
+	Keys []VerificationKey
+}
+
+// Token represents a JWT Token.  Different fields will be used depending on
+// whether you're creating or parsing/verifying a token.
+type Token struct {
+	Raw       string                 // Raw contains the raw token.  Populated when you [Parse] a token
+	Method    SigningMethod          // Method is the signing method used or to be used
+	Header    map[string]interface{} // Header is the first segment of the token in decoded form
+	Claims    Claims                 // Claims is the second segment of the token in decoded form
+	Signature []byte                 // Signature is the third segment of the token in decoded form.  Populated when you Parse a token
+	Valid     bool                   // Valid specifies if the token is valid.  Populated when you Parse/Verify a token
+}
+
+// New creates a new [Token] with the specified signing method and an empty map
+// of claims. Additional options can be specified, but are currently unused.
+func New(method SigningMethod, opts ...TokenOption) *Token {
+	return NewWithClaims(method, MapClaims{}, opts...)
+}
+
+// NewWithClaims creates a new [Token] with the specified signing method and
+// claims. Additional options can be specified, but are currently unused.
+func NewWithClaims(method SigningMethod, claims Claims, opts ...TokenOption) *Token {
+	return &Token{
+		Header: map[string]interface{}{
+			"typ": "JWT",
+			"alg": method.Alg(),
+		},
+		Claims: claims,
+		Method: method,
+	}
+}
+
+// SignedString creates and returns a complete, signed JWT. The token is signed
+// using the SigningMethod specified in the token. Please refer to
+// https://golang-jwt.github.io/jwt/usage/signing_methods/#signing-methods-and-key-types
+// for an overview of the different signing methods and their respective key
+// types.
+func (t *Token) SignedString(key interface{}) (string, error) {
+	sstr, err := t.SigningString()
+	if err != nil {
+		return "", err
+	}
+
+	sig, err := t.Method.Sign(sstr, key)
+	if err != nil {
+		return "", err
+	}
+
+	return sstr + "." + t.EncodeSegment(sig), nil
+}
+
+// SigningString generates the signing string.  This is the most expensive part
+// of the whole deal. Unless you need this for something special, just go
+// straight for the SignedString.
+func (t *Token) SigningString() (string, error) {
+	h, err := json.Marshal(t.Header)
+	if err != nil {
+		return "", err
+	}
+
+	c, err := json.Marshal(t.Claims)
+	if err != nil {
+		return "", err
+	}
+
+	return t.EncodeSegment(h) + "." + t.EncodeSegment(c), nil
+}
+
+// EncodeSegment encodes a JWT specific base64url encoding with padding
+// stripped. In the future, this function might take into account a
+// [TokenOption]. Therefore, this function exists as a method of [Token], rather
+// than a global function.
+func (*Token) EncodeSegment(seg []byte) string {
+	return base64.RawURLEncoding.EncodeToString(seg)
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v5/token_option.go b/vendor/github.com/golang-jwt/jwt/v5/token_option.go
new file mode 100644
index 00000000..b4ae3bad
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/token_option.go
@@ -0,0 +1,5 @@
+package jwt
+
+// TokenOption is a reserved type, which provides some forward compatibility,
+// if we ever want to introduce token creation-related options.
+type TokenOption func(*Token)
diff --git a/vendor/github.com/golang-jwt/jwt/v5/types.go b/vendor/github.com/golang-jwt/jwt/v5/types.go
new file mode 100644
index 00000000..b2655a9e
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/types.go
@@ -0,0 +1,149 @@
+package jwt
+
+import (
+	"encoding/json"
+	"fmt"
+	"math"
+	"strconv"
+	"time"
+)
+
+// TimePrecision sets the precision of times and dates within this library. This
+// has an influence on the precision of times when comparing expiry or other
+// related time fields. Furthermore, it is also the precision of times when
+// serializing.
+//
+// For backwards compatibility the default precision is set to seconds, so that
+// no fractional timestamps are generated.
+var TimePrecision = time.Second
+
+// MarshalSingleStringAsArray modifies the behavior of the ClaimStrings type,
+// especially its MarshalJSON function.
+//
+// If it is set to true (the default), it will always serialize the type as an
+// array of strings, even if it just contains one element, defaulting to the
+// behavior of the underlying []string. If it is set to false, it will serialize
+// to a single string, if it contains one element. Otherwise, it will serialize
+// to an array of strings.
+var MarshalSingleStringAsArray = true
+
+// NumericDate represents a JSON numeric date value, as referenced at
+// https://datatracker.ietf.org/doc/html/rfc7519#section-2.
+type NumericDate struct {
+	time.Time
+}
+
+// NewNumericDate constructs a new *NumericDate from a standard library time.Time struct.
+// It will truncate the timestamp according to the precision specified in TimePrecision.
+func NewNumericDate(t time.Time) *NumericDate {
+	return &NumericDate{t.Truncate(TimePrecision)}
+}
+
+// newNumericDateFromSeconds creates a new *NumericDate out of a float64 representing a
+// UNIX epoch with the float fraction representing non-integer seconds.
+func newNumericDateFromSeconds(f float64) *NumericDate {
+	round, frac := math.Modf(f)
+	return NewNumericDate(time.Unix(int64(round), int64(frac*1e9)))
+}
+
+// MarshalJSON is an implementation of the json.RawMessage interface and serializes the UNIX epoch
+// represented in NumericDate to a byte array, using the precision specified in TimePrecision.
+func (date NumericDate) MarshalJSON() (b []byte, err error) {
+	var prec int
+	if TimePrecision < time.Second {
+		prec = int(math.Log10(float64(time.Second) / float64(TimePrecision)))
+	}
+	truncatedDate := date.Truncate(TimePrecision)
+
+	// For very large timestamps, UnixNano would overflow an int64, but this
+	// function requires nanosecond level precision, so we have to use the
+	// following technique to get round the issue:
+	//
+	// 1. Take the normal unix timestamp to form the whole number part of the
+	//    output,
+	// 2. Take the result of the Nanosecond function, which returns the offset
+	//    within the second of the particular unix time instance, to form the
+	//    decimal part of the output
+	// 3. Concatenate them to produce the final result
+	seconds := strconv.FormatInt(truncatedDate.Unix(), 10)
+	nanosecondsOffset := strconv.FormatFloat(float64(truncatedDate.Nanosecond())/float64(time.Second), 'f', prec, 64)
+
+	output := append([]byte(seconds), []byte(nanosecondsOffset)[1:]...)
+
+	return output, nil
+}
+
+// UnmarshalJSON is an implementation of the json.RawMessage interface and
+// deserializes a [NumericDate] from a JSON representation, i.e. a
+// [json.Number]. This number represents an UNIX epoch with either integer or
+// non-integer seconds.
+func (date *NumericDate) UnmarshalJSON(b []byte) (err error) {
+	var (
+		number json.Number
+		f      float64
+	)
+
+	if err = json.Unmarshal(b, &number); err != nil {
+		return fmt.Errorf("could not parse NumericData: %w", err)
+	}
+
+	if f, err = number.Float64(); err != nil {
+		return fmt.Errorf("could not convert json number value to float: %w", err)
+	}
+
+	n := newNumericDateFromSeconds(f)
+	*date = *n
+
+	return nil
+}
+
+// ClaimStrings is basically just a slice of strings, but it can be either
+// serialized from a string array or just a string. This type is necessary,
+// since the "aud" claim can either be a single string or an array.
+type ClaimStrings []string
+
+func (s *ClaimStrings) UnmarshalJSON(data []byte) (err error) {
+	var value interface{}
+
+	if err = json.Unmarshal(data, &value); err != nil {
+		return err
+	}
+
+	var aud []string
+
+	switch v := value.(type) {
+	case string:
+		aud = append(aud, v)
+	case []string:
+		aud = ClaimStrings(v)
+	case []interface{}:
+		for _, vv := range v {
+			vs, ok := vv.(string)
+			if !ok {
+				return ErrInvalidType
+			}
+			aud = append(aud, vs)
+		}
+	case nil:
+		return nil
+	default:
+		return ErrInvalidType
+	}
+
+	*s = aud
+
+	return
+}
+
+func (s ClaimStrings) MarshalJSON() (b []byte, err error) {
+	// This handles a special case in the JWT RFC. If the string array, e.g.
+	// used by the "aud" field, only contains one element, it MAY be serialized
+	// as a single string. This may or may not be desired based on the ecosystem
+	// of other JWT library used, so we make it configurable by the variable
+	// MarshalSingleStringAsArray.
+	if len(s) == 1 && !MarshalSingleStringAsArray {
+		return json.Marshal(s[0])
+	}
+
+	return json.Marshal([]string(s))
+}
diff --git a/vendor/github.com/golang-jwt/jwt/v5/validator.go b/vendor/github.com/golang-jwt/jwt/v5/validator.go
new file mode 100644
index 00000000..008ecd87
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/validator.go
@@ -0,0 +1,316 @@
+package jwt
+
+import (
+	"crypto/subtle"
+	"fmt"
+	"time"
+)
+
+// ClaimsValidator is an interface that can be implemented by custom claims who
+// wish to execute any additional claims validation based on
+// application-specific logic. The Validate function is then executed in
+// addition to the regular claims validation and any error returned is appended
+// to the final validation result.
+//
+//	type MyCustomClaims struct {
+//	    Foo string `json:"foo"`
+//	    jwt.RegisteredClaims
+//	}
+//
+//	func (m MyCustomClaims) Validate() error {
+//	    if m.Foo != "bar" {
+//	        return errors.New("must be foobar")
+//	    }
+//	    return nil
+//	}
+type ClaimsValidator interface {
+	Claims
+	Validate() error
+}
+
+// Validator is the core of the new Validation API. It is automatically used by
+// a [Parser] during parsing and can be modified with various parser options.
+//
+// The [NewValidator] function should be used to create an instance of this
+// struct.
+type Validator struct {
+	// leeway is an optional leeway that can be provided to account for clock skew.
+	leeway time.Duration
+
+	// timeFunc is used to supply the current time that is needed for
+	// validation. If unspecified, this defaults to time.Now.
+	timeFunc func() time.Time
+
+	// requireExp specifies whether the exp claim is required
+	requireExp bool
+
+	// verifyIat specifies whether the iat (Issued At) claim will be verified.
+	// According to https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6 this
+	// only specifies the age of the token, but no validation check is
+	// necessary. However, if wanted, it can be checked if the iat is
+	// unrealistic, i.e., in the future.
+	verifyIat bool
+
+	// expectedAud contains the audience this token expects. Supplying an empty
+	// string will disable aud checking.
+	expectedAud string
+
+	// expectedIss contains the issuer this token expects. Supplying an empty
+	// string will disable iss checking.
+	expectedIss string
+
+	// expectedSub contains the subject this token expects. Supplying an empty
+	// string will disable sub checking.
+	expectedSub string
+}
+
+// NewValidator can be used to create a stand-alone validator with the supplied
+// options. This validator can then be used to validate already parsed claims.
+//
+// Note: Under normal circumstances, explicitly creating a validator is not
+// needed and can potentially be dangerous; instead functions of the [Parser]
+// class should be used.
+//
+// The [Validator] is only checking the *validity* of the claims, such as its
+// expiration time, but it does NOT perform *signature verification* of the
+// token.
+func NewValidator(opts ...ParserOption) *Validator {
+	p := NewParser(opts...)
+	return p.validator
+}
+
+// Validate validates the given claims. It will also perform any custom
+// validation if claims implements the [ClaimsValidator] interface.
+//
+// Note: It will NOT perform any *signature verification* on the token that
+// contains the claims and expects that the [Claim] was already successfully
+// verified.
+func (v *Validator) Validate(claims Claims) error {
+	var (
+		now  time.Time
+		errs []error = make([]error, 0, 6)
+		err  error
+	)
+
+	// Check, if we have a time func
+	if v.timeFunc != nil {
+		now = v.timeFunc()
+	} else {
+		now = time.Now()
+	}
+
+	// We always need to check the expiration time, but usage of the claim
+	// itself is OPTIONAL by default. requireExp overrides this behavior
+	// and makes the exp claim mandatory.
+	if err = v.verifyExpiresAt(claims, now, v.requireExp); err != nil {
+		errs = append(errs, err)
+	}
+
+	// We always need to check not-before, but usage of the claim itself is
+	// OPTIONAL.
+	if err = v.verifyNotBefore(claims, now, false); err != nil {
+		errs = append(errs, err)
+	}
+
+	// Check issued-at if the option is enabled
+	if v.verifyIat {
+		if err = v.verifyIssuedAt(claims, now, false); err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	// If we have an expected audience, we also require the audience claim
+	if v.expectedAud != "" {
+		if err = v.verifyAudience(claims, v.expectedAud, true); err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	// If we have an expected issuer, we also require the issuer claim
+	if v.expectedIss != "" {
+		if err = v.verifyIssuer(claims, v.expectedIss, true); err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	// If we have an expected subject, we also require the subject claim
+	if v.expectedSub != "" {
+		if err = v.verifySubject(claims, v.expectedSub, true); err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	// Finally, we want to give the claim itself some possibility to do some
+	// additional custom validation based on a custom Validate function.
+	cvt, ok := claims.(ClaimsValidator)
+	if ok {
+		if err := cvt.Validate(); err != nil {
+			errs = append(errs, err)
+		}
+	}
+
+	if len(errs) == 0 {
+		return nil
+	}
+
+	return joinErrors(errs...)
+}
+
+// verifyExpiresAt compares the exp claim in claims against cmp. This function
+// will succeed if cmp < exp. Additional leeway is taken into account.
+//
+// If exp is not set, it will succeed if the claim is not required,
+// otherwise ErrTokenRequiredClaimMissing will be returned.
+//
+// Additionally, if any error occurs while retrieving the claim, e.g., when its
+// the wrong type, an ErrTokenUnverifiable error will be returned.
+func (v *Validator) verifyExpiresAt(claims Claims, cmp time.Time, required bool) error {
+	exp, err := claims.GetExpirationTime()
+	if err != nil {
+		return err
+	}
+
+	if exp == nil {
+		return errorIfRequired(required, "exp")
+	}
+
+	return errorIfFalse(cmp.Before((exp.Time).Add(+v.leeway)), ErrTokenExpired)
+}
+
+// verifyIssuedAt compares the iat claim in claims against cmp. This function
+// will succeed if cmp >= iat. Additional leeway is taken into account.
+//
+// If iat is not set, it will succeed if the claim is not required,
+// otherwise ErrTokenRequiredClaimMissing will be returned.
+//
+// Additionally, if any error occurs while retrieving the claim, e.g., when its
+// the wrong type, an ErrTokenUnverifiable error will be returned.
+func (v *Validator) verifyIssuedAt(claims Claims, cmp time.Time, required bool) error {
+	iat, err := claims.GetIssuedAt()
+	if err != nil {
+		return err
+	}
+
+	if iat == nil {
+		return errorIfRequired(required, "iat")
+	}
+
+	return errorIfFalse(!cmp.Before(iat.Add(-v.leeway)), ErrTokenUsedBeforeIssued)
+}
+
+// verifyNotBefore compares the nbf claim in claims against cmp. This function
+// will return true if cmp >= nbf. Additional leeway is taken into account.
+//
+// If nbf is not set, it will succeed if the claim is not required,
+// otherwise ErrTokenRequiredClaimMissing will be returned.
+//
+// Additionally, if any error occurs while retrieving the claim, e.g., when its
+// the wrong type, an ErrTokenUnverifiable error will be returned.
+func (v *Validator) verifyNotBefore(claims Claims, cmp time.Time, required bool) error {
+	nbf, err := claims.GetNotBefore()
+	if err != nil {
+		return err
+	}
+
+	if nbf == nil {
+		return errorIfRequired(required, "nbf")
+	}
+
+	return errorIfFalse(!cmp.Before(nbf.Add(-v.leeway)), ErrTokenNotValidYet)
+}
+
+// verifyAudience compares the aud claim against cmp.
+//
+// If aud is not set or an empty list, it will succeed if the claim is not required,
+// otherwise ErrTokenRequiredClaimMissing will be returned.
+//
+// Additionally, if any error occurs while retrieving the claim, e.g., when its
+// the wrong type, an ErrTokenUnverifiable error will be returned.
+func (v *Validator) verifyAudience(claims Claims, cmp string, required bool) error {
+	aud, err := claims.GetAudience()
+	if err != nil {
+		return err
+	}
+
+	if len(aud) == 0 {
+		return errorIfRequired(required, "aud")
+	}
+
+	// use a var here to keep constant time compare when looping over a number of claims
+	result := false
+
+	var stringClaims string
+	for _, a := range aud {
+		if subtle.ConstantTimeCompare([]byte(a), []byte(cmp)) != 0 {
+			result = true
+		}
+		stringClaims = stringClaims + a
+	}
+
+	// case where "" is sent in one or many aud claims
+	if stringClaims == "" {
+		return errorIfRequired(required, "aud")
+	}
+
+	return errorIfFalse(result, ErrTokenInvalidAudience)
+}
+
+// verifyIssuer compares the iss claim in claims against cmp.
+//
+// If iss is not set, it will succeed if the claim is not required,
+// otherwise ErrTokenRequiredClaimMissing will be returned.
+//
+// Additionally, if any error occurs while retrieving the claim, e.g., when its
+// the wrong type, an ErrTokenUnverifiable error will be returned.
+func (v *Validator) verifyIssuer(claims Claims, cmp string, required bool) error {
+	iss, err := claims.GetIssuer()
+	if err != nil {
+		return err
+	}
+
+	if iss == "" {
+		return errorIfRequired(required, "iss")
+	}
+
+	return errorIfFalse(iss == cmp, ErrTokenInvalidIssuer)
+}
+
+// verifySubject compares the sub claim against cmp.
+//
+// If sub is not set, it will succeed if the claim is not required,
+// otherwise ErrTokenRequiredClaimMissing will be returned.
+//
+// Additionally, if any error occurs while retrieving the claim, e.g., when its
+// the wrong type, an ErrTokenUnverifiable error will be returned.
+func (v *Validator) verifySubject(claims Claims, cmp string, required bool) error {
+	sub, err := claims.GetSubject()
+	if err != nil {
+		return err
+	}
+
+	if sub == "" {
+		return errorIfRequired(required, "sub")
+	}
+
+	return errorIfFalse(sub == cmp, ErrTokenInvalidSubject)
+}
+
+// errorIfFalse returns the error specified in err, if the value is true.
+// Otherwise, nil is returned.
+func errorIfFalse(value bool, err error) error {
+	if value {
+		return nil
+	} else {
+		return err
+	}
+}
+
+// errorIfRequired returns an ErrTokenRequiredClaimMissing error if required is
+// true. Otherwise, nil is returned.
+func errorIfRequired(required bool, claim string) error {
+	if required {
+		return newError(fmt.Sprintf("%s claim is required", claim), ErrTokenRequiredClaimMissing)
+	} else {
+		return nil
+	}
+}
diff --git a/vendor/github.com/tidwall/buntdb/buntdb.go b/vendor/github.com/tidwall/buntdb/buntdb.go
index 9b39e5c2..0d61f7a5 100644
--- a/vendor/github.com/tidwall/buntdb/buntdb.go
+++ b/vendor/github.com/tidwall/buntdb/buntdb.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"runtime"
 	"sort"
 	"strconv"
 	"strings"
@@ -61,6 +62,8 @@ var (
 	ErrTxIterating = errors.New("tx is iterating")
 )
 
+const useAbsEx = true
+
 // DB represents a collection of key-value pairs that persist on disk.
 // Transactions are used for all forms of data access to the DB.
 type DB struct {
@@ -751,7 +754,7 @@ func (db *DB) Shrink() error {
 			return err
 		}
 		// Any failures below here are really bad. So just panic.
-		if err := os.Rename(tmpname, fname); err != nil {
+		if err := renameFile(tmpname, fname); err != nil {
 			panicErr(err)
 		}
 		db.file, err = os.OpenFile(fname, os.O_CREATE|os.O_RDWR, 0666)
@@ -771,6 +774,18 @@ func panicErr(err error) error {
 	panic(fmt.Errorf("buntdb: %w", err))
 }
 
+func renameFile(src, dest string) error {
+	var err error
+	if err = os.Rename(src, dest); err != nil {
+		if runtime.GOOS == "windows" {
+			if err = os.Remove(dest); err == nil {
+				err = os.Rename(src, dest)
+			}
+		}
+	}
+	return err
+}
+
 // readLoad reads from the reader and loads commands into the database.
 // modTime is the modified time of the reader, should be no greater than
 // the current time.Now().
@@ -895,24 +910,35 @@ func (db *DB) readLoad(rd io.Reader, modTime time.Time) (n int64, err error) {
 				return totalSize, ErrInvalid
 			}
 			if len(parts) == 5 {
-				if strings.ToLower(parts[3]) != "ex" {
+				arg := strings.ToLower(parts[3])
+				if arg != "ex" && arg != "ae" {
 					return totalSize, ErrInvalid
 				}
-				ex, err := strconv.ParseUint(parts[4], 10, 64)
+				ex, err := strconv.ParseInt(parts[4], 10, 64)
 				if err != nil {
 					return totalSize, err
 				}
+				var exat time.Time
 				now := time.Now()
-				dur := (time.Duration(ex) * time.Second) - now.Sub(modTime)
-				if dur > 0 {
+				if arg == "ex" {
+					dur := (time.Duration(ex) * time.Second) - now.Sub(modTime)
+					exat = now.Add(dur)
+				} else {
+					exat = time.Unix(ex, 0)
+				}
+				if exat.After(now) {
 					db.insertIntoDatabase(&dbItem{
 						key: parts[1],
 						val: parts[2],
 						opts: &dbItemOpts{
 							ex:   true,
-							exat: now.Add(dur),
+							exat: exat,
 						},
 					})
+				} else {
+					db.deleteFromDatabase(&dbItem{
+						key: parts[1],
+					})
 				}
 			} else {
 				db.insertIntoDatabase(&dbItem{key: parts[1], val: parts[2]})
@@ -1330,13 +1356,19 @@ func appendBulkString(buf []byte, s string) []byte {
 // writeSetTo writes an item as a single SET record to the a bufio Writer.
 func (dbi *dbItem) writeSetTo(buf []byte, now time.Time) []byte {
 	if dbi.opts != nil && dbi.opts.ex {
-		ex := dbi.opts.exat.Sub(now) / time.Second
 		buf = appendArray(buf, 5)
 		buf = appendBulkString(buf, "set")
 		buf = appendBulkString(buf, dbi.key)
 		buf = appendBulkString(buf, dbi.val)
-		buf = appendBulkString(buf, "ex")
-		buf = appendBulkString(buf, strconv.FormatUint(uint64(ex), 10))
+		if useAbsEx {
+			ex := dbi.opts.exat.Unix()
+			buf = appendBulkString(buf, "ae")
+			buf = appendBulkString(buf, strconv.FormatUint(uint64(ex), 10))
+		} else {
+			ex := dbi.opts.exat.Sub(now) / time.Second
+			buf = appendBulkString(buf, "ex")
+			buf = appendBulkString(buf, strconv.FormatUint(uint64(ex), 10))
+		}
 	} else {
 		buf = appendArray(buf, 3)
 		buf = appendBulkString(buf, "set")
@@ -1622,6 +1654,9 @@ func (tx *Tx) scan(desc, gt, lt bool, index, start, stop string,
 	// wrap a btree specific iterator around the user-defined iterator.
 	iter := func(item interface{}) bool {
 		dbi := item.(*dbItem)
+		if dbi.expired() {
+			return true
+		}
 		return iterator(dbi.key, dbi.val)
 	}
 	var tr *btree.BTree
diff --git a/vendor/github.com/toorop/go-dkim/.gitignore b/vendor/github.com/toorop/go-dkim/.gitignore
deleted file mode 100644
index daf913b1..00000000
--- a/vendor/github.com/toorop/go-dkim/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
diff --git a/vendor/github.com/toorop/go-dkim/README.md b/vendor/github.com/toorop/go-dkim/README.md
deleted file mode 100644
index 49567395..00000000
--- a/vendor/github.com/toorop/go-dkim/README.md
+++ /dev/null
@@ -1,56 +0,0 @@
-# go-dkim
-DKIM package for Golang
-
-[![GoDoc](https://godoc.org/github.com/toorop/go-dkim?status.svg)](https://godoc.org/github.com/toorop/go-dkim)
-
-## Getting started
-
-### Install
-```
- 	go get github.com/toorop/go-dkim
-```
-Warning: you need to use Go 1.4.2-master or 1.4.3 (when it will be available)
-see https://github.com/golang/go/issues/10482 fro more info.
-
-### Sign email
-
-```go
-import (
-	dkim "github.com/toorop/go-dkim"
-)
-
-func main(){
-	// email is the email to sign (byte slice)
-	// privateKey the private key (pem encoded, byte slice )	
-	options := dkim.NewSigOptions()
-	options.PrivateKey = privateKey
-	options.Domain = "mydomain.tld"
-	options.Selector = "myselector"
-	options.SignatureExpireIn = 3600
-	options.BodyLength = 50
-	options.Headers = []string{"from", "date", "mime-version", "received", "received"}
-	options.AddSignatureTimestamp = true
-	options.Canonicalization = "relaxed/relaxed"
-	err := dkim.Sign(&email, options)
-	// handle err..
-
-	// And... that's it, 'email' is signed ! Amazing© !!!
-}
-```
-
-### Verify
-```go
-import (
-	dkim "github.com/toorop/go-dkim"
-)
-
-func main(){
-	// email is the email to verify (byte slice)
-	status, err := Verify(&email)
-	// handle status, err (see godoc for status)
-}
-```
-
-## Todo
-
-- [ ] handle z tag (copied header fields used for diagnostic use)
diff --git a/vendor/github.com/toorop/go-dkim/dkim.go b/vendor/github.com/toorop/go-dkim/dkim.go
deleted file mode 100644
index 3ed5c88f..00000000
--- a/vendor/github.com/toorop/go-dkim/dkim.go
+++ /dev/null
@@ -1,564 +0,0 @@
-// Package dkim provides tools for signing and verify a email according to RFC 6376
-package dkim
-
-import (
-	"bytes"
-	"container/list"
-	"crypto"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/sha1"
-	"crypto/sha256"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/pem"
-	"hash"
-	"regexp"
-	"strings"
-	"time"
-)
-
-const (
-	CRLF                = "\r\n"
-	TAB                 = " "
-	FWS                 = CRLF + TAB
-	MaxHeaderLineLength = 70
-)
-
-type verifyOutput int
-
-const (
-	SUCCESS verifyOutput = 1 + iota
-	PERMFAIL
-	TEMPFAIL
-	NOTSIGNED
-	TESTINGSUCCESS
-	TESTINGPERMFAIL
-	TESTINGTEMPFAIL
-)
-
-// sigOptions represents signing options
-type SigOptions struct {
-
-	// DKIM version (default 1)
-	Version uint
-
-	// Private key used for signing (required)
-	PrivateKey []byte
-
-	// Domain (required)
-	Domain string
-
-	// Selector (required)
-	Selector string
-
-	// The Agent of User IDentifier
-	Auid string
-
-	// Message canonicalization (plain-text; OPTIONAL, default is
-	// "simple/simple").  This tag informs the Verifier of the type of
-	// canonicalization used to prepare the message for signing.
-	Canonicalization string
-
-	// The algorithm used to generate the signature
-	//"rsa-sha1" or "rsa-sha256"
-	Algo string
-
-	// Signed header fields
-	Headers []string
-
-	// Body length count( if set to 0 this tag is ommited in Dkim header)
-	BodyLength uint
-
-	// Query Methods used to retrieve the public key
-	QueryMethods []string
-
-	// Add a signature timestamp
-	AddSignatureTimestamp bool
-
-	// Time validity of the signature (0=never)
-	SignatureExpireIn uint64
-
-	// CopiedHeaderFileds
-	CopiedHeaderFields []string
-}
-
-// NewSigOptions returns new sigoption with some defaults value
-func NewSigOptions() SigOptions {
-	return SigOptions{
-		Version:               1,
-		Canonicalization:      "simple/simple",
-		Algo:                  "rsa-sha256",
-		Headers:               []string{"from"},
-		BodyLength:            0,
-		QueryMethods:          []string{"dns/txt"},
-		AddSignatureTimestamp: true,
-		SignatureExpireIn:     0,
-	}
-}
-
-// Sign signs an email
-func Sign(email *[]byte, options SigOptions) error {
-	var privateKey *rsa.PrivateKey
-	var err error
-
-	// PrivateKey
-	if len(options.PrivateKey) == 0 {
-		return ErrSignPrivateKeyRequired
-	}
-	d, _ := pem.Decode(options.PrivateKey)
-	if d == nil {
-		return ErrCandNotParsePrivateKey
-	}
-
-	// try to parse it as PKCS1 otherwise try PKCS8
-	if key, err := x509.ParsePKCS1PrivateKey(d.Bytes); err != nil {
-		if key, err := x509.ParsePKCS8PrivateKey(d.Bytes); err != nil {
-			return ErrCandNotParsePrivateKey
-		} else {
-			privateKey = key.(*rsa.PrivateKey)
-		}
-	} else {
-		privateKey = key
-	}
-
-	// Domain required
-	if options.Domain == "" {
-		return ErrSignDomainRequired
-	}
-
-	// Selector required
-	if options.Selector == "" {
-		return ErrSignSelectorRequired
-	}
-
-	// Canonicalization
-	options.Canonicalization, err = validateCanonicalization(strings.ToLower(options.Canonicalization))
-	if err != nil {
-		return err
-	}
-
-	// Algo
-	options.Algo = strings.ToLower(options.Algo)
-	if options.Algo != "rsa-sha1" && options.Algo != "rsa-sha256" {
-		return ErrSignBadAlgo
-	}
-
-	// Header must contain "from"
-	hasFrom := false
-	for i, h := range options.Headers {
-		h = strings.ToLower(h)
-		options.Headers[i] = h
-		if h == "from" {
-			hasFrom = true
-		}
-	}
-	if !hasFrom {
-		return ErrSignHeaderShouldContainsFrom
-	}
-
-	// Normalize
-	headers, body, err := canonicalize(email, options.Canonicalization, options.Headers)
-	if err != nil {
-		return err
-	}
-
-	signHash := strings.Split(options.Algo, "-")
-
-	// hash body
-	bodyHash, err := getBodyHash(&body, signHash[1], options.BodyLength)
-	if err != nil {
-		return err
-	}
-
-	// Get dkim header base
-	dkimHeader := newDkimHeaderBySigOptions(options)
-	dHeader := dkimHeader.getHeaderBaseForSigning(bodyHash)
-
-	canonicalizations := strings.Split(options.Canonicalization, "/")
-	dHeaderCanonicalized, err := canonicalizeHeader(dHeader, canonicalizations[0])
-	if err != nil {
-		return err
-	}
-	headers = append(headers, []byte(dHeaderCanonicalized)...)
-	headers = bytes.TrimRight(headers, " \r\n")
-
-	// sign
-	sig, err := getSignature(&headers, privateKey, signHash[1])
-
-	// add to DKIM-Header
-	subh := ""
-	l := len(subh)
-	for _, c := range sig {
-		subh += string(c)
-		l++
-		if l >= MaxHeaderLineLength {
-			dHeader += subh + FWS
-			subh = ""
-			l = 0
-		}
-	}
-	dHeader += subh + CRLF
-	*email = append([]byte(dHeader), *email...)
-	return nil
-}
-
-// Verify verifies an email an return
-// state: SUCCESS or PERMFAIL or TEMPFAIL, TESTINGSUCCESS, TESTINGPERMFAIL
-// TESTINGTEMPFAIL or NOTSIGNED
-// error: if an error occurs during verification
-func Verify(email *[]byte, opts ...DNSOpt) (verifyOutput, error) {
-	// parse email
-	dkimHeader, err := GetHeader(email)
-	if err != nil {
-		if err == ErrDkimHeaderNotFound {
-			return NOTSIGNED, ErrDkimHeaderNotFound
-		}
-		return PERMFAIL, err
-	}
-
-	// we do not set query method because if it's others, validation failed earlier
-	pubKey, verifyOutputOnError, err := NewPubKeyRespFromDNS(dkimHeader.Selector, dkimHeader.Domain, opts...)
-	if err != nil {
-		// fix https://github.com/toorop/go-dkim/issues/1
-		//return getVerifyOutput(verifyOutputOnError, err, pubKey.FlagTesting)
-		return verifyOutputOnError, err
-	}
-
-	// Normalize
-	headers, body, err := canonicalize(email, dkimHeader.MessageCanonicalization, dkimHeader.Headers)
-	if err != nil {
-		return getVerifyOutput(PERMFAIL, err, pubKey.FlagTesting)
-	}
-	sigHash := strings.Split(dkimHeader.Algorithm, "-")
-	// check if hash algo are compatible
-	compatible := false
-	for _, algo := range pubKey.HashAlgo {
-		if sigHash[1] == algo {
-			compatible = true
-			break
-		}
-	}
-	if !compatible {
-		return getVerifyOutput(PERMFAIL, ErrVerifyInappropriateHashAlgo, pubKey.FlagTesting)
-	}
-
-	// expired ?
-	if !dkimHeader.SignatureExpiration.IsZero() && dkimHeader.SignatureExpiration.Second() < time.Now().Second() {
-		return getVerifyOutput(PERMFAIL, ErrVerifySignatureHasExpired, pubKey.FlagTesting)
-
-	}
-
-	//println("|" + string(body) + "|")
-	// get body hash
-	bodyHash, err := getBodyHash(&body, sigHash[1], dkimHeader.BodyLength)
-	if err != nil {
-		return getVerifyOutput(PERMFAIL, err, pubKey.FlagTesting)
-	}
-	//println(bodyHash)
-	if bodyHash != dkimHeader.BodyHash {
-		return getVerifyOutput(PERMFAIL, ErrVerifyBodyHash, pubKey.FlagTesting)
-	}
-
-	// compute sig
-	dkimHeaderCano, err := canonicalizeHeader(dkimHeader.rawForSign, strings.Split(dkimHeader.MessageCanonicalization, "/")[0])
-	if err != nil {
-		return getVerifyOutput(TEMPFAIL, err, pubKey.FlagTesting)
-	}
-	toSignStr := string(headers) + dkimHeaderCano
-	toSign := bytes.TrimRight([]byte(toSignStr), " \r\n")
-
-	err = verifySignature(toSign, dkimHeader.SignatureData, &pubKey.PubKey, sigHash[1])
-	if err != nil {
-		return getVerifyOutput(PERMFAIL, err, pubKey.FlagTesting)
-	}
-	return SUCCESS, nil
-}
-
-// getVerifyOutput returns output of verify fct according to the testing flag
-func getVerifyOutput(status verifyOutput, err error, flagTesting bool) (verifyOutput, error) {
-	if !flagTesting {
-		return status, err
-	}
-	switch status {
-	case SUCCESS:
-		return TESTINGSUCCESS, err
-	case PERMFAIL:
-		return TESTINGPERMFAIL, err
-	case TEMPFAIL:
-		return TESTINGTEMPFAIL, err
-	}
-	// should never happen but compilator sream whithout return
-	return status, err
-}
-
-// canonicalize returns canonicalized version of header and body
-func canonicalize(email *[]byte, cano string, h []string) (headers, body []byte, err error) {
-	body = []byte{}
-	rxReduceWS := regexp.MustCompile(`[ \t]+`)
-
-	rawHeaders, rawBody, err := getHeadersBody(email)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	canonicalizations := strings.Split(cano, "/")
-
-	// canonicalyze header
-	headersList, err := getHeadersList(&rawHeaders)
-
-	// pour chaque header a conserver on traverse tous les headers dispo
-	// If multi instance of a field we must keep it from the bottom to the top
-	var match *list.Element
-	headersToKeepList := list.New()
-
-	for _, headerToKeep := range h {
-		match = nil
-		headerToKeepToLower := strings.ToLower(headerToKeep)
-		for e := headersList.Front(); e != nil; e = e.Next() {
-			//fmt.Printf("|%s|\n", e.Value.(string))
-			t := strings.Split(e.Value.(string), ":")
-			if strings.ToLower(t[0]) == headerToKeepToLower {
-				match = e
-			}
-		}
-		if match != nil {
-			headersToKeepList.PushBack(match.Value.(string) + "\r\n")
-			headersList.Remove(match)
-		}
-	}
-
-	//if canonicalizations[0] == "simple" {
-	for e := headersToKeepList.Front(); e != nil; e = e.Next() {
-		cHeader, err := canonicalizeHeader(e.Value.(string), canonicalizations[0])
-		if err != nil {
-			return headers, body, err
-		}
-		headers = append(headers, []byte(cHeader)...)
-	}
-	// canonicalyze body
-	if canonicalizations[1] == "simple" {
-		// simple
-		// The "simple" body canonicalization algorithm ignores all empty lines
-		// at the end of the message body.  An empty line is a line of zero
-		// length after removal of the line terminator.  If there is no body or
-		// no trailing CRLF on the message body, a CRLF is added.  It makes no
-		// other changes to the message body.  In more formal terms, the
-		// "simple" body canonicalization algorithm converts "*CRLF" at the end
-		// of the body to a single "CRLF".
-		// Note that a completely empty or missing body is canonicalized as a
-		// single "CRLF"; that is, the canonicalized length will be 2 octets.
-		body = bytes.TrimRight(rawBody, "\r\n")
-		body = append(body, []byte{13, 10}...)
-	} else {
-		// relaxed
-		// Ignore all whitespace at the end of lines.  Implementations
-		// MUST NOT remove the CRLF at the end of the line.
-		// Reduce all sequences of WSP within a line to a single SP
-		// character.
-		// Ignore all empty lines at the end of the message body.  "Empty
-		// line" is defined in Section 3.4.3.  If the body is non-empty but
-		// does not end with a CRLF, a CRLF is added.  (For email, this is
-		// only possible when using extensions to SMTP or non-SMTP transport
-		// mechanisms.)
-		rawBody = rxReduceWS.ReplaceAll(rawBody, []byte(" "))
-		for _, line := range bytes.SplitAfter(rawBody, []byte{10}) {
-			line = bytes.TrimRight(line, " \r\n")
-			body = append(body, line...)
-			body = append(body, []byte{13, 10}...)
-		}
-		body = bytes.TrimRight(body, "\r\n")
-		body = append(body, []byte{13, 10}...)
-
-	}
-	return
-}
-
-// canonicalizeHeader returns canonicalized version of header
-func canonicalizeHeader(header string, algo string) (string, error) {
-	//rxReduceWS := regexp.MustCompile(`[ \t]+`)
-	if algo == "simple" {
-		// The "simple" header canonicalization algorithm does not change header
-		// fields in any way.  Header fields MUST be presented to the signing or
-		// verification algorithm exactly as they are in the message being
-		// signed or verified.  In particular, header field names MUST NOT be
-		// case folded and whitespace MUST NOT be changed.
-		return header, nil
-	} else if algo == "relaxed" {
-		// The "relaxed" header canonicalization algorithm MUST apply the
-		// following steps in order:
-
-		// Convert all header field names (not the header field values) to
-		// lowercase.  For example, convert "SUBJect: AbC" to "subject: AbC".
-
-		// Unfold all header field continuation lines as described in
-		// [RFC5322]; in particular, lines with terminators embedded in
-		// continued header field values (that is, CRLF sequences followed by
-		// WSP) MUST be interpreted without the CRLF.  Implementations MUST
-		// NOT remove the CRLF at the end of the header field value.
-
-		// Convert all sequences of one or more WSP characters to a single SP
-		// character.  WSP characters here include those before and after a
-		// line folding boundary.
-
-		// Delete all WSP characters at the end of each unfolded header field
-		// value.
-
-		// Delete any WSP characters remaining before and after the colon
-		// separating the header field name from the header field value.  The
-		// colon separator MUST be retained.
-		kv := strings.SplitN(header, ":", 2)
-		if len(kv) != 2 {
-			return header, ErrBadMailFormatHeaders
-		}
-		k := strings.ToLower(kv[0])
-		k = strings.TrimSpace(k)
-		v := removeFWS(kv[1])
-		//v = rxReduceWS.ReplaceAllString(v, " ")
-		//v = strings.TrimSpace(v)
-		return k + ":" + v + CRLF, nil
-	}
-	return header, ErrSignBadCanonicalization
-}
-
-// getBodyHash return the hash (bas64encoded) of the body
-func getBodyHash(body *[]byte, algo string, bodyLength uint) (string, error) {
-	var h hash.Hash
-	if algo == "sha1" {
-		h = sha1.New()
-	} else {
-		h = sha256.New()
-	}
-	toH := *body
-	// if l tag (body length)
-	if bodyLength != 0 {
-		if uint(len(toH)) < bodyLength {
-			return "", ErrBadDKimTagLBodyTooShort
-		}
-		toH = toH[0:bodyLength]
-	}
-
-	h.Write(toH)
-	return base64.StdEncoding.EncodeToString(h.Sum(nil)), nil
-}
-
-// getSignature return signature of toSign using key
-func getSignature(toSign *[]byte, key *rsa.PrivateKey, algo string) (string, error) {
-	var h1 hash.Hash
-	var h2 crypto.Hash
-	switch algo {
-	case "sha1":
-		h1 = sha1.New()
-		h2 = crypto.SHA1
-		break
-	case "sha256":
-		h1 = sha256.New()
-		h2 = crypto.SHA256
-		break
-	default:
-		return "", ErrVerifyInappropriateHashAlgo
-	}
-
-	// sign
-	h1.Write(*toSign)
-	sig, err := rsa.SignPKCS1v15(rand.Reader, key, h2, h1.Sum(nil))
-	if err != nil {
-		return "", err
-	}
-	return base64.StdEncoding.EncodeToString(sig), nil
-}
-
-// verifySignature verify signature from pubkey
-func verifySignature(toSign []byte, sig64 string, key *rsa.PublicKey, algo string) error {
-	var h1 hash.Hash
-	var h2 crypto.Hash
-	switch algo {
-	case "sha1":
-		h1 = sha1.New()
-		h2 = crypto.SHA1
-		break
-	case "sha256":
-		h1 = sha256.New()
-		h2 = crypto.SHA256
-		break
-	default:
-		return ErrVerifyInappropriateHashAlgo
-	}
-
-	h1.Write(toSign)
-	sig, err := base64.StdEncoding.DecodeString(sig64)
-	if err != nil {
-		return err
-	}
-	return rsa.VerifyPKCS1v15(key, h2, h1.Sum(nil), sig)
-}
-
-// removeFWS removes all FWS from string
-func removeFWS(in string) string {
-	rxReduceWS := regexp.MustCompile(`[ \t]+`)
-	out := strings.Replace(in, "\n", "", -1)
-	out = strings.Replace(out, "\r", "", -1)
-	out = rxReduceWS.ReplaceAllString(out, " ")
-	return strings.TrimSpace(out)
-}
-
-// validateCanonicalization validate canonicalization (c flag)
-func validateCanonicalization(cano string) (string, error) {
-	p := strings.Split(cano, "/")
-	if len(p) > 2 {
-		return "", ErrSignBadCanonicalization
-	}
-	if len(p) == 1 {
-		cano = cano + "/simple"
-	}
-	for _, c := range p {
-		if c != "simple" && c != "relaxed" {
-			return "", ErrSignBadCanonicalization
-		}
-	}
-	return cano, nil
-}
-
-// getHeadersList returns headers as list
-func getHeadersList(rawHeader *[]byte) (*list.List, error) {
-	headersList := list.New()
-	currentHeader := []byte{}
-	for _, line := range bytes.SplitAfter(*rawHeader, []byte{10}) {
-		if line[0] == 32 || line[0] == 9 {
-			if len(currentHeader) == 0 {
-				return headersList, ErrBadMailFormatHeaders
-			}
-			currentHeader = append(currentHeader, line...)
-		} else {
-			// New header, save current if exists
-			if len(currentHeader) != 0 {
-				headersList.PushBack(string(bytes.TrimRight(currentHeader, "\r\n")))
-				currentHeader = []byte{}
-			}
-			currentHeader = append(currentHeader, line...)
-		}
-	}
-	headersList.PushBack(string(currentHeader))
-	return headersList, nil
-}
-
-// getHeadersBody return headers and body
-func getHeadersBody(email *[]byte) ([]byte, []byte, error) {
-	substitutedEmail := *email
-
-	// only replace \n with \r\n when \r\n\r\n not exists
-	if bytes.Index(*email, []byte{13, 10, 13, 10}) < 0 {
-		// \n -> \r\n
-		substitutedEmail = bytes.Replace(*email, []byte{10}, []byte{13, 10}, -1)
-	}
-
-	parts := bytes.SplitN(substitutedEmail, []byte{13, 10, 13, 10}, 2)
-	if len(parts) != 2 {
-		return []byte{}, []byte{}, ErrBadMailFormat
-	}
-	// Empty body
-	if len(parts[1]) == 0 {
-		parts[1] = []byte{13, 10}
-	}
-	return parts[0], parts[1], nil
-}
diff --git a/vendor/github.com/toorop/go-dkim/dkimHeader.go b/vendor/github.com/toorop/go-dkim/dkimHeader.go
deleted file mode 100644
index 14a289ee..00000000
--- a/vendor/github.com/toorop/go-dkim/dkimHeader.go
+++ /dev/null
@@ -1,545 +0,0 @@
-package dkim
-
-import (
-	"bytes"
-	"fmt"
-	"net/mail"
-	"net/textproto"
-	"strconv"
-	"strings"
-	"time"
-)
-
-type DKIMHeader struct {
-	// Version  This tag defines the version of DKIM
-	// specification that applies to the signature record.
-	// tag v
-	Version string
-
-	// The algorithm used to generate the signature..
-	// Verifiers MUST support "rsa-sha1" and "rsa-sha256";
-	// Signers SHOULD sign using "rsa-sha256".
-	// tag a
-	Algorithm string
-
-	// The signature data (base64).
-	// Whitespace is ignored in this value and MUST be
-	// ignored when reassembling the original signature.
-	// In particular, the signing process can safely insert
-	// FWS in this value in arbitrary places to conform to line-length
-	// limits.
-	// tag b
-	SignatureData string
-
-	// The hash of the canonicalized body part of the message as
-	// limited by the "l=" tag (base64; REQUIRED).
-	// Whitespace is ignored in this value and MUST be ignored when reassembling the original
-	// signature.  In particular, the signing process can safely insert
-	// FWS in this value in arbitrary places to conform to line-length
-	// limits.
-	// tag bh
-	BodyHash string
-
-	// Message canonicalization (plain-text; OPTIONAL, default is
-	//"simple/simple").  This tag informs the Verifier of the type of
-	// canonicalization used to prepare the message for signing.  It
-	// consists of two names separated by a "slash" (%d47) character,
-	// corresponding to the header and body canonicalization algorithms,
-	// respectively.  These algorithms are described in Section 3.4.  If
-	// only one algorithm is named, that algorithm is used for the header
-	// and "simple" is used for the body.  For example, "c=relaxed" is
-	// treated the same as "c=relaxed/simple".
-	// tag c
-	MessageCanonicalization string
-
-	// The SDID claiming responsibility for an introduction of a message
-	//  into the mail stream (plain-text; REQUIRED).  Hence, the SDID
-	//  value is used to form the query for the public key.  The SDID MUST
-	// correspond to a valid DNS name under which the DKIM key record is
-	// published.  The conventions and semantics used by a Signer to
-	// create and use a specific SDID are outside the scope of this
-	// specification, as is any use of those conventions and semantics.
-	// When presented with a signature that does not meet these
-	// requirements, Verifiers MUST consider the signature invalid.
-	// Internationalized domain names MUST be encoded as A-labels, as
-	// described in Section 2.3 of [RFC5890].
-	// tag d
-	Domain string
-
-	// Signed header fields (plain-text, but see description; REQUIRED).
-	// A colon-separated list of header field names that identify the
-	// header fields presented to the signing algorithm.  The field MUST
-	// contain the complete list of header fields in the order presented
-	// to the signing algorithm.  The field MAY contain names of header
-	// fields that do not exist when signed; nonexistent header fields do
-	// not contribute to the signature computation (that is, they are
-	// treated as the null input, including the header field name, the
-	// separating colon, the header field value, and any CRLF
-	// terminator).  The field MAY contain multiple instances of a header
-	// field name, meaning multiple occurrences of the corresponding
-	// header field are included in the header hash.  The field MUST NOT
-	// include the DKIM-Signature header field that is being created or
-	// verified but may include others.  Folding whitespace (FWS) MAY be
-	// included on either side of the colon separator.  Header field
-	// names MUST be compared against actual header field names in a
-	// case-insensitive manner.  This list MUST NOT be empty.  See
-	// Section 5.4 for a discussion of choosing header fields to sign and
-	// Section 5.4.2 for requirements when signing multiple instances of
-	// a single field.
-	// tag h
-	Headers []string
-
-	// The Agent or User Identifier (AUID) on behalf of which the SDID is
-	// taking responsibility (dkim-quoted-printable; OPTIONAL, default is
-	// an empty local-part followed by an "@" followed by the domain from
-	// the "d=" tag).
-	// The syntax is a standard email address where the local-part MAY be
-	// omitted.  The domain part of the address MUST be the same as, or a
-	// subdomain of, the value of the "d=" tag.
-	// Internationalized domain names MUST be encoded as A-labels, as
-	// described in Section 2.3 of [RFC5890].
-	// tag i
-	Auid string
-
-	// Body length count (plain-text unsigned decimal integer; OPTIONAL,
-	// default is entire body).  This tag informs the Verifier of the
-	// number of octets in the body of the email after canonicalization
-	// included in the cryptographic hash, starting from 0 immediately
-	// following the CRLF preceding the body.  This value MUST NOT be
-	// larger than the actual number of octets in the canonicalized
-	// message body.  See further discussion in Section 8.2.
-	// tag l
-	BodyLength uint
-
-	// A colon-separated list of query methods used to retrieve the
-	// public key (plain-text; OPTIONAL, default is "dns/txt").  Each
-	// query method is of the form "type[/options]", where the syntax and
-	// semantics of the options depend on the type and specified options.
-	// If there are multiple query mechanisms listed, the choice of query
-	// mechanism MUST NOT change the interpretation of the signature.
-	// Implementations MUST use the recognized query mechanisms in the
-	// order presented.  Unrecognized query mechanisms MUST be ignored.
-	// Currently, the only valid value is "dns/txt", which defines the
-	// DNS TXT resource record (RR) lookup algorithm described elsewhere
-	// in this document.  The only option defined for the "dns" query
-	// type is "txt", which MUST be included.  Verifiers and Signers MUST
-	// support "dns/txt".
-	// tag q
-	QueryMethods []string
-
-	// The selector subdividing the namespace for the "d=" (domain) tag
-	// (plain-text; REQUIRED).
-	// Internationalized selector names MUST be encoded as A-labels, as
-	// described in Section 2.3 of [RFC5890].
-	// tag s
-	Selector string
-
-	// Signature Timestamp (plain-text unsigned decimal integer;
-	// RECOMMENDED, default is an unknown creation time).  The time that
-	// this signature was created.  The format is the number of seconds
-	// since 00:00:00 on January 1, 1970 in the UTC time zone.  The value
-	// is expressed as an unsigned integer in decimal ASCII.  This value
-	// is not constrained to fit into a 31- or 32-bit integer.
-	// Implementations SHOULD be prepared to handle values up to at least
-	// 10^12 (until approximately AD 200,000; this fits into 40 bits).
-	// To avoid denial-of-service attacks, implementations MAY consider
-	// any value longer than 12 digits to be infinite.  Leap seconds are
-	// not counted.  Implementations MAY ignore signatures that have a
-	// timestamp in the future.
-	// tag t
-	SignatureTimestamp time.Time
-
-	// Signature Expiration (plain-text unsigned decimal integer;
-	// RECOMMENDED, default is no expiration).  The format is the same as
-	// in the "t=" tag, represented as an absolute date, not as a time
-	// delta from the signing timestamp.  The value is expressed as an
-	// unsigned integer in decimal ASCII, with the same constraints on
-	// the value in the "t=" tag.  Signatures MAY be considered invalid
-	// if the verification time at the Verifier is past the expiration
-	// date.  The verification time should be the time that the message
-	// was first received at the administrative domain of the Verifier if
-	// that time is reliably available; otherwise, the current time
-	// should be used.  The value of the "x=" tag MUST be greater than
-	// the value of the "t=" tag if both are present.
-	//tag x
-	SignatureExpiration time.Time
-
-	// Copied header fields (dkim-quoted-printable, but see description;
-	// OPTIONAL, default is null).  A vertical-bar-separated list of
-	// selected header fields present when the message was signed,
-	// including both the field name and value.  It is not required to
-	// include all header fields present at the time of signing.  This
-	// field need not contain the same header fields listed in the "h="
-	// tag.  The header field text itself must encode the vertical bar
-	// ("|", %x7C) character (i.e., vertical bars in the "z=" text are
-	// meta-characters, and any actual vertical bar characters in a
-	// copied header field must be encoded).  Note that all whitespace
-	// must be encoded, including whitespace between the colon and the
-	// header field value.  After encoding, FWS MAY be added at arbitrary
-	// locations in order to avoid excessively long lines; such
-	// whitespace is NOT part of the value of the header field and MUST
-	// be removed before decoding.
-	// The header fields referenced by the "h=" tag refer to the fields
-	// in the [RFC5322] header of the message, not to any copied fields
-	// in the "z=" tag.  Copied header field values are for diagnostic
-	// use.
-	// tag z
-	CopiedHeaderFields []string
-
-	// HeaderMailFromDomain store the raw email address of the header Mail From
-	// used for verifying in case of multiple DKIM header (we will prioritise
-	// header with d = mail from domain)
-	//HeaderMailFromDomain string
-
-	// RawForsign represents the raw part (without canonicalization) of the header
-	// used for computint sig in verify process
-	rawForSign string
-}
-
-// NewDkimHeaderBySigOptions return a new DkimHeader initioalized with sigOptions value
-func newDkimHeaderBySigOptions(options SigOptions) *DKIMHeader {
-	h := new(DKIMHeader)
-	h.Version = "1"
-	h.Algorithm = options.Algo
-	h.MessageCanonicalization = options.Canonicalization
-	h.Domain = options.Domain
-	h.Headers = options.Headers
-	h.Auid = options.Auid
-	h.BodyLength = options.BodyLength
-	h.QueryMethods = options.QueryMethods
-	h.Selector = options.Selector
-	if options.AddSignatureTimestamp {
-		h.SignatureTimestamp = time.Now()
-	}
-	if options.SignatureExpireIn > 0 {
-		h.SignatureExpiration = time.Now().Add(time.Duration(options.SignatureExpireIn) * time.Second)
-	}
-	h.CopiedHeaderFields = options.CopiedHeaderFields
-	return h
-}
-
-// GetHeader return a new DKIMHeader by parsing an email
-// Note: according to RFC 6376 an email can have multiple DKIM Header
-// in this case we return the last inserted or the last with d== mail from
-func GetHeader(email *[]byte) (*DKIMHeader, error) {
-	m, err := mail.ReadMessage(bytes.NewReader(*email))
-	if err != nil {
-		return nil, err
-	}
-
-	// DKIM header ?
-	if len(m.Header[textproto.CanonicalMIMEHeaderKey("DKIM-Signature")]) == 0 {
-		return nil, ErrDkimHeaderNotFound
-	}
-
-	// Get mail from domain
-	mailFromDomain := ""
-	mailfrom, err := mail.ParseAddress(m.Header.Get(textproto.CanonicalMIMEHeaderKey("From")))
-	if err != nil {
-		if err.Error() != "mail: no address" {
-			return nil, err
-		}
-	} else {
-		t := strings.SplitAfter(mailfrom.Address, "@")
-		if len(t) > 1 {
-			mailFromDomain = strings.ToLower(t[1])
-		}
-	}
-
-	// get raw dkim header
-	// we can't use m.header because header key will be converted with textproto.CanonicalMIMEHeaderKey
-	// ie if key in header is not DKIM-Signature but Dkim-Signature or DKIM-signature ot... other
-	// combination of case, verify will fail.
-	rawHeaders, _, err := getHeadersBody(email)
-	if err != nil {
-		return nil, ErrBadMailFormat
-	}
-	rawHeadersList, err := getHeadersList(&rawHeaders)
-	if err != nil {
-		return nil, err
-	}
-	dkHeaders := []string{}
-	for h := rawHeadersList.Front(); h != nil; h = h.Next() {
-		if strings.HasPrefix(strings.ToLower(h.Value.(string)), "dkim-signature") {
-			dkHeaders = append(dkHeaders, h.Value.(string))
-		}
-	}
-
-	var keep *DKIMHeader
-	var keepErr error
-	//for _, dk := range m.Header[textproto.CanonicalMIMEHeaderKey("DKIM-Signature")] {
-	for _, h := range dkHeaders {
-		parsed, err := parseDkHeader(h)
-		// if malformed dkim header try next
-		if err != nil {
-			keepErr = err
-			continue
-		}
-		// Keep first dkim headers
-		if keep == nil {
-			keep = parsed
-		}
-		// if d flag == domain keep this header and return
-		if mailFromDomain == parsed.Domain {
-			return parsed, nil
-		}
-	}
-	if keep == nil {
-		return nil, keepErr
-	}
-	return keep, nil
-}
-
-// parseDkHeader parse raw dkim header
-func parseDkHeader(header string) (dkh *DKIMHeader, err error) {
-	dkh = new(DKIMHeader)
-
-	keyVal := strings.SplitN(header, ":", 2)
-
-	t := strings.LastIndex(header, "b=")
-	if t == -1 {
-		return nil, ErrDkimHeaderBTagNotFound
-	}
-	dkh.rawForSign = header[0 : t+2]
-	p := strings.IndexByte(header[t:], ';')
-	if p != -1 {
-		dkh.rawForSign = dkh.rawForSign + header[t+p:]
-	}
-
-	// Mandatory
-	mandatoryFlags := make(map[string]bool, 7) //(b'v', b'a', b'b', b'bh', b'd', b'h', b's')
-	mandatoryFlags["v"] = false
-	mandatoryFlags["a"] = false
-	mandatoryFlags["b"] = false
-	mandatoryFlags["bh"] = false
-	mandatoryFlags["d"] = false
-	mandatoryFlags["h"] = false
-	mandatoryFlags["s"] = false
-
-	// default values
-	dkh.MessageCanonicalization = "simple/simple"
-	dkh.QueryMethods = []string{"dns/txt"}
-
-	// unfold && clean
-	val := removeFWS(keyVal[1])
-	val = strings.Replace(val, " ", "", -1)
-
-	fs := strings.Split(val, ";")
-	for _, f := range fs {
-		if f == "" {
-			continue
-		}
-		flagData := strings.SplitN(f, "=", 2)
-
-		// https://github.com/toorop/go-dkim/issues/2
-		// if flag is not in the form key=value (eg doesn't have "=")
-		if len(flagData) != 2 {
-			return nil, ErrDkimHeaderBadFormat
-		}
-		flag := strings.ToLower(strings.TrimSpace(flagData[0]))
-		data := strings.TrimSpace(flagData[1])
-		switch flag {
-		case "v":
-			if data != "1" {
-				return nil, ErrDkimVersionNotsupported
-			}
-			dkh.Version = data
-			mandatoryFlags["v"] = true
-		case "a":
-			dkh.Algorithm = strings.ToLower(data)
-			if dkh.Algorithm != "rsa-sha1" && dkh.Algorithm != "rsa-sha256" {
-				return nil, ErrSignBadAlgo
-			}
-			mandatoryFlags["a"] = true
-		case "b":
-			//dkh.SignatureData = removeFWS(data)
-			// remove all space
-			dkh.SignatureData = strings.Replace(removeFWS(data), " ", "", -1)
-			if len(dkh.SignatureData) != 0 {
-				mandatoryFlags["b"] = true
-			}
-		case "bh":
-			dkh.BodyHash = removeFWS(data)
-			if len(dkh.BodyHash) != 0 {
-				mandatoryFlags["bh"] = true
-			}
-		case "d":
-			dkh.Domain = strings.ToLower(data)
-			if len(dkh.Domain) != 0 {
-				mandatoryFlags["d"] = true
-			}
-		case "h":
-			data = strings.ToLower(data)
-			dkh.Headers = strings.Split(data, ":")
-			if len(dkh.Headers) != 0 {
-				mandatoryFlags["h"] = true
-			}
-			fromFound := false
-			for _, h := range dkh.Headers {
-				if h == "from" {
-					fromFound = true
-				}
-			}
-			if !fromFound {
-				return nil, ErrDkimHeaderNoFromInHTag
-			}
-		case "s":
-			dkh.Selector = strings.ToLower(data)
-			if len(dkh.Selector) != 0 {
-				mandatoryFlags["s"] = true
-			}
-		case "c":
-			dkh.MessageCanonicalization, err = validateCanonicalization(strings.ToLower(data))
-			if err != nil {
-				return nil, err
-			}
-		case "i":
-			if data != "" {
-				if !strings.HasSuffix(data, dkh.Domain) {
-					return nil, ErrDkimHeaderDomainMismatch
-				}
-				dkh.Auid = data
-			}
-		case "l":
-			ui, err := strconv.ParseUint(data, 10, 32)
-			if err != nil {
-				return nil, err
-			}
-			dkh.BodyLength = uint(ui)
-		case "q":
-			dkh.QueryMethods = strings.Split(data, ":")
-			if len(dkh.QueryMethods) == 0 || strings.ToLower(dkh.QueryMethods[0]) != "dns/txt" {
-				return nil, errQueryMethodNotsupported
-			}
-		case "t":
-			ts, err := strconv.ParseInt(data, 10, 64)
-			if err != nil {
-				return nil, err
-			}
-			dkh.SignatureTimestamp = time.Unix(ts, 0)
-
-		case "x":
-			ts, err := strconv.ParseInt(data, 10, 64)
-			if err != nil {
-				return nil, err
-			}
-			dkh.SignatureExpiration = time.Unix(ts, 0)
-		case "z":
-			dkh.CopiedHeaderFields = strings.Split(data, "|")
-		}
-	}
-
-	// All mandatory flags are in ?
-	for _, p := range mandatoryFlags {
-		if !p {
-			return nil, ErrDkimHeaderMissingRequiredTag
-		}
-	}
-
-	// default for i/Auid
-	if dkh.Auid == "" {
-		dkh.Auid = "@" + dkh.Domain
-	}
-
-	// defaut for query method
-	if len(dkh.QueryMethods) == 0 {
-		dkh.QueryMethods = []string{"dns/text"}
-	}
-
-	return dkh, nil
-
-}
-
-// GetHeaderBase return base header for signers
-// Todo: some refactoring needed...
-func (d *DKIMHeader) getHeaderBaseForSigning(bodyHash string) string {
-	h := "DKIM-Signature: v=" + d.Version + "; a=" + d.Algorithm + "; q=" + strings.Join(d.QueryMethods, ":") + "; c=" + d.MessageCanonicalization + ";" + CRLF + TAB
-	subh := "s=" + d.Selector + ";"
-	if len(subh)+len(d.Domain)+4 > MaxHeaderLineLength {
-		h += subh + FWS
-		subh = ""
-	}
-	subh += " d=" + d.Domain + ";"
-
-	// Auid
-	if len(d.Auid) != 0 {
-		if len(subh)+len(d.Auid)+4 > MaxHeaderLineLength {
-			h += subh + FWS
-			subh = ""
-		}
-		subh += " i=" + d.Auid + ";"
-	}
-
-	/*h := "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tmail.io; i=@tmail.io;" + FWS
-	subh := "q=dns/txt; s=test;"*/
-
-	// signature timestamp
-	if !d.SignatureTimestamp.IsZero() {
-		ts := d.SignatureTimestamp.Unix()
-		if len(subh)+14 > MaxHeaderLineLength {
-			h += subh + FWS
-			subh = ""
-		}
-		subh += " t=" + fmt.Sprintf("%d", ts) + ";"
-	}
-	if len(subh)+len(d.Domain)+4 > MaxHeaderLineLength {
-		h += subh + FWS
-		subh = ""
-	}
-
-	// Expiration
-	if !d.SignatureExpiration.IsZero() {
-		ts := d.SignatureExpiration.Unix()
-		if len(subh)+14 > MaxHeaderLineLength {
-			h += subh + FWS
-			subh = ""
-		}
-		subh += " x=" + fmt.Sprintf("%d", ts) + ";"
-	}
-
-	// body length
-	if d.BodyLength != 0 {
-		bodyLengthStr := fmt.Sprintf("%d", d.BodyLength)
-		if len(subh)+len(bodyLengthStr)+4 > MaxHeaderLineLength {
-			h += subh + FWS
-			subh = ""
-		}
-		subh += " l=" + bodyLengthStr + ";"
-	}
-
-	// Headers
-	if len(subh)+len(d.Headers)+4 > MaxHeaderLineLength {
-		h += subh + FWS
-		subh = ""
-	}
-	subh += " h="
-	for _, header := range d.Headers {
-		if len(subh)+len(header)+1 > MaxHeaderLineLength {
-			h += subh + FWS
-			subh = ""
-		}
-		subh += header + ":"
-	}
-	subh = subh[:len(subh)-1] + ";"
-
-	// BodyHash
-	if len(subh)+5+len(bodyHash) > MaxHeaderLineLength {
-		h += subh + FWS
-		subh = ""
-	} else {
-		subh += " "
-	}
-	subh += "bh="
-	l := len(subh)
-	for _, c := range bodyHash {
-		subh += string(c)
-		l++
-		if l >= MaxHeaderLineLength {
-			h += subh + FWS
-			subh = ""
-			l = 0
-		}
-	}
-	h += subh + ";" + FWS + "b="
-	return h
-}
diff --git a/vendor/github.com/toorop/go-dkim/errors.go b/vendor/github.com/toorop/go-dkim/errors.go
deleted file mode 100644
index 80a99da3..00000000
--- a/vendor/github.com/toorop/go-dkim/errors.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package dkim
-
-import (
-	"errors"
-)
-
-var (
-	// ErrSignPrivateKeyRequired when there not private key in config
-	ErrSignPrivateKeyRequired = errors.New("PrivateKey is required")
-
-	// ErrSignDomainRequired when there is no domain defined in config
-	ErrSignDomainRequired = errors.New("Domain is required")
-
-	// ErrSignSelectorRequired when there is no Selcteir defined in config
-	ErrSignSelectorRequired = errors.New("Selector is required")
-
-	// ErrSignHeaderShouldContainsFrom If Headers is specified it should at least contain 'from'
-	ErrSignHeaderShouldContainsFrom = errors.New("header must contains 'from' field")
-
-	// ErrSignBadCanonicalization If bad Canonicalization parameter
-	ErrSignBadCanonicalization = errors.New("bad Canonicalization parameter")
-
-	// ErrCandNotParsePrivateKey when unable to parse private key
-	ErrCandNotParsePrivateKey = errors.New("can not parse private key, check format (pem) and validity")
-
-	// ErrSignBadAlgo Bad algorithm
-	ErrSignBadAlgo = errors.New("bad algorithm. Only rsa-sha1 or rsa-sha256 are permitted")
-
-	// ErrBadMailFormat unable to parse mail
-	ErrBadMailFormat = errors.New("bad mail format")
-
-	// ErrBadMailFormatHeaders bad headers format (not DKIM Header)
-	ErrBadMailFormatHeaders = errors.New("bad mail format found in headers")
-
-	// ErrBadDKimTagLBodyTooShort bad l tag
-	ErrBadDKimTagLBodyTooShort = errors.New("bad tag l or bodyLength option. Body length < l value")
-
-	// ErrDkimHeaderBadFormat when errors found in DKIM header
-	ErrDkimHeaderBadFormat = errors.New("bad DKIM header format")
-
-	// ErrDkimHeaderNotFound when there's no DKIM-Signature header in an email we have to verify
-	ErrDkimHeaderNotFound = errors.New("no DKIM-Signature header field found ")
-
-	// ErrDkimHeaderBTagNotFound when there's no b tag
-	ErrDkimHeaderBTagNotFound = errors.New("no tag 'b' found in dkim header")
-
-	// ErrDkimHeaderNoFromInHTag when from is missing in h tag
-	ErrDkimHeaderNoFromInHTag = errors.New("'from' header is missing in h tag")
-
-	// ErrDkimHeaderMissingRequiredTag when a required tag is missing
-	ErrDkimHeaderMissingRequiredTag = errors.New("signature missing required tag")
-
-	// ErrDkimHeaderDomainMismatch if i tag is not a sub domain of d tag
-	ErrDkimHeaderDomainMismatch = errors.New("domain mismatch")
-
-	// ErrDkimVersionNotsupported version not supported
-	ErrDkimVersionNotsupported = errors.New("incompatible version")
-
-	// Query method unsupported
-	errQueryMethodNotsupported = errors.New("query method not supported")
-
-	// ErrVerifyBodyHash when body hash doesn't verify
-	ErrVerifyBodyHash = errors.New("body hash did not verify")
-
-	// ErrVerifyNoKeyForSignature no key
-	ErrVerifyNoKeyForSignature = errors.New("no key for verify")
-
-	// ErrVerifyKeyUnavailable when service (dns) is anavailable
-	ErrVerifyKeyUnavailable = errors.New("key unavailable")
-
-	// ErrVerifyTagVMustBeTheFirst if present the v tag must be the firts in the record
-	ErrVerifyTagVMustBeTheFirst = errors.New("pub key syntax error: v tag must be the first")
-
-	// ErrVerifyVersionMusBeDkim1 if présent flag v (version) must be DKIM1
-	ErrVerifyVersionMusBeDkim1 = errors.New("flag v must be set to DKIM1")
-
-	// ErrVerifyBadKeyType bad type for pub key (only rsa is accepted)
-	ErrVerifyBadKeyType = errors.New("bad type for key type")
-
-	// ErrVerifyRevokedKey key(s) for this selector is revoked (p is empty)
-	ErrVerifyRevokedKey = errors.New("revoked key")
-
-	// ErrVerifyBadKey when we can't parse pubkey
-	ErrVerifyBadKey = errors.New("unable to parse pub key")
-
-	// ErrVerifyNoKey when no key is found on DNS record
-	ErrVerifyNoKey = errors.New("no public key found in DNS TXT")
-
-	// ErrVerifySignatureHasExpired when signature has expired
-	ErrVerifySignatureHasExpired = errors.New("signature has expired")
-
-	// ErrVerifyInappropriateHashAlgo when h tag in pub key doesn't contain hash algo from a tag of DKIM header
-	ErrVerifyInappropriateHashAlgo = errors.New("inappropriate has algorithm")
-)
diff --git a/vendor/github.com/toorop/go-dkim/pubKeyRep.go b/vendor/github.com/toorop/go-dkim/pubKeyRep.go
deleted file mode 100644
index 7a3ecf6f..00000000
--- a/vendor/github.com/toorop/go-dkim/pubKeyRep.go
+++ /dev/null
@@ -1,181 +0,0 @@
-package dkim
-
-import (
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/base64"
-	"io/ioutil"
-	"mime/quotedprintable"
-	"net"
-	"strings"
-)
-
-// PubKeyRep represents a parsed version of public key record
-type PubKeyRep struct {
-	Version      string
-	HashAlgo     []string
-	KeyType      string
-	Note         string
-	PubKey       rsa.PublicKey
-	ServiceType  []string
-	FlagTesting  bool // flag y
-	FlagIMustBeD bool // flag i
-}
-
-// DNSOptions holds settings for looking up DNS records
-type DNSOptions struct {
-	netLookupTXT func(name string) ([]string, error)
-}
-
-// DNSOpt represents an optional setting for looking up DNS records
-type DNSOpt interface {
-	apply(*DNSOptions)
-}
-
-type dnsOpt func(*DNSOptions)
-
-func (opt dnsOpt) apply(dnsOpts *DNSOptions) {
-	opt(dnsOpts)
-}
-
-// DNSOptLookupTXT sets the function to use to lookup TXT records.
-//
-// This should probably only be used in tests.
-func DNSOptLookupTXT(netLookupTXT func(name string) ([]string, error)) DNSOpt {
-	return dnsOpt(func(opts *DNSOptions) {
-		opts.netLookupTXT = netLookupTXT
-	})
-}
-
-// NewPubKeyRespFromDNS retrieves the TXT record from DNS based on the specified domain and selector
-// and parses it.
-func NewPubKeyRespFromDNS(selector, domain string, opts ...DNSOpt) (*PubKeyRep, verifyOutput, error) {
-	dnsOpts := DNSOptions{}
-
-	for _, opt := range opts {
-		opt.apply(&dnsOpts)
-	}
-
-	if dnsOpts.netLookupTXT == nil {
-		dnsOpts.netLookupTXT = net.LookupTXT
-	}
-
-	txt, err := dnsOpts.netLookupTXT(selector + "._domainkey." + domain)
-	if err != nil {
-		if strings.HasSuffix(err.Error(), "no such host") {
-			return nil, PERMFAIL, ErrVerifyNoKeyForSignature
-		}
-
-		return nil, TEMPFAIL, ErrVerifyKeyUnavailable
-	}
-
-	// empty record
-	if len(txt) == 0 {
-		return nil, PERMFAIL, ErrVerifyNoKeyForSignature
-	}
-
-	// parsing, we keep the first record
-	// TODO: if there is multiple record
-
-	return NewPubKeyResp(txt[0])
-}
-
-// NewPubKeyResp parses DKIM record (usually from DNS)
-func NewPubKeyResp(dkimRecord string) (*PubKeyRep, verifyOutput, error) {
-	pkr := new(PubKeyRep)
-	pkr.Version = "DKIM1"
-	pkr.HashAlgo = []string{"sha1", "sha256"}
-	pkr.KeyType = "rsa"
-	pkr.FlagTesting = false
-	pkr.FlagIMustBeD = false
-
-	p := strings.Split(dkimRecord, ";")
-	for i, data := range p {
-		keyVal := strings.SplitN(data, "=", 2)
-		val := ""
-		if len(keyVal) > 1 {
-			val = strings.TrimSpace(keyVal[1])
-		}
-		switch strings.ToLower(strings.TrimSpace(keyVal[0])) {
-		case "v":
-			// RFC: is this tag is specified it MUST be the first in the record
-			if i != 0 {
-				return nil, PERMFAIL, ErrVerifyTagVMustBeTheFirst
-			}
-			pkr.Version = val
-			if pkr.Version != "DKIM1" {
-				return nil, PERMFAIL, ErrVerifyVersionMusBeDkim1
-			}
-		case "h":
-			p := strings.Split(strings.ToLower(val), ":")
-			pkr.HashAlgo = []string{}
-			for _, h := range p {
-				h = strings.TrimSpace(h)
-				if h == "sha1" || h == "sha256" {
-					pkr.HashAlgo = append(pkr.HashAlgo, h)
-				}
-			}
-			// if empty switch back to default
-			if len(pkr.HashAlgo) == 0 {
-				pkr.HashAlgo = []string{"sha1", "sha256"}
-			}
-		case "k":
-			if strings.ToLower(val) != "rsa" {
-				return nil, PERMFAIL, ErrVerifyBadKeyType
-			}
-		case "n":
-			qp, err := ioutil.ReadAll(quotedprintable.NewReader(strings.NewReader(val)))
-			if err == nil {
-				val = string(qp)
-			}
-			pkr.Note = val
-		case "p":
-			rawkey := val
-			if rawkey == "" {
-				return nil, PERMFAIL, ErrVerifyRevokedKey
-			}
-			un64, err := base64.StdEncoding.DecodeString(rawkey)
-			if err != nil {
-				return nil, PERMFAIL, ErrVerifyBadKey
-			}
-			pk, err := x509.ParsePKIXPublicKey(un64)
-			if pk, ok := pk.(*rsa.PublicKey); ok {
-				pkr.PubKey = *pk
-			}
-		case "s":
-			t := strings.Split(strings.ToLower(val), ":")
-			for _, tt := range t {
-				tt = strings.TrimSpace(tt)
-				switch tt {
-				case "*":
-					pkr.ServiceType = append(pkr.ServiceType, "all")
-				case "email":
-					pkr.ServiceType = append(pkr.ServiceType, tt)
-				}
-			}
-		case "t":
-			flags := strings.Split(strings.ToLower(val), ":")
-			for _, flag := range flags {
-				flag = strings.TrimSpace(flag)
-				switch flag {
-				case "y":
-					pkr.FlagTesting = true
-				case "s":
-					pkr.FlagIMustBeD = true
-				}
-			}
-		}
-	}
-
-	// if no pubkey
-	if pkr.PubKey == (rsa.PublicKey{}) {
-		return nil, PERMFAIL, ErrVerifyNoKey
-	}
-
-	// No service type
-	if len(pkr.ServiceType) == 0 {
-		pkr.ServiceType = []string{"all"}
-	}
-
-	return pkr, SUCCESS, nil
-}
diff --git a/vendor/github.com/toorop/go-dkim/watch b/vendor/github.com/toorop/go-dkim/watch
deleted file mode 100644
index 82b58445..00000000
--- a/vendor/github.com/toorop/go-dkim/watch
+++ /dev/null
@@ -1,4 +0,0 @@
-while true
-do 
-inotifywait -q -r -e modify,attrib,close_write,move,create,delete . && echo "--------------" && go test -v
-done
\ No newline at end of file
diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE
index 6a66aea5..2a7cf70d 100644
--- a/vendor/golang.org/x/crypto/LICENSE
+++ b/vendor/golang.org/x/crypto/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google Inc. nor the names of its
+   * Neither the name of Google LLC nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 
diff --git a/vendor/golang.org/x/crypto/bcrypt/bcrypt.go b/vendor/golang.org/x/crypto/bcrypt/bcrypt.go
index 5577c0f9..dc931187 100644
--- a/vendor/golang.org/x/crypto/bcrypt/bcrypt.go
+++ b/vendor/golang.org/x/crypto/bcrypt/bcrypt.go
@@ -4,7 +4,7 @@
 
 // Package bcrypt implements Provos and Mazières's bcrypt adaptive hashing
 // algorithm. See http://www.usenix.org/event/usenix99/provos/provos.pdf
-package bcrypt // import "golang.org/x/crypto/bcrypt"
+package bcrypt
 
 // The code is a port of Provos and Mazières's C implementation.
 import (
diff --git a/vendor/golang.org/x/crypto/blowfish/cipher.go b/vendor/golang.org/x/crypto/blowfish/cipher.go
index 213bf204..08989568 100644
--- a/vendor/golang.org/x/crypto/blowfish/cipher.go
+++ b/vendor/golang.org/x/crypto/blowfish/cipher.go
@@ -11,7 +11,7 @@
 // Deprecated: any new system should use AES (from crypto/aes, if necessary in
 // an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
 // golang.org/x/crypto/chacha20poly1305).
-package blowfish // import "golang.org/x/crypto/blowfish"
+package blowfish
 
 // The code is a port of Bruce Schneier's C implementation.
 // See https://www.schneier.com/blowfish.html.
diff --git a/vendor/golang.org/x/crypto/ed25519/ed25519.go b/vendor/golang.org/x/crypto/ed25519/ed25519.go
new file mode 100644
index 00000000..59b3a95a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ed25519/ed25519.go
@@ -0,0 +1,69 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package ed25519 implements the Ed25519 signature algorithm. See
+// https://ed25519.cr.yp.to/.
+//
+// These functions are also compatible with the “Ed25519” function defined in
+// RFC 8032. However, unlike RFC 8032's formulation, this package's private key
+// representation includes a public key suffix to make multiple signing
+// operations with the same key more efficient. This package refers to the RFC
+// 8032 private key as the “seed”.
+//
+// This package is a wrapper around the standard library crypto/ed25519 package.
+package ed25519
+
+import (
+	"crypto/ed25519"
+	"io"
+)
+
+const (
+	// PublicKeySize is the size, in bytes, of public keys as used in this package.
+	PublicKeySize = 32
+	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
+	PrivateKeySize = 64
+	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
+	SignatureSize = 64
+	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
+	SeedSize = 32
+)
+
+// PublicKey is the type of Ed25519 public keys.
+//
+// This type is an alias for crypto/ed25519's PublicKey type.
+// See the crypto/ed25519 package for the methods on this type.
+type PublicKey = ed25519.PublicKey
+
+// PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
+//
+// This type is an alias for crypto/ed25519's PrivateKey type.
+// See the crypto/ed25519 package for the methods on this type.
+type PrivateKey = ed25519.PrivateKey
+
+// GenerateKey generates a public/private key pair using entropy from rand.
+// If rand is nil, crypto/rand.Reader will be used.
+func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
+	return ed25519.GenerateKey(rand)
+}
+
+// NewKeyFromSeed calculates a private key from a seed. It will panic if
+// len(seed) is not SeedSize. This function is provided for interoperability
+// with RFC 8032. RFC 8032's private keys correspond to seeds in this
+// package.
+func NewKeyFromSeed(seed []byte) PrivateKey {
+	return ed25519.NewKeyFromSeed(seed)
+}
+
+// Sign signs the message with privateKey and returns a signature. It will
+// panic if len(privateKey) is not PrivateKeySize.
+func Sign(privateKey PrivateKey, message []byte) []byte {
+	return ed25519.Sign(privateKey, message)
+}
+
+// Verify reports whether sig is a valid signature of message by publicKey. It
+// will panic if len(publicKey) is not PublicKeySize.
+func Verify(publicKey PublicKey, message, sig []byte) bool {
+	return ed25519.Verify(publicKey, message, sig)
+}
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
new file mode 100644
index 00000000..3bee6629
--- /dev/null
+++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go
@@ -0,0 +1,95 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation
+// Function (HKDF) as defined in RFC 5869.
+//
+// HKDF is a cryptographic key derivation function (KDF) with the goal of
+// expanding limited input keying material into one or more cryptographically
+// strong secret keys.
+package hkdf
+
+import (
+	"crypto/hmac"
+	"errors"
+	"hash"
+	"io"
+)
+
+// Extract generates a pseudorandom key for use with Expand from an input secret
+// and an optional independent salt.
+//
+// Only use this function if you need to reuse the extracted key with multiple
+// Expand invocations and different context values. Most common scenarios,
+// including the generation of multiple keys, should use New instead.
+func Extract(hash func() hash.Hash, secret, salt []byte) []byte {
+	if salt == nil {
+		salt = make([]byte, hash().Size())
+	}
+	extractor := hmac.New(hash, salt)
+	extractor.Write(secret)
+	return extractor.Sum(nil)
+}
+
+type hkdf struct {
+	expander hash.Hash
+	size     int
+
+	info    []byte
+	counter byte
+
+	prev []byte
+	buf  []byte
+}
+
+func (f *hkdf) Read(p []byte) (int, error) {
+	// Check whether enough data can be generated
+	need := len(p)
+	remains := len(f.buf) + int(255-f.counter+1)*f.size
+	if remains < need {
+		return 0, errors.New("hkdf: entropy limit reached")
+	}
+	// Read any leftover from the buffer
+	n := copy(p, f.buf)
+	p = p[n:]
+
+	// Fill the rest of the buffer
+	for len(p) > 0 {
+		if f.counter > 1 {
+			f.expander.Reset()
+		}
+		f.expander.Write(f.prev)
+		f.expander.Write(f.info)
+		f.expander.Write([]byte{f.counter})
+		f.prev = f.expander.Sum(f.prev[:0])
+		f.counter++
+
+		// Copy the new batch into p
+		f.buf = f.prev
+		n = copy(p, f.buf)
+		p = p[n:]
+	}
+	// Save leftovers for next run
+	f.buf = f.buf[n:]
+
+	return need, nil
+}
+
+// Expand returns a Reader, from which keys can be read, using the given
+// pseudorandom key and optional context info, skipping the extraction step.
+//
+// The pseudorandomKey should have been generated by Extract, or be a uniformly
+// random or pseudorandom cryptographically strong key. See RFC 5869, Section
+// 3.3. Most common scenarios will want to use New instead.
+func Expand(hash func() hash.Hash, pseudorandomKey, info []byte) io.Reader {
+	expander := hmac.New(hash, pseudorandomKey)
+	return &hkdf{expander, expander.Size(), info, 1, nil, nil}
+}
+
+// New returns a Reader, from which keys can be read, using the given hash,
+// secret, salt and context info. Salt and info can be nil.
+func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
+	prk := Extract(hash, secret, salt)
+	return Expand(hash, prk, info)
+}
diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
index 904b57e0..28cd99c7 100644
--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
+++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
@@ -16,7 +16,7 @@ Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. To
 choose, you can pass the `New` functions from the different SHA packages to
 pbkdf2.Key.
 */
-package pbkdf2 // import "golang.org/x/crypto/pbkdf2"
+package pbkdf2
 
 import (
 	"crypto/hmac"
diff --git a/vendor/golang.org/x/crypto/sha3/doc.go b/vendor/golang.org/x/crypto/sha3/doc.go
deleted file mode 100644
index decd8cf9..00000000
--- a/vendor/golang.org/x/crypto/sha3/doc.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package sha3 implements the SHA-3 fixed-output-length hash functions and
-// the SHAKE variable-output-length hash functions defined by FIPS-202.
-//
-// Both types of hash function use the "sponge" construction and the Keccak
-// permutation. For a detailed specification see http://keccak.noekeon.org/
-//
-// # Guidance
-//
-// If you aren't sure what function you need, use SHAKE256 with at least 64
-// bytes of output. The SHAKE instances are faster than the SHA3 instances;
-// the latter have to allocate memory to conform to the hash.Hash interface.
-//
-// If you need a secret-key MAC (message authentication code), prepend the
-// secret key to the input, hash with SHAKE256 and read at least 32 bytes of
-// output.
-//
-// # Security strengths
-//
-// The SHA3-x (x equals 224, 256, 384, or 512) functions have a security
-// strength against preimage attacks of x bits. Since they only produce "x"
-// bits of output, their collision-resistance is only "x/2" bits.
-//
-// The SHAKE-256 and -128 functions have a generic security strength of 256 and
-// 128 bits against all attacks, provided that at least 2x bits of their output
-// is used.  Requesting more than 64 or 32 bytes of output, respectively, does
-// not increase the collision-resistance of the SHAKE functions.
-//
-// # The sponge construction
-//
-// A sponge builds a pseudo-random function from a public pseudo-random
-// permutation, by applying the permutation to a state of "rate + capacity"
-// bytes, but hiding "capacity" of the bytes.
-//
-// A sponge starts out with a zero state. To hash an input using a sponge, up
-// to "rate" bytes of the input are XORed into the sponge's state. The sponge
-// is then "full" and the permutation is applied to "empty" it. This process is
-// repeated until all the input has been "absorbed". The input is then padded.
-// The digest is "squeezed" from the sponge in the same way, except that output
-// is copied out instead of input being XORed in.
-//
-// A sponge is parameterized by its generic security strength, which is equal
-// to half its capacity; capacity + rate is equal to the permutation's width.
-// Since the KeccakF-1600 permutation is 1600 bits (200 bytes) wide, this means
-// that the security strength of a sponge instance is equal to (1600 - bitrate) / 2.
-//
-// # Recommendations
-//
-// The SHAKE functions are recommended for most new uses. They can produce
-// output of arbitrary length. SHAKE256, with an output length of at least
-// 64 bytes, provides 256-bit security against all attacks.  The Keccak team
-// recommends it for most applications upgrading from SHA2-512. (NIST chose a
-// much stronger, but much slower, sponge instance for SHA3-512.)
-//
-// The SHA-3 functions are "drop-in" replacements for the SHA-2 functions.
-// They produce output of the same length, with the same security strengths
-// against all attacks. This means, in particular, that SHA3-256 only has
-// 128-bit collision resistance, because its output length is 32 bytes.
-package sha3 // import "golang.org/x/crypto/sha3"
diff --git a/vendor/golang.org/x/crypto/sha3/hashes.go b/vendor/golang.org/x/crypto/sha3/hashes.go
deleted file mode 100644
index 0d8043fd..00000000
--- a/vendor/golang.org/x/crypto/sha3/hashes.go
+++ /dev/null
@@ -1,97 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package sha3
-
-// This file provides functions for creating instances of the SHA-3
-// and SHAKE hash functions, as well as utility functions for hashing
-// bytes.
-
-import (
-	"hash"
-)
-
-// New224 creates a new SHA3-224 hash.
-// Its generic security strength is 224 bits against preimage attacks,
-// and 112 bits against collision attacks.
-func New224() hash.Hash {
-	if h := new224Asm(); h != nil {
-		return h
-	}
-	return &state{rate: 144, outputLen: 28, dsbyte: 0x06}
-}
-
-// New256 creates a new SHA3-256 hash.
-// Its generic security strength is 256 bits against preimage attacks,
-// and 128 bits against collision attacks.
-func New256() hash.Hash {
-	if h := new256Asm(); h != nil {
-		return h
-	}
-	return &state{rate: 136, outputLen: 32, dsbyte: 0x06}
-}
-
-// New384 creates a new SHA3-384 hash.
-// Its generic security strength is 384 bits against preimage attacks,
-// and 192 bits against collision attacks.
-func New384() hash.Hash {
-	if h := new384Asm(); h != nil {
-		return h
-	}
-	return &state{rate: 104, outputLen: 48, dsbyte: 0x06}
-}
-
-// New512 creates a new SHA3-512 hash.
-// Its generic security strength is 512 bits against preimage attacks,
-// and 256 bits against collision attacks.
-func New512() hash.Hash {
-	if h := new512Asm(); h != nil {
-		return h
-	}
-	return &state{rate: 72, outputLen: 64, dsbyte: 0x06}
-}
-
-// NewLegacyKeccak256 creates a new Keccak-256 hash.
-//
-// Only use this function if you require compatibility with an existing cryptosystem
-// that uses non-standard padding. All other users should use New256 instead.
-func NewLegacyKeccak256() hash.Hash { return &state{rate: 136, outputLen: 32, dsbyte: 0x01} }
-
-// NewLegacyKeccak512 creates a new Keccak-512 hash.
-//
-// Only use this function if you require compatibility with an existing cryptosystem
-// that uses non-standard padding. All other users should use New512 instead.
-func NewLegacyKeccak512() hash.Hash { return &state{rate: 72, outputLen: 64, dsbyte: 0x01} }
-
-// Sum224 returns the SHA3-224 digest of the data.
-func Sum224(data []byte) (digest [28]byte) {
-	h := New224()
-	h.Write(data)
-	h.Sum(digest[:0])
-	return
-}
-
-// Sum256 returns the SHA3-256 digest of the data.
-func Sum256(data []byte) (digest [32]byte) {
-	h := New256()
-	h.Write(data)
-	h.Sum(digest[:0])
-	return
-}
-
-// Sum384 returns the SHA3-384 digest of the data.
-func Sum384(data []byte) (digest [48]byte) {
-	h := New384()
-	h.Write(data)
-	h.Sum(digest[:0])
-	return
-}
-
-// Sum512 returns the SHA3-512 digest of the data.
-func Sum512(data []byte) (digest [64]byte) {
-	h := New512()
-	h.Write(data)
-	h.Sum(digest[:0])
-	return
-}
diff --git a/vendor/golang.org/x/crypto/sha3/hashes_generic.go b/vendor/golang.org/x/crypto/sha3/hashes_generic.go
deleted file mode 100644
index fe8c8479..00000000
--- a/vendor/golang.org/x/crypto/sha3/hashes_generic.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !gc || purego || !s390x
-
-package sha3
-
-import (
-	"hash"
-)
-
-// new224Asm returns an assembly implementation of SHA3-224 if available,
-// otherwise it returns nil.
-func new224Asm() hash.Hash { return nil }
-
-// new256Asm returns an assembly implementation of SHA3-256 if available,
-// otherwise it returns nil.
-func new256Asm() hash.Hash { return nil }
-
-// new384Asm returns an assembly implementation of SHA3-384 if available,
-// otherwise it returns nil.
-func new384Asm() hash.Hash { return nil }
-
-// new512Asm returns an assembly implementation of SHA3-512 if available,
-// otherwise it returns nil.
-func new512Asm() hash.Hash { return nil }
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf.go b/vendor/golang.org/x/crypto/sha3/keccakf.go
deleted file mode 100644
index ce48b1dd..00000000
--- a/vendor/golang.org/x/crypto/sha3/keccakf.go
+++ /dev/null
@@ -1,414 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !amd64 || purego || !gc
-
-package sha3
-
-import "math/bits"
-
-// rc stores the round constants for use in the ι step.
-var rc = [24]uint64{
-	0x0000000000000001,
-	0x0000000000008082,
-	0x800000000000808A,
-	0x8000000080008000,
-	0x000000000000808B,
-	0x0000000080000001,
-	0x8000000080008081,
-	0x8000000000008009,
-	0x000000000000008A,
-	0x0000000000000088,
-	0x0000000080008009,
-	0x000000008000000A,
-	0x000000008000808B,
-	0x800000000000008B,
-	0x8000000000008089,
-	0x8000000000008003,
-	0x8000000000008002,
-	0x8000000000000080,
-	0x000000000000800A,
-	0x800000008000000A,
-	0x8000000080008081,
-	0x8000000000008080,
-	0x0000000080000001,
-	0x8000000080008008,
-}
-
-// keccakF1600 applies the Keccak permutation to a 1600b-wide
-// state represented as a slice of 25 uint64s.
-func keccakF1600(a *[25]uint64) {
-	// Implementation translated from Keccak-inplace.c
-	// in the keccak reference code.
-	var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
-
-	for i := 0; i < 24; i += 4 {
-		// Combines the 5 steps in each round into 2 steps.
-		// Unrolls 4 rounds per loop and spreads some steps across rounds.
-
-		// Round 1
-		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
-		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
-		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
-		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
-		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
-		d0 = bc4 ^ (bc1<<1 | bc1>>63)
-		d1 = bc0 ^ (bc2<<1 | bc2>>63)
-		d2 = bc1 ^ (bc3<<1 | bc3>>63)
-		d3 = bc2 ^ (bc4<<1 | bc4>>63)
-		d4 = bc3 ^ (bc0<<1 | bc0>>63)
-
-		bc0 = a[0] ^ d0
-		t = a[6] ^ d1
-		bc1 = bits.RotateLeft64(t, 44)
-		t = a[12] ^ d2
-		bc2 = bits.RotateLeft64(t, 43)
-		t = a[18] ^ d3
-		bc3 = bits.RotateLeft64(t, 21)
-		t = a[24] ^ d4
-		bc4 = bits.RotateLeft64(t, 14)
-		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
-		a[6] = bc1 ^ (bc3 &^ bc2)
-		a[12] = bc2 ^ (bc4 &^ bc3)
-		a[18] = bc3 ^ (bc0 &^ bc4)
-		a[24] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[10] ^ d0
-		bc2 = bits.RotateLeft64(t, 3)
-		t = a[16] ^ d1
-		bc3 = bits.RotateLeft64(t, 45)
-		t = a[22] ^ d2
-		bc4 = bits.RotateLeft64(t, 61)
-		t = a[3] ^ d3
-		bc0 = bits.RotateLeft64(t, 28)
-		t = a[9] ^ d4
-		bc1 = bits.RotateLeft64(t, 20)
-		a[10] = bc0 ^ (bc2 &^ bc1)
-		a[16] = bc1 ^ (bc3 &^ bc2)
-		a[22] = bc2 ^ (bc4 &^ bc3)
-		a[3] = bc3 ^ (bc0 &^ bc4)
-		a[9] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[20] ^ d0
-		bc4 = bits.RotateLeft64(t, 18)
-		t = a[1] ^ d1
-		bc0 = bits.RotateLeft64(t, 1)
-		t = a[7] ^ d2
-		bc1 = bits.RotateLeft64(t, 6)
-		t = a[13] ^ d3
-		bc2 = bits.RotateLeft64(t, 25)
-		t = a[19] ^ d4
-		bc3 = bits.RotateLeft64(t, 8)
-		a[20] = bc0 ^ (bc2 &^ bc1)
-		a[1] = bc1 ^ (bc3 &^ bc2)
-		a[7] = bc2 ^ (bc4 &^ bc3)
-		a[13] = bc3 ^ (bc0 &^ bc4)
-		a[19] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[5] ^ d0
-		bc1 = bits.RotateLeft64(t, 36)
-		t = a[11] ^ d1
-		bc2 = bits.RotateLeft64(t, 10)
-		t = a[17] ^ d2
-		bc3 = bits.RotateLeft64(t, 15)
-		t = a[23] ^ d3
-		bc4 = bits.RotateLeft64(t, 56)
-		t = a[4] ^ d4
-		bc0 = bits.RotateLeft64(t, 27)
-		a[5] = bc0 ^ (bc2 &^ bc1)
-		a[11] = bc1 ^ (bc3 &^ bc2)
-		a[17] = bc2 ^ (bc4 &^ bc3)
-		a[23] = bc3 ^ (bc0 &^ bc4)
-		a[4] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[15] ^ d0
-		bc3 = bits.RotateLeft64(t, 41)
-		t = a[21] ^ d1
-		bc4 = bits.RotateLeft64(t, 2)
-		t = a[2] ^ d2
-		bc0 = bits.RotateLeft64(t, 62)
-		t = a[8] ^ d3
-		bc1 = bits.RotateLeft64(t, 55)
-		t = a[14] ^ d4
-		bc2 = bits.RotateLeft64(t, 39)
-		a[15] = bc0 ^ (bc2 &^ bc1)
-		a[21] = bc1 ^ (bc3 &^ bc2)
-		a[2] = bc2 ^ (bc4 &^ bc3)
-		a[8] = bc3 ^ (bc0 &^ bc4)
-		a[14] = bc4 ^ (bc1 &^ bc0)
-
-		// Round 2
-		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
-		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
-		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
-		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
-		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
-		d0 = bc4 ^ (bc1<<1 | bc1>>63)
-		d1 = bc0 ^ (bc2<<1 | bc2>>63)
-		d2 = bc1 ^ (bc3<<1 | bc3>>63)
-		d3 = bc2 ^ (bc4<<1 | bc4>>63)
-		d4 = bc3 ^ (bc0<<1 | bc0>>63)
-
-		bc0 = a[0] ^ d0
-		t = a[16] ^ d1
-		bc1 = bits.RotateLeft64(t, 44)
-		t = a[7] ^ d2
-		bc2 = bits.RotateLeft64(t, 43)
-		t = a[23] ^ d3
-		bc3 = bits.RotateLeft64(t, 21)
-		t = a[14] ^ d4
-		bc4 = bits.RotateLeft64(t, 14)
-		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
-		a[16] = bc1 ^ (bc3 &^ bc2)
-		a[7] = bc2 ^ (bc4 &^ bc3)
-		a[23] = bc3 ^ (bc0 &^ bc4)
-		a[14] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[20] ^ d0
-		bc2 = bits.RotateLeft64(t, 3)
-		t = a[11] ^ d1
-		bc3 = bits.RotateLeft64(t, 45)
-		t = a[2] ^ d2
-		bc4 = bits.RotateLeft64(t, 61)
-		t = a[18] ^ d3
-		bc0 = bits.RotateLeft64(t, 28)
-		t = a[9] ^ d4
-		bc1 = bits.RotateLeft64(t, 20)
-		a[20] = bc0 ^ (bc2 &^ bc1)
-		a[11] = bc1 ^ (bc3 &^ bc2)
-		a[2] = bc2 ^ (bc4 &^ bc3)
-		a[18] = bc3 ^ (bc0 &^ bc4)
-		a[9] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[15] ^ d0
-		bc4 = bits.RotateLeft64(t, 18)
-		t = a[6] ^ d1
-		bc0 = bits.RotateLeft64(t, 1)
-		t = a[22] ^ d2
-		bc1 = bits.RotateLeft64(t, 6)
-		t = a[13] ^ d3
-		bc2 = bits.RotateLeft64(t, 25)
-		t = a[4] ^ d4
-		bc3 = bits.RotateLeft64(t, 8)
-		a[15] = bc0 ^ (bc2 &^ bc1)
-		a[6] = bc1 ^ (bc3 &^ bc2)
-		a[22] = bc2 ^ (bc4 &^ bc3)
-		a[13] = bc3 ^ (bc0 &^ bc4)
-		a[4] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[10] ^ d0
-		bc1 = bits.RotateLeft64(t, 36)
-		t = a[1] ^ d1
-		bc2 = bits.RotateLeft64(t, 10)
-		t = a[17] ^ d2
-		bc3 = bits.RotateLeft64(t, 15)
-		t = a[8] ^ d3
-		bc4 = bits.RotateLeft64(t, 56)
-		t = a[24] ^ d4
-		bc0 = bits.RotateLeft64(t, 27)
-		a[10] = bc0 ^ (bc2 &^ bc1)
-		a[1] = bc1 ^ (bc3 &^ bc2)
-		a[17] = bc2 ^ (bc4 &^ bc3)
-		a[8] = bc3 ^ (bc0 &^ bc4)
-		a[24] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[5] ^ d0
-		bc3 = bits.RotateLeft64(t, 41)
-		t = a[21] ^ d1
-		bc4 = bits.RotateLeft64(t, 2)
-		t = a[12] ^ d2
-		bc0 = bits.RotateLeft64(t, 62)
-		t = a[3] ^ d3
-		bc1 = bits.RotateLeft64(t, 55)
-		t = a[19] ^ d4
-		bc2 = bits.RotateLeft64(t, 39)
-		a[5] = bc0 ^ (bc2 &^ bc1)
-		a[21] = bc1 ^ (bc3 &^ bc2)
-		a[12] = bc2 ^ (bc4 &^ bc3)
-		a[3] = bc3 ^ (bc0 &^ bc4)
-		a[19] = bc4 ^ (bc1 &^ bc0)
-
-		// Round 3
-		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
-		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
-		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
-		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
-		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
-		d0 = bc4 ^ (bc1<<1 | bc1>>63)
-		d1 = bc0 ^ (bc2<<1 | bc2>>63)
-		d2 = bc1 ^ (bc3<<1 | bc3>>63)
-		d3 = bc2 ^ (bc4<<1 | bc4>>63)
-		d4 = bc3 ^ (bc0<<1 | bc0>>63)
-
-		bc0 = a[0] ^ d0
-		t = a[11] ^ d1
-		bc1 = bits.RotateLeft64(t, 44)
-		t = a[22] ^ d2
-		bc2 = bits.RotateLeft64(t, 43)
-		t = a[8] ^ d3
-		bc3 = bits.RotateLeft64(t, 21)
-		t = a[19] ^ d4
-		bc4 = bits.RotateLeft64(t, 14)
-		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
-		a[11] = bc1 ^ (bc3 &^ bc2)
-		a[22] = bc2 ^ (bc4 &^ bc3)
-		a[8] = bc3 ^ (bc0 &^ bc4)
-		a[19] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[15] ^ d0
-		bc2 = bits.RotateLeft64(t, 3)
-		t = a[1] ^ d1
-		bc3 = bits.RotateLeft64(t, 45)
-		t = a[12] ^ d2
-		bc4 = bits.RotateLeft64(t, 61)
-		t = a[23] ^ d3
-		bc0 = bits.RotateLeft64(t, 28)
-		t = a[9] ^ d4
-		bc1 = bits.RotateLeft64(t, 20)
-		a[15] = bc0 ^ (bc2 &^ bc1)
-		a[1] = bc1 ^ (bc3 &^ bc2)
-		a[12] = bc2 ^ (bc4 &^ bc3)
-		a[23] = bc3 ^ (bc0 &^ bc4)
-		a[9] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[5] ^ d0
-		bc4 = bits.RotateLeft64(t, 18)
-		t = a[16] ^ d1
-		bc0 = bits.RotateLeft64(t, 1)
-		t = a[2] ^ d2
-		bc1 = bits.RotateLeft64(t, 6)
-		t = a[13] ^ d3
-		bc2 = bits.RotateLeft64(t, 25)
-		t = a[24] ^ d4
-		bc3 = bits.RotateLeft64(t, 8)
-		a[5] = bc0 ^ (bc2 &^ bc1)
-		a[16] = bc1 ^ (bc3 &^ bc2)
-		a[2] = bc2 ^ (bc4 &^ bc3)
-		a[13] = bc3 ^ (bc0 &^ bc4)
-		a[24] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[20] ^ d0
-		bc1 = bits.RotateLeft64(t, 36)
-		t = a[6] ^ d1
-		bc2 = bits.RotateLeft64(t, 10)
-		t = a[17] ^ d2
-		bc3 = bits.RotateLeft64(t, 15)
-		t = a[3] ^ d3
-		bc4 = bits.RotateLeft64(t, 56)
-		t = a[14] ^ d4
-		bc0 = bits.RotateLeft64(t, 27)
-		a[20] = bc0 ^ (bc2 &^ bc1)
-		a[6] = bc1 ^ (bc3 &^ bc2)
-		a[17] = bc2 ^ (bc4 &^ bc3)
-		a[3] = bc3 ^ (bc0 &^ bc4)
-		a[14] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[10] ^ d0
-		bc3 = bits.RotateLeft64(t, 41)
-		t = a[21] ^ d1
-		bc4 = bits.RotateLeft64(t, 2)
-		t = a[7] ^ d2
-		bc0 = bits.RotateLeft64(t, 62)
-		t = a[18] ^ d3
-		bc1 = bits.RotateLeft64(t, 55)
-		t = a[4] ^ d4
-		bc2 = bits.RotateLeft64(t, 39)
-		a[10] = bc0 ^ (bc2 &^ bc1)
-		a[21] = bc1 ^ (bc3 &^ bc2)
-		a[7] = bc2 ^ (bc4 &^ bc3)
-		a[18] = bc3 ^ (bc0 &^ bc4)
-		a[4] = bc4 ^ (bc1 &^ bc0)
-
-		// Round 4
-		bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
-		bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
-		bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
-		bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
-		bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
-		d0 = bc4 ^ (bc1<<1 | bc1>>63)
-		d1 = bc0 ^ (bc2<<1 | bc2>>63)
-		d2 = bc1 ^ (bc3<<1 | bc3>>63)
-		d3 = bc2 ^ (bc4<<1 | bc4>>63)
-		d4 = bc3 ^ (bc0<<1 | bc0>>63)
-
-		bc0 = a[0] ^ d0
-		t = a[1] ^ d1
-		bc1 = bits.RotateLeft64(t, 44)
-		t = a[2] ^ d2
-		bc2 = bits.RotateLeft64(t, 43)
-		t = a[3] ^ d3
-		bc3 = bits.RotateLeft64(t, 21)
-		t = a[4] ^ d4
-		bc4 = bits.RotateLeft64(t, 14)
-		a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
-		a[1] = bc1 ^ (bc3 &^ bc2)
-		a[2] = bc2 ^ (bc4 &^ bc3)
-		a[3] = bc3 ^ (bc0 &^ bc4)
-		a[4] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[5] ^ d0
-		bc2 = bits.RotateLeft64(t, 3)
-		t = a[6] ^ d1
-		bc3 = bits.RotateLeft64(t, 45)
-		t = a[7] ^ d2
-		bc4 = bits.RotateLeft64(t, 61)
-		t = a[8] ^ d3
-		bc0 = bits.RotateLeft64(t, 28)
-		t = a[9] ^ d4
-		bc1 = bits.RotateLeft64(t, 20)
-		a[5] = bc0 ^ (bc2 &^ bc1)
-		a[6] = bc1 ^ (bc3 &^ bc2)
-		a[7] = bc2 ^ (bc4 &^ bc3)
-		a[8] = bc3 ^ (bc0 &^ bc4)
-		a[9] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[10] ^ d0
-		bc4 = bits.RotateLeft64(t, 18)
-		t = a[11] ^ d1
-		bc0 = bits.RotateLeft64(t, 1)
-		t = a[12] ^ d2
-		bc1 = bits.RotateLeft64(t, 6)
-		t = a[13] ^ d3
-		bc2 = bits.RotateLeft64(t, 25)
-		t = a[14] ^ d4
-		bc3 = bits.RotateLeft64(t, 8)
-		a[10] = bc0 ^ (bc2 &^ bc1)
-		a[11] = bc1 ^ (bc3 &^ bc2)
-		a[12] = bc2 ^ (bc4 &^ bc3)
-		a[13] = bc3 ^ (bc0 &^ bc4)
-		a[14] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[15] ^ d0
-		bc1 = bits.RotateLeft64(t, 36)
-		t = a[16] ^ d1
-		bc2 = bits.RotateLeft64(t, 10)
-		t = a[17] ^ d2
-		bc3 = bits.RotateLeft64(t, 15)
-		t = a[18] ^ d3
-		bc4 = bits.RotateLeft64(t, 56)
-		t = a[19] ^ d4
-		bc0 = bits.RotateLeft64(t, 27)
-		a[15] = bc0 ^ (bc2 &^ bc1)
-		a[16] = bc1 ^ (bc3 &^ bc2)
-		a[17] = bc2 ^ (bc4 &^ bc3)
-		a[18] = bc3 ^ (bc0 &^ bc4)
-		a[19] = bc4 ^ (bc1 &^ bc0)
-
-		t = a[20] ^ d0
-		bc3 = bits.RotateLeft64(t, 41)
-		t = a[21] ^ d1
-		bc4 = bits.RotateLeft64(t, 2)
-		t = a[22] ^ d2
-		bc0 = bits.RotateLeft64(t, 62)
-		t = a[23] ^ d3
-		bc1 = bits.RotateLeft64(t, 55)
-		t = a[24] ^ d4
-		bc2 = bits.RotateLeft64(t, 39)
-		a[20] = bc0 ^ (bc2 &^ bc1)
-		a[21] = bc1 ^ (bc3 &^ bc2)
-		a[22] = bc2 ^ (bc4 &^ bc3)
-		a[23] = bc3 ^ (bc0 &^ bc4)
-		a[24] = bc4 ^ (bc1 &^ bc0)
-	}
-}
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
deleted file mode 100644
index b908696b..00000000
--- a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build amd64 && !purego && gc
-
-package sha3
-
-// This function is implemented in keccakf_amd64.s.
-
-//go:noescape
-
-func keccakF1600(a *[25]uint64)
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
deleted file mode 100644
index 1f539388..00000000
--- a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
+++ /dev/null
@@ -1,390 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build amd64 && !purego && gc
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources at https://github.com/gvanas/KeccakCodePackage
-
-// Offsets in state
-#define _ba  (0*8)
-#define _be  (1*8)
-#define _bi  (2*8)
-#define _bo  (3*8)
-#define _bu  (4*8)
-#define _ga  (5*8)
-#define _ge  (6*8)
-#define _gi  (7*8)
-#define _go  (8*8)
-#define _gu  (9*8)
-#define _ka (10*8)
-#define _ke (11*8)
-#define _ki (12*8)
-#define _ko (13*8)
-#define _ku (14*8)
-#define _ma (15*8)
-#define _me (16*8)
-#define _mi (17*8)
-#define _mo (18*8)
-#define _mu (19*8)
-#define _sa (20*8)
-#define _se (21*8)
-#define _si (22*8)
-#define _so (23*8)
-#define _su (24*8)
-
-// Temporary registers
-#define rT1  AX
-
-// Round vars
-#define rpState DI
-#define rpStack SP
-
-#define rDa BX
-#define rDe CX
-#define rDi DX
-#define rDo R8
-#define rDu R9
-
-#define rBa R10
-#define rBe R11
-#define rBi R12
-#define rBo R13
-#define rBu R14
-
-#define rCa SI
-#define rCe BP
-#define rCi rBi
-#define rCo rBo
-#define rCu R15
-
-#define MOVQ_RBI_RCE MOVQ rBi, rCe
-#define XORQ_RT1_RCA XORQ rT1, rCa
-#define XORQ_RT1_RCE XORQ rT1, rCe
-#define XORQ_RBA_RCU XORQ rBa, rCu
-#define XORQ_RBE_RCU XORQ rBe, rCu
-#define XORQ_RDU_RCU XORQ rDu, rCu
-#define XORQ_RDA_RCA XORQ rDa, rCa
-#define XORQ_RDE_RCE XORQ rDe, rCe
-
-#define mKeccakRound(iState, oState, rc, B_RBI_RCE, G_RT1_RCA, G_RT1_RCE, G_RBA_RCU, K_RT1_RCA, K_RT1_RCE, K_RBA_RCU, M_RT1_RCA, M_RT1_RCE, M_RBE_RCU, S_RDU_RCU, S_RDA_RCA, S_RDE_RCE) \
-	/* Prepare round */    \
-	MOVQ rCe, rDa;         \
-	ROLQ $1, rDa;          \
-	                       \
-	MOVQ _bi(iState), rCi; \
-	XORQ _gi(iState), rDi; \
-	XORQ rCu, rDa;         \
-	XORQ _ki(iState), rCi; \
-	XORQ _mi(iState), rDi; \
-	XORQ rDi, rCi;         \
-	                       \
-	MOVQ rCi, rDe;         \
-	ROLQ $1, rDe;          \
-	                       \
-	MOVQ _bo(iState), rCo; \
-	XORQ _go(iState), rDo; \
-	XORQ rCa, rDe;         \
-	XORQ _ko(iState), rCo; \
-	XORQ _mo(iState), rDo; \
-	XORQ rDo, rCo;         \
-	                       \
-	MOVQ rCo, rDi;         \
-	ROLQ $1, rDi;          \
-	                       \
-	MOVQ rCu, rDo;         \
-	XORQ rCe, rDi;         \
-	ROLQ $1, rDo;          \
-	                       \
-	MOVQ rCa, rDu;         \
-	XORQ rCi, rDo;         \
-	ROLQ $1, rDu;          \
-	                       \
-	/* Result b */         \
-	MOVQ _ba(iState), rBa; \
-	MOVQ _ge(iState), rBe; \
-	XORQ rCo, rDu;         \
-	MOVQ _ki(iState), rBi; \
-	MOVQ _mo(iState), rBo; \
-	MOVQ _su(iState), rBu; \
-	XORQ rDe, rBe;         \
-	ROLQ $44, rBe;         \
-	XORQ rDi, rBi;         \
-	XORQ rDa, rBa;         \
-	ROLQ $43, rBi;         \
-	                       \
-	MOVQ rBe, rCa;         \
-	MOVQ rc, rT1;          \
-	ORQ  rBi, rCa;         \
-	XORQ rBa, rT1;         \
-	XORQ rT1, rCa;         \
-	MOVQ rCa, _ba(oState); \
-	                       \
-	XORQ rDu, rBu;         \
-	ROLQ $14, rBu;         \
-	MOVQ rBa, rCu;         \
-	ANDQ rBe, rCu;         \
-	XORQ rBu, rCu;         \
-	MOVQ rCu, _bu(oState); \
-	                       \
-	XORQ rDo, rBo;         \
-	ROLQ $21, rBo;         \
-	MOVQ rBo, rT1;         \
-	ANDQ rBu, rT1;         \
-	XORQ rBi, rT1;         \
-	MOVQ rT1, _bi(oState); \
-	                       \
-	NOTQ rBi;              \
-	ORQ  rBa, rBu;         \
-	ORQ  rBo, rBi;         \
-	XORQ rBo, rBu;         \
-	XORQ rBe, rBi;         \
-	MOVQ rBu, _bo(oState); \
-	MOVQ rBi, _be(oState); \
-	B_RBI_RCE;             \
-	                       \
-	/* Result g */         \
-	MOVQ _gu(iState), rBe; \
-	XORQ rDu, rBe;         \
-	MOVQ _ka(iState), rBi; \
-	ROLQ $20, rBe;         \
-	XORQ rDa, rBi;         \
-	ROLQ $3, rBi;          \
-	MOVQ _bo(iState), rBa; \
-	MOVQ rBe, rT1;         \
-	ORQ  rBi, rT1;         \
-	XORQ rDo, rBa;         \
-	MOVQ _me(iState), rBo; \
-	MOVQ _si(iState), rBu; \
-	ROLQ $28, rBa;         \
-	XORQ rBa, rT1;         \
-	MOVQ rT1, _ga(oState); \
-	G_RT1_RCA;             \
-	                       \
-	XORQ rDe, rBo;         \
-	ROLQ $45, rBo;         \
-	MOVQ rBi, rT1;         \
-	ANDQ rBo, rT1;         \
-	XORQ rBe, rT1;         \
-	MOVQ rT1, _ge(oState); \
-	G_RT1_RCE;             \
-	                       \
-	XORQ rDi, rBu;         \
-	ROLQ $61, rBu;         \
-	MOVQ rBu, rT1;         \
-	ORQ  rBa, rT1;         \
-	XORQ rBo, rT1;         \
-	MOVQ rT1, _go(oState); \
-	                       \
-	ANDQ rBe, rBa;         \
-	XORQ rBu, rBa;         \
-	MOVQ rBa, _gu(oState); \
-	NOTQ rBu;              \
-	G_RBA_RCU;             \
-	                       \
-	ORQ  rBu, rBo;         \
-	XORQ rBi, rBo;         \
-	MOVQ rBo, _gi(oState); \
-	                       \
-	/* Result k */         \
-	MOVQ _be(iState), rBa; \
-	MOVQ _gi(iState), rBe; \
-	MOVQ _ko(iState), rBi; \
-	MOVQ _mu(iState), rBo; \
-	MOVQ _sa(iState), rBu; \
-	XORQ rDi, rBe;         \
-	ROLQ $6, rBe;          \
-	XORQ rDo, rBi;         \
-	ROLQ $25, rBi;         \
-	MOVQ rBe, rT1;         \
-	ORQ  rBi, rT1;         \
-	XORQ rDe, rBa;         \
-	ROLQ $1, rBa;          \
-	XORQ rBa, rT1;         \
-	MOVQ rT1, _ka(oState); \
-	K_RT1_RCA;             \
-	                       \
-	XORQ rDu, rBo;         \
-	ROLQ $8, rBo;          \
-	MOVQ rBi, rT1;         \
-	ANDQ rBo, rT1;         \
-	XORQ rBe, rT1;         \
-	MOVQ rT1, _ke(oState); \
-	K_RT1_RCE;             \
-	                       \
-	XORQ rDa, rBu;         \
-	ROLQ $18, rBu;         \
-	NOTQ rBo;              \
-	MOVQ rBo, rT1;         \
-	ANDQ rBu, rT1;         \
-	XORQ rBi, rT1;         \
-	MOVQ rT1, _ki(oState); \
-	                       \
-	MOVQ rBu, rT1;         \
-	ORQ  rBa, rT1;         \
-	XORQ rBo, rT1;         \
-	MOVQ rT1, _ko(oState); \
-	                       \
-	ANDQ rBe, rBa;         \
-	XORQ rBu, rBa;         \
-	MOVQ rBa, _ku(oState); \
-	K_RBA_RCU;             \
-	                       \
-	/* Result m */         \
-	MOVQ _ga(iState), rBe; \
-	XORQ rDa, rBe;         \
-	MOVQ _ke(iState), rBi; \
-	ROLQ $36, rBe;         \
-	XORQ rDe, rBi;         \
-	MOVQ _bu(iState), rBa; \
-	ROLQ $10, rBi;         \
-	MOVQ rBe, rT1;         \
-	MOVQ _mi(iState), rBo; \
-	ANDQ rBi, rT1;         \
-	XORQ rDu, rBa;         \
-	MOVQ _so(iState), rBu; \
-	ROLQ $27, rBa;         \
-	XORQ rBa, rT1;         \
-	MOVQ rT1, _ma(oState); \
-	M_RT1_RCA;             \
-	                       \
-	XORQ rDi, rBo;         \
-	ROLQ $15, rBo;         \
-	MOVQ rBi, rT1;         \
-	ORQ  rBo, rT1;         \
-	XORQ rBe, rT1;         \
-	MOVQ rT1, _me(oState); \
-	M_RT1_RCE;             \
-	                       \
-	XORQ rDo, rBu;         \
-	ROLQ $56, rBu;         \
-	NOTQ rBo;              \
-	MOVQ rBo, rT1;         \
-	ORQ  rBu, rT1;         \
-	XORQ rBi, rT1;         \
-	MOVQ rT1, _mi(oState); \
-	                       \
-	ORQ  rBa, rBe;         \
-	XORQ rBu, rBe;         \
-	MOVQ rBe, _mu(oState); \
-	                       \
-	ANDQ rBa, rBu;         \
-	XORQ rBo, rBu;         \
-	MOVQ rBu, _mo(oState); \
-	M_RBE_RCU;             \
-	                       \
-	/* Result s */         \
-	MOVQ _bi(iState), rBa; \
-	MOVQ _go(iState), rBe; \
-	MOVQ _ku(iState), rBi; \
-	XORQ rDi, rBa;         \
-	MOVQ _ma(iState), rBo; \
-	ROLQ $62, rBa;         \
-	XORQ rDo, rBe;         \
-	MOVQ _se(iState), rBu; \
-	ROLQ $55, rBe;         \
-	                       \
-	XORQ rDu, rBi;         \
-	MOVQ rBa, rDu;         \
-	XORQ rDe, rBu;         \
-	ROLQ $2, rBu;          \
-	ANDQ rBe, rDu;         \
-	XORQ rBu, rDu;         \
-	MOVQ rDu, _su(oState); \
-	                       \
-	ROLQ $39, rBi;         \
-	S_RDU_RCU;             \
-	NOTQ rBe;              \
-	XORQ rDa, rBo;         \
-	MOVQ rBe, rDa;         \
-	ANDQ rBi, rDa;         \
-	XORQ rBa, rDa;         \
-	MOVQ rDa, _sa(oState); \
-	S_RDA_RCA;             \
-	                       \
-	ROLQ $41, rBo;         \
-	MOVQ rBi, rDe;         \
-	ORQ  rBo, rDe;         \
-	XORQ rBe, rDe;         \
-	MOVQ rDe, _se(oState); \
-	S_RDE_RCE;             \
-	                       \
-	MOVQ rBo, rDi;         \
-	MOVQ rBu, rDo;         \
-	ANDQ rBu, rDi;         \
-	ORQ  rBa, rDo;         \
-	XORQ rBi, rDi;         \
-	XORQ rBo, rDo;         \
-	MOVQ rDi, _si(oState); \
-	MOVQ rDo, _so(oState)  \
-
-// func keccakF1600(a *[25]uint64)
-TEXT ·keccakF1600(SB), 0, $200-8
-	MOVQ a+0(FP), rpState
-
-	// Convert the user state into an internal state
-	NOTQ _be(rpState)
-	NOTQ _bi(rpState)
-	NOTQ _go(rpState)
-	NOTQ _ki(rpState)
-	NOTQ _mi(rpState)
-	NOTQ _sa(rpState)
-
-	// Execute the KeccakF permutation
-	MOVQ _ba(rpState), rCa
-	MOVQ _be(rpState), rCe
-	MOVQ _bu(rpState), rCu
-
-	XORQ _ga(rpState), rCa
-	XORQ _ge(rpState), rCe
-	XORQ _gu(rpState), rCu
-
-	XORQ _ka(rpState), rCa
-	XORQ _ke(rpState), rCe
-	XORQ _ku(rpState), rCu
-
-	XORQ _ma(rpState), rCa
-	XORQ _me(rpState), rCe
-	XORQ _mu(rpState), rCu
-
-	XORQ _sa(rpState), rCa
-	XORQ _se(rpState), rCe
-	MOVQ _si(rpState), rDi
-	MOVQ _so(rpState), rDo
-	XORQ _su(rpState), rCu
-
-	mKeccakRound(rpState, rpStack, $0x0000000000000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x0000000000008082, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x800000000000808a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x8000000080008000, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x000000000000808b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x0000000080000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x8000000080008081, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x8000000000008009, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x000000000000008a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x0000000000000088, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x0000000080008009, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x000000008000000a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x000000008000808b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x800000000000008b, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x8000000000008089, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x8000000000008003, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x8000000000008002, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x8000000000000080, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x000000000000800a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x800000008000000a, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x8000000080008081, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x8000000000008080, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpState, rpStack, $0x0000000080000001, MOVQ_RBI_RCE, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBA_RCU, XORQ_RT1_RCA, XORQ_RT1_RCE, XORQ_RBE_RCU, XORQ_RDU_RCU, XORQ_RDA_RCA, XORQ_RDE_RCE)
-	mKeccakRound(rpStack, rpState, $0x8000000080008008, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP, NOP)
-
-	// Revert the internal state to the user state
-	NOTQ _be(rpState)
-	NOTQ _bi(rpState)
-	NOTQ _go(rpState)
-	NOTQ _ki(rpState)
-	NOTQ _mi(rpState)
-	NOTQ _sa(rpState)
-
-	RET
diff --git a/vendor/golang.org/x/crypto/sha3/register.go b/vendor/golang.org/x/crypto/sha3/register.go
deleted file mode 100644
index addfd504..00000000
--- a/vendor/golang.org/x/crypto/sha3/register.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.4
-
-package sha3
-
-import (
-	"crypto"
-)
-
-func init() {
-	crypto.RegisterHash(crypto.SHA3_224, New224)
-	crypto.RegisterHash(crypto.SHA3_256, New256)
-	crypto.RegisterHash(crypto.SHA3_384, New384)
-	crypto.RegisterHash(crypto.SHA3_512, New512)
-}
diff --git a/vendor/golang.org/x/crypto/sha3/sha3.go b/vendor/golang.org/x/crypto/sha3/sha3.go
deleted file mode 100644
index 4884d172..00000000
--- a/vendor/golang.org/x/crypto/sha3/sha3.go
+++ /dev/null
@@ -1,197 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package sha3
-
-// spongeDirection indicates the direction bytes are flowing through the sponge.
-type spongeDirection int
-
-const (
-	// spongeAbsorbing indicates that the sponge is absorbing input.
-	spongeAbsorbing spongeDirection = iota
-	// spongeSqueezing indicates that the sponge is being squeezed.
-	spongeSqueezing
-)
-
-const (
-	// maxRate is the maximum size of the internal buffer. SHAKE-256
-	// currently needs the largest buffer.
-	maxRate = 168
-)
-
-type state struct {
-	// Generic sponge components.
-	a    [25]uint64 // main state of the hash
-	buf  []byte     // points into storage
-	rate int        // the number of bytes of state to use
-
-	// dsbyte contains the "domain separation" bits and the first bit of
-	// the padding. Sections 6.1 and 6.2 of [1] separate the outputs of the
-	// SHA-3 and SHAKE functions by appending bitstrings to the message.
-	// Using a little-endian bit-ordering convention, these are "01" for SHA-3
-	// and "1111" for SHAKE, or 00000010b and 00001111b, respectively. Then the
-	// padding rule from section 5.1 is applied to pad the message to a multiple
-	// of the rate, which involves adding a "1" bit, zero or more "0" bits, and
-	// a final "1" bit. We merge the first "1" bit from the padding into dsbyte,
-	// giving 00000110b (0x06) and 00011111b (0x1f).
-	// [1] http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf
-	//     "Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and
-	//      Extendable-Output Functions (May 2014)"
-	dsbyte byte
-
-	storage storageBuf
-
-	// Specific to SHA-3 and SHAKE.
-	outputLen int             // the default output size in bytes
-	state     spongeDirection // whether the sponge is absorbing or squeezing
-}
-
-// BlockSize returns the rate of sponge underlying this hash function.
-func (d *state) BlockSize() int { return d.rate }
-
-// Size returns the output size of the hash function in bytes.
-func (d *state) Size() int { return d.outputLen }
-
-// Reset clears the internal state by zeroing the sponge state and
-// the byte buffer, and setting Sponge.state to absorbing.
-func (d *state) Reset() {
-	// Zero the permutation's state.
-	for i := range d.a {
-		d.a[i] = 0
-	}
-	d.state = spongeAbsorbing
-	d.buf = d.storage.asBytes()[:0]
-}
-
-func (d *state) clone() *state {
-	ret := *d
-	if ret.state == spongeAbsorbing {
-		ret.buf = ret.storage.asBytes()[:len(ret.buf)]
-	} else {
-		ret.buf = ret.storage.asBytes()[d.rate-cap(d.buf) : d.rate]
-	}
-
-	return &ret
-}
-
-// permute applies the KeccakF-1600 permutation. It handles
-// any input-output buffering.
-func (d *state) permute() {
-	switch d.state {
-	case spongeAbsorbing:
-		// If we're absorbing, we need to xor the input into the state
-		// before applying the permutation.
-		xorIn(d, d.buf)
-		d.buf = d.storage.asBytes()[:0]
-		keccakF1600(&d.a)
-	case spongeSqueezing:
-		// If we're squeezing, we need to apply the permutation before
-		// copying more output.
-		keccakF1600(&d.a)
-		d.buf = d.storage.asBytes()[:d.rate]
-		copyOut(d, d.buf)
-	}
-}
-
-// pads appends the domain separation bits in dsbyte, applies
-// the multi-bitrate 10..1 padding rule, and permutes the state.
-func (d *state) padAndPermute(dsbyte byte) {
-	if d.buf == nil {
-		d.buf = d.storage.asBytes()[:0]
-	}
-	// Pad with this instance's domain-separator bits. We know that there's
-	// at least one byte of space in d.buf because, if it were full,
-	// permute would have been called to empty it. dsbyte also contains the
-	// first one bit for the padding. See the comment in the state struct.
-	d.buf = append(d.buf, dsbyte)
-	zerosStart := len(d.buf)
-	d.buf = d.storage.asBytes()[:d.rate]
-	for i := zerosStart; i < d.rate; i++ {
-		d.buf[i] = 0
-	}
-	// This adds the final one bit for the padding. Because of the way that
-	// bits are numbered from the LSB upwards, the final bit is the MSB of
-	// the last byte.
-	d.buf[d.rate-1] ^= 0x80
-	// Apply the permutation
-	d.permute()
-	d.state = spongeSqueezing
-	d.buf = d.storage.asBytes()[:d.rate]
-	copyOut(d, d.buf)
-}
-
-// Write absorbs more data into the hash's state. It panics if any
-// output has already been read.
-func (d *state) Write(p []byte) (written int, err error) {
-	if d.state != spongeAbsorbing {
-		panic("sha3: Write after Read")
-	}
-	if d.buf == nil {
-		d.buf = d.storage.asBytes()[:0]
-	}
-	written = len(p)
-
-	for len(p) > 0 {
-		if len(d.buf) == 0 && len(p) >= d.rate {
-			// The fast path; absorb a full "rate" bytes of input and apply the permutation.
-			xorIn(d, p[:d.rate])
-			p = p[d.rate:]
-			keccakF1600(&d.a)
-		} else {
-			// The slow path; buffer the input until we can fill the sponge, and then xor it in.
-			todo := d.rate - len(d.buf)
-			if todo > len(p) {
-				todo = len(p)
-			}
-			d.buf = append(d.buf, p[:todo]...)
-			p = p[todo:]
-
-			// If the sponge is full, apply the permutation.
-			if len(d.buf) == d.rate {
-				d.permute()
-			}
-		}
-	}
-
-	return
-}
-
-// Read squeezes an arbitrary number of bytes from the sponge.
-func (d *state) Read(out []byte) (n int, err error) {
-	// If we're still absorbing, pad and apply the permutation.
-	if d.state == spongeAbsorbing {
-		d.padAndPermute(d.dsbyte)
-	}
-
-	n = len(out)
-
-	// Now, do the squeezing.
-	for len(out) > 0 {
-		n := copy(out, d.buf)
-		d.buf = d.buf[n:]
-		out = out[n:]
-
-		// Apply the permutation if we've squeezed the sponge dry.
-		if len(d.buf) == 0 {
-			d.permute()
-		}
-	}
-
-	return
-}
-
-// Sum applies padding to the hash state and then squeezes out the desired
-// number of output bytes. It panics if any output has already been read.
-func (d *state) Sum(in []byte) []byte {
-	if d.state != spongeAbsorbing {
-		panic("sha3: Sum after Read")
-	}
-
-	// Make a copy of the original hash so that caller can keep writing
-	// and summing.
-	dup := d.clone()
-	hash := make([]byte, dup.outputLen, 64) // explicit cap to allow stack allocation
-	dup.Read(hash)
-	return append(in, hash...)
-}
diff --git a/vendor/golang.org/x/crypto/sha3/sha3_s390x.go b/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
deleted file mode 100644
index d861bca5..00000000
--- a/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
+++ /dev/null
@@ -1,288 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gc && !purego
-
-package sha3
-
-// This file contains code for using the 'compute intermediate
-// message digest' (KIMD) and 'compute last message digest' (KLMD)
-// instructions to compute SHA-3 and SHAKE hashes on IBM Z.
-
-import (
-	"hash"
-
-	"golang.org/x/sys/cpu"
-)
-
-// codes represent 7-bit KIMD/KLMD function codes as defined in
-// the Principles of Operation.
-type code uint64
-
-const (
-	// function codes for KIMD/KLMD
-	sha3_224  code = 32
-	sha3_256       = 33
-	sha3_384       = 34
-	sha3_512       = 35
-	shake_128      = 36
-	shake_256      = 37
-	nopad          = 0x100
-)
-
-// kimd is a wrapper for the 'compute intermediate message digest' instruction.
-// src must be a multiple of the rate for the given function code.
-//
-//go:noescape
-func kimd(function code, chain *[200]byte, src []byte)
-
-// klmd is a wrapper for the 'compute last message digest' instruction.
-// src padding is handled by the instruction.
-//
-//go:noescape
-func klmd(function code, chain *[200]byte, dst, src []byte)
-
-type asmState struct {
-	a         [200]byte       // 1600 bit state
-	buf       []byte          // care must be taken to ensure cap(buf) is a multiple of rate
-	rate      int             // equivalent to block size
-	storage   [3072]byte      // underlying storage for buf
-	outputLen int             // output length for full security
-	function  code            // KIMD/KLMD function code
-	state     spongeDirection // whether the sponge is absorbing or squeezing
-}
-
-func newAsmState(function code) *asmState {
-	var s asmState
-	s.function = function
-	switch function {
-	case sha3_224:
-		s.rate = 144
-		s.outputLen = 28
-	case sha3_256:
-		s.rate = 136
-		s.outputLen = 32
-	case sha3_384:
-		s.rate = 104
-		s.outputLen = 48
-	case sha3_512:
-		s.rate = 72
-		s.outputLen = 64
-	case shake_128:
-		s.rate = 168
-		s.outputLen = 32
-	case shake_256:
-		s.rate = 136
-		s.outputLen = 64
-	default:
-		panic("sha3: unrecognized function code")
-	}
-
-	// limit s.buf size to a multiple of s.rate
-	s.resetBuf()
-	return &s
-}
-
-func (s *asmState) clone() *asmState {
-	c := *s
-	c.buf = c.storage[:len(s.buf):cap(s.buf)]
-	return &c
-}
-
-// copyIntoBuf copies b into buf. It will panic if there is not enough space to
-// store all of b.
-func (s *asmState) copyIntoBuf(b []byte) {
-	bufLen := len(s.buf)
-	s.buf = s.buf[:len(s.buf)+len(b)]
-	copy(s.buf[bufLen:], b)
-}
-
-// resetBuf points buf at storage, sets the length to 0 and sets cap to be a
-// multiple of the rate.
-func (s *asmState) resetBuf() {
-	max := (cap(s.storage) / s.rate) * s.rate
-	s.buf = s.storage[:0:max]
-}
-
-// Write (via the embedded io.Writer interface) adds more data to the running hash.
-// It never returns an error.
-func (s *asmState) Write(b []byte) (int, error) {
-	if s.state != spongeAbsorbing {
-		panic("sha3: Write after Read")
-	}
-	length := len(b)
-	for len(b) > 0 {
-		if len(s.buf) == 0 && len(b) >= cap(s.buf) {
-			// Hash the data directly and push any remaining bytes
-			// into the buffer.
-			remainder := len(b) % s.rate
-			kimd(s.function, &s.a, b[:len(b)-remainder])
-			if remainder != 0 {
-				s.copyIntoBuf(b[len(b)-remainder:])
-			}
-			return length, nil
-		}
-
-		if len(s.buf) == cap(s.buf) {
-			// flush the buffer
-			kimd(s.function, &s.a, s.buf)
-			s.buf = s.buf[:0]
-		}
-
-		// copy as much as we can into the buffer
-		n := len(b)
-		if len(b) > cap(s.buf)-len(s.buf) {
-			n = cap(s.buf) - len(s.buf)
-		}
-		s.copyIntoBuf(b[:n])
-		b = b[n:]
-	}
-	return length, nil
-}
-
-// Read squeezes an arbitrary number of bytes from the sponge.
-func (s *asmState) Read(out []byte) (n int, err error) {
-	n = len(out)
-
-	// need to pad if we were absorbing
-	if s.state == spongeAbsorbing {
-		s.state = spongeSqueezing
-
-		// write hash directly into out if possible
-		if len(out)%s.rate == 0 {
-			klmd(s.function, &s.a, out, s.buf) // len(out) may be 0
-			s.buf = s.buf[:0]
-			return
-		}
-
-		// write hash into buffer
-		max := cap(s.buf)
-		if max > len(out) {
-			max = (len(out)/s.rate)*s.rate + s.rate
-		}
-		klmd(s.function, &s.a, s.buf[:max], s.buf)
-		s.buf = s.buf[:max]
-	}
-
-	for len(out) > 0 {
-		// flush the buffer
-		if len(s.buf) != 0 {
-			c := copy(out, s.buf)
-			out = out[c:]
-			s.buf = s.buf[c:]
-			continue
-		}
-
-		// write hash directly into out if possible
-		if len(out)%s.rate == 0 {
-			klmd(s.function|nopad, &s.a, out, nil)
-			return
-		}
-
-		// write hash into buffer
-		s.resetBuf()
-		if cap(s.buf) > len(out) {
-			s.buf = s.buf[:(len(out)/s.rate)*s.rate+s.rate]
-		}
-		klmd(s.function|nopad, &s.a, s.buf, nil)
-	}
-	return
-}
-
-// Sum appends the current hash to b and returns the resulting slice.
-// It does not change the underlying hash state.
-func (s *asmState) Sum(b []byte) []byte {
-	if s.state != spongeAbsorbing {
-		panic("sha3: Sum after Read")
-	}
-
-	// Copy the state to preserve the original.
-	a := s.a
-
-	// Hash the buffer. Note that we don't clear it because we
-	// aren't updating the state.
-	klmd(s.function, &a, nil, s.buf)
-	return append(b, a[:s.outputLen]...)
-}
-
-// Reset resets the Hash to its initial state.
-func (s *asmState) Reset() {
-	for i := range s.a {
-		s.a[i] = 0
-	}
-	s.resetBuf()
-	s.state = spongeAbsorbing
-}
-
-// Size returns the number of bytes Sum will return.
-func (s *asmState) Size() int {
-	return s.outputLen
-}
-
-// BlockSize returns the hash's underlying block size.
-// The Write method must be able to accept any amount
-// of data, but it may operate more efficiently if all writes
-// are a multiple of the block size.
-func (s *asmState) BlockSize() int {
-	return s.rate
-}
-
-// Clone returns a copy of the ShakeHash in its current state.
-func (s *asmState) Clone() ShakeHash {
-	return s.clone()
-}
-
-// new224Asm returns an assembly implementation of SHA3-224 if available,
-// otherwise it returns nil.
-func new224Asm() hash.Hash {
-	if cpu.S390X.HasSHA3 {
-		return newAsmState(sha3_224)
-	}
-	return nil
-}
-
-// new256Asm returns an assembly implementation of SHA3-256 if available,
-// otherwise it returns nil.
-func new256Asm() hash.Hash {
-	if cpu.S390X.HasSHA3 {
-		return newAsmState(sha3_256)
-	}
-	return nil
-}
-
-// new384Asm returns an assembly implementation of SHA3-384 if available,
-// otherwise it returns nil.
-func new384Asm() hash.Hash {
-	if cpu.S390X.HasSHA3 {
-		return newAsmState(sha3_384)
-	}
-	return nil
-}
-
-// new512Asm returns an assembly implementation of SHA3-512 if available,
-// otherwise it returns nil.
-func new512Asm() hash.Hash {
-	if cpu.S390X.HasSHA3 {
-		return newAsmState(sha3_512)
-	}
-	return nil
-}
-
-// newShake128Asm returns an assembly implementation of SHAKE-128 if available,
-// otherwise it returns nil.
-func newShake128Asm() ShakeHash {
-	if cpu.S390X.HasSHA3 {
-		return newAsmState(shake_128)
-	}
-	return nil
-}
-
-// newShake256Asm returns an assembly implementation of SHAKE-256 if available,
-// otherwise it returns nil.
-func newShake256Asm() ShakeHash {
-	if cpu.S390X.HasSHA3 {
-		return newAsmState(shake_256)
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/crypto/sha3/sha3_s390x.s b/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
deleted file mode 100644
index 826b862c..00000000
--- a/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gc && !purego
-
-#include "textflag.h"
-
-// func kimd(function code, chain *[200]byte, src []byte)
-TEXT ·kimd(SB), NOFRAME|NOSPLIT, $0-40
-	MOVD function+0(FP), R0
-	MOVD chain+8(FP), R1
-	LMG  src+16(FP), R2, R3 // R2=base, R3=len
-
-continue:
-	WORD $0xB93E0002 // KIMD --, R2
-	BVS  continue    // continue if interrupted
-	MOVD $0, R0      // reset R0 for pre-go1.8 compilers
-	RET
-
-// func klmd(function code, chain *[200]byte, dst, src []byte)
-TEXT ·klmd(SB), NOFRAME|NOSPLIT, $0-64
-	// TODO: SHAKE support
-	MOVD function+0(FP), R0
-	MOVD chain+8(FP), R1
-	LMG  dst+16(FP), R2, R3 // R2=base, R3=len
-	LMG  src+40(FP), R4, R5 // R4=base, R5=len
-
-continue:
-	WORD $0xB93F0024 // KLMD R2, R4
-	BVS  continue    // continue if interrupted
-	MOVD $0, R0      // reset R0 for pre-go1.8 compilers
-	RET
diff --git a/vendor/golang.org/x/crypto/sha3/shake.go b/vendor/golang.org/x/crypto/sha3/shake.go
deleted file mode 100644
index bb699840..00000000
--- a/vendor/golang.org/x/crypto/sha3/shake.go
+++ /dev/null
@@ -1,172 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package sha3
-
-// This file defines the ShakeHash interface, and provides
-// functions for creating SHAKE and cSHAKE instances, as well as utility
-// functions for hashing bytes to arbitrary-length output.
-//
-//
-// SHAKE implementation is based on FIPS PUB 202 [1]
-// cSHAKE implementations is based on NIST SP 800-185 [2]
-//
-// [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
-// [2] https://doi.org/10.6028/NIST.SP.800-185
-
-import (
-	"encoding/binary"
-	"hash"
-	"io"
-)
-
-// ShakeHash defines the interface to hash functions that support
-// arbitrary-length output. When used as a plain [hash.Hash], it
-// produces minimum-length outputs that provide full-strength generic
-// security.
-type ShakeHash interface {
-	hash.Hash
-
-	// Read reads more output from the hash; reading affects the hash's
-	// state. (ShakeHash.Read is thus very different from Hash.Sum)
-	// It never returns an error, but subsequent calls to Write or Sum
-	// will panic.
-	io.Reader
-
-	// Clone returns a copy of the ShakeHash in its current state.
-	Clone() ShakeHash
-}
-
-// cSHAKE specific context
-type cshakeState struct {
-	*state // SHA-3 state context and Read/Write operations
-
-	// initBlock is the cSHAKE specific initialization set of bytes. It is initialized
-	// by newCShake function and stores concatenation of N followed by S, encoded
-	// by the method specified in 3.3 of [1].
-	// It is stored here in order for Reset() to be able to put context into
-	// initial state.
-	initBlock []byte
-}
-
-// Consts for configuring initial SHA-3 state
-const (
-	dsbyteShake  = 0x1f
-	dsbyteCShake = 0x04
-	rate128      = 168
-	rate256      = 136
-)
-
-func bytepad(input []byte, w int) []byte {
-	// leftEncode always returns max 9 bytes
-	buf := make([]byte, 0, 9+len(input)+w)
-	buf = append(buf, leftEncode(uint64(w))...)
-	buf = append(buf, input...)
-	padlen := w - (len(buf) % w)
-	return append(buf, make([]byte, padlen)...)
-}
-
-func leftEncode(value uint64) []byte {
-	var b [9]byte
-	binary.BigEndian.PutUint64(b[1:], value)
-	// Trim all but last leading zero bytes
-	i := byte(1)
-	for i < 8 && b[i] == 0 {
-		i++
-	}
-	// Prepend number of encoded bytes
-	b[i-1] = 9 - i
-	return b[i-1:]
-}
-
-func newCShake(N, S []byte, rate, outputLen int, dsbyte byte) ShakeHash {
-	c := cshakeState{state: &state{rate: rate, outputLen: outputLen, dsbyte: dsbyte}}
-
-	// leftEncode returns max 9 bytes
-	c.initBlock = make([]byte, 0, 9*2+len(N)+len(S))
-	c.initBlock = append(c.initBlock, leftEncode(uint64(len(N)*8))...)
-	c.initBlock = append(c.initBlock, N...)
-	c.initBlock = append(c.initBlock, leftEncode(uint64(len(S)*8))...)
-	c.initBlock = append(c.initBlock, S...)
-	c.Write(bytepad(c.initBlock, c.rate))
-	return &c
-}
-
-// Reset resets the hash to initial state.
-func (c *cshakeState) Reset() {
-	c.state.Reset()
-	c.Write(bytepad(c.initBlock, c.rate))
-}
-
-// Clone returns copy of a cSHAKE context within its current state.
-func (c *cshakeState) Clone() ShakeHash {
-	b := make([]byte, len(c.initBlock))
-	copy(b, c.initBlock)
-	return &cshakeState{state: c.clone(), initBlock: b}
-}
-
-// Clone returns copy of SHAKE context within its current state.
-func (c *state) Clone() ShakeHash {
-	return c.clone()
-}
-
-// NewShake128 creates a new SHAKE128 variable-output-length ShakeHash.
-// Its generic security strength is 128 bits against all attacks if at
-// least 32 bytes of its output are used.
-func NewShake128() ShakeHash {
-	if h := newShake128Asm(); h != nil {
-		return h
-	}
-	return &state{rate: rate128, outputLen: 32, dsbyte: dsbyteShake}
-}
-
-// NewShake256 creates a new SHAKE256 variable-output-length ShakeHash.
-// Its generic security strength is 256 bits against all attacks if
-// at least 64 bytes of its output are used.
-func NewShake256() ShakeHash {
-	if h := newShake256Asm(); h != nil {
-		return h
-	}
-	return &state{rate: rate256, outputLen: 64, dsbyte: dsbyteShake}
-}
-
-// NewCShake128 creates a new instance of cSHAKE128 variable-output-length ShakeHash,
-// a customizable variant of SHAKE128.
-// N is used to define functions based on cSHAKE, it can be empty when plain cSHAKE is
-// desired. S is a customization byte string used for domain separation - two cSHAKE
-// computations on same input with different S yield unrelated outputs.
-// When N and S are both empty, this is equivalent to NewShake128.
-func NewCShake128(N, S []byte) ShakeHash {
-	if len(N) == 0 && len(S) == 0 {
-		return NewShake128()
-	}
-	return newCShake(N, S, rate128, 32, dsbyteCShake)
-}
-
-// NewCShake256 creates a new instance of cSHAKE256 variable-output-length ShakeHash,
-// a customizable variant of SHAKE256.
-// N is used to define functions based on cSHAKE, it can be empty when plain cSHAKE is
-// desired. S is a customization byte string used for domain separation - two cSHAKE
-// computations on same input with different S yield unrelated outputs.
-// When N and S are both empty, this is equivalent to NewShake256.
-func NewCShake256(N, S []byte) ShakeHash {
-	if len(N) == 0 && len(S) == 0 {
-		return NewShake256()
-	}
-	return newCShake(N, S, rate256, 64, dsbyteCShake)
-}
-
-// ShakeSum128 writes an arbitrary-length digest of data into hash.
-func ShakeSum128(hash, data []byte) {
-	h := NewShake128()
-	h.Write(data)
-	h.Read(hash)
-}
-
-// ShakeSum256 writes an arbitrary-length digest of data into hash.
-func ShakeSum256(hash, data []byte) {
-	h := NewShake256()
-	h.Write(data)
-	h.Read(hash)
-}
diff --git a/vendor/golang.org/x/crypto/sha3/shake_generic.go b/vendor/golang.org/x/crypto/sha3/shake_generic.go
deleted file mode 100644
index 8d31cf5b..00000000
--- a/vendor/golang.org/x/crypto/sha3/shake_generic.go
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !gc || purego || !s390x
-
-package sha3
-
-// newShake128Asm returns an assembly implementation of SHAKE-128 if available,
-// otherwise it returns nil.
-func newShake128Asm() ShakeHash {
-	return nil
-}
-
-// newShake256Asm returns an assembly implementation of SHAKE-256 if available,
-// otherwise it returns nil.
-func newShake256Asm() ShakeHash {
-	return nil
-}
diff --git a/vendor/golang.org/x/crypto/sha3/xor.go b/vendor/golang.org/x/crypto/sha3/xor.go
deleted file mode 100644
index 7337cca8..00000000
--- a/vendor/golang.org/x/crypto/sha3/xor.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (!amd64 && !386 && !ppc64le) || purego
-
-package sha3
-
-// A storageBuf is an aligned array of maxRate bytes.
-type storageBuf [maxRate]byte
-
-func (b *storageBuf) asBytes() *[maxRate]byte {
-	return (*[maxRate]byte)(b)
-}
-
-var (
-	xorIn            = xorInGeneric
-	copyOut          = copyOutGeneric
-	xorInUnaligned   = xorInGeneric
-	copyOutUnaligned = copyOutGeneric
-)
-
-const xorImplementationUnaligned = "generic"
diff --git a/vendor/golang.org/x/crypto/sha3/xor_generic.go b/vendor/golang.org/x/crypto/sha3/xor_generic.go
deleted file mode 100644
index 8d947711..00000000
--- a/vendor/golang.org/x/crypto/sha3/xor_generic.go
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package sha3
-
-import "encoding/binary"
-
-// xorInGeneric xors the bytes in buf into the state; it
-// makes no non-portable assumptions about memory layout
-// or alignment.
-func xorInGeneric(d *state, buf []byte) {
-	n := len(buf) / 8
-
-	for i := 0; i < n; i++ {
-		a := binary.LittleEndian.Uint64(buf)
-		d.a[i] ^= a
-		buf = buf[8:]
-	}
-}
-
-// copyOutGeneric copies uint64s to a byte buffer.
-func copyOutGeneric(d *state, b []byte) {
-	for i := 0; len(b) >= 8; i++ {
-		binary.LittleEndian.PutUint64(b, d.a[i])
-		b = b[8:]
-	}
-}
diff --git a/vendor/golang.org/x/crypto/sha3/xor_unaligned.go b/vendor/golang.org/x/crypto/sha3/xor_unaligned.go
deleted file mode 100644
index 870e2d16..00000000
--- a/vendor/golang.org/x/crypto/sha3/xor_unaligned.go
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (amd64 || 386 || ppc64le) && !purego
-
-package sha3
-
-import "unsafe"
-
-// A storageBuf is an aligned array of maxRate bytes.
-type storageBuf [maxRate / 8]uint64
-
-func (b *storageBuf) asBytes() *[maxRate]byte {
-	return (*[maxRate]byte)(unsafe.Pointer(b))
-}
-
-// xorInUnaligned uses unaligned reads and writes to update d.a to contain d.a
-// XOR buf.
-func xorInUnaligned(d *state, buf []byte) {
-	n := len(buf)
-	bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))[: n/8 : n/8]
-	if n >= 72 {
-		d.a[0] ^= bw[0]
-		d.a[1] ^= bw[1]
-		d.a[2] ^= bw[2]
-		d.a[3] ^= bw[3]
-		d.a[4] ^= bw[4]
-		d.a[5] ^= bw[5]
-		d.a[6] ^= bw[6]
-		d.a[7] ^= bw[7]
-		d.a[8] ^= bw[8]
-	}
-	if n >= 104 {
-		d.a[9] ^= bw[9]
-		d.a[10] ^= bw[10]
-		d.a[11] ^= bw[11]
-		d.a[12] ^= bw[12]
-	}
-	if n >= 136 {
-		d.a[13] ^= bw[13]
-		d.a[14] ^= bw[14]
-		d.a[15] ^= bw[15]
-		d.a[16] ^= bw[16]
-	}
-	if n >= 144 {
-		d.a[17] ^= bw[17]
-	}
-	if n >= 168 {
-		d.a[18] ^= bw[18]
-		d.a[19] ^= bw[19]
-		d.a[20] ^= bw[20]
-	}
-}
-
-func copyOutUnaligned(d *state, buf []byte) {
-	ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0]))
-	copy(buf, ab[:])
-}
-
-var (
-	xorIn   = xorInUnaligned
-	copyOut = copyOutUnaligned
-)
-
-const xorImplementationUnaligned = "unaligned"
diff --git a/vendor/golang.org/x/sys/LICENSE b/vendor/golang.org/x/sys/LICENSE
index 6a66aea5..2a7cf70d 100644
--- a/vendor/golang.org/x/sys/LICENSE
+++ b/vendor/golang.org/x/sys/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google Inc. nor the names of its
+   * Neither the name of Google LLC nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
deleted file mode 100644
index 269e173c..00000000
--- a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gc
-
-#include "textflag.h"
-
-//
-// System calls for ppc64, AIX are implemented in runtime/syscall_aix.go
-//
-
-TEXT ·syscall6(SB),NOSPLIT,$0-88
-	JMP	syscall·syscall6(SB)
-
-TEXT ·rawSyscall6(SB),NOSPLIT,$0-88
-	JMP	syscall·rawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/cpu/byteorder.go b/vendor/golang.org/x/sys/cpu/byteorder.go
deleted file mode 100644
index 271055be..00000000
--- a/vendor/golang.org/x/sys/cpu/byteorder.go
+++ /dev/null
@@ -1,66 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-import (
-	"runtime"
-)
-
-// byteOrder is a subset of encoding/binary.ByteOrder.
-type byteOrder interface {
-	Uint32([]byte) uint32
-	Uint64([]byte) uint64
-}
-
-type littleEndian struct{}
-type bigEndian struct{}
-
-func (littleEndian) Uint32(b []byte) uint32 {
-	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
-	return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
-}
-
-func (littleEndian) Uint64(b []byte) uint64 {
-	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
-	return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
-		uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
-}
-
-func (bigEndian) Uint32(b []byte) uint32 {
-	_ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
-	return uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
-}
-
-func (bigEndian) Uint64(b []byte) uint64 {
-	_ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
-	return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
-		uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
-}
-
-// hostByteOrder returns littleEndian on little-endian machines and
-// bigEndian on big-endian machines.
-func hostByteOrder() byteOrder {
-	switch runtime.GOARCH {
-	case "386", "amd64", "amd64p32",
-		"alpha",
-		"arm", "arm64",
-		"loong64",
-		"mipsle", "mips64le", "mips64p32le",
-		"nios2",
-		"ppc64le",
-		"riscv", "riscv64",
-		"sh":
-		return littleEndian{}
-	case "armbe", "arm64be",
-		"m68k",
-		"mips", "mips64", "mips64p32",
-		"ppc", "ppc64",
-		"s390", "s390x",
-		"shbe",
-		"sparc", "sparc64":
-		return bigEndian{}
-	}
-	panic("unknown architecture")
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
deleted file mode 100644
index 4756ad5f..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu.go
+++ /dev/null
@@ -1,290 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package cpu implements processor feature detection for
-// various CPU architectures.
-package cpu
-
-import (
-	"os"
-	"strings"
-)
-
-// Initialized reports whether the CPU features were initialized.
-//
-// For some GOOS/GOARCH combinations initialization of the CPU features depends
-// on reading an operating specific file, e.g. /proc/self/auxv on linux/arm
-// Initialized will report false if reading the file fails.
-var Initialized bool
-
-// CacheLinePad is used to pad structs to avoid false sharing.
-type CacheLinePad struct{ _ [cacheLineSize]byte }
-
-// X86 contains the supported CPU features of the
-// current X86/AMD64 platform. If the current platform
-// is not X86/AMD64 then all feature flags are false.
-//
-// X86 is padded to avoid false sharing. Further the HasAVX
-// and HasAVX2 are only set if the OS supports XMM and YMM
-// registers in addition to the CPUID feature bit being set.
-var X86 struct {
-	_                   CacheLinePad
-	HasAES              bool // AES hardware implementation (AES NI)
-	HasADX              bool // Multi-precision add-carry instruction extensions
-	HasAVX              bool // Advanced vector extension
-	HasAVX2             bool // Advanced vector extension 2
-	HasAVX512           bool // Advanced vector extension 512
-	HasAVX512F          bool // Advanced vector extension 512 Foundation Instructions
-	HasAVX512CD         bool // Advanced vector extension 512 Conflict Detection Instructions
-	HasAVX512ER         bool // Advanced vector extension 512 Exponential and Reciprocal Instructions
-	HasAVX512PF         bool // Advanced vector extension 512 Prefetch Instructions
-	HasAVX512VL         bool // Advanced vector extension 512 Vector Length Extensions
-	HasAVX512BW         bool // Advanced vector extension 512 Byte and Word Instructions
-	HasAVX512DQ         bool // Advanced vector extension 512 Doubleword and Quadword Instructions
-	HasAVX512IFMA       bool // Advanced vector extension 512 Integer Fused Multiply Add
-	HasAVX512VBMI       bool // Advanced vector extension 512 Vector Byte Manipulation Instructions
-	HasAVX5124VNNIW     bool // Advanced vector extension 512 Vector Neural Network Instructions Word variable precision
-	HasAVX5124FMAPS     bool // Advanced vector extension 512 Fused Multiply Accumulation Packed Single precision
-	HasAVX512VPOPCNTDQ  bool // Advanced vector extension 512 Double and quad word population count instructions
-	HasAVX512VPCLMULQDQ bool // Advanced vector extension 512 Vector carry-less multiply operations
-	HasAVX512VNNI       bool // Advanced vector extension 512 Vector Neural Network Instructions
-	HasAVX512GFNI       bool // Advanced vector extension 512 Galois field New Instructions
-	HasAVX512VAES       bool // Advanced vector extension 512 Vector AES instructions
-	HasAVX512VBMI2      bool // Advanced vector extension 512 Vector Byte Manipulation Instructions 2
-	HasAVX512BITALG     bool // Advanced vector extension 512 Bit Algorithms
-	HasAVX512BF16       bool // Advanced vector extension 512 BFloat16 Instructions
-	HasAMXTile          bool // Advanced Matrix Extension Tile instructions
-	HasAMXInt8          bool // Advanced Matrix Extension Int8 instructions
-	HasAMXBF16          bool // Advanced Matrix Extension BFloat16 instructions
-	HasBMI1             bool // Bit manipulation instruction set 1
-	HasBMI2             bool // Bit manipulation instruction set 2
-	HasCX16             bool // Compare and exchange 16 Bytes
-	HasERMS             bool // Enhanced REP for MOVSB and STOSB
-	HasFMA              bool // Fused-multiply-add instructions
-	HasOSXSAVE          bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
-	HasPCLMULQDQ        bool // PCLMULQDQ instruction - most often used for AES-GCM
-	HasPOPCNT           bool // Hamming weight instruction POPCNT.
-	HasRDRAND           bool // RDRAND instruction (on-chip random number generator)
-	HasRDSEED           bool // RDSEED instruction (on-chip random number generator)
-	HasSSE2             bool // Streaming SIMD extension 2 (always available on amd64)
-	HasSSE3             bool // Streaming SIMD extension 3
-	HasSSSE3            bool // Supplemental streaming SIMD extension 3
-	HasSSE41            bool // Streaming SIMD extension 4 and 4.1
-	HasSSE42            bool // Streaming SIMD extension 4 and 4.2
-	_                   CacheLinePad
-}
-
-// ARM64 contains the supported CPU features of the
-// current ARMv8(aarch64) platform. If the current platform
-// is not arm64 then all feature flags are false.
-var ARM64 struct {
-	_           CacheLinePad
-	HasFP       bool // Floating-point instruction set (always available)
-	HasASIMD    bool // Advanced SIMD (always available)
-	HasEVTSTRM  bool // Event stream support
-	HasAES      bool // AES hardware implementation
-	HasPMULL    bool // Polynomial multiplication instruction set
-	HasSHA1     bool // SHA1 hardware implementation
-	HasSHA2     bool // SHA2 hardware implementation
-	HasCRC32    bool // CRC32 hardware implementation
-	HasATOMICS  bool // Atomic memory operation instruction set
-	HasFPHP     bool // Half precision floating-point instruction set
-	HasASIMDHP  bool // Advanced SIMD half precision instruction set
-	HasCPUID    bool // CPUID identification scheme registers
-	HasASIMDRDM bool // Rounding double multiply add/subtract instruction set
-	HasJSCVT    bool // Javascript conversion from floating-point to integer
-	HasFCMA     bool // Floating-point multiplication and addition of complex numbers
-	HasLRCPC    bool // Release Consistent processor consistent support
-	HasDCPOP    bool // Persistent memory support
-	HasSHA3     bool // SHA3 hardware implementation
-	HasSM3      bool // SM3 hardware implementation
-	HasSM4      bool // SM4 hardware implementation
-	HasASIMDDP  bool // Advanced SIMD double precision instruction set
-	HasSHA512   bool // SHA512 hardware implementation
-	HasSVE      bool // Scalable Vector Extensions
-	HasASIMDFHM bool // Advanced SIMD multiplication FP16 to FP32
-	_           CacheLinePad
-}
-
-// ARM contains the supported CPU features of the current ARM (32-bit) platform.
-// All feature flags are false if:
-//  1. the current platform is not arm, or
-//  2. the current operating system is not Linux.
-var ARM struct {
-	_           CacheLinePad
-	HasSWP      bool // SWP instruction support
-	HasHALF     bool // Half-word load and store support
-	HasTHUMB    bool // ARM Thumb instruction set
-	Has26BIT    bool // Address space limited to 26-bits
-	HasFASTMUL  bool // 32-bit operand, 64-bit result multiplication support
-	HasFPA      bool // Floating point arithmetic support
-	HasVFP      bool // Vector floating point support
-	HasEDSP     bool // DSP Extensions support
-	HasJAVA     bool // Java instruction set
-	HasIWMMXT   bool // Intel Wireless MMX technology support
-	HasCRUNCH   bool // MaverickCrunch context switching and handling
-	HasTHUMBEE  bool // Thumb EE instruction set
-	HasNEON     bool // NEON instruction set
-	HasVFPv3    bool // Vector floating point version 3 support
-	HasVFPv3D16 bool // Vector floating point version 3 D8-D15
-	HasTLS      bool // Thread local storage support
-	HasVFPv4    bool // Vector floating point version 4 support
-	HasIDIVA    bool // Integer divide instruction support in ARM mode
-	HasIDIVT    bool // Integer divide instruction support in Thumb mode
-	HasVFPD32   bool // Vector floating point version 3 D15-D31
-	HasLPAE     bool // Large Physical Address Extensions
-	HasEVTSTRM  bool // Event stream support
-	HasAES      bool // AES hardware implementation
-	HasPMULL    bool // Polynomial multiplication instruction set
-	HasSHA1     bool // SHA1 hardware implementation
-	HasSHA2     bool // SHA2 hardware implementation
-	HasCRC32    bool // CRC32 hardware implementation
-	_           CacheLinePad
-}
-
-// MIPS64X contains the supported CPU features of the current mips64/mips64le
-// platforms. If the current platform is not mips64/mips64le or the current
-// operating system is not Linux then all feature flags are false.
-var MIPS64X struct {
-	_      CacheLinePad
-	HasMSA bool // MIPS SIMD architecture
-	_      CacheLinePad
-}
-
-// PPC64 contains the supported CPU features of the current ppc64/ppc64le platforms.
-// If the current platform is not ppc64/ppc64le then all feature flags are false.
-//
-// For ppc64/ppc64le, it is safe to check only for ISA level starting on ISA v3.00,
-// since there are no optional categories. There are some exceptions that also
-// require kernel support to work (DARN, SCV), so there are feature bits for
-// those as well. The struct is padded to avoid false sharing.
-var PPC64 struct {
-	_        CacheLinePad
-	HasDARN  bool // Hardware random number generator (requires kernel enablement)
-	HasSCV   bool // Syscall vectored (requires kernel enablement)
-	IsPOWER8 bool // ISA v2.07 (POWER8)
-	IsPOWER9 bool // ISA v3.00 (POWER9), implies IsPOWER8
-	_        CacheLinePad
-}
-
-// S390X contains the supported CPU features of the current IBM Z
-// (s390x) platform. If the current platform is not IBM Z then all
-// feature flags are false.
-//
-// S390X is padded to avoid false sharing. Further HasVX is only set
-// if the OS supports vector registers in addition to the STFLE
-// feature bit being set.
-var S390X struct {
-	_         CacheLinePad
-	HasZARCH  bool // z/Architecture mode is active [mandatory]
-	HasSTFLE  bool // store facility list extended
-	HasLDISP  bool // long (20-bit) displacements
-	HasEIMM   bool // 32-bit immediates
-	HasDFP    bool // decimal floating point
-	HasETF3EH bool // ETF-3 enhanced
-	HasMSA    bool // message security assist (CPACF)
-	HasAES    bool // KM-AES{128,192,256} functions
-	HasAESCBC bool // KMC-AES{128,192,256} functions
-	HasAESCTR bool // KMCTR-AES{128,192,256} functions
-	HasAESGCM bool // KMA-GCM-AES{128,192,256} functions
-	HasGHASH  bool // KIMD-GHASH function
-	HasSHA1   bool // K{I,L}MD-SHA-1 functions
-	HasSHA256 bool // K{I,L}MD-SHA-256 functions
-	HasSHA512 bool // K{I,L}MD-SHA-512 functions
-	HasSHA3   bool // K{I,L}MD-SHA3-{224,256,384,512} and K{I,L}MD-SHAKE-{128,256} functions
-	HasVX     bool // vector facility
-	HasVXE    bool // vector-enhancements facility 1
-	_         CacheLinePad
-}
-
-func init() {
-	archInit()
-	initOptions()
-	processOptions()
-}
-
-// options contains the cpu debug options that can be used in GODEBUG.
-// Options are arch dependent and are added by the arch specific initOptions functions.
-// Features that are mandatory for the specific GOARCH should have the Required field set
-// (e.g. SSE2 on amd64).
-var options []option
-
-// Option names should be lower case. e.g. avx instead of AVX.
-type option struct {
-	Name      string
-	Feature   *bool
-	Specified bool // whether feature value was specified in GODEBUG
-	Enable    bool // whether feature should be enabled
-	Required  bool // whether feature is mandatory and can not be disabled
-}
-
-func processOptions() {
-	env := os.Getenv("GODEBUG")
-field:
-	for env != "" {
-		field := ""
-		i := strings.IndexByte(env, ',')
-		if i < 0 {
-			field, env = env, ""
-		} else {
-			field, env = env[:i], env[i+1:]
-		}
-		if len(field) < 4 || field[:4] != "cpu." {
-			continue
-		}
-		i = strings.IndexByte(field, '=')
-		if i < 0 {
-			print("GODEBUG sys/cpu: no value specified for \"", field, "\"\n")
-			continue
-		}
-		key, value := field[4:i], field[i+1:] // e.g. "SSE2", "on"
-
-		var enable bool
-		switch value {
-		case "on":
-			enable = true
-		case "off":
-			enable = false
-		default:
-			print("GODEBUG sys/cpu: value \"", value, "\" not supported for cpu option \"", key, "\"\n")
-			continue field
-		}
-
-		if key == "all" {
-			for i := range options {
-				options[i].Specified = true
-				options[i].Enable = enable || options[i].Required
-			}
-			continue field
-		}
-
-		for i := range options {
-			if options[i].Name == key {
-				options[i].Specified = true
-				options[i].Enable = enable
-				continue field
-			}
-		}
-
-		print("GODEBUG sys/cpu: unknown cpu feature \"", key, "\"\n")
-	}
-
-	for _, o := range options {
-		if !o.Specified {
-			continue
-		}
-
-		if o.Enable && !*o.Feature {
-			print("GODEBUG sys/cpu: can not enable \"", o.Name, "\", missing CPU support\n")
-			continue
-		}
-
-		if !o.Enable && o.Required {
-			print("GODEBUG sys/cpu: can not disable \"", o.Name, "\", required CPU feature\n")
-			continue
-		}
-
-		*o.Feature = o.Enable
-	}
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_aix.go b/vendor/golang.org/x/sys/cpu/cpu_aix.go
deleted file mode 100644
index 9bf0c32e..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_aix.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build aix
-
-package cpu
-
-const (
-	// getsystemcfg constants
-	_SC_IMPL     = 2
-	_IMPL_POWER8 = 0x10000
-	_IMPL_POWER9 = 0x20000
-)
-
-func archInit() {
-	impl := getsystemcfg(_SC_IMPL)
-	if impl&_IMPL_POWER8 != 0 {
-		PPC64.IsPOWER8 = true
-	}
-	if impl&_IMPL_POWER9 != 0 {
-		PPC64.IsPOWER8 = true
-		PPC64.IsPOWER9 = true
-	}
-
-	Initialized = true
-}
-
-func getsystemcfg(label int) (n uint64) {
-	r0, _ := callgetsystemcfg(label)
-	n = uint64(r0)
-	return
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
deleted file mode 100644
index 301b752e..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_arm.go
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-const cacheLineSize = 32
-
-// HWCAP/HWCAP2 bits.
-// These are specific to Linux.
-const (
-	hwcap_SWP       = 1 << 0
-	hwcap_HALF      = 1 << 1
-	hwcap_THUMB     = 1 << 2
-	hwcap_26BIT     = 1 << 3
-	hwcap_FAST_MULT = 1 << 4
-	hwcap_FPA       = 1 << 5
-	hwcap_VFP       = 1 << 6
-	hwcap_EDSP      = 1 << 7
-	hwcap_JAVA      = 1 << 8
-	hwcap_IWMMXT    = 1 << 9
-	hwcap_CRUNCH    = 1 << 10
-	hwcap_THUMBEE   = 1 << 11
-	hwcap_NEON      = 1 << 12
-	hwcap_VFPv3     = 1 << 13
-	hwcap_VFPv3D16  = 1 << 14
-	hwcap_TLS       = 1 << 15
-	hwcap_VFPv4     = 1 << 16
-	hwcap_IDIVA     = 1 << 17
-	hwcap_IDIVT     = 1 << 18
-	hwcap_VFPD32    = 1 << 19
-	hwcap_LPAE      = 1 << 20
-	hwcap_EVTSTRM   = 1 << 21
-
-	hwcap2_AES   = 1 << 0
-	hwcap2_PMULL = 1 << 1
-	hwcap2_SHA1  = 1 << 2
-	hwcap2_SHA2  = 1 << 3
-	hwcap2_CRC32 = 1 << 4
-)
-
-func initOptions() {
-	options = []option{
-		{Name: "pmull", Feature: &ARM.HasPMULL},
-		{Name: "sha1", Feature: &ARM.HasSHA1},
-		{Name: "sha2", Feature: &ARM.HasSHA2},
-		{Name: "swp", Feature: &ARM.HasSWP},
-		{Name: "thumb", Feature: &ARM.HasTHUMB},
-		{Name: "thumbee", Feature: &ARM.HasTHUMBEE},
-		{Name: "tls", Feature: &ARM.HasTLS},
-		{Name: "vfp", Feature: &ARM.HasVFP},
-		{Name: "vfpd32", Feature: &ARM.HasVFPD32},
-		{Name: "vfpv3", Feature: &ARM.HasVFPv3},
-		{Name: "vfpv3d16", Feature: &ARM.HasVFPv3D16},
-		{Name: "vfpv4", Feature: &ARM.HasVFPv4},
-		{Name: "half", Feature: &ARM.HasHALF},
-		{Name: "26bit", Feature: &ARM.Has26BIT},
-		{Name: "fastmul", Feature: &ARM.HasFASTMUL},
-		{Name: "fpa", Feature: &ARM.HasFPA},
-		{Name: "edsp", Feature: &ARM.HasEDSP},
-		{Name: "java", Feature: &ARM.HasJAVA},
-		{Name: "iwmmxt", Feature: &ARM.HasIWMMXT},
-		{Name: "crunch", Feature: &ARM.HasCRUNCH},
-		{Name: "neon", Feature: &ARM.HasNEON},
-		{Name: "idivt", Feature: &ARM.HasIDIVT},
-		{Name: "idiva", Feature: &ARM.HasIDIVA},
-		{Name: "lpae", Feature: &ARM.HasLPAE},
-		{Name: "evtstrm", Feature: &ARM.HasEVTSTRM},
-		{Name: "aes", Feature: &ARM.HasAES},
-		{Name: "crc32", Feature: &ARM.HasCRC32},
-	}
-
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
deleted file mode 100644
index f3eb993b..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.go
+++ /dev/null
@@ -1,172 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-import "runtime"
-
-// cacheLineSize is used to prevent false sharing of cache lines.
-// We choose 128 because Apple Silicon, a.k.a. M1, has 128-byte cache line size.
-// It doesn't cost much and is much more future-proof.
-const cacheLineSize = 128
-
-func initOptions() {
-	options = []option{
-		{Name: "fp", Feature: &ARM64.HasFP},
-		{Name: "asimd", Feature: &ARM64.HasASIMD},
-		{Name: "evstrm", Feature: &ARM64.HasEVTSTRM},
-		{Name: "aes", Feature: &ARM64.HasAES},
-		{Name: "fphp", Feature: &ARM64.HasFPHP},
-		{Name: "jscvt", Feature: &ARM64.HasJSCVT},
-		{Name: "lrcpc", Feature: &ARM64.HasLRCPC},
-		{Name: "pmull", Feature: &ARM64.HasPMULL},
-		{Name: "sha1", Feature: &ARM64.HasSHA1},
-		{Name: "sha2", Feature: &ARM64.HasSHA2},
-		{Name: "sha3", Feature: &ARM64.HasSHA3},
-		{Name: "sha512", Feature: &ARM64.HasSHA512},
-		{Name: "sm3", Feature: &ARM64.HasSM3},
-		{Name: "sm4", Feature: &ARM64.HasSM4},
-		{Name: "sve", Feature: &ARM64.HasSVE},
-		{Name: "crc32", Feature: &ARM64.HasCRC32},
-		{Name: "atomics", Feature: &ARM64.HasATOMICS},
-		{Name: "asimdhp", Feature: &ARM64.HasASIMDHP},
-		{Name: "cpuid", Feature: &ARM64.HasCPUID},
-		{Name: "asimrdm", Feature: &ARM64.HasASIMDRDM},
-		{Name: "fcma", Feature: &ARM64.HasFCMA},
-		{Name: "dcpop", Feature: &ARM64.HasDCPOP},
-		{Name: "asimddp", Feature: &ARM64.HasASIMDDP},
-		{Name: "asimdfhm", Feature: &ARM64.HasASIMDFHM},
-	}
-}
-
-func archInit() {
-	switch runtime.GOOS {
-	case "freebsd":
-		readARM64Registers()
-	case "linux", "netbsd", "openbsd":
-		doinit()
-	default:
-		// Many platforms don't seem to allow reading these registers.
-		setMinimalFeatures()
-	}
-}
-
-// setMinimalFeatures fakes the minimal ARM64 features expected by
-// TestARM64minimalFeatures.
-func setMinimalFeatures() {
-	ARM64.HasASIMD = true
-	ARM64.HasFP = true
-}
-
-func readARM64Registers() {
-	Initialized = true
-
-	parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0())
-}
-
-func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) {
-	// ID_AA64ISAR0_EL1
-	switch extractBits(isar0, 4, 7) {
-	case 1:
-		ARM64.HasAES = true
-	case 2:
-		ARM64.HasAES = true
-		ARM64.HasPMULL = true
-	}
-
-	switch extractBits(isar0, 8, 11) {
-	case 1:
-		ARM64.HasSHA1 = true
-	}
-
-	switch extractBits(isar0, 12, 15) {
-	case 1:
-		ARM64.HasSHA2 = true
-	case 2:
-		ARM64.HasSHA2 = true
-		ARM64.HasSHA512 = true
-	}
-
-	switch extractBits(isar0, 16, 19) {
-	case 1:
-		ARM64.HasCRC32 = true
-	}
-
-	switch extractBits(isar0, 20, 23) {
-	case 2:
-		ARM64.HasATOMICS = true
-	}
-
-	switch extractBits(isar0, 28, 31) {
-	case 1:
-		ARM64.HasASIMDRDM = true
-	}
-
-	switch extractBits(isar0, 32, 35) {
-	case 1:
-		ARM64.HasSHA3 = true
-	}
-
-	switch extractBits(isar0, 36, 39) {
-	case 1:
-		ARM64.HasSM3 = true
-	}
-
-	switch extractBits(isar0, 40, 43) {
-	case 1:
-		ARM64.HasSM4 = true
-	}
-
-	switch extractBits(isar0, 44, 47) {
-	case 1:
-		ARM64.HasASIMDDP = true
-	}
-
-	// ID_AA64ISAR1_EL1
-	switch extractBits(isar1, 0, 3) {
-	case 1:
-		ARM64.HasDCPOP = true
-	}
-
-	switch extractBits(isar1, 12, 15) {
-	case 1:
-		ARM64.HasJSCVT = true
-	}
-
-	switch extractBits(isar1, 16, 19) {
-	case 1:
-		ARM64.HasFCMA = true
-	}
-
-	switch extractBits(isar1, 20, 23) {
-	case 1:
-		ARM64.HasLRCPC = true
-	}
-
-	// ID_AA64PFR0_EL1
-	switch extractBits(pfr0, 16, 19) {
-	case 0:
-		ARM64.HasFP = true
-	case 1:
-		ARM64.HasFP = true
-		ARM64.HasFPHP = true
-	}
-
-	switch extractBits(pfr0, 20, 23) {
-	case 0:
-		ARM64.HasASIMD = true
-	case 1:
-		ARM64.HasASIMD = true
-		ARM64.HasASIMDHP = true
-	}
-
-	switch extractBits(pfr0, 32, 35) {
-	case 1:
-		ARM64.HasSVE = true
-	}
-}
-
-func extractBits(data uint64, start, end uint) uint {
-	return (uint)(data>>start) & ((1 << (end - start + 1)) - 1)
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
deleted file mode 100644
index fcb9a388..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gc
-
-#include "textflag.h"
-
-// func getisar0() uint64
-TEXT ·getisar0(SB),NOSPLIT,$0-8
-	// get Instruction Set Attributes 0 into x0
-	// mrs x0, ID_AA64ISAR0_EL1 = d5380600
-	WORD	$0xd5380600
-	MOVD	R0, ret+0(FP)
-	RET
-
-// func getisar1() uint64
-TEXT ·getisar1(SB),NOSPLIT,$0-8
-	// get Instruction Set Attributes 1 into x0
-	// mrs x0, ID_AA64ISAR1_EL1 = d5380620
-	WORD	$0xd5380620
-	MOVD	R0, ret+0(FP)
-	RET
-
-// func getpfr0() uint64
-TEXT ·getpfr0(SB),NOSPLIT,$0-8
-	// get Processor Feature Register 0 into x0
-	// mrs x0, ID_AA64PFR0_EL1 = d5380400
-	WORD	$0xd5380400
-	MOVD	R0, ret+0(FP)
-	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
deleted file mode 100644
index a8acd3e3..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gc
-
-package cpu
-
-func getisar0() uint64
-func getisar1() uint64
-func getpfr0() uint64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
deleted file mode 100644
index c8ae6ddc..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gc
-
-package cpu
-
-// haveAsmFunctions reports whether the other functions in this file can
-// be safely called.
-func haveAsmFunctions() bool { return true }
-
-// The following feature detection functions are defined in cpu_s390x.s.
-// They are likely to be expensive to call so the results should be cached.
-func stfle() facilityList
-func kmQuery() queryResult
-func kmcQuery() queryResult
-func kmctrQuery() queryResult
-func kmaQuery() queryResult
-func kimdQuery() queryResult
-func klmdQuery() queryResult
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
deleted file mode 100644
index 910728fb..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (386 || amd64 || amd64p32) && gc
-
-package cpu
-
-// cpuid is implemented in cpu_x86.s for gc compiler
-// and in cpu_gccgo.c for gccgo.
-func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
-
-// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
-// and in cpu_gccgo.c for gccgo.
-func xgetbv() (eax, edx uint32)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
deleted file mode 100644
index 7f194678..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gccgo
-
-package cpu
-
-func getisar0() uint64 { return 0 }
-func getisar1() uint64 { return 0 }
-func getpfr0() uint64  { return 0 }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
deleted file mode 100644
index 9526d2ce..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gccgo
-
-package cpu
-
-// haveAsmFunctions reports whether the other functions in this file can
-// be safely called.
-func haveAsmFunctions() bool { return false }
-
-// TODO(mundaym): the following feature detection functions are currently
-// stubs. See https://golang.org/cl/162887 for how to fix this.
-// They are likely to be expensive to call so the results should be cached.
-func stfle() facilityList     { panic("not implemented for gccgo") }
-func kmQuery() queryResult    { panic("not implemented for gccgo") }
-func kmcQuery() queryResult   { panic("not implemented for gccgo") }
-func kmctrQuery() queryResult { panic("not implemented for gccgo") }
-func kmaQuery() queryResult   { panic("not implemented for gccgo") }
-func kimdQuery() queryResult  { panic("not implemented for gccgo") }
-func klmdQuery() queryResult  { panic("not implemented for gccgo") }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
deleted file mode 100644
index 3f73a05d..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
+++ /dev/null
@@ -1,37 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (386 || amd64 || amd64p32) && gccgo
-
-#include <cpuid.h>
-#include <stdint.h>
-#include <x86intrin.h>
-
-// Need to wrap __get_cpuid_count because it's declared as static.
-int
-gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
-                   uint32_t *eax, uint32_t *ebx,
-                   uint32_t *ecx, uint32_t *edx)
-{
-	return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
-}
-
-#pragma GCC diagnostic ignored "-Wunknown-pragmas"
-#pragma GCC push_options
-#pragma GCC target("xsave")
-#pragma clang attribute push (__attribute__((target("xsave"))), apply_to=function)
-
-// xgetbv reads the contents of an XCR (Extended Control Register)
-// specified in the ECX register into registers EDX:EAX.
-// Currently, the only supported value for XCR is 0.
-void
-gccgoXgetbv(uint32_t *eax, uint32_t *edx)
-{
-	uint64_t v = _xgetbv(0);
-	*eax = v & 0xffffffff;
-	*edx = v >> 32;
-}
-
-#pragma clang attribute pop
-#pragma GCC pop_options
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
deleted file mode 100644
index 99c60fe9..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (386 || amd64 || amd64p32) && gccgo
-
-package cpu
-
-//extern gccgoGetCpuidCount
-func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
-
-func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
-	var a, b, c, d uint32
-	gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
-	return a, b, c, d
-}
-
-//extern gccgoXgetbv
-func gccgoXgetbv(eax, edx *uint32)
-
-func xgetbv() (eax, edx uint32) {
-	var a, d uint32
-	gccgoXgetbv(&a, &d)
-	return a, d
-}
-
-// gccgo doesn't build on Darwin, per:
-// https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gcc.rb#L76
-func darwinSupportsAVX512() bool {
-	return false
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux.go b/vendor/golang.org/x/sys/cpu/cpu_linux.go
deleted file mode 100644
index 743eb543..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_linux.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !386 && !amd64 && !amd64p32 && !arm64
-
-package cpu
-
-func archInit() {
-	if err := readHWCAP(); err != nil {
-		return
-	}
-	doinit()
-	Initialized = true
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
deleted file mode 100644
index 2057006d..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-func doinit() {
-	ARM.HasSWP = isSet(hwCap, hwcap_SWP)
-	ARM.HasHALF = isSet(hwCap, hwcap_HALF)
-	ARM.HasTHUMB = isSet(hwCap, hwcap_THUMB)
-	ARM.Has26BIT = isSet(hwCap, hwcap_26BIT)
-	ARM.HasFASTMUL = isSet(hwCap, hwcap_FAST_MULT)
-	ARM.HasFPA = isSet(hwCap, hwcap_FPA)
-	ARM.HasVFP = isSet(hwCap, hwcap_VFP)
-	ARM.HasEDSP = isSet(hwCap, hwcap_EDSP)
-	ARM.HasJAVA = isSet(hwCap, hwcap_JAVA)
-	ARM.HasIWMMXT = isSet(hwCap, hwcap_IWMMXT)
-	ARM.HasCRUNCH = isSet(hwCap, hwcap_CRUNCH)
-	ARM.HasTHUMBEE = isSet(hwCap, hwcap_THUMBEE)
-	ARM.HasNEON = isSet(hwCap, hwcap_NEON)
-	ARM.HasVFPv3 = isSet(hwCap, hwcap_VFPv3)
-	ARM.HasVFPv3D16 = isSet(hwCap, hwcap_VFPv3D16)
-	ARM.HasTLS = isSet(hwCap, hwcap_TLS)
-	ARM.HasVFPv4 = isSet(hwCap, hwcap_VFPv4)
-	ARM.HasIDIVA = isSet(hwCap, hwcap_IDIVA)
-	ARM.HasIDIVT = isSet(hwCap, hwcap_IDIVT)
-	ARM.HasVFPD32 = isSet(hwCap, hwcap_VFPD32)
-	ARM.HasLPAE = isSet(hwCap, hwcap_LPAE)
-	ARM.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
-	ARM.HasAES = isSet(hwCap2, hwcap2_AES)
-	ARM.HasPMULL = isSet(hwCap2, hwcap2_PMULL)
-	ARM.HasSHA1 = isSet(hwCap2, hwcap2_SHA1)
-	ARM.HasSHA2 = isSet(hwCap2, hwcap2_SHA2)
-	ARM.HasCRC32 = isSet(hwCap2, hwcap2_CRC32)
-}
-
-func isSet(hwc uint, value uint) bool {
-	return hwc&value != 0
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
deleted file mode 100644
index a968b80f..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
+++ /dev/null
@@ -1,111 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-import (
-	"strings"
-	"syscall"
-)
-
-// HWCAP/HWCAP2 bits. These are exposed by Linux.
-const (
-	hwcap_FP       = 1 << 0
-	hwcap_ASIMD    = 1 << 1
-	hwcap_EVTSTRM  = 1 << 2
-	hwcap_AES      = 1 << 3
-	hwcap_PMULL    = 1 << 4
-	hwcap_SHA1     = 1 << 5
-	hwcap_SHA2     = 1 << 6
-	hwcap_CRC32    = 1 << 7
-	hwcap_ATOMICS  = 1 << 8
-	hwcap_FPHP     = 1 << 9
-	hwcap_ASIMDHP  = 1 << 10
-	hwcap_CPUID    = 1 << 11
-	hwcap_ASIMDRDM = 1 << 12
-	hwcap_JSCVT    = 1 << 13
-	hwcap_FCMA     = 1 << 14
-	hwcap_LRCPC    = 1 << 15
-	hwcap_DCPOP    = 1 << 16
-	hwcap_SHA3     = 1 << 17
-	hwcap_SM3      = 1 << 18
-	hwcap_SM4      = 1 << 19
-	hwcap_ASIMDDP  = 1 << 20
-	hwcap_SHA512   = 1 << 21
-	hwcap_SVE      = 1 << 22
-	hwcap_ASIMDFHM = 1 << 23
-)
-
-// linuxKernelCanEmulateCPUID reports whether we're running
-// on Linux 4.11+. Ideally we'd like to ask the question about
-// whether the current kernel contains
-// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77c97b4ee21290f5f083173d957843b615abbff2
-// but the version number will have to do.
-func linuxKernelCanEmulateCPUID() bool {
-	var un syscall.Utsname
-	syscall.Uname(&un)
-	var sb strings.Builder
-	for _, b := range un.Release[:] {
-		if b == 0 {
-			break
-		}
-		sb.WriteByte(byte(b))
-	}
-	major, minor, _, ok := parseRelease(sb.String())
-	return ok && (major > 4 || major == 4 && minor >= 11)
-}
-
-func doinit() {
-	if err := readHWCAP(); err != nil {
-		// We failed to read /proc/self/auxv. This can happen if the binary has
-		// been given extra capabilities(7) with /bin/setcap.
-		//
-		// When this happens, we have two options. If the Linux kernel is new
-		// enough (4.11+), we can read the arm64 registers directly which'll
-		// trap into the kernel and then return back to userspace.
-		//
-		// But on older kernels, such as Linux 4.4.180 as used on many Synology
-		// devices, calling readARM64Registers (specifically getisar0) will
-		// cause a SIGILL and we'll die. So for older kernels, parse /proc/cpuinfo
-		// instead.
-		//
-		// See golang/go#57336.
-		if linuxKernelCanEmulateCPUID() {
-			readARM64Registers()
-		} else {
-			readLinuxProcCPUInfo()
-		}
-		return
-	}
-
-	// HWCAP feature bits
-	ARM64.HasFP = isSet(hwCap, hwcap_FP)
-	ARM64.HasASIMD = isSet(hwCap, hwcap_ASIMD)
-	ARM64.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
-	ARM64.HasAES = isSet(hwCap, hwcap_AES)
-	ARM64.HasPMULL = isSet(hwCap, hwcap_PMULL)
-	ARM64.HasSHA1 = isSet(hwCap, hwcap_SHA1)
-	ARM64.HasSHA2 = isSet(hwCap, hwcap_SHA2)
-	ARM64.HasCRC32 = isSet(hwCap, hwcap_CRC32)
-	ARM64.HasATOMICS = isSet(hwCap, hwcap_ATOMICS)
-	ARM64.HasFPHP = isSet(hwCap, hwcap_FPHP)
-	ARM64.HasASIMDHP = isSet(hwCap, hwcap_ASIMDHP)
-	ARM64.HasCPUID = isSet(hwCap, hwcap_CPUID)
-	ARM64.HasASIMDRDM = isSet(hwCap, hwcap_ASIMDRDM)
-	ARM64.HasJSCVT = isSet(hwCap, hwcap_JSCVT)
-	ARM64.HasFCMA = isSet(hwCap, hwcap_FCMA)
-	ARM64.HasLRCPC = isSet(hwCap, hwcap_LRCPC)
-	ARM64.HasDCPOP = isSet(hwCap, hwcap_DCPOP)
-	ARM64.HasSHA3 = isSet(hwCap, hwcap_SHA3)
-	ARM64.HasSM3 = isSet(hwCap, hwcap_SM3)
-	ARM64.HasSM4 = isSet(hwCap, hwcap_SM4)
-	ARM64.HasASIMDDP = isSet(hwCap, hwcap_ASIMDDP)
-	ARM64.HasSHA512 = isSet(hwCap, hwcap_SHA512)
-	ARM64.HasSVE = isSet(hwCap, hwcap_SVE)
-	ARM64.HasASIMDFHM = isSet(hwCap, hwcap_ASIMDFHM)
-}
-
-func isSet(hwc uint, value uint) bool {
-	return hwc&value != 0
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
deleted file mode 100644
index 4686c1d5..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build linux && (mips64 || mips64le)
-
-package cpu
-
-// HWCAP bits. These are exposed by the Linux kernel 5.4.
-const (
-	// CPU features
-	hwcap_MIPS_MSA = 1 << 1
-)
-
-func doinit() {
-	// HWCAP feature bits
-	MIPS64X.HasMSA = isSet(hwCap, hwcap_MIPS_MSA)
-}
-
-func isSet(hwc uint, value uint) bool {
-	return hwc&value != 0
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
deleted file mode 100644
index cd63e733..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x
-
-package cpu
-
-func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
deleted file mode 100644
index 197188e6..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build linux && (ppc64 || ppc64le)
-
-package cpu
-
-// HWCAP/HWCAP2 bits. These are exposed by the kernel.
-const (
-	// ISA Level
-	_PPC_FEATURE2_ARCH_2_07 = 0x80000000
-	_PPC_FEATURE2_ARCH_3_00 = 0x00800000
-
-	// CPU features
-	_PPC_FEATURE2_DARN = 0x00200000
-	_PPC_FEATURE2_SCV  = 0x00100000
-)
-
-func doinit() {
-	// HWCAP2 feature bits
-	PPC64.IsPOWER8 = isSet(hwCap2, _PPC_FEATURE2_ARCH_2_07)
-	PPC64.IsPOWER9 = isSet(hwCap2, _PPC_FEATURE2_ARCH_3_00)
-	PPC64.HasDARN = isSet(hwCap2, _PPC_FEATURE2_DARN)
-	PPC64.HasSCV = isSet(hwCap2, _PPC_FEATURE2_SCV)
-}
-
-func isSet(hwc uint, value uint) bool {
-	return hwc&value != 0
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
deleted file mode 100644
index 1517ac61..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-const (
-	// bit mask values from /usr/include/bits/hwcap.h
-	hwcap_ZARCH  = 2
-	hwcap_STFLE  = 4
-	hwcap_MSA    = 8
-	hwcap_LDISP  = 16
-	hwcap_EIMM   = 32
-	hwcap_DFP    = 64
-	hwcap_ETF3EH = 256
-	hwcap_VX     = 2048
-	hwcap_VXE    = 8192
-)
-
-func initS390Xbase() {
-	// test HWCAP bit vector
-	has := func(featureMask uint) bool {
-		return hwCap&featureMask == featureMask
-	}
-
-	// mandatory
-	S390X.HasZARCH = has(hwcap_ZARCH)
-
-	// optional
-	S390X.HasSTFLE = has(hwcap_STFLE)
-	S390X.HasLDISP = has(hwcap_LDISP)
-	S390X.HasEIMM = has(hwcap_EIMM)
-	S390X.HasETF3EH = has(hwcap_ETF3EH)
-	S390X.HasDFP = has(hwcap_DFP)
-	S390X.HasMSA = has(hwcap_MSA)
-	S390X.HasVX = has(hwcap_VX)
-	if S390X.HasVX {
-		S390X.HasVXE = has(hwcap_VXE)
-	}
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
deleted file mode 100644
index 55863585..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_loong64.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build loong64
-
-package cpu
-
-const cacheLineSize = 64
-
-func initOptions() {
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
deleted file mode 100644
index fedb00cc..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build mips64 || mips64le
-
-package cpu
-
-const cacheLineSize = 32
-
-func initOptions() {
-	options = []option{
-		{Name: "msa", Feature: &MIPS64X.HasMSA},
-	}
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
deleted file mode 100644
index ffb4ec7e..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build mips || mipsle
-
-package cpu
-
-const cacheLineSize = 32
-
-func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
deleted file mode 100644
index ebfb3fc8..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
+++ /dev/null
@@ -1,173 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// Minimal copy of functionality from x/sys/unix so the cpu package can call
-// sysctl without depending on x/sys/unix.
-
-const (
-	_CTL_QUERY = -2
-
-	_SYSCTL_VERS_1 = 0x1000000
-)
-
-var _zero uintptr
-
-func sysctl(mib []int32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	var _p0 unsafe.Pointer
-	if len(mib) > 0 {
-		_p0 = unsafe.Pointer(&mib[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	_, _, errno := syscall.Syscall6(
-		syscall.SYS___SYSCTL,
-		uintptr(_p0),
-		uintptr(len(mib)),
-		uintptr(unsafe.Pointer(old)),
-		uintptr(unsafe.Pointer(oldlen)),
-		uintptr(unsafe.Pointer(new)),
-		uintptr(newlen))
-	if errno != 0 {
-		return errno
-	}
-	return nil
-}
-
-type sysctlNode struct {
-	Flags          uint32
-	Num            int32
-	Name           [32]int8
-	Ver            uint32
-	__rsvd         uint32
-	Un             [16]byte
-	_sysctl_size   [8]byte
-	_sysctl_func   [8]byte
-	_sysctl_parent [8]byte
-	_sysctl_desc   [8]byte
-}
-
-func sysctlNodes(mib []int32) ([]sysctlNode, error) {
-	var olen uintptr
-
-	// Get a list of all sysctl nodes below the given MIB by performing
-	// a sysctl for the given MIB with CTL_QUERY appended.
-	mib = append(mib, _CTL_QUERY)
-	qnode := sysctlNode{Flags: _SYSCTL_VERS_1}
-	qp := (*byte)(unsafe.Pointer(&qnode))
-	sz := unsafe.Sizeof(qnode)
-	if err := sysctl(mib, nil, &olen, qp, sz); err != nil {
-		return nil, err
-	}
-
-	// Now that we know the size, get the actual nodes.
-	nodes := make([]sysctlNode, olen/sz)
-	np := (*byte)(unsafe.Pointer(&nodes[0]))
-	if err := sysctl(mib, np, &olen, qp, sz); err != nil {
-		return nil, err
-	}
-
-	return nodes, nil
-}
-
-func nametomib(name string) ([]int32, error) {
-	// Split name into components.
-	var parts []string
-	last := 0
-	for i := 0; i < len(name); i++ {
-		if name[i] == '.' {
-			parts = append(parts, name[last:i])
-			last = i + 1
-		}
-	}
-	parts = append(parts, name[last:])
-
-	mib := []int32{}
-	// Discover the nodes and construct the MIB OID.
-	for partno, part := range parts {
-		nodes, err := sysctlNodes(mib)
-		if err != nil {
-			return nil, err
-		}
-		for _, node := range nodes {
-			n := make([]byte, 0)
-			for i := range node.Name {
-				if node.Name[i] != 0 {
-					n = append(n, byte(node.Name[i]))
-				}
-			}
-			if string(n) == part {
-				mib = append(mib, int32(node.Num))
-				break
-			}
-		}
-		if len(mib) != partno+1 {
-			return nil, err
-		}
-	}
-
-	return mib, nil
-}
-
-// aarch64SysctlCPUID is struct aarch64_sysctl_cpu_id from NetBSD's <aarch64/armreg.h>
-type aarch64SysctlCPUID struct {
-	midr      uint64 /* Main ID Register */
-	revidr    uint64 /* Revision ID Register */
-	mpidr     uint64 /* Multiprocessor Affinity Register */
-	aa64dfr0  uint64 /* A64 Debug Feature Register 0 */
-	aa64dfr1  uint64 /* A64 Debug Feature Register 1 */
-	aa64isar0 uint64 /* A64 Instruction Set Attribute Register 0 */
-	aa64isar1 uint64 /* A64 Instruction Set Attribute Register 1 */
-	aa64mmfr0 uint64 /* A64 Memory Model Feature Register 0 */
-	aa64mmfr1 uint64 /* A64 Memory Model Feature Register 1 */
-	aa64mmfr2 uint64 /* A64 Memory Model Feature Register 2 */
-	aa64pfr0  uint64 /* A64 Processor Feature Register 0 */
-	aa64pfr1  uint64 /* A64 Processor Feature Register 1 */
-	aa64zfr0  uint64 /* A64 SVE Feature ID Register 0 */
-	mvfr0     uint32 /* Media and VFP Feature Register 0 */
-	mvfr1     uint32 /* Media and VFP Feature Register 1 */
-	mvfr2     uint32 /* Media and VFP Feature Register 2 */
-	pad       uint32
-	clidr     uint64 /* Cache Level ID Register */
-	ctr       uint64 /* Cache Type Register */
-}
-
-func sysctlCPUID(name string) (*aarch64SysctlCPUID, error) {
-	mib, err := nametomib(name)
-	if err != nil {
-		return nil, err
-	}
-
-	out := aarch64SysctlCPUID{}
-	n := unsafe.Sizeof(out)
-	_, _, errno := syscall.Syscall6(
-		syscall.SYS___SYSCTL,
-		uintptr(unsafe.Pointer(&mib[0])),
-		uintptr(len(mib)),
-		uintptr(unsafe.Pointer(&out)),
-		uintptr(unsafe.Pointer(&n)),
-		uintptr(0),
-		uintptr(0))
-	if errno != 0 {
-		return nil, errno
-	}
-	return &out, nil
-}
-
-func doinit() {
-	cpuid, err := sysctlCPUID("machdep.cpu0.cpu_id")
-	if err != nil {
-		setMinimalFeatures()
-		return
-	}
-	parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0)
-
-	Initialized = true
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
deleted file mode 100644
index 85b64d5c..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// Minimal copy of functionality from x/sys/unix so the cpu package can call
-// sysctl without depending on x/sys/unix.
-
-const (
-	// From OpenBSD's sys/sysctl.h.
-	_CTL_MACHDEP = 7
-
-	// From OpenBSD's machine/cpu.h.
-	_CPU_ID_AA64ISAR0 = 2
-	_CPU_ID_AA64ISAR1 = 3
-)
-
-// Implemented in the runtime package (runtime/sys_openbsd3.go)
-func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
-
-//go:linkname syscall_syscall6 syscall.syscall6
-
-func sysctl(mib []uint32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
-	_, _, errno := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(unsafe.Pointer(&mib[0])), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
-	if errno != 0 {
-		return errno
-	}
-	return nil
-}
-
-var libc_sysctl_trampoline_addr uintptr
-
-//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
-
-func sysctlUint64(mib []uint32) (uint64, bool) {
-	var out uint64
-	nout := unsafe.Sizeof(out)
-	if err := sysctl(mib, (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); err != nil {
-		return 0, false
-	}
-	return out, true
-}
-
-func doinit() {
-	setMinimalFeatures()
-
-	// Get ID_AA64ISAR0 and ID_AA64ISAR1 from sysctl.
-	isar0, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR0})
-	if !ok {
-		return
-	}
-	isar1, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR1})
-	if !ok {
-		return
-	}
-	parseARM64SystemRegisters(isar0, isar1, 0)
-
-	Initialized = true
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
deleted file mode 100644
index 054ba05d..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-#include "textflag.h"
-
-TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
-	JMP	libc_sysctl(SB)
-
-GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
-DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
deleted file mode 100644
index e9ecf2a4..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !linux && arm
-
-package cpu
-
-func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
deleted file mode 100644
index 5341e7f8..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !linux && !netbsd && !openbsd && arm64
-
-package cpu
-
-func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
deleted file mode 100644
index 5f8f2419..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !linux && (mips64 || mips64le)
-
-package cpu
-
-func archInit() {
-	Initialized = true
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
deleted file mode 100644
index 89608fba..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !aix && !linux && (ppc64 || ppc64le)
-
-package cpu
-
-func archInit() {
-	PPC64.IsPOWER8 = true
-	Initialized = true
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
deleted file mode 100644
index 5ab87808..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !linux && riscv64
-
-package cpu
-
-func archInit() {
-	Initialized = true
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
deleted file mode 100644
index c14f12b1..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build ppc64 || ppc64le
-
-package cpu
-
-const cacheLineSize = 128
-
-func initOptions() {
-	options = []option{
-		{Name: "darn", Feature: &PPC64.HasDARN},
-		{Name: "scv", Feature: &PPC64.HasSCV},
-	}
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
deleted file mode 100644
index 7f0c79c0..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build riscv64
-
-package cpu
-
-const cacheLineSize = 64
-
-func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
deleted file mode 100644
index 5881b883..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.go
+++ /dev/null
@@ -1,172 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-const cacheLineSize = 256
-
-func initOptions() {
-	options = []option{
-		{Name: "zarch", Feature: &S390X.HasZARCH, Required: true},
-		{Name: "stfle", Feature: &S390X.HasSTFLE, Required: true},
-		{Name: "ldisp", Feature: &S390X.HasLDISP, Required: true},
-		{Name: "eimm", Feature: &S390X.HasEIMM, Required: true},
-		{Name: "dfp", Feature: &S390X.HasDFP},
-		{Name: "etf3eh", Feature: &S390X.HasETF3EH},
-		{Name: "msa", Feature: &S390X.HasMSA},
-		{Name: "aes", Feature: &S390X.HasAES},
-		{Name: "aescbc", Feature: &S390X.HasAESCBC},
-		{Name: "aesctr", Feature: &S390X.HasAESCTR},
-		{Name: "aesgcm", Feature: &S390X.HasAESGCM},
-		{Name: "ghash", Feature: &S390X.HasGHASH},
-		{Name: "sha1", Feature: &S390X.HasSHA1},
-		{Name: "sha256", Feature: &S390X.HasSHA256},
-		{Name: "sha3", Feature: &S390X.HasSHA3},
-		{Name: "sha512", Feature: &S390X.HasSHA512},
-		{Name: "vx", Feature: &S390X.HasVX},
-		{Name: "vxe", Feature: &S390X.HasVXE},
-	}
-}
-
-// bitIsSet reports whether the bit at index is set. The bit index
-// is in big endian order, so bit index 0 is the leftmost bit.
-func bitIsSet(bits []uint64, index uint) bool {
-	return bits[index/64]&((1<<63)>>(index%64)) != 0
-}
-
-// facility is a bit index for the named facility.
-type facility uint8
-
-const (
-	// mandatory facilities
-	zarch  facility = 1  // z architecture mode is active
-	stflef facility = 7  // store-facility-list-extended
-	ldisp  facility = 18 // long-displacement
-	eimm   facility = 21 // extended-immediate
-
-	// miscellaneous facilities
-	dfp    facility = 42 // decimal-floating-point
-	etf3eh facility = 30 // extended-translation 3 enhancement
-
-	// cryptography facilities
-	msa  facility = 17  // message-security-assist
-	msa3 facility = 76  // message-security-assist extension 3
-	msa4 facility = 77  // message-security-assist extension 4
-	msa5 facility = 57  // message-security-assist extension 5
-	msa8 facility = 146 // message-security-assist extension 8
-	msa9 facility = 155 // message-security-assist extension 9
-
-	// vector facilities
-	vx   facility = 129 // vector facility
-	vxe  facility = 135 // vector-enhancements 1
-	vxe2 facility = 148 // vector-enhancements 2
-)
-
-// facilityList contains the result of an STFLE call.
-// Bits are numbered in big endian order so the
-// leftmost bit (the MSB) is at index 0.
-type facilityList struct {
-	bits [4]uint64
-}
-
-// Has reports whether the given facilities are present.
-func (s *facilityList) Has(fs ...facility) bool {
-	if len(fs) == 0 {
-		panic("no facility bits provided")
-	}
-	for _, f := range fs {
-		if !bitIsSet(s.bits[:], uint(f)) {
-			return false
-		}
-	}
-	return true
-}
-
-// function is the code for the named cryptographic function.
-type function uint8
-
-const (
-	// KM{,A,C,CTR} function codes
-	aes128 function = 18 // AES-128
-	aes192 function = 19 // AES-192
-	aes256 function = 20 // AES-256
-
-	// K{I,L}MD function codes
-	sha1     function = 1  // SHA-1
-	sha256   function = 2  // SHA-256
-	sha512   function = 3  // SHA-512
-	sha3_224 function = 32 // SHA3-224
-	sha3_256 function = 33 // SHA3-256
-	sha3_384 function = 34 // SHA3-384
-	sha3_512 function = 35 // SHA3-512
-	shake128 function = 36 // SHAKE-128
-	shake256 function = 37 // SHAKE-256
-
-	// KLMD function codes
-	ghash function = 65 // GHASH
-)
-
-// queryResult contains the result of a Query function
-// call. Bits are numbered in big endian order so the
-// leftmost bit (the MSB) is at index 0.
-type queryResult struct {
-	bits [2]uint64
-}
-
-// Has reports whether the given functions are present.
-func (q *queryResult) Has(fns ...function) bool {
-	if len(fns) == 0 {
-		panic("no function codes provided")
-	}
-	for _, f := range fns {
-		if !bitIsSet(q.bits[:], uint(f)) {
-			return false
-		}
-	}
-	return true
-}
-
-func doinit() {
-	initS390Xbase()
-
-	// We need implementations of stfle, km and so on
-	// to detect cryptographic features.
-	if !haveAsmFunctions() {
-		return
-	}
-
-	// optional cryptographic functions
-	if S390X.HasMSA {
-		aes := []function{aes128, aes192, aes256}
-
-		// cipher message
-		km, kmc := kmQuery(), kmcQuery()
-		S390X.HasAES = km.Has(aes...)
-		S390X.HasAESCBC = kmc.Has(aes...)
-		if S390X.HasSTFLE {
-			facilities := stfle()
-			if facilities.Has(msa4) {
-				kmctr := kmctrQuery()
-				S390X.HasAESCTR = kmctr.Has(aes...)
-			}
-			if facilities.Has(msa8) {
-				kma := kmaQuery()
-				S390X.HasAESGCM = kma.Has(aes...)
-			}
-		}
-
-		// compute message digest
-		kimd := kimdQuery() // intermediate (no padding)
-		klmd := klmdQuery() // last (padding)
-		S390X.HasSHA1 = kimd.Has(sha1) && klmd.Has(sha1)
-		S390X.HasSHA256 = kimd.Has(sha256) && klmd.Has(sha256)
-		S390X.HasSHA512 = kimd.Has(sha512) && klmd.Has(sha512)
-		S390X.HasGHASH = kimd.Has(ghash) // KLMD-GHASH does not exist
-		sha3 := []function{
-			sha3_224, sha3_256, sha3_384, sha3_512,
-			shake128, shake256,
-		}
-		S390X.HasSHA3 = kimd.Has(sha3...) && klmd.Has(sha3...)
-	}
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
deleted file mode 100644
index 1fb4b701..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.s
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gc
-
-#include "textflag.h"
-
-// func stfle() facilityList
-TEXT ·stfle(SB), NOSPLIT|NOFRAME, $0-32
-	MOVD $ret+0(FP), R1
-	MOVD $3, R0          // last doubleword index to store
-	XC   $32, (R1), (R1) // clear 4 doublewords (32 bytes)
-	WORD $0xb2b01000     // store facility list extended (STFLE)
-	RET
-
-// func kmQuery() queryResult
-TEXT ·kmQuery(SB), NOSPLIT|NOFRAME, $0-16
-	MOVD $0, R0         // set function code to 0 (KM-Query)
-	MOVD $ret+0(FP), R1 // address of 16-byte return value
-	WORD $0xB92E0024    // cipher message (KM)
-	RET
-
-// func kmcQuery() queryResult
-TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16
-	MOVD $0, R0         // set function code to 0 (KMC-Query)
-	MOVD $ret+0(FP), R1 // address of 16-byte return value
-	WORD $0xB92F0024    // cipher message with chaining (KMC)
-	RET
-
-// func kmctrQuery() queryResult
-TEXT ·kmctrQuery(SB), NOSPLIT|NOFRAME, $0-16
-	MOVD $0, R0         // set function code to 0 (KMCTR-Query)
-	MOVD $ret+0(FP), R1 // address of 16-byte return value
-	WORD $0xB92D4024    // cipher message with counter (KMCTR)
-	RET
-
-// func kmaQuery() queryResult
-TEXT ·kmaQuery(SB), NOSPLIT|NOFRAME, $0-16
-	MOVD $0, R0         // set function code to 0 (KMA-Query)
-	MOVD $ret+0(FP), R1 // address of 16-byte return value
-	WORD $0xb9296024    // cipher message with authentication (KMA)
-	RET
-
-// func kimdQuery() queryResult
-TEXT ·kimdQuery(SB), NOSPLIT|NOFRAME, $0-16
-	MOVD $0, R0         // set function code to 0 (KIMD-Query)
-	MOVD $ret+0(FP), R1 // address of 16-byte return value
-	WORD $0xB93E0024    // compute intermediate message digest (KIMD)
-	RET
-
-// func klmdQuery() queryResult
-TEXT ·klmdQuery(SB), NOSPLIT|NOFRAME, $0-16
-	MOVD $0, R0         // set function code to 0 (KLMD-Query)
-	MOVD $ret+0(FP), R1 // address of 16-byte return value
-	WORD $0xB93F0024    // compute last message digest (KLMD)
-	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
deleted file mode 100644
index 384787ea..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_wasm.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build wasm
-
-package cpu
-
-// We're compiling the cpu package for an unknown (software-abstracted) CPU.
-// Make CacheLinePad an empty struct and hope that the usual struct alignment
-// rules are good enough.
-
-const cacheLineSize = 0
-
-func initOptions() {}
-
-func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
deleted file mode 100644
index c29f5e4c..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ /dev/null
@@ -1,151 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build 386 || amd64 || amd64p32
-
-package cpu
-
-import "runtime"
-
-const cacheLineSize = 64
-
-func initOptions() {
-	options = []option{
-		{Name: "adx", Feature: &X86.HasADX},
-		{Name: "aes", Feature: &X86.HasAES},
-		{Name: "avx", Feature: &X86.HasAVX},
-		{Name: "avx2", Feature: &X86.HasAVX2},
-		{Name: "avx512", Feature: &X86.HasAVX512},
-		{Name: "avx512f", Feature: &X86.HasAVX512F},
-		{Name: "avx512cd", Feature: &X86.HasAVX512CD},
-		{Name: "avx512er", Feature: &X86.HasAVX512ER},
-		{Name: "avx512pf", Feature: &X86.HasAVX512PF},
-		{Name: "avx512vl", Feature: &X86.HasAVX512VL},
-		{Name: "avx512bw", Feature: &X86.HasAVX512BW},
-		{Name: "avx512dq", Feature: &X86.HasAVX512DQ},
-		{Name: "avx512ifma", Feature: &X86.HasAVX512IFMA},
-		{Name: "avx512vbmi", Feature: &X86.HasAVX512VBMI},
-		{Name: "avx512vnniw", Feature: &X86.HasAVX5124VNNIW},
-		{Name: "avx5124fmaps", Feature: &X86.HasAVX5124FMAPS},
-		{Name: "avx512vpopcntdq", Feature: &X86.HasAVX512VPOPCNTDQ},
-		{Name: "avx512vpclmulqdq", Feature: &X86.HasAVX512VPCLMULQDQ},
-		{Name: "avx512vnni", Feature: &X86.HasAVX512VNNI},
-		{Name: "avx512gfni", Feature: &X86.HasAVX512GFNI},
-		{Name: "avx512vaes", Feature: &X86.HasAVX512VAES},
-		{Name: "avx512vbmi2", Feature: &X86.HasAVX512VBMI2},
-		{Name: "avx512bitalg", Feature: &X86.HasAVX512BITALG},
-		{Name: "avx512bf16", Feature: &X86.HasAVX512BF16},
-		{Name: "amxtile", Feature: &X86.HasAMXTile},
-		{Name: "amxint8", Feature: &X86.HasAMXInt8},
-		{Name: "amxbf16", Feature: &X86.HasAMXBF16},
-		{Name: "bmi1", Feature: &X86.HasBMI1},
-		{Name: "bmi2", Feature: &X86.HasBMI2},
-		{Name: "cx16", Feature: &X86.HasCX16},
-		{Name: "erms", Feature: &X86.HasERMS},
-		{Name: "fma", Feature: &X86.HasFMA},
-		{Name: "osxsave", Feature: &X86.HasOSXSAVE},
-		{Name: "pclmulqdq", Feature: &X86.HasPCLMULQDQ},
-		{Name: "popcnt", Feature: &X86.HasPOPCNT},
-		{Name: "rdrand", Feature: &X86.HasRDRAND},
-		{Name: "rdseed", Feature: &X86.HasRDSEED},
-		{Name: "sse3", Feature: &X86.HasSSE3},
-		{Name: "sse41", Feature: &X86.HasSSE41},
-		{Name: "sse42", Feature: &X86.HasSSE42},
-		{Name: "ssse3", Feature: &X86.HasSSSE3},
-
-		// These capabilities should always be enabled on amd64:
-		{Name: "sse2", Feature: &X86.HasSSE2, Required: runtime.GOARCH == "amd64"},
-	}
-}
-
-func archInit() {
-
-	Initialized = true
-
-	maxID, _, _, _ := cpuid(0, 0)
-
-	if maxID < 1 {
-		return
-	}
-
-	_, _, ecx1, edx1 := cpuid(1, 0)
-	X86.HasSSE2 = isSet(26, edx1)
-
-	X86.HasSSE3 = isSet(0, ecx1)
-	X86.HasPCLMULQDQ = isSet(1, ecx1)
-	X86.HasSSSE3 = isSet(9, ecx1)
-	X86.HasFMA = isSet(12, ecx1)
-	X86.HasCX16 = isSet(13, ecx1)
-	X86.HasSSE41 = isSet(19, ecx1)
-	X86.HasSSE42 = isSet(20, ecx1)
-	X86.HasPOPCNT = isSet(23, ecx1)
-	X86.HasAES = isSet(25, ecx1)
-	X86.HasOSXSAVE = isSet(27, ecx1)
-	X86.HasRDRAND = isSet(30, ecx1)
-
-	var osSupportsAVX, osSupportsAVX512 bool
-	// For XGETBV, OSXSAVE bit is required and sufficient.
-	if X86.HasOSXSAVE {
-		eax, _ := xgetbv()
-		// Check if XMM and YMM registers have OS support.
-		osSupportsAVX = isSet(1, eax) && isSet(2, eax)
-
-		if runtime.GOOS == "darwin" {
-			// Darwin doesn't save/restore AVX-512 mask registers correctly across signal handlers.
-			// Since users can't rely on mask register contents, let's not advertise AVX-512 support.
-			// See issue 49233.
-			osSupportsAVX512 = false
-		} else {
-			// Check if OPMASK and ZMM registers have OS support.
-			osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax)
-		}
-	}
-
-	X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
-
-	if maxID < 7 {
-		return
-	}
-
-	_, ebx7, ecx7, edx7 := cpuid(7, 0)
-	X86.HasBMI1 = isSet(3, ebx7)
-	X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
-	X86.HasBMI2 = isSet(8, ebx7)
-	X86.HasERMS = isSet(9, ebx7)
-	X86.HasRDSEED = isSet(18, ebx7)
-	X86.HasADX = isSet(19, ebx7)
-
-	X86.HasAVX512 = isSet(16, ebx7) && osSupportsAVX512 // Because avx-512 foundation is the core required extension
-	if X86.HasAVX512 {
-		X86.HasAVX512F = true
-		X86.HasAVX512CD = isSet(28, ebx7)
-		X86.HasAVX512ER = isSet(27, ebx7)
-		X86.HasAVX512PF = isSet(26, ebx7)
-		X86.HasAVX512VL = isSet(31, ebx7)
-		X86.HasAVX512BW = isSet(30, ebx7)
-		X86.HasAVX512DQ = isSet(17, ebx7)
-		X86.HasAVX512IFMA = isSet(21, ebx7)
-		X86.HasAVX512VBMI = isSet(1, ecx7)
-		X86.HasAVX5124VNNIW = isSet(2, edx7)
-		X86.HasAVX5124FMAPS = isSet(3, edx7)
-		X86.HasAVX512VPOPCNTDQ = isSet(14, ecx7)
-		X86.HasAVX512VPCLMULQDQ = isSet(10, ecx7)
-		X86.HasAVX512VNNI = isSet(11, ecx7)
-		X86.HasAVX512GFNI = isSet(8, ecx7)
-		X86.HasAVX512VAES = isSet(9, ecx7)
-		X86.HasAVX512VBMI2 = isSet(6, ecx7)
-		X86.HasAVX512BITALG = isSet(12, ecx7)
-
-		eax71, _, _, _ := cpuid(7, 1)
-		X86.HasAVX512BF16 = isSet(5, eax71)
-	}
-
-	X86.HasAMXTile = isSet(24, edx7)
-	X86.HasAMXInt8 = isSet(25, edx7)
-	X86.HasAMXBF16 = isSet(22, edx7)
-}
-
-func isSet(bitpos uint, value uint32) bool {
-	return value&(1<<bitpos) != 0
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
deleted file mode 100644
index 7d7ba33e..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (386 || amd64 || amd64p32) && gc
-
-#include "textflag.h"
-
-// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
-TEXT ·cpuid(SB), NOSPLIT, $0-24
-	MOVL eaxArg+0(FP), AX
-	MOVL ecxArg+4(FP), CX
-	CPUID
-	MOVL AX, eax+8(FP)
-	MOVL BX, ebx+12(FP)
-	MOVL CX, ecx+16(FP)
-	MOVL DX, edx+20(FP)
-	RET
-
-// func xgetbv() (eax, edx uint32)
-TEXT ·xgetbv(SB),NOSPLIT,$0-8
-	MOVL $0, CX
-	XGETBV
-	MOVL AX, eax+0(FP)
-	MOVL DX, edx+4(FP)
-	RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos.go b/vendor/golang.org/x/sys/cpu/cpu_zos.go
deleted file mode 100644
index 5f54683a..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_zos.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-func archInit() {
-	doinit()
-	Initialized = true
-}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
deleted file mode 100644
index ccb1b708..00000000
--- a/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-func initS390Xbase() {
-	// get the facilities list
-	facilities := stfle()
-
-	// mandatory
-	S390X.HasZARCH = facilities.Has(zarch)
-	S390X.HasSTFLE = facilities.Has(stflef)
-	S390X.HasLDISP = facilities.Has(ldisp)
-	S390X.HasEIMM = facilities.Has(eimm)
-
-	// optional
-	S390X.HasETF3EH = facilities.Has(etf3eh)
-	S390X.HasDFP = facilities.Has(dfp)
-	S390X.HasMSA = facilities.Has(msa)
-	S390X.HasVX = facilities.Has(vx)
-	if S390X.HasVX {
-		S390X.HasVXE = facilities.Has(vxe)
-	}
-}
diff --git a/vendor/golang.org/x/sys/cpu/endian_big.go b/vendor/golang.org/x/sys/cpu/endian_big.go
deleted file mode 100644
index 7fe04b0a..00000000
--- a/vendor/golang.org/x/sys/cpu/endian_big.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2023 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-
-package cpu
-
-// IsBigEndian records whether the GOARCH's byte order is big endian.
-const IsBigEndian = true
diff --git a/vendor/golang.org/x/sys/cpu/endian_little.go b/vendor/golang.org/x/sys/cpu/endian_little.go
deleted file mode 100644
index 48eccc4c..00000000
--- a/vendor/golang.org/x/sys/cpu/endian_little.go
+++ /dev/null
@@ -1,10 +0,0 @@
-// Copyright 2023 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh || wasm
-
-package cpu
-
-// IsBigEndian records whether the GOARCH's byte order is big endian.
-const IsBigEndian = false
diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
deleted file mode 100644
index 34e49f95..00000000
--- a/vendor/golang.org/x/sys/cpu/hwcap_linux.go
+++ /dev/null
@@ -1,71 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-import (
-	"os"
-)
-
-const (
-	_AT_HWCAP  = 16
-	_AT_HWCAP2 = 26
-
-	procAuxv = "/proc/self/auxv"
-
-	uintSize = int(32 << (^uint(0) >> 63))
-)
-
-// For those platforms don't have a 'cpuid' equivalent we use HWCAP/HWCAP2
-// These are initialized in cpu_$GOARCH.go
-// and should not be changed after they are initialized.
-var hwCap uint
-var hwCap2 uint
-
-func readHWCAP() error {
-	// For Go 1.21+, get auxv from the Go runtime.
-	if a := getAuxv(); len(a) > 0 {
-		for len(a) >= 2 {
-			tag, val := a[0], uint(a[1])
-			a = a[2:]
-			switch tag {
-			case _AT_HWCAP:
-				hwCap = val
-			case _AT_HWCAP2:
-				hwCap2 = val
-			}
-		}
-		return nil
-	}
-
-	buf, err := os.ReadFile(procAuxv)
-	if err != nil {
-		// e.g. on android /proc/self/auxv is not accessible, so silently
-		// ignore the error and leave Initialized = false. On some
-		// architectures (e.g. arm64) doinit() implements a fallback
-		// readout and will set Initialized = true again.
-		return err
-	}
-	bo := hostByteOrder()
-	for len(buf) >= 2*(uintSize/8) {
-		var tag, val uint
-		switch uintSize {
-		case 32:
-			tag = uint(bo.Uint32(buf[0:]))
-			val = uint(bo.Uint32(buf[4:]))
-			buf = buf[8:]
-		case 64:
-			tag = uint(bo.Uint64(buf[0:]))
-			val = uint(bo.Uint64(buf[8:]))
-			buf = buf[16:]
-		}
-		switch tag {
-		case _AT_HWCAP:
-			hwCap = val
-		case _AT_HWCAP2:
-			hwCap2 = val
-		}
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/sys/cpu/parse.go b/vendor/golang.org/x/sys/cpu/parse.go
deleted file mode 100644
index 762b63d6..00000000
--- a/vendor/golang.org/x/sys/cpu/parse.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-import "strconv"
-
-// parseRelease parses a dot-separated version number. It follows the semver
-// syntax, but allows the minor and patch versions to be elided.
-//
-// This is a copy of the Go runtime's parseRelease from
-// https://golang.org/cl/209597.
-func parseRelease(rel string) (major, minor, patch int, ok bool) {
-	// Strip anything after a dash or plus.
-	for i := 0; i < len(rel); i++ {
-		if rel[i] == '-' || rel[i] == '+' {
-			rel = rel[:i]
-			break
-		}
-	}
-
-	next := func() (int, bool) {
-		for i := 0; i < len(rel); i++ {
-			if rel[i] == '.' {
-				ver, err := strconv.Atoi(rel[:i])
-				rel = rel[i+1:]
-				return ver, err == nil
-			}
-		}
-		ver, err := strconv.Atoi(rel)
-		rel = ""
-		return ver, err == nil
-	}
-	if major, ok = next(); !ok || rel == "" {
-		return
-	}
-	if minor, ok = next(); !ok || rel == "" {
-		return
-	}
-	patch, ok = next()
-	return
-}
diff --git a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
deleted file mode 100644
index 4cd64c70..00000000
--- a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
+++ /dev/null
@@ -1,53 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build linux && arm64
-
-package cpu
-
-import (
-	"errors"
-	"io"
-	"os"
-	"strings"
-)
-
-func readLinuxProcCPUInfo() error {
-	f, err := os.Open("/proc/cpuinfo")
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-
-	var buf [1 << 10]byte // enough for first CPU
-	n, err := io.ReadFull(f, buf[:])
-	if err != nil && err != io.ErrUnexpectedEOF {
-		return err
-	}
-	in := string(buf[:n])
-	const features = "\nFeatures	: "
-	i := strings.Index(in, features)
-	if i == -1 {
-		return errors.New("no CPU features found")
-	}
-	in = in[i+len(features):]
-	if i := strings.Index(in, "\n"); i != -1 {
-		in = in[:i]
-	}
-	m := map[string]*bool{}
-
-	initOptions() // need it early here; it's harmless to call twice
-	for _, o := range options {
-		m[o.Name] = o.Feature
-	}
-	// The EVTSTRM field has alias "evstrm" in Go, but Linux calls it "evtstrm".
-	m["evtstrm"] = &ARM64.HasEVTSTRM
-
-	for _, f := range strings.Fields(in) {
-		if p, ok := m[f]; ok {
-			*p = true
-		}
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv.go b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
deleted file mode 100644
index 5f92ac9a..00000000
--- a/vendor/golang.org/x/sys/cpu/runtime_auxv.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2023 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cpu
-
-// getAuxvFn is non-nil on Go 1.21+ (via runtime_auxv_go121.go init)
-// on platforms that use auxv.
-var getAuxvFn func() []uintptr
-
-func getAuxv() []uintptr {
-	if getAuxvFn == nil {
-		return nil
-	}
-	return getAuxvFn()
-}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
deleted file mode 100644
index 4c9788ea..00000000
--- a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2023 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.21
-
-package cpu
-
-import (
-	_ "unsafe" // for linkname
-)
-
-//go:linkname runtime_getAuxv runtime.getAuxv
-func runtime_getAuxv() []uintptr
-
-func init() {
-	getAuxvFn = runtime_getAuxv
-}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
deleted file mode 100644
index 1b9ccb09..00000000
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
+++ /dev/null
@@ -1,26 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Recreate a getsystemcfg syscall handler instead of
-// using the one provided by x/sys/unix to avoid having
-// the dependency between them. (See golang.org/issue/32102)
-// Moreover, this file will be used during the building of
-// gccgo's libgo and thus must not used a CGo method.
-
-//go:build aix && gccgo
-
-package cpu
-
-import (
-	"syscall"
-)
-
-//extern getsystemcfg
-func gccgoGetsystemcfg(label uint32) (r uint64)
-
-func callgetsystemcfg(label int) (r1 uintptr, e1 syscall.Errno) {
-	r1 = uintptr(gccgoGetsystemcfg(uint32(label)))
-	e1 = syscall.GetErrno()
-	return
-}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
deleted file mode 100644
index e8b6cdbe..00000000
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Minimal copy of x/sys/unix so the cpu package can make a
-// system call on AIX without depending on x/sys/unix.
-// (See golang.org/issue/32102)
-
-//go:build aix && ppc64 && gc
-
-package cpu
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-//go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o"
-
-//go:linkname libc_getsystemcfg libc_getsystemcfg
-
-type syscallFunc uintptr
-
-var libc_getsystemcfg syscallFunc
-
-type errno = syscall.Errno
-
-// Implemented in runtime/syscall_aix.go.
-func rawSyscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
-func syscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
-
-func callgetsystemcfg(label int) (r1 uintptr, e1 errno) {
-	r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsystemcfg)), 1, uintptr(label), 0, 0, 0, 0, 0)
-	return
-}
diff --git a/vendor/golang.org/x/sys/unix/README.md b/vendor/golang.org/x/sys/unix/README.md
index 7d3c060e..6e08a76a 100644
--- a/vendor/golang.org/x/sys/unix/README.md
+++ b/vendor/golang.org/x/sys/unix/README.md
@@ -156,7 +156,7 @@ from the generated architecture-specific files listed below, and merge these
 into a common file for each OS.
 
 The merge is performed in the following steps:
-1. Construct the set of common code that is idential in all architecture-specific files.
+1. Construct the set of common code that is identical in all architecture-specific files.
 2. Write this common code to the merged file.
 3. Remove the common code from all architecture-specific files.
 
diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go
index e7d3df4b..b0e41985 100644
--- a/vendor/golang.org/x/sys/unix/aliases.go
+++ b/vendor/golang.org/x/sys/unix/aliases.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
index 2f67ba86..813dfad7 100644
--- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -9,9 +9,11 @@
 #define PSALAA            1208(R0)
 #define GTAB64(x)           80(x)
 #define LCA64(x)            88(x)
+#define SAVSTACK_ASYNC(x)  336(x) // in the LCA
 #define CAA(x)               8(x)
-#define EDCHPXV(x)        1016(x)       // in the CAA
-#define SAVSTACK_ASYNC(x)  336(x)       // in the LCA
+#define CEECAATHDID(x)     976(x) // in the CAA
+#define EDCHPXV(x)        1016(x) // in the CAA
+#define GOCB(x)           1104(x) // in the CAA
 
 // SS_*, where x=SAVSTACK_ASYNC
 #define SS_LE(x)             0(x)
@@ -19,394 +21,125 @@
 #define SS_ERRNO(x)         16(x)
 #define SS_ERRNOJR(x)       20(x)
 
-#define LE_CALL BYTE $0x0D; BYTE $0x76; // BL R7, R6
+// Function Descriptor Offsets
+#define __errno  0x156*16
+#define __err2ad 0x16C*16
 
-TEXT ·clearErrno(SB),NOSPLIT,$0-0
-	BL	addrerrno<>(SB)
-	MOVD	$0, 0(R3)
+// Call Instructions
+#define LE_CALL    BYTE $0x0D; BYTE $0x76 // BL R7, R6
+#define SVC_LOAD   BYTE $0x0A; BYTE $0x08 // SVC 08 LOAD
+#define SVC_DELETE BYTE $0x0A; BYTE $0x09 // SVC 09 DELETE
+
+DATA zosLibVec<>(SB)/8, $0
+GLOBL zosLibVec<>(SB), NOPTR, $8
+
+TEXT ·initZosLibVec(SB), NOSPLIT|NOFRAME, $0-0
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD CAA(R8), R8
+	MOVD EDCHPXV(R8), R8
+	MOVD R8, zosLibVec<>(SB)
+	RET
+
+TEXT ·GetZosLibVec(SB), NOSPLIT|NOFRAME, $0-0
+	MOVD zosLibVec<>(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·clearErrno(SB), NOSPLIT, $0-0
+	BL   addrerrno<>(SB)
+	MOVD $0, 0(R3)
 	RET
 
 // Returns the address of errno in R3.
-TEXT addrerrno<>(SB),NOSPLIT|NOFRAME,$0-0
+TEXT addrerrno<>(SB), NOSPLIT|NOFRAME, $0-0
 	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
 
 	// Get __errno FuncDesc.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	ADD	$(0x156*16), R9
-	LMG	0(R9), R5, R6
+	MOVD CAA(R8), R9
+	MOVD EDCHPXV(R9), R9
+	ADD  $(__errno), R9
+	LMG  0(R9), R5, R6
 
 	// Switch to saved LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
+	MOVD SAVSTACK_ASYNC(R8), R9
+	MOVD 0(R9), R4
+	MOVD $0, 0(R9)
 
 	// Call __errno function.
 	LE_CALL
 	NOPH
 
 	// Switch back to Go stack.
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-	RET
-
-TEXT ·syscall_syscall(SB),NOSPLIT,$0-56
-	BL	runtime·entersyscall(SB)
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
-
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+32(FP)
-	MOVD	R0, r2+40(FP)
-	MOVD	R0, err+48(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+48(FP)
-done:
-	BL	runtime·exitsyscall(SB)
-	RET
-
-TEXT ·syscall_rawsyscall(SB),NOSPLIT,$0-56
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
-
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+32(FP)
-	MOVD	R0, r2+40(FP)
-	MOVD	R0, err+48(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+48(FP)
-done:
-	RET
-
-TEXT ·syscall_syscall6(SB),NOSPLIT,$0-80
-	BL	runtime·entersyscall(SB)
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
-
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Fill in parameter list.
-	MOVD	a4+32(FP), R12
-	MOVD	R12, (2176+24)(R4)
-	MOVD	a5+40(FP), R12
-	MOVD	R12, (2176+32)(R4)
-	MOVD	a6+48(FP), R12
-	MOVD	R12, (2176+40)(R4)
-
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+56(FP)
-	MOVD	R0, r2+64(FP)
-	MOVD	R0, err+72(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+72(FP)
-done:
-	BL	runtime·exitsyscall(SB)
-	RET
-
-TEXT ·syscall_rawsyscall6(SB),NOSPLIT,$0-80
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
-
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Fill in parameter list.
-	MOVD	a4+32(FP), R12
-	MOVD	R12, (2176+24)(R4)
-	MOVD	a5+40(FP), R12
-	MOVD	R12, (2176+32)(R4)
-	MOVD	a6+48(FP), R12
-	MOVD	R12, (2176+40)(R4)
-
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+56(FP)
-	MOVD	R0, r2+64(FP)
-	MOVD	R0, err+72(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	·rrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+72(FP)
-done:
-	RET
-
-TEXT ·syscall_syscall9(SB),NOSPLIT,$0
-	BL	runtime·entersyscall(SB)
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
-
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Fill in parameter list.
-	MOVD	a4+32(FP), R12
-	MOVD	R12, (2176+24)(R4)
-	MOVD	a5+40(FP), R12
-	MOVD	R12, (2176+32)(R4)
-	MOVD	a6+48(FP), R12
-	MOVD	R12, (2176+40)(R4)
-	MOVD	a7+56(FP), R12
-	MOVD	R12, (2176+48)(R4)
-	MOVD	a8+64(FP), R12
-	MOVD	R12, (2176+56)(R4)
-	MOVD	a9+72(FP), R12
-	MOVD	R12, (2176+64)(R4)
-
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+80(FP)
-	MOVD	R0, r2+88(FP)
-	MOVD	R0, err+96(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+96(FP)
-done:
-        BL	runtime·exitsyscall(SB)
-        RET
-
-TEXT ·syscall_rawsyscall9(SB),NOSPLIT,$0
-	MOVD	a1+8(FP), R1
-	MOVD	a2+16(FP), R2
-	MOVD	a3+24(FP), R3
-
-	// Get library control area (LCA).
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-
-	// Get function.
-	MOVD	CAA(R8), R9
-	MOVD	EDCHPXV(R9), R9
-	MOVD	trap+0(FP), R5
-	SLD	$4, R5
-	ADD	R5, R9
-	LMG	0(R9), R5, R6
-
-	// Restore LE stack.
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R4
-	MOVD	$0, 0(R9)
-
-	// Fill in parameter list.
-	MOVD	a4+32(FP), R12
-	MOVD	R12, (2176+24)(R4)
-	MOVD	a5+40(FP), R12
-	MOVD	R12, (2176+32)(R4)
-	MOVD	a6+48(FP), R12
-	MOVD	R12, (2176+40)(R4)
-	MOVD	a7+56(FP), R12
-	MOVD	R12, (2176+48)(R4)
-	MOVD	a8+64(FP), R12
-	MOVD	R12, (2176+56)(R4)
-	MOVD	a9+72(FP), R12
-	MOVD	R12, (2176+64)(R4)
-
-	// Call function.
-	LE_CALL
-	NOPH
-	XOR	R0, R0      // Restore R0 to $0.
-	MOVD	R4, 0(R9)   // Save stack pointer.
-
-	MOVD	R3, r1+80(FP)
-	MOVD	R0, r2+88(FP)
-	MOVD	R0, err+96(FP)
-	MOVW	R3, R4
-	CMP	R4, $-1
-	BNE	done
-	BL	addrerrno<>(SB)
-	MOVWZ	0(R3), R3
-	MOVD	R3, err+96(FP)
-done:
+	XOR  R0, R0    // Restore R0 to $0.
+	MOVD R4, 0(R9) // Save stack pointer.
 	RET
 
 // func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64)
-TEXT ·svcCall(SB),NOSPLIT,$0
-	BL	runtime·save_g(SB)   // Save g and stack pointer
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	R15, 0(R9)
+TEXT ·svcCall(SB), NOSPLIT, $0
+	BL   runtime·save_g(SB)     // Save g and stack pointer
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD SAVSTACK_ASYNC(R8), R9
+	MOVD R15, 0(R9)
 
-	MOVD	argv+8(FP), R1       // Move function arguments into registers
-	MOVD	dsa+16(FP), g
-	MOVD	fnptr+0(FP), R15
+	MOVD argv+8(FP), R1   // Move function arguments into registers
+	MOVD dsa+16(FP), g
+	MOVD fnptr+0(FP), R15
 
-	BYTE	$0x0D                // Branch to function
-	BYTE	$0xEF
+	BYTE $0x0D // Branch to function
+	BYTE $0xEF
 
-	BL	runtime·load_g(SB)   // Restore g and stack pointer
-	MOVW	PSALAA, R8
-	MOVD	LCA64(R8), R8
-	MOVD	SAVSTACK_ASYNC(R8), R9
-	MOVD	0(R9), R15
+	BL   runtime·load_g(SB)     // Restore g and stack pointer
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD SAVSTACK_ASYNC(R8), R9
+	MOVD 0(R9), R15
 
 	RET
 
 // func svcLoad(name *byte) unsafe.Pointer
-TEXT ·svcLoad(SB),NOSPLIT,$0
-	MOVD	R15, R2          // Save go stack pointer
-	MOVD	name+0(FP), R0   // Move SVC args into registers
-	MOVD	$0x80000000, R1
-	MOVD	$0, R15
-	BYTE	$0x0A            // SVC 08 LOAD
-	BYTE	$0x08
-	MOVW	R15, R3          // Save return code from SVC
-	MOVD	R2, R15          // Restore go stack pointer
-	CMP	R3, $0           // Check SVC return code
-	BNE	error
+TEXT ·svcLoad(SB), NOSPLIT, $0
+	MOVD R15, R2         // Save go stack pointer
+	MOVD name+0(FP), R0  // Move SVC args into registers
+	MOVD $0x80000000, R1
+	MOVD $0, R15
+	SVC_LOAD
+	MOVW R15, R3         // Save return code from SVC
+	MOVD R2, R15         // Restore go stack pointer
+	CMP  R3, $0          // Check SVC return code
+	BNE  error
 
-	MOVD	$-2, R3          // Reset last bit of entry point to zero
-	AND	R0, R3
-	MOVD	R3, addr+8(FP)   // Return entry point returned by SVC
-	CMP	R0, R3           // Check if last bit of entry point was set
-	BNE	done
+	MOVD $-2, R3       // Reset last bit of entry point to zero
+	AND  R0, R3
+	MOVD R3, ret+8(FP) // Return entry point returned by SVC
+	CMP  R0, R3        // Check if last bit of entry point was set
+	BNE  done
 
-	MOVD	R15, R2          // Save go stack pointer
-	MOVD	$0, R15          // Move SVC args into registers (entry point still in r0 from SVC 08)
-	BYTE	$0x0A            // SVC 09 DELETE
-	BYTE	$0x09
-	MOVD	R2, R15          // Restore go stack pointer
+	MOVD R15, R2 // Save go stack pointer
+	MOVD $0, R15 // Move SVC args into registers (entry point still in r0 from SVC 08)
+	SVC_DELETE
+	MOVD R2, R15 // Restore go stack pointer
 
 error:
-	MOVD	$0, addr+8(FP)   // Return 0 on failure
+	MOVD $0, ret+8(FP) // Return 0 on failure
+
 done:
-	XOR	R0, R0           // Reset r0 to 0
+	XOR R0, R0 // Reset r0 to 0
 	RET
 
 // func svcUnload(name *byte, fnptr unsafe.Pointer) int64
-TEXT ·svcUnload(SB),NOSPLIT,$0
-	MOVD	R15, R2          // Save go stack pointer
-	MOVD	name+0(FP), R0   // Move SVC args into registers
-	MOVD	addr+8(FP), R15
-	BYTE	$0x0A            // SVC 09
-	BYTE	$0x09
-	XOR	R0, R0           // Reset r0 to 0
-	MOVD	R15, R1          // Save SVC return code
-	MOVD	R2, R15          // Restore go stack pointer
-	MOVD	R1, rc+0(FP)     // Return SVC return code
+TEXT ·svcUnload(SB), NOSPLIT, $0
+	MOVD R15, R2          // Save go stack pointer
+	MOVD name+0(FP), R0   // Move SVC args into registers
+	MOVD fnptr+8(FP), R15
+	SVC_DELETE
+	XOR  R0, R0           // Reset r0 to 0
+	MOVD R15, R1          // Save SVC return code
+	MOVD R2, R15          // Restore go stack pointer
+	MOVD R1, ret+16(FP)   // Return SVC return code
 	RET
 
 // func gettid() uint64
@@ -417,7 +150,233 @@ TEXT ·gettid(SB), NOSPLIT, $0
 
 	// Get CEECAATHDID
 	MOVD CAA(R8), R9
-	MOVD 0x3D0(R9), R9
+	MOVD CEECAATHDID(R9), R9
 	MOVD R9, ret+0(FP)
 
 	RET
+
+//
+// Call LE function, if the return is -1
+// errno and errno2 is retrieved
+//
+TEXT ·CallLeFuncWithErr(SB), NOSPLIT, $0
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD CAA(R8), R9
+	MOVD g, GOCB(R9)
+
+	// Restore LE stack.
+	MOVD SAVSTACK_ASYNC(R8), R9 // R9-> LE stack frame saving address
+	MOVD 0(R9), R4              // R4-> restore previously saved stack frame pointer
+
+	MOVD parms_base+8(FP), R7 // R7 -> argument array
+	MOVD parms_len+16(FP), R8 // R8 number of arguments
+
+	//  arg 1 ---> R1
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	MOVD 0(R7), R1
+
+	//  arg 2 ---> R2
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	ADD  $8, R7
+	MOVD 0(R7), R2
+
+	//  arg 3 --> R3
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	ADD  $8, R7
+	MOVD 0(R7), R3
+
+	CMP  R8, $0
+	BEQ  docall
+	MOVD $2176+16, R6 // starting LE stack address-8 to store 4th argument
+
+repeat:
+	ADD  $8, R7
+	MOVD 0(R7), R0      // advance arg pointer by 8 byte
+	ADD  $8, R6         // advance LE argument address by 8 byte
+	MOVD R0, (R4)(R6*1) // copy argument from go-slice to le-frame
+	SUB  $1, R8
+	CMP  R8, $0
+	BNE  repeat
+
+docall:
+	MOVD funcdesc+0(FP), R8 // R8-> function descriptor
+	LMG  0(R8), R5, R6
+	MOVD $0, 0(R9)          // R9 address of SAVSTACK_ASYNC
+	LE_CALL                 // balr R7, R6 (return #1)
+	NOPH
+	MOVD R3, ret+32(FP)
+	CMP  R3, $-1            // compare result to -1
+	BNE  done
+
+	// retrieve errno and errno2
+	MOVD  zosLibVec<>(SB), R8
+	ADD   $(__errno), R8
+	LMG   0(R8), R5, R6
+	LE_CALL                   // balr R7, R6 __errno (return #3)
+	NOPH
+	MOVWZ 0(R3), R3
+	MOVD  R3, err+48(FP)
+	MOVD  zosLibVec<>(SB), R8
+	ADD   $(__err2ad), R8
+	LMG   0(R8), R5, R6
+	LE_CALL                   // balr R7, R6 __err2ad (return #2)
+	NOPH
+	MOVW  (R3), R2            // retrieve errno2
+	MOVD  R2, errno2+40(FP)   // store in return area
+
+done:
+	MOVD R4, 0(R9)            // Save stack pointer.
+	RET
+
+//
+// Call LE function, if the return is 0
+// errno and errno2 is retrieved
+//
+TEXT ·CallLeFuncWithPtrReturn(SB), NOSPLIT, $0
+	MOVW PSALAA, R8
+	MOVD LCA64(R8), R8
+	MOVD CAA(R8), R9
+	MOVD g, GOCB(R9)
+
+	// Restore LE stack.
+	MOVD SAVSTACK_ASYNC(R8), R9 // R9-> LE stack frame saving address
+	MOVD 0(R9), R4              // R4-> restore previously saved stack frame pointer
+
+	MOVD parms_base+8(FP), R7 // R7 -> argument array
+	MOVD parms_len+16(FP), R8 // R8 number of arguments
+
+	//  arg 1 ---> R1
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	MOVD 0(R7), R1
+
+	//  arg 2 ---> R2
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	ADD  $8, R7
+	MOVD 0(R7), R2
+
+	//  arg 3 --> R3
+	CMP  R8, $0
+	BEQ  docall
+	SUB  $1, R8
+	ADD  $8, R7
+	MOVD 0(R7), R3
+
+	CMP  R8, $0
+	BEQ  docall
+	MOVD $2176+16, R6 // starting LE stack address-8 to store 4th argument
+
+repeat:
+	ADD  $8, R7
+	MOVD 0(R7), R0      // advance arg pointer by 8 byte
+	ADD  $8, R6         // advance LE argument address by 8 byte
+	MOVD R0, (R4)(R6*1) // copy argument from go-slice to le-frame
+	SUB  $1, R8
+	CMP  R8, $0
+	BNE  repeat
+
+docall:
+	MOVD funcdesc+0(FP), R8 // R8-> function descriptor
+	LMG  0(R8), R5, R6
+	MOVD $0, 0(R9)          // R9 address of SAVSTACK_ASYNC
+	LE_CALL                 // balr R7, R6 (return #1)
+	NOPH
+	MOVD R3, ret+32(FP)
+	CMP  R3, $0             // compare result to 0
+	BNE  done
+
+	// retrieve errno and errno2
+	MOVD  zosLibVec<>(SB), R8
+	ADD   $(__errno), R8
+	LMG   0(R8), R5, R6
+	LE_CALL                   // balr R7, R6 __errno (return #3)
+	NOPH
+	MOVWZ 0(R3), R3
+	MOVD  R3, err+48(FP)
+	MOVD  zosLibVec<>(SB), R8
+	ADD   $(__err2ad), R8
+	LMG   0(R8), R5, R6
+	LE_CALL                   // balr R7, R6 __err2ad (return #2)
+	NOPH
+	MOVW  (R3), R2            // retrieve errno2
+	MOVD  R2, errno2+40(FP)   // store in return area
+	XOR   R2, R2
+	MOVWZ R2, (R3)            // clear errno2
+
+done:
+	MOVD R4, 0(R9)            // Save stack pointer.
+	RET
+
+//
+// function to test if a pointer can be safely dereferenced (content read)
+// return 0 for succces
+//
+TEXT ·ptrtest(SB), NOSPLIT, $0-16
+	MOVD arg+0(FP), R10 // test pointer in R10
+
+	// set up R2 to point to CEECAADMC
+	BYTE $0xE3; BYTE $0x20; BYTE $0x04; BYTE $0xB8; BYTE $0x00; BYTE $0x17 // llgt  2,1208
+	BYTE $0xB9; BYTE $0x17; BYTE $0x00; BYTE $0x22                         // llgtr 2,2
+	BYTE $0xA5; BYTE $0x26; BYTE $0x7F; BYTE $0xFF                         // nilh  2,32767
+	BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x58; BYTE $0x00; BYTE $0x04 // lg    2,88(2)
+	BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x08; BYTE $0x00; BYTE $0x04 // lg    2,8(2)
+	BYTE $0x41; BYTE $0x22; BYTE $0x03; BYTE $0x68                         // la    2,872(2)
+
+	// set up R5 to point to the "shunt" path which set 1 to R3 (failure)
+	BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x33 // xgr   3,3
+	BYTE $0xA7; BYTE $0x55; BYTE $0x00; BYTE $0x04 // bras  5,lbl1
+	BYTE $0xA7; BYTE $0x39; BYTE $0x00; BYTE $0x01 // lghi  3,1
+
+	// if r3 is not zero (failed) then branch to finish
+	BYTE $0xB9; BYTE $0x02; BYTE $0x00; BYTE $0x33 // lbl1     ltgr  3,3
+	BYTE $0xA7; BYTE $0x74; BYTE $0x00; BYTE $0x08 // brc   b'0111',lbl2
+
+	// stomic store shunt address in R5 into CEECAADMC
+	BYTE $0xE3; BYTE $0x52; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg   5,0(2)
+
+	// now try reading from the test pointer in R10, if it fails it branches to the "lghi" instruction above
+	BYTE $0xE3; BYTE $0x9A; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x04 // lg    9,0(10)
+
+	// finish here, restore 0 into CEECAADMC
+	BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x99                         // lbl2     xgr   9,9
+	BYTE $0xE3; BYTE $0x92; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg   9,0(2)
+	MOVD R3, ret+8(FP)                                                     // result in R3
+	RET
+
+//
+// function to test if a untptr can be loaded from a pointer
+// return 1: the 8-byte content
+//        2: 0 for success, 1 for failure
+//
+// func safeload(ptr uintptr) ( value uintptr, error uintptr)
+TEXT ·safeload(SB), NOSPLIT, $0-24
+	MOVD ptr+0(FP), R10                                                    // test pointer in R10
+	MOVD $0x0, R6
+	BYTE $0xE3; BYTE $0x20; BYTE $0x04; BYTE $0xB8; BYTE $0x00; BYTE $0x17 // llgt  2,1208
+	BYTE $0xB9; BYTE $0x17; BYTE $0x00; BYTE $0x22                         // llgtr 2,2
+	BYTE $0xA5; BYTE $0x26; BYTE $0x7F; BYTE $0xFF                         // nilh  2,32767
+	BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x58; BYTE $0x00; BYTE $0x04 // lg    2,88(2)
+	BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x08; BYTE $0x00; BYTE $0x04 // lg    2,8(2)
+	BYTE $0x41; BYTE $0x22; BYTE $0x03; BYTE $0x68                         // la    2,872(2)
+	BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x33                         // xgr   3,3
+	BYTE $0xA7; BYTE $0x55; BYTE $0x00; BYTE $0x04                         // bras  5,lbl1
+	BYTE $0xA7; BYTE $0x39; BYTE $0x00; BYTE $0x01                         // lghi  3,1
+	BYTE $0xB9; BYTE $0x02; BYTE $0x00; BYTE $0x33                         // lbl1     ltgr  3,3
+	BYTE $0xA7; BYTE $0x74; BYTE $0x00; BYTE $0x08                         // brc   b'0111',lbl2
+	BYTE $0xE3; BYTE $0x52; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 5,0(2)
+	BYTE $0xE3; BYTE $0x6A; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x04 // lg    6,0(10)
+	BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x99                         // lbl2     xgr   9,9
+	BYTE $0xE3; BYTE $0x92; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg   9,0(2)
+	MOVD R6, value+8(FP)                                                   // result in R6
+	MOVD R3, error+16(FP)                                                  // error in R3
+	RET
diff --git a/vendor/golang.org/x/sys/unix/auxv.go b/vendor/golang.org/x/sys/unix/auxv.go
new file mode 100644
index 00000000..37a82528
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/auxv.go
@@ -0,0 +1,36 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21 && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos)
+
+package unix
+
+import (
+	"syscall"
+	"unsafe"
+)
+
+//go:linkname runtime_getAuxv runtime.getAuxv
+func runtime_getAuxv() []uintptr
+
+// Auxv returns the ELF auxiliary vector as a sequence of key/value pairs.
+// The returned slice is always a fresh copy, owned by the caller.
+// It returns an error on non-ELF platforms, or if the auxiliary vector cannot be accessed,
+// which happens in some locked-down environments and build modes.
+func Auxv() ([][2]uintptr, error) {
+	vec := runtime_getAuxv()
+	vecLen := len(vec)
+
+	if vecLen == 0 {
+		return nil, syscall.ENOENT
+	}
+
+	if vecLen%2 != 0 {
+		return nil, syscall.EINVAL
+	}
+
+	result := make([]uintptr, vecLen)
+	copy(result, vec)
+	return unsafe.Slice((*[2]uintptr)(unsafe.Pointer(&result[0])), vecLen/2), nil
+}
diff --git a/vendor/golang.org/x/sys/unix/auxv_unsupported.go b/vendor/golang.org/x/sys/unix/auxv_unsupported.go
new file mode 100644
index 00000000..1200487f
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/auxv_unsupported.go
@@ -0,0 +1,13 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21 && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos)
+
+package unix
+
+import "syscall"
+
+func Auxv() ([][2]uintptr, error) {
+	return nil, syscall.ENOTSUP
+}
diff --git a/vendor/golang.org/x/sys/unix/bpxsvc_zos.go b/vendor/golang.org/x/sys/unix/bpxsvc_zos.go
new file mode 100644
index 00000000..39d647d8
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/bpxsvc_zos.go
@@ -0,0 +1,657 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos
+
+package unix
+
+import (
+	"bytes"
+	"fmt"
+	"unsafe"
+)
+
+//go:noescape
+func bpxcall(plist []unsafe.Pointer, bpx_offset int64)
+
+//go:noescape
+func A2e([]byte)
+
+//go:noescape
+func E2a([]byte)
+
+const (
+	BPX4STA = 192  // stat
+	BPX4FST = 104  // fstat
+	BPX4LST = 132  // lstat
+	BPX4OPN = 156  // open
+	BPX4CLO = 72   // close
+	BPX4CHR = 500  // chattr
+	BPX4FCR = 504  // fchattr
+	BPX4LCR = 1180 // lchattr
+	BPX4CTW = 492  // cond_timed_wait
+	BPX4GTH = 1056 // __getthent
+	BPX4PTQ = 412  // pthread_quiesc
+	BPX4PTR = 320  // ptrace
+)
+
+const (
+	//options
+	//byte1
+	BPX_OPNFHIGH = 0x80
+	//byte2
+	BPX_OPNFEXEC = 0x80
+	//byte3
+	BPX_O_NOLARGEFILE = 0x08
+	BPX_O_LARGEFILE   = 0x04
+	BPX_O_ASYNCSIG    = 0x02
+	BPX_O_SYNC        = 0x01
+	//byte4
+	BPX_O_CREXCL   = 0xc0
+	BPX_O_CREAT    = 0x80
+	BPX_O_EXCL     = 0x40
+	BPX_O_NOCTTY   = 0x20
+	BPX_O_TRUNC    = 0x10
+	BPX_O_APPEND   = 0x08
+	BPX_O_NONBLOCK = 0x04
+	BPX_FNDELAY    = 0x04
+	BPX_O_RDWR     = 0x03
+	BPX_O_RDONLY   = 0x02
+	BPX_O_WRONLY   = 0x01
+	BPX_O_ACCMODE  = 0x03
+	BPX_O_GETFL    = 0x0f
+
+	//mode
+	// byte1 (file type)
+	BPX_FT_DIR      = 1
+	BPX_FT_CHARSPEC = 2
+	BPX_FT_REGFILE  = 3
+	BPX_FT_FIFO     = 4
+	BPX_FT_SYMLINK  = 5
+	BPX_FT_SOCKET   = 6
+	//byte3
+	BPX_S_ISUID  = 0x08
+	BPX_S_ISGID  = 0x04
+	BPX_S_ISVTX  = 0x02
+	BPX_S_IRWXU1 = 0x01
+	BPX_S_IRUSR  = 0x01
+	//byte4
+	BPX_S_IRWXU2 = 0xc0
+	BPX_S_IWUSR  = 0x80
+	BPX_S_IXUSR  = 0x40
+	BPX_S_IRWXG  = 0x38
+	BPX_S_IRGRP  = 0x20
+	BPX_S_IWGRP  = 0x10
+	BPX_S_IXGRP  = 0x08
+	BPX_S_IRWXOX = 0x07
+	BPX_S_IROTH  = 0x04
+	BPX_S_IWOTH  = 0x02
+	BPX_S_IXOTH  = 0x01
+
+	CW_INTRPT  = 1
+	CW_CONDVAR = 32
+	CW_TIMEOUT = 64
+
+	PGTHA_NEXT        = 2
+	PGTHA_CURRENT     = 1
+	PGTHA_FIRST       = 0
+	PGTHA_LAST        = 3
+	PGTHA_PROCESS     = 0x80
+	PGTHA_CONTTY      = 0x40
+	PGTHA_PATH        = 0x20
+	PGTHA_COMMAND     = 0x10
+	PGTHA_FILEDATA    = 0x08
+	PGTHA_THREAD      = 0x04
+	PGTHA_PTAG        = 0x02
+	PGTHA_COMMANDLONG = 0x01
+	PGTHA_THREADFAST  = 0x80
+	PGTHA_FILEPATH    = 0x40
+	PGTHA_THDSIGMASK  = 0x20
+	// thread quiece mode
+	QUIESCE_TERM       int32 = 1
+	QUIESCE_FORCE      int32 = 2
+	QUIESCE_QUERY      int32 = 3
+	QUIESCE_FREEZE     int32 = 4
+	QUIESCE_UNFREEZE   int32 = 5
+	FREEZE_THIS_THREAD int32 = 6
+	FREEZE_EXIT        int32 = 8
+	QUIESCE_SRB        int32 = 9
+)
+
+type Pgtha struct {
+	Pid        uint32 // 0
+	Tid0       uint32 // 4
+	Tid1       uint32
+	Accesspid  byte    // C
+	Accesstid  byte    // D
+	Accessasid uint16  // E
+	Loginname  [8]byte // 10
+	Flag1      byte    // 18
+	Flag1b2    byte    // 19
+}
+
+type Bpxystat_t struct { // DSECT BPXYSTAT
+	St_id           [4]uint8  // 0
+	St_length       uint16    // 0x4
+	St_version      uint16    // 0x6
+	St_mode         uint32    // 0x8
+	St_ino          uint32    // 0xc
+	St_dev          uint32    // 0x10
+	St_nlink        uint32    // 0x14
+	St_uid          uint32    // 0x18
+	St_gid          uint32    // 0x1c
+	St_size         uint64    // 0x20
+	St_atime        uint32    // 0x28
+	St_mtime        uint32    // 0x2c
+	St_ctime        uint32    // 0x30
+	St_rdev         uint32    // 0x34
+	St_auditoraudit uint32    // 0x38
+	St_useraudit    uint32    // 0x3c
+	St_blksize      uint32    // 0x40
+	St_createtime   uint32    // 0x44
+	St_auditid      [4]uint32 // 0x48
+	St_res01        uint32    // 0x58
+	Ft_ccsid        uint16    // 0x5c
+	Ft_flags        uint16    // 0x5e
+	St_res01a       [2]uint32 // 0x60
+	St_res02        uint32    // 0x68
+	St_blocks       uint32    // 0x6c
+	St_opaque       [3]uint8  // 0x70
+	St_visible      uint8     // 0x73
+	St_reftime      uint32    // 0x74
+	St_fid          uint64    // 0x78
+	St_filefmt      uint8     // 0x80
+	St_fspflag2     uint8     // 0x81
+	St_res03        [2]uint8  // 0x82
+	St_ctimemsec    uint32    // 0x84
+	St_seclabel     [8]uint8  // 0x88
+	St_res04        [4]uint8  // 0x90
+	// end of version 1
+	_               uint32    // 0x94
+	St_atime64      uint64    // 0x98
+	St_mtime64      uint64    // 0xa0
+	St_ctime64      uint64    // 0xa8
+	St_createtime64 uint64    // 0xb0
+	St_reftime64    uint64    // 0xb8
+	_               uint64    // 0xc0
+	St_res05        [16]uint8 // 0xc8
+	// end of version 2
+}
+
+type BpxFilestatus struct {
+	Oflag1 byte
+	Oflag2 byte
+	Oflag3 byte
+	Oflag4 byte
+}
+
+type BpxMode struct {
+	Ftype byte
+	Mode1 byte
+	Mode2 byte
+	Mode3 byte
+}
+
+// Thr attribute structure for extended attributes
+type Bpxyatt_t struct { // DSECT BPXYATT
+	Att_id           [4]uint8
+	Att_version      uint16
+	Att_res01        [2]uint8
+	Att_setflags1    uint8
+	Att_setflags2    uint8
+	Att_setflags3    uint8
+	Att_setflags4    uint8
+	Att_mode         uint32
+	Att_uid          uint32
+	Att_gid          uint32
+	Att_opaquemask   [3]uint8
+	Att_visblmaskres uint8
+	Att_opaque       [3]uint8
+	Att_visibleres   uint8
+	Att_size_h       uint32
+	Att_size_l       uint32
+	Att_atime        uint32
+	Att_mtime        uint32
+	Att_auditoraudit uint32
+	Att_useraudit    uint32
+	Att_ctime        uint32
+	Att_reftime      uint32
+	// end of version 1
+	Att_filefmt uint8
+	Att_res02   [3]uint8
+	Att_filetag uint32
+	Att_res03   [8]uint8
+	// end of version 2
+	Att_atime64   uint64
+	Att_mtime64   uint64
+	Att_ctime64   uint64
+	Att_reftime64 uint64
+	Att_seclabel  [8]uint8
+	Att_ver3res02 [8]uint8
+	// end of version 3
+}
+
+func BpxOpen(name string, options *BpxFilestatus, mode *BpxMode) (rv int32, rc int32, rn int32) {
+	if len(name) < 1024 {
+		var namebuf [1024]byte
+		sz := int32(copy(namebuf[:], name))
+		A2e(namebuf[:sz])
+		var parms [7]unsafe.Pointer
+		parms[0] = unsafe.Pointer(&sz)
+		parms[1] = unsafe.Pointer(&namebuf[0])
+		parms[2] = unsafe.Pointer(options)
+		parms[3] = unsafe.Pointer(mode)
+		parms[4] = unsafe.Pointer(&rv)
+		parms[5] = unsafe.Pointer(&rc)
+		parms[6] = unsafe.Pointer(&rn)
+		bpxcall(parms[:], BPX4OPN)
+		return rv, rc, rn
+	}
+	return -1, -1, -1
+}
+
+func BpxClose(fd int32) (rv int32, rc int32, rn int32) {
+	var parms [4]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&fd)
+	parms[1] = unsafe.Pointer(&rv)
+	parms[2] = unsafe.Pointer(&rc)
+	parms[3] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4CLO)
+	return rv, rc, rn
+}
+
+func BpxFileFStat(fd int32, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+	st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+	st.St_version = 2
+	stat_sz := uint32(unsafe.Sizeof(*st))
+	var parms [6]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&fd)
+	parms[1] = unsafe.Pointer(&stat_sz)
+	parms[2] = unsafe.Pointer(st)
+	parms[3] = unsafe.Pointer(&rv)
+	parms[4] = unsafe.Pointer(&rc)
+	parms[5] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4FST)
+	return rv, rc, rn
+}
+
+func BpxFileStat(name string, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+	if len(name) < 1024 {
+		var namebuf [1024]byte
+		sz := int32(copy(namebuf[:], name))
+		A2e(namebuf[:sz])
+		st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+		st.St_version = 2
+		stat_sz := uint32(unsafe.Sizeof(*st))
+		var parms [7]unsafe.Pointer
+		parms[0] = unsafe.Pointer(&sz)
+		parms[1] = unsafe.Pointer(&namebuf[0])
+		parms[2] = unsafe.Pointer(&stat_sz)
+		parms[3] = unsafe.Pointer(st)
+		parms[4] = unsafe.Pointer(&rv)
+		parms[5] = unsafe.Pointer(&rc)
+		parms[6] = unsafe.Pointer(&rn)
+		bpxcall(parms[:], BPX4STA)
+		return rv, rc, rn
+	}
+	return -1, -1, -1
+}
+
+func BpxFileLStat(name string, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+	if len(name) < 1024 {
+		var namebuf [1024]byte
+		sz := int32(copy(namebuf[:], name))
+		A2e(namebuf[:sz])
+		st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+		st.St_version = 2
+		stat_sz := uint32(unsafe.Sizeof(*st))
+		var parms [7]unsafe.Pointer
+		parms[0] = unsafe.Pointer(&sz)
+		parms[1] = unsafe.Pointer(&namebuf[0])
+		parms[2] = unsafe.Pointer(&stat_sz)
+		parms[3] = unsafe.Pointer(st)
+		parms[4] = unsafe.Pointer(&rv)
+		parms[5] = unsafe.Pointer(&rc)
+		parms[6] = unsafe.Pointer(&rn)
+		bpxcall(parms[:], BPX4LST)
+		return rv, rc, rn
+	}
+	return -1, -1, -1
+}
+
+func BpxChattr(path string, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+	if len(path) >= 1024 {
+		return -1, -1, -1
+	}
+	var namebuf [1024]byte
+	sz := int32(copy(namebuf[:], path))
+	A2e(namebuf[:sz])
+	attr_sz := uint32(unsafe.Sizeof(*attr))
+	var parms [7]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&sz)
+	parms[1] = unsafe.Pointer(&namebuf[0])
+	parms[2] = unsafe.Pointer(&attr_sz)
+	parms[3] = unsafe.Pointer(attr)
+	parms[4] = unsafe.Pointer(&rv)
+	parms[5] = unsafe.Pointer(&rc)
+	parms[6] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4CHR)
+	return rv, rc, rn
+}
+
+func BpxLchattr(path string, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+	if len(path) >= 1024 {
+		return -1, -1, -1
+	}
+	var namebuf [1024]byte
+	sz := int32(copy(namebuf[:], path))
+	A2e(namebuf[:sz])
+	attr_sz := uint32(unsafe.Sizeof(*attr))
+	var parms [7]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&sz)
+	parms[1] = unsafe.Pointer(&namebuf[0])
+	parms[2] = unsafe.Pointer(&attr_sz)
+	parms[3] = unsafe.Pointer(attr)
+	parms[4] = unsafe.Pointer(&rv)
+	parms[5] = unsafe.Pointer(&rc)
+	parms[6] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4LCR)
+	return rv, rc, rn
+}
+
+func BpxFchattr(fd int32, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+	attr_sz := uint32(unsafe.Sizeof(*attr))
+	var parms [6]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&fd)
+	parms[1] = unsafe.Pointer(&attr_sz)
+	parms[2] = unsafe.Pointer(attr)
+	parms[3] = unsafe.Pointer(&rv)
+	parms[4] = unsafe.Pointer(&rc)
+	parms[5] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4FCR)
+	return rv, rc, rn
+}
+
+func BpxCondTimedWait(sec uint32, nsec uint32, events uint32, secrem *uint32, nsecrem *uint32) (rv int32, rc int32, rn int32) {
+	var parms [8]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&sec)
+	parms[1] = unsafe.Pointer(&nsec)
+	parms[2] = unsafe.Pointer(&events)
+	parms[3] = unsafe.Pointer(secrem)
+	parms[4] = unsafe.Pointer(nsecrem)
+	parms[5] = unsafe.Pointer(&rv)
+	parms[6] = unsafe.Pointer(&rc)
+	parms[7] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4CTW)
+	return rv, rc, rn
+}
+func BpxGetthent(in *Pgtha, outlen *uint32, out unsafe.Pointer) (rv int32, rc int32, rn int32) {
+	var parms [7]unsafe.Pointer
+	inlen := uint32(26) // nothing else will work. Go says Pgtha is 28-byte because of alignment, but Pgtha is "packed" and must be 26-byte
+	parms[0] = unsafe.Pointer(&inlen)
+	parms[1] = unsafe.Pointer(&in)
+	parms[2] = unsafe.Pointer(outlen)
+	parms[3] = unsafe.Pointer(&out)
+	parms[4] = unsafe.Pointer(&rv)
+	parms[5] = unsafe.Pointer(&rc)
+	parms[6] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4GTH)
+	return rv, rc, rn
+}
+func ZosJobname() (jobname string, err error) {
+	var pgtha Pgtha
+	pgtha.Pid = uint32(Getpid())
+	pgtha.Accesspid = PGTHA_CURRENT
+	pgtha.Flag1 = PGTHA_PROCESS
+	var out [256]byte
+	var outlen uint32
+	outlen = 256
+	rv, rc, rn := BpxGetthent(&pgtha, &outlen, unsafe.Pointer(&out[0]))
+	if rv == 0 {
+		gthc := []byte{0x87, 0xa3, 0x88, 0x83} // 'gthc' in ebcdic
+		ix := bytes.Index(out[:], gthc)
+		if ix == -1 {
+			err = fmt.Errorf("BPX4GTH: gthc return data not found")
+			return
+		}
+		jn := out[ix+80 : ix+88] // we didn't declare Pgthc, but jobname is 8-byte at offset 80
+		E2a(jn)
+		jobname = string(bytes.TrimRight(jn, " "))
+
+	} else {
+		err = fmt.Errorf("BPX4GTH: rc=%d errno=%d reason=code=0x%x", rv, rc, rn)
+	}
+	return
+}
+func Bpx4ptq(code int32, data string) (rv int32, rc int32, rn int32) {
+	var userdata [8]byte
+	var parms [5]unsafe.Pointer
+	copy(userdata[:], data+"        ")
+	A2e(userdata[:])
+	parms[0] = unsafe.Pointer(&code)
+	parms[1] = unsafe.Pointer(&userdata[0])
+	parms[2] = unsafe.Pointer(&rv)
+	parms[3] = unsafe.Pointer(&rc)
+	parms[4] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4PTQ)
+	return rv, rc, rn
+}
+
+const (
+	PT_TRACE_ME             = 0  // Debug this process
+	PT_READ_I               = 1  // Read a full word
+	PT_READ_D               = 2  // Read a full word
+	PT_READ_U               = 3  // Read control info
+	PT_WRITE_I              = 4  //Write a full word
+	PT_WRITE_D              = 5  //Write a full word
+	PT_CONTINUE             = 7  //Continue the process
+	PT_KILL                 = 8  //Terminate the process
+	PT_READ_GPR             = 11 // Read GPR, CR, PSW
+	PT_READ_FPR             = 12 // Read FPR
+	PT_READ_VR              = 13 // Read VR
+	PT_WRITE_GPR            = 14 // Write GPR, CR, PSW
+	PT_WRITE_FPR            = 15 // Write FPR
+	PT_WRITE_VR             = 16 // Write VR
+	PT_READ_BLOCK           = 17 // Read storage
+	PT_WRITE_BLOCK          = 19 // Write storage
+	PT_READ_GPRH            = 20 // Read GPRH
+	PT_WRITE_GPRH           = 21 // Write GPRH
+	PT_REGHSET              = 22 // Read all GPRHs
+	PT_ATTACH               = 30 // Attach to a process
+	PT_DETACH               = 31 // Detach from a process
+	PT_REGSET               = 32 // Read all GPRs
+	PT_REATTACH             = 33 // Reattach to a process
+	PT_LDINFO               = 34 // Read loader info
+	PT_MULTI                = 35 // Multi process mode
+	PT_LD64INFO             = 36 // RMODE64 Info Area
+	PT_BLOCKREQ             = 40 // Block request
+	PT_THREAD_INFO          = 60 // Read thread info
+	PT_THREAD_MODIFY        = 61
+	PT_THREAD_READ_FOCUS    = 62
+	PT_THREAD_WRITE_FOCUS   = 63
+	PT_THREAD_HOLD          = 64
+	PT_THREAD_SIGNAL        = 65
+	PT_EXPLAIN              = 66
+	PT_EVENTS               = 67
+	PT_THREAD_INFO_EXTENDED = 68
+	PT_REATTACH2            = 71
+	PT_CAPTURE              = 72
+	PT_UNCAPTURE            = 73
+	PT_GET_THREAD_TCB       = 74
+	PT_GET_ALET             = 75
+	PT_SWAPIN               = 76
+	PT_EXTENDED_EVENT       = 98
+	PT_RECOVER              = 99  // Debug a program check
+	PT_GPR0                 = 0   // General purpose register 0
+	PT_GPR1                 = 1   // General purpose register 1
+	PT_GPR2                 = 2   // General purpose register 2
+	PT_GPR3                 = 3   // General purpose register 3
+	PT_GPR4                 = 4   // General purpose register 4
+	PT_GPR5                 = 5   // General purpose register 5
+	PT_GPR6                 = 6   // General purpose register 6
+	PT_GPR7                 = 7   // General purpose register 7
+	PT_GPR8                 = 8   // General purpose register 8
+	PT_GPR9                 = 9   // General purpose register 9
+	PT_GPR10                = 10  // General purpose register 10
+	PT_GPR11                = 11  // General purpose register 11
+	PT_GPR12                = 12  // General purpose register 12
+	PT_GPR13                = 13  // General purpose register 13
+	PT_GPR14                = 14  // General purpose register 14
+	PT_GPR15                = 15  // General purpose register 15
+	PT_FPR0                 = 16  // Floating point register 0
+	PT_FPR1                 = 17  // Floating point register 1
+	PT_FPR2                 = 18  // Floating point register 2
+	PT_FPR3                 = 19  // Floating point register 3
+	PT_FPR4                 = 20  // Floating point register 4
+	PT_FPR5                 = 21  // Floating point register 5
+	PT_FPR6                 = 22  // Floating point register 6
+	PT_FPR7                 = 23  // Floating point register 7
+	PT_FPR8                 = 24  // Floating point register 8
+	PT_FPR9                 = 25  // Floating point register 9
+	PT_FPR10                = 26  // Floating point register 10
+	PT_FPR11                = 27  // Floating point register 11
+	PT_FPR12                = 28  // Floating point register 12
+	PT_FPR13                = 29  // Floating point register 13
+	PT_FPR14                = 30  // Floating point register 14
+	PT_FPR15                = 31  // Floating point register 15
+	PT_FPC                  = 32  // Floating point control register
+	PT_PSW                  = 40  // PSW
+	PT_PSW0                 = 40  // Left half of the PSW
+	PT_PSW1                 = 41  // Right half of the PSW
+	PT_CR0                  = 42  // Control register 0
+	PT_CR1                  = 43  // Control register 1
+	PT_CR2                  = 44  // Control register 2
+	PT_CR3                  = 45  // Control register 3
+	PT_CR4                  = 46  // Control register 4
+	PT_CR5                  = 47  // Control register 5
+	PT_CR6                  = 48  // Control register 6
+	PT_CR7                  = 49  // Control register 7
+	PT_CR8                  = 50  // Control register 8
+	PT_CR9                  = 51  // Control register 9
+	PT_CR10                 = 52  // Control register 10
+	PT_CR11                 = 53  // Control register 11
+	PT_CR12                 = 54  // Control register 12
+	PT_CR13                 = 55  // Control register 13
+	PT_CR14                 = 56  // Control register 14
+	PT_CR15                 = 57  // Control register 15
+	PT_GPRH0                = 58  // GP High register 0
+	PT_GPRH1                = 59  // GP High register 1
+	PT_GPRH2                = 60  // GP High register 2
+	PT_GPRH3                = 61  // GP High register 3
+	PT_GPRH4                = 62  // GP High register 4
+	PT_GPRH5                = 63  // GP High register 5
+	PT_GPRH6                = 64  // GP High register 6
+	PT_GPRH7                = 65  // GP High register 7
+	PT_GPRH8                = 66  // GP High register 8
+	PT_GPRH9                = 67  // GP High register 9
+	PT_GPRH10               = 68  // GP High register 10
+	PT_GPRH11               = 69  // GP High register 11
+	PT_GPRH12               = 70  // GP High register 12
+	PT_GPRH13               = 71  // GP High register 13
+	PT_GPRH14               = 72  // GP High register 14
+	PT_GPRH15               = 73  // GP High register 15
+	PT_VR0                  = 74  // Vector register 0
+	PT_VR1                  = 75  // Vector register 1
+	PT_VR2                  = 76  // Vector register 2
+	PT_VR3                  = 77  // Vector register 3
+	PT_VR4                  = 78  // Vector register 4
+	PT_VR5                  = 79  // Vector register 5
+	PT_VR6                  = 80  // Vector register 6
+	PT_VR7                  = 81  // Vector register 7
+	PT_VR8                  = 82  // Vector register 8
+	PT_VR9                  = 83  // Vector register 9
+	PT_VR10                 = 84  // Vector register 10
+	PT_VR11                 = 85  // Vector register 11
+	PT_VR12                 = 86  // Vector register 12
+	PT_VR13                 = 87  // Vector register 13
+	PT_VR14                 = 88  // Vector register 14
+	PT_VR15                 = 89  // Vector register 15
+	PT_VR16                 = 90  // Vector register 16
+	PT_VR17                 = 91  // Vector register 17
+	PT_VR18                 = 92  // Vector register 18
+	PT_VR19                 = 93  // Vector register 19
+	PT_VR20                 = 94  // Vector register 20
+	PT_VR21                 = 95  // Vector register 21
+	PT_VR22                 = 96  // Vector register 22
+	PT_VR23                 = 97  // Vector register 23
+	PT_VR24                 = 98  // Vector register 24
+	PT_VR25                 = 99  // Vector register 25
+	PT_VR26                 = 100 // Vector register 26
+	PT_VR27                 = 101 // Vector register 27
+	PT_VR28                 = 102 // Vector register 28
+	PT_VR29                 = 103 // Vector register 29
+	PT_VR30                 = 104 // Vector register 30
+	PT_VR31                 = 105 // Vector register 31
+	PT_PSWG                 = 106 // PSWG
+	PT_PSWG0                = 106 // Bytes 0-3
+	PT_PSWG1                = 107 // Bytes 4-7
+	PT_PSWG2                = 108 // Bytes 8-11 (IA high word)
+	PT_PSWG3                = 109 // Bytes 12-15 (IA low word)
+)
+
+func Bpx4ptr(request int32, pid int32, addr unsafe.Pointer, data unsafe.Pointer, buffer unsafe.Pointer) (rv int32, rc int32, rn int32) {
+	var parms [8]unsafe.Pointer
+	parms[0] = unsafe.Pointer(&request)
+	parms[1] = unsafe.Pointer(&pid)
+	parms[2] = unsafe.Pointer(&addr)
+	parms[3] = unsafe.Pointer(&data)
+	parms[4] = unsafe.Pointer(&buffer)
+	parms[5] = unsafe.Pointer(&rv)
+	parms[6] = unsafe.Pointer(&rc)
+	parms[7] = unsafe.Pointer(&rn)
+	bpxcall(parms[:], BPX4PTR)
+	return rv, rc, rn
+}
+
+func copyU8(val uint8, dest []uint8) int {
+	if len(dest) < 1 {
+		return 0
+	}
+	dest[0] = val
+	return 1
+}
+
+func copyU8Arr(src, dest []uint8) int {
+	if len(dest) < len(src) {
+		return 0
+	}
+	for i, v := range src {
+		dest[i] = v
+	}
+	return len(src)
+}
+
+func copyU16(val uint16, dest []uint16) int {
+	if len(dest) < 1 {
+		return 0
+	}
+	dest[0] = val
+	return 1
+}
+
+func copyU32(val uint32, dest []uint32) int {
+	if len(dest) < 1 {
+		return 0
+	}
+	dest[0] = val
+	return 1
+}
+
+func copyU32Arr(src, dest []uint32) int {
+	if len(dest) < len(src) {
+		return 0
+	}
+	for i, v := range src {
+		dest[i] = v
+	}
+	return len(src)
+}
+
+func copyU64(val uint64, dest []uint64) int {
+	if len(dest) < 1 {
+		return 0
+	}
+	dest[0] = val
+	return 1
+}
diff --git a/vendor/golang.org/x/sys/unix/bpxsvc_zos.s b/vendor/golang.org/x/sys/unix/bpxsvc_zos.s
new file mode 100644
index 00000000..4bd4a179
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/bpxsvc_zos.s
@@ -0,0 +1,192 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// function to call USS assembly language services
+//
+// doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_3.1.0/com.ibm.zos.v3r1.bpxb100/bit64env.htm
+//
+//   arg1 unsafe.Pointer array that ressembles an OS PLIST
+//
+//   arg2 function offset as in
+//       doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_3.1.0/com.ibm.zos.v3r1.bpxb100/bpx2cr_List_of_offsets.htm
+//
+// func bpxcall(plist []unsafe.Pointer, bpx_offset int64)
+
+TEXT ·bpxcall(SB), NOSPLIT|NOFRAME, $0
+	MOVD  plist_base+0(FP), R1  // r1 points to plist
+	MOVD  bpx_offset+24(FP), R2 // r2 offset to BPX vector table
+	MOVD  R14, R7               // save r14
+	MOVD  R15, R8               // save r15
+	MOVWZ 16(R0), R9
+	MOVWZ 544(R9), R9
+	MOVWZ 24(R9), R9            // call vector in r9
+	ADD   R2, R9                // add offset to vector table
+	MOVWZ (R9), R9              // r9 points to entry point
+	BYTE  $0x0D                 // BL R14,R9 --> basr r14,r9
+	BYTE  $0xE9                 // clobbers 0,1,14,15
+	MOVD  R8, R15               // restore 15
+	JMP   R7                    // return via saved return address
+
+//   func A2e(arr [] byte)
+//   code page conversion from  819 to 1047
+TEXT ·A2e(SB), NOSPLIT|NOFRAME, $0
+	MOVD arg_base+0(FP), R2                        // pointer to arry of characters
+	MOVD arg_len+8(FP), R3                         // count
+	XOR  R0, R0
+	XOR  R1, R1
+	BYTE $0xA7; BYTE $0x15; BYTE $0x00; BYTE $0x82 // BRAS 1,(2+(256/2))
+
+	// ASCII -> EBCDIC conversion table:
+	BYTE $0x00; BYTE $0x01; BYTE $0x02; BYTE $0x03
+	BYTE $0x37; BYTE $0x2d; BYTE $0x2e; BYTE $0x2f
+	BYTE $0x16; BYTE $0x05; BYTE $0x15; BYTE $0x0b
+	BYTE $0x0c; BYTE $0x0d; BYTE $0x0e; BYTE $0x0f
+	BYTE $0x10; BYTE $0x11; BYTE $0x12; BYTE $0x13
+	BYTE $0x3c; BYTE $0x3d; BYTE $0x32; BYTE $0x26
+	BYTE $0x18; BYTE $0x19; BYTE $0x3f; BYTE $0x27
+	BYTE $0x1c; BYTE $0x1d; BYTE $0x1e; BYTE $0x1f
+	BYTE $0x40; BYTE $0x5a; BYTE $0x7f; BYTE $0x7b
+	BYTE $0x5b; BYTE $0x6c; BYTE $0x50; BYTE $0x7d
+	BYTE $0x4d; BYTE $0x5d; BYTE $0x5c; BYTE $0x4e
+	BYTE $0x6b; BYTE $0x60; BYTE $0x4b; BYTE $0x61
+	BYTE $0xf0; BYTE $0xf1; BYTE $0xf2; BYTE $0xf3
+	BYTE $0xf4; BYTE $0xf5; BYTE $0xf6; BYTE $0xf7
+	BYTE $0xf8; BYTE $0xf9; BYTE $0x7a; BYTE $0x5e
+	BYTE $0x4c; BYTE $0x7e; BYTE $0x6e; BYTE $0x6f
+	BYTE $0x7c; BYTE $0xc1; BYTE $0xc2; BYTE $0xc3
+	BYTE $0xc4; BYTE $0xc5; BYTE $0xc6; BYTE $0xc7
+	BYTE $0xc8; BYTE $0xc9; BYTE $0xd1; BYTE $0xd2
+	BYTE $0xd3; BYTE $0xd4; BYTE $0xd5; BYTE $0xd6
+	BYTE $0xd7; BYTE $0xd8; BYTE $0xd9; BYTE $0xe2
+	BYTE $0xe3; BYTE $0xe4; BYTE $0xe5; BYTE $0xe6
+	BYTE $0xe7; BYTE $0xe8; BYTE $0xe9; BYTE $0xad
+	BYTE $0xe0; BYTE $0xbd; BYTE $0x5f; BYTE $0x6d
+	BYTE $0x79; BYTE $0x81; BYTE $0x82; BYTE $0x83
+	BYTE $0x84; BYTE $0x85; BYTE $0x86; BYTE $0x87
+	BYTE $0x88; BYTE $0x89; BYTE $0x91; BYTE $0x92
+	BYTE $0x93; BYTE $0x94; BYTE $0x95; BYTE $0x96
+	BYTE $0x97; BYTE $0x98; BYTE $0x99; BYTE $0xa2
+	BYTE $0xa3; BYTE $0xa4; BYTE $0xa5; BYTE $0xa6
+	BYTE $0xa7; BYTE $0xa8; BYTE $0xa9; BYTE $0xc0
+	BYTE $0x4f; BYTE $0xd0; BYTE $0xa1; BYTE $0x07
+	BYTE $0x20; BYTE $0x21; BYTE $0x22; BYTE $0x23
+	BYTE $0x24; BYTE $0x25; BYTE $0x06; BYTE $0x17
+	BYTE $0x28; BYTE $0x29; BYTE $0x2a; BYTE $0x2b
+	BYTE $0x2c; BYTE $0x09; BYTE $0x0a; BYTE $0x1b
+	BYTE $0x30; BYTE $0x31; BYTE $0x1a; BYTE $0x33
+	BYTE $0x34; BYTE $0x35; BYTE $0x36; BYTE $0x08
+	BYTE $0x38; BYTE $0x39; BYTE $0x3a; BYTE $0x3b
+	BYTE $0x04; BYTE $0x14; BYTE $0x3e; BYTE $0xff
+	BYTE $0x41; BYTE $0xaa; BYTE $0x4a; BYTE $0xb1
+	BYTE $0x9f; BYTE $0xb2; BYTE $0x6a; BYTE $0xb5
+	BYTE $0xbb; BYTE $0xb4; BYTE $0x9a; BYTE $0x8a
+	BYTE $0xb0; BYTE $0xca; BYTE $0xaf; BYTE $0xbc
+	BYTE $0x90; BYTE $0x8f; BYTE $0xea; BYTE $0xfa
+	BYTE $0xbe; BYTE $0xa0; BYTE $0xb6; BYTE $0xb3
+	BYTE $0x9d; BYTE $0xda; BYTE $0x9b; BYTE $0x8b
+	BYTE $0xb7; BYTE $0xb8; BYTE $0xb9; BYTE $0xab
+	BYTE $0x64; BYTE $0x65; BYTE $0x62; BYTE $0x66
+	BYTE $0x63; BYTE $0x67; BYTE $0x9e; BYTE $0x68
+	BYTE $0x74; BYTE $0x71; BYTE $0x72; BYTE $0x73
+	BYTE $0x78; BYTE $0x75; BYTE $0x76; BYTE $0x77
+	BYTE $0xac; BYTE $0x69; BYTE $0xed; BYTE $0xee
+	BYTE $0xeb; BYTE $0xef; BYTE $0xec; BYTE $0xbf
+	BYTE $0x80; BYTE $0xfd; BYTE $0xfe; BYTE $0xfb
+	BYTE $0xfc; BYTE $0xba; BYTE $0xae; BYTE $0x59
+	BYTE $0x44; BYTE $0x45; BYTE $0x42; BYTE $0x46
+	BYTE $0x43; BYTE $0x47; BYTE $0x9c; BYTE $0x48
+	BYTE $0x54; BYTE $0x51; BYTE $0x52; BYTE $0x53
+	BYTE $0x58; BYTE $0x55; BYTE $0x56; BYTE $0x57
+	BYTE $0x8c; BYTE $0x49; BYTE $0xcd; BYTE $0xce
+	BYTE $0xcb; BYTE $0xcf; BYTE $0xcc; BYTE $0xe1
+	BYTE $0x70; BYTE $0xdd; BYTE $0xde; BYTE $0xdb
+	BYTE $0xdc; BYTE $0x8d; BYTE $0x8e; BYTE $0xdf
+
+retry:
+	WORD $0xB9931022 // TROO 2,2,b'0001'
+	BVS  retry
+	RET
+
+//   func e2a(arr [] byte)
+//   code page conversion from  1047 to 819
+TEXT ·E2a(SB), NOSPLIT|NOFRAME, $0
+	MOVD arg_base+0(FP), R2                        // pointer to arry of characters
+	MOVD arg_len+8(FP), R3                         // count
+	XOR  R0, R0
+	XOR  R1, R1
+	BYTE $0xA7; BYTE $0x15; BYTE $0x00; BYTE $0x82 // BRAS 1,(2+(256/2))
+
+	// EBCDIC -> ASCII conversion table:
+	BYTE $0x00; BYTE $0x01; BYTE $0x02; BYTE $0x03
+	BYTE $0x9c; BYTE $0x09; BYTE $0x86; BYTE $0x7f
+	BYTE $0x97; BYTE $0x8d; BYTE $0x8e; BYTE $0x0b
+	BYTE $0x0c; BYTE $0x0d; BYTE $0x0e; BYTE $0x0f
+	BYTE $0x10; BYTE $0x11; BYTE $0x12; BYTE $0x13
+	BYTE $0x9d; BYTE $0x0a; BYTE $0x08; BYTE $0x87
+	BYTE $0x18; BYTE $0x19; BYTE $0x92; BYTE $0x8f
+	BYTE $0x1c; BYTE $0x1d; BYTE $0x1e; BYTE $0x1f
+	BYTE $0x80; BYTE $0x81; BYTE $0x82; BYTE $0x83
+	BYTE $0x84; BYTE $0x85; BYTE $0x17; BYTE $0x1b
+	BYTE $0x88; BYTE $0x89; BYTE $0x8a; BYTE $0x8b
+	BYTE $0x8c; BYTE $0x05; BYTE $0x06; BYTE $0x07
+	BYTE $0x90; BYTE $0x91; BYTE $0x16; BYTE $0x93
+	BYTE $0x94; BYTE $0x95; BYTE $0x96; BYTE $0x04
+	BYTE $0x98; BYTE $0x99; BYTE $0x9a; BYTE $0x9b
+	BYTE $0x14; BYTE $0x15; BYTE $0x9e; BYTE $0x1a
+	BYTE $0x20; BYTE $0xa0; BYTE $0xe2; BYTE $0xe4
+	BYTE $0xe0; BYTE $0xe1; BYTE $0xe3; BYTE $0xe5
+	BYTE $0xe7; BYTE $0xf1; BYTE $0xa2; BYTE $0x2e
+	BYTE $0x3c; BYTE $0x28; BYTE $0x2b; BYTE $0x7c
+	BYTE $0x26; BYTE $0xe9; BYTE $0xea; BYTE $0xeb
+	BYTE $0xe8; BYTE $0xed; BYTE $0xee; BYTE $0xef
+	BYTE $0xec; BYTE $0xdf; BYTE $0x21; BYTE $0x24
+	BYTE $0x2a; BYTE $0x29; BYTE $0x3b; BYTE $0x5e
+	BYTE $0x2d; BYTE $0x2f; BYTE $0xc2; BYTE $0xc4
+	BYTE $0xc0; BYTE $0xc1; BYTE $0xc3; BYTE $0xc5
+	BYTE $0xc7; BYTE $0xd1; BYTE $0xa6; BYTE $0x2c
+	BYTE $0x25; BYTE $0x5f; BYTE $0x3e; BYTE $0x3f
+	BYTE $0xf8; BYTE $0xc9; BYTE $0xca; BYTE $0xcb
+	BYTE $0xc8; BYTE $0xcd; BYTE $0xce; BYTE $0xcf
+	BYTE $0xcc; BYTE $0x60; BYTE $0x3a; BYTE $0x23
+	BYTE $0x40; BYTE $0x27; BYTE $0x3d; BYTE $0x22
+	BYTE $0xd8; BYTE $0x61; BYTE $0x62; BYTE $0x63
+	BYTE $0x64; BYTE $0x65; BYTE $0x66; BYTE $0x67
+	BYTE $0x68; BYTE $0x69; BYTE $0xab; BYTE $0xbb
+	BYTE $0xf0; BYTE $0xfd; BYTE $0xfe; BYTE $0xb1
+	BYTE $0xb0; BYTE $0x6a; BYTE $0x6b; BYTE $0x6c
+	BYTE $0x6d; BYTE $0x6e; BYTE $0x6f; BYTE $0x70
+	BYTE $0x71; BYTE $0x72; BYTE $0xaa; BYTE $0xba
+	BYTE $0xe6; BYTE $0xb8; BYTE $0xc6; BYTE $0xa4
+	BYTE $0xb5; BYTE $0x7e; BYTE $0x73; BYTE $0x74
+	BYTE $0x75; BYTE $0x76; BYTE $0x77; BYTE $0x78
+	BYTE $0x79; BYTE $0x7a; BYTE $0xa1; BYTE $0xbf
+	BYTE $0xd0; BYTE $0x5b; BYTE $0xde; BYTE $0xae
+	BYTE $0xac; BYTE $0xa3; BYTE $0xa5; BYTE $0xb7
+	BYTE $0xa9; BYTE $0xa7; BYTE $0xb6; BYTE $0xbc
+	BYTE $0xbd; BYTE $0xbe; BYTE $0xdd; BYTE $0xa8
+	BYTE $0xaf; BYTE $0x5d; BYTE $0xb4; BYTE $0xd7
+	BYTE $0x7b; BYTE $0x41; BYTE $0x42; BYTE $0x43
+	BYTE $0x44; BYTE $0x45; BYTE $0x46; BYTE $0x47
+	BYTE $0x48; BYTE $0x49; BYTE $0xad; BYTE $0xf4
+	BYTE $0xf6; BYTE $0xf2; BYTE $0xf3; BYTE $0xf5
+	BYTE $0x7d; BYTE $0x4a; BYTE $0x4b; BYTE $0x4c
+	BYTE $0x4d; BYTE $0x4e; BYTE $0x4f; BYTE $0x50
+	BYTE $0x51; BYTE $0x52; BYTE $0xb9; BYTE $0xfb
+	BYTE $0xfc; BYTE $0xf9; BYTE $0xfa; BYTE $0xff
+	BYTE $0x5c; BYTE $0xf7; BYTE $0x53; BYTE $0x54
+	BYTE $0x55; BYTE $0x56; BYTE $0x57; BYTE $0x58
+	BYTE $0x59; BYTE $0x5a; BYTE $0xb2; BYTE $0xd4
+	BYTE $0xd6; BYTE $0xd2; BYTE $0xd3; BYTE $0xd5
+	BYTE $0x30; BYTE $0x31; BYTE $0x32; BYTE $0x33
+	BYTE $0x34; BYTE $0x35; BYTE $0x36; BYTE $0x37
+	BYTE $0x38; BYTE $0x39; BYTE $0xb3; BYTE $0xdb
+	BYTE $0xdc; BYTE $0xd9; BYTE $0xda; BYTE $0x9f
+
+retry:
+	WORD $0xB9931022 // TROO 2,2,b'0001'
+	BVS  retry
+	RET
diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go
deleted file mode 100644
index 7753fdde..00000000
--- a/vendor/golang.org/x/sys/unix/epoll_zos.go
+++ /dev/null
@@ -1,220 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build zos && s390x
-
-package unix
-
-import (
-	"sync"
-)
-
-// This file simulates epoll on z/OS using poll.
-
-// Analogous to epoll_event on Linux.
-// TODO(neeilan): Pad is because the Linux kernel expects a 96-bit struct. We never pass this to the kernel; remove?
-type EpollEvent struct {
-	Events uint32
-	Fd     int32
-	Pad    int32
-}
-
-const (
-	EPOLLERR      = 0x8
-	EPOLLHUP      = 0x10
-	EPOLLIN       = 0x1
-	EPOLLMSG      = 0x400
-	EPOLLOUT      = 0x4
-	EPOLLPRI      = 0x2
-	EPOLLRDBAND   = 0x80
-	EPOLLRDNORM   = 0x40
-	EPOLLWRBAND   = 0x200
-	EPOLLWRNORM   = 0x100
-	EPOLL_CTL_ADD = 0x1
-	EPOLL_CTL_DEL = 0x2
-	EPOLL_CTL_MOD = 0x3
-	// The following constants are part of the epoll API, but represent
-	// currently unsupported functionality on z/OS.
-	// EPOLL_CLOEXEC  = 0x80000
-	// EPOLLET        = 0x80000000
-	// EPOLLONESHOT   = 0x40000000
-	// EPOLLRDHUP     = 0x2000     // Typically used with edge-triggered notis
-	// EPOLLEXCLUSIVE = 0x10000000 // Exclusive wake-up mode
-	// EPOLLWAKEUP    = 0x20000000 // Relies on Linux's BLOCK_SUSPEND capability
-)
-
-// TODO(neeilan): We can eliminate these epToPoll / pToEpoll calls by using identical mask values for POLL/EPOLL
-// constants where possible The lower 16 bits of epoll events (uint32) can fit any system poll event (int16).
-
-// epToPollEvt converts epoll event field to poll equivalent.
-// In epoll, Events is a 32-bit field, while poll uses 16 bits.
-func epToPollEvt(events uint32) int16 {
-	var ep2p = map[uint32]int16{
-		EPOLLIN:  POLLIN,
-		EPOLLOUT: POLLOUT,
-		EPOLLHUP: POLLHUP,
-		EPOLLPRI: POLLPRI,
-		EPOLLERR: POLLERR,
-	}
-
-	var pollEvts int16 = 0
-	for epEvt, pEvt := range ep2p {
-		if (events & epEvt) != 0 {
-			pollEvts |= pEvt
-		}
-	}
-
-	return pollEvts
-}
-
-// pToEpollEvt converts 16 bit poll event bitfields to 32-bit epoll event fields.
-func pToEpollEvt(revents int16) uint32 {
-	var p2ep = map[int16]uint32{
-		POLLIN:  EPOLLIN,
-		POLLOUT: EPOLLOUT,
-		POLLHUP: EPOLLHUP,
-		POLLPRI: EPOLLPRI,
-		POLLERR: EPOLLERR,
-	}
-
-	var epollEvts uint32 = 0
-	for pEvt, epEvt := range p2ep {
-		if (revents & pEvt) != 0 {
-			epollEvts |= epEvt
-		}
-	}
-
-	return epollEvts
-}
-
-// Per-process epoll implementation.
-type epollImpl struct {
-	mu       sync.Mutex
-	epfd2ep  map[int]*eventPoll
-	nextEpfd int
-}
-
-// eventPoll holds a set of file descriptors being watched by the process. A process can have multiple epoll instances.
-// On Linux, this is an in-kernel data structure accessed through a fd.
-type eventPoll struct {
-	mu  sync.Mutex
-	fds map[int]*EpollEvent
-}
-
-// epoll impl for this process.
-var impl epollImpl = epollImpl{
-	epfd2ep:  make(map[int]*eventPoll),
-	nextEpfd: 0,
-}
-
-func (e *epollImpl) epollcreate(size int) (epfd int, err error) {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-	epfd = e.nextEpfd
-	e.nextEpfd++
-
-	e.epfd2ep[epfd] = &eventPoll{
-		fds: make(map[int]*EpollEvent),
-	}
-	return epfd, nil
-}
-
-func (e *epollImpl) epollcreate1(flag int) (fd int, err error) {
-	return e.epollcreate(4)
-}
-
-func (e *epollImpl) epollctl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	e.mu.Lock()
-	defer e.mu.Unlock()
-
-	ep, ok := e.epfd2ep[epfd]
-	if !ok {
-
-		return EBADF
-	}
-
-	switch op {
-	case EPOLL_CTL_ADD:
-		// TODO(neeilan): When we make epfds and fds disjoint, detect epoll
-		// loops here (instances watching each other) and return ELOOP.
-		if _, ok := ep.fds[fd]; ok {
-			return EEXIST
-		}
-		ep.fds[fd] = event
-	case EPOLL_CTL_MOD:
-		if _, ok := ep.fds[fd]; !ok {
-			return ENOENT
-		}
-		ep.fds[fd] = event
-	case EPOLL_CTL_DEL:
-		if _, ok := ep.fds[fd]; !ok {
-			return ENOENT
-		}
-		delete(ep.fds, fd)
-
-	}
-	return nil
-}
-
-// Must be called while holding ep.mu
-func (ep *eventPoll) getFds() []int {
-	fds := make([]int, len(ep.fds))
-	for fd := range ep.fds {
-		fds = append(fds, fd)
-	}
-	return fds
-}
-
-func (e *epollImpl) epollwait(epfd int, events []EpollEvent, msec int) (n int, err error) {
-	e.mu.Lock() // in [rare] case of concurrent epollcreate + epollwait
-	ep, ok := e.epfd2ep[epfd]
-
-	if !ok {
-		e.mu.Unlock()
-		return 0, EBADF
-	}
-
-	pollfds := make([]PollFd, 4)
-	for fd, epollevt := range ep.fds {
-		pollfds = append(pollfds, PollFd{Fd: int32(fd), Events: epToPollEvt(epollevt.Events)})
-	}
-	e.mu.Unlock()
-
-	n, err = Poll(pollfds, msec)
-	if err != nil {
-		return n, err
-	}
-
-	i := 0
-	for _, pFd := range pollfds {
-		if pFd.Revents != 0 {
-			events[i] = EpollEvent{Fd: pFd.Fd, Events: pToEpollEvt(pFd.Revents)}
-			i++
-		}
-
-		if i == n {
-			break
-		}
-	}
-
-	return n, nil
-}
-
-func EpollCreate(size int) (fd int, err error) {
-	return impl.epollcreate(size)
-}
-
-func EpollCreate1(flag int) (fd int, err error) {
-	return impl.epollcreate1(flag)
-}
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
-	return impl.epollctl(epfd, op, fd, event)
-}
-
-// Because EpollWait mutates events, the caller is expected to coordinate
-// concurrent access if calling with the same epfd from multiple goroutines.
-func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
-	return impl.epollwait(epfd, events, msec)
-}
diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
deleted file mode 100644
index c8bde601..00000000
--- a/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+++ /dev/null
@@ -1,163 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build zos && s390x
-
-package unix
-
-import (
-	"unsafe"
-)
-
-// This file simulates fstatfs on z/OS using fstatvfs and w_getmntent.
-
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
-	var stat_v Statvfs_t
-	err = Fstatvfs(fd, &stat_v)
-	if err == nil {
-		// populate stat
-		stat.Type = 0
-		stat.Bsize = stat_v.Bsize
-		stat.Blocks = stat_v.Blocks
-		stat.Bfree = stat_v.Bfree
-		stat.Bavail = stat_v.Bavail
-		stat.Files = stat_v.Files
-		stat.Ffree = stat_v.Ffree
-		stat.Fsid = stat_v.Fsid
-		stat.Namelen = stat_v.Namemax
-		stat.Frsize = stat_v.Frsize
-		stat.Flags = stat_v.Flag
-		for passn := 0; passn < 5; passn++ {
-			switch passn {
-			case 0:
-				err = tryGetmntent64(stat)
-				break
-			case 1:
-				err = tryGetmntent128(stat)
-				break
-			case 2:
-				err = tryGetmntent256(stat)
-				break
-			case 3:
-				err = tryGetmntent512(stat)
-				break
-			case 4:
-				err = tryGetmntent1024(stat)
-				break
-			default:
-				break
-			}
-			//proceed to return if: err is nil (found), err is nonnil but not ERANGE (another error occurred)
-			if err == nil || err != nil && err != ERANGE {
-				break
-			}
-		}
-	}
-	return err
-}
-
-func tryGetmntent64(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [64]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
-
-func tryGetmntent128(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [128]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
-
-func tryGetmntent256(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [256]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
-
-func tryGetmntent512(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [512]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
-
-func tryGetmntent1024(stat *Statfs_t) (err error) {
-	var mnt_ent_buffer struct {
-		header       W_Mnth
-		filesys_info [1024]W_Mntent
-	}
-	var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
-	fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
-	if err != nil {
-		return err
-	}
-	err = ERANGE //return ERANGE if no match is found in this batch
-	for i := 0; i < fs_count; i++ {
-		if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
-			stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
-			err = nil
-			break
-		}
-	}
-	return err
-}
diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go
index dbe680ea..7ca4fa12 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_linux.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go
@@ -58,6 +58,102 @@ func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) {
 	return &value, err
 }
 
+// IoctlGetEthtoolTsInfo fetches ethtool timestamping and PHC
+// association for the network device specified by ifname.
+func IoctlGetEthtoolTsInfo(fd int, ifname string) (*EthtoolTsInfo, error) {
+	ifr, err := NewIfreq(ifname)
+	if err != nil {
+		return nil, err
+	}
+
+	value := EthtoolTsInfo{Cmd: ETHTOOL_GET_TS_INFO}
+	ifrd := ifr.withData(unsafe.Pointer(&value))
+
+	err = ioctlIfreqData(fd, SIOCETHTOOL, &ifrd)
+	return &value, err
+}
+
+// IoctlGetHwTstamp retrieves the hardware timestamping configuration
+// for the network device specified by ifname.
+func IoctlGetHwTstamp(fd int, ifname string) (*HwTstampConfig, error) {
+	ifr, err := NewIfreq(ifname)
+	if err != nil {
+		return nil, err
+	}
+
+	value := HwTstampConfig{}
+	ifrd := ifr.withData(unsafe.Pointer(&value))
+
+	err = ioctlIfreqData(fd, SIOCGHWTSTAMP, &ifrd)
+	return &value, err
+}
+
+// IoctlSetHwTstamp updates the hardware timestamping configuration for
+// the network device specified by ifname.
+func IoctlSetHwTstamp(fd int, ifname string, cfg *HwTstampConfig) error {
+	ifr, err := NewIfreq(ifname)
+	if err != nil {
+		return err
+	}
+	ifrd := ifr.withData(unsafe.Pointer(cfg))
+	return ioctlIfreqData(fd, SIOCSHWTSTAMP, &ifrd)
+}
+
+// FdToClockID derives the clock ID from the file descriptor number
+// - see clock_gettime(3), FD_TO_CLOCKID macros. The resulting ID is
+// suitable for system calls like ClockGettime.
+func FdToClockID(fd int) int32 { return int32((int(^fd) << 3) | 3) }
+
+// IoctlPtpClockGetcaps returns the description of a given PTP device.
+func IoctlPtpClockGetcaps(fd int) (*PtpClockCaps, error) {
+	var value PtpClockCaps
+	err := ioctlPtr(fd, PTP_CLOCK_GETCAPS2, unsafe.Pointer(&value))
+	return &value, err
+}
+
+// IoctlPtpSysOffsetPrecise returns a description of the clock
+// offset compared to the system clock.
+func IoctlPtpSysOffsetPrecise(fd int) (*PtpSysOffsetPrecise, error) {
+	var value PtpSysOffsetPrecise
+	err := ioctlPtr(fd, PTP_SYS_OFFSET_PRECISE2, unsafe.Pointer(&value))
+	return &value, err
+}
+
+// IoctlPtpSysOffsetExtended returns an extended description of the
+// clock offset compared to the system clock. The samples parameter
+// specifies the desired number of measurements.
+func IoctlPtpSysOffsetExtended(fd int, samples uint) (*PtpSysOffsetExtended, error) {
+	value := PtpSysOffsetExtended{Samples: uint32(samples)}
+	err := ioctlPtr(fd, PTP_SYS_OFFSET_EXTENDED2, unsafe.Pointer(&value))
+	return &value, err
+}
+
+// IoctlPtpPinGetfunc returns the configuration of the specified
+// I/O pin on given PTP device.
+func IoctlPtpPinGetfunc(fd int, index uint) (*PtpPinDesc, error) {
+	value := PtpPinDesc{Index: uint32(index)}
+	err := ioctlPtr(fd, PTP_PIN_GETFUNC2, unsafe.Pointer(&value))
+	return &value, err
+}
+
+// IoctlPtpPinSetfunc updates configuration of the specified PTP
+// I/O pin.
+func IoctlPtpPinSetfunc(fd int, pd *PtpPinDesc) error {
+	return ioctlPtr(fd, PTP_PIN_SETFUNC2, unsafe.Pointer(pd))
+}
+
+// IoctlPtpPeroutRequest configures the periodic output mode of the
+// PTP I/O pins.
+func IoctlPtpPeroutRequest(fd int, r *PtpPeroutRequest) error {
+	return ioctlPtr(fd, PTP_PEROUT_REQUEST2, unsafe.Pointer(r))
+}
+
+// IoctlPtpExttsRequest configures the external timestamping mode
+// of the PTP I/O pins.
+func IoctlPtpExttsRequest(fd int, r *PtpExttsRequest) error {
+	return ioctlPtr(fd, PTP_EXTTS_REQUEST2, unsafe.Pointer(r))
+}
+
 // IoctlGetWatchdogInfo fetches information about a watchdog device from the
 // Linux watchdog API. For more information, see:
 // https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 6202638b..6ab02b6c 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -58,6 +58,7 @@ includes_Darwin='
 #define _DARWIN_USE_64_BIT_INODE
 #define __APPLE_USE_RFC_3542
 #include <stdint.h>
+#include <sys/stdio.h>
 #include <sys/attr.h>
 #include <sys/clonefile.h>
 #include <sys/kern_control.h>
@@ -157,6 +158,16 @@ includes_Linux='
 #endif
 #define _GNU_SOURCE
 
+// See the description in unix/linux/types.go
+#if defined(__ARM_EABI__) || \
+	(defined(__mips__) && (_MIPS_SIM == _ABIO32)) || \
+	(defined(__powerpc__) && (!defined(__powerpc64__)))
+# ifdef   _TIME_BITS
+#  undef  _TIME_BITS
+# endif
+# define  _TIME_BITS 32
+#endif
+
 // <sys/ioctl.h> is broken on powerpc64, as it fails to include definitions of
 // these structures. We just include them copied from <bits/termios.h>.
 #if defined(__powerpc__)
@@ -248,12 +259,14 @@ struct ltchars {
 #include <linux/module.h>
 #include <linux/mount.h>
 #include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nf_tables.h>
 #include <linux/netlink.h>
 #include <linux/net_namespace.h>
 #include <linux/nfc.h>
 #include <linux/nsfs.h>
 #include <linux/perf_event.h>
 #include <linux/pps.h>
+#include <linux/ptp_clock.h>
 #include <linux/ptrace.h>
 #include <linux/random.h>
 #include <linux/reboot.h>
@@ -262,6 +275,7 @@ struct ltchars {
 #include <linux/sched.h>
 #include <linux/seccomp.h>
 #include <linux/serial.h>
+#include <linux/sock_diag.h>
 #include <linux/sockios.h>
 #include <linux/taskstats.h>
 #include <linux/tipc.h>
@@ -283,10 +297,6 @@ struct ltchars {
 #include <asm/termbits.h>
 #endif
 
-#ifndef MSG_FASTOPEN
-#define MSG_FASTOPEN    0x20000000
-#endif
-
 #ifndef PTRACE_GETREGS
 #define PTRACE_GETREGS	0xc
 #endif
@@ -295,14 +305,6 @@ struct ltchars {
 #define PTRACE_SETREGS	0xd
 #endif
 
-#ifndef SOL_NETLINK
-#define SOL_NETLINK	270
-#endif
-
-#ifndef SOL_SMC
-#define SOL_SMC 286
-#endif
-
 #ifdef SOL_BLUETOOTH
 // SPARC includes this in /usr/include/sparc64-linux-gnu/bits/socket.h
 // but it is already in bluetooth_linux.go
@@ -319,10 +321,23 @@ struct ltchars {
 #undef TIPC_WAIT_FOREVER
 #define TIPC_WAIT_FOREVER 0xffffffff
 
-// Copied from linux/l2tp.h
-// Including linux/l2tp.h here causes conflicts between linux/in.h
-// and netinet/in.h included via net/route.h above.
-#define IPPROTO_L2TP		115
+// Copied from linux/netfilter/nf_nat.h
+// Including linux/netfilter/nf_nat.h here causes conflicts between linux/in.h
+// and netinet/in.h.
+#define NF_NAT_RANGE_MAP_IPS			(1 << 0)
+#define NF_NAT_RANGE_PROTO_SPECIFIED		(1 << 1)
+#define NF_NAT_RANGE_PROTO_RANDOM		(1 << 2)
+#define NF_NAT_RANGE_PERSISTENT			(1 << 3)
+#define NF_NAT_RANGE_PROTO_RANDOM_FULLY		(1 << 4)
+#define NF_NAT_RANGE_PROTO_OFFSET		(1 << 5)
+#define NF_NAT_RANGE_NETMAP			(1 << 6)
+#define NF_NAT_RANGE_PROTO_RANDOM_ALL		\
+	(NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PROTO_RANDOM_FULLY)
+#define NF_NAT_RANGE_MASK					\
+	(NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED |	\
+	 NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PERSISTENT |	\
+	 NF_NAT_RANGE_PROTO_RANDOM_FULLY | NF_NAT_RANGE_PROTO_OFFSET | \
+	 NF_NAT_RANGE_NETMAP)
 
 // Copied from linux/hid.h.
 // Keep in sync with the size of the referenced fields.
@@ -523,6 +538,7 @@ ccflags="$@"
 		$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ ||
 		$2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ ||
 		$2 ~ /^NFC_.*_(MAX)?SIZE$/ ||
+		$2 ~ /^PTP_/ ||
 		$2 ~ /^RAW_PAYLOAD_/ ||
 		$2 ~ /^[US]F_/ ||
 		$2 ~ /^TP_STATUS_/ ||
@@ -547,6 +563,8 @@ ccflags="$@"
 		$2 !~ "NLA_TYPE_MASK" &&
 		$2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ &&
 		$2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ ||
+		$2 ~ /^SOCK_|SK_DIAG_|SKNLGRP_$/ ||
+		$2 ~ /^(CONNECT|SAE)_/ ||
 		$2 ~ /^FIORDCHK$/ ||
 		$2 ~ /^SIOC/ ||
 		$2 ~ /^TIOC/ ||
@@ -582,7 +600,7 @@ ccflags="$@"
 		$2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ ||
 		$2 ~ /^KEYCTL_/ ||
 		$2 ~ /^PERF_/ ||
-		$2 ~ /^SECCOMP_MODE_/ ||
+		$2 ~ /^SECCOMP_/ ||
 		$2 ~ /^SEEK_/ ||
 		$2 ~ /^SCHED_/ ||
 		$2 ~ /^SPLICE_/ ||
@@ -603,6 +621,9 @@ ccflags="$@"
 		$2 ~ /^FSOPT_/ ||
 		$2 ~ /^WDIO[CFS]_/ ||
 		$2 ~ /^NFN/ ||
+		$2 !~ /^NFT_META_IIFTYPE/ &&
+		$2 ~ /^NFT_/ ||
+		$2 ~ /^NF_NAT_/ ||
 		$2 ~ /^XDP_/ ||
 		$2 ~ /^RWF_/ ||
 		$2 ~ /^(HDIO|WIN|SMART)_/ ||
@@ -647,7 +668,7 @@ errors=$(
 signals=$(
 	echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print $2 }' |
-	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
+	grep -E -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
 	sort
 )
 
@@ -657,7 +678,7 @@ echo '#include <errno.h>' | $CC -x c - -E -dM $ccflags |
 	sort >_error.grep
 echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
 	awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print "^\t" $2 "[ \t]*=" }' |
-	grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
+	grep -E -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
 	sort >_signal.grep
 
 echo '// mkerrors.sh' "$@"
diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
index 4b68e597..7f602ffd 100644
--- a/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
+//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go
index fd45fe52..3a5e776f 100644
--- a/vendor/golang.org/x/sys/unix/mremap.go
+++ b/vendor/golang.org/x/sys/unix/mremap.go
@@ -50,3 +50,8 @@ func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data [
 func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) {
 	return mapper.Mremap(oldData, newLength, flags)
 }
+
+func MremapPtr(oldAddr unsafe.Pointer, oldSize uintptr, newAddr unsafe.Pointer, newSize uintptr, flags int) (ret unsafe.Pointer, err error) {
+	xaddr, err := mapper.mremap(uintptr(oldAddr), oldSize, newSize, flags, uintptr(newAddr))
+	return unsafe.Pointer(xaddr), err
+}
diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 4d0a3430..0482408d 100644
--- a/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
 
 // For Unix, get the pagesize from the runtime.
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
index 130398b6..b903c006 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin
+//go:build darwin || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_zos.go b/vendor/golang.org/x/sys/unix/sockcmsg_zos.go
new file mode 100644
index 00000000..3e53dbc0
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_zos.go
@@ -0,0 +1,58 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Socket control messages
+
+package unix
+
+import "unsafe"
+
+// UnixCredentials encodes credentials into a socket control message
+// for sending to another process. This can be used for
+// authentication.
+func UnixCredentials(ucred *Ucred) []byte {
+	b := make([]byte, CmsgSpace(SizeofUcred))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_SOCKET
+	h.Type = SCM_CREDENTIALS
+	h.SetLen(CmsgLen(SizeofUcred))
+	*(*Ucred)(h.data(0)) = *ucred
+	return b
+}
+
+// ParseUnixCredentials decodes a socket control message that contains
+// credentials in a Ucred structure. To receive such a message, the
+// SO_PASSCRED option must be enabled on the socket.
+func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) {
+	if m.Header.Level != SOL_SOCKET {
+		return nil, EINVAL
+	}
+	if m.Header.Type != SCM_CREDENTIALS {
+		return nil, EINVAL
+	}
+	ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
+	return &ucred, nil
+}
+
+// PktInfo4 encodes Inet4Pktinfo into a socket control message of type IP_PKTINFO.
+func PktInfo4(info *Inet4Pktinfo) []byte {
+	b := make([]byte, CmsgSpace(SizeofInet4Pktinfo))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_IP
+	h.Type = IP_PKTINFO
+	h.SetLen(CmsgLen(SizeofInet4Pktinfo))
+	*(*Inet4Pktinfo)(h.data(0)) = *info
+	return b
+}
+
+// PktInfo6 encodes Inet6Pktinfo into a socket control message of type IPV6_PKTINFO.
+func PktInfo6(info *Inet6Pktinfo) []byte {
+	b := make([]byte, CmsgSpace(SizeofInet6Pktinfo))
+	h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+	h.Level = SOL_IPV6
+	h.Type = IPV6_PKTINFO
+	h.SetLen(CmsgLen(SizeofInet6Pktinfo))
+	*(*Inet6Pktinfo)(h.data(0)) = *info
+	return b
+}
diff --git a/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s b/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s
new file mode 100644
index 00000000..3c4f33cb
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s
@@ -0,0 +1,75 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x && gc
+
+#include "textflag.h"
+
+//  provide the address of function variable to be fixed up.
+
+TEXT ·getPipe2Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Pipe2(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_FlockAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Flock(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_GetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Getxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_NanosleepAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Nanosleep(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_SetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Setxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_Wait4Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Wait4(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_MountAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Mount(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_UnmountAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Unmount(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_UtimesNanoAtAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·UtimesNanoAt(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_UtimesNanoAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·UtimesNano(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_MkfifoatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Mkfifoat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_ChtagAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Chtag(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+TEXT ·get_ReadlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Readlinkat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+	
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index 67ce6cef..6f15ba1e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -360,7 +360,7 @@ func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int,
 	var status _C_int
 	var r Pid_t
 	err = ERESTART
-	// AIX wait4 may return with ERESTART errno, while the processus is still
+	// AIX wait4 may return with ERESTART errno, while the process is still
 	// active.
 	for err == ERESTART {
 		r, err = wait4(Pid_t(pid), &status, options, rusage)
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 59542a89..798f61ad 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -402,6 +402,18 @@ func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error {
 	return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq))
 }
 
+//sys	renamexNp(from string, to string, flag uint32) (err error)
+
+func RenamexNp(from string, to string, flag uint32) (err error) {
+	return renamexNp(from, to, flag)
+}
+
+//sys	renameatxNp(fromfd int, from string, tofd int, to string, flag uint32) (err error)
+
+func RenameatxNp(fromfd int, from string, tofd int, to string, flag uint32) (err error) {
+	return renameatxNp(fromfd, from, tofd, to, flag)
+}
+
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL
 
 func Uname(uname *Utsname) error {
@@ -542,6 +554,198 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) {
 	}
 }
 
+//sys	pthread_chdir_np(path string) (err error)
+
+func PthreadChdir(path string) (err error) {
+	return pthread_chdir_np(path)
+}
+
+//sys	pthread_fchdir_np(fd int) (err error)
+
+func PthreadFchdir(fd int) (err error) {
+	return pthread_fchdir_np(fd)
+}
+
+// Connectx calls connectx(2) to initiate a connection on a socket.
+//
+// srcIf, srcAddr, and dstAddr are filled into a [SaEndpoints] struct and passed as the endpoints argument.
+//
+//   - srcIf is the optional source interface index. 0 means unspecified.
+//   - srcAddr is the optional source address. nil means unspecified.
+//   - dstAddr is the destination address.
+//
+// On success, Connectx returns the number of bytes enqueued for transmission.
+func Connectx(fd int, srcIf uint32, srcAddr, dstAddr Sockaddr, associd SaeAssocID, flags uint32, iov []Iovec, connid *SaeConnID) (n uintptr, err error) {
+	endpoints := SaEndpoints{
+		Srcif: srcIf,
+	}
+
+	if srcAddr != nil {
+		addrp, addrlen, err := srcAddr.sockaddr()
+		if err != nil {
+			return 0, err
+		}
+		endpoints.Srcaddr = (*RawSockaddr)(addrp)
+		endpoints.Srcaddrlen = uint32(addrlen)
+	}
+
+	if dstAddr != nil {
+		addrp, addrlen, err := dstAddr.sockaddr()
+		if err != nil {
+			return 0, err
+		}
+		endpoints.Dstaddr = (*RawSockaddr)(addrp)
+		endpoints.Dstaddrlen = uint32(addrlen)
+	}
+
+	err = connectx(fd, &endpoints, associd, flags, iov, &n, connid)
+	return
+}
+
+// sys	connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error)
+const minIovec = 8
+
+func Readv(fd int, iovs [][]byte) (n int, err error) {
+	if !darwinKernelVersionMin(11, 0, 0) {
+		return 0, ENOSYS
+	}
+
+	iovecs := make([]Iovec, 0, minIovec)
+	iovecs = appendBytes(iovecs, iovs)
+	n, err = readv(fd, iovecs)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func Preadv(fd int, iovs [][]byte, offset int64) (n int, err error) {
+	if !darwinKernelVersionMin(11, 0, 0) {
+		return 0, ENOSYS
+	}
+	iovecs := make([]Iovec, 0, minIovec)
+	iovecs = appendBytes(iovecs, iovs)
+	n, err = preadv(fd, iovecs, offset)
+	readvRacedetect(iovecs, n, err)
+	return n, err
+}
+
+func Writev(fd int, iovs [][]byte) (n int, err error) {
+	if !darwinKernelVersionMin(11, 0, 0) {
+		return 0, ENOSYS
+	}
+
+	iovecs := make([]Iovec, 0, minIovec)
+	iovecs = appendBytes(iovecs, iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	n, err = writev(fd, iovecs)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func Pwritev(fd int, iovs [][]byte, offset int64) (n int, err error) {
+	if !darwinKernelVersionMin(11, 0, 0) {
+		return 0, ENOSYS
+	}
+
+	iovecs := make([]Iovec, 0, minIovec)
+	iovecs = appendBytes(iovecs, iovs)
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	n, err = pwritev(fd, iovecs, offset)
+	writevRacedetect(iovecs, n)
+	return n, err
+}
+
+func appendBytes(vecs []Iovec, bs [][]byte) []Iovec {
+	for _, b := range bs {
+		var v Iovec
+		v.SetLen(len(b))
+		if len(b) > 0 {
+			v.Base = &b[0]
+		} else {
+			v.Base = (*byte)(unsafe.Pointer(&_zero))
+		}
+		vecs = append(vecs, v)
+	}
+	return vecs
+}
+
+func writevRacedetect(iovecs []Iovec, n int) {
+	if !raceenabled {
+		return
+	}
+	for i := 0; n > 0 && i < len(iovecs); i++ {
+		m := int(iovecs[i].Len)
+		if m > n {
+			m = n
+		}
+		n -= m
+		if m > 0 {
+			raceReadRange(unsafe.Pointer(iovecs[i].Base), m)
+		}
+	}
+}
+
+func readvRacedetect(iovecs []Iovec, n int, err error) {
+	if !raceenabled {
+		return
+	}
+	for i := 0; n > 0 && i < len(iovecs); i++ {
+		m := int(iovecs[i].Len)
+		if m > n {
+			m = n
+		}
+		n -= m
+		if m > 0 {
+			raceWriteRange(unsafe.Pointer(iovecs[i].Base), m)
+		}
+	}
+	if err == nil {
+		raceAcquire(unsafe.Pointer(&ioSync))
+	}
+}
+
+func darwinMajorMinPatch() (maj, min, patch int, err error) {
+	var un Utsname
+	err = Uname(&un)
+	if err != nil {
+		return
+	}
+
+	var mmp [3]int
+	c := 0
+Loop:
+	for _, b := range un.Release[:] {
+		switch {
+		case b >= '0' && b <= '9':
+			mmp[c] = 10*mmp[c] + int(b-'0')
+		case b == '.':
+			c++
+			if c > 2 {
+				return 0, 0, 0, ENOTSUP
+			}
+		case b == 0:
+			break Loop
+		default:
+			return 0, 0, 0, ENOTSUP
+		}
+	}
+	if c != 2 {
+		return 0, 0, 0, ENOTSUP
+	}
+	return mmp[0], mmp[1], mmp[2], nil
+}
+
+func darwinKernelVersionMin(maj, min, patch int) bool {
+	actualMaj, actualMin, actualPatch, err := darwinMajorMinPatch()
+	if err != nil {
+		return false
+	}
+	return actualMaj > maj || actualMaj == maj && (actualMin > min || actualMin == min && actualPatch >= patch)
+}
+
 //sys	sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error)
 
 //sys	shmat(id int, addr uintptr, flag int) (ret uintptr, err error)
@@ -644,3 +848,7 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) {
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
 //sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	readv(fd int, iovecs []Iovec) (n int, err error)
+//sys	preadv(fd int, iovecs []Iovec, offset int64) (n int, err error)
+//sys	writev(fd int, iovecs []Iovec) (n int, err error)
+//sys	pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
index 16dc6993..2f0fa76e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin && go1.12
+//go:build darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
index 97cb916f..be8c0020 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -246,6 +246,18 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 	return sendfile(outfd, infd, offset, count)
 }
 
+func Dup3(oldfd, newfd, flags int) error {
+	if oldfd == newfd || flags&^O_CLOEXEC != 0 {
+		return EINVAL
+	}
+	how := F_DUP2FD
+	if flags&O_CLOEXEC != 0 {
+		how = F_DUP2FD_CLOEXEC
+	}
+	_, err := fcntl(oldfd, how, newfd)
+	return err
+}
+
 /*
  * Exposed directly
  */
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index 64d1bb4d..2b57e0f7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -13,6 +13,7 @@
 package unix
 
 import (
+	"errors"
 	"sync"
 	"unsafe"
 )
@@ -169,25 +170,26 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
 func Uname(uname *Utsname) error {
 	mib := []_C_int{CTL_KERN, KERN_OSTYPE}
 	n := unsafe.Sizeof(uname.Sysname)
-	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
+	// Suppress ENOMEM errors to be compatible with the C library __xuname() implementation.
+	if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
 	mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
 	n = unsafe.Sizeof(uname.Nodename)
-	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
+	if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
 	mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
 	n = unsafe.Sizeof(uname.Release)
-	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
+	if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
 	mib = []_C_int{CTL_KERN, KERN_VERSION}
 	n = unsafe.Sizeof(uname.Version)
-	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
+	if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
@@ -205,7 +207,7 @@ func Uname(uname *Utsname) error {
 
 	mib = []_C_int{CTL_HW, HW_MACHINE}
 	n = unsafe.Sizeof(uname.Machine)
-	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
+	if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
 		return err
 	}
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go
index ba46651f..a6a2d2fc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -11,6 +11,7 @@ package unix
 int ioctl(int, unsigned long int, uintptr_t);
 */
 import "C"
+import "unsafe"
 
 func ioctl(fd int, req uint, arg uintptr) (err error) {
 	r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(arg))
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index 0f85e29e..4958a657 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -13,6 +13,7 @@ package unix
 
 import (
 	"encoding/binary"
+	"slices"
 	"strconv"
 	"syscall"
 	"time"
@@ -417,7 +418,7 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 		return nil, 0, EINVAL
 	}
 	sa.raw.Family = AF_UNIX
-	for i := 0; i < n; i++ {
+	for i := range n {
 		sa.raw.Path[i] = int8(name[i])
 	}
 	// length is family (uint16), name, NUL.
@@ -507,7 +508,7 @@ func (sa *SockaddrL2) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	psm := (*[2]byte)(unsafe.Pointer(&sa.raw.Psm))
 	psm[0] = byte(sa.PSM)
 	psm[1] = byte(sa.PSM >> 8)
-	for i := 0; i < len(sa.Addr); i++ {
+	for i := range len(sa.Addr) {
 		sa.raw.Bdaddr[i] = sa.Addr[len(sa.Addr)-1-i]
 	}
 	cid := (*[2]byte)(unsafe.Pointer(&sa.raw.Cid))
@@ -589,11 +590,11 @@ func (sa *SockaddrCAN) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	sa.raw.Family = AF_CAN
 	sa.raw.Ifindex = int32(sa.Ifindex)
 	rx := (*[4]byte)(unsafe.Pointer(&sa.RxID))
-	for i := 0; i < 4; i++ {
+	for i := range 4 {
 		sa.raw.Addr[i] = rx[i]
 	}
 	tx := (*[4]byte)(unsafe.Pointer(&sa.TxID))
-	for i := 0; i < 4; i++ {
+	for i := range 4 {
 		sa.raw.Addr[i+4] = tx[i]
 	}
 	return unsafe.Pointer(&sa.raw), SizeofSockaddrCAN, nil
@@ -618,11 +619,11 @@ func (sa *SockaddrCANJ1939) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	sa.raw.Family = AF_CAN
 	sa.raw.Ifindex = int32(sa.Ifindex)
 	n := (*[8]byte)(unsafe.Pointer(&sa.Name))
-	for i := 0; i < 8; i++ {
+	for i := range 8 {
 		sa.raw.Addr[i] = n[i]
 	}
 	p := (*[4]byte)(unsafe.Pointer(&sa.PGN))
-	for i := 0; i < 4; i++ {
+	for i := range 4 {
 		sa.raw.Addr[i+8] = p[i]
 	}
 	sa.raw.Addr[12] = sa.Addr
@@ -911,7 +912,7 @@ func (sa *SockaddrIUCV) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	// These are EBCDIC encoded by the kernel, but we still need to pad them
 	// with blanks. Initializing with blanks allows the caller to feed in either
 	// a padded or an unpadded string.
-	for i := 0; i < 8; i++ {
+	for i := range 8 {
 		sa.raw.Nodeid[i] = ' '
 		sa.raw.User_id[i] = ' '
 		sa.raw.Name[i] = ' '
@@ -1148,7 +1149,7 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		var user [8]byte
 		var name [8]byte
 
-		for i := 0; i < 8; i++ {
+		for i := range 8 {
 			user[i] = byte(pp.User_id[i])
 			name[i] = byte(pp.Name[i])
 		}
@@ -1173,11 +1174,11 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				Ifindex: int(pp.Ifindex),
 			}
 			name := (*[8]byte)(unsafe.Pointer(&sa.Name))
-			for i := 0; i < 8; i++ {
+			for i := range 8 {
 				name[i] = pp.Addr[i]
 			}
 			pgn := (*[4]byte)(unsafe.Pointer(&sa.PGN))
-			for i := 0; i < 4; i++ {
+			for i := range 4 {
 				pgn[i] = pp.Addr[i+8]
 			}
 			addr := (*[1]byte)(unsafe.Pointer(&sa.Addr))
@@ -1188,11 +1189,11 @@ func anyToSockaddr(fd int, rsa *RawSockaddrAny) (Sockaddr, error) {
 				Ifindex: int(pp.Ifindex),
 			}
 			rx := (*[4]byte)(unsafe.Pointer(&sa.RxID))
-			for i := 0; i < 4; i++ {
+			for i := range 4 {
 				rx[i] = pp.Addr[i]
 			}
 			tx := (*[4]byte)(unsafe.Pointer(&sa.TxID))
-			for i := 0; i < 4; i++ {
+			for i := range 4 {
 				tx[i] = pp.Addr[i+4]
 			}
 			return sa, nil
@@ -1295,6 +1296,48 @@ func GetsockoptTCPInfo(fd, level, opt int) (*TCPInfo, error) {
 	return &value, err
 }
 
+// GetsockoptTCPCCVegasInfo returns algorithm specific congestion control information for a socket using the "vegas"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+//	algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCVegasInfo(fd, level, opt int) (*TCPVegasInfo, error) {
+	var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+	vallen := _Socklen(SizeofTCPCCInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+	out := (*TCPVegasInfo)(unsafe.Pointer(&value[0]))
+	return out, err
+}
+
+// GetsockoptTCPCCDCTCPInfo returns algorithm specific congestion control information for a socket using the "dctp"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+//	algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCDCTCPInfo(fd, level, opt int) (*TCPDCTCPInfo, error) {
+	var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+	vallen := _Socklen(SizeofTCPCCInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+	out := (*TCPDCTCPInfo)(unsafe.Pointer(&value[0]))
+	return out, err
+}
+
+// GetsockoptTCPCCBBRInfo returns algorithm specific congestion control information for a socket using the "bbr"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+//	algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCBBRInfo(fd, level, opt int) (*TCPBBRInfo, error) {
+	var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+	vallen := _Socklen(SizeofTCPCCInfo)
+	err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+	out := (*TCPBBRInfo)(unsafe.Pointer(&value[0]))
+	return out, err
+}
+
 // GetsockoptString returns the string value of the socket option opt for the
 // socket associated with fd at the given socket level.
 func GetsockoptString(fd, level, opt int) (string, error) {
@@ -1818,6 +1861,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 //sys	ClockAdjtime(clockid int32, buf *Timex) (state int, err error)
 //sys	ClockGetres(clockid int32, res *Timespec) (err error)
 //sys	ClockGettime(clockid int32, time *Timespec) (err error)
+//sys	ClockSettime(clockid int32, time *Timespec) (err error)
 //sys	ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error)
 //sys	Close(fd int) (err error)
 //sys	CloseRange(first uint, last uint, flags uint) (err error)
@@ -1849,6 +1893,105 @@ func Dup2(oldfd, newfd int) error {
 //sys	Fsmount(fd int, flags int, mountAttrs int) (fsfd int, err error)
 //sys	Fsopen(fsName string, flags int) (fd int, err error)
 //sys	Fspick(dirfd int, pathName string, flags int) (fd int, err error)
+
+//sys	fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error)
+
+func fsconfigCommon(fd int, cmd uint, key string, value *byte, aux int) (err error) {
+	var keyp *byte
+	if keyp, err = BytePtrFromString(key); err != nil {
+		return
+	}
+	return fsconfig(fd, cmd, keyp, value, aux)
+}
+
+// FsconfigSetFlag is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_FLAG.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+func FsconfigSetFlag(fd int, key string) (err error) {
+	return fsconfigCommon(fd, FSCONFIG_SET_FLAG, key, nil, 0)
+}
+
+// FsconfigSetString is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_STRING.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is the parameter value to set.
+func FsconfigSetString(fd int, key string, value string) (err error) {
+	var valuep *byte
+	if valuep, err = BytePtrFromString(value); err != nil {
+		return
+	}
+	return fsconfigCommon(fd, FSCONFIG_SET_STRING, key, valuep, 0)
+}
+
+// FsconfigSetBinary is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_BINARY.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is the parameter value to set.
+func FsconfigSetBinary(fd int, key string, value []byte) (err error) {
+	if len(value) == 0 {
+		return EINVAL
+	}
+	return fsconfigCommon(fd, FSCONFIG_SET_BINARY, key, &value[0], len(value))
+}
+
+// FsconfigSetPath is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_PATH.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// path is a non-empty path for specified key.
+// atfd is a file descriptor at which to start lookup from or AT_FDCWD.
+func FsconfigSetPath(fd int, key string, path string, atfd int) (err error) {
+	var valuep *byte
+	if valuep, err = BytePtrFromString(path); err != nil {
+		return
+	}
+	return fsconfigCommon(fd, FSCONFIG_SET_PATH, key, valuep, atfd)
+}
+
+// FsconfigSetPathEmpty is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_PATH_EMPTY. The same as
+// FconfigSetPath but with AT_PATH_EMPTY implied.
+func FsconfigSetPathEmpty(fd int, key string, path string, atfd int) (err error) {
+	var valuep *byte
+	if valuep, err = BytePtrFromString(path); err != nil {
+		return
+	}
+	return fsconfigCommon(fd, FSCONFIG_SET_PATH_EMPTY, key, valuep, atfd)
+}
+
+// FsconfigSetFd is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_FD.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is a file descriptor to be assigned to specified key.
+func FsconfigSetFd(fd int, key string, value int) (err error) {
+	return fsconfigCommon(fd, FSCONFIG_SET_FD, key, nil, value)
+}
+
+// FsconfigCreate is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_CMD_CREATE.
+//
+// fd is the filesystem context to act upon.
+func FsconfigCreate(fd int) (err error) {
+	return fsconfig(fd, FSCONFIG_CMD_CREATE, nil, nil, 0)
+}
+
+// FsconfigReconfigure is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_CMD_RECONFIGURE.
+//
+// fd is the filesystem context to act upon.
+func FsconfigReconfigure(fd int) (err error) {
+	return fsconfig(fd, FSCONFIG_CMD_RECONFIGURE, nil, nil, 0)
+}
+
 //sys	Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64
 //sysnb	Getpgid(pid int) (pgid int, err error)
 
@@ -1860,7 +2003,26 @@ func Getpgrp() (pid int) {
 //sysnb	Getpid() (pid int)
 //sysnb	Getppid() (ppid int)
 //sys	Getpriority(which int, who int) (prio int, err error)
-//sys	Getrandom(buf []byte, flags int) (n int, err error)
+
+func Getrandom(buf []byte, flags int) (n int, err error) {
+	vdsoRet, supported := vgetrandom(buf, uint32(flags))
+	if supported {
+		if vdsoRet < 0 {
+			return 0, errnoErr(syscall.Errno(-vdsoRet))
+		}
+		return vdsoRet, nil
+	}
+	var p *byte
+	if len(buf) > 0 {
+		p = &buf[0]
+	}
+	r, _, e := Syscall(SYS_GETRANDOM, uintptr(unsafe.Pointer(p)), uintptr(len(buf)), uintptr(flags))
+	if e != 0 {
+		return 0, errnoErr(e)
+	}
+	return int(r), nil
+}
+
 //sysnb	Getrusage(who int, rusage *Rusage) (err error)
 //sysnb	Getsid(pid int) (sid int, err error)
 //sysnb	Gettid() (tid int)
@@ -2055,10 +2217,7 @@ func readvRacedetect(iovecs []Iovec, n int, err error) {
 		return
 	}
 	for i := 0; n > 0 && i < len(iovecs); i++ {
-		m := int(iovecs[i].Len)
-		if m > n {
-			m = n
-		}
+		m := min(int(iovecs[i].Len), n)
 		n -= m
 		if m > 0 {
 			raceWriteRange(unsafe.Pointer(iovecs[i].Base), m)
@@ -2109,10 +2268,7 @@ func writevRacedetect(iovecs []Iovec, n int) {
 		return
 	}
 	for i := 0; n > 0 && i < len(iovecs); i++ {
-		m := int(iovecs[i].Len)
-		if m > n {
-			m = n
-		}
+		m := min(int(iovecs[i].Len), n)
 		n -= m
 		if m > 0 {
 			raceReadRange(unsafe.Pointer(iovecs[i].Base), m)
@@ -2159,12 +2315,7 @@ func isGroupMember(gid int) bool {
 		return false
 	}
 
-	for _, g := range groups {
-		if g == gid {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(groups, gid)
 }
 
 func isCapDacOverrideSet() bool {
@@ -2493,3 +2644,4 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
 }
 
 //sys	Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
+//sys	Mseal(b []byte, flags uint) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index cf2ee6c7..745e5c7e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -182,3 +182,5 @@ func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error
 	}
 	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index 3d0e9845..dd2262a4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -214,3 +214,5 @@ func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error
 	}
 	return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
 }
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 6f5a2889..8cf3670b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -187,3 +187,5 @@ func RISCVHWProbe(pairs []RISCVHWProbePairs, set *CPUSet, flags uint) (err error
 	}
 	return riscvHWProbe(pairs, setSize, set, flags)
 }
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index b25343c7..b86ded54 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -293,6 +293,7 @@ func Uname(uname *Utsname) error {
 //sys	Mkfifoat(dirfd int, path string, mode uint32) (err error)
 //sys	Mknod(path string, mode uint32, dev int) (err error)
 //sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
+//sys	Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error)
 //sys	Nanosleep(time *Timespec, leftover *Timespec) (err error)
 //sys	Open(path string, mode int, perm uint32) (fd int, err error)
 //sys	Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index 21974af0..abc39554 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -1102,3 +1102,90 @@ func (s *Strioctl) SetInt(i int) {
 func IoctlSetStrioctlRetInt(fd int, req int, s *Strioctl) (int, error) {
 	return ioctlPtrRet(fd, req, unsafe.Pointer(s))
 }
+
+// Ucred Helpers
+// See ucred(3c) and getpeerucred(3c)
+
+//sys	getpeerucred(fd uintptr, ucred *uintptr) (err error)
+//sys	ucredFree(ucred uintptr) = ucred_free
+//sys	ucredGet(pid int) (ucred uintptr, err error) = ucred_get
+//sys	ucredGeteuid(ucred uintptr) (uid int) = ucred_geteuid
+//sys	ucredGetegid(ucred uintptr) (gid int) = ucred_getegid
+//sys	ucredGetruid(ucred uintptr) (uid int) = ucred_getruid
+//sys	ucredGetrgid(ucred uintptr) (gid int) = ucred_getrgid
+//sys	ucredGetsuid(ucred uintptr) (uid int) = ucred_getsuid
+//sys	ucredGetsgid(ucred uintptr) (gid int) = ucred_getsgid
+//sys	ucredGetpid(ucred uintptr) (pid int) = ucred_getpid
+
+// Ucred is an opaque struct that holds user credentials.
+type Ucred struct {
+	ucred uintptr
+}
+
+// We need to ensure that ucredFree is called on the underlying ucred
+// when the Ucred is garbage collected.
+func ucredFinalizer(u *Ucred) {
+	ucredFree(u.ucred)
+}
+
+func GetPeerUcred(fd uintptr) (*Ucred, error) {
+	var ucred uintptr
+	err := getpeerucred(fd, &ucred)
+	if err != nil {
+		return nil, err
+	}
+	result := &Ucred{
+		ucred: ucred,
+	}
+	// set the finalizer on the result so that the ucred will be freed
+	runtime.SetFinalizer(result, ucredFinalizer)
+	return result, nil
+}
+
+func UcredGet(pid int) (*Ucred, error) {
+	ucred, err := ucredGet(pid)
+	if err != nil {
+		return nil, err
+	}
+	result := &Ucred{
+		ucred: ucred,
+	}
+	// set the finalizer on the result so that the ucred will be freed
+	runtime.SetFinalizer(result, ucredFinalizer)
+	return result, nil
+}
+
+func (u *Ucred) Geteuid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGeteuid(u.ucred)
+}
+
+func (u *Ucred) Getruid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetruid(u.ucred)
+}
+
+func (u *Ucred) Getsuid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetsuid(u.ucred)
+}
+
+func (u *Ucred) Getegid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetegid(u.ucred)
+}
+
+func (u *Ucred) Getrgid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetrgid(u.ucred)
+}
+
+func (u *Ucred) Getsgid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetsgid(u.ucred)
+}
+
+func (u *Ucred) Getpid() int {
+	defer runtime.KeepAlive(u)
+	return ucredGetpid(u.ucred)
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index 77081de8..4e92e5aa 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -154,6 +154,15 @@ func Munmap(b []byte) (err error) {
 	return mapper.Munmap(b)
 }
 
+func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) {
+	xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset)
+	return unsafe.Pointer(xaddr), err
+}
+
+func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) {
+	return mapper.munmap(uintptr(addr), length)
+}
+
 func Read(fd int, p []byte) (n int, err error) {
 	n, err = read(fd, p)
 	if raceenabled {
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index b473038c..7bf5c04b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -4,11 +4,21 @@
 
 //go:build zos && s390x
 
+// Many of the following syscalls are not available on all versions of z/OS.
+// Some missing calls have legacy implementations/simulations but others
+// will be missing completely. To achieve consistent failing behaviour on
+// legacy systems, we first test the function pointer via a safeloading
+// mechanism to see if the function exists on a given system. Then execution
+// is branched to either continue the function call, or return an error.
+
 package unix
 
 import (
 	"bytes"
 	"fmt"
+	"os"
+	"reflect"
+	"regexp"
 	"runtime"
 	"sort"
 	"strings"
@@ -17,17 +27,205 @@ import (
 	"unsafe"
 )
 
+//go:noescape
+func initZosLibVec()
+
+//go:noescape
+func GetZosLibVec() uintptr
+
+func init() {
+	initZosLibVec()
+	r0, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS_____GETENV_A<<4, uintptr(unsafe.Pointer(&([]byte("__ZOS_XSYSTRACE\x00"))[0])))
+	if r0 != 0 {
+		n, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___ATOI_A<<4, r0)
+		ZosTraceLevel = int(n)
+		r0, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS_____GETENV_A<<4, uintptr(unsafe.Pointer(&([]byte("__ZOS_XSYSTRACEFD\x00"))[0])))
+		if r0 != 0 {
+			fd, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___ATOI_A<<4, r0)
+			f := os.NewFile(fd, "zostracefile")
+			if f != nil {
+				ZosTracefile = f
+			}
+		}
+
+	}
+}
+
+//go:noescape
+func CallLeFuncWithErr(funcdesc uintptr, parms ...uintptr) (ret, errno2 uintptr, err Errno)
+
+//go:noescape
+func CallLeFuncWithPtrReturn(funcdesc uintptr, parms ...uintptr) (ret, errno2 uintptr, err Errno)
+
+// -------------------------------
+// pointer validity test
+// good pointer returns 0
+// bad pointer returns 1
+//
+//go:nosplit
+func ptrtest(uintptr) uint64
+
+// Load memory at ptr location with error handling if the location is invalid
+//
+//go:noescape
+func safeload(ptr uintptr) (value uintptr, error uintptr)
+
 const (
-	O_CLOEXEC = 0       // Dummy value (not supported).
-	AF_LOCAL  = AF_UNIX // AF_LOCAL is an alias for AF_UNIX
+	entrypointLocationOffset = 8 // From function descriptor
+
+	xplinkEyecatcher   = 0x00c300c500c500f1 // ".C.E.E.1"
+	eyecatcherOffset   = 16                 // From function entrypoint (negative)
+	ppa1LocationOffset = 8                  // From function entrypoint (negative)
+
+	nameLenOffset = 0x14 // From PPA1 start
+	nameOffset    = 0x16 // From PPA1 start
 )
 
-func syscall_syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno)
+func getPpaOffset(funcptr uintptr) int64 {
+	entrypoint, err := safeload(funcptr + entrypointLocationOffset)
+	if err != 0 {
+		return -1
+	}
+
+	// XPLink functions have ".C.E.E.1" as the first 8 bytes (EBCDIC)
+	val, err := safeload(entrypoint - eyecatcherOffset)
+	if err != 0 {
+		return -1
+	}
+	if val != xplinkEyecatcher {
+		return -1
+	}
+
+	ppaoff, err := safeload(entrypoint - ppa1LocationOffset)
+	if err != 0 {
+		return -1
+	}
+
+	ppaoff >>= 32
+	return int64(ppaoff)
+}
+
+//-------------------------------
+// function descriptor pointer validity test
+// good pointer returns 0
+// bad pointer returns 1
+
+// TODO: currently mksyscall_zos_s390x.go generate empty string for funcName
+// have correct funcName pass to the funcptrtest function
+func funcptrtest(funcptr uintptr, funcName string) uint64 {
+	entrypoint, err := safeload(funcptr + entrypointLocationOffset)
+	if err != 0 {
+		return 1
+	}
+
+	ppaoff := getPpaOffset(funcptr)
+	if ppaoff == -1 {
+		return 1
+	}
+
+	// PPA1 offset value is from the start of the entire function block, not the entrypoint
+	ppa1 := (entrypoint - eyecatcherOffset) + uintptr(ppaoff)
+
+	nameLen, err := safeload(ppa1 + nameLenOffset)
+	if err != 0 {
+		return 1
+	}
+
+	nameLen >>= 48
+	if nameLen > 128 {
+		return 1
+	}
+
+	// no function name input to argument end here
+	if funcName == "" {
+		return 0
+	}
+
+	var funcname [128]byte
+	for i := 0; i < int(nameLen); i += 8 {
+		v, err := safeload(ppa1 + nameOffset + uintptr(i))
+		if err != 0 {
+			return 1
+		}
+		funcname[i] = byte(v >> 56)
+		funcname[i+1] = byte(v >> 48)
+		funcname[i+2] = byte(v >> 40)
+		funcname[i+3] = byte(v >> 32)
+		funcname[i+4] = byte(v >> 24)
+		funcname[i+5] = byte(v >> 16)
+		funcname[i+6] = byte(v >> 8)
+		funcname[i+7] = byte(v)
+	}
+
+	runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, // __e2a_l
+		[]uintptr{uintptr(unsafe.Pointer(&funcname[0])), nameLen})
+
+	name := string(funcname[:nameLen])
+	if name != funcName {
+		return 1
+	}
+
+	return 0
+}
+
+// For detection of capabilities on a system.
+// Is function descriptor f a valid function?
+func isValidLeFunc(f uintptr) error {
+	ret := funcptrtest(f, "")
+	if ret != 0 {
+		return fmt.Errorf("Bad pointer, not an LE function ")
+	}
+	return nil
+}
+
+// Retrieve function name from descriptor
+func getLeFuncName(f uintptr) (string, error) {
+	// assume it has been checked, only check ppa1 validity here
+	entry := ((*[2]uintptr)(unsafe.Pointer(f)))[1]
+	preamp := ((*[4]uint32)(unsafe.Pointer(entry - eyecatcherOffset)))
+
+	offsetPpa1 := preamp[2]
+	if offsetPpa1 > 0x0ffff {
+		return "", fmt.Errorf("PPA1 offset seems too big 0x%x\n", offsetPpa1)
+	}
+
+	ppa1 := uintptr(unsafe.Pointer(preamp)) + uintptr(offsetPpa1)
+	res := ptrtest(ppa1)
+	if res != 0 {
+		return "", fmt.Errorf("PPA1 address not valid")
+	}
+
+	size := *(*uint16)(unsafe.Pointer(ppa1 + nameLenOffset))
+	if size > 128 {
+		return "", fmt.Errorf("Function name seems too long, length=%d\n", size)
+	}
+
+	var name [128]byte
+	funcname := (*[128]byte)(unsafe.Pointer(ppa1 + nameOffset))
+	copy(name[0:size], funcname[0:size])
+
+	runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, // __e2a_l
+		[]uintptr{uintptr(unsafe.Pointer(&name[0])), uintptr(size)})
+
+	return string(name[:size]), nil
+}
+
+// Check z/OS version
+func zosLeVersion() (version, release uint32) {
+	p1 := (*(*uintptr)(unsafe.Pointer(uintptr(1208)))) >> 32
+	p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 88)))
+	p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 8)))
+	p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 984)))
+	vrm := *(*uint32)(unsafe.Pointer(p1 + 80))
+	version = (vrm & 0x00ff0000) >> 16
+	release = (vrm & 0x0000ff00) >> 8
+	return
+}
+
+// returns a zos C FILE * for stdio fd 0, 1, 2
+func ZosStdioFilep(fd int32) uintptr {
+	return uintptr(*(*uint64)(unsafe.Pointer(uintptr(*(*uint64)(unsafe.Pointer(uintptr(*(*uint64)(unsafe.Pointer(uintptr(uint64(*(*uint32)(unsafe.Pointer(uintptr(1208)))) + 80))) + uint64((fd+2)<<3))))))))
+}
 
 func copyStat(stat *Stat_t, statLE *Stat_LE_t) {
 	stat.Dev = uint64(statLE.Dev)
@@ -65,6 +263,21 @@ func (d *Dirent) NameString() string {
 	}
 }
 
+func DecodeData(dest []byte, sz int, val uint64) {
+	for i := 0; i < sz; i++ {
+		dest[sz-1-i] = byte((val >> (uint64(i * 8))) & 0xff)
+	}
+}
+
+func EncodeData(data []byte) uint64 {
+	var value uint64
+	sz := len(data)
+	for i := 0; i < sz; i++ {
+		value |= uint64(data[i]) << uint64(((sz - i - 1) * 8))
+	}
+	return value
+}
+
 func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if sa.Port < 0 || sa.Port > 0xFFFF {
 		return nil, 0, EINVAL
@@ -74,7 +287,9 @@ func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
 	p[0] = byte(sa.Port >> 8)
 	p[1] = byte(sa.Port)
-	sa.raw.Addr = sa.Addr
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
 	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
 }
 
@@ -88,7 +303,9 @@ func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	p[0] = byte(sa.Port >> 8)
 	p[1] = byte(sa.Port)
 	sa.raw.Scope_id = sa.ZoneId
-	sa.raw.Addr = sa.Addr
+	for i := 0; i < len(sa.Addr); i++ {
+		sa.raw.Addr[i] = sa.Addr[i]
+	}
 	return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
 }
 
@@ -146,7 +363,9 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		sa := new(SockaddrInet4)
 		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
 		sa.Port = int(p[0])<<8 + int(p[1])
-		sa.Addr = pp.Addr
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
 		return sa, nil
 
 	case AF_INET6:
@@ -155,7 +374,9 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
 		p := (*[2]byte)(unsafe.Pointer(&pp.Port))
 		sa.Port = int(p[0])<<8 + int(p[1])
 		sa.ZoneId = pp.Scope_id
-		sa.Addr = pp.Addr
+		for i := 0; i < len(sa.Addr); i++ {
+			sa.Addr[i] = pp.Addr[i]
+		}
 		return sa, nil
 	}
 	return nil, EAFNOSUPPORT
@@ -177,6 +398,43 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) {
 	return
 }
 
+func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) {
+	var rsa RawSockaddrAny
+	var len _Socklen = SizeofSockaddrAny
+	nfd, err = accept4(fd, &rsa, &len, flags)
+	if err != nil {
+		return
+	}
+	if len > SizeofSockaddrAny {
+		panic("RawSockaddrAny too small")
+	}
+	// TODO(neeilan): Remove 0 in call
+	sa, err = anyToSockaddr(0, &rsa)
+	if err != nil {
+		Close(nfd)
+		nfd = 0
+	}
+	return
+}
+
+func Ctermid() (tty string, err error) {
+	var termdev [1025]byte
+	runtime.EnterSyscall()
+	r0, err2, err1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___CTERMID_A<<4, uintptr(unsafe.Pointer(&termdev[0])))
+	runtime.ExitSyscall()
+	if r0 == 0 {
+		return "", fmt.Errorf("%s (errno2=0x%x)\n", err1.Error(), err2)
+	}
+	s := string(termdev[:])
+	idx := strings.Index(s, string(rune(0)))
+	if idx == -1 {
+		tty = s
+	} else {
+		tty = s[:idx]
+	}
+	return
+}
+
 func (iov *Iovec) SetLen(length int) {
 	iov.Len = uint64(length)
 }
@@ -190,10 +448,16 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 }
 
 //sys   fcntl(fd int, cmd int, arg int) (val int, err error)
+//sys   Flistxattr(fd int, dest []byte) (sz int, err error) = SYS___FLISTXATTR_A
+//sys   Fremovexattr(fd int, attr string) (err error) = SYS___FREMOVEXATTR_A
 //sys	read(fd int, p []byte) (n int, err error)
 //sys	write(fd int, p []byte) (n int, err error)
 
+//sys   Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) = SYS___FGETXATTR_A
+//sys   Fsetxattr(fd int, attr string, data []byte, flag int) (err error) = SYS___FSETXATTR_A
+
 //sys	accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) = SYS___ACCEPT_A
+//sys	accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) = SYS___ACCEPT4_A
 //sys	bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___BIND_A
 //sys	connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___CONNECT_A
 //sysnb	getgroups(n int, list *_Gid_t) (nn int, err error)
@@ -204,6 +468,7 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sysnb	socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
 //sysnb	getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETPEERNAME_A
 //sysnb	getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETSOCKNAME_A
+//sys   Removexattr(path string, attr string) (err error) = SYS___REMOVEXATTR_A
 //sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) = SYS___RECVFROM_A
 //sys	sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) = SYS___SENDTO_A
 //sys	recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = SYS___RECVMSG_A
@@ -212,6 +477,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sys   munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP
 //sys   ioctl(fd int, req int, arg uintptr) (err error) = SYS_IOCTL
 //sys   ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = SYS_IOCTL
+//sys	shmat(id int, addr uintptr, flag int) (ret uintptr, err error) = SYS_SHMAT
+//sys	shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) = SYS_SHMCTL64
+//sys	shmdt(addr uintptr) (err error) = SYS_SHMDT
+//sys	shmget(key int, size int, flag int) (id int, err error) = SYS_SHMGET
 
 //sys   Access(path string, mode uint32) (err error) = SYS___ACCESS_A
 //sys   Chdir(path string) (err error) = SYS___CHDIR_A
@@ -220,14 +489,31 @@ func (cmsg *Cmsghdr) SetLen(length int) {
 //sys   Creat(path string, mode uint32) (fd int, err error) = SYS___CREAT_A
 //sys	Dup(oldfd int) (fd int, err error)
 //sys	Dup2(oldfd int, newfd int) (err error)
+//sys	Dup3(oldfd int, newfd int, flags int) (err error) = SYS_DUP3
+//sys	Dirfd(dirp uintptr) (fd int, err error) = SYS_DIRFD
+//sys	EpollCreate(size int) (fd int, err error) = SYS_EPOLL_CREATE
+//sys	EpollCreate1(flags int) (fd int, err error) = SYS_EPOLL_CREATE1
+//sys	EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) = SYS_EPOLL_CTL
+//sys	EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) = SYS_EPOLL_PWAIT
+//sys	EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_WAIT
 //sys	Errno2() (er2 int) = SYS___ERRNO2
-//sys	Err2ad() (eadd *int) = SYS___ERR2AD
+//sys	Eventfd(initval uint, flags int) (fd int, err error) = SYS_EVENTFD
 //sys	Exit(code int)
+//sys	Faccessat(dirfd int, path string, mode uint32, flags int) (err error) = SYS___FACCESSAT_A
+
+func Faccessat2(dirfd int, path string, mode uint32, flags int) (err error) {
+	return Faccessat(dirfd, path, mode, flags)
+}
+
 //sys	Fchdir(fd int) (err error)
 //sys	Fchmod(fd int, mode uint32) (err error)
+//sys	Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) = SYS___FCHMODAT_A
 //sys	Fchown(fd int, uid int, gid int) (err error)
+//sys	Fchownat(fd int, path string, uid int, gid int, flags int) (err error) = SYS___FCHOWNAT_A
 //sys	FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) = SYS_FCNTL
+//sys	Fdatasync(fd int) (err error) = SYS_FDATASYNC
 //sys	fstat(fd int, stat *Stat_LE_t) (err error)
+//sys	fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) = SYS___FSTATAT_A
 
 func Fstat(fd int, stat *Stat_t) (err error) {
 	var statLE Stat_LE_t
@@ -236,28 +522,208 @@ func Fstat(fd int, stat *Stat_t) (err error) {
 	return
 }
 
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+	var statLE Stat_LE_t
+	err = fstatat(dirfd, path, &statLE, flags)
+	copyStat(stat, &statLE)
+	return
+}
+
+func impl_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(dest) > 0 {
+		_p2 = unsafe.Pointer(&dest[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)))
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_GetxattrAddr() *(func(path string, attr string, dest []byte) (sz int, err error))
+
+var Getxattr = enter_Getxattr
+
+func enter_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	funcref := get_GetxattrAddr()
+	if validGetxattr() {
+		*funcref = impl_Getxattr
+	} else {
+		*funcref = error_Getxattr
+	}
+	return (*funcref)(path, attr, dest)
+}
+
+func error_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+	return -1, ENOSYS
+}
+
+func validGetxattr() bool {
+	if funcptrtest(GetZosLibVec()+SYS___GETXATTR_A<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS___GETXATTR_A<<4); err == nil {
+			return name == "__getxattr_a"
+		}
+	}
+	return false
+}
+
+//sys   Lgetxattr(link string, attr string, dest []byte) (sz int, err error) = SYS___LGETXATTR_A
+//sys   Lsetxattr(path string, attr string, data []byte, flags int) (err error) = SYS___LSETXATTR_A
+
+func impl_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(data) > 0 {
+		_p2 = unsafe.Pointer(&data[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_SetxattrAddr() *(func(path string, attr string, data []byte, flags int) (err error))
+
+var Setxattr = enter_Setxattr
+
+func enter_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	funcref := get_SetxattrAddr()
+	if validSetxattr() {
+		*funcref = impl_Setxattr
+	} else {
+		*funcref = error_Setxattr
+	}
+	return (*funcref)(path, attr, data, flags)
+}
+
+func error_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	return ENOSYS
+}
+
+func validSetxattr() bool {
+	if funcptrtest(GetZosLibVec()+SYS___SETXATTR_A<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS___SETXATTR_A<<4); err == nil {
+			return name == "__setxattr_a"
+		}
+	}
+	return false
+}
+
+//sys	Fstatfs(fd int, buf *Statfs_t) (err error) = SYS_FSTATFS
 //sys	Fstatvfs(fd int, stat *Statvfs_t) (err error) = SYS_FSTATVFS
 //sys	Fsync(fd int) (err error)
+//sys	Futimes(fd int, tv []Timeval) (err error) = SYS_FUTIMES
+//sys	Futimesat(dirfd int, path string, tv []Timeval) (err error) = SYS___FUTIMESAT_A
 //sys	Ftruncate(fd int, length int64) (err error)
-//sys   Getpagesize() (pgsize int) = SYS_GETPAGESIZE
+//sys	Getrandom(buf []byte, flags int) (n int, err error) = SYS_GETRANDOM
+//sys	InotifyInit() (fd int, err error) = SYS_INOTIFY_INIT
+//sys	InotifyInit1(flags int) (fd int, err error) = SYS_INOTIFY_INIT1
+//sys	InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) = SYS___INOTIFY_ADD_WATCH_A
+//sys	InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) = SYS_INOTIFY_RM_WATCH
+//sys   Listxattr(path string, dest []byte) (sz int, err error) = SYS___LISTXATTR_A
+//sys   Llistxattr(path string, dest []byte) (sz int, err error) = SYS___LLISTXATTR_A
+//sys   Lremovexattr(path string, attr string) (err error) = SYS___LREMOVEXATTR_A
+//sys	Lutimes(path string, tv []Timeval) (err error) = SYS___LUTIMES_A
 //sys   Mprotect(b []byte, prot int) (err error) = SYS_MPROTECT
 //sys   Msync(b []byte, flags int) (err error) = SYS_MSYNC
+//sys   Console2(cmsg *ConsMsg2, modstr *byte, concmd *uint32) (err error) = SYS___CONSOLE2
+
+// Pipe2 begin
+
+//go:nosplit
+func getPipe2Addr() *(func([]int, int) error)
+
+var Pipe2 = pipe2Enter
+
+func pipe2Enter(p []int, flags int) (err error) {
+	if funcptrtest(GetZosLibVec()+SYS_PIPE2<<4, "") == 0 {
+		*getPipe2Addr() = pipe2Impl
+	} else {
+		*getPipe2Addr() = pipe2Error
+	}
+	return (*getPipe2Addr())(p, flags)
+}
+
+func pipe2Impl(p []int, flags int) (err error) {
+	var pp [2]_C_int
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PIPE2<<4, uintptr(unsafe.Pointer(&pp[0])), uintptr(flags))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	} else {
+		p[0] = int(pp[0])
+		p[1] = int(pp[1])
+	}
+	return
+}
+func pipe2Error(p []int, flags int) (err error) {
+	return fmt.Errorf("Pipe2 is not available on this system")
+}
+
+// Pipe2 end
+
 //sys   Poll(fds []PollFd, timeout int) (n int, err error) = SYS_POLL
+
+func Readdir(dir uintptr) (dirent *Dirent, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READDIR_A<<4, uintptr(dir))
+	runtime.ExitSyscall()
+	dirent = (*Dirent)(unsafe.Pointer(r0))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//sys	Readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) = SYS___READDIR_R_A
+//sys	Statfs(path string, buf *Statfs_t) (err error) = SYS___STATFS_A
+//sys	Syncfs(fd int) (err error) = SYS_SYNCFS
 //sys   Times(tms *Tms) (ticks uintptr, err error) = SYS_TIMES
 //sys   W_Getmntent(buff *byte, size int) (lastsys int, err error) = SYS_W_GETMNTENT
 //sys   W_Getmntent_A(buff *byte, size int) (lastsys int, err error) = SYS___W_GETMNTENT_A
 
 //sys   mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) = SYS___MOUNT_A
-//sys   unmount(filesystem string, mtm int) (err error) = SYS___UMOUNT_A
+//sys   unmount_LE(filesystem string, mtm int) (err error) = SYS___UMOUNT_A
 //sys   Chroot(path string) (err error) = SYS___CHROOT_A
 //sys   Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) = SYS_SELECT
-//sysnb Uname(buf *Utsname) (err error) = SYS___UNAME_A
+//sysnb Uname(buf *Utsname) (err error) = SYS_____OSNAME_A
+//sys   Unshare(flags int) (err error) = SYS_UNSHARE
 
 func Ptsname(fd int) (name string, err error) {
-	r0, _, e1 := syscall_syscall(SYS___PTSNAME_A, uintptr(fd), 0, 0)
-	name = u2s(unsafe.Pointer(r0))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___PTSNAME_A<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if r0 == 0 {
+		err = errnoErr2(e1, e2)
+	} else {
+		name = u2s(unsafe.Pointer(r0))
 	}
 	return
 }
@@ -272,13 +738,19 @@ func u2s(cstr unsafe.Pointer) string {
 }
 
 func Close(fd int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSE<<4, uintptr(fd))
+	runtime.ExitSyscall()
 	for i := 0; e1 == EAGAIN && i < 10; i++ {
-		_, _, _ = syscall_syscall(SYS_USLEEP, uintptr(10), 0, 0)
-		_, _, e1 = syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+		runtime.EnterSyscall()
+		CallLeFuncWithErr(GetZosLibVec()+SYS_USLEEP<<4, uintptr(10))
+		runtime.ExitSyscall()
+		runtime.EnterSyscall()
+		r0, e2, e1 = CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSE<<4, uintptr(fd))
+		runtime.ExitSyscall()
 	}
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -288,9 +760,24 @@ func Madvise(b []byte, advice int) (err error) {
 	return
 }
 
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+	return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+	return mapper.Munmap(b)
+}
+
+func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) {
+	xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset)
+	return unsafe.Pointer(xaddr), err
+}
+
+func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) {
+	return mapper.munmap(uintptr(addr), length)
+}
+
 //sys   Gethostname(buf []byte) (err error) = SYS___GETHOSTNAME_A
-//sysnb	Getegid() (egid int)
-//sysnb	Geteuid() (uid int)
 //sysnb	Getgid() (gid int)
 //sysnb	Getpid() (pid int)
 //sysnb	Getpgid(pid int) (pgid int, err error) = SYS_GETPGID
@@ -317,11 +804,14 @@ func Getrusage(who int, rusage *Rusage) (err error) {
 	return
 }
 
+//sys	Getegid() (egid int) = SYS_GETEGID
+//sys	Geteuid() (euid int) = SYS_GETEUID
 //sysnb Getsid(pid int) (sid int, err error) = SYS_GETSID
 //sysnb	Getuid() (uid int)
 //sysnb	Kill(pid int, sig Signal) (err error)
 //sys	Lchown(path string, uid int, gid int) (err error) = SYS___LCHOWN_A
 //sys	Link(path string, link string) (err error) = SYS___LINK_A
+//sys	Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) = SYS___LINKAT_A
 //sys	Listen(s int, n int) (err error)
 //sys	lstat(path string, stat *Stat_LE_t) (err error) = SYS___LSTAT_A
 
@@ -332,15 +822,150 @@ func Lstat(path string, stat *Stat_t) (err error) {
 	return
 }
 
+// for checking symlinks begins with $VERSION/ $SYSNAME/ $SYSSYMR/ $SYSSYMA/
+func isSpecialPath(path []byte) (v bool) {
+	var special = [4][8]byte{
+		{'V', 'E', 'R', 'S', 'I', 'O', 'N', '/'},
+		{'S', 'Y', 'S', 'N', 'A', 'M', 'E', '/'},
+		{'S', 'Y', 'S', 'S', 'Y', 'M', 'R', '/'},
+		{'S', 'Y', 'S', 'S', 'Y', 'M', 'A', '/'}}
+
+	var i, j int
+	for i = 0; i < len(special); i++ {
+		for j = 0; j < len(special[i]); j++ {
+			if path[j] != special[i][j] {
+				break
+			}
+		}
+		if j == len(special[i]) {
+			return true
+		}
+	}
+	return false
+}
+
+func realpath(srcpath string, abspath []byte) (pathlen int, errno int) {
+	var source [1024]byte
+	copy(source[:], srcpath)
+	source[len(srcpath)] = 0
+	ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___REALPATH_A<<4, //__realpath_a()
+		[]uintptr{uintptr(unsafe.Pointer(&source[0])),
+			uintptr(unsafe.Pointer(&abspath[0]))})
+	if ret != 0 {
+		index := bytes.IndexByte(abspath[:], byte(0))
+		if index != -1 {
+			return index, 0
+		}
+	} else {
+		errptr := (*int)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, []uintptr{}))) //__errno()
+		return 0, *errptr
+	}
+	return 0, 245 // EBADDATA   245
+}
+
+func Readlink(path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	n = int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___READLINK_A<<4,
+		[]uintptr{uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))}))
+	runtime.KeepAlive(unsafe.Pointer(_p0))
+	if n == -1 {
+		value := *(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, []uintptr{})))
+		err = errnoErr(Errno(value))
+	} else {
+		if buf[0] == '$' {
+			if isSpecialPath(buf[1:9]) {
+				cnt, err1 := realpath(path, buf)
+				if err1 == 0 {
+					n = cnt
+				}
+			}
+		}
+	}
+	return
+}
+
+func impl_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(buf) > 0 {
+		_p1 = unsafe.Pointer(&buf[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READLINKAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+		return n, err
+	} else {
+		if buf[0] == '$' {
+			if isSpecialPath(buf[1:9]) {
+				cnt, err1 := realpath(path, buf)
+				if err1 == 0 {
+					n = cnt
+				}
+			}
+		}
+	}
+	return
+}
+
+//go:nosplit
+func get_ReadlinkatAddr() *(func(dirfd int, path string, buf []byte) (n int, err error))
+
+var Readlinkat = enter_Readlinkat
+
+func enter_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	funcref := get_ReadlinkatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___READLINKAT_A<<4, "") == 0 {
+		*funcref = impl_Readlinkat
+	} else {
+		*funcref = error_Readlinkat
+	}
+	return (*funcref)(dirfd, path, buf)
+}
+
+func error_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+	n = -1
+	err = ENOSYS
+	return
+}
+
 //sys	Mkdir(path string, mode uint32) (err error) = SYS___MKDIR_A
+//sys	Mkdirat(dirfd int, path string, mode uint32) (err error) = SYS___MKDIRAT_A
 //sys   Mkfifo(path string, mode uint32) (err error) = SYS___MKFIFO_A
 //sys	Mknod(path string, mode uint32, dev int) (err error) = SYS___MKNOD_A
+//sys	Mknodat(dirfd int, path string, mode uint32, dev int) (err error) = SYS___MKNODAT_A
+//sys	PivotRoot(newroot string, oldroot string) (err error) = SYS___PIVOT_ROOT_A
 //sys	Pread(fd int, p []byte, offset int64) (n int, err error)
 //sys	Pwrite(fd int, p []byte, offset int64) (n int, err error)
-//sys	Readlink(path string, buf []byte) (n int, err error) = SYS___READLINK_A
+//sys	Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) = SYS___PRCTL_A
+//sysnb	Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT
 //sys	Rename(from string, to string) (err error) = SYS___RENAME_A
+//sys	Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) = SYS___RENAMEAT_A
+//sys	Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) = SYS___RENAMEAT2_A
 //sys	Rmdir(path string) (err error) = SYS___RMDIR_A
 //sys   Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+//sys	Setegid(egid int) (err error) = SYS_SETEGID
+//sys	Seteuid(euid int) (err error) = SYS_SETEUID
+//sys	Sethostname(p []byte) (err error) = SYS___SETHOSTNAME_A
+//sys   Setns(fd int, nstype int) (err error) = SYS_SETNS
 //sys	Setpriority(which int, who int, prio int) (err error)
 //sysnb	Setpgid(pid int, pgid int) (err error) = SYS_SETPGID
 //sysnb	Setrlimit(resource int, lim *Rlimit) (err error)
@@ -360,32 +985,57 @@ func Stat(path string, sta *Stat_t) (err error) {
 }
 
 //sys	Symlink(path string, link string) (err error) = SYS___SYMLINK_A
+//sys	Symlinkat(oldPath string, dirfd int, newPath string) (err error) = SYS___SYMLINKAT_A
 //sys	Sync() = SYS_SYNC
 //sys	Truncate(path string, length int64) (err error) = SYS___TRUNCATE_A
 //sys	Tcgetattr(fildes int, termptr *Termios) (err error) = SYS_TCGETATTR
 //sys	Tcsetattr(fildes int, when int, termptr *Termios) (err error) = SYS_TCSETATTR
 //sys	Umask(mask int) (oldmask int)
 //sys	Unlink(path string) (err error) = SYS___UNLINK_A
+//sys	Unlinkat(dirfd int, path string, flags int) (err error) = SYS___UNLINKAT_A
 //sys	Utime(path string, utim *Utimbuf) (err error) = SYS___UTIME_A
 
 //sys	open(path string, mode int, perm uint32) (fd int, err error) = SYS___OPEN_A
 
 func Open(path string, mode int, perm uint32) (fd int, err error) {
+	if mode&O_ACCMODE == 0 {
+		mode |= O_RDONLY
+	}
 	return open(path, mode, perm)
 }
 
-func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
-	wd, err := Getwd()
-	if err != nil {
-		return err
-	}
+//sys	openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) = SYS___OPENAT_A
 
-	if err := Fchdir(dirfd); err != nil {
-		return err
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	if flags&O_ACCMODE == 0 {
+		flags |= O_RDONLY
 	}
-	defer Chdir(wd)
+	return openat(dirfd, path, flags, mode)
+}
 
-	return Mkfifo(path, mode)
+//sys	openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) = SYS___OPENAT2_A
+
+func Openat2(dirfd int, path string, how *OpenHow) (fd int, err error) {
+	if how.Flags&O_ACCMODE == 0 {
+		how.Flags |= O_RDONLY
+	}
+	return openat2(dirfd, path, how, SizeofOpenHow)
+}
+
+func ZosFdToPath(dirfd int) (path string, err error) {
+	var buffer [1024]byte
+	runtime.EnterSyscall()
+	ret, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_W_IOCTL<<4, uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0])))
+	runtime.ExitSyscall()
+	if ret == 0 {
+		zb := bytes.IndexByte(buffer[:], 0)
+		if zb == -1 {
+			zb = len(buffer)
+		}
+		CallLeFuncWithErr(GetZosLibVec()+SYS___E2A_L<<4, uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb))
+		return string(buffer[:zb]), nil
+	}
+	return "", errnoErr2(e1, e2)
 }
 
 //sys	remove(path string) (err error)
@@ -403,10 +1053,12 @@ func Getcwd(buf []byte) (n int, err error) {
 	} else {
 		p = unsafe.Pointer(&_zero)
 	}
-	_, _, e := syscall_syscall(SYS___GETCWD_A, uintptr(p), uintptr(len(buf)), 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___GETCWD_A<<4, uintptr(p), uintptr(len(buf)))
+	runtime.ExitSyscall()
 	n = clen(buf) + 1
-	if e != 0 {
-		err = errnoErr(e)
+	if r0 == 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -520,9 +1172,41 @@ func (w WaitStatus) StopSignal() Signal {
 
 func (w WaitStatus) TrapCause() int { return -1 }
 
+//sys	waitid(idType int, id int, info *Siginfo, options int) (err error)
+
+func Waitid(idType int, id int, info *Siginfo, options int, rusage *Rusage) (err error) {
+	return waitid(idType, id, info, options)
+}
+
 //sys	waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error)
 
-func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+func impl_Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAIT4<<4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)))
+	runtime.ExitSyscall()
+	wpid = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_Wait4Addr() *(func(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error))
+
+var Wait4 = enter_Wait4
+
+func enter_Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+	funcref := get_Wait4Addr()
+	if funcptrtest(GetZosLibVec()+SYS_WAIT4<<4, "") == 0 {
+		*funcref = impl_Wait4
+	} else {
+		*funcref = legacyWait4
+	}
+	return (*funcref)(pid, wstatus, options, rusage)
+}
+
+func legacyWait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
 	// TODO(mundaym): z/OS doesn't have wait4. I don't think getrusage does what we want.
 	// At the moment rusage will not be touched.
 	var status _C_int
@@ -571,23 +1255,62 @@ func Pipe(p []int) (err error) {
 	}
 	var pp [2]_C_int
 	err = pipe(&pp)
-	if err == nil {
-		p[0] = int(pp[0])
-		p[1] = int(pp[1])
-	}
+	p[0] = int(pp[0])
+	p[1] = int(pp[1])
 	return
 }
 
 //sys	utimes(path string, timeval *[2]Timeval) (err error) = SYS___UTIMES_A
 
 func Utimes(path string, tv []Timeval) (err error) {
+	if tv == nil {
+		return utimes(path, nil)
+	}
 	if len(tv) != 2 {
 		return EINVAL
 	}
 	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
 }
 
-func UtimesNano(path string, ts []Timespec) error {
+//sys	utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) = SYS___UTIMENSAT_A
+
+func validUtimensat() bool {
+	if funcptrtest(GetZosLibVec()+SYS___UTIMENSAT_A<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS___UTIMENSAT_A<<4); err == nil {
+			return name == "__utimensat_a"
+		}
+	}
+	return false
+}
+
+// Begin UtimesNano
+
+//go:nosplit
+func get_UtimesNanoAddr() *(func(path string, ts []Timespec) (err error))
+
+var UtimesNano = enter_UtimesNano
+
+func enter_UtimesNano(path string, ts []Timespec) (err error) {
+	funcref := get_UtimesNanoAddr()
+	if validUtimensat() {
+		*funcref = utimesNanoImpl
+	} else {
+		*funcref = legacyUtimesNano
+	}
+	return (*funcref)(path, ts)
+}
+
+func utimesNanoImpl(path string, ts []Timespec) (err error) {
+	if ts == nil {
+		return utimensat(AT_FDCWD, path, nil, 0)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func legacyUtimesNano(path string, ts []Timespec) (err error) {
 	if len(ts) != 2 {
 		return EINVAL
 	}
@@ -600,6 +1323,70 @@ func UtimesNano(path string, ts []Timespec) error {
 	return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
 }
 
+// End UtimesNano
+
+// Begin UtimesNanoAt
+
+//go:nosplit
+func get_UtimesNanoAtAddr() *(func(dirfd int, path string, ts []Timespec, flags int) (err error))
+
+var UtimesNanoAt = enter_UtimesNanoAt
+
+func enter_UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) (err error) {
+	funcref := get_UtimesNanoAtAddr()
+	if validUtimensat() {
+		*funcref = utimesNanoAtImpl
+	} else {
+		*funcref = legacyUtimesNanoAt
+	}
+	return (*funcref)(dirfd, path, ts, flags)
+}
+
+func utimesNanoAtImpl(dirfd int, path string, ts []Timespec, flags int) (err error) {
+	if ts == nil {
+		return utimensat(dirfd, path, nil, flags)
+	}
+	if len(ts) != 2 {
+		return EINVAL
+	}
+	return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags)
+}
+
+func legacyUtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) (err error) {
+	if path[0] != '/' {
+		dirPath, err := ZosFdToPath(dirfd)
+		if err != nil {
+			return err
+		}
+		path = dirPath + "/" + path
+	}
+	if flags == AT_SYMLINK_NOFOLLOW {
+		if len(ts) != 2 {
+			return EINVAL
+		}
+
+		if ts[0].Nsec >= 5e8 {
+			ts[0].Sec++
+		}
+		ts[0].Nsec = 0
+		if ts[1].Nsec >= 5e8 {
+			ts[1].Sec++
+		}
+		ts[1].Nsec = 0
+
+		// Not as efficient as it could be because Timespec and
+		// Timeval have different types in the different OSes
+		tv := []Timeval{
+			NsecToTimeval(TimespecToNsec(ts[0])),
+			NsecToTimeval(TimespecToNsec(ts[1])),
+		}
+		return Lutimes(path, tv)
+	}
+	return UtimesNano(path, ts)
+}
+
+// End UtimesNanoAt
+
 func Getsockname(fd int) (sa Sockaddr, err error) {
 	var rsa RawSockaddrAny
 	var len _Socklen = SizeofSockaddrAny
@@ -1191,10 +1978,13 @@ func Opendir(name string) (uintptr, error) {
 	if err != nil {
 		return 0, err
 	}
-	dir, _, e := syscall_syscall(SYS___OPENDIR_A, uintptr(unsafe.Pointer(p)), 0, 0)
+	err = nil
+	runtime.EnterSyscall()
+	dir, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___OPENDIR_A<<4, uintptr(unsafe.Pointer(p)))
+	runtime.ExitSyscall()
 	runtime.KeepAlive(unsafe.Pointer(p))
-	if e != 0 {
-		err = errnoErr(e)
+	if dir == 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return dir, err
 }
@@ -1202,51 +1992,27 @@ func Opendir(name string) (uintptr, error) {
 // clearsyscall.Errno resets the errno value to 0.
 func clearErrno()
 
-func Readdir(dir uintptr) (*Dirent, error) {
-	var ent Dirent
-	var res uintptr
-	// __readdir_r_a returns errno at the end of the directory stream, rather than 0.
-	// Therefore to avoid false positives we clear errno before calling it.
-
-	// TODO(neeilan): Commented this out to get sys/unix compiling on z/OS. Uncomment and fix. Error: "undefined: clearsyscall"
-	//clearsyscall.Errno() // TODO(mundaym): check pre-emption rules.
-
-	e, _, _ := syscall_syscall(SYS___READDIR_R_A, dir, uintptr(unsafe.Pointer(&ent)), uintptr(unsafe.Pointer(&res)))
-	var err error
-	if e != 0 {
-		err = errnoErr(Errno(e))
-	}
-	if res == 0 {
-		return nil, err
-	}
-	return &ent, err
-}
-
-func readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) {
-	r0, _, e1 := syscall_syscall(SYS___READDIR_R_A, dirp, uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
-	if int64(r0) == -1 {
-		err = errnoErr(Errno(e1))
-	}
-	return
-}
-
 func Closedir(dir uintptr) error {
-	_, _, e := syscall_syscall(SYS_CLOSEDIR, dir, 0, 0)
-	if e != 0 {
-		return errnoErr(e)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSEDIR<<4, dir)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		return errnoErr2(e1, e2)
 	}
 	return nil
 }
 
 func Seekdir(dir uintptr, pos int) {
-	_, _, _ = syscall_syscall(SYS_SEEKDIR, dir, uintptr(pos), 0)
+	runtime.EnterSyscall()
+	CallLeFuncWithErr(GetZosLibVec()+SYS_SEEKDIR<<4, dir, uintptr(pos))
+	runtime.ExitSyscall()
 }
 
 func Telldir(dir uintptr) (int, error) {
-	p, _, e := syscall_syscall(SYS_TELLDIR, dir, 0, 0)
+	p, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TELLDIR<<4, dir)
 	pos := int(p)
-	if pos == -1 {
-		return pos, errnoErr(e)
+	if int64(p) == -1 {
+		return pos, errnoErr2(e1, e2)
 	}
 	return pos, nil
 }
@@ -1261,19 +2027,55 @@ func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
 	*(*int64)(unsafe.Pointer(&flock[4])) = lk.Start
 	*(*int64)(unsafe.Pointer(&flock[12])) = lk.Len
 	*(*int32)(unsafe.Pointer(&flock[20])) = lk.Pid
-	_, _, errno := syscall_syscall(SYS_FCNTL, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock)))
+	runtime.ExitSyscall()
 	lk.Type = *(*int16)(unsafe.Pointer(&flock[0]))
 	lk.Whence = *(*int16)(unsafe.Pointer(&flock[2]))
 	lk.Start = *(*int64)(unsafe.Pointer(&flock[4]))
 	lk.Len = *(*int64)(unsafe.Pointer(&flock[12]))
 	lk.Pid = *(*int32)(unsafe.Pointer(&flock[20]))
-	if errno == 0 {
+	if r0 == 0 {
 		return nil
 	}
-	return errno
+	return errnoErr2(e1, e2)
 }
 
-func Flock(fd int, how int) error {
+func impl_Flock(fd int, how int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FLOCK<<4, uintptr(fd), uintptr(how))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FlockAddr() *(func(fd int, how int) (err error))
+
+var Flock = enter_Flock
+
+func validFlock(fp uintptr) bool {
+	if funcptrtest(GetZosLibVec()+SYS_FLOCK<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS_FLOCK<<4); err == nil {
+			return name == "flock"
+		}
+	}
+	return false
+}
+
+func enter_Flock(fd int, how int) (err error) {
+	funcref := get_FlockAddr()
+	if validFlock(GetZosLibVec() + SYS_FLOCK<<4) {
+		*funcref = impl_Flock
+	} else {
+		*funcref = legacyFlock
+	}
+	return (*funcref)(fd, how)
+}
+
+func legacyFlock(fd int, how int) error {
 
 	var flock_type int16
 	var fcntl_cmd int
@@ -1307,41 +2109,51 @@ func Flock(fd int, how int) error {
 }
 
 func Mlock(b []byte) (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 func Mlock2(b []byte, flags int) (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 func Mlockall(flags int) (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 func Munlock(b []byte) (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_SWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 func Munlockall() (err error) {
-	_, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_SWAP)
+	runtime.ExitSyscall()
+	if r0 != 0 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1372,15 +2184,104 @@ func ClockGettime(clockid int32, ts *Timespec) error {
 	return nil
 }
 
-func Statfs(path string, stat *Statfs_t) (err error) {
-	fd, err := open(path, O_RDONLY, 0)
-	defer Close(fd)
-	if err != nil {
-		return err
+// Chtag
+
+//go:nosplit
+func get_ChtagAddr() *(func(path string, ccsid uint64, textbit uint64) error)
+
+var Chtag = enter_Chtag
+
+func enter_Chtag(path string, ccsid uint64, textbit uint64) error {
+	funcref := get_ChtagAddr()
+	if validSetxattr() {
+		*funcref = impl_Chtag
+	} else {
+		*funcref = legacy_Chtag
 	}
-	return Fstatfs(fd, stat)
+	return (*funcref)(path, ccsid, textbit)
 }
 
+func legacy_Chtag(path string, ccsid uint64, textbit uint64) error {
+	tag := ccsid<<16 | textbit<<15
+	var tag_buff [8]byte
+	DecodeData(tag_buff[:], 8, tag)
+	return Setxattr(path, "filetag", tag_buff[:], XATTR_REPLACE)
+}
+
+func impl_Chtag(path string, ccsid uint64, textbit uint64) error {
+	tag := ccsid<<16 | textbit<<15
+	var tag_buff [4]byte
+	DecodeData(tag_buff[:], 4, tag)
+	return Setxattr(path, "system.filetag", tag_buff[:], XATTR_REPLACE)
+}
+
+// End of Chtag
+
+// Nanosleep
+
+//go:nosplit
+func get_NanosleepAddr() *(func(time *Timespec, leftover *Timespec) error)
+
+var Nanosleep = enter_Nanosleep
+
+func enter_Nanosleep(time *Timespec, leftover *Timespec) error {
+	funcref := get_NanosleepAddr()
+	if funcptrtest(GetZosLibVec()+SYS_NANOSLEEP<<4, "") == 0 {
+		*funcref = impl_Nanosleep
+	} else {
+		*funcref = legacyNanosleep
+	}
+	return (*funcref)(time, leftover)
+}
+
+func impl_Nanosleep(time *Timespec, leftover *Timespec) error {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_NANOSLEEP<<4, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		return errnoErr2(e1, e2)
+	}
+	return nil
+}
+
+func legacyNanosleep(time *Timespec, leftover *Timespec) error {
+	t0 := runtime.Nanotime1()
+	var secrem uint32
+	var nsecrem uint32
+	total := time.Sec*1000000000 + time.Nsec
+	elapsed := runtime.Nanotime1() - t0
+	var rv int32
+	var rc int32
+	var err error
+	// repeatedly sleep for 1 second until less than 1 second left
+	for total-elapsed > 1000000000 {
+		rv, rc, _ = BpxCondTimedWait(uint32(1), uint32(0), uint32(CW_CONDVAR), &secrem, &nsecrem)
+		if rv != 0 && rc != 112 { // 112 is EAGAIN
+			if leftover != nil && rc == 120 { // 120 is EINTR
+				leftover.Sec = int64(secrem)
+				leftover.Nsec = int64(nsecrem)
+			}
+			err = Errno(rc)
+			return err
+		}
+		elapsed = runtime.Nanotime1() - t0
+	}
+	// sleep the remainder
+	if total > elapsed {
+		rv, rc, _ = BpxCondTimedWait(uint32(0), uint32(total-elapsed), uint32(CW_CONDVAR), &secrem, &nsecrem)
+	}
+	if leftover != nil && rc == 120 {
+		leftover.Sec = int64(secrem)
+		leftover.Nsec = int64(nsecrem)
+	}
+	if rv != 0 && rc != 112 {
+		err = Errno(rc)
+	}
+	return err
+}
+
+// End of Nanosleep
+
 var (
 	Stdin  = 0
 	Stdout = 1
@@ -1395,6 +2296,9 @@ var (
 	errENOENT error = syscall.ENOENT
 )
 
+var ZosTraceLevel int
+var ZosTracefile *os.File
+
 var (
 	signalNameMapOnce sync.Once
 	signalNameMap     map[string]syscall.Signal
@@ -1416,6 +2320,56 @@ func errnoErr(e Errno) error {
 	return e
 }
 
+var reg *regexp.Regexp
+
+// enhanced with zos specific errno2
+func errnoErr2(e Errno, e2 uintptr) error {
+	switch e {
+	case 0:
+		return nil
+	case EAGAIN:
+		return errEAGAIN
+		/*
+			Allow the retrieval of errno2 for EINVAL and ENOENT on zos
+				case EINVAL:
+					return errEINVAL
+				case ENOENT:
+					return errENOENT
+		*/
+	}
+	if ZosTraceLevel > 0 {
+		var name string
+		if reg == nil {
+			reg = regexp.MustCompile("(^unix\\.[^/]+$|.*\\/unix\\.[^/]+$)")
+		}
+		i := 1
+		pc, file, line, ok := runtime.Caller(i)
+		if ok {
+			name = runtime.FuncForPC(pc).Name()
+		}
+		for ok && reg.MatchString(runtime.FuncForPC(pc).Name()) {
+			i += 1
+			pc, file, line, ok = runtime.Caller(i)
+		}
+		if ok {
+			if ZosTracefile == nil {
+				ZosConsolePrintf("From %s:%d\n", file, line)
+				ZosConsolePrintf("%s: %s (errno2=0x%x)\n", name, e.Error(), e2)
+			} else {
+				fmt.Fprintf(ZosTracefile, "From %s:%d\n", file, line)
+				fmt.Fprintf(ZosTracefile, "%s: %s (errno2=0x%x)\n", name, e.Error(), e2)
+			}
+		} else {
+			if ZosTracefile == nil {
+				ZosConsolePrintf("%s (errno2=0x%x)\n", e.Error(), e2)
+			} else {
+				fmt.Fprintf(ZosTracefile, "%s (errno2=0x%x)\n", e.Error(), e2)
+			}
+		}
+	}
+	return e
+}
+
 // ErrnoName returns the error name for error number e.
 func ErrnoName(e Errno) string {
 	i := sort.Search(len(errorList), func(i int) bool {
@@ -1474,6 +2428,9 @@ func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (d
 		return nil, EINVAL
 	}
 
+	// Set __MAP_64 by default
+	flags |= __MAP_64
+
 	// Map the requested memory.
 	addr, errno := m.mmap(0, uintptr(length), prot, flags, fd, offset)
 	if errno != nil {
@@ -1778,83 +2735,170 @@ func Exec(argv0 string, argv []string, envv []string) error {
 	return syscall.Exec(argv0, argv, envv)
 }
 
-func Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
-	if needspace := 8 - len(fstype); needspace <= 0 {
-		fstype = fstype[:8]
+func Getag(path string) (ccsid uint16, flag uint16, err error) {
+	var val [8]byte
+	sz, err := Getxattr(path, "ccsid", val[:])
+	if err != nil {
+		return
+	}
+	ccsid = uint16(EncodeData(val[0:sz]))
+	sz, err = Getxattr(path, "flags", val[:])
+	if err != nil {
+		return
+	}
+	flag = uint16(EncodeData(val[0:sz]) >> 15)
+	return
+}
+
+// Mount begin
+func impl_Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(source)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	var _p2 *byte
+	_p2, err = BytePtrFromString(fstype)
+	if err != nil {
+		return
+	}
+	var _p3 *byte
+	_p3, err = BytePtrFromString(data)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MOUNT1_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(_p3)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_MountAddr() *(func(source string, target string, fstype string, flags uintptr, data string) (err error))
+
+var Mount = enter_Mount
+
+func enter_Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+	funcref := get_MountAddr()
+	if validMount() {
+		*funcref = impl_Mount
 	} else {
-		fstype += "        "[:needspace]
+		*funcref = legacyMount
+	}
+	return (*funcref)(source, target, fstype, flags, data)
+}
+
+func legacyMount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+	if needspace := 8 - len(fstype); needspace <= 0 {
+		fstype = fstype[0:8]
+	} else {
+		fstype += "        "[0:needspace]
 	}
 	return mount_LE(target, source, fstype, uint32(flags), int32(len(data)), data)
 }
 
-func Unmount(name string, mtm int) (err error) {
+func validMount() bool {
+	if funcptrtest(GetZosLibVec()+SYS___MOUNT1_A<<4, "") == 0 {
+		if name, err := getLeFuncName(GetZosLibVec() + SYS___MOUNT1_A<<4); err == nil {
+			return name == "__mount1_a"
+		}
+	}
+	return false
+}
+
+// Mount end
+
+// Unmount begin
+func impl_Unmount(target string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(target)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UMOUNT2_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_UnmountAddr() *(func(target string, flags int) (err error))
+
+var Unmount = enter_Unmount
+
+func enter_Unmount(target string, flags int) (err error) {
+	funcref := get_UnmountAddr()
+	if funcptrtest(GetZosLibVec()+SYS___UMOUNT2_A<<4, "") == 0 {
+		*funcref = impl_Unmount
+	} else {
+		*funcref = legacyUnmount
+	}
+	return (*funcref)(target, flags)
+}
+
+func legacyUnmount(name string, mtm int) (err error) {
 	// mountpoint is always a full path and starts with a '/'
 	// check if input string is not a mountpoint but a filesystem name
 	if name[0] != '/' {
-		return unmount(name, mtm)
+		return unmount_LE(name, mtm)
 	}
 	// treat name as mountpoint
 	b2s := func(arr []byte) string {
-		nulli := bytes.IndexByte(arr, 0)
-		if nulli == -1 {
-			return string(arr)
-		} else {
-			return string(arr[:nulli])
+		var str string
+		for i := 0; i < len(arr); i++ {
+			if arr[i] == 0 {
+				str = string(arr[:i])
+				break
+			}
 		}
+		return str
 	}
 	var buffer struct {
 		header W_Mnth
 		fsinfo [64]W_Mntent
 	}
-	fsCount, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer)))
-	if err != nil {
-		return err
-	}
-	if fsCount == 0 {
-		return EINVAL
-	}
-	for i := 0; i < fsCount; i++ {
-		if b2s(buffer.fsinfo[i].Mountpoint[:]) == name {
-			err = unmount(b2s(buffer.fsinfo[i].Fsname[:]), mtm)
-			break
+	fs_count, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer)))
+	if err == nil {
+		err = EINVAL
+		for i := 0; i < fs_count; i++ {
+			if b2s(buffer.fsinfo[i].Mountpoint[:]) == name {
+				err = unmount_LE(b2s(buffer.fsinfo[i].Fsname[:]), mtm)
+				break
+			}
 		}
+	} else if fs_count == 0 {
+		err = EINVAL
 	}
 	return err
 }
 
-func fdToPath(dirfd int) (path string, err error) {
-	var buffer [1024]byte
-	// w_ctrl()
-	ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4,
-		[]uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))})
-	if ret == 0 {
-		zb := bytes.IndexByte(buffer[:], 0)
-		if zb == -1 {
-			zb = len(buffer)
-		}
-		// __e2a_l()
-		runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4,
-			[]uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)})
-		return string(buffer[:zb]), nil
-	}
-	// __errno()
-	errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4,
-		[]uintptr{}))))
-	// __errno2()
-	errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4,
-		[]uintptr{}))
-	// strerror_r()
-	ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4,
-		[]uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024})
-	if ret == 0 {
-		zb := bytes.IndexByte(buffer[:], 0)
-		if zb == -1 {
-			zb = len(buffer)
-		}
-		return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2)
-	} else {
-		return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2)
+// Unmount end
+
+func direntIno(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+	reclen, ok := direntReclen(buf)
+	if !ok {
+		return 0, false
 	}
+	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
 }
 
 func direntLeToDirentUnix(dirent *direntLE, dir uintptr, path string) (Dirent, error) {
@@ -1896,7 +2940,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	}
 
 	// Get path from fd to avoid unavailable call (fdopendir)
-	path, err := fdToPath(fd)
+	path, err := ZosFdToPath(fd)
 	if err != nil {
 		return 0, err
 	}
@@ -1910,7 +2954,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	for {
 		var entryLE direntLE
 		var entrypLE *direntLE
-		e := readdir_r(d, &entryLE, &entrypLE)
+		e := Readdir_r(d, &entryLE, &entrypLE)
 		if e != nil {
 			return n, e
 		}
@@ -1956,23 +3000,214 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
 	return n, nil
 }
 
-func ReadDirent(fd int, buf []byte) (n int, err error) {
-	var base = (*uintptr)(unsafe.Pointer(new(uint64)))
-	return Getdirentries(fd, buf, base)
+func Err2ad() (eadd *int) {
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS___ERR2AD<<4)
+	eadd = (*int)(unsafe.Pointer(r0))
+	return
 }
 
-func direntIno(buf []byte) (uint64, bool) {
-	return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
-}
-
-func direntReclen(buf []byte) (uint64, bool) {
-	return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
-}
-
-func direntNamlen(buf []byte) (uint64, bool) {
-	reclen, ok := direntReclen(buf)
-	if !ok {
-		return 0, false
+func ZosConsolePrintf(format string, v ...interface{}) (int, error) {
+	type __cmsg struct {
+		_            uint16
+		_            [2]uint8
+		__msg_length uint32
+		__msg        uintptr
+		_            [4]uint8
 	}
-	return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
+	msg := fmt.Sprintf(format, v...)
+	strptr := unsafe.Pointer((*reflect.StringHeader)(unsafe.Pointer(&msg)).Data)
+	len := (*reflect.StringHeader)(unsafe.Pointer(&msg)).Len
+	cmsg := __cmsg{__msg_length: uint32(len), __msg: uintptr(strptr)}
+	cmd := uint32(0)
+	runtime.EnterSyscall()
+	rc, err2, err1 := CallLeFuncWithErr(GetZosLibVec()+SYS_____CONSOLE_A<<4, uintptr(unsafe.Pointer(&cmsg)), 0, uintptr(unsafe.Pointer(&cmd)))
+	runtime.ExitSyscall()
+	if rc != 0 {
+		return 0, fmt.Errorf("%s (errno2=0x%x)\n", err1.Error(), err2)
+	}
+	return 0, nil
+}
+func ZosStringToEbcdicBytes(str string, nullterm bool) (ebcdicBytes []byte) {
+	if nullterm {
+		ebcdicBytes = []byte(str + "\x00")
+	} else {
+		ebcdicBytes = []byte(str)
+	}
+	A2e(ebcdicBytes)
+	return
+}
+func ZosEbcdicBytesToString(b []byte, trimRight bool) (str string) {
+	res := make([]byte, len(b))
+	copy(res, b)
+	E2a(res)
+	if trimRight {
+		str = string(bytes.TrimRight(res, " \x00"))
+	} else {
+		str = string(res)
+	}
+	return
+}
+
+func fdToPath(dirfd int) (path string, err error) {
+	var buffer [1024]byte
+	// w_ctrl()
+	ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4,
+		[]uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))})
+	if ret == 0 {
+		zb := bytes.IndexByte(buffer[:], 0)
+		if zb == -1 {
+			zb = len(buffer)
+		}
+		// __e2a_l()
+		runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4,
+			[]uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)})
+		return string(buffer[:zb]), nil
+	}
+	// __errno()
+	errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4,
+		[]uintptr{}))))
+	// __errno2()
+	errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4,
+		[]uintptr{}))
+	// strerror_r()
+	ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4,
+		[]uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024})
+	if ret == 0 {
+		zb := bytes.IndexByte(buffer[:], 0)
+		if zb == -1 {
+			zb = len(buffer)
+		}
+		return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2)
+	} else {
+		return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2)
+	}
+}
+
+func impl_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKFIFOAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_MkfifoatAddr() *(func(dirfd int, path string, mode uint32) (err error))
+
+var Mkfifoat = enter_Mkfifoat
+
+func enter_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	funcref := get_MkfifoatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___MKFIFOAT_A<<4, "") == 0 {
+		*funcref = impl_Mkfifoat
+	} else {
+		*funcref = legacy_Mkfifoat
+	}
+	return (*funcref)(dirfd, path, mode)
+}
+
+func legacy_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+	dirname, err := ZosFdToPath(dirfd)
+	if err != nil {
+		return err
+	}
+	return Mkfifo(dirname+"/"+path, mode)
+}
+
+//sys	Posix_openpt(oflag int) (fd int, err error) = SYS_POSIX_OPENPT
+//sys	Grantpt(fildes int) (rc int, err error) = SYS_GRANTPT
+//sys	Unlockpt(fildes int) (rc int, err error) = SYS_UNLOCKPT
+
+func fcntlAsIs(fd uintptr, cmd int, arg uintptr) (val int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), arg)
+	runtime.ExitSyscall()
+	val = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+func Fcntl(fd uintptr, cmd int, op interface{}) (ret int, err error) {
+	switch op.(type) {
+	case *Flock_t:
+		err = FcntlFlock(fd, cmd, op.(*Flock_t))
+		if err != nil {
+			ret = -1
+		}
+		return
+	case int:
+		return FcntlInt(fd, cmd, op.(int))
+	case *F_cnvrt:
+		return fcntlAsIs(fd, cmd, uintptr(unsafe.Pointer(op.(*F_cnvrt))))
+	case unsafe.Pointer:
+		return fcntlAsIs(fd, cmd, uintptr(op.(unsafe.Pointer)))
+	default:
+		return -1, EINVAL
+	}
+	return
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	if raceenabled {
+		raceReleaseMerge(unsafe.Pointer(&ioSync))
+	}
+	return sendfile(outfd, infd, offset, count)
+}
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+	// TODO: use LE call instead if the call is implemented
+	originalOffset, err := Seek(infd, 0, SEEK_CUR)
+	if err != nil {
+		return -1, err
+	}
+	//start reading data from in_fd
+	if offset != nil {
+		_, err := Seek(infd, *offset, SEEK_SET)
+		if err != nil {
+			return -1, err
+		}
+	}
+
+	buf := make([]byte, count)
+	readBuf := make([]byte, 0)
+	var n int = 0
+	for i := 0; i < count; i += n {
+		n, err := Read(infd, buf)
+		if n == 0 {
+			if err != nil {
+				return -1, err
+			} else { // EOF
+				break
+			}
+		}
+		readBuf = append(readBuf, buf...)
+		buf = buf[0:0]
+	}
+
+	n2, err := Write(outfd, readBuf)
+	if err != nil {
+		return -1, err
+	}
+
+	//When sendfile() returns, this variable will be set to the
+	// offset of the byte following the last byte that was read.
+	if offset != nil {
+		*offset = *offset + int64(n)
+		// If offset is not NULL, then sendfile() does not modify the file
+		// offset of in_fd
+		_, err := Seek(infd, originalOffset, SEEK_SET)
+		if err != nil {
+			return -1, err
+		}
+	}
+	return n2, nil
 }
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 79a84f18..672d6b0a 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build (darwin && !ios) || linux
+//go:build (darwin && !ios) || linux || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
index 9eb0db66..8b7977a2 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build darwin && !ios
+//go:build (darwin && !ios) || zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/vgetrandom_linux.go b/vendor/golang.org/x/sys/unix/vgetrandom_linux.go
new file mode 100644
index 00000000..07ac8e09
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/vgetrandom_linux.go
@@ -0,0 +1,13 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && go1.24
+
+package unix
+
+import _ "unsafe"
+
+//go:linkname vgetrandom runtime.vgetrandom
+//go:noescape
+func vgetrandom(p []byte, flags uint32) (ret int, supported bool)
diff --git a/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go b/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go
new file mode 100644
index 00000000..297e97bc
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go
@@ -0,0 +1,11 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux || !go1.24
+
+package unix
+
+func vgetrandom(p []byte, flags uint32) (ret int, supported bool) {
+	return -1, false
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
index e40fa852..d73c4652 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -237,6 +237,9 @@ const (
 	CLOCK_UPTIME_RAW_APPROX                 = 0x9
 	CLONE_NOFOLLOW                          = 0x1
 	CLONE_NOOWNERCOPY                       = 0x2
+	CONNECT_DATA_AUTHENTICATED              = 0x4
+	CONNECT_DATA_IDEMPOTENT                 = 0x2
+	CONNECT_RESUME_ON_READ_WRITE            = 0x1
 	CR0                                     = 0x0
 	CR1                                     = 0x1000
 	CR2                                     = 0x2000
@@ -1169,6 +1172,11 @@ const (
 	PT_WRITE_D                              = 0x5
 	PT_WRITE_I                              = 0x4
 	PT_WRITE_U                              = 0x6
+	RENAME_EXCL                             = 0x4
+	RENAME_NOFOLLOW_ANY                     = 0x10
+	RENAME_RESERVED1                        = 0x8
+	RENAME_SECLUDE                          = 0x1
+	RENAME_SWAP                             = 0x2
 	RLIMIT_AS                               = 0x5
 	RLIMIT_CORE                             = 0x4
 	RLIMIT_CPU                              = 0x0
@@ -1260,6 +1268,10 @@ const (
 	RTV_SSTHRESH                            = 0x20
 	RUSAGE_CHILDREN                         = -0x1
 	RUSAGE_SELF                             = 0x0
+	SAE_ASSOCID_ALL                         = 0xffffffff
+	SAE_ASSOCID_ANY                         = 0x0
+	SAE_CONNID_ALL                          = 0xffffffff
+	SAE_CONNID_ANY                          = 0x0
 	SCM_CREDS                               = 0x3
 	SCM_RIGHTS                              = 0x1
 	SCM_TIMESTAMP                           = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
index bb02aa6c..4a55a400 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -237,6 +237,9 @@ const (
 	CLOCK_UPTIME_RAW_APPROX                 = 0x9
 	CLONE_NOFOLLOW                          = 0x1
 	CLONE_NOOWNERCOPY                       = 0x2
+	CONNECT_DATA_AUTHENTICATED              = 0x4
+	CONNECT_DATA_IDEMPOTENT                 = 0x2
+	CONNECT_RESUME_ON_READ_WRITE            = 0x1
 	CR0                                     = 0x0
 	CR1                                     = 0x1000
 	CR2                                     = 0x2000
@@ -1169,6 +1172,11 @@ const (
 	PT_WRITE_D                              = 0x5
 	PT_WRITE_I                              = 0x4
 	PT_WRITE_U                              = 0x6
+	RENAME_EXCL                             = 0x4
+	RENAME_NOFOLLOW_ANY                     = 0x10
+	RENAME_RESERVED1                        = 0x8
+	RENAME_SECLUDE                          = 0x1
+	RENAME_SWAP                             = 0x2
 	RLIMIT_AS                               = 0x5
 	RLIMIT_CORE                             = 0x4
 	RLIMIT_CPU                              = 0x0
@@ -1260,6 +1268,10 @@ const (
 	RTV_SSTHRESH                            = 0x20
 	RUSAGE_CHILDREN                         = -0x1
 	RUSAGE_SELF                             = 0x0
+	SAE_ASSOCID_ALL                         = 0xffffffff
+	SAE_ASSOCID_ANY                         = 0x0
+	SAE_CONNID_ALL                          = 0xffffffff
+	SAE_CONNID_ANY                          = 0x0
 	SCM_CREDS                               = 0x3
 	SCM_RIGHTS                              = 0x1
 	SCM_TIMESTAMP                           = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index c73cfe2f..4f432bfe 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -321,6 +321,9 @@ const (
 	AUDIT_INTEGRITY_STATUS                      = 0x70a
 	AUDIT_IPC                                   = 0x517
 	AUDIT_IPC_SET_PERM                          = 0x51f
+	AUDIT_IPE_ACCESS                            = 0x58c
+	AUDIT_IPE_CONFIG_CHANGE                     = 0x58d
+	AUDIT_IPE_POLICY_LOAD                       = 0x58e
 	AUDIT_KERNEL                                = 0x7d0
 	AUDIT_KERNEL_OTHER                          = 0x524
 	AUDIT_KERN_MODULE                           = 0x532
@@ -457,6 +460,7 @@ const (
 	B600                                        = 0x8
 	B75                                         = 0x2
 	B9600                                       = 0xd
+	BCACHEFS_SUPER_MAGIC                        = 0xca451a4e
 	BDEVFS_MAGIC                                = 0x62646576
 	BINDERFS_SUPER_MAGIC                        = 0x6c6f6f70
 	BINFMTFS_MAGIC                              = 0x42494e4d
@@ -488,11 +492,14 @@ const (
 	BPF_F_ID                                    = 0x20
 	BPF_F_NETFILTER_IP_DEFRAG                   = 0x1
 	BPF_F_QUERY_EFFECTIVE                       = 0x1
+	BPF_F_REDIRECT_FLAGS                        = 0x19
 	BPF_F_REPLACE                               = 0x4
 	BPF_F_SLEEPABLE                             = 0x10
 	BPF_F_STRICT_ALIGNMENT                      = 0x1
+	BPF_F_TEST_REG_INVARIANTS                   = 0x80
 	BPF_F_TEST_RND_HI32                         = 0x4
 	BPF_F_TEST_RUN_ON_CPU                       = 0x1
+	BPF_F_TEST_SKB_CHECKSUM_COMPLETE            = 0x4
 	BPF_F_TEST_STATE_FREQ                       = 0x8
 	BPF_F_TEST_XDP_LIVE_FRAMES                  = 0x2
 	BPF_F_XDP_DEV_BOUND_ONLY                    = 0x40
@@ -501,6 +508,7 @@ const (
 	BPF_IMM                                     = 0x0
 	BPF_IND                                     = 0x40
 	BPF_JA                                      = 0x0
+	BPF_JCOND                                   = 0xe0
 	BPF_JEQ                                     = 0x10
 	BPF_JGE                                     = 0x30
 	BPF_JGT                                     = 0x20
@@ -656,6 +664,9 @@ const (
 	CAN_NPROTO                                  = 0x8
 	CAN_RAW                                     = 0x1
 	CAN_RAW_FILTER_MAX                          = 0x200
+	CAN_RAW_XL_VCID_RX_FILTER                   = 0x4
+	CAN_RAW_XL_VCID_TX_PASS                     = 0x2
+	CAN_RAW_XL_VCID_TX_SET                      = 0x1
 	CAN_RTR_FLAG                                = 0x40000000
 	CAN_SFF_ID_BITS                             = 0xb
 	CAN_SFF_MASK                                = 0x7ff
@@ -923,6 +934,7 @@ const (
 	EPOLL_CTL_ADD                               = 0x1
 	EPOLL_CTL_DEL                               = 0x2
 	EPOLL_CTL_MOD                               = 0x3
+	EPOLL_IOC_TYPE                              = 0x8a
 	EROFS_SUPER_MAGIC_V1                        = 0xe0f5e1e2
 	ESP_V4_FLOW                                 = 0xa
 	ESP_V6_FLOW                                 = 0xc
@@ -936,9 +948,6 @@ const (
 	ETHTOOL_FEC_OFF                             = 0x4
 	ETHTOOL_FEC_RS                              = 0x8
 	ETHTOOL_FLAG_ALL                            = 0x7
-	ETHTOOL_FLAG_COMPACT_BITSETS                = 0x1
-	ETHTOOL_FLAG_OMIT_REPLY                     = 0x2
-	ETHTOOL_FLAG_STATS                          = 0x4
 	ETHTOOL_FLASHDEV                            = 0x33
 	ETHTOOL_FLASH_MAX_FILENAME                  = 0x80
 	ETHTOOL_FWVERS_LEN                          = 0x20
@@ -1161,6 +1170,7 @@ const (
 	EXTA                                        = 0xe
 	EXTB                                        = 0xf
 	F2FS_SUPER_MAGIC                            = 0xf2f52010
+	FALLOC_FL_ALLOCATE_RANGE                    = 0x0
 	FALLOC_FL_COLLAPSE_RANGE                    = 0x8
 	FALLOC_FL_INSERT_RANGE                      = 0x20
 	FALLOC_FL_KEEP_SIZE                         = 0x1
@@ -1235,6 +1245,7 @@ const (
 	FAN_REPORT_DFID_NAME                        = 0xc00
 	FAN_REPORT_DFID_NAME_TARGET                 = 0x1e00
 	FAN_REPORT_DIR_FID                          = 0x400
+	FAN_REPORT_FD_ERROR                         = 0x2000
 	FAN_REPORT_FID                              = 0x200
 	FAN_REPORT_NAME                             = 0x800
 	FAN_REPORT_PIDFD                            = 0x80
@@ -1320,8 +1331,10 @@ const (
 	FUSE_SUPER_MAGIC                            = 0x65735546
 	FUTEXFS_SUPER_MAGIC                         = 0xbad1dea
 	F_ADD_SEALS                                 = 0x409
+	F_CREATED_QUERY                             = 0x404
 	F_DUPFD                                     = 0x0
 	F_DUPFD_CLOEXEC                             = 0x406
+	F_DUPFD_QUERY                               = 0x403
 	F_EXLCK                                     = 0x4
 	F_GETFD                                     = 0x1
 	F_GETFL                                     = 0x3
@@ -1338,6 +1351,7 @@ const (
 	F_OFD_SETLK                                 = 0x25
 	F_OFD_SETLKW                                = 0x26
 	F_OK                                        = 0x0
+	F_SEAL_EXEC                                 = 0x20
 	F_SEAL_FUTURE_WRITE                         = 0x10
 	F_SEAL_GROW                                 = 0x4
 	F_SEAL_SEAL                                 = 0x1
@@ -1540,6 +1554,7 @@ const (
 	IPPROTO_ROUTING                             = 0x2b
 	IPPROTO_RSVP                                = 0x2e
 	IPPROTO_SCTP                                = 0x84
+	IPPROTO_SMC                                 = 0x100
 	IPPROTO_TCP                                 = 0x6
 	IPPROTO_TP                                  = 0x1d
 	IPPROTO_UDP                                 = 0x11
@@ -1612,6 +1627,8 @@ const (
 	IPV6_UNICAST_IF                             = 0x4c
 	IPV6_USER_FLOW                              = 0xe
 	IPV6_V6ONLY                                 = 0x1a
+	IPV6_VERSION                                = 0x60
+	IPV6_VERSION_MASK                           = 0xf0
 	IPV6_XFRM_POLICY                            = 0x23
 	IP_ADD_MEMBERSHIP                           = 0x23
 	IP_ADD_SOURCE_MEMBERSHIP                    = 0x27
@@ -1626,6 +1643,7 @@ const (
 	IP_FREEBIND                                 = 0xf
 	IP_HDRINCL                                  = 0x3
 	IP_IPSEC_POLICY                             = 0x10
+	IP_LOCAL_PORT_RANGE                         = 0x33
 	IP_MAXPACKET                                = 0xffff
 	IP_MAX_MEMBERSHIPS                          = 0x14
 	IP_MF                                       = 0x2000
@@ -1652,6 +1670,7 @@ const (
 	IP_PMTUDISC_OMIT                            = 0x5
 	IP_PMTUDISC_PROBE                           = 0x3
 	IP_PMTUDISC_WANT                            = 0x1
+	IP_PROTOCOL                                 = 0x34
 	IP_RECVERR                                  = 0xb
 	IP_RECVERR_RFC4884                          = 0x1a
 	IP_RECVFRAGSIZE                             = 0x19
@@ -1697,6 +1716,8 @@ const (
 	KEXEC_ARCH_S390                             = 0x160000
 	KEXEC_ARCH_SH                               = 0x2a0000
 	KEXEC_ARCH_X86_64                           = 0x3e0000
+	KEXEC_CRASH_HOTPLUG_SUPPORT                 = 0x8
+	KEXEC_FILE_DEBUG                            = 0x8
 	KEXEC_FILE_NO_INITRAMFS                     = 0x4
 	KEXEC_FILE_ON_CRASH                         = 0x2
 	KEXEC_FILE_UNLOAD                           = 0x1
@@ -1771,6 +1792,7 @@ const (
 	KEY_SPEC_USER_KEYRING                       = -0x4
 	KEY_SPEC_USER_SESSION_KEYRING               = -0x5
 	LANDLOCK_ACCESS_FS_EXECUTE                  = 0x1
+	LANDLOCK_ACCESS_FS_IOCTL_DEV                = 0x8000
 	LANDLOCK_ACCESS_FS_MAKE_BLOCK               = 0x800
 	LANDLOCK_ACCESS_FS_MAKE_CHAR                = 0x40
 	LANDLOCK_ACCESS_FS_MAKE_DIR                 = 0x80
@@ -1785,7 +1807,11 @@ const (
 	LANDLOCK_ACCESS_FS_REMOVE_FILE              = 0x20
 	LANDLOCK_ACCESS_FS_TRUNCATE                 = 0x4000
 	LANDLOCK_ACCESS_FS_WRITE_FILE               = 0x2
+	LANDLOCK_ACCESS_NET_BIND_TCP                = 0x1
+	LANDLOCK_ACCESS_NET_CONNECT_TCP             = 0x2
 	LANDLOCK_CREATE_RULESET_VERSION             = 0x1
+	LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET         = 0x1
+	LANDLOCK_SCOPE_SIGNAL                       = 0x2
 	LINUX_REBOOT_CMD_CAD_OFF                    = 0x0
 	LINUX_REBOOT_CMD_CAD_ON                     = 0x89abcdef
 	LINUX_REBOOT_CMD_HALT                       = 0xcdef0123
@@ -1847,9 +1873,23 @@ const (
 	MADV_UNMERGEABLE                            = 0xd
 	MADV_WILLNEED                               = 0x3
 	MADV_WIPEONFORK                             = 0x12
+	MAP_DROPPABLE                               = 0x8
 	MAP_FILE                                    = 0x0
 	MAP_FIXED                                   = 0x10
 	MAP_FIXED_NOREPLACE                         = 0x100000
+	MAP_HUGE_16GB                               = 0x88000000
+	MAP_HUGE_16KB                               = 0x38000000
+	MAP_HUGE_16MB                               = 0x60000000
+	MAP_HUGE_1GB                                = 0x78000000
+	MAP_HUGE_1MB                                = 0x50000000
+	MAP_HUGE_256MB                              = 0x70000000
+	MAP_HUGE_2GB                                = 0x7c000000
+	MAP_HUGE_2MB                                = 0x54000000
+	MAP_HUGE_32MB                               = 0x64000000
+	MAP_HUGE_512KB                              = 0x4c000000
+	MAP_HUGE_512MB                              = 0x74000000
+	MAP_HUGE_64KB                               = 0x40000000
+	MAP_HUGE_8MB                                = 0x5c000000
 	MAP_HUGE_MASK                               = 0x3f
 	MAP_HUGE_SHIFT                              = 0x1a
 	MAP_PRIVATE                                 = 0x2
@@ -1896,6 +1936,9 @@ const (
 	MNT_DETACH                                  = 0x2
 	MNT_EXPIRE                                  = 0x4
 	MNT_FORCE                                   = 0x1
+	MNT_ID_REQ_SIZE_VER0                        = 0x18
+	MNT_ID_REQ_SIZE_VER1                        = 0x20
+	MNT_NS_INFO_SIZE_VER0                       = 0x10
 	MODULE_INIT_COMPRESSED_FILE                 = 0x4
 	MODULE_INIT_IGNORE_MODVERSIONS              = 0x1
 	MODULE_INIT_IGNORE_VERMAGIC                 = 0x2
@@ -1931,6 +1974,7 @@ const (
 	MSG_PEEK                                    = 0x2
 	MSG_PROXY                                   = 0x10
 	MSG_RST                                     = 0x1000
+	MSG_SOCK_DEVMEM                             = 0x2000000
 	MSG_SYN                                     = 0x400
 	MSG_TRUNC                                   = 0x20
 	MSG_TRYHARD                                 = 0x4
@@ -2047,6 +2091,7 @@ const (
 	NFC_ATR_REQ_MAXSIZE                         = 0x40
 	NFC_ATR_RES_GB_MAXSIZE                      = 0x2f
 	NFC_ATR_RES_MAXSIZE                         = 0x40
+	NFC_ATS_MAXSIZE                             = 0x14
 	NFC_COMM_ACTIVE                             = 0x0
 	NFC_COMM_PASSIVE                            = 0x1
 	NFC_DEVICE_NAME_MAXSIZE                     = 0x8
@@ -2127,6 +2172,61 @@ const (
 	NFNL_SUBSYS_QUEUE                           = 0x3
 	NFNL_SUBSYS_ULOG                            = 0x4
 	NFS_SUPER_MAGIC                             = 0x6969
+	NFT_BITWISE_BOOL                            = 0x0
+	NFT_CHAIN_FLAGS                             = 0x7
+	NFT_CHAIN_MAXNAMELEN                        = 0x100
+	NFT_CT_MAX                                  = 0x17
+	NFT_DATA_RESERVED_MASK                      = 0xffffff00
+	NFT_DATA_VALUE_MAXLEN                       = 0x40
+	NFT_EXTHDR_OP_MAX                           = 0x4
+	NFT_FIB_RESULT_MAX                          = 0x3
+	NFT_INNER_MASK                              = 0xf
+	NFT_LOGLEVEL_MAX                            = 0x8
+	NFT_NAME_MAXLEN                             = 0x100
+	NFT_NG_MAX                                  = 0x1
+	NFT_OBJECT_CONNLIMIT                        = 0x5
+	NFT_OBJECT_COUNTER                          = 0x1
+	NFT_OBJECT_CT_EXPECT                        = 0x9
+	NFT_OBJECT_CT_HELPER                        = 0x3
+	NFT_OBJECT_CT_TIMEOUT                       = 0x7
+	NFT_OBJECT_LIMIT                            = 0x4
+	NFT_OBJECT_MAX                              = 0xa
+	NFT_OBJECT_QUOTA                            = 0x2
+	NFT_OBJECT_SECMARK                          = 0x8
+	NFT_OBJECT_SYNPROXY                         = 0xa
+	NFT_OBJECT_TUNNEL                           = 0x6
+	NFT_OBJECT_UNSPEC                           = 0x0
+	NFT_OBJ_MAXNAMELEN                          = 0x100
+	NFT_OSF_MAXGENRELEN                         = 0x10
+	NFT_QUEUE_FLAG_BYPASS                       = 0x1
+	NFT_QUEUE_FLAG_CPU_FANOUT                   = 0x2
+	NFT_QUEUE_FLAG_MASK                         = 0x3
+	NFT_REG32_COUNT                             = 0x10
+	NFT_REG32_SIZE                              = 0x4
+	NFT_REG_MAX                                 = 0x4
+	NFT_REG_SIZE                                = 0x10
+	NFT_REJECT_ICMPX_MAX                        = 0x3
+	NFT_RT_MAX                                  = 0x4
+	NFT_SECMARK_CTX_MAXLEN                      = 0x1000
+	NFT_SET_MAXNAMELEN                          = 0x100
+	NFT_SOCKET_MAX                              = 0x3
+	NFT_TABLE_F_MASK                            = 0x7
+	NFT_TABLE_MAXNAMELEN                        = 0x100
+	NFT_TRACETYPE_MAX                           = 0x3
+	NFT_TUNNEL_F_MASK                           = 0x7
+	NFT_TUNNEL_MAX                              = 0x1
+	NFT_TUNNEL_MODE_MAX                         = 0x2
+	NFT_USERDATA_MAXLEN                         = 0x100
+	NFT_XFRM_KEY_MAX                            = 0x6
+	NF_NAT_RANGE_MAP_IPS                        = 0x1
+	NF_NAT_RANGE_MASK                           = 0x7f
+	NF_NAT_RANGE_NETMAP                         = 0x40
+	NF_NAT_RANGE_PERSISTENT                     = 0x8
+	NF_NAT_RANGE_PROTO_OFFSET                   = 0x20
+	NF_NAT_RANGE_PROTO_RANDOM                   = 0x4
+	NF_NAT_RANGE_PROTO_RANDOM_ALL               = 0x14
+	NF_NAT_RANGE_PROTO_RANDOM_FULLY             = 0x10
+	NF_NAT_RANGE_PROTO_SPECIFIED                = 0x2
 	NILFS_SUPER_MAGIC                           = 0x3434
 	NL0                                         = 0x0
 	NL1                                         = 0x100
@@ -2246,6 +2346,7 @@ const (
 	PERF_AUX_FLAG_PARTIAL                       = 0x4
 	PERF_AUX_FLAG_PMU_FORMAT_TYPE_MASK          = 0xff00
 	PERF_AUX_FLAG_TRUNCATED                     = 0x1
+	PERF_BRANCH_ENTRY_INFO_BITS_MAX             = 0x21
 	PERF_BR_ARM64_DEBUG_DATA                    = 0x7
 	PERF_BR_ARM64_DEBUG_EXIT                    = 0x5
 	PERF_BR_ARM64_DEBUG_HALT                    = 0x4
@@ -2275,9 +2376,11 @@ const (
 	PERF_MEM_LVLNUM_IO                          = 0xa
 	PERF_MEM_LVLNUM_L1                          = 0x1
 	PERF_MEM_LVLNUM_L2                          = 0x2
+	PERF_MEM_LVLNUM_L2_MHB                      = 0x5
 	PERF_MEM_LVLNUM_L3                          = 0x3
 	PERF_MEM_LVLNUM_L4                          = 0x4
 	PERF_MEM_LVLNUM_LFB                         = 0xc
+	PERF_MEM_LVLNUM_MSC                         = 0x6
 	PERF_MEM_LVLNUM_NA                          = 0xf
 	PERF_MEM_LVLNUM_PMEM                        = 0xe
 	PERF_MEM_LVLNUM_RAM                         = 0xd
@@ -2343,12 +2446,14 @@ const (
 	PERF_RECORD_MISC_USER                       = 0x2
 	PERF_SAMPLE_BRANCH_PLM_ALL                  = 0x7
 	PERF_SAMPLE_WEIGHT_TYPE                     = 0x1004000
+	PID_FS_MAGIC                                = 0x50494446
 	PIPEFS_MAGIC                                = 0x50495045
 	PPPIOCGNPMODE                               = 0xc008744c
 	PPPIOCNEWUNIT                               = 0xc004743e
 	PRIO_PGRP                                   = 0x1
 	PRIO_PROCESS                                = 0x0
 	PRIO_USER                                   = 0x2
+	PROCFS_IOCTL_MAGIC                          = 'f'
 	PROC_SUPER_MAGIC                            = 0x9fa0
 	PROT_EXEC                                   = 0x4
 	PROT_GROWSDOWN                              = 0x1000000
@@ -2396,6 +2501,7 @@ const (
 	PR_GET_PDEATHSIG                            = 0x2
 	PR_GET_SECCOMP                              = 0x15
 	PR_GET_SECUREBITS                           = 0x1b
+	PR_GET_SHADOW_STACK_STATUS                  = 0x4a
 	PR_GET_SPECULATION_CTRL                     = 0x34
 	PR_GET_TAGGED_ADDR_CTRL                     = 0x38
 	PR_GET_THP_DISABLE                          = 0x2a
@@ -2404,6 +2510,7 @@ const (
 	PR_GET_TIMING                               = 0xd
 	PR_GET_TSC                                  = 0x19
 	PR_GET_UNALIGN                              = 0x5
+	PR_LOCK_SHADOW_STACK_STATUS                 = 0x4c
 	PR_MCE_KILL                                 = 0x21
 	PR_MCE_KILL_CLEAR                           = 0x0
 	PR_MCE_KILL_DEFAULT                         = 0x2
@@ -2411,6 +2518,7 @@ const (
 	PR_MCE_KILL_GET                             = 0x22
 	PR_MCE_KILL_LATE                            = 0x0
 	PR_MCE_KILL_SET                             = 0x1
+	PR_MDWE_NO_INHERIT                          = 0x2
 	PR_MDWE_REFUSE_EXEC_GAIN                    = 0x1
 	PR_MPX_DISABLE_MANAGEMENT                   = 0x2c
 	PR_MPX_ENABLE_MANAGEMENT                    = 0x2b
@@ -2429,6 +2537,25 @@ const (
 	PR_PAC_GET_ENABLED_KEYS                     = 0x3d
 	PR_PAC_RESET_KEYS                           = 0x36
 	PR_PAC_SET_ENABLED_KEYS                     = 0x3c
+	PR_PMLEN_MASK                               = 0x7f000000
+	PR_PMLEN_SHIFT                              = 0x18
+	PR_PPC_DEXCR_CTRL_CLEAR                     = 0x4
+	PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC              = 0x10
+	PR_PPC_DEXCR_CTRL_EDITABLE                  = 0x1
+	PR_PPC_DEXCR_CTRL_MASK                      = 0x1f
+	PR_PPC_DEXCR_CTRL_SET                       = 0x2
+	PR_PPC_DEXCR_CTRL_SET_ONEXEC                = 0x8
+	PR_PPC_DEXCR_IBRTPD                         = 0x1
+	PR_PPC_DEXCR_NPHIE                          = 0x3
+	PR_PPC_DEXCR_SBHE                           = 0x0
+	PR_PPC_DEXCR_SRAPD                          = 0x2
+	PR_PPC_GET_DEXCR                            = 0x48
+	PR_PPC_SET_DEXCR                            = 0x49
+	PR_RISCV_CTX_SW_FENCEI_OFF                  = 0x1
+	PR_RISCV_CTX_SW_FENCEI_ON                   = 0x0
+	PR_RISCV_SCOPE_PER_PROCESS                  = 0x0
+	PR_RISCV_SCOPE_PER_THREAD                   = 0x1
+	PR_RISCV_SET_ICACHE_FLUSH_CTX               = 0x47
 	PR_RISCV_V_GET_CONTROL                      = 0x46
 	PR_RISCV_V_SET_CONTROL                      = 0x45
 	PR_RISCV_V_VSTATE_CTRL_CUR_MASK             = 0x3
@@ -2479,6 +2606,7 @@ const (
 	PR_SET_PTRACER                              = 0x59616d61
 	PR_SET_SECCOMP                              = 0x16
 	PR_SET_SECUREBITS                           = 0x1c
+	PR_SET_SHADOW_STACK_STATUS                  = 0x4b
 	PR_SET_SPECULATION_CTRL                     = 0x35
 	PR_SET_SYSCALL_USER_DISPATCH                = 0x3b
 	PR_SET_TAGGED_ADDR_CTRL                     = 0x37
@@ -2489,6 +2617,9 @@ const (
 	PR_SET_UNALIGN                              = 0x6
 	PR_SET_VMA                                  = 0x53564d41
 	PR_SET_VMA_ANON_NAME                        = 0x0
+	PR_SHADOW_STACK_ENABLE                      = 0x1
+	PR_SHADOW_STACK_PUSH                        = 0x4
+	PR_SHADOW_STACK_WRITE                       = 0x2
 	PR_SME_GET_VL                               = 0x40
 	PR_SME_SET_VL                               = 0x3f
 	PR_SME_SET_VL_ONEXEC                        = 0x40000
@@ -2520,6 +2651,28 @@ const (
 	PR_UNALIGN_NOPRINT                          = 0x1
 	PR_UNALIGN_SIGBUS                           = 0x2
 	PSTOREFS_MAGIC                              = 0x6165676c
+	PTP_CLK_MAGIC                               = '='
+	PTP_ENABLE_FEATURE                          = 0x1
+	PTP_EXTTS_EDGES                             = 0x6
+	PTP_EXTTS_EVENT_VALID                       = 0x1
+	PTP_EXTTS_V1_VALID_FLAGS                    = 0x7
+	PTP_EXTTS_VALID_FLAGS                       = 0x1f
+	PTP_EXT_OFFSET                              = 0x10
+	PTP_FALLING_EDGE                            = 0x4
+	PTP_MAX_SAMPLES                             = 0x19
+	PTP_PEROUT_DUTY_CYCLE                       = 0x2
+	PTP_PEROUT_ONE_SHOT                         = 0x1
+	PTP_PEROUT_PHASE                            = 0x4
+	PTP_PEROUT_V1_VALID_FLAGS                   = 0x0
+	PTP_PEROUT_VALID_FLAGS                      = 0x7
+	PTP_PIN_GETFUNC                             = 0xc0603d06
+	PTP_PIN_GETFUNC2                            = 0xc0603d0f
+	PTP_RISING_EDGE                             = 0x2
+	PTP_STRICT_FLAGS                            = 0x8
+	PTP_SYS_OFFSET_EXTENDED                     = 0xc4c03d09
+	PTP_SYS_OFFSET_EXTENDED2                    = 0xc4c03d12
+	PTP_SYS_OFFSET_PRECISE                      = 0xc0403d08
+	PTP_SYS_OFFSET_PRECISE2                     = 0xc0403d11
 	PTRACE_ATTACH                               = 0x10
 	PTRACE_CONT                                 = 0x7
 	PTRACE_DETACH                               = 0x11
@@ -2615,8 +2768,9 @@ const (
 	RTAX_FEATURES                               = 0xc
 	RTAX_FEATURE_ALLFRAG                        = 0x8
 	RTAX_FEATURE_ECN                            = 0x1
-	RTAX_FEATURE_MASK                           = 0xf
+	RTAX_FEATURE_MASK                           = 0x1f
 	RTAX_FEATURE_SACK                           = 0x2
+	RTAX_FEATURE_TCP_USEC_TS                    = 0x10
 	RTAX_FEATURE_TIMESTAMP                      = 0x4
 	RTAX_HOPLIMIT                               = 0xa
 	RTAX_INITCWND                               = 0xb
@@ -2775,7 +2929,6 @@ const (
 	RTM_NEWNEXTHOP                              = 0x68
 	RTM_NEWNEXTHOPBUCKET                        = 0x74
 	RTM_NEWNSID                                 = 0x58
-	RTM_NEWNVLAN                                = 0x70
 	RTM_NEWPREFIX                               = 0x34
 	RTM_NEWQDISC                                = 0x24
 	RTM_NEWROUTE                                = 0x18
@@ -2784,6 +2937,7 @@ const (
 	RTM_NEWTCLASS                               = 0x28
 	RTM_NEWTFILTER                              = 0x2c
 	RTM_NEWTUNNEL                               = 0x78
+	RTM_NEWVLAN                                 = 0x70
 	RTM_NR_FAMILIES                             = 0x1b
 	RTM_NR_MSGTYPES                             = 0x6c
 	RTM_SETDCB                                  = 0x4f
@@ -2832,14 +2986,17 @@ const (
 	RUSAGE_SELF                                 = 0x0
 	RUSAGE_THREAD                               = 0x1
 	RWF_APPEND                                  = 0x10
+	RWF_ATOMIC                                  = 0x40
 	RWF_DSYNC                                   = 0x2
 	RWF_HIPRI                                   = 0x1
+	RWF_NOAPPEND                                = 0x20
 	RWF_NOWAIT                                  = 0x8
-	RWF_SUPPORTED                               = 0x1f
+	RWF_SUPPORTED                               = 0x7f
 	RWF_SYNC                                    = 0x4
 	RWF_WRITE_LIFE_NOT_SET                      = 0x0
 	SCHED_BATCH                                 = 0x3
 	SCHED_DEADLINE                              = 0x6
+	SCHED_EXT                                   = 0x7
 	SCHED_FIFO                                  = 0x1
 	SCHED_FLAG_ALL                              = 0x7f
 	SCHED_FLAG_DL_OVERRUN                       = 0x4
@@ -2856,12 +3013,43 @@ const (
 	SCHED_RESET_ON_FORK                         = 0x40000000
 	SCHED_RR                                    = 0x2
 	SCM_CREDENTIALS                             = 0x2
+	SCM_PIDFD                                   = 0x4
 	SCM_RIGHTS                                  = 0x1
+	SCM_SECURITY                                = 0x3
 	SCM_TIMESTAMP                               = 0x1d
 	SC_LOG_FLUSH                                = 0x100000
+	SECCOMP_ADDFD_FLAG_SEND                     = 0x2
+	SECCOMP_ADDFD_FLAG_SETFD                    = 0x1
+	SECCOMP_FILTER_FLAG_LOG                     = 0x2
+	SECCOMP_FILTER_FLAG_NEW_LISTENER            = 0x8
+	SECCOMP_FILTER_FLAG_SPEC_ALLOW              = 0x4
+	SECCOMP_FILTER_FLAG_TSYNC                   = 0x1
+	SECCOMP_FILTER_FLAG_TSYNC_ESRCH             = 0x10
+	SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV      = 0x20
+	SECCOMP_GET_ACTION_AVAIL                    = 0x2
+	SECCOMP_GET_NOTIF_SIZES                     = 0x3
+	SECCOMP_IOCTL_NOTIF_RECV                    = 0xc0502100
+	SECCOMP_IOCTL_NOTIF_SEND                    = 0xc0182101
+	SECCOMP_IOC_MAGIC                           = '!'
 	SECCOMP_MODE_DISABLED                       = 0x0
 	SECCOMP_MODE_FILTER                         = 0x2
 	SECCOMP_MODE_STRICT                         = 0x1
+	SECCOMP_RET_ACTION                          = 0x7fff0000
+	SECCOMP_RET_ACTION_FULL                     = 0xffff0000
+	SECCOMP_RET_ALLOW                           = 0x7fff0000
+	SECCOMP_RET_DATA                            = 0xffff
+	SECCOMP_RET_ERRNO                           = 0x50000
+	SECCOMP_RET_KILL                            = 0x0
+	SECCOMP_RET_KILL_PROCESS                    = 0x80000000
+	SECCOMP_RET_KILL_THREAD                     = 0x0
+	SECCOMP_RET_LOG                             = 0x7ffc0000
+	SECCOMP_RET_TRACE                           = 0x7ff00000
+	SECCOMP_RET_TRAP                            = 0x30000
+	SECCOMP_RET_USER_NOTIF                      = 0x7fc00000
+	SECCOMP_SET_MODE_FILTER                     = 0x1
+	SECCOMP_SET_MODE_STRICT                     = 0x0
+	SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP          = 0x1
+	SECCOMP_USER_NOTIF_FLAG_CONTINUE            = 0x1
 	SECRETMEM_MAGIC                             = 0x5345434d
 	SECURITYFS_MAGIC                            = 0x73636673
 	SEEK_CUR                                    = 0x1
@@ -2960,6 +3148,8 @@ const (
 	SIOCSMIIREG                                 = 0x8949
 	SIOCSRARP                                   = 0x8962
 	SIOCWANDEV                                  = 0x894a
+	SK_DIAG_BPF_STORAGE_MAX                     = 0x3
+	SK_DIAG_BPF_STORAGE_REQ_MAX                 = 0x1
 	SMACK_MAGIC                                 = 0x43415d53
 	SMART_AUTOSAVE                              = 0xd2
 	SMART_AUTO_OFFLINE                          = 0xdb
@@ -2980,6 +3170,8 @@ const (
 	SOCKFS_MAGIC                                = 0x534f434b
 	SOCK_BUF_LOCK_MASK                          = 0x3
 	SOCK_DCCP                                   = 0x6
+	SOCK_DESTROY                                = 0x15
+	SOCK_DIAG_BY_FAMILY                         = 0x14
 	SOCK_IOC_TYPE                               = 0x89
 	SOCK_PACKET                                 = 0xa
 	SOCK_RAW                                    = 0x3
@@ -3021,6 +3213,7 @@ const (
 	SOL_TIPC                                    = 0x10f
 	SOL_TLS                                     = 0x11a
 	SOL_UDP                                     = 0x11
+	SOL_VSOCK                                   = 0x11f
 	SOL_X25                                     = 0x106
 	SOL_XDP                                     = 0x11b
 	SOMAXCONN                                   = 0x1000
@@ -3072,6 +3265,7 @@ const (
 	STATX_ATTR_MOUNT_ROOT                       = 0x2000
 	STATX_ATTR_NODUMP                           = 0x40
 	STATX_ATTR_VERITY                           = 0x100000
+	STATX_ATTR_WRITE_ATOMIC                     = 0x400000
 	STATX_BASIC_STATS                           = 0x7ff
 	STATX_BLOCKS                                = 0x400
 	STATX_BTIME                                 = 0x800
@@ -3080,12 +3274,15 @@ const (
 	STATX_GID                                   = 0x10
 	STATX_INO                                   = 0x100
 	STATX_MNT_ID                                = 0x1000
+	STATX_MNT_ID_UNIQUE                         = 0x4000
 	STATX_MODE                                  = 0x2
 	STATX_MTIME                                 = 0x40
 	STATX_NLINK                                 = 0x4
 	STATX_SIZE                                  = 0x200
+	STATX_SUBVOL                                = 0x8000
 	STATX_TYPE                                  = 0x1
 	STATX_UID                                   = 0x8
+	STATX_WRITE_ATOMIC                          = 0x10000
 	STATX__RESERVED                             = 0x80000000
 	SYNC_FILE_RANGE_WAIT_AFTER                  = 0x4
 	SYNC_FILE_RANGE_WAIT_BEFORE                 = 0x1
@@ -3167,6 +3364,7 @@ const (
 	TCP_MAX_WINSHIFT                            = 0xe
 	TCP_MD5SIG                                  = 0xe
 	TCP_MD5SIG_EXT                              = 0x20
+	TCP_MD5SIG_FLAG_IFINDEX                     = 0x2
 	TCP_MD5SIG_FLAG_PREFIX                      = 0x1
 	TCP_MD5SIG_MAXKEYLEN                        = 0x50
 	TCP_MSS                                     = 0x200
@@ -3474,12 +3672,17 @@ const (
 	XDP_RX_RING                                 = 0x2
 	XDP_SHARED_UMEM                             = 0x1
 	XDP_STATISTICS                              = 0x7
+	XDP_TXMD_FLAGS_CHECKSUM                     = 0x2
+	XDP_TXMD_FLAGS_TIMESTAMP                    = 0x1
+	XDP_TX_METADATA                             = 0x2
 	XDP_TX_RING                                 = 0x3
 	XDP_UMEM_COMPLETION_RING                    = 0x6
 	XDP_UMEM_FILL_RING                          = 0x5
 	XDP_UMEM_PGOFF_COMPLETION_RING              = 0x180000000
 	XDP_UMEM_PGOFF_FILL_RING                    = 0x100000000
 	XDP_UMEM_REG                                = 0x4
+	XDP_UMEM_TX_METADATA_LEN                    = 0x4
+	XDP_UMEM_TX_SW_CSUM                         = 0x2
 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
 	XDP_USE_NEED_WAKEUP                         = 0x8
 	XDP_USE_SG                                  = 0x10
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 4920821c..75207613 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x80088a02
+	EPIOCSPARAMS                     = 0x40088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -107,17 +109,21 @@ const (
 	HIDIOCGRAWINFO                   = 0x80084803
 	HIDIOCGRDESC                     = 0x90044802
 	HIDIOCGRDESCSIZE                 = 0x80044801
+	HIDIOCREVOKE                     = 0x4004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x8000
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	MAP_32BIT                        = 0x40
+	MAP_ABOVE4G                      = 0x80
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
 	MAP_DENYWRITE                    = 0x800
@@ -150,9 +156,14 @@ const (
 	NFDBITS                          = 0x20
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -229,6 +240,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTP_CLOCK_GETCAPS                = 0x80503d01
+	PTP_CLOCK_GETCAPS2               = 0x80503d0a
+	PTP_ENABLE_PPS                   = 0x40043d04
+	PTP_ENABLE_PPS2                  = 0x40043d0d
+	PTP_EXTTS_REQUEST                = 0x40103d02
+	PTP_EXTTS_REQUEST2               = 0x40103d0b
+	PTP_MASK_CLEAR_ALL               = 0x3d13
+	PTP_MASK_EN_SINGLE               = 0x40043d14
+	PTP_PEROUT_REQUEST               = 0x40383d03
+	PTP_PEROUT_REQUEST2              = 0x40383d0c
+	PTP_PIN_SETFUNC                  = 0x40603d07
+	PTP_PIN_SETFUNC2                 = 0x40603d10
+	PTP_SYS_OFFSET                   = 0x43403d05
+	PTP_SYS_OFFSET2                  = 0x43403d0e
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GETFPXREGS                = 0x12
 	PTRACE_GET_THREAD_AREA           = 0x19
@@ -275,12 +300,18 @@ const (
 	RTC_WIE_ON                       = 0x700f
 	RTC_WKALM_RD                     = 0x80287010
 	RTC_WKALM_SET                    = 0x4028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -310,6 +341,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index a0c1e411..c68acda5 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x80088a02
+	EPIOCSPARAMS                     = 0x40088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -107,17 +109,21 @@ const (
 	HIDIOCGRAWINFO                   = 0x80084803
 	HIDIOCGRDESC                     = 0x90044802
 	HIDIOCGRDESCSIZE                 = 0x80044801
+	HIDIOCREVOKE                     = 0x4004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x8000
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	MAP_32BIT                        = 0x40
+	MAP_ABOVE4G                      = 0x80
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
 	MAP_DENYWRITE                    = 0x800
@@ -150,9 +156,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -229,6 +240,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x80503d01
+	PTP_CLOCK_GETCAPS2               = 0x80503d0a
+	PTP_ENABLE_PPS                   = 0x40043d04
+	PTP_ENABLE_PPS2                  = 0x40043d0d
+	PTP_EXTTS_REQUEST                = 0x40103d02
+	PTP_EXTTS_REQUEST2               = 0x40103d0b
+	PTP_MASK_CLEAR_ALL               = 0x3d13
+	PTP_MASK_EN_SINGLE               = 0x40043d14
+	PTP_PEROUT_REQUEST               = 0x40383d03
+	PTP_PEROUT_REQUEST2              = 0x40383d0c
+	PTP_PIN_SETFUNC                  = 0x40603d07
+	PTP_PIN_SETFUNC2                 = 0x40603d10
+	PTP_SYS_OFFSET                   = 0x43403d05
+	PTP_SYS_OFFSET2                  = 0x43403d0e
 	PTRACE_ARCH_PRCTL                = 0x1e
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GETFPXREGS                = 0x12
@@ -276,12 +301,18 @@ const (
 	RTC_WIE_ON                       = 0x700f
 	RTC_WKALM_RD                     = 0x80287010
 	RTC_WKALM_SET                    = 0x4028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -311,6 +342,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index c6398556..a8c607ab 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x80088a02
+	EPIOCSPARAMS                     = 0x40088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x80084803
 	HIDIOCGRDESC                     = 0x90044802
 	HIDIOCGRDESCSIZE                 = 0x80044801
+	HIDIOCREVOKE                     = 0x4004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x8000
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -148,9 +153,14 @@ const (
 	NFDBITS                          = 0x20
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -227,6 +237,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTP_CLOCK_GETCAPS                = 0x80503d01
+	PTP_CLOCK_GETCAPS2               = 0x80503d0a
+	PTP_ENABLE_PPS                   = 0x40043d04
+	PTP_ENABLE_PPS2                  = 0x40043d0d
+	PTP_EXTTS_REQUEST                = 0x40103d02
+	PTP_EXTTS_REQUEST2               = 0x40103d0b
+	PTP_MASK_CLEAR_ALL               = 0x3d13
+	PTP_MASK_EN_SINGLE               = 0x40043d14
+	PTP_PEROUT_REQUEST               = 0x40383d03
+	PTP_PEROUT_REQUEST2              = 0x40383d0c
+	PTP_PIN_SETFUNC                  = 0x40603d07
+	PTP_PIN_SETFUNC2                 = 0x40603d10
+	PTP_SYS_OFFSET                   = 0x43403d05
+	PTP_SYS_OFFSET2                  = 0x43403d0e
 	PTRACE_GETCRUNCHREGS             = 0x19
 	PTRACE_GETFDPIC                  = 0x1f
 	PTRACE_GETFDPIC_EXEC             = 0x0
@@ -282,12 +306,18 @@ const (
 	RTC_WIE_ON                       = 0x700f
 	RTC_WKALM_RD                     = 0x80287010
 	RTC_WKALM_SET                    = 0x4028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -317,6 +347,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 47cc62e2..18563dd8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x80088a02
+	EPIOCSPARAMS                     = 0x40088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	ESR_MAGIC                        = 0x45535201
 	EXTPROC                          = 0x10000
@@ -87,6 +89,7 @@ const (
 	FICLONE                          = 0x40049409
 	FICLONERANGE                     = 0x4020940d
 	FLUSHO                           = 0x1000
+	FPMR_MAGIC                       = 0x46504d52
 	FPSIMD_MAGIC                     = 0x46508001
 	FS_IOC_ENABLE_VERITY             = 0x40806685
 	FS_IOC_GETFLAGS                  = 0x80086601
@@ -106,15 +109,19 @@ const (
 	F_SETOWN                         = 0x8
 	F_UNLCK                          = 0x2
 	F_WRLCK                          = 0x1
+	GCS_MAGIC                        = 0x47435300
 	HIDIOCGRAWINFO                   = 0x80084803
 	HIDIOCGRDESC                     = 0x90044802
 	HIDIOCGRDESCSIZE                 = 0x80044801
+	HIDIOCREVOKE                     = 0x4004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x8000
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -151,9 +158,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -197,6 +209,7 @@ const (
 	PERF_EVENT_IOC_SET_BPF           = 0x40042408
 	PERF_EVENT_IOC_SET_FILTER        = 0x40082406
 	PERF_EVENT_IOC_SET_OUTPUT        = 0x2405
+	POE_MAGIC                        = 0x504f4530
 	PPPIOCATTACH                     = 0x4004743d
 	PPPIOCATTCHAN                    = 0x40047438
 	PPPIOCBRIDGECHAN                 = 0x40047435
@@ -232,6 +245,20 @@ const (
 	PROT_BTI                         = 0x10
 	PROT_MTE                         = 0x20
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x80503d01
+	PTP_CLOCK_GETCAPS2               = 0x80503d0a
+	PTP_ENABLE_PPS                   = 0x40043d04
+	PTP_ENABLE_PPS2                  = 0x40043d0d
+	PTP_EXTTS_REQUEST                = 0x40103d02
+	PTP_EXTTS_REQUEST2               = 0x40103d0b
+	PTP_MASK_CLEAR_ALL               = 0x3d13
+	PTP_MASK_EN_SINGLE               = 0x40043d14
+	PTP_PEROUT_REQUEST               = 0x40383d03
+	PTP_PEROUT_REQUEST2              = 0x40383d0c
+	PTP_PIN_SETFUNC                  = 0x40603d07
+	PTP_PIN_SETFUNC2                 = 0x40603d10
+	PTP_SYS_OFFSET                   = 0x43403d05
+	PTP_SYS_OFFSET2                  = 0x43403d0e
 	PTRACE_PEEKMTETAGS               = 0x21
 	PTRACE_POKEMTETAGS               = 0x22
 	PTRACE_SYSEMU                    = 0x1f
@@ -272,12 +299,18 @@ const (
 	RTC_WIE_ON                       = 0x700f
 	RTC_WKALM_RD                     = 0x80287010
 	RTC_WKALM_SET                    = 0x4028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -307,6 +340,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index 27ac4a09..22912cda 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x80088a02
+	EPIOCSPARAMS                     = 0x40088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -107,12 +109,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x80084803
 	HIDIOCGRDESC                     = 0x90044802
 	HIDIOCGRDESCSIZE                 = 0x80044801
+	HIDIOCREVOKE                     = 0x4004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x8000
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -152,9 +157,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -231,6 +241,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x80503d01
+	PTP_CLOCK_GETCAPS2               = 0x80503d0a
+	PTP_ENABLE_PPS                   = 0x40043d04
+	PTP_ENABLE_PPS2                  = 0x40043d0d
+	PTP_EXTTS_REQUEST                = 0x40103d02
+	PTP_EXTTS_REQUEST2               = 0x40103d0b
+	PTP_MASK_CLEAR_ALL               = 0x3d13
+	PTP_MASK_EN_SINGLE               = 0x40043d14
+	PTP_PEROUT_REQUEST               = 0x40383d03
+	PTP_PEROUT_REQUEST2              = 0x40383d0c
+	PTP_PIN_SETFUNC                  = 0x40603d07
+	PTP_PIN_SETFUNC2                 = 0x40603d10
+	PTP_SYS_OFFSET                   = 0x43403d05
+	PTP_SYS_OFFSET2                  = 0x43403d0e
 	PTRACE_SYSEMU                    = 0x1f
 	PTRACE_SYSEMU_SINGLESTEP         = 0x20
 	RLIMIT_AS                        = 0x9
@@ -269,12 +293,18 @@ const (
 	RTC_WIE_ON                       = 0x700f
 	RTC_WKALM_RD                     = 0x80287010
 	RTC_WKALM_SET                    = 0x4028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -304,6 +334,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 54694642..29344eb3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x80
+	EPIOCGPARAMS                     = 0x40088a02
+	EPIOCSPARAMS                     = 0x80088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x40084803
 	HIDIOCGRDESC                     = 0x50044802
 	HIDIOCGRDESCSIZE                 = 0x40044801
+	HIDIOCREVOKE                     = 0x8004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x100
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x80
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	IPV6_FLOWINFO_MASK               = 0xfffffff
+	IPV6_FLOWLABEL_MASK              = 0xfffff
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -148,9 +153,14 @@ const (
 	NFDBITS                          = 0x20
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -227,6 +237,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x20007434
 	PPPIOCXFERUNIT                   = 0x2000744e
 	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTP_CLOCK_GETCAPS                = 0x40503d01
+	PTP_CLOCK_GETCAPS2               = 0x40503d0a
+	PTP_ENABLE_PPS                   = 0x80043d04
+	PTP_ENABLE_PPS2                  = 0x80043d0d
+	PTP_EXTTS_REQUEST                = 0x80103d02
+	PTP_EXTTS_REQUEST2               = 0x80103d0b
+	PTP_MASK_CLEAR_ALL               = 0x20003d13
+	PTP_MASK_EN_SINGLE               = 0x80043d14
+	PTP_PEROUT_REQUEST               = 0x80383d03
+	PTP_PEROUT_REQUEST2              = 0x80383d0c
+	PTP_PIN_SETFUNC                  = 0x80603d07
+	PTP_PIN_SETFUNC2                 = 0x80603d10
+	PTP_SYS_OFFSET                   = 0x83403d05
+	PTP_SYS_OFFSET2                  = 0x83403d0e
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GET_THREAD_AREA           = 0x19
 	PTRACE_GET_THREAD_AREA_3264      = 0xc4
@@ -275,12 +299,18 @@ const (
 	RTC_WIE_ON                       = 0x2000700f
 	RTC_WKALM_RD                     = 0x40287010
 	RTC_WKALM_SET                    = 0x8028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x80
 	SIOCATMARK                       = 0x40047307
@@ -310,6 +340,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x1029
 	SO_DONTROUTE                     = 0x10
 	SO_ERROR                         = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index 3adb81d7..20d51fb9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x80
+	EPIOCGPARAMS                     = 0x40088a02
+	EPIOCSPARAMS                     = 0x80088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x40084803
 	HIDIOCGRDESC                     = 0x50044802
 	HIDIOCGRDESCSIZE                 = 0x40044801
+	HIDIOCREVOKE                     = 0x8004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x100
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x80
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	IPV6_FLOWINFO_MASK               = 0xfffffff
+	IPV6_FLOWLABEL_MASK              = 0xfffff
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -148,9 +153,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -227,6 +237,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x20007434
 	PPPIOCXFERUNIT                   = 0x2000744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x40503d01
+	PTP_CLOCK_GETCAPS2               = 0x40503d0a
+	PTP_ENABLE_PPS                   = 0x80043d04
+	PTP_ENABLE_PPS2                  = 0x80043d0d
+	PTP_EXTTS_REQUEST                = 0x80103d02
+	PTP_EXTTS_REQUEST2               = 0x80103d0b
+	PTP_MASK_CLEAR_ALL               = 0x20003d13
+	PTP_MASK_EN_SINGLE               = 0x80043d14
+	PTP_PEROUT_REQUEST               = 0x80383d03
+	PTP_PEROUT_REQUEST2              = 0x80383d0c
+	PTP_PIN_SETFUNC                  = 0x80603d07
+	PTP_PIN_SETFUNC2                 = 0x80603d10
+	PTP_SYS_OFFSET                   = 0x83403d05
+	PTP_SYS_OFFSET2                  = 0x83403d0e
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GET_THREAD_AREA           = 0x19
 	PTRACE_GET_THREAD_AREA_3264      = 0xc4
@@ -275,12 +299,18 @@ const (
 	RTC_WIE_ON                       = 0x2000700f
 	RTC_WKALM_RD                     = 0x40287010
 	RTC_WKALM_SET                    = 0x8028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x80
 	SIOCATMARK                       = 0x40047307
@@ -310,6 +340,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x1029
 	SO_DONTROUTE                     = 0x10
 	SO_ERROR                         = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 2dfe98f0..321b6090 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x80
+	EPIOCGPARAMS                     = 0x40088a02
+	EPIOCSPARAMS                     = 0x80088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x40084803
 	HIDIOCGRDESC                     = 0x50044802
 	HIDIOCGRDESCSIZE                 = 0x40044801
+	HIDIOCREVOKE                     = 0x8004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x100
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x80
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -148,9 +153,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -227,6 +237,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x20007434
 	PPPIOCXFERUNIT                   = 0x2000744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x40503d01
+	PTP_CLOCK_GETCAPS2               = 0x40503d0a
+	PTP_ENABLE_PPS                   = 0x80043d04
+	PTP_ENABLE_PPS2                  = 0x80043d0d
+	PTP_EXTTS_REQUEST                = 0x80103d02
+	PTP_EXTTS_REQUEST2               = 0x80103d0b
+	PTP_MASK_CLEAR_ALL               = 0x20003d13
+	PTP_MASK_EN_SINGLE               = 0x80043d14
+	PTP_PEROUT_REQUEST               = 0x80383d03
+	PTP_PEROUT_REQUEST2              = 0x80383d0c
+	PTP_PIN_SETFUNC                  = 0x80603d07
+	PTP_PIN_SETFUNC2                 = 0x80603d10
+	PTP_SYS_OFFSET                   = 0x83403d05
+	PTP_SYS_OFFSET2                  = 0x83403d0e
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GET_THREAD_AREA           = 0x19
 	PTRACE_GET_THREAD_AREA_3264      = 0xc4
@@ -275,12 +299,18 @@ const (
 	RTC_WIE_ON                       = 0x2000700f
 	RTC_WKALM_RD                     = 0x40287010
 	RTC_WKALM_SET                    = 0x8028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x80
 	SIOCATMARK                       = 0x40047307
@@ -310,6 +340,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x1029
 	SO_DONTROUTE                     = 0x10
 	SO_ERROR                         = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index f5398f84..9bacdf1e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x80
+	EPIOCGPARAMS                     = 0x40088a02
+	EPIOCSPARAMS                     = 0x80088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x40084803
 	HIDIOCGRDESC                     = 0x50044802
 	HIDIOCGRDESCSIZE                 = 0x40044801
+	HIDIOCREVOKE                     = 0x8004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x100
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x80
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -148,9 +153,14 @@ const (
 	NFDBITS                          = 0x20
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -227,6 +237,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x20007434
 	PPPIOCXFERUNIT                   = 0x2000744e
 	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTP_CLOCK_GETCAPS                = 0x40503d01
+	PTP_CLOCK_GETCAPS2               = 0x40503d0a
+	PTP_ENABLE_PPS                   = 0x80043d04
+	PTP_ENABLE_PPS2                  = 0x80043d0d
+	PTP_EXTTS_REQUEST                = 0x80103d02
+	PTP_EXTTS_REQUEST2               = 0x80103d0b
+	PTP_MASK_CLEAR_ALL               = 0x20003d13
+	PTP_MASK_EN_SINGLE               = 0x80043d14
+	PTP_PEROUT_REQUEST               = 0x80383d03
+	PTP_PEROUT_REQUEST2              = 0x80383d0c
+	PTP_PIN_SETFUNC                  = 0x80603d07
+	PTP_PIN_SETFUNC2                 = 0x80603d10
+	PTP_SYS_OFFSET                   = 0x83403d05
+	PTP_SYS_OFFSET2                  = 0x83403d0e
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GET_THREAD_AREA           = 0x19
 	PTRACE_GET_THREAD_AREA_3264      = 0xc4
@@ -275,12 +299,18 @@ const (
 	RTC_WIE_ON                       = 0x2000700f
 	RTC_WKALM_RD                     = 0x40287010
 	RTC_WKALM_SET                    = 0x8028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x80
 	SIOCATMARK                       = 0x40047307
@@ -310,6 +340,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x1029
 	SO_DONTROUTE                     = 0x10
 	SO_ERROR                         = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index c54f152d..c2242726 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x20
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x40088a02
+	EPIOCSPARAMS                     = 0x80088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000000
 	FF1                              = 0x4000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x40084803
 	HIDIOCGRDESC                     = 0x50044802
 	HIDIOCGRDESCSIZE                 = 0x40044801
+	HIDIOCREVOKE                     = 0x8004480d
 	HUPCL                            = 0x4000
 	ICANON                           = 0x100
 	IEXTEN                           = 0x400
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	IPV6_FLOWINFO_MASK               = 0xfffffff
+	IPV6_FLOWLABEL_MASK              = 0xfffff
 	ISIG                             = 0x80
 	IUCLC                            = 0x1000
 	IXOFF                            = 0x400
@@ -150,9 +155,14 @@ const (
 	NL3                              = 0x300
 	NLDLY                            = 0x300
 	NOFLSH                           = 0x80000000
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x4
 	ONLCR                            = 0x2
@@ -230,6 +240,20 @@ const (
 	PPPIOCXFERUNIT                   = 0x2000744e
 	PROT_SAO                         = 0x10
 	PR_SET_PTRACER_ANY               = 0xffffffff
+	PTP_CLOCK_GETCAPS                = 0x40503d01
+	PTP_CLOCK_GETCAPS2               = 0x40503d0a
+	PTP_ENABLE_PPS                   = 0x80043d04
+	PTP_ENABLE_PPS2                  = 0x80043d0d
+	PTP_EXTTS_REQUEST                = 0x80103d02
+	PTP_EXTTS_REQUEST2               = 0x80103d0b
+	PTP_MASK_CLEAR_ALL               = 0x20003d13
+	PTP_MASK_EN_SINGLE               = 0x80043d14
+	PTP_PEROUT_REQUEST               = 0x80383d03
+	PTP_PEROUT_REQUEST2              = 0x80383d0c
+	PTP_PIN_SETFUNC                  = 0x80603d07
+	PTP_PIN_SETFUNC2                 = 0x80603d10
+	PTP_SYS_OFFSET                   = 0x83403d05
+	PTP_SYS_OFFSET2                  = 0x83403d0e
 	PTRACE_GETEVRREGS                = 0x14
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GETREGS64                 = 0x16
@@ -330,12 +354,18 @@ const (
 	RTC_WIE_ON                       = 0x2000700f
 	RTC_WKALM_RD                     = 0x40287010
 	RTC_WKALM_SET                    = 0x8028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -365,6 +395,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 76057dc7..6270c8ee 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x20
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x40088a02
+	EPIOCSPARAMS                     = 0x80088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000000
 	FF1                              = 0x4000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x40084803
 	HIDIOCGRDESC                     = 0x50044802
 	HIDIOCGRDESCSIZE                 = 0x40044801
+	HIDIOCREVOKE                     = 0x8004480d
 	HUPCL                            = 0x4000
 	ICANON                           = 0x100
 	IEXTEN                           = 0x400
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	IPV6_FLOWINFO_MASK               = 0xfffffff
+	IPV6_FLOWLABEL_MASK              = 0xfffff
 	ISIG                             = 0x80
 	IUCLC                            = 0x1000
 	IXOFF                            = 0x400
@@ -150,9 +155,14 @@ const (
 	NL3                              = 0x300
 	NLDLY                            = 0x300
 	NOFLSH                           = 0x80000000
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x4
 	ONLCR                            = 0x2
@@ -230,6 +240,20 @@ const (
 	PPPIOCXFERUNIT                   = 0x2000744e
 	PROT_SAO                         = 0x10
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x40503d01
+	PTP_CLOCK_GETCAPS2               = 0x40503d0a
+	PTP_ENABLE_PPS                   = 0x80043d04
+	PTP_ENABLE_PPS2                  = 0x80043d0d
+	PTP_EXTTS_REQUEST                = 0x80103d02
+	PTP_EXTTS_REQUEST2               = 0x80103d0b
+	PTP_MASK_CLEAR_ALL               = 0x20003d13
+	PTP_MASK_EN_SINGLE               = 0x80043d14
+	PTP_PEROUT_REQUEST               = 0x80383d03
+	PTP_PEROUT_REQUEST2              = 0x80383d0c
+	PTP_PIN_SETFUNC                  = 0x80603d07
+	PTP_PIN_SETFUNC2                 = 0x80603d10
+	PTP_SYS_OFFSET                   = 0x83403d05
+	PTP_SYS_OFFSET2                  = 0x83403d0e
 	PTRACE_GETEVRREGS                = 0x14
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GETREGS64                 = 0x16
@@ -334,12 +358,18 @@ const (
 	RTC_WIE_ON                       = 0x2000700f
 	RTC_WKALM_RD                     = 0x40287010
 	RTC_WKALM_SET                    = 0x8028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -369,6 +399,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index e0c3725e..9966c194 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x20
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x40088a02
+	EPIOCSPARAMS                     = 0x80088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000000
 	FF1                              = 0x4000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x40084803
 	HIDIOCGRDESC                     = 0x50044802
 	HIDIOCGRDESCSIZE                 = 0x40044801
+	HIDIOCREVOKE                     = 0x8004480d
 	HUPCL                            = 0x4000
 	ICANON                           = 0x100
 	IEXTEN                           = 0x400
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x80
 	IUCLC                            = 0x1000
 	IXOFF                            = 0x400
@@ -150,9 +155,14 @@ const (
 	NL3                              = 0x300
 	NLDLY                            = 0x300
 	NOFLSH                           = 0x80000000
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x4
 	ONLCR                            = 0x2
@@ -230,6 +240,20 @@ const (
 	PPPIOCXFERUNIT                   = 0x2000744e
 	PROT_SAO                         = 0x10
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x40503d01
+	PTP_CLOCK_GETCAPS2               = 0x40503d0a
+	PTP_ENABLE_PPS                   = 0x80043d04
+	PTP_ENABLE_PPS2                  = 0x80043d0d
+	PTP_EXTTS_REQUEST                = 0x80103d02
+	PTP_EXTTS_REQUEST2               = 0x80103d0b
+	PTP_MASK_CLEAR_ALL               = 0x20003d13
+	PTP_MASK_EN_SINGLE               = 0x80043d14
+	PTP_PEROUT_REQUEST               = 0x80383d03
+	PTP_PEROUT_REQUEST2              = 0x80383d0c
+	PTP_PIN_SETFUNC                  = 0x80603d07
+	PTP_PIN_SETFUNC2                 = 0x80603d10
+	PTP_SYS_OFFSET                   = 0x83403d05
+	PTP_SYS_OFFSET2                  = 0x83403d0e
 	PTRACE_GETEVRREGS                = 0x14
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GETREGS64                 = 0x16
@@ -334,12 +358,18 @@ const (
 	RTC_WIE_ON                       = 0x2000700f
 	RTC_WKALM_RD                     = 0x40287010
 	RTC_WKALM_SET                    = 0x8028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -369,6 +399,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 18f2813e..848e5fcc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x80088a02
+	EPIOCSPARAMS                     = 0x40088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x80084803
 	HIDIOCGRDESC                     = 0x90044802
 	HIDIOCGRDESCSIZE                 = 0x80044801
+	HIDIOCREVOKE                     = 0x4004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x8000
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	IPV6_FLOWINFO_MASK               = 0xffffff0f
+	IPV6_FLOWLABEL_MASK              = 0xffff0f00
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -148,9 +153,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -227,6 +237,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x80503d01
+	PTP_CLOCK_GETCAPS2               = 0x80503d0a
+	PTP_ENABLE_PPS                   = 0x40043d04
+	PTP_ENABLE_PPS2                  = 0x40043d0d
+	PTP_EXTTS_REQUEST                = 0x40103d02
+	PTP_EXTTS_REQUEST2               = 0x40103d0b
+	PTP_MASK_CLEAR_ALL               = 0x3d13
+	PTP_MASK_EN_SINGLE               = 0x40043d14
+	PTP_PEROUT_REQUEST               = 0x40383d03
+	PTP_PEROUT_REQUEST2              = 0x40383d0c
+	PTP_PIN_SETFUNC                  = 0x40603d07
+	PTP_PIN_SETFUNC2                 = 0x40603d10
+	PTP_SYS_OFFSET                   = 0x43403d05
+	PTP_SYS_OFFSET2                  = 0x43403d0e
 	PTRACE_GETFDPIC                  = 0x21
 	PTRACE_GETFDPIC_EXEC             = 0x0
 	PTRACE_GETFDPIC_INTERP           = 0x1
@@ -266,12 +290,18 @@ const (
 	RTC_WIE_ON                       = 0x700f
 	RTC_WKALM_RD                     = 0x80287010
 	RTC_WKALM_SET                    = 0x4028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -301,6 +331,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 11619d4e..669b2adb 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -78,6 +78,8 @@ const (
 	ECHOPRT                          = 0x400
 	EFD_CLOEXEC                      = 0x80000
 	EFD_NONBLOCK                     = 0x800
+	EPIOCGPARAMS                     = 0x80088a02
+	EPIOCSPARAMS                     = 0x40088a01
 	EPOLL_CLOEXEC                    = 0x80000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -106,12 +108,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x80084803
 	HIDIOCGRDESC                     = 0x90044802
 	HIDIOCGRDESCSIZE                 = 0x80044801
+	HIDIOCREVOKE                     = 0x4004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x8000
 	IN_CLOEXEC                       = 0x80000
 	IN_NONBLOCK                      = 0x800
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x7b9
+	IPV6_FLOWINFO_MASK               = 0xfffffff
+	IPV6_FLOWLABEL_MASK              = 0xfffff
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -148,9 +153,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x8008b705
 	NS_GET_NSTYPE                    = 0xb703
 	NS_GET_OWNER_UID                 = 0xb704
 	NS_GET_PARENT                    = 0xb702
+	NS_GET_PID_FROM_PIDNS            = 0x8004b706
+	NS_GET_PID_IN_PIDNS              = 0x8004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x8004b707
+	NS_GET_TGID_IN_PIDNS             = 0x8004b709
 	NS_GET_USERNS                    = 0xb701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -227,6 +237,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x80503d01
+	PTP_CLOCK_GETCAPS2               = 0x80503d0a
+	PTP_ENABLE_PPS                   = 0x40043d04
+	PTP_ENABLE_PPS2                  = 0x40043d0d
+	PTP_EXTTS_REQUEST                = 0x40103d02
+	PTP_EXTTS_REQUEST2               = 0x40103d0b
+	PTP_MASK_CLEAR_ALL               = 0x3d13
+	PTP_MASK_EN_SINGLE               = 0x40043d14
+	PTP_PEROUT_REQUEST               = 0x40383d03
+	PTP_PEROUT_REQUEST2              = 0x40383d0c
+	PTP_PIN_SETFUNC                  = 0x40603d07
+	PTP_PIN_SETFUNC2                 = 0x40603d10
+	PTP_SYS_OFFSET                   = 0x43403d05
+	PTP_SYS_OFFSET2                  = 0x43403d0e
 	PTRACE_DISABLE_TE                = 0x5010
 	PTRACE_ENABLE_TE                 = 0x5009
 	PTRACE_GET_LAST_BREAK            = 0x5006
@@ -338,12 +362,18 @@ const (
 	RTC_WIE_ON                       = 0x700f
 	RTC_WKALM_RD                     = 0x80287010
 	RTC_WKALM_SET                    = 0x4028700f
+	SCM_DEVMEM_DMABUF                = 0x4f
+	SCM_DEVMEM_LINEAR                = 0x4e
 	SCM_TIMESTAMPING                 = 0x25
 	SCM_TIMESTAMPING_OPT_STATS       = 0x36
 	SCM_TIMESTAMPING_PKTINFO         = 0x3a
 	SCM_TIMESTAMPNS                  = 0x23
+	SCM_TS_OPT_ID                    = 0x51
 	SCM_TXTIME                       = 0x3d
 	SCM_WIFI_STATUS                  = 0x29
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x40182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x40082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x40082104
 	SFD_CLOEXEC                      = 0x80000
 	SFD_NONBLOCK                     = 0x800
 	SIOCATMARK                       = 0x8905
@@ -373,6 +403,9 @@ const (
 	SO_CNX_ADVICE                    = 0x35
 	SO_COOKIE                        = 0x39
 	SO_DETACH_REUSEPORT_BPF          = 0x44
+	SO_DEVMEM_DMABUF                 = 0x4f
+	SO_DEVMEM_DONTNEED               = 0x50
+	SO_DEVMEM_LINEAR                 = 0x4e
 	SO_DOMAIN                        = 0x27
 	SO_DONTROUTE                     = 0x5
 	SO_ERROR                         = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 396d994d..4834e575 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -82,6 +82,8 @@ const (
 	EFD_CLOEXEC                      = 0x400000
 	EFD_NONBLOCK                     = 0x4000
 	EMT_TAGOVF                       = 0x1
+	EPIOCGPARAMS                     = 0x40088a02
+	EPIOCSPARAMS                     = 0x80088a01
 	EPOLL_CLOEXEC                    = 0x400000
 	EXTPROC                          = 0x10000
 	FF1                              = 0x8000
@@ -110,12 +112,15 @@ const (
 	HIDIOCGRAWINFO                   = 0x40084803
 	HIDIOCGRDESC                     = 0x50044802
 	HIDIOCGRDESCSIZE                 = 0x40044801
+	HIDIOCREVOKE                     = 0x8004480d
 	HUPCL                            = 0x400
 	ICANON                           = 0x2
 	IEXTEN                           = 0x8000
 	IN_CLOEXEC                       = 0x400000
 	IN_NONBLOCK                      = 0x4000
 	IOCTL_VM_SOCKETS_GET_LOCAL_CID   = 0x200007b9
+	IPV6_FLOWINFO_MASK               = 0xfffffff
+	IPV6_FLOWLABEL_MASK              = 0xfffff
 	ISIG                             = 0x1
 	IUCLC                            = 0x200
 	IXOFF                            = 0x1000
@@ -153,9 +158,14 @@ const (
 	NFDBITS                          = 0x40
 	NLDLY                            = 0x100
 	NOFLSH                           = 0x80
+	NS_GET_MNTNS_ID                  = 0x4008b705
 	NS_GET_NSTYPE                    = 0x2000b703
 	NS_GET_OWNER_UID                 = 0x2000b704
 	NS_GET_PARENT                    = 0x2000b702
+	NS_GET_PID_FROM_PIDNS            = 0x4004b706
+	NS_GET_PID_IN_PIDNS              = 0x4004b708
+	NS_GET_TGID_FROM_PIDNS           = 0x4004b707
+	NS_GET_TGID_IN_PIDNS             = 0x4004b709
 	NS_GET_USERNS                    = 0x2000b701
 	OLCUC                            = 0x2
 	ONLCR                            = 0x4
@@ -232,6 +242,20 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x20007434
 	PPPIOCXFERUNIT                   = 0x2000744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTP_CLOCK_GETCAPS                = 0x40503d01
+	PTP_CLOCK_GETCAPS2               = 0x40503d0a
+	PTP_ENABLE_PPS                   = 0x80043d04
+	PTP_ENABLE_PPS2                  = 0x80043d0d
+	PTP_EXTTS_REQUEST                = 0x80103d02
+	PTP_EXTTS_REQUEST2               = 0x80103d0b
+	PTP_MASK_CLEAR_ALL               = 0x20003d13
+	PTP_MASK_EN_SINGLE               = 0x80043d14
+	PTP_PEROUT_REQUEST               = 0x80383d03
+	PTP_PEROUT_REQUEST2              = 0x80383d0c
+	PTP_PIN_SETFUNC                  = 0x80603d07
+	PTP_PIN_SETFUNC2                 = 0x80603d10
+	PTP_SYS_OFFSET                   = 0x83403d05
+	PTP_SYS_OFFSET2                  = 0x83403d0e
 	PTRACE_GETFPAREGS                = 0x14
 	PTRACE_GETFPREGS                 = 0xe
 	PTRACE_GETFPREGS64               = 0x19
@@ -329,12 +353,18 @@ const (
 	RTC_WIE_ON                       = 0x2000700f
 	RTC_WKALM_RD                     = 0x40287010
 	RTC_WKALM_SET                    = 0x8028700f
+	SCM_DEVMEM_DMABUF                = 0x58
+	SCM_DEVMEM_LINEAR                = 0x57
 	SCM_TIMESTAMPING                 = 0x23
 	SCM_TIMESTAMPING_OPT_STATS       = 0x38
 	SCM_TIMESTAMPING_PKTINFO         = 0x3c
 	SCM_TIMESTAMPNS                  = 0x21
+	SCM_TS_OPT_ID                    = 0x5a
 	SCM_TXTIME                       = 0x3f
 	SCM_WIFI_STATUS                  = 0x25
+	SECCOMP_IOCTL_NOTIF_ADDFD        = 0x80182103
+	SECCOMP_IOCTL_NOTIF_ID_VALID     = 0x80082102
+	SECCOMP_IOCTL_NOTIF_SET_FLAGS    = 0x80082104
 	SFD_CLOEXEC                      = 0x400000
 	SFD_NONBLOCK                     = 0x4000
 	SF_FP                            = 0x38
@@ -412,6 +442,9 @@ const (
 	SO_CNX_ADVICE                    = 0x37
 	SO_COOKIE                        = 0x3b
 	SO_DETACH_REUSEPORT_BPF          = 0x47
+	SO_DEVMEM_DMABUF                 = 0x58
+	SO_DEVMEM_DONTNEED               = 0x59
+	SO_DEVMEM_LINEAR                 = 0x57
 	SO_DOMAIN                        = 0x1029
 	SO_DONTROUTE                     = 0x10
 	SO_ERROR                         = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index 4dfd2e05..1ec2b140 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -10,41 +10,99 @@
 package unix
 
 const (
-	BRKINT                          = 0x0001
-	CLOCK_MONOTONIC                 = 0x1
-	CLOCK_PROCESS_CPUTIME_ID        = 0x2
-	CLOCK_REALTIME                  = 0x0
-	CLOCK_THREAD_CPUTIME_ID         = 0x3
-	CS8                             = 0x0030
-	CSIZE                           = 0x0030
-	ECHO                            = 0x00000008
-	ECHONL                          = 0x00000001
-	FD_CLOEXEC                      = 0x01
-	FD_CLOFORK                      = 0x02
-	FNDELAY                         = 0x04
-	F_CLOSFD                        = 9
-	F_CONTROL_CVT                   = 13
-	F_DUPFD                         = 0
-	F_DUPFD2                        = 8
-	F_GETFD                         = 1
-	F_GETFL                         = 259
-	F_GETLK                         = 5
-	F_GETOWN                        = 10
-	F_OK                            = 0x0
-	F_RDLCK                         = 1
-	F_SETFD                         = 2
-	F_SETFL                         = 4
-	F_SETLK                         = 6
-	F_SETLKW                        = 7
-	F_SETOWN                        = 11
-	F_SETTAG                        = 12
-	F_UNLCK                         = 3
-	F_WRLCK                         = 2
-	FSTYPE_ZFS                      = 0xe9 //"Z"
-	FSTYPE_HFS                      = 0xc8 //"H"
-	FSTYPE_NFS                      = 0xd5 //"N"
-	FSTYPE_TFS                      = 0xe3 //"T"
-	FSTYPE_AUTOMOUNT                = 0xc1 //"A"
+	BRKINT                   = 0x0001
+	CLOCAL                   = 0x1
+	CLOCK_MONOTONIC          = 0x1
+	CLOCK_PROCESS_CPUTIME_ID = 0x2
+	CLOCK_REALTIME           = 0x0
+	CLOCK_THREAD_CPUTIME_ID  = 0x3
+	CLONE_NEWIPC             = 0x08000000
+	CLONE_NEWNET             = 0x40000000
+	CLONE_NEWNS              = 0x00020000
+	CLONE_NEWPID             = 0x20000000
+	CLONE_NEWUTS             = 0x04000000
+	CLONE_PARENT             = 0x00008000
+	CS8                      = 0x0030
+	CSIZE                    = 0x0030
+	ECHO                     = 0x00000008
+	ECHONL                   = 0x00000001
+	EFD_SEMAPHORE            = 0x00002000
+	EFD_CLOEXEC              = 0x00001000
+	EFD_NONBLOCK             = 0x00000004
+	EPOLL_CLOEXEC            = 0x00001000
+	EPOLL_CTL_ADD            = 0
+	EPOLL_CTL_MOD            = 1
+	EPOLL_CTL_DEL            = 2
+	EPOLLRDNORM              = 0x0001
+	EPOLLRDBAND              = 0x0002
+	EPOLLIN                  = 0x0003
+	EPOLLOUT                 = 0x0004
+	EPOLLWRBAND              = 0x0008
+	EPOLLPRI                 = 0x0010
+	EPOLLERR                 = 0x0020
+	EPOLLHUP                 = 0x0040
+	EPOLLEXCLUSIVE           = 0x20000000
+	EPOLLONESHOT             = 0x40000000
+	FD_CLOEXEC               = 0x01
+	FD_CLOFORK               = 0x02
+	FD_SETSIZE               = 0x800
+	FNDELAY                  = 0x04
+	F_CLOSFD                 = 9
+	F_CONTROL_CVT            = 13
+	F_DUPFD                  = 0
+	F_DUPFD2                 = 8
+	F_GETFD                  = 1
+	F_GETFL                  = 259
+	F_GETLK                  = 5
+	F_GETOWN                 = 10
+	F_OK                     = 0x0
+	F_RDLCK                  = 1
+	F_SETFD                  = 2
+	F_SETFL                  = 4
+	F_SETLK                  = 6
+	F_SETLKW                 = 7
+	F_SETOWN                 = 11
+	F_SETTAG                 = 12
+	F_UNLCK                  = 3
+	F_WRLCK                  = 2
+	FSTYPE_ZFS               = 0xe9 //"Z"
+	FSTYPE_HFS               = 0xc8 //"H"
+	FSTYPE_NFS               = 0xd5 //"N"
+	FSTYPE_TFS               = 0xe3 //"T"
+	FSTYPE_AUTOMOUNT         = 0xc1 //"A"
+	GRND_NONBLOCK            = 1
+	GRND_RANDOM              = 2
+	HUPCL                    = 0x0100 // Hang up on last close
+	IN_CLOEXEC               = 0x00001000
+	IN_NONBLOCK              = 0x00000004
+	IN_ACCESS                = 0x00000001
+	IN_MODIFY                = 0x00000002
+	IN_ATTRIB                = 0x00000004
+	IN_CLOSE_WRITE           = 0x00000008
+	IN_CLOSE_NOWRITE         = 0x00000010
+	IN_OPEN                  = 0x00000020
+	IN_MOVED_FROM            = 0x00000040
+	IN_MOVED_TO              = 0x00000080
+	IN_CREATE                = 0x00000100
+	IN_DELETE                = 0x00000200
+	IN_DELETE_SELF           = 0x00000400
+	IN_MOVE_SELF             = 0x00000800
+	IN_UNMOUNT               = 0x00002000
+	IN_Q_OVERFLOW            = 0x00004000
+	IN_IGNORED               = 0x00008000
+	IN_CLOSE                 = (IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)
+	IN_MOVE                  = (IN_MOVED_FROM | IN_MOVED_TO)
+	IN_ALL_EVENTS            = (IN_ACCESS | IN_MODIFY | IN_ATTRIB |
+		IN_CLOSE | IN_OPEN | IN_MOVE |
+		IN_CREATE | IN_DELETE | IN_DELETE_SELF |
+		IN_MOVE_SELF)
+	IN_ONLYDIR                      = 0x01000000
+	IN_DONT_FOLLOW                  = 0x02000000
+	IN_EXCL_UNLINK                  = 0x04000000
+	IN_MASK_CREATE                  = 0x10000000
+	IN_MASK_ADD                     = 0x20000000
+	IN_ISDIR                        = 0x40000000
+	IN_ONESHOT                      = 0x80000000
 	IP6F_MORE_FRAG                  = 0x0001
 	IP6F_OFF_MASK                   = 0xfff8
 	IP6F_RESERVED_MASK              = 0x0006
@@ -152,10 +210,18 @@ const (
 	IP_PKTINFO                      = 101
 	IP_RECVPKTINFO                  = 102
 	IP_TOS                          = 2
-	IP_TTL                          = 3
+	IP_TTL                          = 14
 	IP_UNBLOCK_SOURCE               = 11
+	ICMP6_FILTER                    = 1
+	MCAST_INCLUDE                   = 0
+	MCAST_EXCLUDE                   = 1
+	MCAST_JOIN_GROUP                = 40
+	MCAST_LEAVE_GROUP               = 41
+	MCAST_JOIN_SOURCE_GROUP         = 42
+	MCAST_LEAVE_SOURCE_GROUP        = 43
+	MCAST_BLOCK_SOURCE              = 44
+	MCAST_UNBLOCK_SOURCE            = 46
 	ICANON                          = 0x0010
-	ICMP6_FILTER                    = 0x26
 	ICRNL                           = 0x0002
 	IEXTEN                          = 0x0020
 	IGNBRK                          = 0x0004
@@ -165,10 +231,10 @@ const (
 	ISTRIP                          = 0x0080
 	IXON                            = 0x0200
 	IXOFF                           = 0x0100
-	LOCK_SH                         = 0x1 // Not exist on zOS
-	LOCK_EX                         = 0x2 // Not exist on zOS
-	LOCK_NB                         = 0x4 // Not exist on zOS
-	LOCK_UN                         = 0x8 // Not exist on zOS
+	LOCK_SH                         = 0x1
+	LOCK_EX                         = 0x2
+	LOCK_NB                         = 0x4
+	LOCK_UN                         = 0x8
 	POLLIN                          = 0x0003
 	POLLOUT                         = 0x0004
 	POLLPRI                         = 0x0010
@@ -182,15 +248,29 @@ const (
 	MAP_PRIVATE                     = 0x1 // changes are private
 	MAP_SHARED                      = 0x2 // changes are shared
 	MAP_FIXED                       = 0x4 // place exactly
-	MCAST_JOIN_GROUP                = 40
-	MCAST_LEAVE_GROUP               = 41
-	MCAST_JOIN_SOURCE_GROUP         = 42
-	MCAST_LEAVE_SOURCE_GROUP        = 43
-	MCAST_BLOCK_SOURCE              = 44
-	MCAST_UNBLOCK_SOURCE            = 45
+	__MAP_MEGA                      = 0x8
+	__MAP_64                        = 0x10
+	MAP_ANON                        = 0x20
+	MAP_ANONYMOUS                   = 0x20
 	MS_SYNC                         = 0x1 // msync - synchronous writes
 	MS_ASYNC                        = 0x2 // asynchronous writes
 	MS_INVALIDATE                   = 0x4 // invalidate mappings
+	MS_BIND                         = 0x00001000
+	MS_MOVE                         = 0x00002000
+	MS_NOSUID                       = 0x00000002
+	MS_PRIVATE                      = 0x00040000
+	MS_REC                          = 0x00004000
+	MS_REMOUNT                      = 0x00008000
+	MS_RDONLY                       = 0x00000001
+	MS_UNBINDABLE                   = 0x00020000
+	MNT_DETACH                      = 0x00000004
+	ZOSDSFS_SUPER_MAGIC             = 0x44534653 // zOS DSFS
+	NFS_SUPER_MAGIC                 = 0x6969     // NFS
+	NSFS_MAGIC                      = 0x6e736673 // PROCNS
+	PROC_SUPER_MAGIC                = 0x9fa0     // proc FS
+	ZOSTFS_SUPER_MAGIC              = 0x544653   // zOS TFS
+	ZOSUFS_SUPER_MAGIC              = 0x554653   // zOS UFS
+	ZOSZFS_SUPER_MAGIC              = 0x5A4653   // zOS ZFS
 	MTM_RDONLY                      = 0x80000000
 	MTM_RDWR                        = 0x40000000
 	MTM_UMOUNT                      = 0x10000000
@@ -205,13 +285,20 @@ const (
 	MTM_REMOUNT                     = 0x00000100
 	MTM_NOSECURITY                  = 0x00000080
 	NFDBITS                         = 0x20
+	ONLRET                          = 0x0020 // NL performs CR function
 	O_ACCMODE                       = 0x03
 	O_APPEND                        = 0x08
 	O_ASYNCSIG                      = 0x0200
 	O_CREAT                         = 0x80
+	O_DIRECT                        = 0x00002000
+	O_NOFOLLOW                      = 0x00004000
+	O_DIRECTORY                     = 0x00008000
+	O_PATH                          = 0x00080000
+	O_CLOEXEC                       = 0x00001000
 	O_EXCL                          = 0x40
 	O_GETFL                         = 0x0F
 	O_LARGEFILE                     = 0x0400
+	O_NDELAY                        = 0x4
 	O_NONBLOCK                      = 0x04
 	O_RDONLY                        = 0x02
 	O_RDWR                          = 0x03
@@ -248,6 +335,7 @@ const (
 	AF_IUCV                         = 17
 	AF_LAT                          = 14
 	AF_LINK                         = 18
+	AF_LOCAL                        = AF_UNIX // AF_LOCAL is an alias for AF_UNIX
 	AF_MAX                          = 30
 	AF_NBS                          = 7
 	AF_NDD                          = 23
@@ -285,15 +373,33 @@ const (
 	RLIMIT_AS                       = 5
 	RLIMIT_NOFILE                   = 6
 	RLIMIT_MEMLIMIT                 = 7
+	RLIMIT_MEMLOCK                  = 0x8
 	RLIM_INFINITY                   = 2147483647
+	SCHED_FIFO                      = 0x2
+	SCM_CREDENTIALS                 = 0x2
 	SCM_RIGHTS                      = 0x01
 	SF_CLOSE                        = 0x00000002
 	SF_REUSE                        = 0x00000001
+	SHM_RND                         = 0x2
+	SHM_RDONLY                      = 0x1
+	SHMLBA                          = 0x1000
+	IPC_STAT                        = 0x3
+	IPC_SET                         = 0x2
+	IPC_RMID                        = 0x1
+	IPC_PRIVATE                     = 0x0
+	IPC_CREAT                       = 0x1000000
+	__IPC_MEGA                      = 0x4000000
+	__IPC_SHAREAS                   = 0x20000000
+	__IPC_BELOWBAR                  = 0x10000000
+	IPC_EXCL                        = 0x2000000
+	__IPC_GIGA                      = 0x8000000
 	SHUT_RD                         = 0
 	SHUT_RDWR                       = 2
 	SHUT_WR                         = 1
+	SOCK_CLOEXEC                    = 0x00001000
 	SOCK_CONN_DGRAM                 = 6
 	SOCK_DGRAM                      = 2
+	SOCK_NONBLOCK                   = 0x800
 	SOCK_RAW                        = 3
 	SOCK_RDM                        = 4
 	SOCK_SEQPACKET                  = 5
@@ -378,8 +484,6 @@ const (
 	S_IFMST                         = 0x00FF0000
 	TCP_KEEPALIVE                   = 0x8
 	TCP_NODELAY                     = 0x1
-	TCP_INFO                        = 0xb
-	TCP_USER_TIMEOUT                = 0x1
 	TIOCGWINSZ                      = 0x4008a368
 	TIOCSWINSZ                      = 0x8008a367
 	TIOCSBRK                        = 0x2000a77b
@@ -427,7 +531,10 @@ const (
 	VSUSP                           = 9
 	VTIME                           = 10
 	WCONTINUED                      = 0x4
+	WEXITED                         = 0x8
 	WNOHANG                         = 0x1
+	WNOWAIT                         = 0x20
+	WSTOPPED                        = 0x10
 	WUNTRACED                       = 0x2
 	_BPX_SWAP                       = 1
 	_BPX_NONSWAP                    = 2
@@ -452,8 +559,30 @@ const (
 	MADV_FREE                       = 15 // for Linux compatibility -- no zos semantics
 	MADV_WIPEONFORK                 = 16 // for Linux compatibility -- no zos semantics
 	MADV_KEEPONFORK                 = 17 // for Linux compatibility -- no zos semantics
-	AT_SYMLINK_NOFOLLOW             = 1  // for Unix  compatibility -- no zos semantics
-	AT_FDCWD                        = 2  // for Unix  compatibility -- no zos semantics
+	AT_SYMLINK_FOLLOW               = 0x400
+	AT_SYMLINK_NOFOLLOW             = 0x100
+	XATTR_CREATE                    = 0x1
+	XATTR_REPLACE                   = 0x2
+	P_PID                           = 0
+	P_PGID                          = 1
+	P_ALL                           = 2
+	PR_SET_NAME                     = 15
+	PR_GET_NAME                     = 16
+	PR_SET_NO_NEW_PRIVS             = 38
+	PR_GET_NO_NEW_PRIVS             = 39
+	PR_SET_DUMPABLE                 = 4
+	PR_GET_DUMPABLE                 = 3
+	PR_SET_PDEATHSIG                = 1
+	PR_GET_PDEATHSIG                = 2
+	PR_SET_CHILD_SUBREAPER          = 36
+	PR_GET_CHILD_SUBREAPER          = 37
+	AT_FDCWD                        = -100
+	AT_EACCESS                      = 0x200
+	AT_EMPTY_PATH                   = 0x1000
+	AT_REMOVEDIR                    = 0x200
+	RENAME_NOREPLACE                = 1 << 0
+	ST_RDONLY                       = 1
+	ST_NOSUID                       = 2
 )
 
 const (
@@ -476,6 +605,7 @@ const (
 	EMLINK             = Errno(125)
 	ENAMETOOLONG       = Errno(126)
 	ENFILE             = Errno(127)
+	ENOATTR            = Errno(265)
 	ENODEV             = Errno(128)
 	ENOENT             = Errno(129)
 	ENOEXEC            = Errno(130)
@@ -700,7 +830,7 @@ var errorList = [...]struct {
 	{145, "EDC5145I", "The parameter list is too long, or the message to receive was too large for the buffer."},
 	{146, "EDC5146I", "Too many levels of symbolic links."},
 	{147, "EDC5147I", "Illegal byte sequence."},
-	{148, "", ""},
+	{148, "EDC5148I", "The named attribute or data not available."},
 	{149, "EDC5149I", "Value Overflow Error."},
 	{150, "EDC5150I", "UNIX System Services is not active."},
 	{151, "EDC5151I", "Dynamic allocation error."},
@@ -743,6 +873,7 @@ var errorList = [...]struct {
 	{259, "EDC5259I", "A CUN_RS_NO_CONVERSION error was issued by Unicode Services."},
 	{260, "EDC5260I", "A CUN_RS_TABLE_NOT_ALIGNED error was issued by Unicode Services."},
 	{262, "EDC5262I", "An iconv() function encountered an unexpected error while using Unicode Services."},
+	{265, "EDC5265I", "The named attribute not available."},
 	{1000, "EDC8000I", "A bad socket-call constant was found in the IUCV header."},
 	{1001, "EDC8001I", "An error was found in the IUCV header."},
 	{1002, "EDC8002I", "A socket descriptor is out of range."},
diff --git a/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s b/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s
new file mode 100644
index 00000000..b77ff5db
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s
@@ -0,0 +1,364 @@
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build zos && s390x
+#include "textflag.h"
+
+//  provide the address of function variable to be fixed up.
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FlistxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Flistxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FremovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fremovexattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FgetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fgetxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FsetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fsetxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_accept4Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·accept4(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_RemovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Removexattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_Dup3Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Dup3(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_DirfdAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Dirfd(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCreateAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollCreate(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCreate1Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollCreate1(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCtlAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollCtl(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollPwaitAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollPwait(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollWaitAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·EpollWait(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EventfdAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Eventfd(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FaccessatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Faccessat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FchmodatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fchmodat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FchownatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fchownat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FdatasyncAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fdatasync(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_fstatatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·fstatat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LgetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Lgetxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LsetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Lsetxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FstatfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Fstatfs(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FutimesAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Futimes(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FutimesatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Futimesat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_GetrandomAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Getrandom(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyInitAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·InotifyInit(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyInit1Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·InotifyInit1(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyAddWatchAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·InotifyAddWatch(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyRmWatchAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·InotifyRmWatch(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_ListxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Listxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LlistxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Llistxattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LremovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Lremovexattr(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LutimesAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Lutimes(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_StatfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Statfs(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SyncfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Syncfs(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_UnshareAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Unshare(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Linkat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_MkdiratAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Mkdirat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_MknodatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Mknodat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PivotRootAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·PivotRoot(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PrctlAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Prctl(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PrlimitAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Prlimit(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_RenameatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Renameat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_Renameat2Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Renameat2(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SethostnameAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Sethostname(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SetnsAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Setns(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SymlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Symlinkat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_UnlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·Unlinkat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_openatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·openat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_openat2Addr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·openat2(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_utimensatAddr(SB), NOSPLIT|NOFRAME, $0-8
+	MOVD $·utimensat(SB), R8
+	MOVD R8, ret+0(FP)
+	RET
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index ccb02f24..813c05b6 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -740,6 +740,54 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func renamexNp(from string, to string, flag uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_renamex_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flag))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_renamex_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renamex_np renamex_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func renameatxNp(fromfd int, from string, tofd int, to string, flag uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_renameatx_np_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), uintptr(flag), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_renameatx_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameatx_np renameatx_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -760,6 +808,59 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func pthread_chdir_np(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_chdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pthread_fchdir_np(fd int) (err error) {
+	_, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_fchdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error) {
+	var _p0 unsafe.Pointer
+	if len(iov) > 0 {
+		_p0 = unsafe.Pointer(&iov[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall9(libc_connectx_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(endpoints)), uintptr(associd), uintptr(flags), uintptr(_p0), uintptr(len(iov)), uintptr(unsafe.Pointer(n)), uintptr(unsafe.Pointer(connid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_connectx_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connectx connectx "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
 	_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
 	if e1 != 0 {
@@ -2411,6 +2512,90 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func readv(fd int, iovecs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(libc_readv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_readv_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readv readv "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovecs []Iovec, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(libc_preadv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_preadv_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_preadv preadv "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovecs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(libc_writev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_writev_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_writev writev "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(libc_pwritev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pwritev_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwritev pwritev "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fstat(fd int, stat *Stat_t) (err error) {
 	_, _, e1 := syscall_syscall(libc_fstat64_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
index 8b8bb284..fda32858 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -223,11 +223,36 @@ TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_ioctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB)
 
+TEXT libc_renamex_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renamex_np(SB)
+GLOBL	·libc_renamex_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_renamex_np_trampoline_addr(SB)/8, $libc_renamex_np_trampoline<>(SB)
+
+TEXT libc_renameatx_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renameatx_np(SB)
+GLOBL	·libc_renameatx_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_renameatx_np_trampoline_addr(SB)/8, $libc_renameatx_np_trampoline<>(SB)
+
 TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sysctl(SB)
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_chdir_np(SB)
+GLOBL	·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB)
+
+TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_fchdir_np(SB)
+GLOBL	·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB)
+
+TEXT libc_connectx_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_connectx(SB)
+GLOBL	·libc_connectx_trampoline_addr(SB), RODATA, $8
+DATA	·libc_connectx_trampoline_addr(SB)/8, $libc_connectx_trampoline<>(SB)
+
 TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sendfile(SB)
 GLOBL	·libc_sendfile_trampoline_addr(SB), RODATA, $8
@@ -713,6 +738,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_readv_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readv(SB)
+GLOBL	·libc_readv_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readv_trampoline_addr(SB)/8, $libc_readv_trampoline<>(SB)
+
+TEXT libc_preadv_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_preadv(SB)
+GLOBL	·libc_preadv_trampoline_addr(SB), RODATA, $8
+DATA	·libc_preadv_trampoline_addr(SB)/8, $libc_preadv_trampoline<>(SB)
+
+TEXT libc_writev_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_writev(SB)
+GLOBL	·libc_writev_trampoline_addr(SB), RODATA, $8
+DATA	·libc_writev_trampoline_addr(SB)/8, $libc_writev_trampoline<>(SB)
+
+TEXT libc_pwritev_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwritev(SB)
+GLOBL	·libc_pwritev_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pwritev_trampoline_addr(SB)/8, $libc_pwritev_trampoline<>(SB)
+
 TEXT libc_fstat64_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_fstat64(SB)
 GLOBL	·libc_fstat64_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 1b40b997..e6f58f3c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -740,6 +740,54 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func renamexNp(from string, to string, flag uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_renamex_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flag))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_renamex_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renamex_np renamex_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func renameatxNp(fromfd int, from string, tofd int, to string, flag uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(from)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(to)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_renameatx_np_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), uintptr(flag), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_renameatx_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameatx_np renameatx_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
 	var _p0 unsafe.Pointer
 	if len(mib) > 0 {
@@ -760,6 +808,59 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func pthread_chdir_np(path string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_chdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pthread_fchdir_np(fd int) (err error) {
+	_, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pthread_fchdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error) {
+	var _p0 unsafe.Pointer
+	if len(iov) > 0 {
+		_p0 = unsafe.Pointer(&iov[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := syscall_syscall9(libc_connectx_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(endpoints)), uintptr(associd), uintptr(flags), uintptr(_p0), uintptr(len(iov)), uintptr(unsafe.Pointer(n)), uintptr(unsafe.Pointer(connid)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_connectx_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connectx connectx "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
 	_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
 	if e1 != 0 {
@@ -2411,6 +2512,90 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func readv(fd int, iovecs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(libc_readv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_readv_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_readv readv "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func preadv(fd int, iovecs []Iovec, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(libc_preadv_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_preadv_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_preadv preadv "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func writev(fd int, iovecs []Iovec) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall(libc_writev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_writev_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_writev writev "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pwritev(fd int, iovecs []Iovec, offset int64) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(iovecs) > 0 {
+		_p0 = unsafe.Pointer(&iovecs[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	r0, _, e1 := syscall_syscall6(libc_pwritev_trampoline_addr, uintptr(fd), uintptr(_p0), uintptr(len(iovecs)), uintptr(offset), 0, 0)
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pwritev_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pwritev pwritev "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fstat(fd int, stat *Stat_t) (err error) {
 	_, _, e1 := syscall_syscall(libc_fstat_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
 	if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
index 08362c1a..7f8998b9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -223,11 +223,36 @@ TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_ioctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB)
 
+TEXT libc_renamex_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renamex_np(SB)
+GLOBL	·libc_renamex_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_renamex_np_trampoline_addr(SB)/8, $libc_renamex_np_trampoline<>(SB)
+
+TEXT libc_renameatx_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_renameatx_np(SB)
+GLOBL	·libc_renameatx_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_renameatx_np_trampoline_addr(SB)/8, $libc_renameatx_np_trampoline<>(SB)
+
 TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sysctl(SB)
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_chdir_np(SB)
+GLOBL	·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB)
+
+TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pthread_fchdir_np(SB)
+GLOBL	·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB)
+
+TEXT libc_connectx_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_connectx(SB)
+GLOBL	·libc_connectx_trampoline_addr(SB), RODATA, $8
+DATA	·libc_connectx_trampoline_addr(SB)/8, $libc_connectx_trampoline<>(SB)
+
 TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_sendfile(SB)
 GLOBL	·libc_sendfile_trampoline_addr(SB), RODATA, $8
@@ -713,6 +738,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_readv_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_readv(SB)
+GLOBL	·libc_readv_trampoline_addr(SB), RODATA, $8
+DATA	·libc_readv_trampoline_addr(SB)/8, $libc_readv_trampoline<>(SB)
+
+TEXT libc_preadv_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_preadv(SB)
+GLOBL	·libc_preadv_trampoline_addr(SB), RODATA, $8
+DATA	·libc_preadv_trampoline_addr(SB)/8, $libc_preadv_trampoline<>(SB)
+
+TEXT libc_writev_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_writev(SB)
+GLOBL	·libc_writev_trampoline_addr(SB), RODATA, $8
+DATA	·libc_writev_trampoline_addr(SB)/8, $libc_writev_trampoline<>(SB)
+
+TEXT libc_pwritev_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pwritev(SB)
+GLOBL	·libc_pwritev_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pwritev_trampoline_addr(SB)/8, $libc_pwritev_trampoline<>(SB)
+
 TEXT libc_fstat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_fstat(SB)
 GLOBL	·libc_fstat_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 1488d271..5cc1e8eb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -592,6 +592,16 @@ func ClockGettime(clockid int32, time *Timespec) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func ClockSettime(clockid int32, time *Timespec) (err error) {
+	_, _, e1 := Syscall(SYS_CLOCK_SETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) {
 	_, _, e1 := Syscall6(SYS_CLOCK_NANOSLEEP, uintptr(clockid), uintptr(flags), uintptr(unsafe.Pointer(request)), uintptr(unsafe.Pointer(remain)), 0, 0)
 	if e1 != 0 {
@@ -906,6 +916,16 @@ func Fspick(dirfd int, pathName string, flags int) (fd int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) {
+	_, _, e1 := Syscall6(SYS_FSCONFIG, uintptr(fd), uintptr(cmd), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(value)), uintptr(aux), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getdents(fd int, buf []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
@@ -961,23 +981,6 @@ func Getpriority(which int, who int) (prio int, err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getrandom(buf []byte, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
-	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
-	} else {
-		_p0 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Getrusage(who int, rusage *Rusage) (err error) {
 	_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
 	if e1 != 0 {
@@ -2219,3 +2222,19 @@ func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint)
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mseal(b []byte, flags uint) (err error) {
+	var _p0 unsafe.Pointer
+	if len(b) > 0 {
+		_p0 = unsafe.Pointer(&b[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	_, _, e1 := Syscall(SYS_MSEAL, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index a1d06159..1851df14 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -1493,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(fsType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dir)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -2297,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
index 41b56173..0b43c693 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -463,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB)
 
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mount(SB)
+GLOBL	·libc_mount_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mount_trampoline_addr(SB)/4, $libc_mount_trampoline<>(SB)
+
 TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_nanosleep(SB)
 GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $4
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index 5b2a7409..e1ec0dbe 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -1493,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(fsType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dir)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -2297,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
index 4019a656..880c6d6e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -463,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
 
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mount(SB)
+GLOBL	·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
 TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_nanosleep(SB)
 GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index f6eda134..7c8452a6 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -1493,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(fsType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dir)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -2297,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
index ac4af24f..b8ef95b0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -463,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB)
 
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mount(SB)
+GLOBL	·libc_mount_trampoline_addr(SB), RODATA, $4
+DATA	·libc_mount_trampoline_addr(SB)/4, $libc_mount_trampoline<>(SB)
+
 TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_nanosleep(SB)
 GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $4
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index 55df20ae..2ffdf861 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -1493,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(fsType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dir)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -2297,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
index f77d5321..2af3b5c7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -463,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
 
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mount(SB)
+GLOBL	·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
 TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_nanosleep(SB)
 GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index 8c1155cb..1da08d52 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -1493,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(fsType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dir)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -2297,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
index fae140b6..b7a25135 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
@@ -463,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
 
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mount(SB)
+GLOBL	·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
 TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_nanosleep(SB)
 GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 7cc80c58..6e85b0aa 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -1493,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(fsType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dir)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -2297,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
index 9d1e0ff0..f15dadf0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
@@ -555,6 +555,12 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
 
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_mount(SB)
+	RET
+GLOBL	·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
 TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
 	CALL	libc_nanosleep(SB)
 	RET
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 0688737f..28b487df 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -1493,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(fsType)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(dir)
+	if err != nil {
+		return
+	}
+	_, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
 	_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
 	if e1 != 0 {
@@ -2297,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
 var libc_unveil_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
index da115f9a..1e7f321e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
@@ -463,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_mknodat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
 
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_mount(SB)
+GLOBL	·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA	·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
 TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_nanosleep(SB)
 GLOBL	·libc_nanosleep_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index 829b87fe..c6545413 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -141,6 +141,16 @@ import (
 //go:cgo_import_dynamic libc_getpeername getpeername "libsocket.so"
 //go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so"
 //go:cgo_import_dynamic libc_recvfrom recvfrom "libsocket.so"
+//go:cgo_import_dynamic libc_getpeerucred getpeerucred "libc.so"
+//go:cgo_import_dynamic libc_ucred_get ucred_get "libc.so"
+//go:cgo_import_dynamic libc_ucred_geteuid ucred_geteuid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getegid ucred_getegid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getruid ucred_getruid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getrgid ucred_getrgid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getsuid ucred_getsuid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getsgid ucred_getsgid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getpid ucred_getpid "libc.so"
+//go:cgo_import_dynamic libc_ucred_free ucred_free "libc.so"
 //go:cgo_import_dynamic libc_port_create port_create "libc.so"
 //go:cgo_import_dynamic libc_port_associate port_associate "libc.so"
 //go:cgo_import_dynamic libc_port_dissociate port_dissociate "libc.so"
@@ -280,6 +290,16 @@ import (
 //go:linkname procgetpeername libc_getpeername
 //go:linkname procsetsockopt libc_setsockopt
 //go:linkname procrecvfrom libc_recvfrom
+//go:linkname procgetpeerucred libc_getpeerucred
+//go:linkname procucred_get libc_ucred_get
+//go:linkname procucred_geteuid libc_ucred_geteuid
+//go:linkname procucred_getegid libc_ucred_getegid
+//go:linkname procucred_getruid libc_ucred_getruid
+//go:linkname procucred_getrgid libc_ucred_getrgid
+//go:linkname procucred_getsuid libc_ucred_getsuid
+//go:linkname procucred_getsgid libc_ucred_getsgid
+//go:linkname procucred_getpid libc_ucred_getpid
+//go:linkname procucred_free libc_ucred_free
 //go:linkname procport_create libc_port_create
 //go:linkname procport_associate libc_port_associate
 //go:linkname procport_dissociate libc_port_dissociate
@@ -420,6 +440,16 @@ var (
 	procgetpeername,
 	procsetsockopt,
 	procrecvfrom,
+	procgetpeerucred,
+	procucred_get,
+	procucred_geteuid,
+	procucred_getegid,
+	procucred_getruid,
+	procucred_getrgid,
+	procucred_getsuid,
+	procucred_getsgid,
+	procucred_getpid,
+	procucred_free,
 	procport_create,
 	procport_associate,
 	procport_dissociate,
@@ -2029,6 +2059,90 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getpeerucred(fd uintptr, ucred *uintptr) (err error) {
+	_, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetpeerucred)), 2, uintptr(fd), uintptr(unsafe.Pointer(ucred)), 0, 0, 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGet(pid int) (ucred uintptr, err error) {
+	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procucred_get)), 1, uintptr(pid), 0, 0, 0, 0, 0)
+	ucred = uintptr(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGeteuid(ucred uintptr) (uid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_geteuid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetegid(ucred uintptr) (gid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getegid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetruid(ucred uintptr) (uid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getruid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetrgid(ucred uintptr) (gid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getrgid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetsuid(ucred uintptr) (uid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getsuid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+	uid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetsgid(ucred uintptr) (gid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getsgid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+	gid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetpid(ucred uintptr) (pid int) {
+	r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getpid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+	pid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredFree(ucred uintptr) {
+	sysvicall6(uintptr(unsafe.Pointer(&procucred_free)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func port_create() (n int, err error) {
 	r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_create)), 0, 0, 0, 0, 0, 0, 0)
 	n = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index 94f01123..7ccf66b7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags zos,s390x syscall_zos_s390x.go
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
@@ -6,22 +6,105 @@
 package unix
 
 import (
+	"runtime"
+	"syscall"
 	"unsafe"
 )
 
+var _ syscall.Errno
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func fcntl(fd int, cmd int, arg int) (val int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), uintptr(arg))
+	runtime.ExitSyscall()
 	val = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Flistxattr(fd int, dest []byte) (sz int, err error) {
+	var _p0 unsafe.Pointer
+	if len(dest) > 0 {
+		_p0 = unsafe.Pointer(&dest[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FLISTXATTR_A<<4, uintptr(fd), uintptr(_p0), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FlistxattrAddr() *(func(fd int, dest []byte) (sz int, err error))
+
+var Flistxattr = enter_Flistxattr
+
+func enter_Flistxattr(fd int, dest []byte) (sz int, err error) {
+	funcref := get_FlistxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FLISTXATTR_A<<4, "") == 0 {
+		*funcref = impl_Flistxattr
+	} else {
+		*funcref = error_Flistxattr
+	}
+	return (*funcref)(fd, dest)
+}
+
+func error_Flistxattr(fd int, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fremovexattr(fd int, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FREMOVEXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FremovexattrAddr() *(func(fd int, attr string) (err error))
+
+var Fremovexattr = enter_Fremovexattr
+
+func enter_Fremovexattr(fd int, attr string) (err error) {
+	funcref := get_FremovexattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FREMOVEXATTR_A<<4, "") == 0 {
+		*funcref = impl_Fremovexattr
+	} else {
+		*funcref = error_Fremovexattr
+	}
+	return (*funcref)(fd, attr)
+}
+
+func error_Fremovexattr(fd int, attr string) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func read(fd int, p []byte) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(p) > 0 {
@@ -29,10 +112,12 @@ func read(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_READ<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -46,31 +131,159 @@ func write(fd int, p []byte) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WRITE<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FGETXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FgetxattrAddr() *(func(fd int, attr string, dest []byte) (sz int, err error))
+
+var Fgetxattr = enter_Fgetxattr
+
+func enter_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	funcref := get_FgetxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FGETXATTR_A<<4, "") == 0 {
+		*funcref = impl_Fgetxattr
+	} else {
+		*funcref = error_Fgetxattr
+	}
+	return (*funcref)(fd, attr, dest)
+}
+
+func error_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(data) > 0 {
+		_p1 = unsafe.Pointer(&data[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FSETXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(data)), uintptr(flag))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FsetxattrAddr() *(func(fd int, attr string, data []byte, flag int) (err error))
+
+var Fsetxattr = enter_Fsetxattr
+
+func enter_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+	funcref := get_FsetxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FSETXATTR_A<<4, "") == 0 {
+		*funcref = impl_Fsetxattr
+	} else {
+		*funcref = error_Fsetxattr
+	}
+	return (*funcref)(fd, attr, data, flag)
+}
+
+func error_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
-	r0, _, e1 := syscall_syscall(SYS___ACCEPT_A, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCEPT_A<<4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	runtime.ExitSyscall()
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCEPT4_A<<4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_accept4Addr() *(func(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error))
+
+var accept4 = enter_accept4
+
+func enter_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	funcref := get_accept4Addr()
+	if funcptrtest(GetZosLibVec()+SYS___ACCEPT4_A<<4, "") == 0 {
+		*funcref = impl_accept4
+	} else {
+		*funcref = error_accept4
+	}
+	return (*funcref)(s, rsa, addrlen, flags)
+}
+
+func error_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := syscall_syscall(SYS___BIND_A, uintptr(s), uintptr(addr), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___BIND_A<<4, uintptr(s), uintptr(addr), uintptr(addrlen))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -78,9 +291,11 @@ func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
-	_, _, e1 := syscall_syscall(SYS___CONNECT_A, uintptr(s), uintptr(addr), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CONNECT_A<<4, uintptr(s), uintptr(addr), uintptr(addrlen))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -88,10 +303,10 @@ func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getgroups(n int, list *_Gid_t) (nn int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETGROUPS<<4, uintptr(n), uintptr(unsafe.Pointer(list)))
 	nn = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -99,9 +314,9 @@ func getgroups(n int, list *_Gid_t) (nn int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setgroups(n int, list *_Gid_t) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETGROUPS<<4, uintptr(n), uintptr(unsafe.Pointer(list)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -109,9 +324,11 @@ func setgroups(n int, list *_Gid_t) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
-	_, _, e1 := syscall_syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETSOCKOPT<<4, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -119,9 +336,11 @@ func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
-	_, _, e1 := syscall_syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETSOCKOPT<<4, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -129,10 +348,10 @@ func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr)
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socket(domain int, typ int, proto int) (fd int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SOCKET<<4, uintptr(domain), uintptr(typ), uintptr(proto))
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -140,9 +359,9 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
-	_, _, e1 := syscall_rawsyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SOCKETPAIR<<4, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -150,9 +369,9 @@ func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS___GETPEERNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETPEERNAME_A<<4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -160,15 +379,57 @@ func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS___GETSOCKNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETSOCKNAME_A<<4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Removexattr(path string, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___REMOVEXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_RemovexattrAddr() *(func(path string, attr string) (err error))
+
+var Removexattr = enter_Removexattr
+
+func enter_Removexattr(path string, attr string) (err error) {
+	funcref := get_RemovexattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___REMOVEXATTR_A<<4, "") == 0 {
+		*funcref = impl_Removexattr
+	} else {
+		*funcref = error_Removexattr
+	}
+	return (*funcref)(path, attr)
+}
+
+func error_Removexattr(path string, attr string) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(p) > 0 {
@@ -176,10 +437,12 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall6(SYS___RECVFROM_A, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RECVFROM_A<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -193,9 +456,11 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := syscall_syscall6(SYS___SENDTO_A, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SENDTO_A<<4, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -203,10 +468,12 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := syscall_syscall(SYS___RECVMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RECVMSG_A<<4, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -214,10 +481,12 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
-	r0, _, e1 := syscall_syscall(SYS___SENDMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SENDMSG_A<<4, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -225,10 +494,12 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
-	r0, _, e1 := syscall_syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MMAP<<4, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+	runtime.ExitSyscall()
 	ret = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -236,9 +507,11 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func munmap(addr uintptr, length uintptr) (err error) {
-	_, _, e1 := syscall_syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MUNMAP<<4, uintptr(addr), uintptr(length))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -246,9 +519,11 @@ func munmap(addr uintptr, length uintptr) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctl(fd int, req int, arg uintptr) (err error) {
-	_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_IOCTL<<4, uintptr(fd), uintptr(req), uintptr(arg))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -256,9 +531,62 @@ func ioctl(fd int, req int, arg uintptr) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) {
-	_, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_IOCTL<<4, uintptr(fd), uintptr(req), uintptr(arg))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmat(id int, addr uintptr, flag int) (ret uintptr, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMAT<<4, uintptr(id), uintptr(addr), uintptr(flag))
+	runtime.ExitSyscall()
+	ret = uintptr(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMCTL64<<4, uintptr(id), uintptr(cmd), uintptr(unsafe.Pointer(buf)))
+	runtime.ExitSyscall()
+	result = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmdt(addr uintptr) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMDT<<4, uintptr(addr))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmget(key int, size int, flag int) (id int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMGET<<4, uintptr(key), uintptr(size), uintptr(flag))
+	runtime.ExitSyscall()
+	id = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -271,9 +599,11 @@ func Access(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___ACCESS_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCESS_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -286,9 +616,11 @@ func Chdir(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___CHDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHDIR_A<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -301,9 +633,11 @@ func Chown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___CHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHOWN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -316,9 +650,11 @@ func Chmod(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___CHMOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHMOD_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -331,10 +667,12 @@ func Creat(path string, mode uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := syscall_syscall(SYS___CREAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CREAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -342,10 +680,12 @@ func Creat(path string, mode uint32) (fd int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup(oldfd int) (fd int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_DUP, uintptr(oldfd), 0, 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP<<4, uintptr(oldfd))
+	runtime.ExitSyscall()
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -353,42 +693,359 @@ func Dup(oldfd int) (fd int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Dup2(oldfd int, newfd int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP2<<4, uintptr(oldfd), uintptr(newfd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Errno2() (er2 int) {
-	uer2, _, _ := syscall_syscall(SYS___ERRNO2, 0, 0, 0)
-	er2 = int(uer2)
+func impl_Dup3(oldfd int, newfd int, flags int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP3<<4, uintptr(oldfd), uintptr(newfd), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_Dup3Addr() *(func(oldfd int, newfd int, flags int) (err error))
+
+var Dup3 = enter_Dup3
+
+func enter_Dup3(oldfd int, newfd int, flags int) (err error) {
+	funcref := get_Dup3Addr()
+	if funcptrtest(GetZosLibVec()+SYS_DUP3<<4, "") == 0 {
+		*funcref = impl_Dup3
+	} else {
+		*funcref = error_Dup3
+	}
+	return (*funcref)(oldfd, newfd, flags)
+}
+
+func error_Dup3(oldfd int, newfd int, flags int) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Err2ad() (eadd *int) {
-	ueadd, _, _ := syscall_syscall(SYS___ERR2AD, 0, 0, 0)
-	eadd = (*int)(unsafe.Pointer(ueadd))
+func impl_Dirfd(dirp uintptr) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DIRFD<<4, uintptr(dirp))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_DirfdAddr() *(func(dirp uintptr) (fd int, err error))
+
+var Dirfd = enter_Dirfd
+
+func enter_Dirfd(dirp uintptr) (fd int, err error) {
+	funcref := get_DirfdAddr()
+	if funcptrtest(GetZosLibVec()+SYS_DIRFD<<4, "") == 0 {
+		*funcref = impl_Dirfd
+	} else {
+		*funcref = error_Dirfd
+	}
+	return (*funcref)(dirp)
+}
+
+func error_Dirfd(dirp uintptr) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_EpollCreate(size int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CREATE<<4, uintptr(size))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_EpollCreateAddr() *(func(size int) (fd int, err error))
+
+var EpollCreate = enter_EpollCreate
+
+func enter_EpollCreate(size int) (fd int, err error) {
+	funcref := get_EpollCreateAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_CREATE<<4, "") == 0 {
+		*funcref = impl_EpollCreate
+	} else {
+		*funcref = error_EpollCreate
+	}
+	return (*funcref)(size)
+}
+
+func error_EpollCreate(size int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_EpollCreate1(flags int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CREATE1<<4, uintptr(flags))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_EpollCreate1Addr() *(func(flags int) (fd int, err error))
+
+var EpollCreate1 = enter_EpollCreate1
+
+func enter_EpollCreate1(flags int) (fd int, err error) {
+	funcref := get_EpollCreate1Addr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_CREATE1<<4, "") == 0 {
+		*funcref = impl_EpollCreate1
+	} else {
+		*funcref = error_EpollCreate1
+	}
+	return (*funcref)(flags)
+}
+
+func error_EpollCreate1(flags int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CTL<<4, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_EpollCtlAddr() *(func(epfd int, op int, fd int, event *EpollEvent) (err error))
+
+var EpollCtl = enter_EpollCtl
+
+func enter_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	funcref := get_EpollCtlAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_CTL<<4, "") == 0 {
+		*funcref = impl_EpollCtl
+	} else {
+		*funcref = error_EpollCtl
+	}
+	return (*funcref)(epfd, op, fd, event)
+}
+
+func error_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_PWAIT<<4, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), uintptr(unsafe.Pointer(sigmask)))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_EpollPwaitAddr() *(func(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error))
+
+var EpollPwait = enter_EpollPwait
+
+func enter_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
+	funcref := get_EpollPwaitAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_PWAIT<<4, "") == 0 {
+		*funcref = impl_EpollPwait
+	} else {
+		*funcref = error_EpollPwait
+	}
+	return (*funcref)(epfd, events, msec, sigmask)
+}
+
+func error_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
+	n = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(events) > 0 {
+		_p0 = unsafe.Pointer(&events[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_WAIT<<4, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_EpollWaitAddr() *(func(epfd int, events []EpollEvent, msec int) (n int, err error))
+
+var EpollWait = enter_EpollWait
+
+func enter_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	funcref := get_EpollWaitAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EPOLL_WAIT<<4, "") == 0 {
+		*funcref = impl_EpollWait
+	} else {
+		*funcref = error_EpollWait
+	}
+	return (*funcref)(epfd, events, msec)
+}
+
+func error_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+	n = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Errno2() (er2 int) {
+	runtime.EnterSyscall()
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS___ERRNO2<<4)
+	runtime.ExitSyscall()
+	er2 = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Eventfd(initval uint, flags int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EVENTFD<<4, uintptr(initval), uintptr(flags))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_EventfdAddr() *(func(initval uint, flags int) (fd int, err error))
+
+var Eventfd = enter_Eventfd
+
+func enter_Eventfd(initval uint, flags int) (fd int, err error) {
+	funcref := get_EventfdAddr()
+	if funcptrtest(GetZosLibVec()+SYS_EVENTFD<<4, "") == 0 {
+		*funcref = impl_Eventfd
+	} else {
+		*funcref = error_Eventfd
+	}
+	return (*funcref)(initval, flags)
+}
+
+func error_Eventfd(initval uint, flags int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Exit(code int) {
-	syscall_syscall(SYS_EXIT, uintptr(code), 0, 0)
+	runtime.EnterSyscall()
+	CallLeFuncWithErr(GetZosLibVec()+SYS_EXIT<<4, uintptr(code))
+	runtime.ExitSyscall()
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FACCESSAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FaccessatAddr() *(func(dirfd int, path string, mode uint32, flags int) (err error))
+
+var Faccessat = enter_Faccessat
+
+func enter_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	funcref := get_FaccessatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FACCESSAT_A<<4, "") == 0 {
+		*funcref = impl_Faccessat
+	} else {
+		*funcref = error_Faccessat
+	}
+	return (*funcref)(dirfd, path, mode, flags)
+}
+
+func error_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+	err = ENOSYS
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchdir(fd int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHDIR<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -396,50 +1053,333 @@ func Fchdir(fd int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fchmod(fd int, mode uint32) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHMOD<<4, uintptr(fd), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FCHMODAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FchmodatAddr() *(func(dirfd int, path string, mode uint32, flags int) (err error))
+
+var Fchmodat = enter_Fchmodat
+
+func enter_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	funcref := get_FchmodatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FCHMODAT_A<<4, "") == 0 {
+		*funcref = impl_Fchmodat
+	} else {
+		*funcref = error_Fchmodat
+	}
+	return (*funcref)(dirfd, path, mode, flags)
+}
+
+func error_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fchown(fd int, uid int, gid int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHOWN<<4, uintptr(fd), uintptr(uid), uintptr(gid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FCHOWNAT_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FchownatAddr() *(func(fd int, path string, uid int, gid int, flags int) (err error))
+
+var Fchownat = enter_Fchownat
+
+func enter_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
+	funcref := get_FchownatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FCHOWNAT_A<<4, "") == 0 {
+		*funcref = impl_Fchownat
+	} else {
+		*funcref = error_Fchownat
+	}
+	return (*funcref)(fd, path, uid, gid, flags)
+}
+
+func error_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), uintptr(arg))
+	runtime.ExitSyscall()
 	retval = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Fdatasync(fd int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FDATASYNC<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FdatasyncAddr() *(func(fd int) (err error))
+
+var Fdatasync = enter_Fdatasync
+
+func enter_Fdatasync(fd int) (err error) {
+	funcref := get_FdatasyncAddr()
+	if funcptrtest(GetZosLibVec()+SYS_FDATASYNC<<4, "") == 0 {
+		*funcref = impl_Fdatasync
+	} else {
+		*funcref = error_Fdatasync
+	}
+	return (*funcref)(fd)
+}
+
+func error_Fdatasync(fd int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func fstat(fd int, stat *Stat_LE_t) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTAT<<4, uintptr(fd), uintptr(unsafe.Pointer(stat)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FSTATAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_fstatatAddr() *(func(dirfd int, path string, stat *Stat_LE_t, flags int) (err error))
+
+var fstatat = enter_fstatat
+
+func enter_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+	funcref := get_fstatatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FSTATAT_A<<4, "") == 0 {
+		*funcref = impl_fstatat
+	} else {
+		*funcref = error_fstatat
+	}
+	return (*funcref)(dirfd, path, stat, flags)
+}
+
+func error_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(link)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(dest) > 0 {
+		_p2 = unsafe.Pointer(&dest[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LGETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LgetxattrAddr() *(func(link string, attr string, dest []byte) (sz int, err error))
+
+var Lgetxattr = enter_Lgetxattr
+
+func enter_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	funcref := get_LgetxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LGETXATTR_A<<4, "") == 0 {
+		*funcref = impl_Lgetxattr
+	} else {
+		*funcref = error_Lgetxattr
+	}
+	return (*funcref)(link, attr, dest)
+}
+
+func error_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	var _p2 unsafe.Pointer
+	if len(data) > 0 {
+		_p2 = unsafe.Pointer(&data[0])
+	} else {
+		_p2 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LSETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LsetxattrAddr() *(func(path string, attr string, data []byte, flags int) (err error))
+
+var Lsetxattr = enter_Lsetxattr
+
+func enter_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+	funcref := get_LsetxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LSETXATTR_A<<4, "") == 0 {
+		*funcref = impl_Lsetxattr
+	} else {
+		*funcref = error_Lsetxattr
+	}
+	return (*funcref)(path, attr, data, flags)
+}
+
+func error_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fstatfs(fd int, buf *Statfs_t) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTATFS<<4, uintptr(fd), uintptr(unsafe.Pointer(buf)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FstatfsAddr() *(func(fd int, buf *Statfs_t) (err error))
+
+var Fstatfs = enter_Fstatfs
+
+func enter_Fstatfs(fd int, buf *Statfs_t) (err error) {
+	funcref := get_FstatfsAddr()
+	if funcptrtest(GetZosLibVec()+SYS_FSTATFS<<4, "") == 0 {
+		*funcref = impl_Fstatfs
+	} else {
+		*funcref = error_Fstatfs
+	}
+	return (*funcref)(fd, buf)
+}
+
+func error_Fstatfs(fd int, buf *Statfs_t) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Fstatvfs(fd int, stat *Statvfs_t) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FSTATVFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTATVFS<<4, uintptr(fd), uintptr(unsafe.Pointer(stat)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -447,28 +1387,461 @@ func Fstatvfs(fd int, stat *Statvfs_t) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Fsync(fd int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FSYNC, uintptr(fd), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSYNC<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Futimes(fd int, tv []Timeval) (err error) {
+	var _p0 unsafe.Pointer
+	if len(tv) > 0 {
+		_p0 = unsafe.Pointer(&tv[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FUTIMES<<4, uintptr(fd), uintptr(_p0), uintptr(len(tv)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FutimesAddr() *(func(fd int, tv []Timeval) (err error))
+
+var Futimes = enter_Futimes
+
+func enter_Futimes(fd int, tv []Timeval) (err error) {
+	funcref := get_FutimesAddr()
+	if funcptrtest(GetZosLibVec()+SYS_FUTIMES<<4, "") == 0 {
+		*funcref = impl_Futimes
+	} else {
+		*funcref = error_Futimes
+	}
+	return (*funcref)(fd, tv)
+}
+
+func error_Futimes(fd int, tv []Timeval) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(tv) > 0 {
+		_p1 = unsafe.Pointer(&tv[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FUTIMESAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(tv)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_FutimesatAddr() *(func(dirfd int, path string, tv []Timeval) (err error))
+
+var Futimesat = enter_Futimesat
+
+func enter_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+	funcref := get_FutimesatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___FUTIMESAT_A<<4, "") == 0 {
+		*funcref = impl_Futimesat
+	} else {
+		*funcref = error_Futimesat
+	}
+	return (*funcref)(dirfd, path, tv)
+}
+
+func error_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Ftruncate(fd int, length int64) (err error) {
-	_, _, e1 := syscall_syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FTRUNCATE<<4, uintptr(fd), uintptr(length))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getpagesize() (pgsize int) {
-	r0, _, _ := syscall_syscall(SYS_GETPAGESIZE, 0, 0, 0)
-	pgsize = int(r0)
+func impl_Getrandom(buf []byte, flags int) (n int, err error) {
+	var _p0 unsafe.Pointer
+	if len(buf) > 0 {
+		_p0 = unsafe.Pointer(&buf[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRANDOM<<4, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
+	runtime.ExitSyscall()
+	n = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_GetrandomAddr() *(func(buf []byte, flags int) (n int, err error))
+
+var Getrandom = enter_Getrandom
+
+func enter_Getrandom(buf []byte, flags int) (n int, err error) {
+	funcref := get_GetrandomAddr()
+	if funcptrtest(GetZosLibVec()+SYS_GETRANDOM<<4, "") == 0 {
+		*funcref = impl_Getrandom
+	} else {
+		*funcref = error_Getrandom
+	}
+	return (*funcref)(buf, flags)
+}
+
+func error_Getrandom(buf []byte, flags int) (n int, err error) {
+	n = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_InotifyInit() (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec() + SYS_INOTIFY_INIT<<4)
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_InotifyInitAddr() *(func() (fd int, err error))
+
+var InotifyInit = enter_InotifyInit
+
+func enter_InotifyInit() (fd int, err error) {
+	funcref := get_InotifyInitAddr()
+	if funcptrtest(GetZosLibVec()+SYS_INOTIFY_INIT<<4, "") == 0 {
+		*funcref = impl_InotifyInit
+	} else {
+		*funcref = error_InotifyInit
+	}
+	return (*funcref)()
+}
+
+func error_InotifyInit() (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_InotifyInit1(flags int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_INOTIFY_INIT1<<4, uintptr(flags))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_InotifyInit1Addr() *(func(flags int) (fd int, err error))
+
+var InotifyInit1 = enter_InotifyInit1
+
+func enter_InotifyInit1(flags int) (fd int, err error) {
+	funcref := get_InotifyInit1Addr()
+	if funcptrtest(GetZosLibVec()+SYS_INOTIFY_INIT1<<4, "") == 0 {
+		*funcref = impl_InotifyInit1
+	} else {
+		*funcref = error_InotifyInit1
+	}
+	return (*funcref)(flags)
+}
+
+func error_InotifyInit1(flags int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(pathname)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___INOTIFY_ADD_WATCH_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
+	runtime.ExitSyscall()
+	watchdesc = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_InotifyAddWatchAddr() *(func(fd int, pathname string, mask uint32) (watchdesc int, err error))
+
+var InotifyAddWatch = enter_InotifyAddWatch
+
+func enter_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+	funcref := get_InotifyAddWatchAddr()
+	if funcptrtest(GetZosLibVec()+SYS___INOTIFY_ADD_WATCH_A<<4, "") == 0 {
+		*funcref = impl_InotifyAddWatch
+	} else {
+		*funcref = error_InotifyAddWatch
+	}
+	return (*funcref)(fd, pathname, mask)
+}
+
+func error_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+	watchdesc = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_INOTIFY_RM_WATCH<<4, uintptr(fd), uintptr(watchdesc))
+	runtime.ExitSyscall()
+	success = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_InotifyRmWatchAddr() *(func(fd int, watchdesc uint32) (success int, err error))
+
+var InotifyRmWatch = enter_InotifyRmWatch
+
+func enter_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+	funcref := get_InotifyRmWatchAddr()
+	if funcptrtest(GetZosLibVec()+SYS_INOTIFY_RM_WATCH<<4, "") == 0 {
+		*funcref = impl_InotifyRmWatch
+	} else {
+		*funcref = error_InotifyRmWatch
+	}
+	return (*funcref)(fd, watchdesc)
+}
+
+func error_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+	success = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Listxattr(path string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LISTXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_ListxattrAddr() *(func(path string, dest []byte) (sz int, err error))
+
+var Listxattr = enter_Listxattr
+
+func enter_Listxattr(path string, dest []byte) (sz int, err error) {
+	funcref := get_ListxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LISTXATTR_A<<4, "") == 0 {
+		*funcref = impl_Listxattr
+	} else {
+		*funcref = error_Listxattr
+	}
+	return (*funcref)(path, dest)
+}
+
+func error_Listxattr(path string, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Llistxattr(path string, dest []byte) (sz int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(dest) > 0 {
+		_p1 = unsafe.Pointer(&dest[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LLISTXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+	runtime.ExitSyscall()
+	sz = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LlistxattrAddr() *(func(path string, dest []byte) (sz int, err error))
+
+var Llistxattr = enter_Llistxattr
+
+func enter_Llistxattr(path string, dest []byte) (sz int, err error) {
+	funcref := get_LlistxattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LLISTXATTR_A<<4, "") == 0 {
+		*funcref = impl_Llistxattr
+	} else {
+		*funcref = error_Llistxattr
+	}
+	return (*funcref)(path, dest)
+}
+
+func error_Llistxattr(path string, dest []byte) (sz int, err error) {
+	sz = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lremovexattr(path string, attr string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(attr)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LREMOVEXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LremovexattrAddr() *(func(path string, attr string) (err error))
+
+var Lremovexattr = enter_Lremovexattr
+
+func enter_Lremovexattr(path string, attr string) (err error) {
+	funcref := get_LremovexattrAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LREMOVEXATTR_A<<4, "") == 0 {
+		*funcref = impl_Lremovexattr
+	} else {
+		*funcref = error_Lremovexattr
+	}
+	return (*funcref)(path, attr)
+}
+
+func error_Lremovexattr(path string, attr string) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lutimes(path string, tv []Timeval) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	var _p1 unsafe.Pointer
+	if len(tv) > 0 {
+		_p1 = unsafe.Pointer(&tv[0])
+	} else {
+		_p1 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LUTIMES_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(tv)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LutimesAddr() *(func(path string, tv []Timeval) (err error))
+
+var Lutimes = enter_Lutimes
+
+func enter_Lutimes(path string, tv []Timeval) (err error) {
+	funcref := get_LutimesAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LUTIMES_A<<4, "") == 0 {
+		*funcref = impl_Lutimes
+	} else {
+		*funcref = error_Lutimes
+	}
+	return (*funcref)(path, tv)
+}
+
+func error_Lutimes(path string, tv []Timeval) (err error) {
+	err = ENOSYS
 	return
 }
 
@@ -481,9 +1854,11 @@ func Mprotect(b []byte, prot int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := syscall_syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MPROTECT<<4, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -497,9 +1872,23 @@ func Msync(b []byte, flags int) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := syscall_syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MSYNC<<4, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Console2(cmsg *ConsMsg2, modstr *byte, concmd *uint32) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CONSOLE2<<4, uintptr(unsafe.Pointer(cmsg)), uintptr(unsafe.Pointer(modstr)), uintptr(unsafe.Pointer(concmd)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -513,21 +1902,106 @@ func Poll(fds []PollFd, timeout int) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall(SYS_POLL, uintptr(_p0), uintptr(len(fds)), uintptr(timeout))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_POLL<<4, uintptr(_p0), uintptr(len(fds)), uintptr(timeout))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READDIR_R_A<<4, uintptr(dirp), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Statfs(path string, buf *Statfs_t) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___STATFS_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_StatfsAddr() *(func(path string, buf *Statfs_t) (err error))
+
+var Statfs = enter_Statfs
+
+func enter_Statfs(path string, buf *Statfs_t) (err error) {
+	funcref := get_StatfsAddr()
+	if funcptrtest(GetZosLibVec()+SYS___STATFS_A<<4, "") == 0 {
+		*funcref = impl_Statfs
+	} else {
+		*funcref = error_Statfs
+	}
+	return (*funcref)(path, buf)
+}
+
+func error_Statfs(path string, buf *Statfs_t) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Syncfs(fd int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SYNCFS<<4, uintptr(fd))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_SyncfsAddr() *(func(fd int) (err error))
+
+var Syncfs = enter_Syncfs
+
+func enter_Syncfs(fd int) (err error) {
+	funcref := get_SyncfsAddr()
+	if funcptrtest(GetZosLibVec()+SYS_SYNCFS<<4, "") == 0 {
+		*funcref = impl_Syncfs
+	} else {
+		*funcref = error_Syncfs
+	}
+	return (*funcref)(fd)
+}
+
+func error_Syncfs(fd int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Times(tms *Tms) (ticks uintptr, err error) {
-	r0, _, e1 := syscall_syscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TIMES<<4, uintptr(unsafe.Pointer(tms)))
+	runtime.ExitSyscall()
 	ticks = uintptr(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -535,10 +2009,12 @@ func Times(tms *Tms) (ticks uintptr, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func W_Getmntent(buff *byte, size int) (lastsys int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_W_GETMNTENT, uintptr(unsafe.Pointer(buff)), uintptr(size), 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_W_GETMNTENT<<4, uintptr(unsafe.Pointer(buff)), uintptr(size))
+	runtime.ExitSyscall()
 	lastsys = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -546,10 +2022,12 @@ func W_Getmntent(buff *byte, size int) (lastsys int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func W_Getmntent_A(buff *byte, size int) (lastsys int, err error) {
-	r0, _, e1 := syscall_syscall(SYS___W_GETMNTENT_A, uintptr(unsafe.Pointer(buff)), uintptr(size), 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___W_GETMNTENT_A<<4, uintptr(unsafe.Pointer(buff)), uintptr(size))
+	runtime.ExitSyscall()
 	lastsys = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -577,24 +2055,28 @@ func mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall6(SYS___MOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3)))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MOUNT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func unmount(filesystem string, mtm int) (err error) {
+func unmount_LE(filesystem string, mtm int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(filesystem)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___UMOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mtm), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UMOUNT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mtm))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -607,9 +2089,24 @@ func Chroot(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___CHROOT_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHROOT_A<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SELECT<<4, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)))
+	runtime.ExitSyscall()
+	ret = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -617,15 +2114,47 @@ func Chroot(path string) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Uname(buf *Utsname) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS___UNAME_A, uintptr(unsafe.Pointer(buf)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_____OSNAME_A<<4, uintptr(unsafe.Pointer(buf)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Unshare(flags int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_UNSHARE<<4, uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_UnshareAddr() *(func(flags int) (err error))
+
+var Unshare = enter_Unshare
+
+func enter_Unshare(flags int) (err error) {
+	funcref := get_UnshareAddr()
+	if funcptrtest(GetZosLibVec()+SYS_UNSHARE<<4, "") == 0 {
+		*funcref = impl_Unshare
+	} else {
+		*funcref = error_Unshare
+	}
+	return (*funcref)(flags)
+}
+
+func error_Unshare(flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Gethostname(buf []byte) (err error) {
 	var _p0 unsafe.Pointer
 	if len(buf) > 0 {
@@ -633,33 +2162,19 @@ func Gethostname(buf []byte) (err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	_, _, e1 := syscall_syscall(SYS___GETHOSTNAME_A, uintptr(_p0), uintptr(len(buf)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETHOSTNAME_A<<4, uintptr(_p0), uintptr(len(buf)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Getegid() (egid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETEGID, 0, 0, 0)
-	egid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Geteuid() (uid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETEUID, 0, 0, 0)
-	uid = int(r0)
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
 func Getgid() (gid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETGID, 0, 0, 0)
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETGID<<4)
 	gid = int(r0)
 	return
 }
@@ -667,7 +2182,7 @@ func Getgid() (gid int) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpid() (pid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETPID, 0, 0, 0)
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETPID<<4)
 	pid = int(r0)
 	return
 }
@@ -675,10 +2190,10 @@ func Getpid() (pid int) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpgid(pid int) (pgid int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_GETPGID, uintptr(pid), 0, 0)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETPGID<<4, uintptr(pid))
 	pgid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -686,7 +2201,7 @@ func Getpgid(pid int) (pgid int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getppid() (pid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETPPID, 0, 0, 0)
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETPPID<<4)
 	pid = int(r0)
 	return
 }
@@ -694,10 +2209,12 @@ func Getppid() (pid int) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getpriority(which int, who int) (prio int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETPRIORITY<<4, uintptr(which), uintptr(who))
+	runtime.ExitSyscall()
 	prio = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -705,9 +2222,9 @@ func Getpriority(which int, who int) (prio int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getrlimit(resource int, rlim *Rlimit) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRLIMIT<<4, uintptr(resource), uintptr(unsafe.Pointer(rlim)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -715,20 +2232,40 @@ func Getrlimit(resource int, rlim *Rlimit) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func getrusage(who int, rusage *rusage_zos) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRUSAGE<<4, uintptr(who), uintptr(unsafe.Pointer(rusage)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Getegid() (egid int) {
+	runtime.EnterSyscall()
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETEGID<<4)
+	runtime.ExitSyscall()
+	egid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+	runtime.EnterSyscall()
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETEUID<<4)
+	runtime.ExitSyscall()
+	euid = int(r0)
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Getsid(pid int) (sid int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_GETSID, uintptr(pid), 0, 0)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETSID<<4, uintptr(pid))
 	sid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -736,7 +2273,7 @@ func Getsid(pid int) (sid int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Getuid() (uid int) {
-	r0, _, _ := syscall_rawsyscall(SYS_GETUID, 0, 0, 0)
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETUID<<4)
 	uid = int(r0)
 	return
 }
@@ -744,9 +2281,9 @@ func Getuid() (uid int) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Kill(pid int, sig Signal) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_KILL<<4, uintptr(pid), uintptr(sig))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -759,9 +2296,11 @@ func Lchown(path string, uid int, gid int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___LCHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LCHOWN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -779,19 +2318,65 @@ func Link(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___LINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LINK_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldPath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newPath)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LINKAT_A<<4, uintptr(oldDirFd), uintptr(unsafe.Pointer(_p0)), uintptr(newDirFd), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_LinkatAddr() *(func(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error))
+
+var Linkat = enter_Linkat
+
+func enter_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+	funcref := get_LinkatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___LINKAT_A<<4, "") == 0 {
+		*funcref = impl_Linkat
+	} else {
+		*funcref = error_Linkat
+	}
+	return (*funcref)(oldDirFd, oldPath, newDirFd, newPath, flags)
+}
+
+func error_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Listen(s int, n int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_LISTEN<<4, uintptr(s), uintptr(n))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -804,9 +2389,11 @@ func lstat(path string, stat *Stat_LE_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___LSTAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LSTAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -819,24 +2406,65 @@ func Mkdir(path string, mode uint32) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___MKDIR_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKDIR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKDIRAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_MkdiratAddr() *(func(dirfd int, path string, mode uint32) (err error))
+
+var Mkdirat = enter_Mkdirat
+
+func enter_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	funcref := get_MkdiratAddr()
+	if funcptrtest(GetZosLibVec()+SYS___MKDIRAT_A<<4, "") == 0 {
+		*funcref = impl_Mkdirat
+	} else {
+		*funcref = error_Mkdirat
+	}
+	return (*funcref)(dirfd, path, mode)
+}
+
+func error_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Mkfifo(path string, mode uint32) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___MKFIFO_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKFIFO_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -849,15 +2477,96 @@ func Mknod(path string, mode uint32, dev int) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___MKNOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKNOD_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKNODAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_MknodatAddr() *(func(dirfd int, path string, mode uint32, dev int) (err error))
+
+var Mknodat = enter_Mknodat
+
+func enter_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	funcref := get_MknodatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___MKNODAT_A<<4, "") == 0 {
+		*funcref = impl_Mknodat
+	} else {
+		*funcref = error_Mknodat
+	}
+	return (*funcref)(dirfd, path, mode, dev)
+}
+
+func error_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_PivotRoot(newroot string, oldroot string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(newroot)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(oldroot)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___PIVOT_ROOT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_PivotRootAddr() *(func(newroot string, oldroot string) (err error))
+
+var PivotRoot = enter_PivotRoot
+
+func enter_PivotRoot(newroot string, oldroot string) (err error) {
+	funcref := get_PivotRootAddr()
+	if funcptrtest(GetZosLibVec()+SYS___PIVOT_ROOT_A<<4, "") == 0 {
+		*funcref = impl_PivotRoot
+	} else {
+		*funcref = error_PivotRoot
+	}
+	return (*funcref)(newroot, oldroot)
+}
+
+func error_PivotRoot(newroot string, oldroot string) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	var _p0 unsafe.Pointer
 	if len(p) > 0 {
@@ -865,10 +2574,12 @@ func Pread(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PREAD<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -882,36 +2593,78 @@ func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
 	} else {
 		_p0 = unsafe.Pointer(&_zero)
 	}
-	r0, _, e1 := syscall_syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PWRITE<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset))
+	runtime.ExitSyscall()
 	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Readlink(path string, buf []byte) (n int, err error) {
-	var _p0 *byte
-	_p0, err = BytePtrFromString(path)
-	if err != nil {
-		return
+func impl_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___PRCTL_A<<4, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
-	var _p1 unsafe.Pointer
-	if len(buf) > 0 {
-		_p1 = unsafe.Pointer(&buf[0])
+	return
+}
+
+//go:nosplit
+func get_PrctlAddr() *(func(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error))
+
+var Prctl = enter_Prctl
+
+func enter_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+	funcref := get_PrctlAddr()
+	if funcptrtest(GetZosLibVec()+SYS___PRCTL_A<<4, "") == 0 {
+		*funcref = impl_Prctl
 	} else {
-		_p1 = unsafe.Pointer(&_zero)
+		*funcref = error_Prctl
 	}
-	r0, _, e1 := syscall_syscall(SYS___READLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
-	n = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	return (*funcref)(option, arg2, arg3, arg4, arg5)
+}
+
+func error_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PRLIMIT<<4, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
+//go:nosplit
+func get_PrlimitAddr() *(func(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error))
+
+var Prlimit = enter_Prlimit
+
+func enter_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+	funcref := get_PrlimitAddr()
+	if funcptrtest(GetZosLibVec()+SYS_PRLIMIT<<4, "") == 0 {
+		*funcref = impl_Prlimit
+	} else {
+		*funcref = error_Prlimit
+	}
+	return (*funcref)(pid, resource, newlimit, old)
+}
+
+func error_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+	err = ENOSYS
+	return
+}
+
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Rename(from string, to string) (err error) {
@@ -925,24 +2678,112 @@ func Rename(from string, to string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___RENAME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAME_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAMEAT_A<<4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_RenameatAddr() *(func(olddirfd int, oldpath string, newdirfd int, newpath string) (err error))
+
+var Renameat = enter_Renameat
+
+func enter_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	funcref := get_RenameatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___RENAMEAT_A<<4, "") == 0 {
+		*funcref = impl_Renameat
+	} else {
+		*funcref = error_Renameat
+	}
+	return (*funcref)(olddirfd, oldpath, newdirfd, newpath)
+}
+
+func error_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldpath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newpath)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAMEAT2_A<<4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_Renameat2Addr() *(func(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error))
+
+var Renameat2 = enter_Renameat2
+
+func enter_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+	funcref := get_Renameat2Addr()
+	if funcptrtest(GetZosLibVec()+SYS___RENAMEAT2_A<<4, "") == 0 {
+		*funcref = impl_Renameat2
+	} else {
+		*funcref = error_Renameat2
+	}
+	return (*funcref)(olddirfd, oldpath, newdirfd, newpath, flags)
+}
+
+func error_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Rmdir(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___RMDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RMDIR_A<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -950,20 +2791,118 @@ func Rmdir(path string) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Seek(fd int, offset int64, whence int) (off int64, err error) {
-	r0, _, e1 := syscall_syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_LSEEK<<4, uintptr(fd), uintptr(offset), uintptr(whence))
+	runtime.ExitSyscall()
 	off = int64(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func Setegid(egid int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETEGID<<4, uintptr(egid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETEUID<<4, uintptr(euid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Sethostname(p []byte) (err error) {
+	var _p0 unsafe.Pointer
+	if len(p) > 0 {
+		_p0 = unsafe.Pointer(&p[0])
+	} else {
+		_p0 = unsafe.Pointer(&_zero)
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SETHOSTNAME_A<<4, uintptr(_p0), uintptr(len(p)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_SethostnameAddr() *(func(p []byte) (err error))
+
+var Sethostname = enter_Sethostname
+
+func enter_Sethostname(p []byte) (err error) {
+	funcref := get_SethostnameAddr()
+	if funcptrtest(GetZosLibVec()+SYS___SETHOSTNAME_A<<4, "") == 0 {
+		*funcref = impl_Sethostname
+	} else {
+		*funcref = error_Sethostname
+	}
+	return (*funcref)(p)
+}
+
+func error_Sethostname(p []byte) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Setns(fd int, nstype int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETNS<<4, uintptr(fd), uintptr(nstype))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_SetnsAddr() *(func(fd int, nstype int) (err error))
+
+var Setns = enter_Setns
+
+func enter_Setns(fd int, nstype int) (err error) {
+	funcref := get_SetnsAddr()
+	if funcptrtest(GetZosLibVec()+SYS_SETNS<<4, "") == 0 {
+		*funcref = impl_Setns
+	} else {
+		*funcref = error_Setns
+	}
+	return (*funcref)(fd, nstype)
+}
+
+func error_Setns(fd int, nstype int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Setpriority(which int, who int, prio int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETPRIORITY<<4, uintptr(which), uintptr(who), uintptr(prio))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -971,9 +2910,9 @@ func Setpriority(which int, who int, prio int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setpgid(pid int, pgid int) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETPGID<<4, uintptr(pid), uintptr(pgid))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -981,9 +2920,9 @@ func Setpgid(pid int, pgid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setrlimit(resource int, lim *Rlimit) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(lim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETRLIMIT<<4, uintptr(resource), uintptr(unsafe.Pointer(lim)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -991,9 +2930,9 @@ func Setrlimit(resource int, lim *Rlimit) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setregid(rgid int, egid int) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETREGID<<4, uintptr(rgid), uintptr(egid))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1001,9 +2940,9 @@ func Setregid(rgid int, egid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setreuid(ruid int, euid int) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETREUID<<4, uintptr(ruid), uintptr(euid))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1011,10 +2950,10 @@ func Setreuid(ruid int, euid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setsid() (pid int, err error) {
-	r0, _, e1 := syscall_rawsyscall(SYS_SETSID, 0, 0, 0)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec() + SYS_SETSID<<4)
 	pid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1022,9 +2961,11 @@ func Setsid() (pid int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setuid(uid int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_SETUID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETUID<<4, uintptr(uid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1032,9 +2973,11 @@ func Setuid(uid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Setgid(uid int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_SETGID, uintptr(uid), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETGID<<4, uintptr(uid))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1042,9 +2985,11 @@ func Setgid(uid int) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Shutdown(fd int, how int) (err error) {
-	_, _, e1 := syscall_syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHUTDOWN<<4, uintptr(fd), uintptr(how))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1057,9 +3002,11 @@ func stat(path string, statLE *Stat_LE_t) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___STAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___STAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1077,17 +3024,63 @@ func Symlink(path string, link string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___SYMLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SYMLINK_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(oldPath)
+	if err != nil {
+		return
+	}
+	var _p1 *byte
+	_p1, err = BytePtrFromString(newPath)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SYMLINKAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(dirfd), uintptr(unsafe.Pointer(_p1)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_SymlinkatAddr() *(func(oldPath string, dirfd int, newPath string) (err error))
+
+var Symlinkat = enter_Symlinkat
+
+func enter_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+	funcref := get_SymlinkatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___SYMLINKAT_A<<4, "") == 0 {
+		*funcref = impl_Symlinkat
+	} else {
+		*funcref = error_Symlinkat
+	}
+	return (*funcref)(oldPath, dirfd, newPath)
+}
+
+func error_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Sync() {
-	syscall_syscall(SYS_SYNC, 0, 0, 0)
+	runtime.EnterSyscall()
+	CallLeFuncWithErr(GetZosLibVec() + SYS_SYNC<<4)
+	runtime.ExitSyscall()
 	return
 }
 
@@ -1099,9 +3092,11 @@ func Truncate(path string, length int64) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___TRUNCATE_A, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___TRUNCATE_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(length))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1109,9 +3104,11 @@ func Truncate(path string, length int64) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Tcgetattr(fildes int, termptr *Termios) (err error) {
-	_, _, e1 := syscall_syscall(SYS_TCGETATTR, uintptr(fildes), uintptr(unsafe.Pointer(termptr)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TCGETATTR<<4, uintptr(fildes), uintptr(unsafe.Pointer(termptr)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1119,9 +3116,11 @@ func Tcgetattr(fildes int, termptr *Termios) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Tcsetattr(fildes int, when int, termptr *Termios) (err error) {
-	_, _, e1 := syscall_syscall(SYS_TCSETATTR, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr)))
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TCSETATTR<<4, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1129,7 +3128,9 @@ func Tcsetattr(fildes int, when int, termptr *Termios) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func Umask(mask int) (oldmask int) {
-	r0, _, _ := syscall_syscall(SYS_UMASK, uintptr(mask), 0, 0)
+	runtime.EnterSyscall()
+	r0, _, _ := CallLeFuncWithErr(GetZosLibVec()+SYS_UMASK<<4, uintptr(mask))
+	runtime.ExitSyscall()
 	oldmask = int(r0)
 	return
 }
@@ -1142,24 +3143,65 @@ func Unlink(path string) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___UNLINK_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UNLINK_A<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_Unlinkat(dirfd int, path string, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UNLINKAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_UnlinkatAddr() *(func(dirfd int, path string, flags int) (err error))
+
+var Unlinkat = enter_Unlinkat
+
+func enter_Unlinkat(dirfd int, path string, flags int) (err error) {
+	funcref := get_UnlinkatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___UNLINKAT_A<<4, "") == 0 {
+		*funcref = impl_Unlinkat
+	} else {
+		*funcref = error_Unlinkat
+	}
+	return (*funcref)(dirfd, path, flags)
+}
+
+func error_Unlinkat(dirfd int, path string, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func Utime(path string, utim *Utimbuf) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___UTIME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIME_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1172,25 +3214,119 @@ func open(path string, mode int, perm uint32) (fd int, err error) {
 	if err != nil {
 		return
 	}
-	r0, _, e1 := syscall_syscall(SYS___OPEN_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPEN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+	runtime.ExitSyscall()
 	fd = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func impl_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPENAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_openatAddr() *(func(dirfd int, path string, flags int, mode uint32) (fd int, err error))
+
+var openat = enter_openat
+
+func enter_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	funcref := get_openatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___OPENAT_A<<4, "") == 0 {
+		*funcref = impl_openat
+	} else {
+		*funcref = error_openat
+	}
+	return (*funcref)(dirfd, path, flags, mode)
+}
+
+func error_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPENAT2_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(open_how)), uintptr(size))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_openat2Addr() *(func(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error))
+
+var openat2 = enter_openat2
+
+func enter_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+	funcref := get_openat2Addr()
+	if funcptrtest(GetZosLibVec()+SYS___OPENAT2_A<<4, "") == 0 {
+		*funcref = impl_openat2
+	} else {
+		*funcref = error_openat2
+	}
+	return (*funcref)(dirfd, path, open_how, size)
+}
+
+func error_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+	fd = -1
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func remove(path string) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS_REMOVE, uintptr(unsafe.Pointer(_p0)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_REMOVE<<4, uintptr(unsafe.Pointer(_p0)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func waitid(idType int, id int, info *Siginfo, options int) (err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAITID<<4, uintptr(idType), uintptr(id), uintptr(unsafe.Pointer(info)), uintptr(options))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1198,10 +3334,12 @@ func remove(path string) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) {
-	r0, _, e1 := syscall_syscall(SYS_WAITPID, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options))
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAITPID<<4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options))
+	runtime.ExitSyscall()
 	wpid = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1209,9 +3347,9 @@ func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func gettimeofday(tv *timeval_zos) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETTIMEOFDAY<<4, uintptr(unsafe.Pointer(tv)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1219,9 +3357,9 @@ func gettimeofday(tv *timeval_zos) (err error) {
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
 func pipe(p *[2]_C_int) (err error) {
-	_, _, e1 := syscall_rawsyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PIPE<<4, uintptr(unsafe.Pointer(p)))
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
@@ -1234,20 +3372,87 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
 	if err != nil {
 		return
 	}
-	_, _, e1 := syscall_syscall(SYS___UTIMES_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIMES_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
-func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) {
-	r0, _, e1 := syscall_syscall6(SYS_SELECT, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
-	ret = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
+func impl_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIMENSAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(ts)), uintptr(flags))
+	runtime.ExitSyscall()
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+//go:nosplit
+func get_utimensatAddr() *(func(dirfd int, path string, ts *[2]Timespec, flags int) (err error))
+
+var utimensat = enter_utimensat
+
+func enter_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+	funcref := get_utimensatAddr()
+	if funcptrtest(GetZosLibVec()+SYS___UTIMENSAT_A<<4, "") == 0 {
+		*funcref = impl_utimensat
+	} else {
+		*funcref = error_utimensat
+	}
+	return (*funcref)(dirfd, path, ts, flags)
+}
+
+func error_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+	err = ENOSYS
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Posix_openpt(oflag int) (fd int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_POSIX_OPENPT<<4, uintptr(oflag))
+	runtime.ExitSyscall()
+	fd = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Grantpt(fildes int) (rc int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GRANTPT<<4, uintptr(fildes))
+	runtime.ExitSyscall()
+	rc = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlockpt(fildes int) (rc int, err error) {
+	runtime.EnterSyscall()
+	r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_UNLOCKPT<<4, uintptr(fildes))
+	runtime.ExitSyscall()
+	rc = int(r0)
+	if int64(r0) == -1 {
+		err = errnoErr2(e1, e2)
 	}
 	return
 }
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index fcf3ecbd..c79aaff3 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -448,4 +448,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
 	SYS_FCHMODAT2                    = 452
+	SYS_MAP_SHADOW_STACK             = 453
+	SYS_FUTEX_WAKE                   = 454
+	SYS_FUTEX_WAIT                   = 455
+	SYS_FUTEX_REQUEUE                = 456
+	SYS_STATMOUNT                    = 457
+	SYS_LISTMOUNT                    = 458
+	SYS_LSM_GET_SELF_ATTR            = 459
+	SYS_LSM_SET_SELF_ATTR            = 460
+	SYS_LSM_LIST_MODULES             = 461
+	SYS_MSEAL                        = 462
+	SYS_SETXATTRAT                   = 463
+	SYS_GETXATTRAT                   = 464
+	SYS_LISTXATTRAT                  = 465
+	SYS_REMOVEXATTRAT                = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index f56dc250..5eb45069 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -341,6 +341,7 @@ const (
 	SYS_STATX                   = 332
 	SYS_IO_PGETEVENTS           = 333
 	SYS_RSEQ                    = 334
+	SYS_URETPROBE               = 335
 	SYS_PIDFD_SEND_SIGNAL       = 424
 	SYS_IO_URING_SETUP          = 425
 	SYS_IO_URING_ENTER          = 426
@@ -371,4 +372,17 @@ const (
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
 	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
+	SYS_MSEAL                   = 462
+	SYS_SETXATTRAT              = 463
+	SYS_GETXATTRAT              = 464
+	SYS_LISTXATTRAT             = 465
+	SYS_REMOVEXATTRAT           = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 974bf246..05e50297 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -412,4 +412,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
 	SYS_FCHMODAT2                    = 452
+	SYS_MAP_SHADOW_STACK             = 453
+	SYS_FUTEX_WAKE                   = 454
+	SYS_FUTEX_WAIT                   = 455
+	SYS_FUTEX_REQUEUE                = 456
+	SYS_STATMOUNT                    = 457
+	SYS_LISTMOUNT                    = 458
+	SYS_LSM_GET_SELF_ATTR            = 459
+	SYS_LSM_SET_SELF_ATTR            = 460
+	SYS_LSM_LIST_MODULES             = 461
+	SYS_MSEAL                        = 462
+	SYS_SETXATTRAT                   = 463
+	SYS_GETXATTRAT                   = 464
+	SYS_LISTXATTRAT                  = 465
+	SYS_REMOVEXATTRAT                = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 39a2739e..38c53ec5 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -85,7 +85,7 @@ const (
 	SYS_SPLICE                  = 76
 	SYS_TEE                     = 77
 	SYS_READLINKAT              = 78
-	SYS_FSTATAT                 = 79
+	SYS_NEWFSTATAT              = 79
 	SYS_FSTAT                   = 80
 	SYS_SYNC                    = 81
 	SYS_FSYNC                   = 82
@@ -315,4 +315,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
+	SYS_MSEAL                   = 462
+	SYS_SETXATTRAT              = 463
+	SYS_GETXATTRAT              = 464
+	SYS_LISTXATTRAT             = 465
+	SYS_REMOVEXATTRAT           = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index cf9c9d77..31d2e71a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -84,6 +84,8 @@ const (
 	SYS_SPLICE                  = 76
 	SYS_TEE                     = 77
 	SYS_READLINKAT              = 78
+	SYS_NEWFSTATAT              = 79
+	SYS_FSTAT                   = 80
 	SYS_SYNC                    = 81
 	SYS_FSYNC                   = 82
 	SYS_FDATASYNC               = 83
@@ -309,4 +311,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
+	SYS_MSEAL                   = 462
+	SYS_SETXATTRAT              = 463
+	SYS_GETXATTRAT              = 464
+	SYS_LISTXATTRAT             = 465
+	SYS_REMOVEXATTRAT           = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 10b7362e..f4184a33 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -432,4 +432,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
 	SYS_FCHMODAT2                    = 4452
+	SYS_MAP_SHADOW_STACK             = 4453
+	SYS_FUTEX_WAKE                   = 4454
+	SYS_FUTEX_WAIT                   = 4455
+	SYS_FUTEX_REQUEUE                = 4456
+	SYS_STATMOUNT                    = 4457
+	SYS_LISTMOUNT                    = 4458
+	SYS_LSM_GET_SELF_ATTR            = 4459
+	SYS_LSM_SET_SELF_ATTR            = 4460
+	SYS_LSM_LIST_MODULES             = 4461
+	SYS_MSEAL                        = 4462
+	SYS_SETXATTRAT                   = 4463
+	SYS_GETXATTRAT                   = 4464
+	SYS_LISTXATTRAT                  = 4465
+	SYS_REMOVEXATTRAT                = 4466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index cd4d8b4f..05b99622 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -362,4 +362,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
 	SYS_FCHMODAT2               = 5452
+	SYS_MAP_SHADOW_STACK        = 5453
+	SYS_FUTEX_WAKE              = 5454
+	SYS_FUTEX_WAIT              = 5455
+	SYS_FUTEX_REQUEUE           = 5456
+	SYS_STATMOUNT               = 5457
+	SYS_LISTMOUNT               = 5458
+	SYS_LSM_GET_SELF_ATTR       = 5459
+	SYS_LSM_SET_SELF_ATTR       = 5460
+	SYS_LSM_LIST_MODULES        = 5461
+	SYS_MSEAL                   = 5462
+	SYS_SETXATTRAT              = 5463
+	SYS_GETXATTRAT              = 5464
+	SYS_LISTXATTRAT             = 5465
+	SYS_REMOVEXATTRAT           = 5466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index 2c0efca8..43a256e9 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -362,4 +362,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
 	SYS_FCHMODAT2               = 5452
+	SYS_MAP_SHADOW_STACK        = 5453
+	SYS_FUTEX_WAKE              = 5454
+	SYS_FUTEX_WAIT              = 5455
+	SYS_FUTEX_REQUEUE           = 5456
+	SYS_STATMOUNT               = 5457
+	SYS_LISTMOUNT               = 5458
+	SYS_LSM_GET_SELF_ATTR       = 5459
+	SYS_LSM_SET_SELF_ATTR       = 5460
+	SYS_LSM_LIST_MODULES        = 5461
+	SYS_MSEAL                   = 5462
+	SYS_SETXATTRAT              = 5463
+	SYS_GETXATTRAT              = 5464
+	SYS_LISTXATTRAT             = 5465
+	SYS_REMOVEXATTRAT           = 5466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index a72e31d3..eea5ddfc 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -432,4 +432,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
 	SYS_FCHMODAT2                    = 4452
+	SYS_MAP_SHADOW_STACK             = 4453
+	SYS_FUTEX_WAKE                   = 4454
+	SYS_FUTEX_WAIT                   = 4455
+	SYS_FUTEX_REQUEUE                = 4456
+	SYS_STATMOUNT                    = 4457
+	SYS_LISTMOUNT                    = 4458
+	SYS_LSM_GET_SELF_ATTR            = 4459
+	SYS_LSM_SET_SELF_ATTR            = 4460
+	SYS_LSM_LIST_MODULES             = 4461
+	SYS_MSEAL                        = 4462
+	SYS_SETXATTRAT                   = 4463
+	SYS_GETXATTRAT                   = 4464
+	SYS_LISTXATTRAT                  = 4465
+	SYS_REMOVEXATTRAT                = 4466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index c7d1e374..0d777bfb 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -439,4 +439,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
 	SYS_FCHMODAT2                    = 452
+	SYS_MAP_SHADOW_STACK             = 453
+	SYS_FUTEX_WAKE                   = 454
+	SYS_FUTEX_WAIT                   = 455
+	SYS_FUTEX_REQUEUE                = 456
+	SYS_STATMOUNT                    = 457
+	SYS_LISTMOUNT                    = 458
+	SYS_LSM_GET_SELF_ATTR            = 459
+	SYS_LSM_SET_SELF_ATTR            = 460
+	SYS_LSM_LIST_MODULES             = 461
+	SYS_MSEAL                        = 462
+	SYS_SETXATTRAT                   = 463
+	SYS_GETXATTRAT                   = 464
+	SYS_LISTXATTRAT                  = 465
+	SYS_REMOVEXATTRAT                = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index f4d4838c..b4463650 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -411,4 +411,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
+	SYS_MSEAL                   = 462
+	SYS_SETXATTRAT              = 463
+	SYS_GETXATTRAT              = 464
+	SYS_LISTXATTRAT             = 465
+	SYS_REMOVEXATTRAT           = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index b64f0e59..0c7d21c1 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -411,4 +411,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
+	SYS_MSEAL                   = 462
+	SYS_SETXATTRAT              = 463
+	SYS_GETXATTRAT              = 464
+	SYS_LISTXATTRAT             = 465
+	SYS_REMOVEXATTRAT           = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 95711195..84053916 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -84,7 +84,7 @@ const (
 	SYS_SPLICE                  = 76
 	SYS_TEE                     = 77
 	SYS_READLINKAT              = 78
-	SYS_FSTATAT                 = 79
+	SYS_NEWFSTATAT              = 79
 	SYS_FSTAT                   = 80
 	SYS_SYNC                    = 81
 	SYS_FSYNC                   = 82
@@ -316,4 +316,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
+	SYS_MSEAL                   = 462
+	SYS_SETXATTRAT              = 463
+	SYS_GETXATTRAT              = 464
+	SYS_LISTXATTRAT             = 465
+	SYS_REMOVEXATTRAT           = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index f94e943b..fcf1b790 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -377,4 +377,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
+	SYS_MSEAL                   = 462
+	SYS_SETXATTRAT              = 463
+	SYS_GETXATTRAT              = 464
+	SYS_LISTXATTRAT             = 465
+	SYS_REMOVEXATTRAT           = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index ba0c2bc5..52d15b5f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -390,4 +390,18 @@ const (
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
 	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
+	SYS_FUTEX_WAKE              = 454
+	SYS_FUTEX_WAIT              = 455
+	SYS_FUTEX_REQUEUE           = 456
+	SYS_STATMOUNT               = 457
+	SYS_LISTMOUNT               = 458
+	SYS_LSM_GET_SELF_ATTR       = 459
+	SYS_LSM_SET_SELF_ATTR       = 460
+	SYS_LSM_LIST_MODULES        = 461
+	SYS_MSEAL                   = 462
+	SYS_SETXATTRAT              = 463
+	SYS_GETXATTRAT              = 464
+	SYS_LISTXATTRAT             = 465
+	SYS_REMOVEXATTRAT           = 466
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
index b2e30858..5e8c263c 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -1,2669 +1,2852 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
+// Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
 
 package unix
 
-// TODO: auto-generate.
-
 const (
-	SYS_ACOSD128                        = 0xB80
-	SYS_ACOSD32                         = 0xB7E
-	SYS_ACOSD64                         = 0xB7F
-	SYS_ACOSHD128                       = 0xB83
-	SYS_ACOSHD32                        = 0xB81
-	SYS_ACOSHD64                        = 0xB82
-	SYS_AIO_FSYNC                       = 0xC69
-	SYS_ASCTIME                         = 0x0AE
-	SYS_ASCTIME64                       = 0xCD7
-	SYS_ASCTIME64_R                     = 0xCD8
-	SYS_ASIND128                        = 0xB86
-	SYS_ASIND32                         = 0xB84
-	SYS_ASIND64                         = 0xB85
-	SYS_ASINHD128                       = 0xB89
-	SYS_ASINHD32                        = 0xB87
-	SYS_ASINHD64                        = 0xB88
-	SYS_ATAN2D128                       = 0xB8F
-	SYS_ATAN2D32                        = 0xB8D
-	SYS_ATAN2D64                        = 0xB8E
-	SYS_ATAND128                        = 0xB8C
-	SYS_ATAND32                         = 0xB8A
-	SYS_ATAND64                         = 0xB8B
-	SYS_ATANHD128                       = 0xB92
-	SYS_ATANHD32                        = 0xB90
-	SYS_ATANHD64                        = 0xB91
-	SYS_BIND2ADDRSEL                    = 0xD59
-	SYS_C16RTOMB                        = 0xD40
-	SYS_C32RTOMB                        = 0xD41
-	SYS_CBRTD128                        = 0xB95
-	SYS_CBRTD32                         = 0xB93
-	SYS_CBRTD64                         = 0xB94
-	SYS_CEILD128                        = 0xB98
-	SYS_CEILD32                         = 0xB96
-	SYS_CEILD64                         = 0xB97
-	SYS_CLEARENV                        = 0x0C9
-	SYS_CLEARERR_UNLOCKED               = 0xCA1
-	SYS_CLOCK                           = 0x0AA
-	SYS_CLOGL                           = 0xA00
-	SYS_CLRMEMF                         = 0x0BD
-	SYS_CONJ                            = 0xA03
-	SYS_CONJF                           = 0xA06
-	SYS_CONJL                           = 0xA09
-	SYS_COPYSIGND128                    = 0xB9E
-	SYS_COPYSIGND32                     = 0xB9C
-	SYS_COPYSIGND64                     = 0xB9D
-	SYS_COSD128                         = 0xBA1
-	SYS_COSD32                          = 0xB9F
-	SYS_COSD64                          = 0xBA0
-	SYS_COSHD128                        = 0xBA4
-	SYS_COSHD32                         = 0xBA2
-	SYS_COSHD64                         = 0xBA3
-	SYS_CPOW                            = 0xA0C
-	SYS_CPOWF                           = 0xA0F
-	SYS_CPOWL                           = 0xA12
-	SYS_CPROJ                           = 0xA15
-	SYS_CPROJF                          = 0xA18
-	SYS_CPROJL                          = 0xA1B
-	SYS_CREAL                           = 0xA1E
-	SYS_CREALF                          = 0xA21
-	SYS_CREALL                          = 0xA24
-	SYS_CSIN                            = 0xA27
-	SYS_CSINF                           = 0xA2A
-	SYS_CSINH                           = 0xA30
-	SYS_CSINHF                          = 0xA33
-	SYS_CSINHL                          = 0xA36
-	SYS_CSINL                           = 0xA2D
-	SYS_CSNAP                           = 0x0C5
-	SYS_CSQRT                           = 0xA39
-	SYS_CSQRTF                          = 0xA3C
-	SYS_CSQRTL                          = 0xA3F
-	SYS_CTAN                            = 0xA42
-	SYS_CTANF                           = 0xA45
-	SYS_CTANH                           = 0xA4B
-	SYS_CTANHF                          = 0xA4E
-	SYS_CTANHL                          = 0xA51
-	SYS_CTANL                           = 0xA48
-	SYS_CTIME                           = 0x0AB
-	SYS_CTIME64                         = 0xCD9
-	SYS_CTIME64_R                       = 0xCDA
-	SYS_CTRACE                          = 0x0C6
-	SYS_DIFFTIME                        = 0x0A7
-	SYS_DIFFTIME64                      = 0xCDB
-	SYS_DLADDR                          = 0xC82
-	SYS_DYNALLOC                        = 0x0C3
-	SYS_DYNFREE                         = 0x0C2
-	SYS_ERFCD128                        = 0xBAA
-	SYS_ERFCD32                         = 0xBA8
-	SYS_ERFCD64                         = 0xBA9
-	SYS_ERFD128                         = 0xBA7
-	SYS_ERFD32                          = 0xBA5
-	SYS_ERFD64                          = 0xBA6
-	SYS_EXP2D128                        = 0xBB0
-	SYS_EXP2D32                         = 0xBAE
-	SYS_EXP2D64                         = 0xBAF
-	SYS_EXPD128                         = 0xBAD
-	SYS_EXPD32                          = 0xBAB
-	SYS_EXPD64                          = 0xBAC
-	SYS_EXPM1D128                       = 0xBB3
-	SYS_EXPM1D32                        = 0xBB1
-	SYS_EXPM1D64                        = 0xBB2
-	SYS_FABSD128                        = 0xBB6
-	SYS_FABSD32                         = 0xBB4
-	SYS_FABSD64                         = 0xBB5
-	SYS_FDELREC_UNLOCKED                = 0xCA2
-	SYS_FDIMD128                        = 0xBB9
-	SYS_FDIMD32                         = 0xBB7
-	SYS_FDIMD64                         = 0xBB8
-	SYS_FDOPEN_UNLOCKED                 = 0xCFC
-	SYS_FECLEAREXCEPT                   = 0xAEA
-	SYS_FEGETENV                        = 0xAEB
-	SYS_FEGETEXCEPTFLAG                 = 0xAEC
-	SYS_FEGETROUND                      = 0xAED
-	SYS_FEHOLDEXCEPT                    = 0xAEE
-	SYS_FEOF_UNLOCKED                   = 0xCA3
-	SYS_FERAISEEXCEPT                   = 0xAEF
-	SYS_FERROR_UNLOCKED                 = 0xCA4
-	SYS_FESETENV                        = 0xAF0
-	SYS_FESETEXCEPTFLAG                 = 0xAF1
-	SYS_FESETROUND                      = 0xAF2
-	SYS_FETCHEP                         = 0x0BF
-	SYS_FETESTEXCEPT                    = 0xAF3
-	SYS_FEUPDATEENV                     = 0xAF4
-	SYS_FE_DEC_GETROUND                 = 0xBBA
-	SYS_FE_DEC_SETROUND                 = 0xBBB
-	SYS_FFLUSH_UNLOCKED                 = 0xCA5
-	SYS_FGETC_UNLOCKED                  = 0xC80
-	SYS_FGETPOS64                       = 0xCEE
-	SYS_FGETPOS64_UNLOCKED              = 0xCF4
-	SYS_FGETPOS_UNLOCKED                = 0xCA6
-	SYS_FGETS_UNLOCKED                  = 0xC7C
-	SYS_FGETWC_UNLOCKED                 = 0xCA7
-	SYS_FGETWS_UNLOCKED                 = 0xCA8
-	SYS_FILENO_UNLOCKED                 = 0xCA9
-	SYS_FLDATA                          = 0x0C1
-	SYS_FLDATA_UNLOCKED                 = 0xCAA
-	SYS_FLOCATE_UNLOCKED                = 0xCAB
-	SYS_FLOORD128                       = 0xBBE
-	SYS_FLOORD32                        = 0xBBC
-	SYS_FLOORD64                        = 0xBBD
-	SYS_FMA                             = 0xA63
-	SYS_FMAD128                         = 0xBC1
-	SYS_FMAD32                          = 0xBBF
-	SYS_FMAD64                          = 0xBC0
-	SYS_FMAF                            = 0xA66
-	SYS_FMAL                            = 0xA69
-	SYS_FMAX                            = 0xA6C
-	SYS_FMAXD128                        = 0xBC4
-	SYS_FMAXD32                         = 0xBC2
-	SYS_FMAXD64                         = 0xBC3
-	SYS_FMAXF                           = 0xA6F
-	SYS_FMAXL                           = 0xA72
-	SYS_FMIN                            = 0xA75
-	SYS_FMIND128                        = 0xBC7
-	SYS_FMIND32                         = 0xBC5
-	SYS_FMIND64                         = 0xBC6
-	SYS_FMINF                           = 0xA78
-	SYS_FMINL                           = 0xA7B
-	SYS_FMODD128                        = 0xBCA
-	SYS_FMODD32                         = 0xBC8
-	SYS_FMODD64                         = 0xBC9
-	SYS_FOPEN64                         = 0xD49
-	SYS_FOPEN64_UNLOCKED                = 0xD4A
-	SYS_FOPEN_UNLOCKED                  = 0xCFA
-	SYS_FPRINTF_UNLOCKED                = 0xCAC
-	SYS_FPUTC_UNLOCKED                  = 0xC81
-	SYS_FPUTS_UNLOCKED                  = 0xC7E
-	SYS_FPUTWC_UNLOCKED                 = 0xCAD
-	SYS_FPUTWS_UNLOCKED                 = 0xCAE
-	SYS_FREAD_NOUPDATE                  = 0xCEC
-	SYS_FREAD_NOUPDATE_UNLOCKED         = 0xCED
-	SYS_FREAD_UNLOCKED                  = 0xC7B
-	SYS_FREEIFADDRS                     = 0xCE6
-	SYS_FREOPEN64                       = 0xD4B
-	SYS_FREOPEN64_UNLOCKED              = 0xD4C
-	SYS_FREOPEN_UNLOCKED                = 0xCFB
-	SYS_FREXPD128                       = 0xBCE
-	SYS_FREXPD32                        = 0xBCC
-	SYS_FREXPD64                        = 0xBCD
-	SYS_FSCANF_UNLOCKED                 = 0xCAF
-	SYS_FSEEK64                         = 0xCEF
-	SYS_FSEEK64_UNLOCKED                = 0xCF5
-	SYS_FSEEKO64                        = 0xCF0
-	SYS_FSEEKO64_UNLOCKED               = 0xCF6
-	SYS_FSEEKO_UNLOCKED                 = 0xCB1
-	SYS_FSEEK_UNLOCKED                  = 0xCB0
-	SYS_FSETPOS64                       = 0xCF1
-	SYS_FSETPOS64_UNLOCKED              = 0xCF7
-	SYS_FSETPOS_UNLOCKED                = 0xCB3
-	SYS_FTELL64                         = 0xCF2
-	SYS_FTELL64_UNLOCKED                = 0xCF8
-	SYS_FTELLO64                        = 0xCF3
-	SYS_FTELLO64_UNLOCKED               = 0xCF9
-	SYS_FTELLO_UNLOCKED                 = 0xCB5
-	SYS_FTELL_UNLOCKED                  = 0xCB4
-	SYS_FUPDATE                         = 0x0B5
-	SYS_FUPDATE_UNLOCKED                = 0xCB7
-	SYS_FWIDE_UNLOCKED                  = 0xCB8
-	SYS_FWPRINTF_UNLOCKED               = 0xCB9
-	SYS_FWRITE_UNLOCKED                 = 0xC7A
-	SYS_FWSCANF_UNLOCKED                = 0xCBA
-	SYS_GETDATE64                       = 0xD4F
-	SYS_GETIFADDRS                      = 0xCE7
-	SYS_GETIPV4SOURCEFILTER             = 0xC77
-	SYS_GETSOURCEFILTER                 = 0xC79
-	SYS_GETSYNTX                        = 0x0FD
-	SYS_GETS_UNLOCKED                   = 0xC7D
-	SYS_GETTIMEOFDAY64                  = 0xD50
-	SYS_GETWCHAR_UNLOCKED               = 0xCBC
-	SYS_GETWC_UNLOCKED                  = 0xCBB
-	SYS_GMTIME                          = 0x0B0
-	SYS_GMTIME64                        = 0xCDC
-	SYS_GMTIME64_R                      = 0xCDD
-	SYS_HYPOTD128                       = 0xBD1
-	SYS_HYPOTD32                        = 0xBCF
-	SYS_HYPOTD64                        = 0xBD0
-	SYS_ILOGBD128                       = 0xBD4
-	SYS_ILOGBD32                        = 0xBD2
-	SYS_ILOGBD64                        = 0xBD3
-	SYS_ILOGBF                          = 0xA7E
-	SYS_ILOGBL                          = 0xA81
-	SYS_INET6_IS_SRCADDR                = 0xD5A
-	SYS_ISBLANK                         = 0x0FE
-	SYS_ISWALNUM                        = 0x0FF
-	SYS_LDEXPD128                       = 0xBD7
-	SYS_LDEXPD32                        = 0xBD5
-	SYS_LDEXPD64                        = 0xBD6
-	SYS_LGAMMAD128                      = 0xBDA
-	SYS_LGAMMAD32                       = 0xBD8
-	SYS_LGAMMAD64                       = 0xBD9
-	SYS_LIO_LISTIO                      = 0xC6A
-	SYS_LLRINT                          = 0xA84
-	SYS_LLRINTD128                      = 0xBDD
-	SYS_LLRINTD32                       = 0xBDB
-	SYS_LLRINTD64                       = 0xBDC
-	SYS_LLRINTF                         = 0xA87
-	SYS_LLRINTL                         = 0xA8A
-	SYS_LLROUND                         = 0xA8D
-	SYS_LLROUNDD128                     = 0xBE0
-	SYS_LLROUNDD32                      = 0xBDE
-	SYS_LLROUNDD64                      = 0xBDF
-	SYS_LLROUNDF                        = 0xA90
-	SYS_LLROUNDL                        = 0xA93
-	SYS_LOCALTIM                        = 0x0B1
-	SYS_LOCALTIME                       = 0x0B1
-	SYS_LOCALTIME64                     = 0xCDE
-	SYS_LOCALTIME64_R                   = 0xCDF
-	SYS_LOG10D128                       = 0xBE6
-	SYS_LOG10D32                        = 0xBE4
-	SYS_LOG10D64                        = 0xBE5
-	SYS_LOG1PD128                       = 0xBE9
-	SYS_LOG1PD32                        = 0xBE7
-	SYS_LOG1PD64                        = 0xBE8
-	SYS_LOG2D128                        = 0xBEC
-	SYS_LOG2D32                         = 0xBEA
-	SYS_LOG2D64                         = 0xBEB
-	SYS_LOGBD128                        = 0xBEF
-	SYS_LOGBD32                         = 0xBED
-	SYS_LOGBD64                         = 0xBEE
-	SYS_LOGBF                           = 0xA96
-	SYS_LOGBL                           = 0xA99
-	SYS_LOGD128                         = 0xBE3
-	SYS_LOGD32                          = 0xBE1
-	SYS_LOGD64                          = 0xBE2
-	SYS_LRINT                           = 0xA9C
-	SYS_LRINTD128                       = 0xBF2
-	SYS_LRINTD32                        = 0xBF0
-	SYS_LRINTD64                        = 0xBF1
-	SYS_LRINTF                          = 0xA9F
-	SYS_LRINTL                          = 0xAA2
-	SYS_LROUNDD128                      = 0xBF5
-	SYS_LROUNDD32                       = 0xBF3
-	SYS_LROUNDD64                       = 0xBF4
-	SYS_LROUNDL                         = 0xAA5
-	SYS_MBLEN                           = 0x0AF
-	SYS_MBRTOC16                        = 0xD42
-	SYS_MBRTOC32                        = 0xD43
-	SYS_MEMSET                          = 0x0A3
-	SYS_MKTIME                          = 0x0AC
-	SYS_MKTIME64                        = 0xCE0
-	SYS_MODFD128                        = 0xBF8
-	SYS_MODFD32                         = 0xBF6
-	SYS_MODFD64                         = 0xBF7
-	SYS_NAN                             = 0xAA8
-	SYS_NAND128                         = 0xBFB
-	SYS_NAND32                          = 0xBF9
-	SYS_NAND64                          = 0xBFA
-	SYS_NANF                            = 0xAAA
-	SYS_NANL                            = 0xAAC
-	SYS_NEARBYINT                       = 0xAAE
-	SYS_NEARBYINTD128                   = 0xBFE
-	SYS_NEARBYINTD32                    = 0xBFC
-	SYS_NEARBYINTD64                    = 0xBFD
-	SYS_NEARBYINTF                      = 0xAB1
-	SYS_NEARBYINTL                      = 0xAB4
-	SYS_NEXTAFTERD128                   = 0xC01
-	SYS_NEXTAFTERD32                    = 0xBFF
-	SYS_NEXTAFTERD64                    = 0xC00
-	SYS_NEXTAFTERF                      = 0xAB7
-	SYS_NEXTAFTERL                      = 0xABA
-	SYS_NEXTTOWARD                      = 0xABD
-	SYS_NEXTTOWARDD128                  = 0xC04
-	SYS_NEXTTOWARDD32                   = 0xC02
-	SYS_NEXTTOWARDD64                   = 0xC03
-	SYS_NEXTTOWARDF                     = 0xAC0
-	SYS_NEXTTOWARDL                     = 0xAC3
-	SYS_NL_LANGINFO                     = 0x0FC
-	SYS_PERROR_UNLOCKED                 = 0xCBD
-	SYS_POSIX_FALLOCATE                 = 0xCE8
-	SYS_POSIX_MEMALIGN                  = 0xCE9
-	SYS_POSIX_OPENPT                    = 0xC66
-	SYS_POWD128                         = 0xC07
-	SYS_POWD32                          = 0xC05
-	SYS_POWD64                          = 0xC06
-	SYS_PRINTF_UNLOCKED                 = 0xCBE
-	SYS_PSELECT                         = 0xC67
-	SYS_PTHREAD_ATTR_GETSTACK           = 0xB3E
-	SYS_PTHREAD_ATTR_SETSTACK           = 0xB3F
-	SYS_PTHREAD_SECURITY_APPLID_NP      = 0xCE4
-	SYS_PUTS_UNLOCKED                   = 0xC7F
-	SYS_PUTWCHAR_UNLOCKED               = 0xCC0
-	SYS_PUTWC_UNLOCKED                  = 0xCBF
-	SYS_QUANTEXPD128                    = 0xD46
-	SYS_QUANTEXPD32                     = 0xD44
-	SYS_QUANTEXPD64                     = 0xD45
-	SYS_QUANTIZED128                    = 0xC0A
-	SYS_QUANTIZED32                     = 0xC08
-	SYS_QUANTIZED64                     = 0xC09
-	SYS_REMAINDERD128                   = 0xC0D
-	SYS_REMAINDERD32                    = 0xC0B
-	SYS_REMAINDERD64                    = 0xC0C
-	SYS_RESIZE_ALLOC                    = 0xCEB
-	SYS_REWIND_UNLOCKED                 = 0xCC1
-	SYS_RINTD128                        = 0xC13
-	SYS_RINTD32                         = 0xC11
-	SYS_RINTD64                         = 0xC12
-	SYS_RINTF                           = 0xACB
-	SYS_RINTL                           = 0xACD
-	SYS_ROUND                           = 0xACF
-	SYS_ROUNDD128                       = 0xC16
-	SYS_ROUNDD32                        = 0xC14
-	SYS_ROUNDD64                        = 0xC15
-	SYS_ROUNDF                          = 0xAD2
-	SYS_ROUNDL                          = 0xAD5
-	SYS_SAMEQUANTUMD128                 = 0xC19
-	SYS_SAMEQUANTUMD32                  = 0xC17
-	SYS_SAMEQUANTUMD64                  = 0xC18
-	SYS_SCALBLN                         = 0xAD8
-	SYS_SCALBLND128                     = 0xC1C
-	SYS_SCALBLND32                      = 0xC1A
-	SYS_SCALBLND64                      = 0xC1B
-	SYS_SCALBLNF                        = 0xADB
-	SYS_SCALBLNL                        = 0xADE
-	SYS_SCALBND128                      = 0xC1F
-	SYS_SCALBND32                       = 0xC1D
-	SYS_SCALBND64                       = 0xC1E
-	SYS_SCALBNF                         = 0xAE3
-	SYS_SCALBNL                         = 0xAE6
-	SYS_SCANF_UNLOCKED                  = 0xCC2
-	SYS_SCHED_YIELD                     = 0xB32
-	SYS_SETENV                          = 0x0C8
-	SYS_SETIPV4SOURCEFILTER             = 0xC76
-	SYS_SETSOURCEFILTER                 = 0xC78
-	SYS_SHM_OPEN                        = 0xC8C
-	SYS_SHM_UNLINK                      = 0xC8D
-	SYS_SIND128                         = 0xC22
-	SYS_SIND32                          = 0xC20
-	SYS_SIND64                          = 0xC21
-	SYS_SINHD128                        = 0xC25
-	SYS_SINHD32                         = 0xC23
-	SYS_SINHD64                         = 0xC24
-	SYS_SIZEOF_ALLOC                    = 0xCEA
-	SYS_SOCKATMARK                      = 0xC68
-	SYS_SQRTD128                        = 0xC28
-	SYS_SQRTD32                         = 0xC26
-	SYS_SQRTD64                         = 0xC27
-	SYS_STRCHR                          = 0x0A0
-	SYS_STRCSPN                         = 0x0A1
-	SYS_STRERROR                        = 0x0A8
-	SYS_STRERROR_R                      = 0xB33
-	SYS_STRFTIME                        = 0x0B2
-	SYS_STRLEN                          = 0x0A9
-	SYS_STRPBRK                         = 0x0A2
-	SYS_STRSPN                          = 0x0A4
-	SYS_STRSTR                          = 0x0A5
-	SYS_STRTOD128                       = 0xC2B
-	SYS_STRTOD32                        = 0xC29
-	SYS_STRTOD64                        = 0xC2A
-	SYS_STRTOK                          = 0x0A6
-	SYS_TAND128                         = 0xC2E
-	SYS_TAND32                          = 0xC2C
-	SYS_TAND64                          = 0xC2D
-	SYS_TANHD128                        = 0xC31
-	SYS_TANHD32                         = 0xC2F
-	SYS_TANHD64                         = 0xC30
-	SYS_TGAMMAD128                      = 0xC34
-	SYS_TGAMMAD32                       = 0xC32
-	SYS_TGAMMAD64                       = 0xC33
-	SYS_TIME                            = 0x0AD
-	SYS_TIME64                          = 0xCE1
-	SYS_TMPFILE64                       = 0xD4D
-	SYS_TMPFILE64_UNLOCKED              = 0xD4E
-	SYS_TMPFILE_UNLOCKED                = 0xCFD
-	SYS_TRUNCD128                       = 0xC40
-	SYS_TRUNCD32                        = 0xC3E
-	SYS_TRUNCD64                        = 0xC3F
-	SYS_UNGETC_UNLOCKED                 = 0xCC3
-	SYS_UNGETWC_UNLOCKED                = 0xCC4
-	SYS_UNSETENV                        = 0xB34
-	SYS_VFPRINTF_UNLOCKED               = 0xCC5
-	SYS_VFSCANF_UNLOCKED                = 0xCC7
-	SYS_VFWPRINTF_UNLOCKED              = 0xCC9
-	SYS_VFWSCANF_UNLOCKED               = 0xCCB
-	SYS_VPRINTF_UNLOCKED                = 0xCCD
-	SYS_VSCANF_UNLOCKED                 = 0xCCF
-	SYS_VWPRINTF_UNLOCKED               = 0xCD1
-	SYS_VWSCANF_UNLOCKED                = 0xCD3
-	SYS_WCSTOD128                       = 0xC43
-	SYS_WCSTOD32                        = 0xC41
-	SYS_WCSTOD64                        = 0xC42
-	SYS_WPRINTF_UNLOCKED                = 0xCD5
-	SYS_WSCANF_UNLOCKED                 = 0xCD6
-	SYS__FLUSHLBF                       = 0xD68
-	SYS__FLUSHLBF_UNLOCKED              = 0xD6F
-	SYS___ACOSHF_H                      = 0xA54
-	SYS___ACOSHL_H                      = 0xA55
-	SYS___ASINHF_H                      = 0xA56
-	SYS___ASINHL_H                      = 0xA57
-	SYS___ATANPID128                    = 0xC6D
-	SYS___ATANPID32                     = 0xC6B
-	SYS___ATANPID64                     = 0xC6C
-	SYS___CBRTF_H                       = 0xA58
-	SYS___CBRTL_H                       = 0xA59
-	SYS___CDUMP                         = 0x0C4
-	SYS___CLASS                         = 0xAFA
-	SYS___CLASS2                        = 0xB99
-	SYS___CLASS2D128                    = 0xC99
-	SYS___CLASS2D32                     = 0xC97
-	SYS___CLASS2D64                     = 0xC98
-	SYS___CLASS2F                       = 0xC91
-	SYS___CLASS2F_B                     = 0xC93
-	SYS___CLASS2F_H                     = 0xC94
-	SYS___CLASS2L                       = 0xC92
-	SYS___CLASS2L_B                     = 0xC95
-	SYS___CLASS2L_H                     = 0xC96
-	SYS___CLASS2_B                      = 0xB9A
-	SYS___CLASS2_H                      = 0xB9B
-	SYS___CLASS_B                       = 0xAFB
-	SYS___CLASS_H                       = 0xAFC
-	SYS___CLOGL_B                       = 0xA01
-	SYS___CLOGL_H                       = 0xA02
-	SYS___CLRENV                        = 0x0C9
-	SYS___CLRMF                         = 0x0BD
-	SYS___CODEPAGE_INFO                 = 0xC64
-	SYS___CONJF_B                       = 0xA07
-	SYS___CONJF_H                       = 0xA08
-	SYS___CONJL_B                       = 0xA0A
-	SYS___CONJL_H                       = 0xA0B
-	SYS___CONJ_B                        = 0xA04
-	SYS___CONJ_H                        = 0xA05
-	SYS___COPYSIGN_B                    = 0xA5A
-	SYS___COPYSIGN_H                    = 0xAF5
-	SYS___COSPID128                     = 0xC70
-	SYS___COSPID32                      = 0xC6E
-	SYS___COSPID64                      = 0xC6F
-	SYS___CPOWF_B                       = 0xA10
-	SYS___CPOWF_H                       = 0xA11
-	SYS___CPOWL_B                       = 0xA13
-	SYS___CPOWL_H                       = 0xA14
-	SYS___CPOW_B                        = 0xA0D
-	SYS___CPOW_H                        = 0xA0E
-	SYS___CPROJF_B                      = 0xA19
-	SYS___CPROJF_H                      = 0xA1A
-	SYS___CPROJL_B                      = 0xA1C
-	SYS___CPROJL_H                      = 0xA1D
-	SYS___CPROJ_B                       = 0xA16
-	SYS___CPROJ_H                       = 0xA17
-	SYS___CREALF_B                      = 0xA22
-	SYS___CREALF_H                      = 0xA23
-	SYS___CREALL_B                      = 0xA25
-	SYS___CREALL_H                      = 0xA26
-	SYS___CREAL_B                       = 0xA1F
-	SYS___CREAL_H                       = 0xA20
-	SYS___CSINF_B                       = 0xA2B
-	SYS___CSINF_H                       = 0xA2C
-	SYS___CSINHF_B                      = 0xA34
-	SYS___CSINHF_H                      = 0xA35
-	SYS___CSINHL_B                      = 0xA37
-	SYS___CSINHL_H                      = 0xA38
-	SYS___CSINH_B                       = 0xA31
-	SYS___CSINH_H                       = 0xA32
-	SYS___CSINL_B                       = 0xA2E
-	SYS___CSINL_H                       = 0xA2F
-	SYS___CSIN_B                        = 0xA28
-	SYS___CSIN_H                        = 0xA29
-	SYS___CSNAP                         = 0x0C5
-	SYS___CSQRTF_B                      = 0xA3D
-	SYS___CSQRTF_H                      = 0xA3E
-	SYS___CSQRTL_B                      = 0xA40
-	SYS___CSQRTL_H                      = 0xA41
-	SYS___CSQRT_B                       = 0xA3A
-	SYS___CSQRT_H                       = 0xA3B
-	SYS___CTANF_B                       = 0xA46
-	SYS___CTANF_H                       = 0xA47
-	SYS___CTANHF_B                      = 0xA4F
-	SYS___CTANHF_H                      = 0xA50
-	SYS___CTANHL_B                      = 0xA52
-	SYS___CTANHL_H                      = 0xA53
-	SYS___CTANH_B                       = 0xA4C
-	SYS___CTANH_H                       = 0xA4D
-	SYS___CTANL_B                       = 0xA49
-	SYS___CTANL_H                       = 0xA4A
-	SYS___CTAN_B                        = 0xA43
-	SYS___CTAN_H                        = 0xA44
-	SYS___CTEST                         = 0x0C7
-	SYS___CTRACE                        = 0x0C6
-	SYS___D1TOP                         = 0xC9B
-	SYS___D2TOP                         = 0xC9C
-	SYS___D4TOP                         = 0xC9D
-	SYS___DYNALL                        = 0x0C3
-	SYS___DYNFRE                        = 0x0C2
-	SYS___EXP2F_H                       = 0xA5E
-	SYS___EXP2L_H                       = 0xA5F
-	SYS___EXP2_H                        = 0xA5D
-	SYS___EXPM1F_H                      = 0xA5B
-	SYS___EXPM1L_H                      = 0xA5C
-	SYS___FBUFSIZE                      = 0xD60
-	SYS___FLBF                          = 0xD62
-	SYS___FLDATA                        = 0x0C1
-	SYS___FMAF_B                        = 0xA67
-	SYS___FMAF_H                        = 0xA68
-	SYS___FMAL_B                        = 0xA6A
-	SYS___FMAL_H                        = 0xA6B
-	SYS___FMAXF_B                       = 0xA70
-	SYS___FMAXF_H                       = 0xA71
-	SYS___FMAXL_B                       = 0xA73
-	SYS___FMAXL_H                       = 0xA74
-	SYS___FMAX_B                        = 0xA6D
-	SYS___FMAX_H                        = 0xA6E
-	SYS___FMA_B                         = 0xA64
-	SYS___FMA_H                         = 0xA65
-	SYS___FMINF_B                       = 0xA79
-	SYS___FMINF_H                       = 0xA7A
-	SYS___FMINL_B                       = 0xA7C
-	SYS___FMINL_H                       = 0xA7D
-	SYS___FMIN_B                        = 0xA76
-	SYS___FMIN_H                        = 0xA77
-	SYS___FPENDING                      = 0xD61
-	SYS___FPENDING_UNLOCKED             = 0xD6C
-	SYS___FPURGE                        = 0xD69
-	SYS___FPURGE_UNLOCKED               = 0xD70
-	SYS___FP_CAST_D                     = 0xBCB
-	SYS___FREADABLE                     = 0xD63
-	SYS___FREADAHEAD                    = 0xD6A
-	SYS___FREADAHEAD_UNLOCKED           = 0xD71
-	SYS___FREADING                      = 0xD65
-	SYS___FREADING_UNLOCKED             = 0xD6D
-	SYS___FSEEK2                        = 0xB3C
-	SYS___FSETERR                       = 0xD6B
-	SYS___FSETLOCKING                   = 0xD67
-	SYS___FTCHEP                        = 0x0BF
-	SYS___FTELL2                        = 0xB3B
-	SYS___FUPDT                         = 0x0B5
-	SYS___FWRITABLE                     = 0xD64
-	SYS___FWRITING                      = 0xD66
-	SYS___FWRITING_UNLOCKED             = 0xD6E
-	SYS___GETCB                         = 0x0B4
-	SYS___GETGRGID1                     = 0xD5B
-	SYS___GETGRNAM1                     = 0xD5C
-	SYS___GETTHENT                      = 0xCE5
-	SYS___GETTOD                        = 0xD3E
-	SYS___HYPOTF_H                      = 0xAF6
-	SYS___HYPOTL_H                      = 0xAF7
-	SYS___ILOGBF_B                      = 0xA7F
-	SYS___ILOGBF_H                      = 0xA80
-	SYS___ILOGBL_B                      = 0xA82
-	SYS___ILOGBL_H                      = 0xA83
-	SYS___ISBLANK_A                     = 0xB2E
-	SYS___ISBLNK                        = 0x0FE
-	SYS___ISWBLANK_A                    = 0xB2F
-	SYS___LE_CEEGTJS                    = 0xD72
-	SYS___LE_TRACEBACK                  = 0xB7A
-	SYS___LGAMMAL_H                     = 0xA62
-	SYS___LGAMMA_B_C99                  = 0xB39
-	SYS___LGAMMA_H_C99                  = 0xB38
-	SYS___LGAMMA_R_C99                  = 0xB3A
-	SYS___LLRINTF_B                     = 0xA88
-	SYS___LLRINTF_H                     = 0xA89
-	SYS___LLRINTL_B                     = 0xA8B
-	SYS___LLRINTL_H                     = 0xA8C
-	SYS___LLRINT_B                      = 0xA85
-	SYS___LLRINT_H                      = 0xA86
-	SYS___LLROUNDF_B                    = 0xA91
-	SYS___LLROUNDF_H                    = 0xA92
-	SYS___LLROUNDL_B                    = 0xA94
-	SYS___LLROUNDL_H                    = 0xA95
-	SYS___LLROUND_B                     = 0xA8E
-	SYS___LLROUND_H                     = 0xA8F
-	SYS___LOCALE_CTL                    = 0xD47
-	SYS___LOG1PF_H                      = 0xA60
-	SYS___LOG1PL_H                      = 0xA61
-	SYS___LOGBF_B                       = 0xA97
-	SYS___LOGBF_H                       = 0xA98
-	SYS___LOGBL_B                       = 0xA9A
-	SYS___LOGBL_H                       = 0xA9B
-	SYS___LOGIN_APPLID                  = 0xCE2
-	SYS___LRINTF_B                      = 0xAA0
-	SYS___LRINTF_H                      = 0xAA1
-	SYS___LRINTL_B                      = 0xAA3
-	SYS___LRINTL_H                      = 0xAA4
-	SYS___LRINT_B                       = 0xA9D
-	SYS___LRINT_H                       = 0xA9E
-	SYS___LROUNDF_FIXUP                 = 0xB31
-	SYS___LROUNDL_B                     = 0xAA6
-	SYS___LROUNDL_H                     = 0xAA7
-	SYS___LROUND_FIXUP                  = 0xB30
-	SYS___MOSERVICES                    = 0xD3D
-	SYS___MUST_STAY_CLEAN               = 0xB7C
-	SYS___NANF_B                        = 0xAAB
-	SYS___NANL_B                        = 0xAAD
-	SYS___NAN_B                         = 0xAA9
-	SYS___NEARBYINTF_B                  = 0xAB2
-	SYS___NEARBYINTF_H                  = 0xAB3
-	SYS___NEARBYINTL_B                  = 0xAB5
-	SYS___NEARBYINTL_H                  = 0xAB6
-	SYS___NEARBYINT_B                   = 0xAAF
-	SYS___NEARBYINT_H                   = 0xAB0
-	SYS___NEXTAFTERF_B                  = 0xAB8
-	SYS___NEXTAFTERF_H                  = 0xAB9
-	SYS___NEXTAFTERL_B                  = 0xABB
-	SYS___NEXTAFTERL_H                  = 0xABC
-	SYS___NEXTTOWARDF_B                 = 0xAC1
-	SYS___NEXTTOWARDF_H                 = 0xAC2
-	SYS___NEXTTOWARDL_B                 = 0xAC4
-	SYS___NEXTTOWARDL_H                 = 0xAC5
-	SYS___NEXTTOWARD_B                  = 0xABE
-	SYS___NEXTTOWARD_H                  = 0xABF
-	SYS___O_ENV                         = 0xB7D
-	SYS___PASSWD_APPLID                 = 0xCE3
-	SYS___PTOD1                         = 0xC9E
-	SYS___PTOD2                         = 0xC9F
-	SYS___PTOD4                         = 0xCA0
-	SYS___REGCOMP_STD                   = 0x0EA
-	SYS___REMAINDERF_H                  = 0xAC6
-	SYS___REMAINDERL_H                  = 0xAC7
-	SYS___REMQUOD128                    = 0xC10
-	SYS___REMQUOD32                     = 0xC0E
-	SYS___REMQUOD64                     = 0xC0F
-	SYS___REMQUOF_H                     = 0xAC9
-	SYS___REMQUOL_H                     = 0xACA
-	SYS___REMQUO_H                      = 0xAC8
-	SYS___RINTF_B                       = 0xACC
-	SYS___RINTL_B                       = 0xACE
-	SYS___ROUNDF_B                      = 0xAD3
-	SYS___ROUNDF_H                      = 0xAD4
-	SYS___ROUNDL_B                      = 0xAD6
-	SYS___ROUNDL_H                      = 0xAD7
-	SYS___ROUND_B                       = 0xAD0
-	SYS___ROUND_H                       = 0xAD1
-	SYS___SCALBLNF_B                    = 0xADC
-	SYS___SCALBLNF_H                    = 0xADD
-	SYS___SCALBLNL_B                    = 0xADF
-	SYS___SCALBLNL_H                    = 0xAE0
-	SYS___SCALBLN_B                     = 0xAD9
-	SYS___SCALBLN_H                     = 0xADA
-	SYS___SCALBNF_B                     = 0xAE4
-	SYS___SCALBNF_H                     = 0xAE5
-	SYS___SCALBNL_B                     = 0xAE7
-	SYS___SCALBNL_H                     = 0xAE8
-	SYS___SCALBN_B                      = 0xAE1
-	SYS___SCALBN_H                      = 0xAE2
-	SYS___SETENV                        = 0x0C8
-	SYS___SINPID128                     = 0xC73
-	SYS___SINPID32                      = 0xC71
-	SYS___SINPID64                      = 0xC72
-	SYS___SMF_RECORD2                   = 0xD48
-	SYS___STATIC_REINIT                 = 0xB3D
-	SYS___TGAMMAF_H_C99                 = 0xB79
-	SYS___TGAMMAL_H                     = 0xAE9
-	SYS___TGAMMA_H_C99                  = 0xB78
-	SYS___TOCSNAME2                     = 0xC9A
-	SYS_CEIL                            = 0x01F
-	SYS_CHAUDIT                         = 0x1E0
-	SYS_EXP                             = 0x01A
-	SYS_FCHAUDIT                        = 0x1E1
-	SYS_FREXP                           = 0x01D
-	SYS_GETGROUPSBYNAME                 = 0x1E2
-	SYS_GETPWUID                        = 0x1A0
-	SYS_GETUID                          = 0x1A1
-	SYS_ISATTY                          = 0x1A3
-	SYS_KILL                            = 0x1A4
-	SYS_LDEXP                           = 0x01E
-	SYS_LINK                            = 0x1A5
-	SYS_LOG10                           = 0x01C
-	SYS_LSEEK                           = 0x1A6
-	SYS_LSTAT                           = 0x1A7
-	SYS_MKDIR                           = 0x1A8
-	SYS_MKFIFO                          = 0x1A9
-	SYS_MKNOD                           = 0x1AA
-	SYS_MODF                            = 0x01B
-	SYS_MOUNT                           = 0x1AB
-	SYS_OPEN                            = 0x1AC
-	SYS_OPENDIR                         = 0x1AD
-	SYS_PATHCONF                        = 0x1AE
-	SYS_PAUSE                           = 0x1AF
-	SYS_PIPE                            = 0x1B0
-	SYS_PTHREAD_ATTR_DESTROY            = 0x1E7
-	SYS_PTHREAD_ATTR_GETDETACHSTATE     = 0x1EB
-	SYS_PTHREAD_ATTR_GETSTACKSIZE       = 0x1E9
-	SYS_PTHREAD_ATTR_GETWEIGHT_NP       = 0x1ED
-	SYS_PTHREAD_ATTR_INIT               = 0x1E6
-	SYS_PTHREAD_ATTR_SETDETACHSTATE     = 0x1EA
-	SYS_PTHREAD_ATTR_SETSTACKSIZE       = 0x1E8
-	SYS_PTHREAD_ATTR_SETWEIGHT_NP       = 0x1EC
-	SYS_PTHREAD_CANCEL                  = 0x1EE
-	SYS_PTHREAD_CLEANUP_POP             = 0x1F0
-	SYS_PTHREAD_CLEANUP_PUSH            = 0x1EF
-	SYS_PTHREAD_CONDATTR_DESTROY        = 0x1F2
-	SYS_PTHREAD_CONDATTR_INIT           = 0x1F1
-	SYS_PTHREAD_COND_BROADCAST          = 0x1F6
-	SYS_PTHREAD_COND_DESTROY            = 0x1F4
-	SYS_PTHREAD_COND_INIT               = 0x1F3
-	SYS_PTHREAD_COND_SIGNAL             = 0x1F5
-	SYS_PTHREAD_COND_TIMEDWAIT          = 0x1F8
-	SYS_PTHREAD_COND_WAIT               = 0x1F7
-	SYS_PTHREAD_CREATE                  = 0x1F9
-	SYS_PTHREAD_DETACH                  = 0x1FA
-	SYS_PTHREAD_EQUAL                   = 0x1FB
-	SYS_PTHREAD_EXIT                    = 0x1E4
-	SYS_PTHREAD_GETSPECIFIC             = 0x1FC
-	SYS_PTHREAD_JOIN                    = 0x1FD
-	SYS_PTHREAD_KEY_CREATE              = 0x1FE
-	SYS_PTHREAD_KILL                    = 0x1E5
-	SYS_PTHREAD_MUTEXATTR_INIT          = 0x1FF
-	SYS_READ                            = 0x1B2
-	SYS_READDIR                         = 0x1B3
-	SYS_READLINK                        = 0x1B4
-	SYS_REWINDDIR                       = 0x1B5
-	SYS_RMDIR                           = 0x1B6
-	SYS_SETEGID                         = 0x1B7
-	SYS_SETEUID                         = 0x1B8
-	SYS_SETGID                          = 0x1B9
-	SYS_SETPGID                         = 0x1BA
-	SYS_SETSID                          = 0x1BB
-	SYS_SETUID                          = 0x1BC
-	SYS_SIGACTION                       = 0x1BD
-	SYS_SIGADDSET                       = 0x1BE
-	SYS_SIGDELSET                       = 0x1BF
-	SYS_SIGEMPTYSET                     = 0x1C0
-	SYS_SIGFILLSET                      = 0x1C1
-	SYS_SIGISMEMBER                     = 0x1C2
-	SYS_SIGLONGJMP                      = 0x1C3
-	SYS_SIGPENDING                      = 0x1C4
-	SYS_SIGPROCMASK                     = 0x1C5
-	SYS_SIGSETJMP                       = 0x1C6
-	SYS_SIGSUSPEND                      = 0x1C7
-	SYS_SIGWAIT                         = 0x1E3
-	SYS_SLEEP                           = 0x1C8
-	SYS_STAT                            = 0x1C9
-	SYS_SYMLINK                         = 0x1CB
-	SYS_SYSCONF                         = 0x1CC
-	SYS_TCDRAIN                         = 0x1CD
-	SYS_TCFLOW                          = 0x1CE
-	SYS_TCFLUSH                         = 0x1CF
-	SYS_TCGETATTR                       = 0x1D0
-	SYS_TCGETPGRP                       = 0x1D1
-	SYS_TCSENDBREAK                     = 0x1D2
-	SYS_TCSETATTR                       = 0x1D3
-	SYS_TCSETPGRP                       = 0x1D4
-	SYS_TIMES                           = 0x1D5
-	SYS_TTYNAME                         = 0x1D6
-	SYS_TZSET                           = 0x1D7
-	SYS_UMASK                           = 0x1D8
-	SYS_UMOUNT                          = 0x1D9
-	SYS_UNAME                           = 0x1DA
-	SYS_UNLINK                          = 0x1DB
-	SYS_UTIME                           = 0x1DC
-	SYS_WAIT                            = 0x1DD
-	SYS_WAITPID                         = 0x1DE
-	SYS_WRITE                           = 0x1DF
-	SYS_W_GETPSENT                      = 0x1B1
-	SYS_W_IOCTL                         = 0x1A2
-	SYS_W_STATFS                        = 0x1CA
-	SYS_A64L                            = 0x2EF
-	SYS_BCMP                            = 0x2B9
-	SYS_BCOPY                           = 0x2BA
-	SYS_BZERO                           = 0x2BB
-	SYS_CATCLOSE                        = 0x2B6
-	SYS_CATGETS                         = 0x2B7
-	SYS_CATOPEN                         = 0x2B8
-	SYS_CRYPT                           = 0x2AC
-	SYS_DBM_CLEARERR                    = 0x2F7
-	SYS_DBM_CLOSE                       = 0x2F8
-	SYS_DBM_DELETE                      = 0x2F9
-	SYS_DBM_ERROR                       = 0x2FA
-	SYS_DBM_FETCH                       = 0x2FB
-	SYS_DBM_FIRSTKEY                    = 0x2FC
-	SYS_DBM_NEXTKEY                     = 0x2FD
-	SYS_DBM_OPEN                        = 0x2FE
-	SYS_DBM_STORE                       = 0x2FF
-	SYS_DRAND48                         = 0x2B2
-	SYS_ENCRYPT                         = 0x2AD
-	SYS_ENDUTXENT                       = 0x2E1
-	SYS_ERAND48                         = 0x2B3
-	SYS_ERF                             = 0x02C
-	SYS_ERFC                            = 0x02D
-	SYS_FCHDIR                          = 0x2D9
-	SYS_FFS                             = 0x2BC
-	SYS_FMTMSG                          = 0x2E5
-	SYS_FSTATVFS                        = 0x2B4
-	SYS_FTIME                           = 0x2F5
-	SYS_GAMMA                           = 0x02E
-	SYS_GETDATE                         = 0x2A6
-	SYS_GETPAGESIZE                     = 0x2D8
-	SYS_GETTIMEOFDAY                    = 0x2F6
-	SYS_GETUTXENT                       = 0x2E0
-	SYS_GETUTXID                        = 0x2E2
-	SYS_GETUTXLINE                      = 0x2E3
-	SYS_HCREATE                         = 0x2C6
-	SYS_HDESTROY                        = 0x2C7
-	SYS_HSEARCH                         = 0x2C8
-	SYS_HYPOT                           = 0x02B
-	SYS_INDEX                           = 0x2BD
-	SYS_INITSTATE                       = 0x2C2
-	SYS_INSQUE                          = 0x2CF
-	SYS_ISASCII                         = 0x2ED
-	SYS_JRAND48                         = 0x2E6
-	SYS_L64A                            = 0x2F0
-	SYS_LCONG48                         = 0x2EA
-	SYS_LFIND                           = 0x2C9
-	SYS_LRAND48                         = 0x2E7
-	SYS_LSEARCH                         = 0x2CA
-	SYS_MEMCCPY                         = 0x2D4
-	SYS_MRAND48                         = 0x2E8
-	SYS_NRAND48                         = 0x2E9
-	SYS_PCLOSE                          = 0x2D2
-	SYS_POPEN                           = 0x2D1
-	SYS_PUTUTXLINE                      = 0x2E4
-	SYS_RANDOM                          = 0x2C4
-	SYS_REMQUE                          = 0x2D0
-	SYS_RINDEX                          = 0x2BE
-	SYS_SEED48                          = 0x2EC
-	SYS_SETKEY                          = 0x2AE
-	SYS_SETSTATE                        = 0x2C3
-	SYS_SETUTXENT                       = 0x2DF
-	SYS_SRAND48                         = 0x2EB
-	SYS_SRANDOM                         = 0x2C5
-	SYS_STATVFS                         = 0x2B5
-	SYS_STRCASECMP                      = 0x2BF
-	SYS_STRDUP                          = 0x2C0
-	SYS_STRNCASECMP                     = 0x2C1
-	SYS_SWAB                            = 0x2D3
-	SYS_TDELETE                         = 0x2CB
-	SYS_TFIND                           = 0x2CC
-	SYS_TOASCII                         = 0x2EE
-	SYS_TSEARCH                         = 0x2CD
-	SYS_TWALK                           = 0x2CE
-	SYS_UALARM                          = 0x2F1
-	SYS_USLEEP                          = 0x2F2
-	SYS_WAIT3                           = 0x2A7
-	SYS_WAITID                          = 0x2A8
-	SYS_Y1                              = 0x02A
-	SYS___ATOE                          = 0x2DB
-	SYS___ATOE_L                        = 0x2DC
-	SYS___CATTRM                        = 0x2A9
-	SYS___CNVBLK                        = 0x2AF
-	SYS___CRYTRM                        = 0x2B0
-	SYS___DLGHT                         = 0x2A1
-	SYS___ECRTRM                        = 0x2B1
-	SYS___ETOA                          = 0x2DD
-	SYS___ETOA_L                        = 0x2DE
-	SYS___GDTRM                         = 0x2AA
-	SYS___OCLCK                         = 0x2DA
-	SYS___OPARGF                        = 0x2A2
-	SYS___OPERRF                        = 0x2A5
-	SYS___OPINDF                        = 0x2A4
-	SYS___OPOPTF                        = 0x2A3
-	SYS___RNDTRM                        = 0x2AB
-	SYS___SRCTRM                        = 0x2F4
-	SYS___TZONE                         = 0x2A0
-	SYS___UTXTRM                        = 0x2F3
-	SYS_ASIN                            = 0x03E
-	SYS_ISXDIGIT                        = 0x03B
-	SYS_SETLOCAL                        = 0x03A
-	SYS_SETLOCALE                       = 0x03A
-	SYS_SIN                             = 0x03F
-	SYS_TOLOWER                         = 0x03C
-	SYS_TOUPPER                         = 0x03D
-	SYS_ACCEPT_AND_RECV                 = 0x4F7
-	SYS_ATOL                            = 0x04E
-	SYS_CHECKSCH                        = 0x4BC
-	SYS_CHECKSCHENV                     = 0x4BC
-	SYS_CLEARERR                        = 0x04C
-	SYS_CONNECTS                        = 0x4B5
-	SYS_CONNECTSERVER                   = 0x4B5
-	SYS_CONNECTW                        = 0x4B4
-	SYS_CONNECTWORKMGR                  = 0x4B4
-	SYS_CONTINUE                        = 0x4B3
-	SYS_CONTINUEWORKUNIT                = 0x4B3
-	SYS_COPYSIGN                        = 0x4C2
-	SYS_CREATEWO                        = 0x4B2
-	SYS_CREATEWORKUNIT                  = 0x4B2
-	SYS_DELETEWO                        = 0x4B9
-	SYS_DELETEWORKUNIT                  = 0x4B9
-	SYS_DISCONNE                        = 0x4B6
-	SYS_DISCONNECTSERVER                = 0x4B6
-	SYS_FEOF                            = 0x04D
-	SYS_FERROR                          = 0x04A
-	SYS_FINITE                          = 0x4C8
-	SYS_GAMMA_R                         = 0x4E2
-	SYS_JOINWORK                        = 0x4B7
-	SYS_JOINWORKUNIT                    = 0x4B7
-	SYS_LEAVEWOR                        = 0x4B8
-	SYS_LEAVEWORKUNIT                   = 0x4B8
-	SYS_LGAMMA_R                        = 0x4EB
-	SYS_MATHERR                         = 0x4D0
-	SYS_PERROR                          = 0x04F
-	SYS_QUERYMET                        = 0x4BA
-	SYS_QUERYMETRICS                    = 0x4BA
-	SYS_QUERYSCH                        = 0x4BB
-	SYS_QUERYSCHENV                     = 0x4BB
-	SYS_REWIND                          = 0x04B
-	SYS_SCALBN                          = 0x4D4
-	SYS_SIGNIFIC                        = 0x4D5
-	SYS_SIGNIFICAND                     = 0x4D5
-	SYS___ACOSH_B                       = 0x4DA
-	SYS___ACOS_B                        = 0x4D9
-	SYS___ASINH_B                       = 0x4BE
-	SYS___ASIN_B                        = 0x4DB
-	SYS___ATAN2_B                       = 0x4DC
-	SYS___ATANH_B                       = 0x4DD
-	SYS___ATAN_B                        = 0x4BF
-	SYS___CBRT_B                        = 0x4C0
-	SYS___CEIL_B                        = 0x4C1
-	SYS___COSH_B                        = 0x4DE
-	SYS___COS_B                         = 0x4C3
-	SYS___DGHT                          = 0x4A8
-	SYS___ENVN                          = 0x4B0
-	SYS___ERFC_B                        = 0x4C5
-	SYS___ERF_B                         = 0x4C4
-	SYS___EXPM1_B                       = 0x4C6
-	SYS___EXP_B                         = 0x4DF
-	SYS___FABS_B                        = 0x4C7
-	SYS___FLOOR_B                       = 0x4C9
-	SYS___FMOD_B                        = 0x4E0
-	SYS___FP_SETMODE                    = 0x4F8
-	SYS___FREXP_B                       = 0x4CA
-	SYS___GAMMA_B                       = 0x4E1
-	SYS___GDRR                          = 0x4A1
-	SYS___HRRNO                         = 0x4A2
-	SYS___HYPOT_B                       = 0x4E3
-	SYS___ILOGB_B                       = 0x4CB
-	SYS___ISNAN_B                       = 0x4CC
-	SYS___J0_B                          = 0x4E4
-	SYS___J1_B                          = 0x4E6
-	SYS___JN_B                          = 0x4E8
-	SYS___LDEXP_B                       = 0x4CD
-	SYS___LGAMMA_B                      = 0x4EA
-	SYS___LOG10_B                       = 0x4ED
-	SYS___LOG1P_B                       = 0x4CE
-	SYS___LOGB_B                        = 0x4CF
-	SYS___LOGIN                         = 0x4F5
-	SYS___LOG_B                         = 0x4EC
-	SYS___MLOCKALL                      = 0x4B1
-	SYS___MODF_B                        = 0x4D1
-	SYS___NEXTAFTER_B                   = 0x4D2
-	SYS___OPENDIR2                      = 0x4F3
-	SYS___OPEN_STAT                     = 0x4F6
-	SYS___OPND                          = 0x4A5
-	SYS___OPPT                          = 0x4A6
-	SYS___OPRG                          = 0x4A3
-	SYS___OPRR                          = 0x4A4
-	SYS___PID_AFFINITY                  = 0x4BD
-	SYS___POW_B                         = 0x4EE
-	SYS___READDIR2                      = 0x4F4
-	SYS___REMAINDER_B                   = 0x4EF
-	SYS___RINT_B                        = 0x4D3
-	SYS___SCALB_B                       = 0x4F0
-	SYS___SIGACTIONSET                  = 0x4FB
-	SYS___SIGGM                         = 0x4A7
-	SYS___SINH_B                        = 0x4F1
-	SYS___SIN_B                         = 0x4D6
-	SYS___SQRT_B                        = 0x4F2
-	SYS___TANH_B                        = 0x4D8
-	SYS___TAN_B                         = 0x4D7
-	SYS___TRRNO                         = 0x4AF
-	SYS___TZNE                          = 0x4A9
-	SYS___TZZN                          = 0x4AA
-	SYS___UCREATE                       = 0x4FC
-	SYS___UFREE                         = 0x4FE
-	SYS___UHEAPREPORT                   = 0x4FF
-	SYS___UMALLOC                       = 0x4FD
-	SYS___Y0_B                          = 0x4E5
-	SYS___Y1_B                          = 0x4E7
-	SYS___YN_B                          = 0x4E9
-	SYS_ABORT                           = 0x05C
-	SYS_ASCTIME_R                       = 0x5E0
-	SYS_ATEXIT                          = 0x05D
-	SYS_CONNECTE                        = 0x5AE
-	SYS_CONNECTEXPORTIMPORT             = 0x5AE
-	SYS_CTIME_R                         = 0x5E1
-	SYS_DN_COMP                         = 0x5DF
-	SYS_DN_EXPAND                       = 0x5DD
-	SYS_DN_SKIPNAME                     = 0x5DE
-	SYS_EXIT                            = 0x05A
-	SYS_EXPORTWO                        = 0x5A1
-	SYS_EXPORTWORKUNIT                  = 0x5A1
-	SYS_EXTRACTW                        = 0x5A5
-	SYS_EXTRACTWORKUNIT                 = 0x5A5
-	SYS_FSEEKO                          = 0x5C9
-	SYS_FTELLO                          = 0x5C8
-	SYS_GETGRGID_R                      = 0x5E7
-	SYS_GETGRNAM_R                      = 0x5E8
-	SYS_GETLOGIN_R                      = 0x5E9
-	SYS_GETPWNAM_R                      = 0x5EA
-	SYS_GETPWUID_R                      = 0x5EB
-	SYS_GMTIME_R                        = 0x5E2
-	SYS_IMPORTWO                        = 0x5A3
-	SYS_IMPORTWORKUNIT                  = 0x5A3
-	SYS_INET_NTOP                       = 0x5D3
-	SYS_INET_PTON                       = 0x5D4
-	SYS_LLABS                           = 0x5CE
-	SYS_LLDIV                           = 0x5CB
-	SYS_LOCALTIME_R                     = 0x5E3
-	SYS_PTHREAD_ATFORK                  = 0x5ED
-	SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB
-	SYS_PTHREAD_ATTR_GETGUARDSIZE       = 0x5EE
-	SYS_PTHREAD_ATTR_GETSCHEDPARAM      = 0x5F9
-	SYS_PTHREAD_ATTR_GETSTACKADDR       = 0x5EF
-	SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC
-	SYS_PTHREAD_ATTR_SETGUARDSIZE       = 0x5F0
-	SYS_PTHREAD_ATTR_SETSCHEDPARAM      = 0x5FA
-	SYS_PTHREAD_ATTR_SETSTACKADDR       = 0x5F1
-	SYS_PTHREAD_CONDATTR_GETPSHARED     = 0x5F2
-	SYS_PTHREAD_CONDATTR_SETPSHARED     = 0x5F3
-	SYS_PTHREAD_DETACH_U98              = 0x5FD
-	SYS_PTHREAD_GETCONCURRENCY          = 0x5F4
-	SYS_PTHREAD_GETSPECIFIC_U98         = 0x5FE
-	SYS_PTHREAD_KEY_DELETE              = 0x5F5
-	SYS_PTHREAD_SETCANCELSTATE          = 0x5FF
-	SYS_PTHREAD_SETCONCURRENCY          = 0x5F6
-	SYS_PTHREAD_SIGMASK                 = 0x5F7
-	SYS_QUERYENC                        = 0x5AD
-	SYS_QUERYWORKUNITCLASSIFICATION     = 0x5AD
-	SYS_RAISE                           = 0x05E
-	SYS_RAND_R                          = 0x5E4
-	SYS_READDIR_R                       = 0x5E6
-	SYS_REALLOC                         = 0x05B
-	SYS_RES_INIT                        = 0x5D8
-	SYS_RES_MKQUERY                     = 0x5D7
-	SYS_RES_QUERY                       = 0x5D9
-	SYS_RES_QUERYDOMAIN                 = 0x5DC
-	SYS_RES_SEARCH                      = 0x5DA
-	SYS_RES_SEND                        = 0x5DB
-	SYS_SETJMP                          = 0x05F
-	SYS_SIGQUEUE                        = 0x5A9
-	SYS_STRTOK_R                        = 0x5E5
-	SYS_STRTOLL                         = 0x5B0
-	SYS_STRTOULL                        = 0x5B1
-	SYS_TTYNAME_R                       = 0x5EC
-	SYS_UNDOEXPO                        = 0x5A2
-	SYS_UNDOEXPORTWORKUNIT              = 0x5A2
-	SYS_UNDOIMPO                        = 0x5A4
-	SYS_UNDOIMPORTWORKUNIT              = 0x5A4
-	SYS_WCSTOLL                         = 0x5CC
-	SYS_WCSTOULL                        = 0x5CD
-	SYS___ABORT                         = 0x05C
-	SYS___CONSOLE2                      = 0x5D2
-	SYS___CPL                           = 0x5A6
-	SYS___DISCARDDATA                   = 0x5F8
-	SYS___DSA_PREV                      = 0x5B2
-	SYS___EP_FIND                       = 0x5B3
-	SYS___FP_SWAPMODE                   = 0x5AF
-	SYS___GETUSERID                     = 0x5AB
-	SYS___GET_CPUID                     = 0x5B9
-	SYS___GET_SYSTEM_SETTINGS           = 0x5BA
-	SYS___IPDOMAINNAME                  = 0x5AC
-	SYS___MAP_INIT                      = 0x5A7
-	SYS___MAP_SERVICE                   = 0x5A8
-	SYS___MOUNT                         = 0x5AA
-	SYS___MSGRCV_TIMED                  = 0x5B7
-	SYS___RES                           = 0x5D6
-	SYS___SEMOP_TIMED                   = 0x5B8
-	SYS___SERVER_THREADS_QUERY          = 0x5B4
-	SYS_FPRINTF                         = 0x06D
-	SYS_FSCANF                          = 0x06A
-	SYS_PRINTF                          = 0x06F
-	SYS_SETBUF                          = 0x06B
-	SYS_SETVBUF                         = 0x06C
-	SYS_SSCANF                          = 0x06E
-	SYS___CATGETS_A                     = 0x6C0
-	SYS___CHAUDIT_A                     = 0x6F4
-	SYS___CHMOD_A                       = 0x6E8
-	SYS___COLLATE_INIT_A                = 0x6AC
-	SYS___CREAT_A                       = 0x6F6
-	SYS___CTYPE_INIT_A                  = 0x6AF
-	SYS___DLLLOAD_A                     = 0x6DF
-	SYS___DLLQUERYFN_A                  = 0x6E0
-	SYS___DLLQUERYVAR_A                 = 0x6E1
-	SYS___E2A_L                         = 0x6E3
-	SYS___EXECLE_A                      = 0x6A0
-	SYS___EXECLP_A                      = 0x6A4
-	SYS___EXECVE_A                      = 0x6C1
-	SYS___EXECVP_A                      = 0x6C2
-	SYS___EXECV_A                       = 0x6B1
-	SYS___FPRINTF_A                     = 0x6FA
-	SYS___GETADDRINFO_A                 = 0x6BF
-	SYS___GETNAMEINFO_A                 = 0x6C4
-	SYS___GET_WCTYPE_STD_A              = 0x6AE
-	SYS___ICONV_OPEN_A                  = 0x6DE
-	SYS___IF_INDEXTONAME_A              = 0x6DC
-	SYS___IF_NAMETOINDEX_A              = 0x6DB
-	SYS___ISWCTYPE_A                    = 0x6B0
-	SYS___IS_WCTYPE_STD_A               = 0x6B2
-	SYS___LOCALECONV_A                  = 0x6B8
-	SYS___LOCALECONV_STD_A              = 0x6B9
-	SYS___LOCALE_INIT_A                 = 0x6B7
-	SYS___LSTAT_A                       = 0x6EE
-	SYS___LSTAT_O_A                     = 0x6EF
-	SYS___MKDIR_A                       = 0x6E9
-	SYS___MKFIFO_A                      = 0x6EC
-	SYS___MKNOD_A                       = 0x6F0
-	SYS___MONETARY_INIT_A               = 0x6BC
-	SYS___MOUNT_A                       = 0x6F1
-	SYS___NL_CSINFO_A                   = 0x6D6
-	SYS___NL_LANGINFO_A                 = 0x6BA
-	SYS___NL_LNAGINFO_STD_A             = 0x6BB
-	SYS___NL_MONINFO_A                  = 0x6D7
-	SYS___NL_NUMINFO_A                  = 0x6D8
-	SYS___NL_RESPINFO_A                 = 0x6D9
-	SYS___NL_TIMINFO_A                  = 0x6DA
-	SYS___NUMERIC_INIT_A                = 0x6C6
-	SYS___OPEN_A                        = 0x6F7
-	SYS___PRINTF_A                      = 0x6DD
-	SYS___RESP_INIT_A                   = 0x6C7
-	SYS___RPMATCH_A                     = 0x6C8
-	SYS___RPMATCH_C_A                   = 0x6C9
-	SYS___RPMATCH_STD_A                 = 0x6CA
-	SYS___SETLOCALE_A                   = 0x6F9
-	SYS___SPAWNP_A                      = 0x6C5
-	SYS___SPAWN_A                       = 0x6C3
-	SYS___SPRINTF_A                     = 0x6FB
-	SYS___STAT_A                        = 0x6EA
-	SYS___STAT_O_A                      = 0x6EB
-	SYS___STRCOLL_STD_A                 = 0x6A1
-	SYS___STRFMON_A                     = 0x6BD
-	SYS___STRFMON_STD_A                 = 0x6BE
-	SYS___STRFTIME_A                    = 0x6CC
-	SYS___STRFTIME_STD_A                = 0x6CD
-	SYS___STRPTIME_A                    = 0x6CE
-	SYS___STRPTIME_STD_A                = 0x6CF
-	SYS___STRXFRM_A                     = 0x6A2
-	SYS___STRXFRM_C_A                   = 0x6A3
-	SYS___STRXFRM_STD_A                 = 0x6A5
-	SYS___SYNTAX_INIT_A                 = 0x6D4
-	SYS___TIME_INIT_A                   = 0x6CB
-	SYS___TOD_INIT_A                    = 0x6D5
-	SYS___TOWLOWER_A                    = 0x6B3
-	SYS___TOWLOWER_STD_A                = 0x6B4
-	SYS___TOWUPPER_A                    = 0x6B5
-	SYS___TOWUPPER_STD_A                = 0x6B6
-	SYS___UMOUNT_A                      = 0x6F2
-	SYS___VFPRINTF_A                    = 0x6FC
-	SYS___VPRINTF_A                     = 0x6FD
-	SYS___VSPRINTF_A                    = 0x6FE
-	SYS___VSWPRINTF_A                   = 0x6FF
-	SYS___WCSCOLL_A                     = 0x6A6
-	SYS___WCSCOLL_C_A                   = 0x6A7
-	SYS___WCSCOLL_STD_A                 = 0x6A8
-	SYS___WCSFTIME_A                    = 0x6D0
-	SYS___WCSFTIME_STD_A                = 0x6D1
-	SYS___WCSXFRM_A                     = 0x6A9
-	SYS___WCSXFRM_C_A                   = 0x6AA
-	SYS___WCSXFRM_STD_A                 = 0x6AB
-	SYS___WCTYPE_A                      = 0x6AD
-	SYS___W_GETMNTENT_A                 = 0x6F5
-	SYS_____CCSIDTYPE_A                 = 0x6E6
-	SYS_____CHATTR_A                    = 0x6E2
-	SYS_____CSNAMETYPE_A                = 0x6E7
-	SYS_____OPEN_STAT_A                 = 0x6ED
-	SYS_____SPAWN2_A                    = 0x6D2
-	SYS_____SPAWNP2_A                   = 0x6D3
-	SYS_____TOCCSID_A                   = 0x6E4
-	SYS_____TOCSNAME_A                  = 0x6E5
-	SYS_ACL_FREE                        = 0x7FF
-	SYS_ACL_INIT                        = 0x7FE
-	SYS_FWIDE                           = 0x7DF
-	SYS_FWPRINTF                        = 0x7D1
-	SYS_FWRITE                          = 0x07E
-	SYS_FWSCANF                         = 0x7D5
-	SYS_GETCHAR                         = 0x07B
-	SYS_GETS                            = 0x07C
-	SYS_M_CREATE_LAYOUT                 = 0x7C9
-	SYS_M_DESTROY_LAYOUT                = 0x7CA
-	SYS_M_GETVALUES_LAYOUT              = 0x7CB
-	SYS_M_SETVALUES_LAYOUT              = 0x7CC
-	SYS_M_TRANSFORM_LAYOUT              = 0x7CD
-	SYS_M_WTRANSFORM_LAYOUT             = 0x7CE
-	SYS_PREAD                           = 0x7C7
-	SYS_PUTC                            = 0x07D
-	SYS_PUTCHAR                         = 0x07A
-	SYS_PUTS                            = 0x07F
-	SYS_PWRITE                          = 0x7C8
-	SYS_TOWCTRAN                        = 0x7D8
-	SYS_TOWCTRANS                       = 0x7D8
-	SYS_UNATEXIT                        = 0x7B5
-	SYS_VFWPRINT                        = 0x7D3
-	SYS_VFWPRINTF                       = 0x7D3
-	SYS_VWPRINTF                        = 0x7D4
-	SYS_WCTRANS                         = 0x7D7
-	SYS_WPRINTF                         = 0x7D2
-	SYS_WSCANF                          = 0x7D6
-	SYS___ASCTIME_R_A                   = 0x7A1
-	SYS___BASENAME_A                    = 0x7DC
-	SYS___BTOWC_A                       = 0x7E4
-	SYS___CDUMP_A                       = 0x7B7
-	SYS___CEE3DMP_A                     = 0x7B6
-	SYS___CEILF_H                       = 0x7F4
-	SYS___CEILL_H                       = 0x7F5
-	SYS___CEIL_H                        = 0x7EA
-	SYS___CRYPT_A                       = 0x7BE
-	SYS___CSNAP_A                       = 0x7B8
-	SYS___CTEST_A                       = 0x7B9
-	SYS___CTIME_R_A                     = 0x7A2
-	SYS___CTRACE_A                      = 0x7BA
-	SYS___DBM_OPEN_A                    = 0x7E6
-	SYS___DIRNAME_A                     = 0x7DD
-	SYS___FABSF_H                       = 0x7FA
-	SYS___FABSL_H                       = 0x7FB
-	SYS___FABS_H                        = 0x7ED
-	SYS___FGETWC_A                      = 0x7AA
-	SYS___FGETWS_A                      = 0x7AD
-	SYS___FLOORF_H                      = 0x7F6
-	SYS___FLOORL_H                      = 0x7F7
-	SYS___FLOOR_H                       = 0x7EB
-	SYS___FPUTWC_A                      = 0x7A5
-	SYS___FPUTWS_A                      = 0x7A8
-	SYS___GETTIMEOFDAY_A                = 0x7AE
-	SYS___GETWCHAR_A                    = 0x7AC
-	SYS___GETWC_A                       = 0x7AB
-	SYS___GLOB_A                        = 0x7DE
-	SYS___GMTIME_A                      = 0x7AF
-	SYS___GMTIME_R_A                    = 0x7B0
-	SYS___INET_PTON_A                   = 0x7BC
-	SYS___J0_H                          = 0x7EE
-	SYS___J1_H                          = 0x7EF
-	SYS___JN_H                          = 0x7F0
-	SYS___LOCALTIME_A                   = 0x7B1
-	SYS___LOCALTIME_R_A                 = 0x7B2
-	SYS___MALLOC24                      = 0x7FC
-	SYS___MALLOC31                      = 0x7FD
-	SYS___MKTIME_A                      = 0x7B3
-	SYS___MODFF_H                       = 0x7F8
-	SYS___MODFL_H                       = 0x7F9
-	SYS___MODF_H                        = 0x7EC
-	SYS___OPENDIR_A                     = 0x7C2
-	SYS___OSNAME                        = 0x7E0
-	SYS___PUTWCHAR_A                    = 0x7A7
-	SYS___PUTWC_A                       = 0x7A6
-	SYS___READDIR_A                     = 0x7C3
-	SYS___STRTOLL_A                     = 0x7A3
-	SYS___STRTOULL_A                    = 0x7A4
-	SYS___SYSLOG_A                      = 0x7BD
-	SYS___TZZNA                         = 0x7B4
-	SYS___UNGETWC_A                     = 0x7A9
-	SYS___UTIME_A                       = 0x7A0
-	SYS___VFPRINTF2_A                   = 0x7E7
-	SYS___VPRINTF2_A                    = 0x7E8
-	SYS___VSPRINTF2_A                   = 0x7E9
-	SYS___VSWPRNTF2_A                   = 0x7BB
-	SYS___WCSTOD_A                      = 0x7D9
-	SYS___WCSTOL_A                      = 0x7DA
-	SYS___WCSTOUL_A                     = 0x7DB
-	SYS___WCTOB_A                       = 0x7E5
-	SYS___Y0_H                          = 0x7F1
-	SYS___Y1_H                          = 0x7F2
-	SYS___YN_H                          = 0x7F3
-	SYS_____OPENDIR2_A                  = 0x7BF
-	SYS_____OSNAME_A                    = 0x7E1
-	SYS_____READDIR2_A                  = 0x7C0
-	SYS_DLCLOSE                         = 0x8DF
-	SYS_DLERROR                         = 0x8E0
-	SYS_DLOPEN                          = 0x8DD
-	SYS_DLSYM                           = 0x8DE
-	SYS_FLOCKFILE                       = 0x8D3
-	SYS_FTRYLOCKFILE                    = 0x8D4
-	SYS_FUNLOCKFILE                     = 0x8D5
-	SYS_GETCHAR_UNLOCKED                = 0x8D7
-	SYS_GETC_UNLOCKED                   = 0x8D6
-	SYS_PUTCHAR_UNLOCKED                = 0x8D9
-	SYS_PUTC_UNLOCKED                   = 0x8D8
-	SYS_SNPRINTF                        = 0x8DA
-	SYS_VSNPRINTF                       = 0x8DB
-	SYS_WCSCSPN                         = 0x08B
-	SYS_WCSLEN                          = 0x08C
-	SYS_WCSNCAT                         = 0x08D
-	SYS_WCSNCMP                         = 0x08A
-	SYS_WCSNCPY                         = 0x08F
-	SYS_WCSSPN                          = 0x08E
-	SYS___ABSF_H                        = 0x8E7
-	SYS___ABSL_H                        = 0x8E8
-	SYS___ABS_H                         = 0x8E6
-	SYS___ACOSF_H                       = 0x8EA
-	SYS___ACOSH_H                       = 0x8EC
-	SYS___ACOSL_H                       = 0x8EB
-	SYS___ACOS_H                        = 0x8E9
-	SYS___ASINF_H                       = 0x8EE
-	SYS___ASINH_H                       = 0x8F0
-	SYS___ASINL_H                       = 0x8EF
-	SYS___ASIN_H                        = 0x8ED
-	SYS___ATAN2F_H                      = 0x8F8
-	SYS___ATAN2L_H                      = 0x8F9
-	SYS___ATAN2_H                       = 0x8F7
-	SYS___ATANF_H                       = 0x8F2
-	SYS___ATANHF_H                      = 0x8F5
-	SYS___ATANHL_H                      = 0x8F6
-	SYS___ATANH_H                       = 0x8F4
-	SYS___ATANL_H                       = 0x8F3
-	SYS___ATAN_H                        = 0x8F1
-	SYS___CBRT_H                        = 0x8FA
-	SYS___COPYSIGNF_H                   = 0x8FB
-	SYS___COPYSIGNL_H                   = 0x8FC
-	SYS___COSF_H                        = 0x8FE
-	SYS___COSL_H                        = 0x8FF
-	SYS___COS_H                         = 0x8FD
-	SYS___DLERROR_A                     = 0x8D2
-	SYS___DLOPEN_A                      = 0x8D0
-	SYS___DLSYM_A                       = 0x8D1
-	SYS___GETUTXENT_A                   = 0x8C6
-	SYS___GETUTXID_A                    = 0x8C7
-	SYS___GETUTXLINE_A                  = 0x8C8
-	SYS___ITOA                          = 0x8AA
-	SYS___ITOA_A                        = 0x8B0
-	SYS___LE_CONDITION_TOKEN_BUILD      = 0x8A5
-	SYS___LE_MSG_ADD_INSERT             = 0x8A6
-	SYS___LE_MSG_GET                    = 0x8A7
-	SYS___LE_MSG_GET_AND_WRITE          = 0x8A8
-	SYS___LE_MSG_WRITE                  = 0x8A9
-	SYS___LLTOA                         = 0x8AE
-	SYS___LLTOA_A                       = 0x8B4
-	SYS___LTOA                          = 0x8AC
-	SYS___LTOA_A                        = 0x8B2
-	SYS___PUTCHAR_UNLOCKED_A            = 0x8CC
-	SYS___PUTC_UNLOCKED_A               = 0x8CB
-	SYS___PUTUTXLINE_A                  = 0x8C9
-	SYS___RESET_EXCEPTION_HANDLER       = 0x8E3
-	SYS___REXEC_A                       = 0x8C4
-	SYS___REXEC_AF_A                    = 0x8C5
-	SYS___SET_EXCEPTION_HANDLER         = 0x8E2
-	SYS___SNPRINTF_A                    = 0x8CD
-	SYS___SUPERKILL                     = 0x8A4
-	SYS___TCGETATTR_A                   = 0x8A1
-	SYS___TCSETATTR_A                   = 0x8A2
-	SYS___ULLTOA                        = 0x8AF
-	SYS___ULLTOA_A                      = 0x8B5
-	SYS___ULTOA                         = 0x8AD
-	SYS___ULTOA_A                       = 0x8B3
-	SYS___UTOA                          = 0x8AB
-	SYS___UTOA_A                        = 0x8B1
-	SYS___VHM_EVENT                     = 0x8E4
-	SYS___VSNPRINTF_A                   = 0x8CE
-	SYS_____GETENV_A                    = 0x8C3
-	SYS_____UTMPXNAME_A                 = 0x8CA
-	SYS_CACOSH                          = 0x9A0
-	SYS_CACOSHF                         = 0x9A3
-	SYS_CACOSHL                         = 0x9A6
-	SYS_CARG                            = 0x9A9
-	SYS_CARGF                           = 0x9AC
-	SYS_CARGL                           = 0x9AF
-	SYS_CASIN                           = 0x9B2
-	SYS_CASINF                          = 0x9B5
-	SYS_CASINH                          = 0x9BB
-	SYS_CASINHF                         = 0x9BE
-	SYS_CASINHL                         = 0x9C1
-	SYS_CASINL                          = 0x9B8
-	SYS_CATAN                           = 0x9C4
-	SYS_CATANF                          = 0x9C7
-	SYS_CATANH                          = 0x9CD
-	SYS_CATANHF                         = 0x9D0
-	SYS_CATANHL                         = 0x9D3
-	SYS_CATANL                          = 0x9CA
-	SYS_CCOS                            = 0x9D6
-	SYS_CCOSF                           = 0x9D9
-	SYS_CCOSH                           = 0x9DF
-	SYS_CCOSHF                          = 0x9E2
-	SYS_CCOSHL                          = 0x9E5
-	SYS_CCOSL                           = 0x9DC
-	SYS_CEXP                            = 0x9E8
-	SYS_CEXPF                           = 0x9EB
-	SYS_CEXPL                           = 0x9EE
-	SYS_CIMAG                           = 0x9F1
-	SYS_CIMAGF                          = 0x9F4
-	SYS_CIMAGL                          = 0x9F7
-	SYS_CLOGF                           = 0x9FD
-	SYS_MEMCHR                          = 0x09B
-	SYS_MEMCMP                          = 0x09A
-	SYS_STRCOLL                         = 0x09C
-	SYS_STRNCMP                         = 0x09D
-	SYS_STRRCHR                         = 0x09F
-	SYS_STRXFRM                         = 0x09E
-	SYS___CACOSHF_B                     = 0x9A4
-	SYS___CACOSHF_H                     = 0x9A5
-	SYS___CACOSHL_B                     = 0x9A7
-	SYS___CACOSHL_H                     = 0x9A8
-	SYS___CACOSH_B                      = 0x9A1
-	SYS___CACOSH_H                      = 0x9A2
-	SYS___CARGF_B                       = 0x9AD
-	SYS___CARGF_H                       = 0x9AE
-	SYS___CARGL_B                       = 0x9B0
-	SYS___CARGL_H                       = 0x9B1
-	SYS___CARG_B                        = 0x9AA
-	SYS___CARG_H                        = 0x9AB
-	SYS___CASINF_B                      = 0x9B6
-	SYS___CASINF_H                      = 0x9B7
-	SYS___CASINHF_B                     = 0x9BF
-	SYS___CASINHF_H                     = 0x9C0
-	SYS___CASINHL_B                     = 0x9C2
-	SYS___CASINHL_H                     = 0x9C3
-	SYS___CASINH_B                      = 0x9BC
-	SYS___CASINH_H                      = 0x9BD
-	SYS___CASINL_B                      = 0x9B9
-	SYS___CASINL_H                      = 0x9BA
-	SYS___CASIN_B                       = 0x9B3
-	SYS___CASIN_H                       = 0x9B4
-	SYS___CATANF_B                      = 0x9C8
-	SYS___CATANF_H                      = 0x9C9
-	SYS___CATANHF_B                     = 0x9D1
-	SYS___CATANHF_H                     = 0x9D2
-	SYS___CATANHL_B                     = 0x9D4
-	SYS___CATANHL_H                     = 0x9D5
-	SYS___CATANH_B                      = 0x9CE
-	SYS___CATANH_H                      = 0x9CF
-	SYS___CATANL_B                      = 0x9CB
-	SYS___CATANL_H                      = 0x9CC
-	SYS___CATAN_B                       = 0x9C5
-	SYS___CATAN_H                       = 0x9C6
-	SYS___CCOSF_B                       = 0x9DA
-	SYS___CCOSF_H                       = 0x9DB
-	SYS___CCOSHF_B                      = 0x9E3
-	SYS___CCOSHF_H                      = 0x9E4
-	SYS___CCOSHL_B                      = 0x9E6
-	SYS___CCOSHL_H                      = 0x9E7
-	SYS___CCOSH_B                       = 0x9E0
-	SYS___CCOSH_H                       = 0x9E1
-	SYS___CCOSL_B                       = 0x9DD
-	SYS___CCOSL_H                       = 0x9DE
-	SYS___CCOS_B                        = 0x9D7
-	SYS___CCOS_H                        = 0x9D8
-	SYS___CEXPF_B                       = 0x9EC
-	SYS___CEXPF_H                       = 0x9ED
-	SYS___CEXPL_B                       = 0x9EF
-	SYS___CEXPL_H                       = 0x9F0
-	SYS___CEXP_B                        = 0x9E9
-	SYS___CEXP_H                        = 0x9EA
-	SYS___CIMAGF_B                      = 0x9F5
-	SYS___CIMAGF_H                      = 0x9F6
-	SYS___CIMAGL_B                      = 0x9F8
-	SYS___CIMAGL_H                      = 0x9F9
-	SYS___CIMAG_B                       = 0x9F2
-	SYS___CIMAG_H                       = 0x9F3
-	SYS___CLOG                          = 0x9FA
-	SYS___CLOGF_B                       = 0x9FE
-	SYS___CLOGF_H                       = 0x9FF
-	SYS___CLOG_B                        = 0x9FB
-	SYS___CLOG_H                        = 0x9FC
-	SYS_ISWCTYPE                        = 0x10C
-	SYS_ISWXDIGI                        = 0x10A
-	SYS_ISWXDIGIT                       = 0x10A
-	SYS_MBSINIT                         = 0x10F
-	SYS_TOWLOWER                        = 0x10D
-	SYS_TOWUPPER                        = 0x10E
-	SYS_WCTYPE                          = 0x10B
-	SYS_WCSSTR                          = 0x11B
-	SYS___RPMTCH                        = 0x11A
-	SYS_WCSTOD                          = 0x12E
-	SYS_WCSTOK                          = 0x12C
-	SYS_WCSTOL                          = 0x12D
-	SYS_WCSTOUL                         = 0x12F
-	SYS_FGETWC                          = 0x13C
-	SYS_FGETWS                          = 0x13D
-	SYS_FPUTWC                          = 0x13E
-	SYS_FPUTWS                          = 0x13F
-	SYS_REGERROR                        = 0x13B
-	SYS_REGFREE                         = 0x13A
-	SYS_COLLEQUIV                       = 0x14F
-	SYS_COLLTOSTR                       = 0x14E
-	SYS_ISMCCOLLEL                      = 0x14C
-	SYS_STRTOCOLL                       = 0x14D
-	SYS_DLLFREE                         = 0x16F
-	SYS_DLLQUERYFN                      = 0x16D
-	SYS_DLLQUERYVAR                     = 0x16E
-	SYS_GETMCCOLL                       = 0x16A
-	SYS_GETWMCCOLL                      = 0x16B
-	SYS___ERR2AD                        = 0x16C
-	SYS_CFSETOSPEED                     = 0x17A
-	SYS_CHDIR                           = 0x17B
-	SYS_CHMOD                           = 0x17C
-	SYS_CHOWN                           = 0x17D
-	SYS_CLOSE                           = 0x17E
-	SYS_CLOSEDIR                        = 0x17F
-	SYS_LOG                             = 0x017
-	SYS_COSH                            = 0x018
-	SYS_FCHMOD                          = 0x18A
-	SYS_FCHOWN                          = 0x18B
-	SYS_FCNTL                           = 0x18C
-	SYS_FILENO                          = 0x18D
-	SYS_FORK                            = 0x18E
-	SYS_FPATHCONF                       = 0x18F
-	SYS_GETLOGIN                        = 0x19A
-	SYS_GETPGRP                         = 0x19C
-	SYS_GETPID                          = 0x19D
-	SYS_GETPPID                         = 0x19E
-	SYS_GETPWNAM                        = 0x19F
-	SYS_TANH                            = 0x019
-	SYS_W_GETMNTENT                     = 0x19B
-	SYS_POW                             = 0x020
-	SYS_PTHREAD_SELF                    = 0x20A
-	SYS_PTHREAD_SETINTR                 = 0x20B
-	SYS_PTHREAD_SETINTRTYPE             = 0x20C
-	SYS_PTHREAD_SETSPECIFIC             = 0x20D
-	SYS_PTHREAD_TESTINTR                = 0x20E
-	SYS_PTHREAD_YIELD                   = 0x20F
-	SYS_SQRT                            = 0x021
-	SYS_FLOOR                           = 0x022
-	SYS_J1                              = 0x023
-	SYS_WCSPBRK                         = 0x23F
-	SYS_BSEARCH                         = 0x24C
-	SYS_FABS                            = 0x024
-	SYS_GETENV                          = 0x24A
-	SYS_LDIV                            = 0x24D
-	SYS_SYSTEM                          = 0x24B
-	SYS_FMOD                            = 0x025
-	SYS___RETHROW                       = 0x25F
-	SYS___THROW                         = 0x25E
-	SYS_J0                              = 0x026
-	SYS_PUTENV                          = 0x26A
-	SYS___GETENV                        = 0x26F
-	SYS_SEMCTL                          = 0x27A
-	SYS_SEMGET                          = 0x27B
-	SYS_SEMOP                           = 0x27C
-	SYS_SHMAT                           = 0x27D
-	SYS_SHMCTL                          = 0x27E
-	SYS_SHMDT                           = 0x27F
-	SYS_YN                              = 0x027
-	SYS_JN                              = 0x028
-	SYS_SIGALTSTACK                     = 0x28A
-	SYS_SIGHOLD                         = 0x28B
-	SYS_SIGIGNORE                       = 0x28C
-	SYS_SIGINTERRUPT                    = 0x28D
-	SYS_SIGPAUSE                        = 0x28E
-	SYS_SIGRELSE                        = 0x28F
-	SYS_GETOPT                          = 0x29A
-	SYS_GETSUBOPT                       = 0x29D
-	SYS_LCHOWN                          = 0x29B
-	SYS_SETPGRP                         = 0x29E
-	SYS_TRUNCATE                        = 0x29C
-	SYS_Y0                              = 0x029
-	SYS___GDERR                         = 0x29F
-	SYS_ISALPHA                         = 0x030
-	SYS_VFORK                           = 0x30F
-	SYS__LONGJMP                        = 0x30D
-	SYS__SETJMP                         = 0x30E
-	SYS_GLOB                            = 0x31A
-	SYS_GLOBFREE                        = 0x31B
-	SYS_ISALNUM                         = 0x031
-	SYS_PUTW                            = 0x31C
-	SYS_SEEKDIR                         = 0x31D
-	SYS_TELLDIR                         = 0x31E
-	SYS_TEMPNAM                         = 0x31F
-	SYS_GETTIMEOFDAY_R                  = 0x32E
-	SYS_ISLOWER                         = 0x032
-	SYS_LGAMMA                          = 0x32C
-	SYS_REMAINDER                       = 0x32A
-	SYS_SCALB                           = 0x32B
-	SYS_SYNC                            = 0x32F
-	SYS_TTYSLOT                         = 0x32D
-	SYS_ENDPROTOENT                     = 0x33A
-	SYS_ENDSERVENT                      = 0x33B
-	SYS_GETHOSTBYADDR                   = 0x33D
-	SYS_GETHOSTBYADDR_R                 = 0x33C
-	SYS_GETHOSTBYNAME                   = 0x33F
-	SYS_GETHOSTBYNAME_R                 = 0x33E
-	SYS_ISCNTRL                         = 0x033
-	SYS_GETSERVBYNAME                   = 0x34A
-	SYS_GETSERVBYPORT                   = 0x34B
-	SYS_GETSERVENT                      = 0x34C
-	SYS_GETSOCKNAME                     = 0x34D
-	SYS_GETSOCKOPT                      = 0x34E
-	SYS_INET_ADDR                       = 0x34F
-	SYS_ISDIGIT                         = 0x034
-	SYS_ISGRAPH                         = 0x035
-	SYS_SELECT                          = 0x35B
-	SYS_SELECTEX                        = 0x35C
-	SYS_SEND                            = 0x35D
-	SYS_SENDTO                          = 0x35F
-	SYS_CHROOT                          = 0x36A
-	SYS_ISNAN                           = 0x36D
-	SYS_ISUPPER                         = 0x036
-	SYS_ULIMIT                          = 0x36C
-	SYS_UTIMES                          = 0x36E
-	SYS_W_STATVFS                       = 0x36B
-	SYS___H_ERRNO                       = 0x36F
-	SYS_GRANTPT                         = 0x37A
-	SYS_ISPRINT                         = 0x037
-	SYS_TCGETSID                        = 0x37C
-	SYS_UNLOCKPT                        = 0x37B
-	SYS___TCGETCP                       = 0x37D
-	SYS___TCSETCP                       = 0x37E
-	SYS___TCSETTABLES                   = 0x37F
-	SYS_ISPUNCT                         = 0x038
-	SYS_NLIST                           = 0x38C
-	SYS___IPDBCS                        = 0x38D
-	SYS___IPDSPX                        = 0x38E
-	SYS___IPMSGC                        = 0x38F
-	SYS___STHOSTENT                     = 0x38B
-	SYS___STSERVENT                     = 0x38A
-	SYS_ISSPACE                         = 0x039
-	SYS_COS                             = 0x040
-	SYS_T_ALLOC                         = 0x40A
-	SYS_T_BIND                          = 0x40B
-	SYS_T_CLOSE                         = 0x40C
-	SYS_T_CONNECT                       = 0x40D
-	SYS_T_ERROR                         = 0x40E
-	SYS_T_FREE                          = 0x40F
-	SYS_TAN                             = 0x041
-	SYS_T_RCVREL                        = 0x41A
-	SYS_T_RCVUDATA                      = 0x41B
-	SYS_T_RCVUDERR                      = 0x41C
-	SYS_T_SND                           = 0x41D
-	SYS_T_SNDDIS                        = 0x41E
-	SYS_T_SNDREL                        = 0x41F
-	SYS_GETPMSG                         = 0x42A
-	SYS_ISASTREAM                       = 0x42B
-	SYS_PUTMSG                          = 0x42C
-	SYS_PUTPMSG                         = 0x42D
-	SYS_SINH                            = 0x042
-	SYS___ISPOSIXON                     = 0x42E
-	SYS___OPENMVSREL                    = 0x42F
-	SYS_ACOS                            = 0x043
-	SYS_ATAN                            = 0x044
-	SYS_ATAN2                           = 0x045
-	SYS_FTELL                           = 0x046
-	SYS_FGETPOS                         = 0x047
-	SYS_SOCK_DEBUG                      = 0x47A
-	SYS_SOCK_DO_TESTSTOR                = 0x47D
-	SYS_TAKESOCKET                      = 0x47E
-	SYS___SERVER_INIT                   = 0x47F
-	SYS_FSEEK                           = 0x048
-	SYS___IPHOST                        = 0x48B
-	SYS___IPNODE                        = 0x48C
-	SYS___SERVER_CLASSIFY_CREATE        = 0x48D
-	SYS___SERVER_CLASSIFY_DESTROY       = 0x48E
-	SYS___SERVER_CLASSIFY_RESET         = 0x48F
-	SYS___SMF_RECORD                    = 0x48A
-	SYS_FSETPOS                         = 0x049
-	SYS___FNWSA                         = 0x49B
-	SYS___SPAWN2                        = 0x49D
-	SYS___SPAWNP2                       = 0x49E
-	SYS_ATOF                            = 0x050
-	SYS_PTHREAD_MUTEXATTR_GETPSHARED    = 0x50A
-	SYS_PTHREAD_MUTEXATTR_SETPSHARED    = 0x50B
-	SYS_PTHREAD_RWLOCK_DESTROY          = 0x50C
-	SYS_PTHREAD_RWLOCK_INIT             = 0x50D
-	SYS_PTHREAD_RWLOCK_RDLOCK           = 0x50E
-	SYS_PTHREAD_RWLOCK_TRYRDLOCK        = 0x50F
-	SYS_ATOI                            = 0x051
-	SYS___FP_CLASS                      = 0x51D
-	SYS___FP_CLR_FLAG                   = 0x51A
-	SYS___FP_FINITE                     = 0x51E
-	SYS___FP_ISNAN                      = 0x51F
-	SYS___FP_RAISE_XCP                  = 0x51C
-	SYS___FP_READ_FLAG                  = 0x51B
-	SYS_RAND                            = 0x052
-	SYS_SIGTIMEDWAIT                    = 0x52D
-	SYS_SIGWAITINFO                     = 0x52E
-	SYS___CHKBFP                        = 0x52F
-	SYS___FPC_RS                        = 0x52C
-	SYS___FPC_RW                        = 0x52A
-	SYS___FPC_SM                        = 0x52B
-	SYS_STRTOD                          = 0x053
-	SYS_STRTOL                          = 0x054
-	SYS_STRTOUL                         = 0x055
-	SYS_MALLOC                          = 0x056
-	SYS_SRAND                           = 0x057
-	SYS_CALLOC                          = 0x058
-	SYS_FREE                            = 0x059
-	SYS___OSENV                         = 0x59F
-	SYS___W_PIOCTL                      = 0x59E
-	SYS_LONGJMP                         = 0x060
-	SYS___FLOORF_B                      = 0x60A
-	SYS___FLOORL_B                      = 0x60B
-	SYS___FREXPF_B                      = 0x60C
-	SYS___FREXPL_B                      = 0x60D
-	SYS___LDEXPF_B                      = 0x60E
-	SYS___LDEXPL_B                      = 0x60F
-	SYS_SIGNAL                          = 0x061
-	SYS___ATAN2F_B                      = 0x61A
-	SYS___ATAN2L_B                      = 0x61B
-	SYS___COSHF_B                       = 0x61C
-	SYS___COSHL_B                       = 0x61D
-	SYS___EXPF_B                        = 0x61E
-	SYS___EXPL_B                        = 0x61F
-	SYS_TMPNAM                          = 0x062
-	SYS___ABSF_B                        = 0x62A
-	SYS___ABSL_B                        = 0x62C
-	SYS___ABS_B                         = 0x62B
-	SYS___FMODF_B                       = 0x62D
-	SYS___FMODL_B                       = 0x62E
-	SYS___MODFF_B                       = 0x62F
-	SYS_ATANL                           = 0x63A
-	SYS_CEILF                           = 0x63B
-	SYS_CEILL                           = 0x63C
-	SYS_COSF                            = 0x63D
-	SYS_COSHF                           = 0x63F
-	SYS_COSL                            = 0x63E
-	SYS_REMOVE                          = 0x063
-	SYS_POWL                            = 0x64A
-	SYS_RENAME                          = 0x064
-	SYS_SINF                            = 0x64B
-	SYS_SINHF                           = 0x64F
-	SYS_SINL                            = 0x64C
-	SYS_SQRTF                           = 0x64D
-	SYS_SQRTL                           = 0x64E
-	SYS_BTOWC                           = 0x65F
-	SYS_FREXPL                          = 0x65A
-	SYS_LDEXPF                          = 0x65B
-	SYS_LDEXPL                          = 0x65C
-	SYS_MODFF                           = 0x65D
-	SYS_MODFL                           = 0x65E
-	SYS_TMPFILE                         = 0x065
-	SYS_FREOPEN                         = 0x066
-	SYS___CHARMAP_INIT_A                = 0x66E
-	SYS___GETHOSTBYADDR_R_A             = 0x66C
-	SYS___GETHOSTBYNAME_A               = 0x66A
-	SYS___GETHOSTBYNAME_R_A             = 0x66D
-	SYS___MBLEN_A                       = 0x66F
-	SYS___RES_INIT_A                    = 0x66B
-	SYS_FCLOSE                          = 0x067
-	SYS___GETGRGID_R_A                  = 0x67D
-	SYS___WCSTOMBS_A                    = 0x67A
-	SYS___WCSTOMBS_STD_A                = 0x67B
-	SYS___WCSWIDTH_A                    = 0x67C
-	SYS___WCSWIDTH_ASIA                 = 0x67F
-	SYS___WCSWIDTH_STD_A                = 0x67E
-	SYS_FFLUSH                          = 0x068
-	SYS___GETLOGIN_R_A                  = 0x68E
-	SYS___GETPWNAM_R_A                  = 0x68C
-	SYS___GETPWUID_R_A                  = 0x68D
-	SYS___TTYNAME_R_A                   = 0x68F
-	SYS___WCWIDTH_ASIA                  = 0x68B
-	SYS___WCWIDTH_STD_A                 = 0x68A
-	SYS_FOPEN                           = 0x069
-	SYS___REGEXEC_A                     = 0x69A
-	SYS___REGEXEC_STD_A                 = 0x69B
-	SYS___REGFREE_A                     = 0x69C
-	SYS___REGFREE_STD_A                 = 0x69D
-	SYS___STRCOLL_A                     = 0x69E
-	SYS___STRCOLL_C_A                   = 0x69F
-	SYS_SCANF                           = 0x070
-	SYS___A64L_A                        = 0x70C
-	SYS___ECVT_A                        = 0x70D
-	SYS___FCVT_A                        = 0x70E
-	SYS___GCVT_A                        = 0x70F
-	SYS___STRTOUL_A                     = 0x70A
-	SYS_____AE_CORRESTBL_QUERY_A        = 0x70B
-	SYS_SPRINTF                         = 0x071
-	SYS___ACCESS_A                      = 0x71F
-	SYS___CATOPEN_A                     = 0x71E
-	SYS___GETOPT_A                      = 0x71D
-	SYS___REALPATH_A                    = 0x71A
-	SYS___SETENV_A                      = 0x71B
-	SYS___SYSTEM_A                      = 0x71C
-	SYS_FGETC                           = 0x072
-	SYS___GAI_STRERROR_A                = 0x72F
-	SYS___RMDIR_A                       = 0x72A
-	SYS___STATVFS_A                     = 0x72B
-	SYS___SYMLINK_A                     = 0x72C
-	SYS___TRUNCATE_A                    = 0x72D
-	SYS___UNLINK_A                      = 0x72E
-	SYS_VFPRINTF                        = 0x073
-	SYS___ISSPACE_A                     = 0x73A
-	SYS___ISUPPER_A                     = 0x73B
-	SYS___ISWALNUM_A                    = 0x73F
-	SYS___ISXDIGIT_A                    = 0x73C
-	SYS___TOLOWER_A                     = 0x73D
-	SYS___TOUPPER_A                     = 0x73E
-	SYS_VPRINTF                         = 0x074
-	SYS___CONFSTR_A                     = 0x74B
-	SYS___FDOPEN_A                      = 0x74E
-	SYS___FLDATA_A                      = 0x74F
-	SYS___FTOK_A                        = 0x74C
-	SYS___ISWXDIGIT_A                   = 0x74A
-	SYS___MKTEMP_A                      = 0x74D
-	SYS_VSPRINTF                        = 0x075
-	SYS___GETGRGID_A                    = 0x75A
-	SYS___GETGRNAM_A                    = 0x75B
-	SYS___GETGROUPSBYNAME_A             = 0x75C
-	SYS___GETHOSTENT_A                  = 0x75D
-	SYS___GETHOSTNAME_A                 = 0x75E
-	SYS___GETLOGIN_A                    = 0x75F
-	SYS_GETC                            = 0x076
-	SYS___CREATEWORKUNIT_A              = 0x76A
-	SYS___CTERMID_A                     = 0x76B
-	SYS___FMTMSG_A                      = 0x76C
-	SYS___INITGROUPS_A                  = 0x76D
-	SYS___MSGRCV_A                      = 0x76F
-	SYS_____LOGIN_A                     = 0x76E
-	SYS_FGETS                           = 0x077
-	SYS___STRCASECMP_A                  = 0x77B
-	SYS___STRNCASECMP_A                 = 0x77C
-	SYS___TTYNAME_A                     = 0x77D
-	SYS___UNAME_A                       = 0x77E
-	SYS___UTIMES_A                      = 0x77F
-	SYS_____SERVER_PWU_A                = 0x77A
-	SYS_FPUTC                           = 0x078
-	SYS___CREAT_O_A                     = 0x78E
-	SYS___ENVNA                         = 0x78F
-	SYS___FREAD_A                       = 0x78A
-	SYS___FWRITE_A                      = 0x78B
-	SYS___ISASCII                       = 0x78D
-	SYS___OPEN_O_A                      = 0x78C
-	SYS_FPUTS                           = 0x079
-	SYS___ASCTIME_A                     = 0x79C
-	SYS___CTIME_A                       = 0x79D
-	SYS___GETDATE_A                     = 0x79E
-	SYS___GETSERVBYPORT_A               = 0x79A
-	SYS___GETSERVENT_A                  = 0x79B
-	SYS___TZSET_A                       = 0x79F
-	SYS_ACL_FROM_TEXT                   = 0x80C
-	SYS_ACL_SET_FD                      = 0x80A
-	SYS_ACL_SET_FILE                    = 0x80B
-	SYS_ACL_SORT                        = 0x80E
-	SYS_ACL_TO_TEXT                     = 0x80D
-	SYS_UNGETC                          = 0x080
-	SYS___SHUTDOWN_REGISTRATION         = 0x80F
-	SYS_FREAD                           = 0x081
-	SYS_FREEADDRINFO                    = 0x81A
-	SYS_GAI_STRERROR                    = 0x81B
-	SYS_REXEC_AF                        = 0x81C
-	SYS___DYNALLOC_A                    = 0x81F
-	SYS___POE                           = 0x81D
-	SYS_WCSTOMBS                        = 0x082
-	SYS___INET_ADDR_A                   = 0x82F
-	SYS___NLIST_A                       = 0x82A
-	SYS_____TCGETCP_A                   = 0x82B
-	SYS_____TCSETCP_A                   = 0x82C
-	SYS_____W_PIOCTL_A                  = 0x82E
-	SYS_MBTOWC                          = 0x083
-	SYS___CABEND                        = 0x83D
-	SYS___LE_CIB_GET                    = 0x83E
-	SYS___RECVMSG_A                     = 0x83B
-	SYS___SENDMSG_A                     = 0x83A
-	SYS___SET_LAA_FOR_JIT               = 0x83F
-	SYS_____LCHATTR_A                   = 0x83C
-	SYS_WCTOMB                          = 0x084
-	SYS___CBRTL_B                       = 0x84A
-	SYS___COPYSIGNF_B                   = 0x84B
-	SYS___COPYSIGNL_B                   = 0x84C
-	SYS___COTANF_B                      = 0x84D
-	SYS___COTANL_B                      = 0x84F
-	SYS___COTAN_B                       = 0x84E
-	SYS_MBSTOWCS                        = 0x085
-	SYS___LOG1PL_B                      = 0x85A
-	SYS___LOG2F_B                       = 0x85B
-	SYS___LOG2L_B                       = 0x85D
-	SYS___LOG2_B                        = 0x85C
-	SYS___REMAINDERF_B                  = 0x85E
-	SYS___REMAINDERL_B                  = 0x85F
-	SYS_ACOSHF                          = 0x86E
-	SYS_ACOSHL                          = 0x86F
-	SYS_WCSCPY                          = 0x086
-	SYS___ERFCF_B                       = 0x86D
-	SYS___ERFF_B                        = 0x86C
-	SYS___LROUNDF_B                     = 0x86A
-	SYS___LROUND_B                      = 0x86B
-	SYS_COTANL                          = 0x87A
-	SYS_EXP2F                           = 0x87B
-	SYS_EXP2L                           = 0x87C
-	SYS_EXPM1F                          = 0x87D
-	SYS_EXPM1L                          = 0x87E
-	SYS_FDIMF                           = 0x87F
-	SYS_WCSCAT                          = 0x087
-	SYS___COTANL                        = 0x87A
-	SYS_REMAINDERF                      = 0x88A
-	SYS_REMAINDERL                      = 0x88B
-	SYS_REMAINDF                        = 0x88A
-	SYS_REMAINDL                        = 0x88B
-	SYS_REMQUO                          = 0x88D
-	SYS_REMQUOF                         = 0x88C
-	SYS_REMQUOL                         = 0x88E
-	SYS_TGAMMAF                         = 0x88F
-	SYS_WCSCHR                          = 0x088
-	SYS_ERFCF                           = 0x89B
-	SYS_ERFCL                           = 0x89C
-	SYS_ERFL                            = 0x89A
-	SYS_EXP2                            = 0x89E
-	SYS_WCSCMP                          = 0x089
-	SYS___EXP2_B                        = 0x89D
-	SYS___FAR_JUMP                      = 0x89F
-	SYS_ABS                             = 0x090
-	SYS___ERFCL_H                       = 0x90A
-	SYS___EXPF_H                        = 0x90C
-	SYS___EXPL_H                        = 0x90D
-	SYS___EXPM1_H                       = 0x90E
-	SYS___EXP_H                         = 0x90B
-	SYS___FDIM_H                        = 0x90F
-	SYS_DIV                             = 0x091
-	SYS___LOG2F_H                       = 0x91F
-	SYS___LOG2_H                        = 0x91E
-	SYS___LOGB_H                        = 0x91D
-	SYS___LOGF_H                        = 0x91B
-	SYS___LOGL_H                        = 0x91C
-	SYS___LOG_H                         = 0x91A
-	SYS_LABS                            = 0x092
-	SYS___POWL_H                        = 0x92A
-	SYS___REMAINDER_H                   = 0x92B
-	SYS___RINT_H                        = 0x92C
-	SYS___SCALB_H                       = 0x92D
-	SYS___SINF_H                        = 0x92F
-	SYS___SIN_H                         = 0x92E
-	SYS_STRNCPY                         = 0x093
-	SYS___TANHF_H                       = 0x93B
-	SYS___TANHL_H                       = 0x93C
-	SYS___TANH_H                        = 0x93A
-	SYS___TGAMMAF_H                     = 0x93E
-	SYS___TGAMMA_H                      = 0x93D
-	SYS___TRUNC_H                       = 0x93F
-	SYS_MEMCPY                          = 0x094
-	SYS_VFWSCANF                        = 0x94A
-	SYS_VSWSCANF                        = 0x94E
-	SYS_VWSCANF                         = 0x94C
-	SYS_INET6_RTH_ADD                   = 0x95D
-	SYS_INET6_RTH_INIT                  = 0x95C
-	SYS_INET6_RTH_REVERSE               = 0x95E
-	SYS_INET6_RTH_SEGMENTS              = 0x95F
-	SYS_INET6_RTH_SPACE                 = 0x95B
-	SYS_MEMMOVE                         = 0x095
-	SYS_WCSTOLD                         = 0x95A
-	SYS_STRCPY                          = 0x096
-	SYS_STRCMP                          = 0x097
-	SYS_CABS                            = 0x98E
-	SYS_STRCAT                          = 0x098
-	SYS___CABS_B                        = 0x98F
-	SYS___POW_II                        = 0x98A
-	SYS___POW_II_B                      = 0x98B
-	SYS___POW_II_H                      = 0x98C
-	SYS_CACOSF                          = 0x99A
-	SYS_CACOSL                          = 0x99D
-	SYS_STRNCAT                         = 0x099
-	SYS___CACOSF_B                      = 0x99B
-	SYS___CACOSF_H                      = 0x99C
-	SYS___CACOSL_B                      = 0x99E
-	SYS___CACOSL_H                      = 0x99F
-	SYS_ISWALPHA                        = 0x100
-	SYS_ISWBLANK                        = 0x101
-	SYS___ISWBLK                        = 0x101
-	SYS_ISWCNTRL                        = 0x102
-	SYS_ISWDIGIT                        = 0x103
-	SYS_ISWGRAPH                        = 0x104
-	SYS_ISWLOWER                        = 0x105
-	SYS_ISWPRINT                        = 0x106
-	SYS_ISWPUNCT                        = 0x107
-	SYS_ISWSPACE                        = 0x108
-	SYS_ISWUPPER                        = 0x109
-	SYS_WCTOB                           = 0x110
-	SYS_MBRLEN                          = 0x111
-	SYS_MBRTOWC                         = 0x112
-	SYS_MBSRTOWC                        = 0x113
-	SYS_MBSRTOWCS                       = 0x113
-	SYS_WCRTOMB                         = 0x114
-	SYS_WCSRTOMB                        = 0x115
-	SYS_WCSRTOMBS                       = 0x115
-	SYS___CSID                          = 0x116
-	SYS___WCSID                         = 0x117
-	SYS_STRPTIME                        = 0x118
-	SYS___STRPTM                        = 0x118
-	SYS_STRFMON                         = 0x119
-	SYS_WCSCOLL                         = 0x130
-	SYS_WCSXFRM                         = 0x131
-	SYS_WCSWIDTH                        = 0x132
-	SYS_WCWIDTH                         = 0x133
-	SYS_WCSFTIME                        = 0x134
-	SYS_SWPRINTF                        = 0x135
-	SYS_VSWPRINT                        = 0x136
-	SYS_VSWPRINTF                       = 0x136
-	SYS_SWSCANF                         = 0x137
-	SYS_REGCOMP                         = 0x138
-	SYS_REGEXEC                         = 0x139
-	SYS_GETWC                           = 0x140
-	SYS_GETWCHAR                        = 0x141
-	SYS_PUTWC                           = 0x142
-	SYS_PUTWCHAR                        = 0x143
-	SYS_UNGETWC                         = 0x144
-	SYS_ICONV_OPEN                      = 0x145
-	SYS_ICONV                           = 0x146
-	SYS_ICONV_CLOSE                     = 0x147
-	SYS_COLLRANGE                       = 0x150
-	SYS_CCLASS                          = 0x151
-	SYS_COLLORDER                       = 0x152
-	SYS___DEMANGLE                      = 0x154
-	SYS_FDOPEN                          = 0x155
-	SYS___ERRNO                         = 0x156
-	SYS___ERRNO2                        = 0x157
-	SYS___TERROR                        = 0x158
-	SYS_MAXCOLL                         = 0x169
-	SYS_DLLLOAD                         = 0x170
-	SYS__EXIT                           = 0x174
-	SYS_ACCESS                          = 0x175
-	SYS_ALARM                           = 0x176
-	SYS_CFGETISPEED                     = 0x177
-	SYS_CFGETOSPEED                     = 0x178
-	SYS_CFSETISPEED                     = 0x179
-	SYS_CREAT                           = 0x180
-	SYS_CTERMID                         = 0x181
-	SYS_DUP                             = 0x182
-	SYS_DUP2                            = 0x183
-	SYS_EXECL                           = 0x184
-	SYS_EXECLE                          = 0x185
-	SYS_EXECLP                          = 0x186
-	SYS_EXECV                           = 0x187
-	SYS_EXECVE                          = 0x188
-	SYS_EXECVP                          = 0x189
-	SYS_FSTAT                           = 0x190
-	SYS_FSYNC                           = 0x191
-	SYS_FTRUNCATE                       = 0x192
-	SYS_GETCWD                          = 0x193
-	SYS_GETEGID                         = 0x194
-	SYS_GETEUID                         = 0x195
-	SYS_GETGID                          = 0x196
-	SYS_GETGRGID                        = 0x197
-	SYS_GETGRNAM                        = 0x198
-	SYS_GETGROUPS                       = 0x199
-	SYS_PTHREAD_MUTEXATTR_DESTROY       = 0x200
-	SYS_PTHREAD_MUTEXATTR_SETKIND_NP    = 0x201
-	SYS_PTHREAD_MUTEXATTR_GETKIND_NP    = 0x202
-	SYS_PTHREAD_MUTEX_INIT              = 0x203
-	SYS_PTHREAD_MUTEX_DESTROY           = 0x204
-	SYS_PTHREAD_MUTEX_LOCK              = 0x205
-	SYS_PTHREAD_MUTEX_TRYLOCK           = 0x206
-	SYS_PTHREAD_MUTEX_UNLOCK            = 0x207
-	SYS_PTHREAD_ONCE                    = 0x209
-	SYS_TW_OPEN                         = 0x210
-	SYS_TW_FCNTL                        = 0x211
-	SYS_PTHREAD_JOIN_D4_NP              = 0x212
-	SYS_PTHREAD_CONDATTR_SETKIND_NP     = 0x213
-	SYS_PTHREAD_CONDATTR_GETKIND_NP     = 0x214
-	SYS_EXTLINK_NP                      = 0x215
-	SYS___PASSWD                        = 0x216
-	SYS_SETGROUPS                       = 0x217
-	SYS_INITGROUPS                      = 0x218
-	SYS_WCSRCHR                         = 0x240
-	SYS_SVC99                           = 0x241
-	SYS___SVC99                         = 0x241
-	SYS_WCSWCS                          = 0x242
-	SYS_LOCALECO                        = 0x243
-	SYS_LOCALECONV                      = 0x243
-	SYS___LIBREL                        = 0x244
-	SYS_RELEASE                         = 0x245
-	SYS___RLSE                          = 0x245
-	SYS_FLOCATE                         = 0x246
-	SYS___FLOCT                         = 0x246
-	SYS_FDELREC                         = 0x247
-	SYS___FDLREC                        = 0x247
-	SYS_FETCH                           = 0x248
-	SYS___FETCH                         = 0x248
-	SYS_QSORT                           = 0x249
-	SYS___CLEANUPCATCH                  = 0x260
-	SYS___CATCHMATCH                    = 0x261
-	SYS___CLEAN2UPCATCH                 = 0x262
-	SYS_GETPRIORITY                     = 0x270
-	SYS_NICE                            = 0x271
-	SYS_SETPRIORITY                     = 0x272
-	SYS_GETITIMER                       = 0x273
-	SYS_SETITIMER                       = 0x274
-	SYS_MSGCTL                          = 0x275
-	SYS_MSGGET                          = 0x276
-	SYS_MSGRCV                          = 0x277
-	SYS_MSGSND                          = 0x278
-	SYS_MSGXRCV                         = 0x279
-	SYS___MSGXR                         = 0x279
-	SYS_SHMGET                          = 0x280
-	SYS___GETIPC                        = 0x281
-	SYS_SETGRENT                        = 0x282
-	SYS_GETGRENT                        = 0x283
-	SYS_ENDGRENT                        = 0x284
-	SYS_SETPWENT                        = 0x285
-	SYS_GETPWENT                        = 0x286
-	SYS_ENDPWENT                        = 0x287
-	SYS_BSD_SIGNAL                      = 0x288
-	SYS_KILLPG                          = 0x289
-	SYS_SIGSET                          = 0x290
-	SYS_SIGSTACK                        = 0x291
-	SYS_GETRLIMIT                       = 0x292
-	SYS_SETRLIMIT                       = 0x293
-	SYS_GETRUSAGE                       = 0x294
-	SYS_MMAP                            = 0x295
-	SYS_MPROTECT                        = 0x296
-	SYS_MSYNC                           = 0x297
-	SYS_MUNMAP                          = 0x298
-	SYS_CONFSTR                         = 0x299
-	SYS___NDMTRM                        = 0x300
-	SYS_FTOK                            = 0x301
-	SYS_BASENAME                        = 0x302
-	SYS_DIRNAME                         = 0x303
-	SYS_GETDTABLESIZE                   = 0x304
-	SYS_MKSTEMP                         = 0x305
-	SYS_MKTEMP                          = 0x306
-	SYS_NFTW                            = 0x307
-	SYS_GETWD                           = 0x308
-	SYS_LOCKF                           = 0x309
-	SYS_WORDEXP                         = 0x310
-	SYS_WORDFREE                        = 0x311
-	SYS_GETPGID                         = 0x312
-	SYS_GETSID                          = 0x313
-	SYS___UTMPXNAME                     = 0x314
-	SYS_CUSERID                         = 0x315
-	SYS_GETPASS                         = 0x316
-	SYS_FNMATCH                         = 0x317
-	SYS_FTW                             = 0x318
-	SYS_GETW                            = 0x319
-	SYS_ACOSH                           = 0x320
-	SYS_ASINH                           = 0x321
-	SYS_ATANH                           = 0x322
-	SYS_CBRT                            = 0x323
-	SYS_EXPM1                           = 0x324
-	SYS_ILOGB                           = 0x325
-	SYS_LOGB                            = 0x326
-	SYS_LOG1P                           = 0x327
-	SYS_NEXTAFTER                       = 0x328
-	SYS_RINT                            = 0x329
-	SYS_SPAWN                           = 0x330
-	SYS_SPAWNP                          = 0x331
-	SYS_GETLOGIN_UU                     = 0x332
-	SYS_ECVT                            = 0x333
-	SYS_FCVT                            = 0x334
-	SYS_GCVT                            = 0x335
-	SYS_ACCEPT                          = 0x336
-	SYS_BIND                            = 0x337
-	SYS_CONNECT                         = 0x338
-	SYS_ENDHOSTENT                      = 0x339
-	SYS_GETHOSTENT                      = 0x340
-	SYS_GETHOSTID                       = 0x341
-	SYS_GETHOSTNAME                     = 0x342
-	SYS_GETNETBYADDR                    = 0x343
-	SYS_GETNETBYNAME                    = 0x344
-	SYS_GETNETENT                       = 0x345
-	SYS_GETPEERNAME                     = 0x346
-	SYS_GETPROTOBYNAME                  = 0x347
-	SYS_GETPROTOBYNUMBER                = 0x348
-	SYS_GETPROTOENT                     = 0x349
-	SYS_INET_LNAOF                      = 0x350
-	SYS_INET_MAKEADDR                   = 0x351
-	SYS_INET_NETOF                      = 0x352
-	SYS_INET_NETWORK                    = 0x353
-	SYS_INET_NTOA                       = 0x354
-	SYS_IOCTL                           = 0x355
-	SYS_LISTEN                          = 0x356
-	SYS_READV                           = 0x357
-	SYS_RECV                            = 0x358
-	SYS_RECVFROM                        = 0x359
-	SYS_SETHOSTENT                      = 0x360
-	SYS_SETNETENT                       = 0x361
-	SYS_SETPEER                         = 0x362
-	SYS_SETPROTOENT                     = 0x363
-	SYS_SETSERVENT                      = 0x364
-	SYS_SETSOCKOPT                      = 0x365
-	SYS_SHUTDOWN                        = 0x366
-	SYS_SOCKET                          = 0x367
-	SYS_SOCKETPAIR                      = 0x368
-	SYS_WRITEV                          = 0x369
-	SYS_ENDNETENT                       = 0x370
-	SYS_CLOSELOG                        = 0x371
-	SYS_OPENLOG                         = 0x372
-	SYS_SETLOGMASK                      = 0x373
-	SYS_SYSLOG                          = 0x374
-	SYS_PTSNAME                         = 0x375
-	SYS_SETREUID                        = 0x376
-	SYS_SETREGID                        = 0x377
-	SYS_REALPATH                        = 0x378
-	SYS___SIGNGAM                       = 0x379
-	SYS_POLL                            = 0x380
-	SYS_REXEC                           = 0x381
-	SYS___ISASCII2                      = 0x382
-	SYS___TOASCII2                      = 0x383
-	SYS_CHPRIORITY                      = 0x384
-	SYS_PTHREAD_ATTR_SETSYNCTYPE_NP     = 0x385
-	SYS_PTHREAD_ATTR_GETSYNCTYPE_NP     = 0x386
-	SYS_PTHREAD_SET_LIMIT_NP            = 0x387
-	SYS___STNETENT                      = 0x388
-	SYS___STPROTOENT                    = 0x389
-	SYS___SELECT1                       = 0x390
-	SYS_PTHREAD_SECURITY_NP             = 0x391
-	SYS___CHECK_RESOURCE_AUTH_NP        = 0x392
-	SYS___CONVERT_ID_NP                 = 0x393
-	SYS___OPENVMREL                     = 0x394
-	SYS_WMEMCHR                         = 0x395
-	SYS_WMEMCMP                         = 0x396
-	SYS_WMEMCPY                         = 0x397
-	SYS_WMEMMOVE                        = 0x398
-	SYS_WMEMSET                         = 0x399
-	SYS___FPUTWC                        = 0x400
-	SYS___PUTWC                         = 0x401
-	SYS___PWCHAR                        = 0x402
-	SYS___WCSFTM                        = 0x403
-	SYS___WCSTOK                        = 0x404
-	SYS___WCWDTH                        = 0x405
-	SYS_T_ACCEPT                        = 0x409
-	SYS_T_GETINFO                       = 0x410
-	SYS_T_GETPROTADDR                   = 0x411
-	SYS_T_GETSTATE                      = 0x412
-	SYS_T_LISTEN                        = 0x413
-	SYS_T_LOOK                          = 0x414
-	SYS_T_OPEN                          = 0x415
-	SYS_T_OPTMGMT                       = 0x416
-	SYS_T_RCV                           = 0x417
-	SYS_T_RCVCONNECT                    = 0x418
-	SYS_T_RCVDIS                        = 0x419
-	SYS_T_SNDUDATA                      = 0x420
-	SYS_T_STRERROR                      = 0x421
-	SYS_T_SYNC                          = 0x422
-	SYS_T_UNBIND                        = 0x423
-	SYS___T_ERRNO                       = 0x424
-	SYS___RECVMSG2                      = 0x425
-	SYS___SENDMSG2                      = 0x426
-	SYS_FATTACH                         = 0x427
-	SYS_FDETACH                         = 0x428
-	SYS_GETMSG                          = 0x429
-	SYS_GETCONTEXT                      = 0x430
-	SYS_SETCONTEXT                      = 0x431
-	SYS_MAKECONTEXT                     = 0x432
-	SYS_SWAPCONTEXT                     = 0x433
-	SYS_PTHREAD_GETSPECIFIC_D8_NP       = 0x434
-	SYS_GETCLIENTID                     = 0x470
-	SYS___GETCLIENTID                   = 0x471
-	SYS_GETSTABLESIZE                   = 0x472
-	SYS_GETIBMOPT                       = 0x473
-	SYS_GETIBMSOCKOPT                   = 0x474
-	SYS_GIVESOCKET                      = 0x475
-	SYS_IBMSFLUSH                       = 0x476
-	SYS_MAXDESC                         = 0x477
-	SYS_SETIBMOPT                       = 0x478
-	SYS_SETIBMSOCKOPT                   = 0x479
-	SYS___SERVER_PWU                    = 0x480
-	SYS_PTHREAD_TAG_NP                  = 0x481
-	SYS___CONSOLE                       = 0x482
-	SYS___WSINIT                        = 0x483
-	SYS___IPTCPN                        = 0x489
-	SYS___SERVER_CLASSIFY               = 0x490
-	SYS___HEAPRPT                       = 0x496
-	SYS___ISBFP                         = 0x500
-	SYS___FP_CAST                       = 0x501
-	SYS___CERTIFICATE                   = 0x502
-	SYS_SEND_FILE                       = 0x503
-	SYS_AIO_CANCEL                      = 0x504
-	SYS_AIO_ERROR                       = 0x505
-	SYS_AIO_READ                        = 0x506
-	SYS_AIO_RETURN                      = 0x507
-	SYS_AIO_SUSPEND                     = 0x508
-	SYS_AIO_WRITE                       = 0x509
-	SYS_PTHREAD_RWLOCK_TRYWRLOCK        = 0x510
-	SYS_PTHREAD_RWLOCK_UNLOCK           = 0x511
-	SYS_PTHREAD_RWLOCK_WRLOCK           = 0x512
-	SYS_PTHREAD_RWLOCKATTR_GETPSHARED   = 0x513
-	SYS_PTHREAD_RWLOCKATTR_SETPSHARED   = 0x514
-	SYS_PTHREAD_RWLOCKATTR_INIT         = 0x515
-	SYS_PTHREAD_RWLOCKATTR_DESTROY      = 0x516
-	SYS___CTTBL                         = 0x517
-	SYS_PTHREAD_MUTEXATTR_SETTYPE       = 0x518
-	SYS_PTHREAD_MUTEXATTR_GETTYPE       = 0x519
-	SYS___FP_UNORDERED                  = 0x520
-	SYS___FP_READ_RND                   = 0x521
-	SYS___FP_READ_RND_B                 = 0x522
-	SYS___FP_SWAP_RND                   = 0x523
-	SYS___FP_SWAP_RND_B                 = 0x524
-	SYS___FP_LEVEL                      = 0x525
-	SYS___FP_BTOH                       = 0x526
-	SYS___FP_HTOB                       = 0x527
-	SYS___FPC_RD                        = 0x528
-	SYS___FPC_WR                        = 0x529
-	SYS_PTHREAD_SETCANCELTYPE           = 0x600
-	SYS_PTHREAD_TESTCANCEL              = 0x601
-	SYS___ATANF_B                       = 0x602
-	SYS___ATANL_B                       = 0x603
-	SYS___CEILF_B                       = 0x604
-	SYS___CEILL_B                       = 0x605
-	SYS___COSF_B                        = 0x606
-	SYS___COSL_B                        = 0x607
-	SYS___FABSF_B                       = 0x608
-	SYS___FABSL_B                       = 0x609
-	SYS___SINF_B                        = 0x610
-	SYS___SINL_B                        = 0x611
-	SYS___TANF_B                        = 0x612
-	SYS___TANL_B                        = 0x613
-	SYS___TANHF_B                       = 0x614
-	SYS___TANHL_B                       = 0x615
-	SYS___ACOSF_B                       = 0x616
-	SYS___ACOSL_B                       = 0x617
-	SYS___ASINF_B                       = 0x618
-	SYS___ASINL_B                       = 0x619
-	SYS___LOGF_B                        = 0x620
-	SYS___LOGL_B                        = 0x621
-	SYS___LOG10F_B                      = 0x622
-	SYS___LOG10L_B                      = 0x623
-	SYS___POWF_B                        = 0x624
-	SYS___POWL_B                        = 0x625
-	SYS___SINHF_B                       = 0x626
-	SYS___SINHL_B                       = 0x627
-	SYS___SQRTF_B                       = 0x628
-	SYS___SQRTL_B                       = 0x629
-	SYS___MODFL_B                       = 0x630
-	SYS_ABSF                            = 0x631
-	SYS_ABSL                            = 0x632
-	SYS_ACOSF                           = 0x633
-	SYS_ACOSL                           = 0x634
-	SYS_ASINF                           = 0x635
-	SYS_ASINL                           = 0x636
-	SYS_ATAN2F                          = 0x637
-	SYS_ATAN2L                          = 0x638
-	SYS_ATANF                           = 0x639
-	SYS_COSHL                           = 0x640
-	SYS_EXPF                            = 0x641
-	SYS_EXPL                            = 0x642
-	SYS_TANHF                           = 0x643
-	SYS_TANHL                           = 0x644
-	SYS_LOG10F                          = 0x645
-	SYS_LOG10L                          = 0x646
-	SYS_LOGF                            = 0x647
-	SYS_LOGL                            = 0x648
-	SYS_POWF                            = 0x649
-	SYS_SINHL                           = 0x650
-	SYS_TANF                            = 0x651
-	SYS_TANL                            = 0x652
-	SYS_FABSF                           = 0x653
-	SYS_FABSL                           = 0x654
-	SYS_FLOORF                          = 0x655
-	SYS_FLOORL                          = 0x656
-	SYS_FMODF                           = 0x657
-	SYS_FMODL                           = 0x658
-	SYS_FREXPF                          = 0x659
-	SYS___CHATTR                        = 0x660
-	SYS___FCHATTR                       = 0x661
-	SYS___TOCCSID                       = 0x662
-	SYS___CSNAMETYPE                    = 0x663
-	SYS___TOCSNAME                      = 0x664
-	SYS___CCSIDTYPE                     = 0x665
-	SYS___AE_CORRESTBL_QUERY            = 0x666
-	SYS___AE_AUTOCONVERT_STATE          = 0x667
-	SYS_DN_FIND                         = 0x668
-	SYS___GETHOSTBYADDR_A               = 0x669
-	SYS___MBLEN_SB_A                    = 0x670
-	SYS___MBLEN_STD_A                   = 0x671
-	SYS___MBLEN_UTF                     = 0x672
-	SYS___MBSTOWCS_A                    = 0x673
-	SYS___MBSTOWCS_STD_A                = 0x674
-	SYS___MBTOWC_A                      = 0x675
-	SYS___MBTOWC_ISO1                   = 0x676
-	SYS___MBTOWC_SBCS                   = 0x677
-	SYS___MBTOWC_MBCS                   = 0x678
-	SYS___MBTOWC_UTF                    = 0x679
-	SYS___CSID_A                        = 0x680
-	SYS___CSID_STD_A                    = 0x681
-	SYS___WCSID_A                       = 0x682
-	SYS___WCSID_STD_A                   = 0x683
-	SYS___WCTOMB_A                      = 0x684
-	SYS___WCTOMB_ISO1                   = 0x685
-	SYS___WCTOMB_STD_A                  = 0x686
-	SYS___WCTOMB_UTF                    = 0x687
-	SYS___WCWIDTH_A                     = 0x688
-	SYS___GETGRNAM_R_A                  = 0x689
-	SYS___READDIR_R_A                   = 0x690
-	SYS___E2A_S                         = 0x691
-	SYS___FNMATCH_A                     = 0x692
-	SYS___FNMATCH_C_A                   = 0x693
-	SYS___EXECL_A                       = 0x694
-	SYS___FNMATCH_STD_A                 = 0x695
-	SYS___REGCOMP_A                     = 0x696
-	SYS___REGCOMP_STD_A                 = 0x697
-	SYS___REGERROR_A                    = 0x698
-	SYS___REGERROR_STD_A                = 0x699
-	SYS___SWPRINTF_A                    = 0x700
-	SYS___FSCANF_A                      = 0x701
-	SYS___SCANF_A                       = 0x702
-	SYS___SSCANF_A                      = 0x703
-	SYS___SWSCANF_A                     = 0x704
-	SYS___ATOF_A                        = 0x705
-	SYS___ATOI_A                        = 0x706
-	SYS___ATOL_A                        = 0x707
-	SYS___STRTOD_A                      = 0x708
-	SYS___STRTOL_A                      = 0x709
-	SYS___L64A_A                        = 0x710
-	SYS___STRERROR_A                    = 0x711
-	SYS___PERROR_A                      = 0x712
-	SYS___FETCH_A                       = 0x713
-	SYS___GETENV_A                      = 0x714
-	SYS___MKSTEMP_A                     = 0x717
-	SYS___PTSNAME_A                     = 0x718
-	SYS___PUTENV_A                      = 0x719
-	SYS___CHDIR_A                       = 0x720
-	SYS___CHOWN_A                       = 0x721
-	SYS___CHROOT_A                      = 0x722
-	SYS___GETCWD_A                      = 0x723
-	SYS___GETWD_A                       = 0x724
-	SYS___LCHOWN_A                      = 0x725
-	SYS___LINK_A                        = 0x726
-	SYS___PATHCONF_A                    = 0x727
-	SYS___IF_NAMEINDEX_A                = 0x728
-	SYS___READLINK_A                    = 0x729
-	SYS___EXTLINK_NP_A                  = 0x730
-	SYS___ISALNUM_A                     = 0x731
-	SYS___ISALPHA_A                     = 0x732
-	SYS___A2E_S                         = 0x733
-	SYS___ISCNTRL_A                     = 0x734
-	SYS___ISDIGIT_A                     = 0x735
-	SYS___ISGRAPH_A                     = 0x736
-	SYS___ISLOWER_A                     = 0x737
-	SYS___ISPRINT_A                     = 0x738
-	SYS___ISPUNCT_A                     = 0x739
-	SYS___ISWALPHA_A                    = 0x740
-	SYS___A2E_L                         = 0x741
-	SYS___ISWCNTRL_A                    = 0x742
-	SYS___ISWDIGIT_A                    = 0x743
-	SYS___ISWGRAPH_A                    = 0x744
-	SYS___ISWLOWER_A                    = 0x745
-	SYS___ISWPRINT_A                    = 0x746
-	SYS___ISWPUNCT_A                    = 0x747
-	SYS___ISWSPACE_A                    = 0x748
-	SYS___ISWUPPER_A                    = 0x749
-	SYS___REMOVE_A                      = 0x750
-	SYS___RENAME_A                      = 0x751
-	SYS___TMPNAM_A                      = 0x752
-	SYS___FOPEN_A                       = 0x753
-	SYS___FREOPEN_A                     = 0x754
-	SYS___CUSERID_A                     = 0x755
-	SYS___POPEN_A                       = 0x756
-	SYS___TEMPNAM_A                     = 0x757
-	SYS___FTW_A                         = 0x758
-	SYS___GETGRENT_A                    = 0x759
-	SYS___INET_NTOP_A                   = 0x760
-	SYS___GETPASS_A                     = 0x761
-	SYS___GETPWENT_A                    = 0x762
-	SYS___GETPWNAM_A                    = 0x763
-	SYS___GETPWUID_A                    = 0x764
-	SYS_____CHECK_RESOURCE_AUTH_NP_A    = 0x765
-	SYS___CHECKSCHENV_A                 = 0x766
-	SYS___CONNECTSERVER_A               = 0x767
-	SYS___CONNECTWORKMGR_A              = 0x768
-	SYS_____CONSOLE_A                   = 0x769
-	SYS___MSGSND_A                      = 0x770
-	SYS___MSGXRCV_A                     = 0x771
-	SYS___NFTW_A                        = 0x772
-	SYS_____PASSWD_A                    = 0x773
-	SYS___PTHREAD_SECURITY_NP_A         = 0x774
-	SYS___QUERYMETRICS_A                = 0x775
-	SYS___QUERYSCHENV                   = 0x776
-	SYS___READV_A                       = 0x777
-	SYS_____SERVER_CLASSIFY_A           = 0x778
-	SYS_____SERVER_INIT_A               = 0x779
-	SYS___W_GETPSENT_A                  = 0x780
-	SYS___WRITEV_A                      = 0x781
-	SYS___W_STATFS_A                    = 0x782
-	SYS___W_STATVFS_A                   = 0x783
-	SYS___FPUTC_A                       = 0x784
-	SYS___PUTCHAR_A                     = 0x785
-	SYS___PUTS_A                        = 0x786
-	SYS___FGETS_A                       = 0x787
-	SYS___GETS_A                        = 0x788
-	SYS___FPUTS_A                       = 0x789
-	SYS___PUTC_A                        = 0x790
-	SYS___AE_THREAD_SETMODE             = 0x791
-	SYS___AE_THREAD_SWAPMODE            = 0x792
-	SYS___GETNETBYADDR_A                = 0x793
-	SYS___GETNETBYNAME_A                = 0x794
-	SYS___GETNETENT_A                   = 0x795
-	SYS___GETPROTOBYNAME_A              = 0x796
-	SYS___GETPROTOBYNUMBER_A            = 0x797
-	SYS___GETPROTOENT_A                 = 0x798
-	SYS___GETSERVBYNAME_A               = 0x799
-	SYS_ACL_FIRST_ENTRY                 = 0x800
-	SYS_ACL_GET_ENTRY                   = 0x801
-	SYS_ACL_VALID                       = 0x802
-	SYS_ACL_CREATE_ENTRY                = 0x803
-	SYS_ACL_DELETE_ENTRY                = 0x804
-	SYS_ACL_UPDATE_ENTRY                = 0x805
-	SYS_ACL_DELETE_FD                   = 0x806
-	SYS_ACL_DELETE_FILE                 = 0x807
-	SYS_ACL_GET_FD                      = 0x808
-	SYS_ACL_GET_FILE                    = 0x809
-	SYS___ERFL_B                        = 0x810
-	SYS___ERFCL_B                       = 0x811
-	SYS___LGAMMAL_B                     = 0x812
-	SYS___SETHOOKEVENTS                 = 0x813
-	SYS_IF_NAMETOINDEX                  = 0x814
-	SYS_IF_INDEXTONAME                  = 0x815
-	SYS_IF_NAMEINDEX                    = 0x816
-	SYS_IF_FREENAMEINDEX                = 0x817
-	SYS_GETADDRINFO                     = 0x818
-	SYS_GETNAMEINFO                     = 0x819
-	SYS___DYNFREE_A                     = 0x820
-	SYS___RES_QUERY_A                   = 0x821
-	SYS___RES_SEARCH_A                  = 0x822
-	SYS___RES_QUERYDOMAIN_A             = 0x823
-	SYS___RES_MKQUERY_A                 = 0x824
-	SYS___RES_SEND_A                    = 0x825
-	SYS___DN_EXPAND_A                   = 0x826
-	SYS___DN_SKIPNAME_A                 = 0x827
-	SYS___DN_COMP_A                     = 0x828
-	SYS___DN_FIND_A                     = 0x829
-	SYS___INET_NTOA_A                   = 0x830
-	SYS___INET_NETWORK_A                = 0x831
-	SYS___ACCEPT_A                      = 0x832
-	SYS___ACCEPT_AND_RECV_A             = 0x833
-	SYS___BIND_A                        = 0x834
-	SYS___CONNECT_A                     = 0x835
-	SYS___GETPEERNAME_A                 = 0x836
-	SYS___GETSOCKNAME_A                 = 0x837
-	SYS___RECVFROM_A                    = 0x838
-	SYS___SENDTO_A                      = 0x839
-	SYS___LCHATTR                       = 0x840
-	SYS___WRITEDOWN                     = 0x841
-	SYS_PTHREAD_MUTEX_INIT2             = 0x842
-	SYS___ACOSHF_B                      = 0x843
-	SYS___ACOSHL_B                      = 0x844
-	SYS___ASINHF_B                      = 0x845
-	SYS___ASINHL_B                      = 0x846
-	SYS___ATANHF_B                      = 0x847
-	SYS___ATANHL_B                      = 0x848
-	SYS___CBRTF_B                       = 0x849
-	SYS___EXP2F_B                       = 0x850
-	SYS___EXP2L_B                       = 0x851
-	SYS___EXPM1F_B                      = 0x852
-	SYS___EXPM1L_B                      = 0x853
-	SYS___FDIMF_B                       = 0x854
-	SYS___FDIM_B                        = 0x855
-	SYS___FDIML_B                       = 0x856
-	SYS___HYPOTF_B                      = 0x857
-	SYS___HYPOTL_B                      = 0x858
-	SYS___LOG1PF_B                      = 0x859
-	SYS___REMQUOF_B                     = 0x860
-	SYS___REMQUO_B                      = 0x861
-	SYS___REMQUOL_B                     = 0x862
-	SYS___TGAMMAF_B                     = 0x863
-	SYS___TGAMMA_B                      = 0x864
-	SYS___TGAMMAL_B                     = 0x865
-	SYS___TRUNCF_B                      = 0x866
-	SYS___TRUNC_B                       = 0x867
-	SYS___TRUNCL_B                      = 0x868
-	SYS___LGAMMAF_B                     = 0x869
-	SYS_ASINHF                          = 0x870
-	SYS_ASINHL                          = 0x871
-	SYS_ATANHF                          = 0x872
-	SYS_ATANHL                          = 0x873
-	SYS_CBRTF                           = 0x874
-	SYS_CBRTL                           = 0x875
-	SYS_COPYSIGNF                       = 0x876
-	SYS_CPYSIGNF                        = 0x876
-	SYS_COPYSIGNL                       = 0x877
-	SYS_CPYSIGNL                        = 0x877
-	SYS_COTANF                          = 0x878
-	SYS___COTANF                        = 0x878
-	SYS_COTAN                           = 0x879
-	SYS___COTAN                         = 0x879
-	SYS_FDIM                            = 0x881
-	SYS_FDIML                           = 0x882
-	SYS_HYPOTF                          = 0x883
-	SYS_HYPOTL                          = 0x884
-	SYS_LOG1PF                          = 0x885
-	SYS_LOG1PL                          = 0x886
-	SYS_LOG2F                           = 0x887
-	SYS_LOG2                            = 0x888
-	SYS_LOG2L                           = 0x889
-	SYS_TGAMMA                          = 0x890
-	SYS_TGAMMAL                         = 0x891
-	SYS_TRUNCF                          = 0x892
-	SYS_TRUNC                           = 0x893
-	SYS_TRUNCL                          = 0x894
-	SYS_LGAMMAF                         = 0x895
-	SYS_LGAMMAL                         = 0x896
-	SYS_LROUNDF                         = 0x897
-	SYS_LROUND                          = 0x898
-	SYS_ERFF                            = 0x899
-	SYS___COSHF_H                       = 0x900
-	SYS___COSHL_H                       = 0x901
-	SYS___COTAN_H                       = 0x902
-	SYS___COTANF_H                      = 0x903
-	SYS___COTANL_H                      = 0x904
-	SYS___ERF_H                         = 0x905
-	SYS___ERFF_H                        = 0x906
-	SYS___ERFL_H                        = 0x907
-	SYS___ERFC_H                        = 0x908
-	SYS___ERFCF_H                       = 0x909
-	SYS___FDIMF_H                       = 0x910
-	SYS___FDIML_H                       = 0x911
-	SYS___FMOD_H                        = 0x912
-	SYS___FMODF_H                       = 0x913
-	SYS___FMODL_H                       = 0x914
-	SYS___GAMMA_H                       = 0x915
-	SYS___HYPOT_H                       = 0x916
-	SYS___ILOGB_H                       = 0x917
-	SYS___LGAMMA_H                      = 0x918
-	SYS___LGAMMAF_H                     = 0x919
-	SYS___LOG2L_H                       = 0x920
-	SYS___LOG1P_H                       = 0x921
-	SYS___LOG10_H                       = 0x922
-	SYS___LOG10F_H                      = 0x923
-	SYS___LOG10L_H                      = 0x924
-	SYS___LROUND_H                      = 0x925
-	SYS___LROUNDF_H                     = 0x926
-	SYS___NEXTAFTER_H                   = 0x927
-	SYS___POW_H                         = 0x928
-	SYS___POWF_H                        = 0x929
-	SYS___SINL_H                        = 0x930
-	SYS___SINH_H                        = 0x931
-	SYS___SINHF_H                       = 0x932
-	SYS___SINHL_H                       = 0x933
-	SYS___SQRT_H                        = 0x934
-	SYS___SQRTF_H                       = 0x935
-	SYS___SQRTL_H                       = 0x936
-	SYS___TAN_H                         = 0x937
-	SYS___TANF_H                        = 0x938
-	SYS___TANL_H                        = 0x939
-	SYS___TRUNCF_H                      = 0x940
-	SYS___TRUNCL_H                      = 0x941
-	SYS___COSH_H                        = 0x942
-	SYS___LE_DEBUG_SET_RESUME_MCH       = 0x943
-	SYS_VFSCANF                         = 0x944
-	SYS_VSCANF                          = 0x946
-	SYS_VSSCANF                         = 0x948
-	SYS_IMAXABS                         = 0x950
-	SYS_IMAXDIV                         = 0x951
-	SYS_STRTOIMAX                       = 0x952
-	SYS_STRTOUMAX                       = 0x953
-	SYS_WCSTOIMAX                       = 0x954
-	SYS_WCSTOUMAX                       = 0x955
-	SYS_ATOLL                           = 0x956
-	SYS_STRTOF                          = 0x957
-	SYS_STRTOLD                         = 0x958
-	SYS_WCSTOF                          = 0x959
-	SYS_INET6_RTH_GETADDR               = 0x960
-	SYS_INET6_OPT_INIT                  = 0x961
-	SYS_INET6_OPT_APPEND                = 0x962
-	SYS_INET6_OPT_FINISH                = 0x963
-	SYS_INET6_OPT_SET_VAL               = 0x964
-	SYS_INET6_OPT_NEXT                  = 0x965
-	SYS_INET6_OPT_FIND                  = 0x966
-	SYS_INET6_OPT_GET_VAL               = 0x967
-	SYS___POW_I                         = 0x987
-	SYS___POW_I_B                       = 0x988
-	SYS___POW_I_H                       = 0x989
-	SYS___CABS_H                        = 0x990
-	SYS_CABSF                           = 0x991
-	SYS___CABSF_B                       = 0x992
-	SYS___CABSF_H                       = 0x993
-	SYS_CABSL                           = 0x994
-	SYS___CABSL_B                       = 0x995
-	SYS___CABSL_H                       = 0x996
-	SYS_CACOS                           = 0x997
-	SYS___CACOS_B                       = 0x998
-	SYS___CACOS_H                       = 0x999
+	SYS_LOG                             = 0x17  // 23
+	SYS_COSH                            = 0x18  // 24
+	SYS_TANH                            = 0x19  // 25
+	SYS_EXP                             = 0x1A  // 26
+	SYS_MODF                            = 0x1B  // 27
+	SYS_LOG10                           = 0x1C  // 28
+	SYS_FREXP                           = 0x1D  // 29
+	SYS_LDEXP                           = 0x1E  // 30
+	SYS_CEIL                            = 0x1F  // 31
+	SYS_POW                             = 0x20  // 32
+	SYS_SQRT                            = 0x21  // 33
+	SYS_FLOOR                           = 0x22  // 34
+	SYS_J1                              = 0x23  // 35
+	SYS_FABS                            = 0x24  // 36
+	SYS_FMOD                            = 0x25  // 37
+	SYS_J0                              = 0x26  // 38
+	SYS_YN                              = 0x27  // 39
+	SYS_JN                              = 0x28  // 40
+	SYS_Y0                              = 0x29  // 41
+	SYS_Y1                              = 0x2A  // 42
+	SYS_HYPOT                           = 0x2B  // 43
+	SYS_ERF                             = 0x2C  // 44
+	SYS_ERFC                            = 0x2D  // 45
+	SYS_GAMMA                           = 0x2E  // 46
+	SYS_ISALPHA                         = 0x30  // 48
+	SYS_ISALNUM                         = 0x31  // 49
+	SYS_ISLOWER                         = 0x32  // 50
+	SYS_ISCNTRL                         = 0x33  // 51
+	SYS_ISDIGIT                         = 0x34  // 52
+	SYS_ISGRAPH                         = 0x35  // 53
+	SYS_ISUPPER                         = 0x36  // 54
+	SYS_ISPRINT                         = 0x37  // 55
+	SYS_ISPUNCT                         = 0x38  // 56
+	SYS_ISSPACE                         = 0x39  // 57
+	SYS_SETLOCAL                        = 0x3A  // 58
+	SYS_SETLOCALE                       = 0x3A  // 58
+	SYS_ISXDIGIT                        = 0x3B  // 59
+	SYS_TOLOWER                         = 0x3C  // 60
+	SYS_TOUPPER                         = 0x3D  // 61
+	SYS_ASIN                            = 0x3E  // 62
+	SYS_SIN                             = 0x3F  // 63
+	SYS_COS                             = 0x40  // 64
+	SYS_TAN                             = 0x41  // 65
+	SYS_SINH                            = 0x42  // 66
+	SYS_ACOS                            = 0x43  // 67
+	SYS_ATAN                            = 0x44  // 68
+	SYS_ATAN2                           = 0x45  // 69
+	SYS_FTELL                           = 0x46  // 70
+	SYS_FGETPOS                         = 0x47  // 71
+	SYS_FSEEK                           = 0x48  // 72
+	SYS_FSETPOS                         = 0x49  // 73
+	SYS_FERROR                          = 0x4A  // 74
+	SYS_REWIND                          = 0x4B  // 75
+	SYS_CLEARERR                        = 0x4C  // 76
+	SYS_FEOF                            = 0x4D  // 77
+	SYS_ATOL                            = 0x4E  // 78
+	SYS_PERROR                          = 0x4F  // 79
+	SYS_ATOF                            = 0x50  // 80
+	SYS_ATOI                            = 0x51  // 81
+	SYS_RAND                            = 0x52  // 82
+	SYS_STRTOD                          = 0x53  // 83
+	SYS_STRTOL                          = 0x54  // 84
+	SYS_STRTOUL                         = 0x55  // 85
+	SYS_MALLOC                          = 0x56  // 86
+	SYS_SRAND                           = 0x57  // 87
+	SYS_CALLOC                          = 0x58  // 88
+	SYS_FREE                            = 0x59  // 89
+	SYS_EXIT                            = 0x5A  // 90
+	SYS_REALLOC                         = 0x5B  // 91
+	SYS_ABORT                           = 0x5C  // 92
+	SYS___ABORT                         = 0x5C  // 92
+	SYS_ATEXIT                          = 0x5D  // 93
+	SYS_RAISE                           = 0x5E  // 94
+	SYS_SETJMP                          = 0x5F  // 95
+	SYS_LONGJMP                         = 0x60  // 96
+	SYS_SIGNAL                          = 0x61  // 97
+	SYS_TMPNAM                          = 0x62  // 98
+	SYS_REMOVE                          = 0x63  // 99
+	SYS_RENAME                          = 0x64  // 100
+	SYS_TMPFILE                         = 0x65  // 101
+	SYS_FREOPEN                         = 0x66  // 102
+	SYS_FCLOSE                          = 0x67  // 103
+	SYS_FFLUSH                          = 0x68  // 104
+	SYS_FOPEN                           = 0x69  // 105
+	SYS_FSCANF                          = 0x6A  // 106
+	SYS_SETBUF                          = 0x6B  // 107
+	SYS_SETVBUF                         = 0x6C  // 108
+	SYS_FPRINTF                         = 0x6D  // 109
+	SYS_SSCANF                          = 0x6E  // 110
+	SYS_PRINTF                          = 0x6F  // 111
+	SYS_SCANF                           = 0x70  // 112
+	SYS_SPRINTF                         = 0x71  // 113
+	SYS_FGETC                           = 0x72  // 114
+	SYS_VFPRINTF                        = 0x73  // 115
+	SYS_VPRINTF                         = 0x74  // 116
+	SYS_VSPRINTF                        = 0x75  // 117
+	SYS_GETC                            = 0x76  // 118
+	SYS_FGETS                           = 0x77  // 119
+	SYS_FPUTC                           = 0x78  // 120
+	SYS_FPUTS                           = 0x79  // 121
+	SYS_PUTCHAR                         = 0x7A  // 122
+	SYS_GETCHAR                         = 0x7B  // 123
+	SYS_GETS                            = 0x7C  // 124
+	SYS_PUTC                            = 0x7D  // 125
+	SYS_FWRITE                          = 0x7E  // 126
+	SYS_PUTS                            = 0x7F  // 127
+	SYS_UNGETC                          = 0x80  // 128
+	SYS_FREAD                           = 0x81  // 129
+	SYS_WCSTOMBS                        = 0x82  // 130
+	SYS_MBTOWC                          = 0x83  // 131
+	SYS_WCTOMB                          = 0x84  // 132
+	SYS_MBSTOWCS                        = 0x85  // 133
+	SYS_WCSCPY                          = 0x86  // 134
+	SYS_WCSCAT                          = 0x87  // 135
+	SYS_WCSCHR                          = 0x88  // 136
+	SYS_WCSCMP                          = 0x89  // 137
+	SYS_WCSNCMP                         = 0x8A  // 138
+	SYS_WCSCSPN                         = 0x8B  // 139
+	SYS_WCSLEN                          = 0x8C  // 140
+	SYS_WCSNCAT                         = 0x8D  // 141
+	SYS_WCSSPN                          = 0x8E  // 142
+	SYS_WCSNCPY                         = 0x8F  // 143
+	SYS_ABS                             = 0x90  // 144
+	SYS_DIV                             = 0x91  // 145
+	SYS_LABS                            = 0x92  // 146
+	SYS_STRNCPY                         = 0x93  // 147
+	SYS_MEMCPY                          = 0x94  // 148
+	SYS_MEMMOVE                         = 0x95  // 149
+	SYS_STRCPY                          = 0x96  // 150
+	SYS_STRCMP                          = 0x97  // 151
+	SYS_STRCAT                          = 0x98  // 152
+	SYS_STRNCAT                         = 0x99  // 153
+	SYS_MEMCMP                          = 0x9A  // 154
+	SYS_MEMCHR                          = 0x9B  // 155
+	SYS_STRCOLL                         = 0x9C  // 156
+	SYS_STRNCMP                         = 0x9D  // 157
+	SYS_STRXFRM                         = 0x9E  // 158
+	SYS_STRRCHR                         = 0x9F  // 159
+	SYS_STRCHR                          = 0xA0  // 160
+	SYS_STRCSPN                         = 0xA1  // 161
+	SYS_STRPBRK                         = 0xA2  // 162
+	SYS_MEMSET                          = 0xA3  // 163
+	SYS_STRSPN                          = 0xA4  // 164
+	SYS_STRSTR                          = 0xA5  // 165
+	SYS_STRTOK                          = 0xA6  // 166
+	SYS_DIFFTIME                        = 0xA7  // 167
+	SYS_STRERROR                        = 0xA8  // 168
+	SYS_STRLEN                          = 0xA9  // 169
+	SYS_CLOCK                           = 0xAA  // 170
+	SYS_CTIME                           = 0xAB  // 171
+	SYS_MKTIME                          = 0xAC  // 172
+	SYS_TIME                            = 0xAD  // 173
+	SYS_ASCTIME                         = 0xAE  // 174
+	SYS_MBLEN                           = 0xAF  // 175
+	SYS_GMTIME                          = 0xB0  // 176
+	SYS_LOCALTIM                        = 0xB1  // 177
+	SYS_LOCALTIME                       = 0xB1  // 177
+	SYS_STRFTIME                        = 0xB2  // 178
+	SYS___GETCB                         = 0xB4  // 180
+	SYS_FUPDATE                         = 0xB5  // 181
+	SYS___FUPDT                         = 0xB5  // 181
+	SYS_CLRMEMF                         = 0xBD  // 189
+	SYS___CLRMF                         = 0xBD  // 189
+	SYS_FETCHEP                         = 0xBF  // 191
+	SYS___FTCHEP                        = 0xBF  // 191
+	SYS_FLDATA                          = 0xC1  // 193
+	SYS___FLDATA                        = 0xC1  // 193
+	SYS_DYNFREE                         = 0xC2  // 194
+	SYS___DYNFRE                        = 0xC2  // 194
+	SYS_DYNALLOC                        = 0xC3  // 195
+	SYS___DYNALL                        = 0xC3  // 195
+	SYS___CDUMP                         = 0xC4  // 196
+	SYS_CSNAP                           = 0xC5  // 197
+	SYS___CSNAP                         = 0xC5  // 197
+	SYS_CTRACE                          = 0xC6  // 198
+	SYS___CTRACE                        = 0xC6  // 198
+	SYS___CTEST                         = 0xC7  // 199
+	SYS_SETENV                          = 0xC8  // 200
+	SYS___SETENV                        = 0xC8  // 200
+	SYS_CLEARENV                        = 0xC9  // 201
+	SYS___CLRENV                        = 0xC9  // 201
+	SYS___REGCOMP_STD                   = 0xEA  // 234
+	SYS_NL_LANGINFO                     = 0xFC  // 252
+	SYS_GETSYNTX                        = 0xFD  // 253
+	SYS_ISBLANK                         = 0xFE  // 254
+	SYS___ISBLNK                        = 0xFE  // 254
+	SYS_ISWALNUM                        = 0xFF  // 255
+	SYS_ISWALPHA                        = 0x100 // 256
+	SYS_ISWBLANK                        = 0x101 // 257
+	SYS___ISWBLK                        = 0x101 // 257
+	SYS_ISWCNTRL                        = 0x102 // 258
+	SYS_ISWDIGIT                        = 0x103 // 259
+	SYS_ISWGRAPH                        = 0x104 // 260
+	SYS_ISWLOWER                        = 0x105 // 261
+	SYS_ISWPRINT                        = 0x106 // 262
+	SYS_ISWPUNCT                        = 0x107 // 263
+	SYS_ISWSPACE                        = 0x108 // 264
+	SYS_ISWUPPER                        = 0x109 // 265
+	SYS_ISWXDIGI                        = 0x10A // 266
+	SYS_ISWXDIGIT                       = 0x10A // 266
+	SYS_WCTYPE                          = 0x10B // 267
+	SYS_ISWCTYPE                        = 0x10C // 268
+	SYS_TOWLOWER                        = 0x10D // 269
+	SYS_TOWUPPER                        = 0x10E // 270
+	SYS_MBSINIT                         = 0x10F // 271
+	SYS_WCTOB                           = 0x110 // 272
+	SYS_MBRLEN                          = 0x111 // 273
+	SYS_MBRTOWC                         = 0x112 // 274
+	SYS_MBSRTOWC                        = 0x113 // 275
+	SYS_MBSRTOWCS                       = 0x113 // 275
+	SYS_WCRTOMB                         = 0x114 // 276
+	SYS_WCSRTOMB                        = 0x115 // 277
+	SYS_WCSRTOMBS                       = 0x115 // 277
+	SYS___CSID                          = 0x116 // 278
+	SYS___WCSID                         = 0x117 // 279
+	SYS_STRPTIME                        = 0x118 // 280
+	SYS___STRPTM                        = 0x118 // 280
+	SYS_STRFMON                         = 0x119 // 281
+	SYS___RPMTCH                        = 0x11A // 282
+	SYS_WCSSTR                          = 0x11B // 283
+	SYS_WCSTOK                          = 0x12C // 300
+	SYS_WCSTOL                          = 0x12D // 301
+	SYS_WCSTOD                          = 0x12E // 302
+	SYS_WCSTOUL                         = 0x12F // 303
+	SYS_WCSCOLL                         = 0x130 // 304
+	SYS_WCSXFRM                         = 0x131 // 305
+	SYS_WCSWIDTH                        = 0x132 // 306
+	SYS_WCWIDTH                         = 0x133 // 307
+	SYS_WCSFTIME                        = 0x134 // 308
+	SYS_SWPRINTF                        = 0x135 // 309
+	SYS_VSWPRINT                        = 0x136 // 310
+	SYS_VSWPRINTF                       = 0x136 // 310
+	SYS_SWSCANF                         = 0x137 // 311
+	SYS_REGCOMP                         = 0x138 // 312
+	SYS_REGEXEC                         = 0x139 // 313
+	SYS_REGFREE                         = 0x13A // 314
+	SYS_REGERROR                        = 0x13B // 315
+	SYS_FGETWC                          = 0x13C // 316
+	SYS_FGETWS                          = 0x13D // 317
+	SYS_FPUTWC                          = 0x13E // 318
+	SYS_FPUTWS                          = 0x13F // 319
+	SYS_GETWC                           = 0x140 // 320
+	SYS_GETWCHAR                        = 0x141 // 321
+	SYS_PUTWC                           = 0x142 // 322
+	SYS_PUTWCHAR                        = 0x143 // 323
+	SYS_UNGETWC                         = 0x144 // 324
+	SYS_ICONV_OPEN                      = 0x145 // 325
+	SYS_ICONV                           = 0x146 // 326
+	SYS_ICONV_CLOSE                     = 0x147 // 327
+	SYS_ISMCCOLLEL                      = 0x14C // 332
+	SYS_STRTOCOLL                       = 0x14D // 333
+	SYS_COLLTOSTR                       = 0x14E // 334
+	SYS_COLLEQUIV                       = 0x14F // 335
+	SYS_COLLRANGE                       = 0x150 // 336
+	SYS_CCLASS                          = 0x151 // 337
+	SYS_COLLORDER                       = 0x152 // 338
+	SYS___DEMANGLE                      = 0x154 // 340
+	SYS_FDOPEN                          = 0x155 // 341
+	SYS___ERRNO                         = 0x156 // 342
+	SYS___ERRNO2                        = 0x157 // 343
+	SYS___TERROR                        = 0x158 // 344
+	SYS_MAXCOLL                         = 0x169 // 361
+	SYS_GETMCCOLL                       = 0x16A // 362
+	SYS_GETWMCCOLL                      = 0x16B // 363
+	SYS___ERR2AD                        = 0x16C // 364
+	SYS_DLLQUERYFN                      = 0x16D // 365
+	SYS_DLLQUERYVAR                     = 0x16E // 366
+	SYS_DLLFREE                         = 0x16F // 367
+	SYS_DLLLOAD                         = 0x170 // 368
+	SYS__EXIT                           = 0x174 // 372
+	SYS_ACCESS                          = 0x175 // 373
+	SYS_ALARM                           = 0x176 // 374
+	SYS_CFGETISPEED                     = 0x177 // 375
+	SYS_CFGETOSPEED                     = 0x178 // 376
+	SYS_CFSETISPEED                     = 0x179 // 377
+	SYS_CFSETOSPEED                     = 0x17A // 378
+	SYS_CHDIR                           = 0x17B // 379
+	SYS_CHMOD                           = 0x17C // 380
+	SYS_CHOWN                           = 0x17D // 381
+	SYS_CLOSE                           = 0x17E // 382
+	SYS_CLOSEDIR                        = 0x17F // 383
+	SYS_CREAT                           = 0x180 // 384
+	SYS_CTERMID                         = 0x181 // 385
+	SYS_DUP                             = 0x182 // 386
+	SYS_DUP2                            = 0x183 // 387
+	SYS_EXECL                           = 0x184 // 388
+	SYS_EXECLE                          = 0x185 // 389
+	SYS_EXECLP                          = 0x186 // 390
+	SYS_EXECV                           = 0x187 // 391
+	SYS_EXECVE                          = 0x188 // 392
+	SYS_EXECVP                          = 0x189 // 393
+	SYS_FCHMOD                          = 0x18A // 394
+	SYS_FCHOWN                          = 0x18B // 395
+	SYS_FCNTL                           = 0x18C // 396
+	SYS_FILENO                          = 0x18D // 397
+	SYS_FORK                            = 0x18E // 398
+	SYS_FPATHCONF                       = 0x18F // 399
+	SYS_FSTAT                           = 0x190 // 400
+	SYS_FSYNC                           = 0x191 // 401
+	SYS_FTRUNCATE                       = 0x192 // 402
+	SYS_GETCWD                          = 0x193 // 403
+	SYS_GETEGID                         = 0x194 // 404
+	SYS_GETEUID                         = 0x195 // 405
+	SYS_GETGID                          = 0x196 // 406
+	SYS_GETGRGID                        = 0x197 // 407
+	SYS_GETGRNAM                        = 0x198 // 408
+	SYS_GETGROUPS                       = 0x199 // 409
+	SYS_GETLOGIN                        = 0x19A // 410
+	SYS_W_GETMNTENT                     = 0x19B // 411
+	SYS_GETPGRP                         = 0x19C // 412
+	SYS_GETPID                          = 0x19D // 413
+	SYS_GETPPID                         = 0x19E // 414
+	SYS_GETPWNAM                        = 0x19F // 415
+	SYS_GETPWUID                        = 0x1A0 // 416
+	SYS_GETUID                          = 0x1A1 // 417
+	SYS_W_IOCTL                         = 0x1A2 // 418
+	SYS_ISATTY                          = 0x1A3 // 419
+	SYS_KILL                            = 0x1A4 // 420
+	SYS_LINK                            = 0x1A5 // 421
+	SYS_LSEEK                           = 0x1A6 // 422
+	SYS_LSTAT                           = 0x1A7 // 423
+	SYS_MKDIR                           = 0x1A8 // 424
+	SYS_MKFIFO                          = 0x1A9 // 425
+	SYS_MKNOD                           = 0x1AA // 426
+	SYS_MOUNT                           = 0x1AB // 427
+	SYS_OPEN                            = 0x1AC // 428
+	SYS_OPENDIR                         = 0x1AD // 429
+	SYS_PATHCONF                        = 0x1AE // 430
+	SYS_PAUSE                           = 0x1AF // 431
+	SYS_PIPE                            = 0x1B0 // 432
+	SYS_W_GETPSENT                      = 0x1B1 // 433
+	SYS_READ                            = 0x1B2 // 434
+	SYS_READDIR                         = 0x1B3 // 435
+	SYS_READLINK                        = 0x1B4 // 436
+	SYS_REWINDDIR                       = 0x1B5 // 437
+	SYS_RMDIR                           = 0x1B6 // 438
+	SYS_SETEGID                         = 0x1B7 // 439
+	SYS_SETEUID                         = 0x1B8 // 440
+	SYS_SETGID                          = 0x1B9 // 441
+	SYS_SETPGID                         = 0x1BA // 442
+	SYS_SETSID                          = 0x1BB // 443
+	SYS_SETUID                          = 0x1BC // 444
+	SYS_SIGACTION                       = 0x1BD // 445
+	SYS_SIGADDSET                       = 0x1BE // 446
+	SYS_SIGDELSET                       = 0x1BF // 447
+	SYS_SIGEMPTYSET                     = 0x1C0 // 448
+	SYS_SIGFILLSET                      = 0x1C1 // 449
+	SYS_SIGISMEMBER                     = 0x1C2 // 450
+	SYS_SIGLONGJMP                      = 0x1C3 // 451
+	SYS_SIGPENDING                      = 0x1C4 // 452
+	SYS_SIGPROCMASK                     = 0x1C5 // 453
+	SYS_SIGSETJMP                       = 0x1C6 // 454
+	SYS_SIGSUSPEND                      = 0x1C7 // 455
+	SYS_SLEEP                           = 0x1C8 // 456
+	SYS_STAT                            = 0x1C9 // 457
+	SYS_W_STATFS                        = 0x1CA // 458
+	SYS_SYMLINK                         = 0x1CB // 459
+	SYS_SYSCONF                         = 0x1CC // 460
+	SYS_TCDRAIN                         = 0x1CD // 461
+	SYS_TCFLOW                          = 0x1CE // 462
+	SYS_TCFLUSH                         = 0x1CF // 463
+	SYS_TCGETATTR                       = 0x1D0 // 464
+	SYS_TCGETPGRP                       = 0x1D1 // 465
+	SYS_TCSENDBREAK                     = 0x1D2 // 466
+	SYS_TCSETATTR                       = 0x1D3 // 467
+	SYS_TCSETPGRP                       = 0x1D4 // 468
+	SYS_TIMES                           = 0x1D5 // 469
+	SYS_TTYNAME                         = 0x1D6 // 470
+	SYS_TZSET                           = 0x1D7 // 471
+	SYS_UMASK                           = 0x1D8 // 472
+	SYS_UMOUNT                          = 0x1D9 // 473
+	SYS_UNAME                           = 0x1DA // 474
+	SYS_UNLINK                          = 0x1DB // 475
+	SYS_UTIME                           = 0x1DC // 476
+	SYS_WAIT                            = 0x1DD // 477
+	SYS_WAITPID                         = 0x1DE // 478
+	SYS_WRITE                           = 0x1DF // 479
+	SYS_CHAUDIT                         = 0x1E0 // 480
+	SYS_FCHAUDIT                        = 0x1E1 // 481
+	SYS_GETGROUPSBYNAME                 = 0x1E2 // 482
+	SYS_SIGWAIT                         = 0x1E3 // 483
+	SYS_PTHREAD_EXIT                    = 0x1E4 // 484
+	SYS_PTHREAD_KILL                    = 0x1E5 // 485
+	SYS_PTHREAD_ATTR_INIT               = 0x1E6 // 486
+	SYS_PTHREAD_ATTR_DESTROY            = 0x1E7 // 487
+	SYS_PTHREAD_ATTR_SETSTACKSIZE       = 0x1E8 // 488
+	SYS_PTHREAD_ATTR_GETSTACKSIZE       = 0x1E9 // 489
+	SYS_PTHREAD_ATTR_SETDETACHSTATE     = 0x1EA // 490
+	SYS_PTHREAD_ATTR_GETDETACHSTATE     = 0x1EB // 491
+	SYS_PTHREAD_ATTR_SETWEIGHT_NP       = 0x1EC // 492
+	SYS_PTHREAD_ATTR_GETWEIGHT_NP       = 0x1ED // 493
+	SYS_PTHREAD_CANCEL                  = 0x1EE // 494
+	SYS_PTHREAD_CLEANUP_PUSH            = 0x1EF // 495
+	SYS_PTHREAD_CLEANUP_POP             = 0x1F0 // 496
+	SYS_PTHREAD_CONDATTR_INIT           = 0x1F1 // 497
+	SYS_PTHREAD_CONDATTR_DESTROY        = 0x1F2 // 498
+	SYS_PTHREAD_COND_INIT               = 0x1F3 // 499
+	SYS_PTHREAD_COND_DESTROY            = 0x1F4 // 500
+	SYS_PTHREAD_COND_SIGNAL             = 0x1F5 // 501
+	SYS_PTHREAD_COND_BROADCAST          = 0x1F6 // 502
+	SYS_PTHREAD_COND_WAIT               = 0x1F7 // 503
+	SYS_PTHREAD_COND_TIMEDWAIT          = 0x1F8 // 504
+	SYS_PTHREAD_CREATE                  = 0x1F9 // 505
+	SYS_PTHREAD_DETACH                  = 0x1FA // 506
+	SYS_PTHREAD_EQUAL                   = 0x1FB // 507
+	SYS_PTHREAD_GETSPECIFIC             = 0x1FC // 508
+	SYS_PTHREAD_JOIN                    = 0x1FD // 509
+	SYS_PTHREAD_KEY_CREATE              = 0x1FE // 510
+	SYS_PTHREAD_MUTEXATTR_INIT          = 0x1FF // 511
+	SYS_PTHREAD_MUTEXATTR_DESTROY       = 0x200 // 512
+	SYS_PTHREAD_MUTEXATTR_SETKIND_NP    = 0x201 // 513
+	SYS_PTHREAD_MUTEXATTR_GETKIND_NP    = 0x202 // 514
+	SYS_PTHREAD_MUTEX_INIT              = 0x203 // 515
+	SYS_PTHREAD_MUTEX_DESTROY           = 0x204 // 516
+	SYS_PTHREAD_MUTEX_LOCK              = 0x205 // 517
+	SYS_PTHREAD_MUTEX_TRYLOCK           = 0x206 // 518
+	SYS_PTHREAD_MUTEX_UNLOCK            = 0x207 // 519
+	SYS_PTHREAD_ONCE                    = 0x209 // 521
+	SYS_PTHREAD_SELF                    = 0x20A // 522
+	SYS_PTHREAD_SETINTR                 = 0x20B // 523
+	SYS_PTHREAD_SETINTRTYPE             = 0x20C // 524
+	SYS_PTHREAD_SETSPECIFIC             = 0x20D // 525
+	SYS_PTHREAD_TESTINTR                = 0x20E // 526
+	SYS_PTHREAD_YIELD                   = 0x20F // 527
+	SYS_TW_OPEN                         = 0x210 // 528
+	SYS_TW_FCNTL                        = 0x211 // 529
+	SYS_PTHREAD_JOIN_D4_NP              = 0x212 // 530
+	SYS_PTHREAD_CONDATTR_SETKIND_NP     = 0x213 // 531
+	SYS_PTHREAD_CONDATTR_GETKIND_NP     = 0x214 // 532
+	SYS_EXTLINK_NP                      = 0x215 // 533
+	SYS___PASSWD                        = 0x216 // 534
+	SYS_SETGROUPS                       = 0x217 // 535
+	SYS_INITGROUPS                      = 0x218 // 536
+	SYS_WCSPBRK                         = 0x23F // 575
+	SYS_WCSRCHR                         = 0x240 // 576
+	SYS_SVC99                           = 0x241 // 577
+	SYS___SVC99                         = 0x241 // 577
+	SYS_WCSWCS                          = 0x242 // 578
+	SYS_LOCALECO                        = 0x243 // 579
+	SYS_LOCALECONV                      = 0x243 // 579
+	SYS___LIBREL                        = 0x244 // 580
+	SYS_RELEASE                         = 0x245 // 581
+	SYS___RLSE                          = 0x245 // 581
+	SYS_FLOCATE                         = 0x246 // 582
+	SYS___FLOCT                         = 0x246 // 582
+	SYS_FDELREC                         = 0x247 // 583
+	SYS___FDLREC                        = 0x247 // 583
+	SYS_FETCH                           = 0x248 // 584
+	SYS___FETCH                         = 0x248 // 584
+	SYS_QSORT                           = 0x249 // 585
+	SYS_GETENV                          = 0x24A // 586
+	SYS_SYSTEM                          = 0x24B // 587
+	SYS_BSEARCH                         = 0x24C // 588
+	SYS_LDIV                            = 0x24D // 589
+	SYS___THROW                         = 0x25E // 606
+	SYS___RETHROW                       = 0x25F // 607
+	SYS___CLEANUPCATCH                  = 0x260 // 608
+	SYS___CATCHMATCH                    = 0x261 // 609
+	SYS___CLEAN2UPCATCH                 = 0x262 // 610
+	SYS_PUTENV                          = 0x26A // 618
+	SYS___GETENV                        = 0x26F // 623
+	SYS_GETPRIORITY                     = 0x270 // 624
+	SYS_NICE                            = 0x271 // 625
+	SYS_SETPRIORITY                     = 0x272 // 626
+	SYS_GETITIMER                       = 0x273 // 627
+	SYS_SETITIMER                       = 0x274 // 628
+	SYS_MSGCTL                          = 0x275 // 629
+	SYS_MSGGET                          = 0x276 // 630
+	SYS_MSGRCV                          = 0x277 // 631
+	SYS_MSGSND                          = 0x278 // 632
+	SYS_MSGXRCV                         = 0x279 // 633
+	SYS___MSGXR                         = 0x279 // 633
+	SYS_SEMCTL                          = 0x27A // 634
+	SYS_SEMGET                          = 0x27B // 635
+	SYS_SEMOP                           = 0x27C // 636
+	SYS_SHMAT                           = 0x27D // 637
+	SYS_SHMCTL                          = 0x27E // 638
+	SYS_SHMDT                           = 0x27F // 639
+	SYS_SHMGET                          = 0x280 // 640
+	SYS___GETIPC                        = 0x281 // 641
+	SYS_SETGRENT                        = 0x282 // 642
+	SYS_GETGRENT                        = 0x283 // 643
+	SYS_ENDGRENT                        = 0x284 // 644
+	SYS_SETPWENT                        = 0x285 // 645
+	SYS_GETPWENT                        = 0x286 // 646
+	SYS_ENDPWENT                        = 0x287 // 647
+	SYS_BSD_SIGNAL                      = 0x288 // 648
+	SYS_KILLPG                          = 0x289 // 649
+	SYS_SIGALTSTACK                     = 0x28A // 650
+	SYS_SIGHOLD                         = 0x28B // 651
+	SYS_SIGIGNORE                       = 0x28C // 652
+	SYS_SIGINTERRUPT                    = 0x28D // 653
+	SYS_SIGPAUSE                        = 0x28E // 654
+	SYS_SIGRELSE                        = 0x28F // 655
+	SYS_SIGSET                          = 0x290 // 656
+	SYS_SIGSTACK                        = 0x291 // 657
+	SYS_GETRLIMIT                       = 0x292 // 658
+	SYS_SETRLIMIT                       = 0x293 // 659
+	SYS_GETRUSAGE                       = 0x294 // 660
+	SYS_MMAP                            = 0x295 // 661
+	SYS_MPROTECT                        = 0x296 // 662
+	SYS_MSYNC                           = 0x297 // 663
+	SYS_MUNMAP                          = 0x298 // 664
+	SYS_CONFSTR                         = 0x299 // 665
+	SYS_GETOPT                          = 0x29A // 666
+	SYS_LCHOWN                          = 0x29B // 667
+	SYS_TRUNCATE                        = 0x29C // 668
+	SYS_GETSUBOPT                       = 0x29D // 669
+	SYS_SETPGRP                         = 0x29E // 670
+	SYS___GDERR                         = 0x29F // 671
+	SYS___TZONE                         = 0x2A0 // 672
+	SYS___DLGHT                         = 0x2A1 // 673
+	SYS___OPARGF                        = 0x2A2 // 674
+	SYS___OPOPTF                        = 0x2A3 // 675
+	SYS___OPINDF                        = 0x2A4 // 676
+	SYS___OPERRF                        = 0x2A5 // 677
+	SYS_GETDATE                         = 0x2A6 // 678
+	SYS_WAIT3                           = 0x2A7 // 679
+	SYS_WAITID                          = 0x2A8 // 680
+	SYS___CATTRM                        = 0x2A9 // 681
+	SYS___GDTRM                         = 0x2AA // 682
+	SYS___RNDTRM                        = 0x2AB // 683
+	SYS_CRYPT                           = 0x2AC // 684
+	SYS_ENCRYPT                         = 0x2AD // 685
+	SYS_SETKEY                          = 0x2AE // 686
+	SYS___CNVBLK                        = 0x2AF // 687
+	SYS___CRYTRM                        = 0x2B0 // 688
+	SYS___ECRTRM                        = 0x2B1 // 689
+	SYS_DRAND48                         = 0x2B2 // 690
+	SYS_ERAND48                         = 0x2B3 // 691
+	SYS_FSTATVFS                        = 0x2B4 // 692
+	SYS_STATVFS                         = 0x2B5 // 693
+	SYS_CATCLOSE                        = 0x2B6 // 694
+	SYS_CATGETS                         = 0x2B7 // 695
+	SYS_CATOPEN                         = 0x2B8 // 696
+	SYS_BCMP                            = 0x2B9 // 697
+	SYS_BCOPY                           = 0x2BA // 698
+	SYS_BZERO                           = 0x2BB // 699
+	SYS_FFS                             = 0x2BC // 700
+	SYS_INDEX                           = 0x2BD // 701
+	SYS_RINDEX                          = 0x2BE // 702
+	SYS_STRCASECMP                      = 0x2BF // 703
+	SYS_STRDUP                          = 0x2C0 // 704
+	SYS_STRNCASECMP                     = 0x2C1 // 705
+	SYS_INITSTATE                       = 0x2C2 // 706
+	SYS_SETSTATE                        = 0x2C3 // 707
+	SYS_RANDOM                          = 0x2C4 // 708
+	SYS_SRANDOM                         = 0x2C5 // 709
+	SYS_HCREATE                         = 0x2C6 // 710
+	SYS_HDESTROY                        = 0x2C7 // 711
+	SYS_HSEARCH                         = 0x2C8 // 712
+	SYS_LFIND                           = 0x2C9 // 713
+	SYS_LSEARCH                         = 0x2CA // 714
+	SYS_TDELETE                         = 0x2CB // 715
+	SYS_TFIND                           = 0x2CC // 716
+	SYS_TSEARCH                         = 0x2CD // 717
+	SYS_TWALK                           = 0x2CE // 718
+	SYS_INSQUE                          = 0x2CF // 719
+	SYS_REMQUE                          = 0x2D0 // 720
+	SYS_POPEN                           = 0x2D1 // 721
+	SYS_PCLOSE                          = 0x2D2 // 722
+	SYS_SWAB                            = 0x2D3 // 723
+	SYS_MEMCCPY                         = 0x2D4 // 724
+	SYS_GETPAGESIZE                     = 0x2D8 // 728
+	SYS_FCHDIR                          = 0x2D9 // 729
+	SYS___OCLCK                         = 0x2DA // 730
+	SYS___ATOE                          = 0x2DB // 731
+	SYS___ATOE_L                        = 0x2DC // 732
+	SYS___ETOA                          = 0x2DD // 733
+	SYS___ETOA_L                        = 0x2DE // 734
+	SYS_SETUTXENT                       = 0x2DF // 735
+	SYS_GETUTXENT                       = 0x2E0 // 736
+	SYS_ENDUTXENT                       = 0x2E1 // 737
+	SYS_GETUTXID                        = 0x2E2 // 738
+	SYS_GETUTXLINE                      = 0x2E3 // 739
+	SYS_PUTUTXLINE                      = 0x2E4 // 740
+	SYS_FMTMSG                          = 0x2E5 // 741
+	SYS_JRAND48                         = 0x2E6 // 742
+	SYS_LRAND48                         = 0x2E7 // 743
+	SYS_MRAND48                         = 0x2E8 // 744
+	SYS_NRAND48                         = 0x2E9 // 745
+	SYS_LCONG48                         = 0x2EA // 746
+	SYS_SRAND48                         = 0x2EB // 747
+	SYS_SEED48                          = 0x2EC // 748
+	SYS_ISASCII                         = 0x2ED // 749
+	SYS_TOASCII                         = 0x2EE // 750
+	SYS_A64L                            = 0x2EF // 751
+	SYS_L64A                            = 0x2F0 // 752
+	SYS_UALARM                          = 0x2F1 // 753
+	SYS_USLEEP                          = 0x2F2 // 754
+	SYS___UTXTRM                        = 0x2F3 // 755
+	SYS___SRCTRM                        = 0x2F4 // 756
+	SYS_FTIME                           = 0x2F5 // 757
+	SYS_GETTIMEOFDAY                    = 0x2F6 // 758
+	SYS_DBM_CLEARERR                    = 0x2F7 // 759
+	SYS_DBM_CLOSE                       = 0x2F8 // 760
+	SYS_DBM_DELETE                      = 0x2F9 // 761
+	SYS_DBM_ERROR                       = 0x2FA // 762
+	SYS_DBM_FETCH                       = 0x2FB // 763
+	SYS_DBM_FIRSTKEY                    = 0x2FC // 764
+	SYS_DBM_NEXTKEY                     = 0x2FD // 765
+	SYS_DBM_OPEN                        = 0x2FE // 766
+	SYS_DBM_STORE                       = 0x2FF // 767
+	SYS___NDMTRM                        = 0x300 // 768
+	SYS_FTOK                            = 0x301 // 769
+	SYS_BASENAME                        = 0x302 // 770
+	SYS_DIRNAME                         = 0x303 // 771
+	SYS_GETDTABLESIZE                   = 0x304 // 772
+	SYS_MKSTEMP                         = 0x305 // 773
+	SYS_MKTEMP                          = 0x306 // 774
+	SYS_NFTW                            = 0x307 // 775
+	SYS_GETWD                           = 0x308 // 776
+	SYS_LOCKF                           = 0x309 // 777
+	SYS__LONGJMP                        = 0x30D // 781
+	SYS__SETJMP                         = 0x30E // 782
+	SYS_VFORK                           = 0x30F // 783
+	SYS_WORDEXP                         = 0x310 // 784
+	SYS_WORDFREE                        = 0x311 // 785
+	SYS_GETPGID                         = 0x312 // 786
+	SYS_GETSID                          = 0x313 // 787
+	SYS___UTMPXNAME                     = 0x314 // 788
+	SYS_CUSERID                         = 0x315 // 789
+	SYS_GETPASS                         = 0x316 // 790
+	SYS_FNMATCH                         = 0x317 // 791
+	SYS_FTW                             = 0x318 // 792
+	SYS_GETW                            = 0x319 // 793
+	SYS_GLOB                            = 0x31A // 794
+	SYS_GLOBFREE                        = 0x31B // 795
+	SYS_PUTW                            = 0x31C // 796
+	SYS_SEEKDIR                         = 0x31D // 797
+	SYS_TELLDIR                         = 0x31E // 798
+	SYS_TEMPNAM                         = 0x31F // 799
+	SYS_ACOSH                           = 0x320 // 800
+	SYS_ASINH                           = 0x321 // 801
+	SYS_ATANH                           = 0x322 // 802
+	SYS_CBRT                            = 0x323 // 803
+	SYS_EXPM1                           = 0x324 // 804
+	SYS_ILOGB                           = 0x325 // 805
+	SYS_LOGB                            = 0x326 // 806
+	SYS_LOG1P                           = 0x327 // 807
+	SYS_NEXTAFTER                       = 0x328 // 808
+	SYS_RINT                            = 0x329 // 809
+	SYS_REMAINDER                       = 0x32A // 810
+	SYS_SCALB                           = 0x32B // 811
+	SYS_LGAMMA                          = 0x32C // 812
+	SYS_TTYSLOT                         = 0x32D // 813
+	SYS_GETTIMEOFDAY_R                  = 0x32E // 814
+	SYS_SYNC                            = 0x32F // 815
+	SYS_SPAWN                           = 0x330 // 816
+	SYS_SPAWNP                          = 0x331 // 817
+	SYS_GETLOGIN_UU                     = 0x332 // 818
+	SYS_ECVT                            = 0x333 // 819
+	SYS_FCVT                            = 0x334 // 820
+	SYS_GCVT                            = 0x335 // 821
+	SYS_ACCEPT                          = 0x336 // 822
+	SYS_BIND                            = 0x337 // 823
+	SYS_CONNECT                         = 0x338 // 824
+	SYS_ENDHOSTENT                      = 0x339 // 825
+	SYS_ENDPROTOENT                     = 0x33A // 826
+	SYS_ENDSERVENT                      = 0x33B // 827
+	SYS_GETHOSTBYADDR_R                 = 0x33C // 828
+	SYS_GETHOSTBYADDR                   = 0x33D // 829
+	SYS_GETHOSTBYNAME_R                 = 0x33E // 830
+	SYS_GETHOSTBYNAME                   = 0x33F // 831
+	SYS_GETHOSTENT                      = 0x340 // 832
+	SYS_GETHOSTID                       = 0x341 // 833
+	SYS_GETHOSTNAME                     = 0x342 // 834
+	SYS_GETNETBYADDR                    = 0x343 // 835
+	SYS_GETNETBYNAME                    = 0x344 // 836
+	SYS_GETNETENT                       = 0x345 // 837
+	SYS_GETPEERNAME                     = 0x346 // 838
+	SYS_GETPROTOBYNAME                  = 0x347 // 839
+	SYS_GETPROTOBYNUMBER                = 0x348 // 840
+	SYS_GETPROTOENT                     = 0x349 // 841
+	SYS_GETSERVBYNAME                   = 0x34A // 842
+	SYS_GETSERVBYPORT                   = 0x34B // 843
+	SYS_GETSERVENT                      = 0x34C // 844
+	SYS_GETSOCKNAME                     = 0x34D // 845
+	SYS_GETSOCKOPT                      = 0x34E // 846
+	SYS_INET_ADDR                       = 0x34F // 847
+	SYS_INET_LNAOF                      = 0x350 // 848
+	SYS_INET_MAKEADDR                   = 0x351 // 849
+	SYS_INET_NETOF                      = 0x352 // 850
+	SYS_INET_NETWORK                    = 0x353 // 851
+	SYS_INET_NTOA                       = 0x354 // 852
+	SYS_IOCTL                           = 0x355 // 853
+	SYS_LISTEN                          = 0x356 // 854
+	SYS_READV                           = 0x357 // 855
+	SYS_RECV                            = 0x358 // 856
+	SYS_RECVFROM                        = 0x359 // 857
+	SYS_SELECT                          = 0x35B // 859
+	SYS_SELECTEX                        = 0x35C // 860
+	SYS_SEND                            = 0x35D // 861
+	SYS_SENDTO                          = 0x35F // 863
+	SYS_SETHOSTENT                      = 0x360 // 864
+	SYS_SETNETENT                       = 0x361 // 865
+	SYS_SETPEER                         = 0x362 // 866
+	SYS_SETPROTOENT                     = 0x363 // 867
+	SYS_SETSERVENT                      = 0x364 // 868
+	SYS_SETSOCKOPT                      = 0x365 // 869
+	SYS_SHUTDOWN                        = 0x366 // 870
+	SYS_SOCKET                          = 0x367 // 871
+	SYS_SOCKETPAIR                      = 0x368 // 872
+	SYS_WRITEV                          = 0x369 // 873
+	SYS_CHROOT                          = 0x36A // 874
+	SYS_W_STATVFS                       = 0x36B // 875
+	SYS_ULIMIT                          = 0x36C // 876
+	SYS_ISNAN                           = 0x36D // 877
+	SYS_UTIMES                          = 0x36E // 878
+	SYS___H_ERRNO                       = 0x36F // 879
+	SYS_ENDNETENT                       = 0x370 // 880
+	SYS_CLOSELOG                        = 0x371 // 881
+	SYS_OPENLOG                         = 0x372 // 882
+	SYS_SETLOGMASK                      = 0x373 // 883
+	SYS_SYSLOG                          = 0x374 // 884
+	SYS_PTSNAME                         = 0x375 // 885
+	SYS_SETREUID                        = 0x376 // 886
+	SYS_SETREGID                        = 0x377 // 887
+	SYS_REALPATH                        = 0x378 // 888
+	SYS___SIGNGAM                       = 0x379 // 889
+	SYS_GRANTPT                         = 0x37A // 890
+	SYS_UNLOCKPT                        = 0x37B // 891
+	SYS_TCGETSID                        = 0x37C // 892
+	SYS___TCGETCP                       = 0x37D // 893
+	SYS___TCSETCP                       = 0x37E // 894
+	SYS___TCSETTABLES                   = 0x37F // 895
+	SYS_POLL                            = 0x380 // 896
+	SYS_REXEC                           = 0x381 // 897
+	SYS___ISASCII2                      = 0x382 // 898
+	SYS___TOASCII2                      = 0x383 // 899
+	SYS_CHPRIORITY                      = 0x384 // 900
+	SYS_PTHREAD_ATTR_SETSYNCTYPE_NP     = 0x385 // 901
+	SYS_PTHREAD_ATTR_GETSYNCTYPE_NP     = 0x386 // 902
+	SYS_PTHREAD_SET_LIMIT_NP            = 0x387 // 903
+	SYS___STNETENT                      = 0x388 // 904
+	SYS___STPROTOENT                    = 0x389 // 905
+	SYS___STSERVENT                     = 0x38A // 906
+	SYS___STHOSTENT                     = 0x38B // 907
+	SYS_NLIST                           = 0x38C // 908
+	SYS___IPDBCS                        = 0x38D // 909
+	SYS___IPDSPX                        = 0x38E // 910
+	SYS___IPMSGC                        = 0x38F // 911
+	SYS___SELECT1                       = 0x390 // 912
+	SYS_PTHREAD_SECURITY_NP             = 0x391 // 913
+	SYS___CHECK_RESOURCE_AUTH_NP        = 0x392 // 914
+	SYS___CONVERT_ID_NP                 = 0x393 // 915
+	SYS___OPENVMREL                     = 0x394 // 916
+	SYS_WMEMCHR                         = 0x395 // 917
+	SYS_WMEMCMP                         = 0x396 // 918
+	SYS_WMEMCPY                         = 0x397 // 919
+	SYS_WMEMMOVE                        = 0x398 // 920
+	SYS_WMEMSET                         = 0x399 // 921
+	SYS___FPUTWC                        = 0x400 // 1024
+	SYS___PUTWC                         = 0x401 // 1025
+	SYS___PWCHAR                        = 0x402 // 1026
+	SYS___WCSFTM                        = 0x403 // 1027
+	SYS___WCSTOK                        = 0x404 // 1028
+	SYS___WCWDTH                        = 0x405 // 1029
+	SYS_T_ACCEPT                        = 0x409 // 1033
+	SYS_T_ALLOC                         = 0x40A // 1034
+	SYS_T_BIND                          = 0x40B // 1035
+	SYS_T_CLOSE                         = 0x40C // 1036
+	SYS_T_CONNECT                       = 0x40D // 1037
+	SYS_T_ERROR                         = 0x40E // 1038
+	SYS_T_FREE                          = 0x40F // 1039
+	SYS_T_GETINFO                       = 0x410 // 1040
+	SYS_T_GETPROTADDR                   = 0x411 // 1041
+	SYS_T_GETSTATE                      = 0x412 // 1042
+	SYS_T_LISTEN                        = 0x413 // 1043
+	SYS_T_LOOK                          = 0x414 // 1044
+	SYS_T_OPEN                          = 0x415 // 1045
+	SYS_T_OPTMGMT                       = 0x416 // 1046
+	SYS_T_RCV                           = 0x417 // 1047
+	SYS_T_RCVCONNECT                    = 0x418 // 1048
+	SYS_T_RCVDIS                        = 0x419 // 1049
+	SYS_T_RCVREL                        = 0x41A // 1050
+	SYS_T_RCVUDATA                      = 0x41B // 1051
+	SYS_T_RCVUDERR                      = 0x41C // 1052
+	SYS_T_SND                           = 0x41D // 1053
+	SYS_T_SNDDIS                        = 0x41E // 1054
+	SYS_T_SNDREL                        = 0x41F // 1055
+	SYS_T_SNDUDATA                      = 0x420 // 1056
+	SYS_T_STRERROR                      = 0x421 // 1057
+	SYS_T_SYNC                          = 0x422 // 1058
+	SYS_T_UNBIND                        = 0x423 // 1059
+	SYS___T_ERRNO                       = 0x424 // 1060
+	SYS___RECVMSG2                      = 0x425 // 1061
+	SYS___SENDMSG2                      = 0x426 // 1062
+	SYS_FATTACH                         = 0x427 // 1063
+	SYS_FDETACH                         = 0x428 // 1064
+	SYS_GETMSG                          = 0x429 // 1065
+	SYS_GETPMSG                         = 0x42A // 1066
+	SYS_ISASTREAM                       = 0x42B // 1067
+	SYS_PUTMSG                          = 0x42C // 1068
+	SYS_PUTPMSG                         = 0x42D // 1069
+	SYS___ISPOSIXON                     = 0x42E // 1070
+	SYS___OPENMVSREL                    = 0x42F // 1071
+	SYS_GETCONTEXT                      = 0x430 // 1072
+	SYS_SETCONTEXT                      = 0x431 // 1073
+	SYS_MAKECONTEXT                     = 0x432 // 1074
+	SYS_SWAPCONTEXT                     = 0x433 // 1075
+	SYS_PTHREAD_GETSPECIFIC_D8_NP       = 0x434 // 1076
+	SYS_GETCLIENTID                     = 0x470 // 1136
+	SYS___GETCLIENTID                   = 0x471 // 1137
+	SYS_GETSTABLESIZE                   = 0x472 // 1138
+	SYS_GETIBMOPT                       = 0x473 // 1139
+	SYS_GETIBMSOCKOPT                   = 0x474 // 1140
+	SYS_GIVESOCKET                      = 0x475 // 1141
+	SYS_IBMSFLUSH                       = 0x476 // 1142
+	SYS_MAXDESC                         = 0x477 // 1143
+	SYS_SETIBMOPT                       = 0x478 // 1144
+	SYS_SETIBMSOCKOPT                   = 0x479 // 1145
+	SYS_SOCK_DEBUG                      = 0x47A // 1146
+	SYS_SOCK_DO_TESTSTOR                = 0x47D // 1149
+	SYS_TAKESOCKET                      = 0x47E // 1150
+	SYS___SERVER_INIT                   = 0x47F // 1151
+	SYS___SERVER_PWU                    = 0x480 // 1152
+	SYS_PTHREAD_TAG_NP                  = 0x481 // 1153
+	SYS___CONSOLE                       = 0x482 // 1154
+	SYS___WSINIT                        = 0x483 // 1155
+	SYS___IPTCPN                        = 0x489 // 1161
+	SYS___SMF_RECORD                    = 0x48A // 1162
+	SYS___IPHOST                        = 0x48B // 1163
+	SYS___IPNODE                        = 0x48C // 1164
+	SYS___SERVER_CLASSIFY_CREATE        = 0x48D // 1165
+	SYS___SERVER_CLASSIFY_DESTROY       = 0x48E // 1166
+	SYS___SERVER_CLASSIFY_RESET         = 0x48F // 1167
+	SYS___SERVER_CLASSIFY               = 0x490 // 1168
+	SYS___HEAPRPT                       = 0x496 // 1174
+	SYS___FNWSA                         = 0x49B // 1179
+	SYS___SPAWN2                        = 0x49D // 1181
+	SYS___SPAWNP2                       = 0x49E // 1182
+	SYS___GDRR                          = 0x4A1 // 1185
+	SYS___HRRNO                         = 0x4A2 // 1186
+	SYS___OPRG                          = 0x4A3 // 1187
+	SYS___OPRR                          = 0x4A4 // 1188
+	SYS___OPND                          = 0x4A5 // 1189
+	SYS___OPPT                          = 0x4A6 // 1190
+	SYS___SIGGM                         = 0x4A7 // 1191
+	SYS___DGHT                          = 0x4A8 // 1192
+	SYS___TZNE                          = 0x4A9 // 1193
+	SYS___TZZN                          = 0x4AA // 1194
+	SYS___TRRNO                         = 0x4AF // 1199
+	SYS___ENVN                          = 0x4B0 // 1200
+	SYS___MLOCKALL                      = 0x4B1 // 1201
+	SYS_CREATEWO                        = 0x4B2 // 1202
+	SYS_CREATEWORKUNIT                  = 0x4B2 // 1202
+	SYS_CONTINUE                        = 0x4B3 // 1203
+	SYS_CONTINUEWORKUNIT                = 0x4B3 // 1203
+	SYS_CONNECTW                        = 0x4B4 // 1204
+	SYS_CONNECTWORKMGR                  = 0x4B4 // 1204
+	SYS_CONNECTS                        = 0x4B5 // 1205
+	SYS_CONNECTSERVER                   = 0x4B5 // 1205
+	SYS_DISCONNE                        = 0x4B6 // 1206
+	SYS_DISCONNECTSERVER                = 0x4B6 // 1206
+	SYS_JOINWORK                        = 0x4B7 // 1207
+	SYS_JOINWORKUNIT                    = 0x4B7 // 1207
+	SYS_LEAVEWOR                        = 0x4B8 // 1208
+	SYS_LEAVEWORKUNIT                   = 0x4B8 // 1208
+	SYS_DELETEWO                        = 0x4B9 // 1209
+	SYS_DELETEWORKUNIT                  = 0x4B9 // 1209
+	SYS_QUERYMET                        = 0x4BA // 1210
+	SYS_QUERYMETRICS                    = 0x4BA // 1210
+	SYS_QUERYSCH                        = 0x4BB // 1211
+	SYS_QUERYSCHENV                     = 0x4BB // 1211
+	SYS_CHECKSCH                        = 0x4BC // 1212
+	SYS_CHECKSCHENV                     = 0x4BC // 1212
+	SYS___PID_AFFINITY                  = 0x4BD // 1213
+	SYS___ASINH_B                       = 0x4BE // 1214
+	SYS___ATAN_B                        = 0x4BF // 1215
+	SYS___CBRT_B                        = 0x4C0 // 1216
+	SYS___CEIL_B                        = 0x4C1 // 1217
+	SYS_COPYSIGN                        = 0x4C2 // 1218
+	SYS___COS_B                         = 0x4C3 // 1219
+	SYS___ERF_B                         = 0x4C4 // 1220
+	SYS___ERFC_B                        = 0x4C5 // 1221
+	SYS___EXPM1_B                       = 0x4C6 // 1222
+	SYS___FABS_B                        = 0x4C7 // 1223
+	SYS_FINITE                          = 0x4C8 // 1224
+	SYS___FLOOR_B                       = 0x4C9 // 1225
+	SYS___FREXP_B                       = 0x4CA // 1226
+	SYS___ILOGB_B                       = 0x4CB // 1227
+	SYS___ISNAN_B                       = 0x4CC // 1228
+	SYS___LDEXP_B                       = 0x4CD // 1229
+	SYS___LOG1P_B                       = 0x4CE // 1230
+	SYS___LOGB_B                        = 0x4CF // 1231
+	SYS_MATHERR                         = 0x4D0 // 1232
+	SYS___MODF_B                        = 0x4D1 // 1233
+	SYS___NEXTAFTER_B                   = 0x4D2 // 1234
+	SYS___RINT_B                        = 0x4D3 // 1235
+	SYS_SCALBN                          = 0x4D4 // 1236
+	SYS_SIGNIFIC                        = 0x4D5 // 1237
+	SYS_SIGNIFICAND                     = 0x4D5 // 1237
+	SYS___SIN_B                         = 0x4D6 // 1238
+	SYS___TAN_B                         = 0x4D7 // 1239
+	SYS___TANH_B                        = 0x4D8 // 1240
+	SYS___ACOS_B                        = 0x4D9 // 1241
+	SYS___ACOSH_B                       = 0x4DA // 1242
+	SYS___ASIN_B                        = 0x4DB // 1243
+	SYS___ATAN2_B                       = 0x4DC // 1244
+	SYS___ATANH_B                       = 0x4DD // 1245
+	SYS___COSH_B                        = 0x4DE // 1246
+	SYS___EXP_B                         = 0x4DF // 1247
+	SYS___FMOD_B                        = 0x4E0 // 1248
+	SYS___GAMMA_B                       = 0x4E1 // 1249
+	SYS_GAMMA_R                         = 0x4E2 // 1250
+	SYS___HYPOT_B                       = 0x4E3 // 1251
+	SYS___J0_B                          = 0x4E4 // 1252
+	SYS___Y0_B                          = 0x4E5 // 1253
+	SYS___J1_B                          = 0x4E6 // 1254
+	SYS___Y1_B                          = 0x4E7 // 1255
+	SYS___JN_B                          = 0x4E8 // 1256
+	SYS___YN_B                          = 0x4E9 // 1257
+	SYS___LGAMMA_B                      = 0x4EA // 1258
+	SYS_LGAMMA_R                        = 0x4EB // 1259
+	SYS___LOG_B                         = 0x4EC // 1260
+	SYS___LOG10_B                       = 0x4ED // 1261
+	SYS___POW_B                         = 0x4EE // 1262
+	SYS___REMAINDER_B                   = 0x4EF // 1263
+	SYS___SCALB_B                       = 0x4F0 // 1264
+	SYS___SINH_B                        = 0x4F1 // 1265
+	SYS___SQRT_B                        = 0x4F2 // 1266
+	SYS___OPENDIR2                      = 0x4F3 // 1267
+	SYS___READDIR2                      = 0x4F4 // 1268
+	SYS___LOGIN                         = 0x4F5 // 1269
+	SYS___OPEN_STAT                     = 0x4F6 // 1270
+	SYS_ACCEPT_AND_RECV                 = 0x4F7 // 1271
+	SYS___FP_SETMODE                    = 0x4F8 // 1272
+	SYS___SIGACTIONSET                  = 0x4FB // 1275
+	SYS___UCREATE                       = 0x4FC // 1276
+	SYS___UMALLOC                       = 0x4FD // 1277
+	SYS___UFREE                         = 0x4FE // 1278
+	SYS___UHEAPREPORT                   = 0x4FF // 1279
+	SYS___ISBFP                         = 0x500 // 1280
+	SYS___FP_CAST                       = 0x501 // 1281
+	SYS___CERTIFICATE                   = 0x502 // 1282
+	SYS_SEND_FILE                       = 0x503 // 1283
+	SYS_AIO_CANCEL                      = 0x504 // 1284
+	SYS_AIO_ERROR                       = 0x505 // 1285
+	SYS_AIO_READ                        = 0x506 // 1286
+	SYS_AIO_RETURN                      = 0x507 // 1287
+	SYS_AIO_SUSPEND                     = 0x508 // 1288
+	SYS_AIO_WRITE                       = 0x509 // 1289
+	SYS_PTHREAD_MUTEXATTR_GETPSHARED    = 0x50A // 1290
+	SYS_PTHREAD_MUTEXATTR_SETPSHARED    = 0x50B // 1291
+	SYS_PTHREAD_RWLOCK_DESTROY          = 0x50C // 1292
+	SYS_PTHREAD_RWLOCK_INIT             = 0x50D // 1293
+	SYS_PTHREAD_RWLOCK_RDLOCK           = 0x50E // 1294
+	SYS_PTHREAD_RWLOCK_TRYRDLOCK        = 0x50F // 1295
+	SYS_PTHREAD_RWLOCK_TRYWRLOCK        = 0x510 // 1296
+	SYS_PTHREAD_RWLOCK_UNLOCK           = 0x511 // 1297
+	SYS_PTHREAD_RWLOCK_WRLOCK           = 0x512 // 1298
+	SYS_PTHREAD_RWLOCKATTR_GETPSHARED   = 0x513 // 1299
+	SYS_PTHREAD_RWLOCKATTR_SETPSHARED   = 0x514 // 1300
+	SYS_PTHREAD_RWLOCKATTR_INIT         = 0x515 // 1301
+	SYS_PTHREAD_RWLOCKATTR_DESTROY      = 0x516 // 1302
+	SYS___CTTBL                         = 0x517 // 1303
+	SYS_PTHREAD_MUTEXATTR_SETTYPE       = 0x518 // 1304
+	SYS_PTHREAD_MUTEXATTR_GETTYPE       = 0x519 // 1305
+	SYS___FP_CLR_FLAG                   = 0x51A // 1306
+	SYS___FP_READ_FLAG                  = 0x51B // 1307
+	SYS___FP_RAISE_XCP                  = 0x51C // 1308
+	SYS___FP_CLASS                      = 0x51D // 1309
+	SYS___FP_FINITE                     = 0x51E // 1310
+	SYS___FP_ISNAN                      = 0x51F // 1311
+	SYS___FP_UNORDERED                  = 0x520 // 1312
+	SYS___FP_READ_RND                   = 0x521 // 1313
+	SYS___FP_READ_RND_B                 = 0x522 // 1314
+	SYS___FP_SWAP_RND                   = 0x523 // 1315
+	SYS___FP_SWAP_RND_B                 = 0x524 // 1316
+	SYS___FP_LEVEL                      = 0x525 // 1317
+	SYS___FP_BTOH                       = 0x526 // 1318
+	SYS___FP_HTOB                       = 0x527 // 1319
+	SYS___FPC_RD                        = 0x528 // 1320
+	SYS___FPC_WR                        = 0x529 // 1321
+	SYS___FPC_RW                        = 0x52A // 1322
+	SYS___FPC_SM                        = 0x52B // 1323
+	SYS___FPC_RS                        = 0x52C // 1324
+	SYS_SIGTIMEDWAIT                    = 0x52D // 1325
+	SYS_SIGWAITINFO                     = 0x52E // 1326
+	SYS___CHKBFP                        = 0x52F // 1327
+	SYS___W_PIOCTL                      = 0x59E // 1438
+	SYS___OSENV                         = 0x59F // 1439
+	SYS_EXPORTWO                        = 0x5A1 // 1441
+	SYS_EXPORTWORKUNIT                  = 0x5A1 // 1441
+	SYS_UNDOEXPO                        = 0x5A2 // 1442
+	SYS_UNDOEXPORTWORKUNIT              = 0x5A2 // 1442
+	SYS_IMPORTWO                        = 0x5A3 // 1443
+	SYS_IMPORTWORKUNIT                  = 0x5A3 // 1443
+	SYS_UNDOIMPO                        = 0x5A4 // 1444
+	SYS_UNDOIMPORTWORKUNIT              = 0x5A4 // 1444
+	SYS_EXTRACTW                        = 0x5A5 // 1445
+	SYS_EXTRACTWORKUNIT                 = 0x5A5 // 1445
+	SYS___CPL                           = 0x5A6 // 1446
+	SYS___MAP_INIT                      = 0x5A7 // 1447
+	SYS___MAP_SERVICE                   = 0x5A8 // 1448
+	SYS_SIGQUEUE                        = 0x5A9 // 1449
+	SYS___MOUNT                         = 0x5AA // 1450
+	SYS___GETUSERID                     = 0x5AB // 1451
+	SYS___IPDOMAINNAME                  = 0x5AC // 1452
+	SYS_QUERYENC                        = 0x5AD // 1453
+	SYS_QUERYWORKUNITCLASSIFICATION     = 0x5AD // 1453
+	SYS_CONNECTE                        = 0x5AE // 1454
+	SYS_CONNECTEXPORTIMPORT             = 0x5AE // 1454
+	SYS___FP_SWAPMODE                   = 0x5AF // 1455
+	SYS_STRTOLL                         = 0x5B0 // 1456
+	SYS_STRTOULL                        = 0x5B1 // 1457
+	SYS___DSA_PREV                      = 0x5B2 // 1458
+	SYS___EP_FIND                       = 0x5B3 // 1459
+	SYS___SERVER_THREADS_QUERY          = 0x5B4 // 1460
+	SYS___MSGRCV_TIMED                  = 0x5B7 // 1463
+	SYS___SEMOP_TIMED                   = 0x5B8 // 1464
+	SYS___GET_CPUID                     = 0x5B9 // 1465
+	SYS___GET_SYSTEM_SETTINGS           = 0x5BA // 1466
+	SYS_FTELLO                          = 0x5C8 // 1480
+	SYS_FSEEKO                          = 0x5C9 // 1481
+	SYS_LLDIV                           = 0x5CB // 1483
+	SYS_WCSTOLL                         = 0x5CC // 1484
+	SYS_WCSTOULL                        = 0x5CD // 1485
+	SYS_LLABS                           = 0x5CE // 1486
+	SYS___CONSOLE2                      = 0x5D2 // 1490
+	SYS_INET_NTOP                       = 0x5D3 // 1491
+	SYS_INET_PTON                       = 0x5D4 // 1492
+	SYS___RES                           = 0x5D6 // 1494
+	SYS_RES_MKQUERY                     = 0x5D7 // 1495
+	SYS_RES_INIT                        = 0x5D8 // 1496
+	SYS_RES_QUERY                       = 0x5D9 // 1497
+	SYS_RES_SEARCH                      = 0x5DA // 1498
+	SYS_RES_SEND                        = 0x5DB // 1499
+	SYS_RES_QUERYDOMAIN                 = 0x5DC // 1500
+	SYS_DN_EXPAND                       = 0x5DD // 1501
+	SYS_DN_SKIPNAME                     = 0x5DE // 1502
+	SYS_DN_COMP                         = 0x5DF // 1503
+	SYS_ASCTIME_R                       = 0x5E0 // 1504
+	SYS_CTIME_R                         = 0x5E1 // 1505
+	SYS_GMTIME_R                        = 0x5E2 // 1506
+	SYS_LOCALTIME_R                     = 0x5E3 // 1507
+	SYS_RAND_R                          = 0x5E4 // 1508
+	SYS_STRTOK_R                        = 0x5E5 // 1509
+	SYS_READDIR_R                       = 0x5E6 // 1510
+	SYS_GETGRGID_R                      = 0x5E7 // 1511
+	SYS_GETGRNAM_R                      = 0x5E8 // 1512
+	SYS_GETLOGIN_R                      = 0x5E9 // 1513
+	SYS_GETPWNAM_R                      = 0x5EA // 1514
+	SYS_GETPWUID_R                      = 0x5EB // 1515
+	SYS_TTYNAME_R                       = 0x5EC // 1516
+	SYS_PTHREAD_ATFORK                  = 0x5ED // 1517
+	SYS_PTHREAD_ATTR_GETGUARDSIZE       = 0x5EE // 1518
+	SYS_PTHREAD_ATTR_GETSTACKADDR       = 0x5EF // 1519
+	SYS_PTHREAD_ATTR_SETGUARDSIZE       = 0x5F0 // 1520
+	SYS_PTHREAD_ATTR_SETSTACKADDR       = 0x5F1 // 1521
+	SYS_PTHREAD_CONDATTR_GETPSHARED     = 0x5F2 // 1522
+	SYS_PTHREAD_CONDATTR_SETPSHARED     = 0x5F3 // 1523
+	SYS_PTHREAD_GETCONCURRENCY          = 0x5F4 // 1524
+	SYS_PTHREAD_KEY_DELETE              = 0x5F5 // 1525
+	SYS_PTHREAD_SETCONCURRENCY          = 0x5F6 // 1526
+	SYS_PTHREAD_SIGMASK                 = 0x5F7 // 1527
+	SYS___DISCARDDATA                   = 0x5F8 // 1528
+	SYS_PTHREAD_ATTR_GETSCHEDPARAM      = 0x5F9 // 1529
+	SYS_PTHREAD_ATTR_SETSCHEDPARAM      = 0x5FA // 1530
+	SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB // 1531
+	SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC // 1532
+	SYS_PTHREAD_DETACH_U98              = 0x5FD // 1533
+	SYS_PTHREAD_GETSPECIFIC_U98         = 0x5FE // 1534
+	SYS_PTHREAD_SETCANCELSTATE          = 0x5FF // 1535
+	SYS_PTHREAD_SETCANCELTYPE           = 0x600 // 1536
+	SYS_PTHREAD_TESTCANCEL              = 0x601 // 1537
+	SYS___ATANF_B                       = 0x602 // 1538
+	SYS___ATANL_B                       = 0x603 // 1539
+	SYS___CEILF_B                       = 0x604 // 1540
+	SYS___CEILL_B                       = 0x605 // 1541
+	SYS___COSF_B                        = 0x606 // 1542
+	SYS___COSL_B                        = 0x607 // 1543
+	SYS___FABSF_B                       = 0x608 // 1544
+	SYS___FABSL_B                       = 0x609 // 1545
+	SYS___FLOORF_B                      = 0x60A // 1546
+	SYS___FLOORL_B                      = 0x60B // 1547
+	SYS___FREXPF_B                      = 0x60C // 1548
+	SYS___FREXPL_B                      = 0x60D // 1549
+	SYS___LDEXPF_B                      = 0x60E // 1550
+	SYS___LDEXPL_B                      = 0x60F // 1551
+	SYS___SINF_B                        = 0x610 // 1552
+	SYS___SINL_B                        = 0x611 // 1553
+	SYS___TANF_B                        = 0x612 // 1554
+	SYS___TANL_B                        = 0x613 // 1555
+	SYS___TANHF_B                       = 0x614 // 1556
+	SYS___TANHL_B                       = 0x615 // 1557
+	SYS___ACOSF_B                       = 0x616 // 1558
+	SYS___ACOSL_B                       = 0x617 // 1559
+	SYS___ASINF_B                       = 0x618 // 1560
+	SYS___ASINL_B                       = 0x619 // 1561
+	SYS___ATAN2F_B                      = 0x61A // 1562
+	SYS___ATAN2L_B                      = 0x61B // 1563
+	SYS___COSHF_B                       = 0x61C // 1564
+	SYS___COSHL_B                       = 0x61D // 1565
+	SYS___EXPF_B                        = 0x61E // 1566
+	SYS___EXPL_B                        = 0x61F // 1567
+	SYS___LOGF_B                        = 0x620 // 1568
+	SYS___LOGL_B                        = 0x621 // 1569
+	SYS___LOG10F_B                      = 0x622 // 1570
+	SYS___LOG10L_B                      = 0x623 // 1571
+	SYS___POWF_B                        = 0x624 // 1572
+	SYS___POWL_B                        = 0x625 // 1573
+	SYS___SINHF_B                       = 0x626 // 1574
+	SYS___SINHL_B                       = 0x627 // 1575
+	SYS___SQRTF_B                       = 0x628 // 1576
+	SYS___SQRTL_B                       = 0x629 // 1577
+	SYS___ABSF_B                        = 0x62A // 1578
+	SYS___ABS_B                         = 0x62B // 1579
+	SYS___ABSL_B                        = 0x62C // 1580
+	SYS___FMODF_B                       = 0x62D // 1581
+	SYS___FMODL_B                       = 0x62E // 1582
+	SYS___MODFF_B                       = 0x62F // 1583
+	SYS___MODFL_B                       = 0x630 // 1584
+	SYS_ABSF                            = 0x631 // 1585
+	SYS_ABSL                            = 0x632 // 1586
+	SYS_ACOSF                           = 0x633 // 1587
+	SYS_ACOSL                           = 0x634 // 1588
+	SYS_ASINF                           = 0x635 // 1589
+	SYS_ASINL                           = 0x636 // 1590
+	SYS_ATAN2F                          = 0x637 // 1591
+	SYS_ATAN2L                          = 0x638 // 1592
+	SYS_ATANF                           = 0x639 // 1593
+	SYS_ATANL                           = 0x63A // 1594
+	SYS_CEILF                           = 0x63B // 1595
+	SYS_CEILL                           = 0x63C // 1596
+	SYS_COSF                            = 0x63D // 1597
+	SYS_COSL                            = 0x63E // 1598
+	SYS_COSHF                           = 0x63F // 1599
+	SYS_COSHL                           = 0x640 // 1600
+	SYS_EXPF                            = 0x641 // 1601
+	SYS_EXPL                            = 0x642 // 1602
+	SYS_TANHF                           = 0x643 // 1603
+	SYS_TANHL                           = 0x644 // 1604
+	SYS_LOG10F                          = 0x645 // 1605
+	SYS_LOG10L                          = 0x646 // 1606
+	SYS_LOGF                            = 0x647 // 1607
+	SYS_LOGL                            = 0x648 // 1608
+	SYS_POWF                            = 0x649 // 1609
+	SYS_POWL                            = 0x64A // 1610
+	SYS_SINF                            = 0x64B // 1611
+	SYS_SINL                            = 0x64C // 1612
+	SYS_SQRTF                           = 0x64D // 1613
+	SYS_SQRTL                           = 0x64E // 1614
+	SYS_SINHF                           = 0x64F // 1615
+	SYS_SINHL                           = 0x650 // 1616
+	SYS_TANF                            = 0x651 // 1617
+	SYS_TANL                            = 0x652 // 1618
+	SYS_FABSF                           = 0x653 // 1619
+	SYS_FABSL                           = 0x654 // 1620
+	SYS_FLOORF                          = 0x655 // 1621
+	SYS_FLOORL                          = 0x656 // 1622
+	SYS_FMODF                           = 0x657 // 1623
+	SYS_FMODL                           = 0x658 // 1624
+	SYS_FREXPF                          = 0x659 // 1625
+	SYS_FREXPL                          = 0x65A // 1626
+	SYS_LDEXPF                          = 0x65B // 1627
+	SYS_LDEXPL                          = 0x65C // 1628
+	SYS_MODFF                           = 0x65D // 1629
+	SYS_MODFL                           = 0x65E // 1630
+	SYS_BTOWC                           = 0x65F // 1631
+	SYS___CHATTR                        = 0x660 // 1632
+	SYS___FCHATTR                       = 0x661 // 1633
+	SYS___TOCCSID                       = 0x662 // 1634
+	SYS___CSNAMETYPE                    = 0x663 // 1635
+	SYS___TOCSNAME                      = 0x664 // 1636
+	SYS___CCSIDTYPE                     = 0x665 // 1637
+	SYS___AE_CORRESTBL_QUERY            = 0x666 // 1638
+	SYS___AE_AUTOCONVERT_STATE          = 0x667 // 1639
+	SYS_DN_FIND                         = 0x668 // 1640
+	SYS___GETHOSTBYADDR_A               = 0x669 // 1641
+	SYS___GETHOSTBYNAME_A               = 0x66A // 1642
+	SYS___RES_INIT_A                    = 0x66B // 1643
+	SYS___GETHOSTBYADDR_R_A             = 0x66C // 1644
+	SYS___GETHOSTBYNAME_R_A             = 0x66D // 1645
+	SYS___CHARMAP_INIT_A                = 0x66E // 1646
+	SYS___MBLEN_A                       = 0x66F // 1647
+	SYS___MBLEN_SB_A                    = 0x670 // 1648
+	SYS___MBLEN_STD_A                   = 0x671 // 1649
+	SYS___MBLEN_UTF                     = 0x672 // 1650
+	SYS___MBSTOWCS_A                    = 0x673 // 1651
+	SYS___MBSTOWCS_STD_A                = 0x674 // 1652
+	SYS___MBTOWC_A                      = 0x675 // 1653
+	SYS___MBTOWC_ISO1                   = 0x676 // 1654
+	SYS___MBTOWC_SBCS                   = 0x677 // 1655
+	SYS___MBTOWC_MBCS                   = 0x678 // 1656
+	SYS___MBTOWC_UTF                    = 0x679 // 1657
+	SYS___WCSTOMBS_A                    = 0x67A // 1658
+	SYS___WCSTOMBS_STD_A                = 0x67B // 1659
+	SYS___WCSWIDTH_A                    = 0x67C // 1660
+	SYS___GETGRGID_R_A                  = 0x67D // 1661
+	SYS___WCSWIDTH_STD_A                = 0x67E // 1662
+	SYS___WCSWIDTH_ASIA                 = 0x67F // 1663
+	SYS___CSID_A                        = 0x680 // 1664
+	SYS___CSID_STD_A                    = 0x681 // 1665
+	SYS___WCSID_A                       = 0x682 // 1666
+	SYS___WCSID_STD_A                   = 0x683 // 1667
+	SYS___WCTOMB_A                      = 0x684 // 1668
+	SYS___WCTOMB_ISO1                   = 0x685 // 1669
+	SYS___WCTOMB_STD_A                  = 0x686 // 1670
+	SYS___WCTOMB_UTF                    = 0x687 // 1671
+	SYS___WCWIDTH_A                     = 0x688 // 1672
+	SYS___GETGRNAM_R_A                  = 0x689 // 1673
+	SYS___WCWIDTH_STD_A                 = 0x68A // 1674
+	SYS___WCWIDTH_ASIA                  = 0x68B // 1675
+	SYS___GETPWNAM_R_A                  = 0x68C // 1676
+	SYS___GETPWUID_R_A                  = 0x68D // 1677
+	SYS___GETLOGIN_R_A                  = 0x68E // 1678
+	SYS___TTYNAME_R_A                   = 0x68F // 1679
+	SYS___READDIR_R_A                   = 0x690 // 1680
+	SYS___E2A_S                         = 0x691 // 1681
+	SYS___FNMATCH_A                     = 0x692 // 1682
+	SYS___FNMATCH_C_A                   = 0x693 // 1683
+	SYS___EXECL_A                       = 0x694 // 1684
+	SYS___FNMATCH_STD_A                 = 0x695 // 1685
+	SYS___REGCOMP_A                     = 0x696 // 1686
+	SYS___REGCOMP_STD_A                 = 0x697 // 1687
+	SYS___REGERROR_A                    = 0x698 // 1688
+	SYS___REGERROR_STD_A                = 0x699 // 1689
+	SYS___REGEXEC_A                     = 0x69A // 1690
+	SYS___REGEXEC_STD_A                 = 0x69B // 1691
+	SYS___REGFREE_A                     = 0x69C // 1692
+	SYS___REGFREE_STD_A                 = 0x69D // 1693
+	SYS___STRCOLL_A                     = 0x69E // 1694
+	SYS___STRCOLL_C_A                   = 0x69F // 1695
+	SYS___EXECLE_A                      = 0x6A0 // 1696
+	SYS___STRCOLL_STD_A                 = 0x6A1 // 1697
+	SYS___STRXFRM_A                     = 0x6A2 // 1698
+	SYS___STRXFRM_C_A                   = 0x6A3 // 1699
+	SYS___EXECLP_A                      = 0x6A4 // 1700
+	SYS___STRXFRM_STD_A                 = 0x6A5 // 1701
+	SYS___WCSCOLL_A                     = 0x6A6 // 1702
+	SYS___WCSCOLL_C_A                   = 0x6A7 // 1703
+	SYS___WCSCOLL_STD_A                 = 0x6A8 // 1704
+	SYS___WCSXFRM_A                     = 0x6A9 // 1705
+	SYS___WCSXFRM_C_A                   = 0x6AA // 1706
+	SYS___WCSXFRM_STD_A                 = 0x6AB // 1707
+	SYS___COLLATE_INIT_A                = 0x6AC // 1708
+	SYS___WCTYPE_A                      = 0x6AD // 1709
+	SYS___GET_WCTYPE_STD_A              = 0x6AE // 1710
+	SYS___CTYPE_INIT_A                  = 0x6AF // 1711
+	SYS___ISWCTYPE_A                    = 0x6B0 // 1712
+	SYS___EXECV_A                       = 0x6B1 // 1713
+	SYS___IS_WCTYPE_STD_A               = 0x6B2 // 1714
+	SYS___TOWLOWER_A                    = 0x6B3 // 1715
+	SYS___TOWLOWER_STD_A                = 0x6B4 // 1716
+	SYS___TOWUPPER_A                    = 0x6B5 // 1717
+	SYS___TOWUPPER_STD_A                = 0x6B6 // 1718
+	SYS___LOCALE_INIT_A                 = 0x6B7 // 1719
+	SYS___LOCALECONV_A                  = 0x6B8 // 1720
+	SYS___LOCALECONV_STD_A              = 0x6B9 // 1721
+	SYS___NL_LANGINFO_A                 = 0x6BA // 1722
+	SYS___NL_LNAGINFO_STD_A             = 0x6BB // 1723
+	SYS___MONETARY_INIT_A               = 0x6BC // 1724
+	SYS___STRFMON_A                     = 0x6BD // 1725
+	SYS___STRFMON_STD_A                 = 0x6BE // 1726
+	SYS___GETADDRINFO_A                 = 0x6BF // 1727
+	SYS___CATGETS_A                     = 0x6C0 // 1728
+	SYS___EXECVE_A                      = 0x6C1 // 1729
+	SYS___EXECVP_A                      = 0x6C2 // 1730
+	SYS___SPAWN_A                       = 0x6C3 // 1731
+	SYS___GETNAMEINFO_A                 = 0x6C4 // 1732
+	SYS___SPAWNP_A                      = 0x6C5 // 1733
+	SYS___NUMERIC_INIT_A                = 0x6C6 // 1734
+	SYS___RESP_INIT_A                   = 0x6C7 // 1735
+	SYS___RPMATCH_A                     = 0x6C8 // 1736
+	SYS___RPMATCH_C_A                   = 0x6C9 // 1737
+	SYS___RPMATCH_STD_A                 = 0x6CA // 1738
+	SYS___TIME_INIT_A                   = 0x6CB // 1739
+	SYS___STRFTIME_A                    = 0x6CC // 1740
+	SYS___STRFTIME_STD_A                = 0x6CD // 1741
+	SYS___STRPTIME_A                    = 0x6CE // 1742
+	SYS___STRPTIME_STD_A                = 0x6CF // 1743
+	SYS___WCSFTIME_A                    = 0x6D0 // 1744
+	SYS___WCSFTIME_STD_A                = 0x6D1 // 1745
+	SYS_____SPAWN2_A                    = 0x6D2 // 1746
+	SYS_____SPAWNP2_A                   = 0x6D3 // 1747
+	SYS___SYNTAX_INIT_A                 = 0x6D4 // 1748
+	SYS___TOD_INIT_A                    = 0x6D5 // 1749
+	SYS___NL_CSINFO_A                   = 0x6D6 // 1750
+	SYS___NL_MONINFO_A                  = 0x6D7 // 1751
+	SYS___NL_NUMINFO_A                  = 0x6D8 // 1752
+	SYS___NL_RESPINFO_A                 = 0x6D9 // 1753
+	SYS___NL_TIMINFO_A                  = 0x6DA // 1754
+	SYS___IF_NAMETOINDEX_A              = 0x6DB // 1755
+	SYS___IF_INDEXTONAME_A              = 0x6DC // 1756
+	SYS___PRINTF_A                      = 0x6DD // 1757
+	SYS___ICONV_OPEN_A                  = 0x6DE // 1758
+	SYS___DLLLOAD_A                     = 0x6DF // 1759
+	SYS___DLLQUERYFN_A                  = 0x6E0 // 1760
+	SYS___DLLQUERYVAR_A                 = 0x6E1 // 1761
+	SYS_____CHATTR_A                    = 0x6E2 // 1762
+	SYS___E2A_L                         = 0x6E3 // 1763
+	SYS_____TOCCSID_A                   = 0x6E4 // 1764
+	SYS_____TOCSNAME_A                  = 0x6E5 // 1765
+	SYS_____CCSIDTYPE_A                 = 0x6E6 // 1766
+	SYS_____CSNAMETYPE_A                = 0x6E7 // 1767
+	SYS___CHMOD_A                       = 0x6E8 // 1768
+	SYS___MKDIR_A                       = 0x6E9 // 1769
+	SYS___STAT_A                        = 0x6EA // 1770
+	SYS___STAT_O_A                      = 0x6EB // 1771
+	SYS___MKFIFO_A                      = 0x6EC // 1772
+	SYS_____OPEN_STAT_A                 = 0x6ED // 1773
+	SYS___LSTAT_A                       = 0x6EE // 1774
+	SYS___LSTAT_O_A                     = 0x6EF // 1775
+	SYS___MKNOD_A                       = 0x6F0 // 1776
+	SYS___MOUNT_A                       = 0x6F1 // 1777
+	SYS___UMOUNT_A                      = 0x6F2 // 1778
+	SYS___CHAUDIT_A                     = 0x6F4 // 1780
+	SYS___W_GETMNTENT_A                 = 0x6F5 // 1781
+	SYS___CREAT_A                       = 0x6F6 // 1782
+	SYS___OPEN_A                        = 0x6F7 // 1783
+	SYS___SETLOCALE_A                   = 0x6F9 // 1785
+	SYS___FPRINTF_A                     = 0x6FA // 1786
+	SYS___SPRINTF_A                     = 0x6FB // 1787
+	SYS___VFPRINTF_A                    = 0x6FC // 1788
+	SYS___VPRINTF_A                     = 0x6FD // 1789
+	SYS___VSPRINTF_A                    = 0x6FE // 1790
+	SYS___VSWPRINTF_A                   = 0x6FF // 1791
+	SYS___SWPRINTF_A                    = 0x700 // 1792
+	SYS___FSCANF_A                      = 0x701 // 1793
+	SYS___SCANF_A                       = 0x702 // 1794
+	SYS___SSCANF_A                      = 0x703 // 1795
+	SYS___SWSCANF_A                     = 0x704 // 1796
+	SYS___ATOF_A                        = 0x705 // 1797
+	SYS___ATOI_A                        = 0x706 // 1798
+	SYS___ATOL_A                        = 0x707 // 1799
+	SYS___STRTOD_A                      = 0x708 // 1800
+	SYS___STRTOL_A                      = 0x709 // 1801
+	SYS___STRTOUL_A                     = 0x70A // 1802
+	SYS_____AE_CORRESTBL_QUERY_A        = 0x70B // 1803
+	SYS___A64L_A                        = 0x70C // 1804
+	SYS___ECVT_A                        = 0x70D // 1805
+	SYS___FCVT_A                        = 0x70E // 1806
+	SYS___GCVT_A                        = 0x70F // 1807
+	SYS___L64A_A                        = 0x710 // 1808
+	SYS___STRERROR_A                    = 0x711 // 1809
+	SYS___PERROR_A                      = 0x712 // 1810
+	SYS___FETCH_A                       = 0x713 // 1811
+	SYS___GETENV_A                      = 0x714 // 1812
+	SYS___MKSTEMP_A                     = 0x717 // 1815
+	SYS___PTSNAME_A                     = 0x718 // 1816
+	SYS___PUTENV_A                      = 0x719 // 1817
+	SYS___REALPATH_A                    = 0x71A // 1818
+	SYS___SETENV_A                      = 0x71B // 1819
+	SYS___SYSTEM_A                      = 0x71C // 1820
+	SYS___GETOPT_A                      = 0x71D // 1821
+	SYS___CATOPEN_A                     = 0x71E // 1822
+	SYS___ACCESS_A                      = 0x71F // 1823
+	SYS___CHDIR_A                       = 0x720 // 1824
+	SYS___CHOWN_A                       = 0x721 // 1825
+	SYS___CHROOT_A                      = 0x722 // 1826
+	SYS___GETCWD_A                      = 0x723 // 1827
+	SYS___GETWD_A                       = 0x724 // 1828
+	SYS___LCHOWN_A                      = 0x725 // 1829
+	SYS___LINK_A                        = 0x726 // 1830
+	SYS___PATHCONF_A                    = 0x727 // 1831
+	SYS___IF_NAMEINDEX_A                = 0x728 // 1832
+	SYS___READLINK_A                    = 0x729 // 1833
+	SYS___RMDIR_A                       = 0x72A // 1834
+	SYS___STATVFS_A                     = 0x72B // 1835
+	SYS___SYMLINK_A                     = 0x72C // 1836
+	SYS___TRUNCATE_A                    = 0x72D // 1837
+	SYS___UNLINK_A                      = 0x72E // 1838
+	SYS___GAI_STRERROR_A                = 0x72F // 1839
+	SYS___EXTLINK_NP_A                  = 0x730 // 1840
+	SYS___ISALNUM_A                     = 0x731 // 1841
+	SYS___ISALPHA_A                     = 0x732 // 1842
+	SYS___A2E_S                         = 0x733 // 1843
+	SYS___ISCNTRL_A                     = 0x734 // 1844
+	SYS___ISDIGIT_A                     = 0x735 // 1845
+	SYS___ISGRAPH_A                     = 0x736 // 1846
+	SYS___ISLOWER_A                     = 0x737 // 1847
+	SYS___ISPRINT_A                     = 0x738 // 1848
+	SYS___ISPUNCT_A                     = 0x739 // 1849
+	SYS___ISSPACE_A                     = 0x73A // 1850
+	SYS___ISUPPER_A                     = 0x73B // 1851
+	SYS___ISXDIGIT_A                    = 0x73C // 1852
+	SYS___TOLOWER_A                     = 0x73D // 1853
+	SYS___TOUPPER_A                     = 0x73E // 1854
+	SYS___ISWALNUM_A                    = 0x73F // 1855
+	SYS___ISWALPHA_A                    = 0x740 // 1856
+	SYS___A2E_L                         = 0x741 // 1857
+	SYS___ISWCNTRL_A                    = 0x742 // 1858
+	SYS___ISWDIGIT_A                    = 0x743 // 1859
+	SYS___ISWGRAPH_A                    = 0x744 // 1860
+	SYS___ISWLOWER_A                    = 0x745 // 1861
+	SYS___ISWPRINT_A                    = 0x746 // 1862
+	SYS___ISWPUNCT_A                    = 0x747 // 1863
+	SYS___ISWSPACE_A                    = 0x748 // 1864
+	SYS___ISWUPPER_A                    = 0x749 // 1865
+	SYS___ISWXDIGIT_A                   = 0x74A // 1866
+	SYS___CONFSTR_A                     = 0x74B // 1867
+	SYS___FTOK_A                        = 0x74C // 1868
+	SYS___MKTEMP_A                      = 0x74D // 1869
+	SYS___FDOPEN_A                      = 0x74E // 1870
+	SYS___FLDATA_A                      = 0x74F // 1871
+	SYS___REMOVE_A                      = 0x750 // 1872
+	SYS___RENAME_A                      = 0x751 // 1873
+	SYS___TMPNAM_A                      = 0x752 // 1874
+	SYS___FOPEN_A                       = 0x753 // 1875
+	SYS___FREOPEN_A                     = 0x754 // 1876
+	SYS___CUSERID_A                     = 0x755 // 1877
+	SYS___POPEN_A                       = 0x756 // 1878
+	SYS___TEMPNAM_A                     = 0x757 // 1879
+	SYS___FTW_A                         = 0x758 // 1880
+	SYS___GETGRENT_A                    = 0x759 // 1881
+	SYS___GETGRGID_A                    = 0x75A // 1882
+	SYS___GETGRNAM_A                    = 0x75B // 1883
+	SYS___GETGROUPSBYNAME_A             = 0x75C // 1884
+	SYS___GETHOSTENT_A                  = 0x75D // 1885
+	SYS___GETHOSTNAME_A                 = 0x75E // 1886
+	SYS___GETLOGIN_A                    = 0x75F // 1887
+	SYS___INET_NTOP_A                   = 0x760 // 1888
+	SYS___GETPASS_A                     = 0x761 // 1889
+	SYS___GETPWENT_A                    = 0x762 // 1890
+	SYS___GETPWNAM_A                    = 0x763 // 1891
+	SYS___GETPWUID_A                    = 0x764 // 1892
+	SYS_____CHECK_RESOURCE_AUTH_NP_A    = 0x765 // 1893
+	SYS___CHECKSCHENV_A                 = 0x766 // 1894
+	SYS___CONNECTSERVER_A               = 0x767 // 1895
+	SYS___CONNECTWORKMGR_A              = 0x768 // 1896
+	SYS_____CONSOLE_A                   = 0x769 // 1897
+	SYS___CREATEWORKUNIT_A              = 0x76A // 1898
+	SYS___CTERMID_A                     = 0x76B // 1899
+	SYS___FMTMSG_A                      = 0x76C // 1900
+	SYS___INITGROUPS_A                  = 0x76D // 1901
+	SYS_____LOGIN_A                     = 0x76E // 1902
+	SYS___MSGRCV_A                      = 0x76F // 1903
+	SYS___MSGSND_A                      = 0x770 // 1904
+	SYS___MSGXRCV_A                     = 0x771 // 1905
+	SYS___NFTW_A                        = 0x772 // 1906
+	SYS_____PASSWD_A                    = 0x773 // 1907
+	SYS___PTHREAD_SECURITY_NP_A         = 0x774 // 1908
+	SYS___QUERYMETRICS_A                = 0x775 // 1909
+	SYS___QUERYSCHENV                   = 0x776 // 1910
+	SYS___READV_A                       = 0x777 // 1911
+	SYS_____SERVER_CLASSIFY_A           = 0x778 // 1912
+	SYS_____SERVER_INIT_A               = 0x779 // 1913
+	SYS_____SERVER_PWU_A                = 0x77A // 1914
+	SYS___STRCASECMP_A                  = 0x77B // 1915
+	SYS___STRNCASECMP_A                 = 0x77C // 1916
+	SYS___TTYNAME_A                     = 0x77D // 1917
+	SYS___UNAME_A                       = 0x77E // 1918
+	SYS___UTIMES_A                      = 0x77F // 1919
+	SYS___W_GETPSENT_A                  = 0x780 // 1920
+	SYS___WRITEV_A                      = 0x781 // 1921
+	SYS___W_STATFS_A                    = 0x782 // 1922
+	SYS___W_STATVFS_A                   = 0x783 // 1923
+	SYS___FPUTC_A                       = 0x784 // 1924
+	SYS___PUTCHAR_A                     = 0x785 // 1925
+	SYS___PUTS_A                        = 0x786 // 1926
+	SYS___FGETS_A                       = 0x787 // 1927
+	SYS___GETS_A                        = 0x788 // 1928
+	SYS___FPUTS_A                       = 0x789 // 1929
+	SYS___FREAD_A                       = 0x78A // 1930
+	SYS___FWRITE_A                      = 0x78B // 1931
+	SYS___OPEN_O_A                      = 0x78C // 1932
+	SYS___ISASCII                       = 0x78D // 1933
+	SYS___CREAT_O_A                     = 0x78E // 1934
+	SYS___ENVNA                         = 0x78F // 1935
+	SYS___PUTC_A                        = 0x790 // 1936
+	SYS___AE_THREAD_SETMODE             = 0x791 // 1937
+	SYS___AE_THREAD_SWAPMODE            = 0x792 // 1938
+	SYS___GETNETBYADDR_A                = 0x793 // 1939
+	SYS___GETNETBYNAME_A                = 0x794 // 1940
+	SYS___GETNETENT_A                   = 0x795 // 1941
+	SYS___GETPROTOBYNAME_A              = 0x796 // 1942
+	SYS___GETPROTOBYNUMBER_A            = 0x797 // 1943
+	SYS___GETPROTOENT_A                 = 0x798 // 1944
+	SYS___GETSERVBYNAME_A               = 0x799 // 1945
+	SYS___GETSERVBYPORT_A               = 0x79A // 1946
+	SYS___GETSERVENT_A                  = 0x79B // 1947
+	SYS___ASCTIME_A                     = 0x79C // 1948
+	SYS___CTIME_A                       = 0x79D // 1949
+	SYS___GETDATE_A                     = 0x79E // 1950
+	SYS___TZSET_A                       = 0x79F // 1951
+	SYS___UTIME_A                       = 0x7A0 // 1952
+	SYS___ASCTIME_R_A                   = 0x7A1 // 1953
+	SYS___CTIME_R_A                     = 0x7A2 // 1954
+	SYS___STRTOLL_A                     = 0x7A3 // 1955
+	SYS___STRTOULL_A                    = 0x7A4 // 1956
+	SYS___FPUTWC_A                      = 0x7A5 // 1957
+	SYS___PUTWC_A                       = 0x7A6 // 1958
+	SYS___PUTWCHAR_A                    = 0x7A7 // 1959
+	SYS___FPUTWS_A                      = 0x7A8 // 1960
+	SYS___UNGETWC_A                     = 0x7A9 // 1961
+	SYS___FGETWC_A                      = 0x7AA // 1962
+	SYS___GETWC_A                       = 0x7AB // 1963
+	SYS___GETWCHAR_A                    = 0x7AC // 1964
+	SYS___FGETWS_A                      = 0x7AD // 1965
+	SYS___GETTIMEOFDAY_A                = 0x7AE // 1966
+	SYS___GMTIME_A                      = 0x7AF // 1967
+	SYS___GMTIME_R_A                    = 0x7B0 // 1968
+	SYS___LOCALTIME_A                   = 0x7B1 // 1969
+	SYS___LOCALTIME_R_A                 = 0x7B2 // 1970
+	SYS___MKTIME_A                      = 0x7B3 // 1971
+	SYS___TZZNA                         = 0x7B4 // 1972
+	SYS_UNATEXIT                        = 0x7B5 // 1973
+	SYS___CEE3DMP_A                     = 0x7B6 // 1974
+	SYS___CDUMP_A                       = 0x7B7 // 1975
+	SYS___CSNAP_A                       = 0x7B8 // 1976
+	SYS___CTEST_A                       = 0x7B9 // 1977
+	SYS___CTRACE_A                      = 0x7BA // 1978
+	SYS___VSWPRNTF2_A                   = 0x7BB // 1979
+	SYS___INET_PTON_A                   = 0x7BC // 1980
+	SYS___SYSLOG_A                      = 0x7BD // 1981
+	SYS___CRYPT_A                       = 0x7BE // 1982
+	SYS_____OPENDIR2_A                  = 0x7BF // 1983
+	SYS_____READDIR2_A                  = 0x7C0 // 1984
+	SYS___OPENDIR_A                     = 0x7C2 // 1986
+	SYS___READDIR_A                     = 0x7C3 // 1987
+	SYS_PREAD                           = 0x7C7 // 1991
+	SYS_PWRITE                          = 0x7C8 // 1992
+	SYS_M_CREATE_LAYOUT                 = 0x7C9 // 1993
+	SYS_M_DESTROY_LAYOUT                = 0x7CA // 1994
+	SYS_M_GETVALUES_LAYOUT              = 0x7CB // 1995
+	SYS_M_SETVALUES_LAYOUT              = 0x7CC // 1996
+	SYS_M_TRANSFORM_LAYOUT              = 0x7CD // 1997
+	SYS_M_WTRANSFORM_LAYOUT             = 0x7CE // 1998
+	SYS_FWPRINTF                        = 0x7D1 // 2001
+	SYS_WPRINTF                         = 0x7D2 // 2002
+	SYS_VFWPRINT                        = 0x7D3 // 2003
+	SYS_VFWPRINTF                       = 0x7D3 // 2003
+	SYS_VWPRINTF                        = 0x7D4 // 2004
+	SYS_FWSCANF                         = 0x7D5 // 2005
+	SYS_WSCANF                          = 0x7D6 // 2006
+	SYS_WCTRANS                         = 0x7D7 // 2007
+	SYS_TOWCTRAN                        = 0x7D8 // 2008
+	SYS_TOWCTRANS                       = 0x7D8 // 2008
+	SYS___WCSTOD_A                      = 0x7D9 // 2009
+	SYS___WCSTOL_A                      = 0x7DA // 2010
+	SYS___WCSTOUL_A                     = 0x7DB // 2011
+	SYS___BASENAME_A                    = 0x7DC // 2012
+	SYS___DIRNAME_A                     = 0x7DD // 2013
+	SYS___GLOB_A                        = 0x7DE // 2014
+	SYS_FWIDE                           = 0x7DF // 2015
+	SYS___OSNAME                        = 0x7E0 // 2016
+	SYS_____OSNAME_A                    = 0x7E1 // 2017
+	SYS___BTOWC_A                       = 0x7E4 // 2020
+	SYS___WCTOB_A                       = 0x7E5 // 2021
+	SYS___DBM_OPEN_A                    = 0x7E6 // 2022
+	SYS___VFPRINTF2_A                   = 0x7E7 // 2023
+	SYS___VPRINTF2_A                    = 0x7E8 // 2024
+	SYS___VSPRINTF2_A                   = 0x7E9 // 2025
+	SYS___CEIL_H                        = 0x7EA // 2026
+	SYS___FLOOR_H                       = 0x7EB // 2027
+	SYS___MODF_H                        = 0x7EC // 2028
+	SYS___FABS_H                        = 0x7ED // 2029
+	SYS___J0_H                          = 0x7EE // 2030
+	SYS___J1_H                          = 0x7EF // 2031
+	SYS___JN_H                          = 0x7F0 // 2032
+	SYS___Y0_H                          = 0x7F1 // 2033
+	SYS___Y1_H                          = 0x7F2 // 2034
+	SYS___YN_H                          = 0x7F3 // 2035
+	SYS___CEILF_H                       = 0x7F4 // 2036
+	SYS___CEILL_H                       = 0x7F5 // 2037
+	SYS___FLOORF_H                      = 0x7F6 // 2038
+	SYS___FLOORL_H                      = 0x7F7 // 2039
+	SYS___MODFF_H                       = 0x7F8 // 2040
+	SYS___MODFL_H                       = 0x7F9 // 2041
+	SYS___FABSF_H                       = 0x7FA // 2042
+	SYS___FABSL_H                       = 0x7FB // 2043
+	SYS___MALLOC24                      = 0x7FC // 2044
+	SYS___MALLOC31                      = 0x7FD // 2045
+	SYS_ACL_INIT                        = 0x7FE // 2046
+	SYS_ACL_FREE                        = 0x7FF // 2047
+	SYS_ACL_FIRST_ENTRY                 = 0x800 // 2048
+	SYS_ACL_GET_ENTRY                   = 0x801 // 2049
+	SYS_ACL_VALID                       = 0x802 // 2050
+	SYS_ACL_CREATE_ENTRY                = 0x803 // 2051
+	SYS_ACL_DELETE_ENTRY                = 0x804 // 2052
+	SYS_ACL_UPDATE_ENTRY                = 0x805 // 2053
+	SYS_ACL_DELETE_FD                   = 0x806 // 2054
+	SYS_ACL_DELETE_FILE                 = 0x807 // 2055
+	SYS_ACL_GET_FD                      = 0x808 // 2056
+	SYS_ACL_GET_FILE                    = 0x809 // 2057
+	SYS_ACL_SET_FD                      = 0x80A // 2058
+	SYS_ACL_SET_FILE                    = 0x80B // 2059
+	SYS_ACL_FROM_TEXT                   = 0x80C // 2060
+	SYS_ACL_TO_TEXT                     = 0x80D // 2061
+	SYS_ACL_SORT                        = 0x80E // 2062
+	SYS___SHUTDOWN_REGISTRATION         = 0x80F // 2063
+	SYS___ERFL_B                        = 0x810 // 2064
+	SYS___ERFCL_B                       = 0x811 // 2065
+	SYS___LGAMMAL_B                     = 0x812 // 2066
+	SYS___SETHOOKEVENTS                 = 0x813 // 2067
+	SYS_IF_NAMETOINDEX                  = 0x814 // 2068
+	SYS_IF_INDEXTONAME                  = 0x815 // 2069
+	SYS_IF_NAMEINDEX                    = 0x816 // 2070
+	SYS_IF_FREENAMEINDEX                = 0x817 // 2071
+	SYS_GETADDRINFO                     = 0x818 // 2072
+	SYS_GETNAMEINFO                     = 0x819 // 2073
+	SYS_FREEADDRINFO                    = 0x81A // 2074
+	SYS_GAI_STRERROR                    = 0x81B // 2075
+	SYS_REXEC_AF                        = 0x81C // 2076
+	SYS___POE                           = 0x81D // 2077
+	SYS___DYNALLOC_A                    = 0x81F // 2079
+	SYS___DYNFREE_A                     = 0x820 // 2080
+	SYS___RES_QUERY_A                   = 0x821 // 2081
+	SYS___RES_SEARCH_A                  = 0x822 // 2082
+	SYS___RES_QUERYDOMAIN_A             = 0x823 // 2083
+	SYS___RES_MKQUERY_A                 = 0x824 // 2084
+	SYS___RES_SEND_A                    = 0x825 // 2085
+	SYS___DN_EXPAND_A                   = 0x826 // 2086
+	SYS___DN_SKIPNAME_A                 = 0x827 // 2087
+	SYS___DN_COMP_A                     = 0x828 // 2088
+	SYS___DN_FIND_A                     = 0x829 // 2089
+	SYS___NLIST_A                       = 0x82A // 2090
+	SYS_____TCGETCP_A                   = 0x82B // 2091
+	SYS_____TCSETCP_A                   = 0x82C // 2092
+	SYS_____W_PIOCTL_A                  = 0x82E // 2094
+	SYS___INET_ADDR_A                   = 0x82F // 2095
+	SYS___INET_NTOA_A                   = 0x830 // 2096
+	SYS___INET_NETWORK_A                = 0x831 // 2097
+	SYS___ACCEPT_A                      = 0x832 // 2098
+	SYS___ACCEPT_AND_RECV_A             = 0x833 // 2099
+	SYS___BIND_A                        = 0x834 // 2100
+	SYS___CONNECT_A                     = 0x835 // 2101
+	SYS___GETPEERNAME_A                 = 0x836 // 2102
+	SYS___GETSOCKNAME_A                 = 0x837 // 2103
+	SYS___RECVFROM_A                    = 0x838 // 2104
+	SYS___SENDTO_A                      = 0x839 // 2105
+	SYS___SENDMSG_A                     = 0x83A // 2106
+	SYS___RECVMSG_A                     = 0x83B // 2107
+	SYS_____LCHATTR_A                   = 0x83C // 2108
+	SYS___CABEND                        = 0x83D // 2109
+	SYS___LE_CIB_GET                    = 0x83E // 2110
+	SYS___SET_LAA_FOR_JIT               = 0x83F // 2111
+	SYS___LCHATTR                       = 0x840 // 2112
+	SYS___WRITEDOWN                     = 0x841 // 2113
+	SYS_PTHREAD_MUTEX_INIT2             = 0x842 // 2114
+	SYS___ACOSHF_B                      = 0x843 // 2115
+	SYS___ACOSHL_B                      = 0x844 // 2116
+	SYS___ASINHF_B                      = 0x845 // 2117
+	SYS___ASINHL_B                      = 0x846 // 2118
+	SYS___ATANHF_B                      = 0x847 // 2119
+	SYS___ATANHL_B                      = 0x848 // 2120
+	SYS___CBRTF_B                       = 0x849 // 2121
+	SYS___CBRTL_B                       = 0x84A // 2122
+	SYS___COPYSIGNF_B                   = 0x84B // 2123
+	SYS___COPYSIGNL_B                   = 0x84C // 2124
+	SYS___COTANF_B                      = 0x84D // 2125
+	SYS___COTAN_B                       = 0x84E // 2126
+	SYS___COTANL_B                      = 0x84F // 2127
+	SYS___EXP2F_B                       = 0x850 // 2128
+	SYS___EXP2L_B                       = 0x851 // 2129
+	SYS___EXPM1F_B                      = 0x852 // 2130
+	SYS___EXPM1L_B                      = 0x853 // 2131
+	SYS___FDIMF_B                       = 0x854 // 2132
+	SYS___FDIM_B                        = 0x855 // 2133
+	SYS___FDIML_B                       = 0x856 // 2134
+	SYS___HYPOTF_B                      = 0x857 // 2135
+	SYS___HYPOTL_B                      = 0x858 // 2136
+	SYS___LOG1PF_B                      = 0x859 // 2137
+	SYS___LOG1PL_B                      = 0x85A // 2138
+	SYS___LOG2F_B                       = 0x85B // 2139
+	SYS___LOG2_B                        = 0x85C // 2140
+	SYS___LOG2L_B                       = 0x85D // 2141
+	SYS___REMAINDERF_B                  = 0x85E // 2142
+	SYS___REMAINDERL_B                  = 0x85F // 2143
+	SYS___REMQUOF_B                     = 0x860 // 2144
+	SYS___REMQUO_B                      = 0x861 // 2145
+	SYS___REMQUOL_B                     = 0x862 // 2146
+	SYS___TGAMMAF_B                     = 0x863 // 2147
+	SYS___TGAMMA_B                      = 0x864 // 2148
+	SYS___TGAMMAL_B                     = 0x865 // 2149
+	SYS___TRUNCF_B                      = 0x866 // 2150
+	SYS___TRUNC_B                       = 0x867 // 2151
+	SYS___TRUNCL_B                      = 0x868 // 2152
+	SYS___LGAMMAF_B                     = 0x869 // 2153
+	SYS___LROUNDF_B                     = 0x86A // 2154
+	SYS___LROUND_B                      = 0x86B // 2155
+	SYS___ERFF_B                        = 0x86C // 2156
+	SYS___ERFCF_B                       = 0x86D // 2157
+	SYS_ACOSHF                          = 0x86E // 2158
+	SYS_ACOSHL                          = 0x86F // 2159
+	SYS_ASINHF                          = 0x870 // 2160
+	SYS_ASINHL                          = 0x871 // 2161
+	SYS_ATANHF                          = 0x872 // 2162
+	SYS_ATANHL                          = 0x873 // 2163
+	SYS_CBRTF                           = 0x874 // 2164
+	SYS_CBRTL                           = 0x875 // 2165
+	SYS_COPYSIGNF                       = 0x876 // 2166
+	SYS_CPYSIGNF                        = 0x876 // 2166
+	SYS_COPYSIGNL                       = 0x877 // 2167
+	SYS_CPYSIGNL                        = 0x877 // 2167
+	SYS_COTANF                          = 0x878 // 2168
+	SYS___COTANF                        = 0x878 // 2168
+	SYS_COTAN                           = 0x879 // 2169
+	SYS___COTAN                         = 0x879 // 2169
+	SYS_COTANL                          = 0x87A // 2170
+	SYS___COTANL                        = 0x87A // 2170
+	SYS_EXP2F                           = 0x87B // 2171
+	SYS_EXP2L                           = 0x87C // 2172
+	SYS_EXPM1F                          = 0x87D // 2173
+	SYS_EXPM1L                          = 0x87E // 2174
+	SYS_FDIMF                           = 0x87F // 2175
+	SYS_FDIM                            = 0x881 // 2177
+	SYS_FDIML                           = 0x882 // 2178
+	SYS_HYPOTF                          = 0x883 // 2179
+	SYS_HYPOTL                          = 0x884 // 2180
+	SYS_LOG1PF                          = 0x885 // 2181
+	SYS_LOG1PL                          = 0x886 // 2182
+	SYS_LOG2F                           = 0x887 // 2183
+	SYS_LOG2                            = 0x888 // 2184
+	SYS_LOG2L                           = 0x889 // 2185
+	SYS_REMAINDERF                      = 0x88A // 2186
+	SYS_REMAINDF                        = 0x88A // 2186
+	SYS_REMAINDERL                      = 0x88B // 2187
+	SYS_REMAINDL                        = 0x88B // 2187
+	SYS_REMQUOF                         = 0x88C // 2188
+	SYS_REMQUO                          = 0x88D // 2189
+	SYS_REMQUOL                         = 0x88E // 2190
+	SYS_TGAMMAF                         = 0x88F // 2191
+	SYS_TGAMMA                          = 0x890 // 2192
+	SYS_TGAMMAL                         = 0x891 // 2193
+	SYS_TRUNCF                          = 0x892 // 2194
+	SYS_TRUNC                           = 0x893 // 2195
+	SYS_TRUNCL                          = 0x894 // 2196
+	SYS_LGAMMAF                         = 0x895 // 2197
+	SYS_LGAMMAL                         = 0x896 // 2198
+	SYS_LROUNDF                         = 0x897 // 2199
+	SYS_LROUND                          = 0x898 // 2200
+	SYS_ERFF                            = 0x899 // 2201
+	SYS_ERFL                            = 0x89A // 2202
+	SYS_ERFCF                           = 0x89B // 2203
+	SYS_ERFCL                           = 0x89C // 2204
+	SYS___EXP2_B                        = 0x89D // 2205
+	SYS_EXP2                            = 0x89E // 2206
+	SYS___FAR_JUMP                      = 0x89F // 2207
+	SYS___TCGETATTR_A                   = 0x8A1 // 2209
+	SYS___TCSETATTR_A                   = 0x8A2 // 2210
+	SYS___SUPERKILL                     = 0x8A4 // 2212
+	SYS___LE_CONDITION_TOKEN_BUILD      = 0x8A5 // 2213
+	SYS___LE_MSG_ADD_INSERT             = 0x8A6 // 2214
+	SYS___LE_MSG_GET                    = 0x8A7 // 2215
+	SYS___LE_MSG_GET_AND_WRITE          = 0x8A8 // 2216
+	SYS___LE_MSG_WRITE                  = 0x8A9 // 2217
+	SYS___ITOA                          = 0x8AA // 2218
+	SYS___UTOA                          = 0x8AB // 2219
+	SYS___LTOA                          = 0x8AC // 2220
+	SYS___ULTOA                         = 0x8AD // 2221
+	SYS___LLTOA                         = 0x8AE // 2222
+	SYS___ULLTOA                        = 0x8AF // 2223
+	SYS___ITOA_A                        = 0x8B0 // 2224
+	SYS___UTOA_A                        = 0x8B1 // 2225
+	SYS___LTOA_A                        = 0x8B2 // 2226
+	SYS___ULTOA_A                       = 0x8B3 // 2227
+	SYS___LLTOA_A                       = 0x8B4 // 2228
+	SYS___ULLTOA_A                      = 0x8B5 // 2229
+	SYS_____GETENV_A                    = 0x8C3 // 2243
+	SYS___REXEC_A                       = 0x8C4 // 2244
+	SYS___REXEC_AF_A                    = 0x8C5 // 2245
+	SYS___GETUTXENT_A                   = 0x8C6 // 2246
+	SYS___GETUTXID_A                    = 0x8C7 // 2247
+	SYS___GETUTXLINE_A                  = 0x8C8 // 2248
+	SYS___PUTUTXLINE_A                  = 0x8C9 // 2249
+	SYS_____UTMPXNAME_A                 = 0x8CA // 2250
+	SYS___PUTC_UNLOCKED_A               = 0x8CB // 2251
+	SYS___PUTCHAR_UNLOCKED_A            = 0x8CC // 2252
+	SYS___SNPRINTF_A                    = 0x8CD // 2253
+	SYS___VSNPRINTF_A                   = 0x8CE // 2254
+	SYS___DLOPEN_A                      = 0x8D0 // 2256
+	SYS___DLSYM_A                       = 0x8D1 // 2257
+	SYS___DLERROR_A                     = 0x8D2 // 2258
+	SYS_FLOCKFILE                       = 0x8D3 // 2259
+	SYS_FTRYLOCKFILE                    = 0x8D4 // 2260
+	SYS_FUNLOCKFILE                     = 0x8D5 // 2261
+	SYS_GETC_UNLOCKED                   = 0x8D6 // 2262
+	SYS_GETCHAR_UNLOCKED                = 0x8D7 // 2263
+	SYS_PUTC_UNLOCKED                   = 0x8D8 // 2264
+	SYS_PUTCHAR_UNLOCKED                = 0x8D9 // 2265
+	SYS_SNPRINTF                        = 0x8DA // 2266
+	SYS_VSNPRINTF                       = 0x8DB // 2267
+	SYS_DLOPEN                          = 0x8DD // 2269
+	SYS_DLSYM                           = 0x8DE // 2270
+	SYS_DLCLOSE                         = 0x8DF // 2271
+	SYS_DLERROR                         = 0x8E0 // 2272
+	SYS___SET_EXCEPTION_HANDLER         = 0x8E2 // 2274
+	SYS___RESET_EXCEPTION_HANDLER       = 0x8E3 // 2275
+	SYS___VHM_EVENT                     = 0x8E4 // 2276
+	SYS___ABS_H                         = 0x8E6 // 2278
+	SYS___ABSF_H                        = 0x8E7 // 2279
+	SYS___ABSL_H                        = 0x8E8 // 2280
+	SYS___ACOS_H                        = 0x8E9 // 2281
+	SYS___ACOSF_H                       = 0x8EA // 2282
+	SYS___ACOSL_H                       = 0x8EB // 2283
+	SYS___ACOSH_H                       = 0x8EC // 2284
+	SYS___ASIN_H                        = 0x8ED // 2285
+	SYS___ASINF_H                       = 0x8EE // 2286
+	SYS___ASINL_H                       = 0x8EF // 2287
+	SYS___ASINH_H                       = 0x8F0 // 2288
+	SYS___ATAN_H                        = 0x8F1 // 2289
+	SYS___ATANF_H                       = 0x8F2 // 2290
+	SYS___ATANL_H                       = 0x8F3 // 2291
+	SYS___ATANH_H                       = 0x8F4 // 2292
+	SYS___ATANHF_H                      = 0x8F5 // 2293
+	SYS___ATANHL_H                      = 0x8F6 // 2294
+	SYS___ATAN2_H                       = 0x8F7 // 2295
+	SYS___ATAN2F_H                      = 0x8F8 // 2296
+	SYS___ATAN2L_H                      = 0x8F9 // 2297
+	SYS___CBRT_H                        = 0x8FA // 2298
+	SYS___COPYSIGNF_H                   = 0x8FB // 2299
+	SYS___COPYSIGNL_H                   = 0x8FC // 2300
+	SYS___COS_H                         = 0x8FD // 2301
+	SYS___COSF_H                        = 0x8FE // 2302
+	SYS___COSL_H                        = 0x8FF // 2303
+	SYS___COSHF_H                       = 0x900 // 2304
+	SYS___COSHL_H                       = 0x901 // 2305
+	SYS___COTAN_H                       = 0x902 // 2306
+	SYS___COTANF_H                      = 0x903 // 2307
+	SYS___COTANL_H                      = 0x904 // 2308
+	SYS___ERF_H                         = 0x905 // 2309
+	SYS___ERFF_H                        = 0x906 // 2310
+	SYS___ERFL_H                        = 0x907 // 2311
+	SYS___ERFC_H                        = 0x908 // 2312
+	SYS___ERFCF_H                       = 0x909 // 2313
+	SYS___ERFCL_H                       = 0x90A // 2314
+	SYS___EXP_H                         = 0x90B // 2315
+	SYS___EXPF_H                        = 0x90C // 2316
+	SYS___EXPL_H                        = 0x90D // 2317
+	SYS___EXPM1_H                       = 0x90E // 2318
+	SYS___FDIM_H                        = 0x90F // 2319
+	SYS___FDIMF_H                       = 0x910 // 2320
+	SYS___FDIML_H                       = 0x911 // 2321
+	SYS___FMOD_H                        = 0x912 // 2322
+	SYS___FMODF_H                       = 0x913 // 2323
+	SYS___FMODL_H                       = 0x914 // 2324
+	SYS___GAMMA_H                       = 0x915 // 2325
+	SYS___HYPOT_H                       = 0x916 // 2326
+	SYS___ILOGB_H                       = 0x917 // 2327
+	SYS___LGAMMA_H                      = 0x918 // 2328
+	SYS___LGAMMAF_H                     = 0x919 // 2329
+	SYS___LOG_H                         = 0x91A // 2330
+	SYS___LOGF_H                        = 0x91B // 2331
+	SYS___LOGL_H                        = 0x91C // 2332
+	SYS___LOGB_H                        = 0x91D // 2333
+	SYS___LOG2_H                        = 0x91E // 2334
+	SYS___LOG2F_H                       = 0x91F // 2335
+	SYS___LOG2L_H                       = 0x920 // 2336
+	SYS___LOG1P_H                       = 0x921 // 2337
+	SYS___LOG10_H                       = 0x922 // 2338
+	SYS___LOG10F_H                      = 0x923 // 2339
+	SYS___LOG10L_H                      = 0x924 // 2340
+	SYS___LROUND_H                      = 0x925 // 2341
+	SYS___LROUNDF_H                     = 0x926 // 2342
+	SYS___NEXTAFTER_H                   = 0x927 // 2343
+	SYS___POW_H                         = 0x928 // 2344
+	SYS___POWF_H                        = 0x929 // 2345
+	SYS___POWL_H                        = 0x92A // 2346
+	SYS___REMAINDER_H                   = 0x92B // 2347
+	SYS___RINT_H                        = 0x92C // 2348
+	SYS___SCALB_H                       = 0x92D // 2349
+	SYS___SIN_H                         = 0x92E // 2350
+	SYS___SINF_H                        = 0x92F // 2351
+	SYS___SINL_H                        = 0x930 // 2352
+	SYS___SINH_H                        = 0x931 // 2353
+	SYS___SINHF_H                       = 0x932 // 2354
+	SYS___SINHL_H                       = 0x933 // 2355
+	SYS___SQRT_H                        = 0x934 // 2356
+	SYS___SQRTF_H                       = 0x935 // 2357
+	SYS___SQRTL_H                       = 0x936 // 2358
+	SYS___TAN_H                         = 0x937 // 2359
+	SYS___TANF_H                        = 0x938 // 2360
+	SYS___TANL_H                        = 0x939 // 2361
+	SYS___TANH_H                        = 0x93A // 2362
+	SYS___TANHF_H                       = 0x93B // 2363
+	SYS___TANHL_H                       = 0x93C // 2364
+	SYS___TGAMMA_H                      = 0x93D // 2365
+	SYS___TGAMMAF_H                     = 0x93E // 2366
+	SYS___TRUNC_H                       = 0x93F // 2367
+	SYS___TRUNCF_H                      = 0x940 // 2368
+	SYS___TRUNCL_H                      = 0x941 // 2369
+	SYS___COSH_H                        = 0x942 // 2370
+	SYS___LE_DEBUG_SET_RESUME_MCH       = 0x943 // 2371
+	SYS_VFSCANF                         = 0x944 // 2372
+	SYS_VSCANF                          = 0x946 // 2374
+	SYS_VSSCANF                         = 0x948 // 2376
+	SYS_VFWSCANF                        = 0x94A // 2378
+	SYS_VWSCANF                         = 0x94C // 2380
+	SYS_VSWSCANF                        = 0x94E // 2382
+	SYS_IMAXABS                         = 0x950 // 2384
+	SYS_IMAXDIV                         = 0x951 // 2385
+	SYS_STRTOIMAX                       = 0x952 // 2386
+	SYS_STRTOUMAX                       = 0x953 // 2387
+	SYS_WCSTOIMAX                       = 0x954 // 2388
+	SYS_WCSTOUMAX                       = 0x955 // 2389
+	SYS_ATOLL                           = 0x956 // 2390
+	SYS_STRTOF                          = 0x957 // 2391
+	SYS_STRTOLD                         = 0x958 // 2392
+	SYS_WCSTOF                          = 0x959 // 2393
+	SYS_WCSTOLD                         = 0x95A // 2394
+	SYS_INET6_RTH_SPACE                 = 0x95B // 2395
+	SYS_INET6_RTH_INIT                  = 0x95C // 2396
+	SYS_INET6_RTH_ADD                   = 0x95D // 2397
+	SYS_INET6_RTH_REVERSE               = 0x95E // 2398
+	SYS_INET6_RTH_SEGMENTS              = 0x95F // 2399
+	SYS_INET6_RTH_GETADDR               = 0x960 // 2400
+	SYS_INET6_OPT_INIT                  = 0x961 // 2401
+	SYS_INET6_OPT_APPEND                = 0x962 // 2402
+	SYS_INET6_OPT_FINISH                = 0x963 // 2403
+	SYS_INET6_OPT_SET_VAL               = 0x964 // 2404
+	SYS_INET6_OPT_NEXT                  = 0x965 // 2405
+	SYS_INET6_OPT_FIND                  = 0x966 // 2406
+	SYS_INET6_OPT_GET_VAL               = 0x967 // 2407
+	SYS___POW_I                         = 0x987 // 2439
+	SYS___POW_I_B                       = 0x988 // 2440
+	SYS___POW_I_H                       = 0x989 // 2441
+	SYS___POW_II                        = 0x98A // 2442
+	SYS___POW_II_B                      = 0x98B // 2443
+	SYS___POW_II_H                      = 0x98C // 2444
+	SYS_CABS                            = 0x98E // 2446
+	SYS___CABS_B                        = 0x98F // 2447
+	SYS___CABS_H                        = 0x990 // 2448
+	SYS_CABSF                           = 0x991 // 2449
+	SYS___CABSF_B                       = 0x992 // 2450
+	SYS___CABSF_H                       = 0x993 // 2451
+	SYS_CABSL                           = 0x994 // 2452
+	SYS___CABSL_B                       = 0x995 // 2453
+	SYS___CABSL_H                       = 0x996 // 2454
+	SYS_CACOS                           = 0x997 // 2455
+	SYS___CACOS_B                       = 0x998 // 2456
+	SYS___CACOS_H                       = 0x999 // 2457
+	SYS_CACOSF                          = 0x99A // 2458
+	SYS___CACOSF_B                      = 0x99B // 2459
+	SYS___CACOSF_H                      = 0x99C // 2460
+	SYS_CACOSL                          = 0x99D // 2461
+	SYS___CACOSL_B                      = 0x99E // 2462
+	SYS___CACOSL_H                      = 0x99F // 2463
+	SYS_CACOSH                          = 0x9A0 // 2464
+	SYS___CACOSH_B                      = 0x9A1 // 2465
+	SYS___CACOSH_H                      = 0x9A2 // 2466
+	SYS_CACOSHF                         = 0x9A3 // 2467
+	SYS___CACOSHF_B                     = 0x9A4 // 2468
+	SYS___CACOSHF_H                     = 0x9A5 // 2469
+	SYS_CACOSHL                         = 0x9A6 // 2470
+	SYS___CACOSHL_B                     = 0x9A7 // 2471
+	SYS___CACOSHL_H                     = 0x9A8 // 2472
+	SYS_CARG                            = 0x9A9 // 2473
+	SYS___CARG_B                        = 0x9AA // 2474
+	SYS___CARG_H                        = 0x9AB // 2475
+	SYS_CARGF                           = 0x9AC // 2476
+	SYS___CARGF_B                       = 0x9AD // 2477
+	SYS___CARGF_H                       = 0x9AE // 2478
+	SYS_CARGL                           = 0x9AF // 2479
+	SYS___CARGL_B                       = 0x9B0 // 2480
+	SYS___CARGL_H                       = 0x9B1 // 2481
+	SYS_CASIN                           = 0x9B2 // 2482
+	SYS___CASIN_B                       = 0x9B3 // 2483
+	SYS___CASIN_H                       = 0x9B4 // 2484
+	SYS_CASINF                          = 0x9B5 // 2485
+	SYS___CASINF_B                      = 0x9B6 // 2486
+	SYS___CASINF_H                      = 0x9B7 // 2487
+	SYS_CASINL                          = 0x9B8 // 2488
+	SYS___CASINL_B                      = 0x9B9 // 2489
+	SYS___CASINL_H                      = 0x9BA // 2490
+	SYS_CASINH                          = 0x9BB // 2491
+	SYS___CASINH_B                      = 0x9BC // 2492
+	SYS___CASINH_H                      = 0x9BD // 2493
+	SYS_CASINHF                         = 0x9BE // 2494
+	SYS___CASINHF_B                     = 0x9BF // 2495
+	SYS___CASINHF_H                     = 0x9C0 // 2496
+	SYS_CASINHL                         = 0x9C1 // 2497
+	SYS___CASINHL_B                     = 0x9C2 // 2498
+	SYS___CASINHL_H                     = 0x9C3 // 2499
+	SYS_CATAN                           = 0x9C4 // 2500
+	SYS___CATAN_B                       = 0x9C5 // 2501
+	SYS___CATAN_H                       = 0x9C6 // 2502
+	SYS_CATANF                          = 0x9C7 // 2503
+	SYS___CATANF_B                      = 0x9C8 // 2504
+	SYS___CATANF_H                      = 0x9C9 // 2505
+	SYS_CATANL                          = 0x9CA // 2506
+	SYS___CATANL_B                      = 0x9CB // 2507
+	SYS___CATANL_H                      = 0x9CC // 2508
+	SYS_CATANH                          = 0x9CD // 2509
+	SYS___CATANH_B                      = 0x9CE // 2510
+	SYS___CATANH_H                      = 0x9CF // 2511
+	SYS_CATANHF                         = 0x9D0 // 2512
+	SYS___CATANHF_B                     = 0x9D1 // 2513
+	SYS___CATANHF_H                     = 0x9D2 // 2514
+	SYS_CATANHL                         = 0x9D3 // 2515
+	SYS___CATANHL_B                     = 0x9D4 // 2516
+	SYS___CATANHL_H                     = 0x9D5 // 2517
+	SYS_CCOS                            = 0x9D6 // 2518
+	SYS___CCOS_B                        = 0x9D7 // 2519
+	SYS___CCOS_H                        = 0x9D8 // 2520
+	SYS_CCOSF                           = 0x9D9 // 2521
+	SYS___CCOSF_B                       = 0x9DA // 2522
+	SYS___CCOSF_H                       = 0x9DB // 2523
+	SYS_CCOSL                           = 0x9DC // 2524
+	SYS___CCOSL_B                       = 0x9DD // 2525
+	SYS___CCOSL_H                       = 0x9DE // 2526
+	SYS_CCOSH                           = 0x9DF // 2527
+	SYS___CCOSH_B                       = 0x9E0 // 2528
+	SYS___CCOSH_H                       = 0x9E1 // 2529
+	SYS_CCOSHF                          = 0x9E2 // 2530
+	SYS___CCOSHF_B                      = 0x9E3 // 2531
+	SYS___CCOSHF_H                      = 0x9E4 // 2532
+	SYS_CCOSHL                          = 0x9E5 // 2533
+	SYS___CCOSHL_B                      = 0x9E6 // 2534
+	SYS___CCOSHL_H                      = 0x9E7 // 2535
+	SYS_CEXP                            = 0x9E8 // 2536
+	SYS___CEXP_B                        = 0x9E9 // 2537
+	SYS___CEXP_H                        = 0x9EA // 2538
+	SYS_CEXPF                           = 0x9EB // 2539
+	SYS___CEXPF_B                       = 0x9EC // 2540
+	SYS___CEXPF_H                       = 0x9ED // 2541
+	SYS_CEXPL                           = 0x9EE // 2542
+	SYS___CEXPL_B                       = 0x9EF // 2543
+	SYS___CEXPL_H                       = 0x9F0 // 2544
+	SYS_CIMAG                           = 0x9F1 // 2545
+	SYS___CIMAG_B                       = 0x9F2 // 2546
+	SYS___CIMAG_H                       = 0x9F3 // 2547
+	SYS_CIMAGF                          = 0x9F4 // 2548
+	SYS___CIMAGF_B                      = 0x9F5 // 2549
+	SYS___CIMAGF_H                      = 0x9F6 // 2550
+	SYS_CIMAGL                          = 0x9F7 // 2551
+	SYS___CIMAGL_B                      = 0x9F8 // 2552
+	SYS___CIMAGL_H                      = 0x9F9 // 2553
+	SYS___CLOG                          = 0x9FA // 2554
+	SYS___CLOG_B                        = 0x9FB // 2555
+	SYS___CLOG_H                        = 0x9FC // 2556
+	SYS_CLOGF                           = 0x9FD // 2557
+	SYS___CLOGF_B                       = 0x9FE // 2558
+	SYS___CLOGF_H                       = 0x9FF // 2559
+	SYS_CLOGL                           = 0xA00 // 2560
+	SYS___CLOGL_B                       = 0xA01 // 2561
+	SYS___CLOGL_H                       = 0xA02 // 2562
+	SYS_CONJ                            = 0xA03 // 2563
+	SYS___CONJ_B                        = 0xA04 // 2564
+	SYS___CONJ_H                        = 0xA05 // 2565
+	SYS_CONJF                           = 0xA06 // 2566
+	SYS___CONJF_B                       = 0xA07 // 2567
+	SYS___CONJF_H                       = 0xA08 // 2568
+	SYS_CONJL                           = 0xA09 // 2569
+	SYS___CONJL_B                       = 0xA0A // 2570
+	SYS___CONJL_H                       = 0xA0B // 2571
+	SYS_CPOW                            = 0xA0C // 2572
+	SYS___CPOW_B                        = 0xA0D // 2573
+	SYS___CPOW_H                        = 0xA0E // 2574
+	SYS_CPOWF                           = 0xA0F // 2575
+	SYS___CPOWF_B                       = 0xA10 // 2576
+	SYS___CPOWF_H                       = 0xA11 // 2577
+	SYS_CPOWL                           = 0xA12 // 2578
+	SYS___CPOWL_B                       = 0xA13 // 2579
+	SYS___CPOWL_H                       = 0xA14 // 2580
+	SYS_CPROJ                           = 0xA15 // 2581
+	SYS___CPROJ_B                       = 0xA16 // 2582
+	SYS___CPROJ_H                       = 0xA17 // 2583
+	SYS_CPROJF                          = 0xA18 // 2584
+	SYS___CPROJF_B                      = 0xA19 // 2585
+	SYS___CPROJF_H                      = 0xA1A // 2586
+	SYS_CPROJL                          = 0xA1B // 2587
+	SYS___CPROJL_B                      = 0xA1C // 2588
+	SYS___CPROJL_H                      = 0xA1D // 2589
+	SYS_CREAL                           = 0xA1E // 2590
+	SYS___CREAL_B                       = 0xA1F // 2591
+	SYS___CREAL_H                       = 0xA20 // 2592
+	SYS_CREALF                          = 0xA21 // 2593
+	SYS___CREALF_B                      = 0xA22 // 2594
+	SYS___CREALF_H                      = 0xA23 // 2595
+	SYS_CREALL                          = 0xA24 // 2596
+	SYS___CREALL_B                      = 0xA25 // 2597
+	SYS___CREALL_H                      = 0xA26 // 2598
+	SYS_CSIN                            = 0xA27 // 2599
+	SYS___CSIN_B                        = 0xA28 // 2600
+	SYS___CSIN_H                        = 0xA29 // 2601
+	SYS_CSINF                           = 0xA2A // 2602
+	SYS___CSINF_B                       = 0xA2B // 2603
+	SYS___CSINF_H                       = 0xA2C // 2604
+	SYS_CSINL                           = 0xA2D // 2605
+	SYS___CSINL_B                       = 0xA2E // 2606
+	SYS___CSINL_H                       = 0xA2F // 2607
+	SYS_CSINH                           = 0xA30 // 2608
+	SYS___CSINH_B                       = 0xA31 // 2609
+	SYS___CSINH_H                       = 0xA32 // 2610
+	SYS_CSINHF                          = 0xA33 // 2611
+	SYS___CSINHF_B                      = 0xA34 // 2612
+	SYS___CSINHF_H                      = 0xA35 // 2613
+	SYS_CSINHL                          = 0xA36 // 2614
+	SYS___CSINHL_B                      = 0xA37 // 2615
+	SYS___CSINHL_H                      = 0xA38 // 2616
+	SYS_CSQRT                           = 0xA39 // 2617
+	SYS___CSQRT_B                       = 0xA3A // 2618
+	SYS___CSQRT_H                       = 0xA3B // 2619
+	SYS_CSQRTF                          = 0xA3C // 2620
+	SYS___CSQRTF_B                      = 0xA3D // 2621
+	SYS___CSQRTF_H                      = 0xA3E // 2622
+	SYS_CSQRTL                          = 0xA3F // 2623
+	SYS___CSQRTL_B                      = 0xA40 // 2624
+	SYS___CSQRTL_H                      = 0xA41 // 2625
+	SYS_CTAN                            = 0xA42 // 2626
+	SYS___CTAN_B                        = 0xA43 // 2627
+	SYS___CTAN_H                        = 0xA44 // 2628
+	SYS_CTANF                           = 0xA45 // 2629
+	SYS___CTANF_B                       = 0xA46 // 2630
+	SYS___CTANF_H                       = 0xA47 // 2631
+	SYS_CTANL                           = 0xA48 // 2632
+	SYS___CTANL_B                       = 0xA49 // 2633
+	SYS___CTANL_H                       = 0xA4A // 2634
+	SYS_CTANH                           = 0xA4B // 2635
+	SYS___CTANH_B                       = 0xA4C // 2636
+	SYS___CTANH_H                       = 0xA4D // 2637
+	SYS_CTANHF                          = 0xA4E // 2638
+	SYS___CTANHF_B                      = 0xA4F // 2639
+	SYS___CTANHF_H                      = 0xA50 // 2640
+	SYS_CTANHL                          = 0xA51 // 2641
+	SYS___CTANHL_B                      = 0xA52 // 2642
+	SYS___CTANHL_H                      = 0xA53 // 2643
+	SYS___ACOSHF_H                      = 0xA54 // 2644
+	SYS___ACOSHL_H                      = 0xA55 // 2645
+	SYS___ASINHF_H                      = 0xA56 // 2646
+	SYS___ASINHL_H                      = 0xA57 // 2647
+	SYS___CBRTF_H                       = 0xA58 // 2648
+	SYS___CBRTL_H                       = 0xA59 // 2649
+	SYS___COPYSIGN_B                    = 0xA5A // 2650
+	SYS___EXPM1F_H                      = 0xA5B // 2651
+	SYS___EXPM1L_H                      = 0xA5C // 2652
+	SYS___EXP2_H                        = 0xA5D // 2653
+	SYS___EXP2F_H                       = 0xA5E // 2654
+	SYS___EXP2L_H                       = 0xA5F // 2655
+	SYS___LOG1PF_H                      = 0xA60 // 2656
+	SYS___LOG1PL_H                      = 0xA61 // 2657
+	SYS___LGAMMAL_H                     = 0xA62 // 2658
+	SYS_FMA                             = 0xA63 // 2659
+	SYS___FMA_B                         = 0xA64 // 2660
+	SYS___FMA_H                         = 0xA65 // 2661
+	SYS_FMAF                            = 0xA66 // 2662
+	SYS___FMAF_B                        = 0xA67 // 2663
+	SYS___FMAF_H                        = 0xA68 // 2664
+	SYS_FMAL                            = 0xA69 // 2665
+	SYS___FMAL_B                        = 0xA6A // 2666
+	SYS___FMAL_H                        = 0xA6B // 2667
+	SYS_FMAX                            = 0xA6C // 2668
+	SYS___FMAX_B                        = 0xA6D // 2669
+	SYS___FMAX_H                        = 0xA6E // 2670
+	SYS_FMAXF                           = 0xA6F // 2671
+	SYS___FMAXF_B                       = 0xA70 // 2672
+	SYS___FMAXF_H                       = 0xA71 // 2673
+	SYS_FMAXL                           = 0xA72 // 2674
+	SYS___FMAXL_B                       = 0xA73 // 2675
+	SYS___FMAXL_H                       = 0xA74 // 2676
+	SYS_FMIN                            = 0xA75 // 2677
+	SYS___FMIN_B                        = 0xA76 // 2678
+	SYS___FMIN_H                        = 0xA77 // 2679
+	SYS_FMINF                           = 0xA78 // 2680
+	SYS___FMINF_B                       = 0xA79 // 2681
+	SYS___FMINF_H                       = 0xA7A // 2682
+	SYS_FMINL                           = 0xA7B // 2683
+	SYS___FMINL_B                       = 0xA7C // 2684
+	SYS___FMINL_H                       = 0xA7D // 2685
+	SYS_ILOGBF                          = 0xA7E // 2686
+	SYS___ILOGBF_B                      = 0xA7F // 2687
+	SYS___ILOGBF_H                      = 0xA80 // 2688
+	SYS_ILOGBL                          = 0xA81 // 2689
+	SYS___ILOGBL_B                      = 0xA82 // 2690
+	SYS___ILOGBL_H                      = 0xA83 // 2691
+	SYS_LLRINT                          = 0xA84 // 2692
+	SYS___LLRINT_B                      = 0xA85 // 2693
+	SYS___LLRINT_H                      = 0xA86 // 2694
+	SYS_LLRINTF                         = 0xA87 // 2695
+	SYS___LLRINTF_B                     = 0xA88 // 2696
+	SYS___LLRINTF_H                     = 0xA89 // 2697
+	SYS_LLRINTL                         = 0xA8A // 2698
+	SYS___LLRINTL_B                     = 0xA8B // 2699
+	SYS___LLRINTL_H                     = 0xA8C // 2700
+	SYS_LLROUND                         = 0xA8D // 2701
+	SYS___LLROUND_B                     = 0xA8E // 2702
+	SYS___LLROUND_H                     = 0xA8F // 2703
+	SYS_LLROUNDF                        = 0xA90 // 2704
+	SYS___LLROUNDF_B                    = 0xA91 // 2705
+	SYS___LLROUNDF_H                    = 0xA92 // 2706
+	SYS_LLROUNDL                        = 0xA93 // 2707
+	SYS___LLROUNDL_B                    = 0xA94 // 2708
+	SYS___LLROUNDL_H                    = 0xA95 // 2709
+	SYS_LOGBF                           = 0xA96 // 2710
+	SYS___LOGBF_B                       = 0xA97 // 2711
+	SYS___LOGBF_H                       = 0xA98 // 2712
+	SYS_LOGBL                           = 0xA99 // 2713
+	SYS___LOGBL_B                       = 0xA9A // 2714
+	SYS___LOGBL_H                       = 0xA9B // 2715
+	SYS_LRINT                           = 0xA9C // 2716
+	SYS___LRINT_B                       = 0xA9D // 2717
+	SYS___LRINT_H                       = 0xA9E // 2718
+	SYS_LRINTF                          = 0xA9F // 2719
+	SYS___LRINTF_B                      = 0xAA0 // 2720
+	SYS___LRINTF_H                      = 0xAA1 // 2721
+	SYS_LRINTL                          = 0xAA2 // 2722
+	SYS___LRINTL_B                      = 0xAA3 // 2723
+	SYS___LRINTL_H                      = 0xAA4 // 2724
+	SYS_LROUNDL                         = 0xAA5 // 2725
+	SYS___LROUNDL_B                     = 0xAA6 // 2726
+	SYS___LROUNDL_H                     = 0xAA7 // 2727
+	SYS_NAN                             = 0xAA8 // 2728
+	SYS___NAN_B                         = 0xAA9 // 2729
+	SYS_NANF                            = 0xAAA // 2730
+	SYS___NANF_B                        = 0xAAB // 2731
+	SYS_NANL                            = 0xAAC // 2732
+	SYS___NANL_B                        = 0xAAD // 2733
+	SYS_NEARBYINT                       = 0xAAE // 2734
+	SYS___NEARBYINT_B                   = 0xAAF // 2735
+	SYS___NEARBYINT_H                   = 0xAB0 // 2736
+	SYS_NEARBYINTF                      = 0xAB1 // 2737
+	SYS___NEARBYINTF_B                  = 0xAB2 // 2738
+	SYS___NEARBYINTF_H                  = 0xAB3 // 2739
+	SYS_NEARBYINTL                      = 0xAB4 // 2740
+	SYS___NEARBYINTL_B                  = 0xAB5 // 2741
+	SYS___NEARBYINTL_H                  = 0xAB6 // 2742
+	SYS_NEXTAFTERF                      = 0xAB7 // 2743
+	SYS___NEXTAFTERF_B                  = 0xAB8 // 2744
+	SYS___NEXTAFTERF_H                  = 0xAB9 // 2745
+	SYS_NEXTAFTERL                      = 0xABA // 2746
+	SYS___NEXTAFTERL_B                  = 0xABB // 2747
+	SYS___NEXTAFTERL_H                  = 0xABC // 2748
+	SYS_NEXTTOWARD                      = 0xABD // 2749
+	SYS___NEXTTOWARD_B                  = 0xABE // 2750
+	SYS___NEXTTOWARD_H                  = 0xABF // 2751
+	SYS_NEXTTOWARDF                     = 0xAC0 // 2752
+	SYS___NEXTTOWARDF_B                 = 0xAC1 // 2753
+	SYS___NEXTTOWARDF_H                 = 0xAC2 // 2754
+	SYS_NEXTTOWARDL                     = 0xAC3 // 2755
+	SYS___NEXTTOWARDL_B                 = 0xAC4 // 2756
+	SYS___NEXTTOWARDL_H                 = 0xAC5 // 2757
+	SYS___REMAINDERF_H                  = 0xAC6 // 2758
+	SYS___REMAINDERL_H                  = 0xAC7 // 2759
+	SYS___REMQUO_H                      = 0xAC8 // 2760
+	SYS___REMQUOF_H                     = 0xAC9 // 2761
+	SYS___REMQUOL_H                     = 0xACA // 2762
+	SYS_RINTF                           = 0xACB // 2763
+	SYS___RINTF_B                       = 0xACC // 2764
+	SYS_RINTL                           = 0xACD // 2765
+	SYS___RINTL_B                       = 0xACE // 2766
+	SYS_ROUND                           = 0xACF // 2767
+	SYS___ROUND_B                       = 0xAD0 // 2768
+	SYS___ROUND_H                       = 0xAD1 // 2769
+	SYS_ROUNDF                          = 0xAD2 // 2770
+	SYS___ROUNDF_B                      = 0xAD3 // 2771
+	SYS___ROUNDF_H                      = 0xAD4 // 2772
+	SYS_ROUNDL                          = 0xAD5 // 2773
+	SYS___ROUNDL_B                      = 0xAD6 // 2774
+	SYS___ROUNDL_H                      = 0xAD7 // 2775
+	SYS_SCALBLN                         = 0xAD8 // 2776
+	SYS___SCALBLN_B                     = 0xAD9 // 2777
+	SYS___SCALBLN_H                     = 0xADA // 2778
+	SYS_SCALBLNF                        = 0xADB // 2779
+	SYS___SCALBLNF_B                    = 0xADC // 2780
+	SYS___SCALBLNF_H                    = 0xADD // 2781
+	SYS_SCALBLNL                        = 0xADE // 2782
+	SYS___SCALBLNL_B                    = 0xADF // 2783
+	SYS___SCALBLNL_H                    = 0xAE0 // 2784
+	SYS___SCALBN_B                      = 0xAE1 // 2785
+	SYS___SCALBN_H                      = 0xAE2 // 2786
+	SYS_SCALBNF                         = 0xAE3 // 2787
+	SYS___SCALBNF_B                     = 0xAE4 // 2788
+	SYS___SCALBNF_H                     = 0xAE5 // 2789
+	SYS_SCALBNL                         = 0xAE6 // 2790
+	SYS___SCALBNL_B                     = 0xAE7 // 2791
+	SYS___SCALBNL_H                     = 0xAE8 // 2792
+	SYS___TGAMMAL_H                     = 0xAE9 // 2793
+	SYS_FECLEAREXCEPT                   = 0xAEA // 2794
+	SYS_FEGETENV                        = 0xAEB // 2795
+	SYS_FEGETEXCEPTFLAG                 = 0xAEC // 2796
+	SYS_FEGETROUND                      = 0xAED // 2797
+	SYS_FEHOLDEXCEPT                    = 0xAEE // 2798
+	SYS_FERAISEEXCEPT                   = 0xAEF // 2799
+	SYS_FESETENV                        = 0xAF0 // 2800
+	SYS_FESETEXCEPTFLAG                 = 0xAF1 // 2801
+	SYS_FESETROUND                      = 0xAF2 // 2802
+	SYS_FETESTEXCEPT                    = 0xAF3 // 2803
+	SYS_FEUPDATEENV                     = 0xAF4 // 2804
+	SYS___COPYSIGN_H                    = 0xAF5 // 2805
+	SYS___HYPOTF_H                      = 0xAF6 // 2806
+	SYS___HYPOTL_H                      = 0xAF7 // 2807
+	SYS___CLASS                         = 0xAFA // 2810
+	SYS___CLASS_B                       = 0xAFB // 2811
+	SYS___CLASS_H                       = 0xAFC // 2812
+	SYS___ISBLANK_A                     = 0xB2E // 2862
+	SYS___ISWBLANK_A                    = 0xB2F // 2863
+	SYS___LROUND_FIXUP                  = 0xB30 // 2864
+	SYS___LROUNDF_FIXUP                 = 0xB31 // 2865
+	SYS_SCHED_YIELD                     = 0xB32 // 2866
+	SYS_STRERROR_R                      = 0xB33 // 2867
+	SYS_UNSETENV                        = 0xB34 // 2868
+	SYS___LGAMMA_H_C99                  = 0xB38 // 2872
+	SYS___LGAMMA_B_C99                  = 0xB39 // 2873
+	SYS___LGAMMA_R_C99                  = 0xB3A // 2874
+	SYS___FTELL2                        = 0xB3B // 2875
+	SYS___FSEEK2                        = 0xB3C // 2876
+	SYS___STATIC_REINIT                 = 0xB3D // 2877
+	SYS_PTHREAD_ATTR_GETSTACK           = 0xB3E // 2878
+	SYS_PTHREAD_ATTR_SETSTACK           = 0xB3F // 2879
+	SYS___TGAMMA_H_C99                  = 0xB78 // 2936
+	SYS___TGAMMAF_H_C99                 = 0xB79 // 2937
+	SYS___LE_TRACEBACK                  = 0xB7A // 2938
+	SYS___MUST_STAY_CLEAN               = 0xB7C // 2940
+	SYS___O_ENV                         = 0xB7D // 2941
+	SYS_ACOSD32                         = 0xB7E // 2942
+	SYS_ACOSD64                         = 0xB7F // 2943
+	SYS_ACOSD128                        = 0xB80 // 2944
+	SYS_ACOSHD32                        = 0xB81 // 2945
+	SYS_ACOSHD64                        = 0xB82 // 2946
+	SYS_ACOSHD128                       = 0xB83 // 2947
+	SYS_ASIND32                         = 0xB84 // 2948
+	SYS_ASIND64                         = 0xB85 // 2949
+	SYS_ASIND128                        = 0xB86 // 2950
+	SYS_ASINHD32                        = 0xB87 // 2951
+	SYS_ASINHD64                        = 0xB88 // 2952
+	SYS_ASINHD128                       = 0xB89 // 2953
+	SYS_ATAND32                         = 0xB8A // 2954
+	SYS_ATAND64                         = 0xB8B // 2955
+	SYS_ATAND128                        = 0xB8C // 2956
+	SYS_ATAN2D32                        = 0xB8D // 2957
+	SYS_ATAN2D64                        = 0xB8E // 2958
+	SYS_ATAN2D128                       = 0xB8F // 2959
+	SYS_ATANHD32                        = 0xB90 // 2960
+	SYS_ATANHD64                        = 0xB91 // 2961
+	SYS_ATANHD128                       = 0xB92 // 2962
+	SYS_CBRTD32                         = 0xB93 // 2963
+	SYS_CBRTD64                         = 0xB94 // 2964
+	SYS_CBRTD128                        = 0xB95 // 2965
+	SYS_CEILD32                         = 0xB96 // 2966
+	SYS_CEILD64                         = 0xB97 // 2967
+	SYS_CEILD128                        = 0xB98 // 2968
+	SYS___CLASS2                        = 0xB99 // 2969
+	SYS___CLASS2_B                      = 0xB9A // 2970
+	SYS___CLASS2_H                      = 0xB9B // 2971
+	SYS_COPYSIGND32                     = 0xB9C // 2972
+	SYS_COPYSIGND64                     = 0xB9D // 2973
+	SYS_COPYSIGND128                    = 0xB9E // 2974
+	SYS_COSD32                          = 0xB9F // 2975
+	SYS_COSD64                          = 0xBA0 // 2976
+	SYS_COSD128                         = 0xBA1 // 2977
+	SYS_COSHD32                         = 0xBA2 // 2978
+	SYS_COSHD64                         = 0xBA3 // 2979
+	SYS_COSHD128                        = 0xBA4 // 2980
+	SYS_ERFD32                          = 0xBA5 // 2981
+	SYS_ERFD64                          = 0xBA6 // 2982
+	SYS_ERFD128                         = 0xBA7 // 2983
+	SYS_ERFCD32                         = 0xBA8 // 2984
+	SYS_ERFCD64                         = 0xBA9 // 2985
+	SYS_ERFCD128                        = 0xBAA // 2986
+	SYS_EXPD32                          = 0xBAB // 2987
+	SYS_EXPD64                          = 0xBAC // 2988
+	SYS_EXPD128                         = 0xBAD // 2989
+	SYS_EXP2D32                         = 0xBAE // 2990
+	SYS_EXP2D64                         = 0xBAF // 2991
+	SYS_EXP2D128                        = 0xBB0 // 2992
+	SYS_EXPM1D32                        = 0xBB1 // 2993
+	SYS_EXPM1D64                        = 0xBB2 // 2994
+	SYS_EXPM1D128                       = 0xBB3 // 2995
+	SYS_FABSD32                         = 0xBB4 // 2996
+	SYS_FABSD64                         = 0xBB5 // 2997
+	SYS_FABSD128                        = 0xBB6 // 2998
+	SYS_FDIMD32                         = 0xBB7 // 2999
+	SYS_FDIMD64                         = 0xBB8 // 3000
+	SYS_FDIMD128                        = 0xBB9 // 3001
+	SYS_FE_DEC_GETROUND                 = 0xBBA // 3002
+	SYS_FE_DEC_SETROUND                 = 0xBBB // 3003
+	SYS_FLOORD32                        = 0xBBC // 3004
+	SYS_FLOORD64                        = 0xBBD // 3005
+	SYS_FLOORD128                       = 0xBBE // 3006
+	SYS_FMAD32                          = 0xBBF // 3007
+	SYS_FMAD64                          = 0xBC0 // 3008
+	SYS_FMAD128                         = 0xBC1 // 3009
+	SYS_FMAXD32                         = 0xBC2 // 3010
+	SYS_FMAXD64                         = 0xBC3 // 3011
+	SYS_FMAXD128                        = 0xBC4 // 3012
+	SYS_FMIND32                         = 0xBC5 // 3013
+	SYS_FMIND64                         = 0xBC6 // 3014
+	SYS_FMIND128                        = 0xBC7 // 3015
+	SYS_FMODD32                         = 0xBC8 // 3016
+	SYS_FMODD64                         = 0xBC9 // 3017
+	SYS_FMODD128                        = 0xBCA // 3018
+	SYS___FP_CAST_D                     = 0xBCB // 3019
+	SYS_FREXPD32                        = 0xBCC // 3020
+	SYS_FREXPD64                        = 0xBCD // 3021
+	SYS_FREXPD128                       = 0xBCE // 3022
+	SYS_HYPOTD32                        = 0xBCF // 3023
+	SYS_HYPOTD64                        = 0xBD0 // 3024
+	SYS_HYPOTD128                       = 0xBD1 // 3025
+	SYS_ILOGBD32                        = 0xBD2 // 3026
+	SYS_ILOGBD64                        = 0xBD3 // 3027
+	SYS_ILOGBD128                       = 0xBD4 // 3028
+	SYS_LDEXPD32                        = 0xBD5 // 3029
+	SYS_LDEXPD64                        = 0xBD6 // 3030
+	SYS_LDEXPD128                       = 0xBD7 // 3031
+	SYS_LGAMMAD32                       = 0xBD8 // 3032
+	SYS_LGAMMAD64                       = 0xBD9 // 3033
+	SYS_LGAMMAD128                      = 0xBDA // 3034
+	SYS_LLRINTD32                       = 0xBDB // 3035
+	SYS_LLRINTD64                       = 0xBDC // 3036
+	SYS_LLRINTD128                      = 0xBDD // 3037
+	SYS_LLROUNDD32                      = 0xBDE // 3038
+	SYS_LLROUNDD64                      = 0xBDF // 3039
+	SYS_LLROUNDD128                     = 0xBE0 // 3040
+	SYS_LOGD32                          = 0xBE1 // 3041
+	SYS_LOGD64                          = 0xBE2 // 3042
+	SYS_LOGD128                         = 0xBE3 // 3043
+	SYS_LOG10D32                        = 0xBE4 // 3044
+	SYS_LOG10D64                        = 0xBE5 // 3045
+	SYS_LOG10D128                       = 0xBE6 // 3046
+	SYS_LOG1PD32                        = 0xBE7 // 3047
+	SYS_LOG1PD64                        = 0xBE8 // 3048
+	SYS_LOG1PD128                       = 0xBE9 // 3049
+	SYS_LOG2D32                         = 0xBEA // 3050
+	SYS_LOG2D64                         = 0xBEB // 3051
+	SYS_LOG2D128                        = 0xBEC // 3052
+	SYS_LOGBD32                         = 0xBED // 3053
+	SYS_LOGBD64                         = 0xBEE // 3054
+	SYS_LOGBD128                        = 0xBEF // 3055
+	SYS_LRINTD32                        = 0xBF0 // 3056
+	SYS_LRINTD64                        = 0xBF1 // 3057
+	SYS_LRINTD128                       = 0xBF2 // 3058
+	SYS_LROUNDD32                       = 0xBF3 // 3059
+	SYS_LROUNDD64                       = 0xBF4 // 3060
+	SYS_LROUNDD128                      = 0xBF5 // 3061
+	SYS_MODFD32                         = 0xBF6 // 3062
+	SYS_MODFD64                         = 0xBF7 // 3063
+	SYS_MODFD128                        = 0xBF8 // 3064
+	SYS_NAND32                          = 0xBF9 // 3065
+	SYS_NAND64                          = 0xBFA // 3066
+	SYS_NAND128                         = 0xBFB // 3067
+	SYS_NEARBYINTD32                    = 0xBFC // 3068
+	SYS_NEARBYINTD64                    = 0xBFD // 3069
+	SYS_NEARBYINTD128                   = 0xBFE // 3070
+	SYS_NEXTAFTERD32                    = 0xBFF // 3071
+	SYS_NEXTAFTERD64                    = 0xC00 // 3072
+	SYS_NEXTAFTERD128                   = 0xC01 // 3073
+	SYS_NEXTTOWARDD32                   = 0xC02 // 3074
+	SYS_NEXTTOWARDD64                   = 0xC03 // 3075
+	SYS_NEXTTOWARDD128                  = 0xC04 // 3076
+	SYS_POWD32                          = 0xC05 // 3077
+	SYS_POWD64                          = 0xC06 // 3078
+	SYS_POWD128                         = 0xC07 // 3079
+	SYS_QUANTIZED32                     = 0xC08 // 3080
+	SYS_QUANTIZED64                     = 0xC09 // 3081
+	SYS_QUANTIZED128                    = 0xC0A // 3082
+	SYS_REMAINDERD32                    = 0xC0B // 3083
+	SYS_REMAINDERD64                    = 0xC0C // 3084
+	SYS_REMAINDERD128                   = 0xC0D // 3085
+	SYS___REMQUOD32                     = 0xC0E // 3086
+	SYS___REMQUOD64                     = 0xC0F // 3087
+	SYS___REMQUOD128                    = 0xC10 // 3088
+	SYS_RINTD32                         = 0xC11 // 3089
+	SYS_RINTD64                         = 0xC12 // 3090
+	SYS_RINTD128                        = 0xC13 // 3091
+	SYS_ROUNDD32                        = 0xC14 // 3092
+	SYS_ROUNDD64                        = 0xC15 // 3093
+	SYS_ROUNDD128                       = 0xC16 // 3094
+	SYS_SAMEQUANTUMD32                  = 0xC17 // 3095
+	SYS_SAMEQUANTUMD64                  = 0xC18 // 3096
+	SYS_SAMEQUANTUMD128                 = 0xC19 // 3097
+	SYS_SCALBLND32                      = 0xC1A // 3098
+	SYS_SCALBLND64                      = 0xC1B // 3099
+	SYS_SCALBLND128                     = 0xC1C // 3100
+	SYS_SCALBND32                       = 0xC1D // 3101
+	SYS_SCALBND64                       = 0xC1E // 3102
+	SYS_SCALBND128                      = 0xC1F // 3103
+	SYS_SIND32                          = 0xC20 // 3104
+	SYS_SIND64                          = 0xC21 // 3105
+	SYS_SIND128                         = 0xC22 // 3106
+	SYS_SINHD32                         = 0xC23 // 3107
+	SYS_SINHD64                         = 0xC24 // 3108
+	SYS_SINHD128                        = 0xC25 // 3109
+	SYS_SQRTD32                         = 0xC26 // 3110
+	SYS_SQRTD64                         = 0xC27 // 3111
+	SYS_SQRTD128                        = 0xC28 // 3112
+	SYS_STRTOD32                        = 0xC29 // 3113
+	SYS_STRTOD64                        = 0xC2A // 3114
+	SYS_STRTOD128                       = 0xC2B // 3115
+	SYS_TAND32                          = 0xC2C // 3116
+	SYS_TAND64                          = 0xC2D // 3117
+	SYS_TAND128                         = 0xC2E // 3118
+	SYS_TANHD32                         = 0xC2F // 3119
+	SYS_TANHD64                         = 0xC30 // 3120
+	SYS_TANHD128                        = 0xC31 // 3121
+	SYS_TGAMMAD32                       = 0xC32 // 3122
+	SYS_TGAMMAD64                       = 0xC33 // 3123
+	SYS_TGAMMAD128                      = 0xC34 // 3124
+	SYS_TRUNCD32                        = 0xC3E // 3134
+	SYS_TRUNCD64                        = 0xC3F // 3135
+	SYS_TRUNCD128                       = 0xC40 // 3136
+	SYS_WCSTOD32                        = 0xC41 // 3137
+	SYS_WCSTOD64                        = 0xC42 // 3138
+	SYS_WCSTOD128                       = 0xC43 // 3139
+	SYS___CODEPAGE_INFO                 = 0xC64 // 3172
+	SYS_POSIX_OPENPT                    = 0xC66 // 3174
+	SYS_PSELECT                         = 0xC67 // 3175
+	SYS_SOCKATMARK                      = 0xC68 // 3176
+	SYS_AIO_FSYNC                       = 0xC69 // 3177
+	SYS_LIO_LISTIO                      = 0xC6A // 3178
+	SYS___ATANPID32                     = 0xC6B // 3179
+	SYS___ATANPID64                     = 0xC6C // 3180
+	SYS___ATANPID128                    = 0xC6D // 3181
+	SYS___COSPID32                      = 0xC6E // 3182
+	SYS___COSPID64                      = 0xC6F // 3183
+	SYS___COSPID128                     = 0xC70 // 3184
+	SYS___SINPID32                      = 0xC71 // 3185
+	SYS___SINPID64                      = 0xC72 // 3186
+	SYS___SINPID128                     = 0xC73 // 3187
+	SYS_SETIPV4SOURCEFILTER             = 0xC76 // 3190
+	SYS_GETIPV4SOURCEFILTER             = 0xC77 // 3191
+	SYS_SETSOURCEFILTER                 = 0xC78 // 3192
+	SYS_GETSOURCEFILTER                 = 0xC79 // 3193
+	SYS_FWRITE_UNLOCKED                 = 0xC7A // 3194
+	SYS_FREAD_UNLOCKED                  = 0xC7B // 3195
+	SYS_FGETS_UNLOCKED                  = 0xC7C // 3196
+	SYS_GETS_UNLOCKED                   = 0xC7D // 3197
+	SYS_FPUTS_UNLOCKED                  = 0xC7E // 3198
+	SYS_PUTS_UNLOCKED                   = 0xC7F // 3199
+	SYS_FGETC_UNLOCKED                  = 0xC80 // 3200
+	SYS_FPUTC_UNLOCKED                  = 0xC81 // 3201
+	SYS_DLADDR                          = 0xC82 // 3202
+	SYS_SHM_OPEN                        = 0xC8C // 3212
+	SYS_SHM_UNLINK                      = 0xC8D // 3213
+	SYS___CLASS2F                       = 0xC91 // 3217
+	SYS___CLASS2L                       = 0xC92 // 3218
+	SYS___CLASS2F_B                     = 0xC93 // 3219
+	SYS___CLASS2F_H                     = 0xC94 // 3220
+	SYS___CLASS2L_B                     = 0xC95 // 3221
+	SYS___CLASS2L_H                     = 0xC96 // 3222
+	SYS___CLASS2D32                     = 0xC97 // 3223
+	SYS___CLASS2D64                     = 0xC98 // 3224
+	SYS___CLASS2D128                    = 0xC99 // 3225
+	SYS___TOCSNAME2                     = 0xC9A // 3226
+	SYS___D1TOP                         = 0xC9B // 3227
+	SYS___D2TOP                         = 0xC9C // 3228
+	SYS___D4TOP                         = 0xC9D // 3229
+	SYS___PTOD1                         = 0xC9E // 3230
+	SYS___PTOD2                         = 0xC9F // 3231
+	SYS___PTOD4                         = 0xCA0 // 3232
+	SYS_CLEARERR_UNLOCKED               = 0xCA1 // 3233
+	SYS_FDELREC_UNLOCKED                = 0xCA2 // 3234
+	SYS_FEOF_UNLOCKED                   = 0xCA3 // 3235
+	SYS_FERROR_UNLOCKED                 = 0xCA4 // 3236
+	SYS_FFLUSH_UNLOCKED                 = 0xCA5 // 3237
+	SYS_FGETPOS_UNLOCKED                = 0xCA6 // 3238
+	SYS_FGETWC_UNLOCKED                 = 0xCA7 // 3239
+	SYS_FGETWS_UNLOCKED                 = 0xCA8 // 3240
+	SYS_FILENO_UNLOCKED                 = 0xCA9 // 3241
+	SYS_FLDATA_UNLOCKED                 = 0xCAA // 3242
+	SYS_FLOCATE_UNLOCKED                = 0xCAB // 3243
+	SYS_FPRINTF_UNLOCKED                = 0xCAC // 3244
+	SYS_FPUTWC_UNLOCKED                 = 0xCAD // 3245
+	SYS_FPUTWS_UNLOCKED                 = 0xCAE // 3246
+	SYS_FSCANF_UNLOCKED                 = 0xCAF // 3247
+	SYS_FSEEK_UNLOCKED                  = 0xCB0 // 3248
+	SYS_FSEEKO_UNLOCKED                 = 0xCB1 // 3249
+	SYS_FSETPOS_UNLOCKED                = 0xCB3 // 3251
+	SYS_FTELL_UNLOCKED                  = 0xCB4 // 3252
+	SYS_FTELLO_UNLOCKED                 = 0xCB5 // 3253
+	SYS_FUPDATE_UNLOCKED                = 0xCB7 // 3255
+	SYS_FWIDE_UNLOCKED                  = 0xCB8 // 3256
+	SYS_FWPRINTF_UNLOCKED               = 0xCB9 // 3257
+	SYS_FWSCANF_UNLOCKED                = 0xCBA // 3258
+	SYS_GETWC_UNLOCKED                  = 0xCBB // 3259
+	SYS_GETWCHAR_UNLOCKED               = 0xCBC // 3260
+	SYS_PERROR_UNLOCKED                 = 0xCBD // 3261
+	SYS_PRINTF_UNLOCKED                 = 0xCBE // 3262
+	SYS_PUTWC_UNLOCKED                  = 0xCBF // 3263
+	SYS_PUTWCHAR_UNLOCKED               = 0xCC0 // 3264
+	SYS_REWIND_UNLOCKED                 = 0xCC1 // 3265
+	SYS_SCANF_UNLOCKED                  = 0xCC2 // 3266
+	SYS_UNGETC_UNLOCKED                 = 0xCC3 // 3267
+	SYS_UNGETWC_UNLOCKED                = 0xCC4 // 3268
+	SYS_VFPRINTF_UNLOCKED               = 0xCC5 // 3269
+	SYS_VFSCANF_UNLOCKED                = 0xCC7 // 3271
+	SYS_VFWPRINTF_UNLOCKED              = 0xCC9 // 3273
+	SYS_VFWSCANF_UNLOCKED               = 0xCCB // 3275
+	SYS_VPRINTF_UNLOCKED                = 0xCCD // 3277
+	SYS_VSCANF_UNLOCKED                 = 0xCCF // 3279
+	SYS_VWPRINTF_UNLOCKED               = 0xCD1 // 3281
+	SYS_VWSCANF_UNLOCKED                = 0xCD3 // 3283
+	SYS_WPRINTF_UNLOCKED                = 0xCD5 // 3285
+	SYS_WSCANF_UNLOCKED                 = 0xCD6 // 3286
+	SYS_ASCTIME64                       = 0xCD7 // 3287
+	SYS_ASCTIME64_R                     = 0xCD8 // 3288
+	SYS_CTIME64                         = 0xCD9 // 3289
+	SYS_CTIME64_R                       = 0xCDA // 3290
+	SYS_DIFFTIME64                      = 0xCDB // 3291
+	SYS_GMTIME64                        = 0xCDC // 3292
+	SYS_GMTIME64_R                      = 0xCDD // 3293
+	SYS_LOCALTIME64                     = 0xCDE // 3294
+	SYS_LOCALTIME64_R                   = 0xCDF // 3295
+	SYS_MKTIME64                        = 0xCE0 // 3296
+	SYS_TIME64                          = 0xCE1 // 3297
+	SYS___LOGIN_APPLID                  = 0xCE2 // 3298
+	SYS___PASSWD_APPLID                 = 0xCE3 // 3299
+	SYS_PTHREAD_SECURITY_APPLID_NP      = 0xCE4 // 3300
+	SYS___GETTHENT                      = 0xCE5 // 3301
+	SYS_FREEIFADDRS                     = 0xCE6 // 3302
+	SYS_GETIFADDRS                      = 0xCE7 // 3303
+	SYS_POSIX_FALLOCATE                 = 0xCE8 // 3304
+	SYS_POSIX_MEMALIGN                  = 0xCE9 // 3305
+	SYS_SIZEOF_ALLOC                    = 0xCEA // 3306
+	SYS_RESIZE_ALLOC                    = 0xCEB // 3307
+	SYS_FREAD_NOUPDATE                  = 0xCEC // 3308
+	SYS_FREAD_NOUPDATE_UNLOCKED         = 0xCED // 3309
+	SYS_FGETPOS64                       = 0xCEE // 3310
+	SYS_FSEEK64                         = 0xCEF // 3311
+	SYS_FSEEKO64                        = 0xCF0 // 3312
+	SYS_FSETPOS64                       = 0xCF1 // 3313
+	SYS_FTELL64                         = 0xCF2 // 3314
+	SYS_FTELLO64                        = 0xCF3 // 3315
+	SYS_FGETPOS64_UNLOCKED              = 0xCF4 // 3316
+	SYS_FSEEK64_UNLOCKED                = 0xCF5 // 3317
+	SYS_FSEEKO64_UNLOCKED               = 0xCF6 // 3318
+	SYS_FSETPOS64_UNLOCKED              = 0xCF7 // 3319
+	SYS_FTELL64_UNLOCKED                = 0xCF8 // 3320
+	SYS_FTELLO64_UNLOCKED               = 0xCF9 // 3321
+	SYS_FOPEN_UNLOCKED                  = 0xCFA // 3322
+	SYS_FREOPEN_UNLOCKED                = 0xCFB // 3323
+	SYS_FDOPEN_UNLOCKED                 = 0xCFC // 3324
+	SYS_TMPFILE_UNLOCKED                = 0xCFD // 3325
+	SYS___MOSERVICES                    = 0xD3D // 3389
+	SYS___GETTOD                        = 0xD3E // 3390
+	SYS_C16RTOMB                        = 0xD40 // 3392
+	SYS_C32RTOMB                        = 0xD41 // 3393
+	SYS_MBRTOC16                        = 0xD42 // 3394
+	SYS_MBRTOC32                        = 0xD43 // 3395
+	SYS_QUANTEXPD32                     = 0xD44 // 3396
+	SYS_QUANTEXPD64                     = 0xD45 // 3397
+	SYS_QUANTEXPD128                    = 0xD46 // 3398
+	SYS___LOCALE_CTL                    = 0xD47 // 3399
+	SYS___SMF_RECORD2                   = 0xD48 // 3400
+	SYS_FOPEN64                         = 0xD49 // 3401
+	SYS_FOPEN64_UNLOCKED                = 0xD4A // 3402
+	SYS_FREOPEN64                       = 0xD4B // 3403
+	SYS_FREOPEN64_UNLOCKED              = 0xD4C // 3404
+	SYS_TMPFILE64                       = 0xD4D // 3405
+	SYS_TMPFILE64_UNLOCKED              = 0xD4E // 3406
+	SYS_GETDATE64                       = 0xD4F // 3407
+	SYS_GETTIMEOFDAY64                  = 0xD50 // 3408
+	SYS_BIND2ADDRSEL                    = 0xD59 // 3417
+	SYS_INET6_IS_SRCADDR                = 0xD5A // 3418
+	SYS___GETGRGID1                     = 0xD5B // 3419
+	SYS___GETGRNAM1                     = 0xD5C // 3420
+	SYS___FBUFSIZE                      = 0xD60 // 3424
+	SYS___FPENDING                      = 0xD61 // 3425
+	SYS___FLBF                          = 0xD62 // 3426
+	SYS___FREADABLE                     = 0xD63 // 3427
+	SYS___FWRITABLE                     = 0xD64 // 3428
+	SYS___FREADING                      = 0xD65 // 3429
+	SYS___FWRITING                      = 0xD66 // 3430
+	SYS___FSETLOCKING                   = 0xD67 // 3431
+	SYS__FLUSHLBF                       = 0xD68 // 3432
+	SYS___FPURGE                        = 0xD69 // 3433
+	SYS___FREADAHEAD                    = 0xD6A // 3434
+	SYS___FSETERR                       = 0xD6B // 3435
+	SYS___FPENDING_UNLOCKED             = 0xD6C // 3436
+	SYS___FREADING_UNLOCKED             = 0xD6D // 3437
+	SYS___FWRITING_UNLOCKED             = 0xD6E // 3438
+	SYS__FLUSHLBF_UNLOCKED              = 0xD6F // 3439
+	SYS___FPURGE_UNLOCKED               = 0xD70 // 3440
+	SYS___FREADAHEAD_UNLOCKED           = 0xD71 // 3441
+	SYS___LE_CEEGTJS                    = 0xD72 // 3442
+	SYS___LE_RECORD_DUMP                = 0xD73 // 3443
+	SYS_FSTAT64                         = 0xD74 // 3444
+	SYS_LSTAT64                         = 0xD75 // 3445
+	SYS_STAT64                          = 0xD76 // 3446
+	SYS___READDIR2_64                   = 0xD77 // 3447
+	SYS___OPEN_STAT64                   = 0xD78 // 3448
+	SYS_FTW64                           = 0xD79 // 3449
+	SYS_NFTW64                          = 0xD7A // 3450
+	SYS_UTIME64                         = 0xD7B // 3451
+	SYS_UTIMES64                        = 0xD7C // 3452
+	SYS___GETIPC64                      = 0xD7D // 3453
+	SYS_MSGCTL64                        = 0xD7E // 3454
+	SYS_SEMCTL64                        = 0xD7F // 3455
+	SYS_SHMCTL64                        = 0xD80 // 3456
+	SYS_MSGXRCV64                       = 0xD81 // 3457
+	SYS___MGXR64                        = 0xD81 // 3457
+	SYS_W_GETPSENT64                    = 0xD82 // 3458
+	SYS_PTHREAD_COND_TIMEDWAIT64        = 0xD83 // 3459
+	SYS_FTIME64                         = 0xD85 // 3461
+	SYS_GETUTXENT64                     = 0xD86 // 3462
+	SYS_GETUTXID64                      = 0xD87 // 3463
+	SYS_GETUTXLINE64                    = 0xD88 // 3464
+	SYS_PUTUTXLINE64                    = 0xD89 // 3465
+	SYS_NEWLOCALE                       = 0xD8A // 3466
+	SYS_FREELOCALE                      = 0xD8B // 3467
+	SYS_USELOCALE                       = 0xD8C // 3468
+	SYS_DUPLOCALE                       = 0xD8D // 3469
+	SYS___CHATTR64                      = 0xD9C // 3484
+	SYS___LCHATTR64                     = 0xD9D // 3485
+	SYS___FCHATTR64                     = 0xD9E // 3486
+	SYS_____CHATTR64_A                  = 0xD9F // 3487
+	SYS_____LCHATTR64_A                 = 0xDA0 // 3488
+	SYS___LE_CEEUSGD                    = 0xDA1 // 3489
+	SYS___LE_IFAM_CON                   = 0xDA2 // 3490
+	SYS___LE_IFAM_DSC                   = 0xDA3 // 3491
+	SYS___LE_IFAM_GET                   = 0xDA4 // 3492
+	SYS___LE_IFAM_QRY                   = 0xDA5 // 3493
+	SYS_ALIGNED_ALLOC                   = 0xDA6 // 3494
+	SYS_ACCEPT4                         = 0xDA7 // 3495
+	SYS___ACCEPT4_A                     = 0xDA8 // 3496
+	SYS_COPYFILERANGE                   = 0xDA9 // 3497
+	SYS_GETLINE                         = 0xDAA // 3498
+	SYS___GETLINE_A                     = 0xDAB // 3499
+	SYS_DIRFD                           = 0xDAC // 3500
+	SYS_CLOCK_GETTIME                   = 0xDAD // 3501
+	SYS_DUP3                            = 0xDAE // 3502
+	SYS_EPOLL_CREATE                    = 0xDAF // 3503
+	SYS_EPOLL_CREATE1                   = 0xDB0 // 3504
+	SYS_EPOLL_CTL                       = 0xDB1 // 3505
+	SYS_EPOLL_WAIT                      = 0xDB2 // 3506
+	SYS_EPOLL_PWAIT                     = 0xDB3 // 3507
+	SYS_EVENTFD                         = 0xDB4 // 3508
+	SYS_STATFS                          = 0xDB5 // 3509
+	SYS___STATFS_A                      = 0xDB6 // 3510
+	SYS_FSTATFS                         = 0xDB7 // 3511
+	SYS_INOTIFY_INIT                    = 0xDB8 // 3512
+	SYS_INOTIFY_INIT1                   = 0xDB9 // 3513
+	SYS_INOTIFY_ADD_WATCH               = 0xDBA // 3514
+	SYS___INOTIFY_ADD_WATCH_A           = 0xDBB // 3515
+	SYS_INOTIFY_RM_WATCH                = 0xDBC // 3516
+	SYS_PIPE2                           = 0xDBD // 3517
+	SYS_PIVOT_ROOT                      = 0xDBE // 3518
+	SYS___PIVOT_ROOT_A                  = 0xDBF // 3519
+	SYS_PRCTL                           = 0xDC0 // 3520
+	SYS_PRLIMIT                         = 0xDC1 // 3521
+	SYS_SETHOSTNAME                     = 0xDC2 // 3522
+	SYS___SETHOSTNAME_A                 = 0xDC3 // 3523
+	SYS_SETRESUID                       = 0xDC4 // 3524
+	SYS_SETRESGID                       = 0xDC5 // 3525
+	SYS_PTHREAD_CONDATTR_GETCLOCK       = 0xDC6 // 3526
+	SYS_FLOCK                           = 0xDC7 // 3527
+	SYS_FGETXATTR                       = 0xDC8 // 3528
+	SYS___FGETXATTR_A                   = 0xDC9 // 3529
+	SYS_FLISTXATTR                      = 0xDCA // 3530
+	SYS___FLISTXATTR_A                  = 0xDCB // 3531
+	SYS_FREMOVEXATTR                    = 0xDCC // 3532
+	SYS___FREMOVEXATTR_A                = 0xDCD // 3533
+	SYS_FSETXATTR                       = 0xDCE // 3534
+	SYS___FSETXATTR_A                   = 0xDCF // 3535
+	SYS_GETXATTR                        = 0xDD0 // 3536
+	SYS___GETXATTR_A                    = 0xDD1 // 3537
+	SYS_LGETXATTR                       = 0xDD2 // 3538
+	SYS___LGETXATTR_A                   = 0xDD3 // 3539
+	SYS_LISTXATTR                       = 0xDD4 // 3540
+	SYS___LISTXATTR_A                   = 0xDD5 // 3541
+	SYS_LLISTXATTR                      = 0xDD6 // 3542
+	SYS___LLISTXATTR_A                  = 0xDD7 // 3543
+	SYS_LREMOVEXATTR                    = 0xDD8 // 3544
+	SYS___LREMOVEXATTR_A                = 0xDD9 // 3545
+	SYS_LSETXATTR                       = 0xDDA // 3546
+	SYS___LSETXATTR_A                   = 0xDDB // 3547
+	SYS_REMOVEXATTR                     = 0xDDC // 3548
+	SYS___REMOVEXATTR_A                 = 0xDDD // 3549
+	SYS_SETXATTR                        = 0xDDE // 3550
+	SYS___SETXATTR_A                    = 0xDDF // 3551
+	SYS_FDATASYNC                       = 0xDE0 // 3552
+	SYS_SYNCFS                          = 0xDE1 // 3553
+	SYS_FUTIMES                         = 0xDE2 // 3554
+	SYS_FUTIMESAT                       = 0xDE3 // 3555
+	SYS___FUTIMESAT_A                   = 0xDE4 // 3556
+	SYS_LUTIMES                         = 0xDE5 // 3557
+	SYS___LUTIMES_A                     = 0xDE6 // 3558
+	SYS_INET_ATON                       = 0xDE7 // 3559
+	SYS_GETRANDOM                       = 0xDE8 // 3560
+	SYS_GETTID                          = 0xDE9 // 3561
+	SYS_MEMFD_CREATE                    = 0xDEA // 3562
+	SYS___MEMFD_CREATE_A                = 0xDEB // 3563
+	SYS_FACCESSAT                       = 0xDEC // 3564
+	SYS___FACCESSAT_A                   = 0xDED // 3565
+	SYS_FCHMODAT                        = 0xDEE // 3566
+	SYS___FCHMODAT_A                    = 0xDEF // 3567
+	SYS_FCHOWNAT                        = 0xDF0 // 3568
+	SYS___FCHOWNAT_A                    = 0xDF1 // 3569
+	SYS_FSTATAT                         = 0xDF2 // 3570
+	SYS___FSTATAT_A                     = 0xDF3 // 3571
+	SYS_LINKAT                          = 0xDF4 // 3572
+	SYS___LINKAT_A                      = 0xDF5 // 3573
+	SYS_MKDIRAT                         = 0xDF6 // 3574
+	SYS___MKDIRAT_A                     = 0xDF7 // 3575
+	SYS_MKFIFOAT                        = 0xDF8 // 3576
+	SYS___MKFIFOAT_A                    = 0xDF9 // 3577
+	SYS_MKNODAT                         = 0xDFA // 3578
+	SYS___MKNODAT_A                     = 0xDFB // 3579
+	SYS_OPENAT                          = 0xDFC // 3580
+	SYS___OPENAT_A                      = 0xDFD // 3581
+	SYS_READLINKAT                      = 0xDFE // 3582
+	SYS___READLINKAT_A                  = 0xDFF // 3583
+	SYS_RENAMEAT                        = 0xE00 // 3584
+	SYS___RENAMEAT_A                    = 0xE01 // 3585
+	SYS_RENAMEAT2                       = 0xE02 // 3586
+	SYS___RENAMEAT2_A                   = 0xE03 // 3587
+	SYS_SYMLINKAT                       = 0xE04 // 3588
+	SYS___SYMLINKAT_A                   = 0xE05 // 3589
+	SYS_UNLINKAT                        = 0xE06 // 3590
+	SYS___UNLINKAT_A                    = 0xE07 // 3591
+	SYS_SYSINFO                         = 0xE08 // 3592
+	SYS_WAIT4                           = 0xE0A // 3594
+	SYS_CLONE                           = 0xE0B // 3595
+	SYS_UNSHARE                         = 0xE0C // 3596
+	SYS_SETNS                           = 0xE0D // 3597
+	SYS_CAPGET                          = 0xE0E // 3598
+	SYS_CAPSET                          = 0xE0F // 3599
+	SYS_STRCHRNUL                       = 0xE10 // 3600
+	SYS_PTHREAD_CONDATTR_SETCLOCK       = 0xE12 // 3602
+	SYS_OPEN_BY_HANDLE_AT               = 0xE13 // 3603
+	SYS___OPEN_BY_HANDLE_AT_A           = 0xE14 // 3604
+	SYS___INET_ATON_A                   = 0xE15 // 3605
+	SYS_MOUNT1                          = 0xE16 // 3606
+	SYS___MOUNT1_A                      = 0xE17 // 3607
+	SYS_UMOUNT1                         = 0xE18 // 3608
+	SYS___UMOUNT1_A                     = 0xE19 // 3609
+	SYS_UMOUNT2                         = 0xE1A // 3610
+	SYS___UMOUNT2_A                     = 0xE1B // 3611
+	SYS___PRCTL_A                       = 0xE1C // 3612
+	SYS_LOCALTIME_R2                    = 0xE1D // 3613
+	SYS___LOCALTIME_R2_A                = 0xE1E // 3614
+	SYS_OPENAT2                         = 0xE1F // 3615
+	SYS___OPENAT2_A                     = 0xE20 // 3616
+	SYS___LE_CEEMICT                    = 0xE21 // 3617
+	SYS_GETENTROPY                      = 0xE22 // 3618
+	SYS_NANOSLEEP                       = 0xE23 // 3619
+	SYS_UTIMENSAT                       = 0xE24 // 3620
+	SYS___UTIMENSAT_A                   = 0xE25 // 3621
+	SYS_ASPRINTF                        = 0xE26 // 3622
+	SYS___ASPRINTF_A                    = 0xE27 // 3623
+	SYS_VASPRINTF                       = 0xE28 // 3624
+	SYS___VASPRINTF_A                   = 0xE29 // 3625
+	SYS_DPRINTF                         = 0xE2A // 3626
+	SYS___DPRINTF_A                     = 0xE2B // 3627
+	SYS_GETOPT_LONG                     = 0xE2C // 3628
+	SYS___GETOPT_LONG_A                 = 0xE2D // 3629
+	SYS_PSIGNAL                         = 0xE2E // 3630
+	SYS___PSIGNAL_A                     = 0xE2F // 3631
+	SYS_PSIGNAL_UNLOCKED                = 0xE30 // 3632
+	SYS___PSIGNAL_UNLOCKED_A            = 0xE31 // 3633
+	SYS_FSTATAT_O                       = 0xE32 // 3634
+	SYS___FSTATAT_O_A                   = 0xE33 // 3635
+	SYS_FSTATAT64                       = 0xE34 // 3636
+	SYS___FSTATAT64_A                   = 0xE35 // 3637
+	SYS___CHATTRAT                      = 0xE36 // 3638
+	SYS_____CHATTRAT_A                  = 0xE37 // 3639
+	SYS___CHATTRAT64                    = 0xE38 // 3640
+	SYS_____CHATTRAT64_A                = 0xE39 // 3641
+	SYS_MADVISE                         = 0xE3A // 3642
+	SYS___AUTHENTICATE                  = 0xE3B // 3643
+
 )
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index 091d107f..17c53bd9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -306,6 +306,19 @@ type XVSockPgen struct {
 
 type _Socklen uint32
 
+type SaeAssocID uint32
+
+type SaeConnID uint32
+
+type SaEndpoints struct {
+	Srcif      uint32
+	Srcaddr    *RawSockaddr
+	Srcaddrlen uint32
+	Dstaddr    *RawSockaddr
+	Dstaddrlen uint32
+	_          [4]byte
+}
+
 type Xucred struct {
 	Version uint32
 	Uid     uint32
@@ -449,11 +462,14 @@ type FdSet struct {
 
 const (
 	SizeofIfMsghdr    = 0x70
+	SizeofIfMsghdr2   = 0xa0
 	SizeofIfData      = 0x60
+	SizeofIfData64    = 0x80
 	SizeofIfaMsghdr   = 0x14
 	SizeofIfmaMsghdr  = 0x10
 	SizeofIfmaMsghdr2 = 0x14
 	SizeofRtMsghdr    = 0x5c
+	SizeofRtMsghdr2   = 0x5c
 	SizeofRtMetrics   = 0x38
 )
 
@@ -467,6 +483,20 @@ type IfMsghdr struct {
 	Data    IfData
 }
 
+type IfMsghdr2 struct {
+	Msglen     uint16
+	Version    uint8
+	Type       uint8
+	Addrs      int32
+	Flags      int32
+	Index      uint16
+	Snd_len    int32
+	Snd_maxlen int32
+	Snd_drops  int32
+	Timer      int32
+	Data       IfData64
+}
+
 type IfData struct {
 	Type       uint8
 	Typelen    uint8
@@ -499,6 +529,34 @@ type IfData struct {
 	Reserved2  uint32
 }
 
+type IfData64 struct {
+	Type       uint8
+	Typelen    uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Recvquota  uint8
+	Xmitquota  uint8
+	Unused1    uint8
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Noproto    uint64
+	Recvtiming uint32
+	Xmittiming uint32
+	Lastchange Timeval32
+}
+
 type IfaMsghdr struct {
 	Msglen  uint16
 	Version uint8
@@ -544,6 +602,21 @@ type RtMsghdr struct {
 	Rmx     RtMetrics
 }
 
+type RtMsghdr2 struct {
+	Msglen      uint16
+	Version     uint8
+	Type        uint8
+	Index       uint16
+	Flags       int32
+	Addrs       int32
+	Refcnt      int32
+	Parentflags int32
+	Reserved    int32
+	Use         int32
+	Inits       uint32
+	Rmx         RtMetrics
+}
+
 type RtMetrics struct {
 	Locks    uint32
 	Mtu      uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 28ff4ef7..2392226a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -306,6 +306,19 @@ type XVSockPgen struct {
 
 type _Socklen uint32
 
+type SaeAssocID uint32
+
+type SaeConnID uint32
+
+type SaEndpoints struct {
+	Srcif      uint32
+	Srcaddr    *RawSockaddr
+	Srcaddrlen uint32
+	Dstaddr    *RawSockaddr
+	Dstaddrlen uint32
+	_          [4]byte
+}
+
 type Xucred struct {
 	Version uint32
 	Uid     uint32
@@ -449,11 +462,14 @@ type FdSet struct {
 
 const (
 	SizeofIfMsghdr    = 0x70
+	SizeofIfMsghdr2   = 0xa0
 	SizeofIfData      = 0x60
+	SizeofIfData64    = 0x80
 	SizeofIfaMsghdr   = 0x14
 	SizeofIfmaMsghdr  = 0x10
 	SizeofIfmaMsghdr2 = 0x14
 	SizeofRtMsghdr    = 0x5c
+	SizeofRtMsghdr2   = 0x5c
 	SizeofRtMetrics   = 0x38
 )
 
@@ -467,6 +483,20 @@ type IfMsghdr struct {
 	Data    IfData
 }
 
+type IfMsghdr2 struct {
+	Msglen     uint16
+	Version    uint8
+	Type       uint8
+	Addrs      int32
+	Flags      int32
+	Index      uint16
+	Snd_len    int32
+	Snd_maxlen int32
+	Snd_drops  int32
+	Timer      int32
+	Data       IfData64
+}
+
 type IfData struct {
 	Type       uint8
 	Typelen    uint8
@@ -499,6 +529,34 @@ type IfData struct {
 	Reserved2  uint32
 }
 
+type IfData64 struct {
+	Type       uint8
+	Typelen    uint8
+	Physical   uint8
+	Addrlen    uint8
+	Hdrlen     uint8
+	Recvquota  uint8
+	Xmitquota  uint8
+	Unused1    uint8
+	Mtu        uint32
+	Metric     uint32
+	Baudrate   uint64
+	Ipackets   uint64
+	Ierrors    uint64
+	Opackets   uint64
+	Oerrors    uint64
+	Collisions uint64
+	Ibytes     uint64
+	Obytes     uint64
+	Imcasts    uint64
+	Omcasts    uint64
+	Iqdrops    uint64
+	Noproto    uint64
+	Recvtiming uint32
+	Xmittiming uint32
+	Lastchange Timeval32
+}
+
 type IfaMsghdr struct {
 	Msglen  uint16
 	Version uint8
@@ -544,6 +602,21 @@ type RtMsghdr struct {
 	Rmx     RtMetrics
 }
 
+type RtMsghdr2 struct {
+	Msglen      uint16
+	Version     uint8
+	Type        uint8
+	Index       uint16
+	Flags       int32
+	Addrs       int32
+	Refcnt      int32
+	Parentflags int32
+	Reserved    int32
+	Use         int32
+	Inits       uint32
+	Rmx         RtMetrics
+}
+
 type RtMetrics struct {
 	Locks    uint32
 	Mtu      uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 6cbd094a..51e13eb0 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -625,6 +625,7 @@ const (
 	POLLRDNORM   = 0x40
 	POLLWRBAND   = 0x100
 	POLLWRNORM   = 0x4
+	POLLRDHUP    = 0x4000
 )
 
 type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 7c03b6ee..d002d8ef 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -630,6 +630,7 @@ const (
 	POLLRDNORM   = 0x40
 	POLLWRBAND   = 0x100
 	POLLWRNORM   = 0x4
+	POLLRDHUP    = 0x4000
 )
 
 type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index 422107ee..3f863d89 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -616,6 +616,7 @@ const (
 	POLLRDNORM   = 0x40
 	POLLWRBAND   = 0x100
 	POLLWRNORM   = 0x4
+	POLLRDHUP    = 0x4000
 )
 
 type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 505a12ac..61c72931 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -610,6 +610,7 @@ const (
 	POLLRDNORM   = 0x40
 	POLLWRBAND   = 0x100
 	POLLWRNORM   = 0x4
+	POLLRDHUP    = 0x4000
 )
 
 type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index cc986c79..b5d17414 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -612,6 +612,7 @@ const (
 	POLLRDNORM   = 0x40
 	POLLWRBAND   = 0x100
 	POLLWRNORM   = 0x4
+	POLLRDHUP    = 0x4000
 )
 
 type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index bbf8399f..a46abe64 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -87,30 +87,35 @@ type StatxTimestamp struct {
 }
 
 type Statx_t struct {
-	Mask             uint32
-	Blksize          uint32
-	Attributes       uint64
-	Nlink            uint32
-	Uid              uint32
-	Gid              uint32
-	Mode             uint16
-	_                [1]uint16
-	Ino              uint64
-	Size             uint64
-	Blocks           uint64
-	Attributes_mask  uint64
-	Atime            StatxTimestamp
-	Btime            StatxTimestamp
-	Ctime            StatxTimestamp
-	Mtime            StatxTimestamp
-	Rdev_major       uint32
-	Rdev_minor       uint32
-	Dev_major        uint32
-	Dev_minor        uint32
-	Mnt_id           uint64
-	Dio_mem_align    uint32
-	Dio_offset_align uint32
-	_                [12]uint64
+	Mask                      uint32
+	Blksize                   uint32
+	Attributes                uint64
+	Nlink                     uint32
+	Uid                       uint32
+	Gid                       uint32
+	Mode                      uint16
+	_                         [1]uint16
+	Ino                       uint64
+	Size                      uint64
+	Blocks                    uint64
+	Attributes_mask           uint64
+	Atime                     StatxTimestamp
+	Btime                     StatxTimestamp
+	Ctime                     StatxTimestamp
+	Mtime                     StatxTimestamp
+	Rdev_major                uint32
+	Rdev_minor                uint32
+	Dev_major                 uint32
+	Dev_minor                 uint32
+	Mnt_id                    uint64
+	Dio_mem_align             uint32
+	Dio_offset_align          uint32
+	Subvol                    uint64
+	Atomic_write_unit_min     uint32
+	Atomic_write_unit_max     uint32
+	Atomic_write_segments_max uint32
+	_                         [1]uint32
+	_                         [9]uint64
 }
 
 type Fsid struct {
@@ -174,7 +179,8 @@ type FscryptPolicyV2 struct {
 	Contents_encryption_mode  uint8
 	Filenames_encryption_mode uint8
 	Flags                     uint8
-	_                         [4]uint8
+	Log2_data_unit_size       uint8
+	_                         [3]uint8
 	Master_key_identifier     [16]uint8
 }
 
@@ -455,60 +461,86 @@ type Ucred struct {
 }
 
 type TCPInfo struct {
-	State           uint8
-	Ca_state        uint8
-	Retransmits     uint8
-	Probes          uint8
-	Backoff         uint8
-	Options         uint8
-	Rto             uint32
-	Ato             uint32
-	Snd_mss         uint32
-	Rcv_mss         uint32
-	Unacked         uint32
-	Sacked          uint32
-	Lost            uint32
-	Retrans         uint32
-	Fackets         uint32
-	Last_data_sent  uint32
-	Last_ack_sent   uint32
-	Last_data_recv  uint32
-	Last_ack_recv   uint32
-	Pmtu            uint32
-	Rcv_ssthresh    uint32
-	Rtt             uint32
-	Rttvar          uint32
-	Snd_ssthresh    uint32
-	Snd_cwnd        uint32
-	Advmss          uint32
-	Reordering      uint32
-	Rcv_rtt         uint32
-	Rcv_space       uint32
-	Total_retrans   uint32
-	Pacing_rate     uint64
-	Max_pacing_rate uint64
-	Bytes_acked     uint64
-	Bytes_received  uint64
-	Segs_out        uint32
-	Segs_in         uint32
-	Notsent_bytes   uint32
-	Min_rtt         uint32
-	Data_segs_in    uint32
-	Data_segs_out   uint32
-	Delivery_rate   uint64
-	Busy_time       uint64
-	Rwnd_limited    uint64
-	Sndbuf_limited  uint64
-	Delivered       uint32
-	Delivered_ce    uint32
-	Bytes_sent      uint64
-	Bytes_retrans   uint64
-	Dsack_dups      uint32
-	Reord_seen      uint32
-	Rcv_ooopack     uint32
-	Snd_wnd         uint32
-	Rcv_wnd         uint32
-	Rehash          uint32
+	State                uint8
+	Ca_state             uint8
+	Retransmits          uint8
+	Probes               uint8
+	Backoff              uint8
+	Options              uint8
+	Rto                  uint32
+	Ato                  uint32
+	Snd_mss              uint32
+	Rcv_mss              uint32
+	Unacked              uint32
+	Sacked               uint32
+	Lost                 uint32
+	Retrans              uint32
+	Fackets              uint32
+	Last_data_sent       uint32
+	Last_ack_sent        uint32
+	Last_data_recv       uint32
+	Last_ack_recv        uint32
+	Pmtu                 uint32
+	Rcv_ssthresh         uint32
+	Rtt                  uint32
+	Rttvar               uint32
+	Snd_ssthresh         uint32
+	Snd_cwnd             uint32
+	Advmss               uint32
+	Reordering           uint32
+	Rcv_rtt              uint32
+	Rcv_space            uint32
+	Total_retrans        uint32
+	Pacing_rate          uint64
+	Max_pacing_rate      uint64
+	Bytes_acked          uint64
+	Bytes_received       uint64
+	Segs_out             uint32
+	Segs_in              uint32
+	Notsent_bytes        uint32
+	Min_rtt              uint32
+	Data_segs_in         uint32
+	Data_segs_out        uint32
+	Delivery_rate        uint64
+	Busy_time            uint64
+	Rwnd_limited         uint64
+	Sndbuf_limited       uint64
+	Delivered            uint32
+	Delivered_ce         uint32
+	Bytes_sent           uint64
+	Bytes_retrans        uint64
+	Dsack_dups           uint32
+	Reord_seen           uint32
+	Rcv_ooopack          uint32
+	Snd_wnd              uint32
+	Rcv_wnd              uint32
+	Rehash               uint32
+	Total_rto            uint16
+	Total_rto_recoveries uint16
+	Total_rto_time       uint32
+}
+
+type TCPVegasInfo struct {
+	Enabled uint32
+	Rttcnt  uint32
+	Rtt     uint32
+	Minrtt  uint32
+}
+
+type TCPDCTCPInfo struct {
+	Enabled  uint16
+	Ce_state uint16
+	Alpha    uint32
+	Ab_ecn   uint32
+	Ab_tot   uint32
+}
+
+type TCPBBRInfo struct {
+	Bw_lo       uint32
+	Bw_hi       uint32
+	Min_rtt     uint32
+	Pacing_gain uint32
+	Cwnd_gain   uint32
 }
 
 type CanFilter struct {
@@ -551,7 +583,8 @@ const (
 	SizeofIPv6MTUInfo       = 0x20
 	SizeofICMPv6Filter      = 0x20
 	SizeofUcred             = 0xc
-	SizeofTCPInfo           = 0xf0
+	SizeofTCPInfo           = 0xf8
+	SizeofTCPCCInfo         = 0x14
 	SizeofCanFilter         = 0x8
 	SizeofTCPRepairOpt      = 0x8
 )
@@ -832,6 +865,15 @@ const (
 	FSPICK_EMPTY_PATH       = 0x8
 
 	FSMOUNT_CLOEXEC = 0x1
+
+	FSCONFIG_SET_FLAG        = 0x0
+	FSCONFIG_SET_STRING      = 0x1
+	FSCONFIG_SET_BINARY      = 0x2
+	FSCONFIG_SET_PATH        = 0x3
+	FSCONFIG_SET_PATH_EMPTY  = 0x4
+	FSCONFIG_SET_FD          = 0x5
+	FSCONFIG_CMD_CREATE      = 0x6
+	FSCONFIG_CMD_RECONFIGURE = 0x7
 )
 
 type OpenHow struct {
@@ -1165,7 +1207,8 @@ const (
 	PERF_SAMPLE_BRANCH_TYPE_SAVE_SHIFT    = 0x10
 	PERF_SAMPLE_BRANCH_HW_INDEX_SHIFT     = 0x11
 	PERF_SAMPLE_BRANCH_PRIV_SAVE_SHIFT    = 0x12
-	PERF_SAMPLE_BRANCH_MAX_SHIFT          = 0x13
+	PERF_SAMPLE_BRANCH_COUNTERS           = 0x80000
+	PERF_SAMPLE_BRANCH_MAX_SHIFT          = 0x14
 	PERF_SAMPLE_BRANCH_USER               = 0x1
 	PERF_SAMPLE_BRANCH_KERNEL             = 0x2
 	PERF_SAMPLE_BRANCH_HV                 = 0x4
@@ -1185,7 +1228,7 @@ const (
 	PERF_SAMPLE_BRANCH_TYPE_SAVE          = 0x10000
 	PERF_SAMPLE_BRANCH_HW_INDEX           = 0x20000
 	PERF_SAMPLE_BRANCH_PRIV_SAVE          = 0x40000
-	PERF_SAMPLE_BRANCH_MAX                = 0x80000
+	PERF_SAMPLE_BRANCH_MAX                = 0x100000
 	PERF_BR_UNKNOWN                       = 0x0
 	PERF_BR_COND                          = 0x1
 	PERF_BR_UNCOND                        = 0x2
@@ -1546,6 +1589,7 @@ const (
 	IFLA_DEVLINK_PORT                          = 0x3e
 	IFLA_GSO_IPV4_MAX_SIZE                     = 0x3f
 	IFLA_GRO_IPV4_MAX_SIZE                     = 0x40
+	IFLA_DPLL_PIN                              = 0x41
 	IFLA_PROTO_DOWN_REASON_UNSPEC              = 0x0
 	IFLA_PROTO_DOWN_REASON_MASK                = 0x1
 	IFLA_PROTO_DOWN_REASON_VALUE               = 0x2
@@ -1561,6 +1605,7 @@ const (
 	IFLA_INET6_ICMP6STATS                      = 0x6
 	IFLA_INET6_TOKEN                           = 0x7
 	IFLA_INET6_ADDR_GEN_MODE                   = 0x8
+	IFLA_INET6_RA_MTU                          = 0x9
 	IFLA_BR_UNSPEC                             = 0x0
 	IFLA_BR_FORWARD_DELAY                      = 0x1
 	IFLA_BR_HELLO_TIME                         = 0x2
@@ -1608,6 +1653,9 @@ const (
 	IFLA_BR_MCAST_MLD_VERSION                  = 0x2c
 	IFLA_BR_VLAN_STATS_PER_PORT                = 0x2d
 	IFLA_BR_MULTI_BOOLOPT                      = 0x2e
+	IFLA_BR_MCAST_QUERIER_STATE                = 0x2f
+	IFLA_BR_FDB_N_LEARNED                      = 0x30
+	IFLA_BR_FDB_MAX_LEARNED                    = 0x31
 	IFLA_BRPORT_UNSPEC                         = 0x0
 	IFLA_BRPORT_STATE                          = 0x1
 	IFLA_BRPORT_PRIORITY                       = 0x2
@@ -1645,6 +1693,14 @@ const (
 	IFLA_BRPORT_BACKUP_PORT                    = 0x22
 	IFLA_BRPORT_MRP_RING_OPEN                  = 0x23
 	IFLA_BRPORT_MRP_IN_OPEN                    = 0x24
+	IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT          = 0x25
+	IFLA_BRPORT_MCAST_EHT_HOSTS_CNT            = 0x26
+	IFLA_BRPORT_LOCKED                         = 0x27
+	IFLA_BRPORT_MAB                            = 0x28
+	IFLA_BRPORT_MCAST_N_GROUPS                 = 0x29
+	IFLA_BRPORT_MCAST_MAX_GROUPS               = 0x2a
+	IFLA_BRPORT_NEIGH_VLAN_SUPPRESS            = 0x2b
+	IFLA_BRPORT_BACKUP_NHID                    = 0x2c
 	IFLA_INFO_UNSPEC                           = 0x0
 	IFLA_INFO_KIND                             = 0x1
 	IFLA_INFO_DATA                             = 0x2
@@ -1666,6 +1722,9 @@ const (
 	IFLA_MACVLAN_MACADDR                       = 0x4
 	IFLA_MACVLAN_MACADDR_DATA                  = 0x5
 	IFLA_MACVLAN_MACADDR_COUNT                 = 0x6
+	IFLA_MACVLAN_BC_QUEUE_LEN                  = 0x7
+	IFLA_MACVLAN_BC_QUEUE_LEN_USED             = 0x8
+	IFLA_MACVLAN_BC_CUTOFF                     = 0x9
 	IFLA_VRF_UNSPEC                            = 0x0
 	IFLA_VRF_TABLE                             = 0x1
 	IFLA_VRF_PORT_UNSPEC                       = 0x0
@@ -1689,9 +1748,16 @@ const (
 	IFLA_XFRM_UNSPEC                           = 0x0
 	IFLA_XFRM_LINK                             = 0x1
 	IFLA_XFRM_IF_ID                            = 0x2
+	IFLA_XFRM_COLLECT_METADATA                 = 0x3
 	IFLA_IPVLAN_UNSPEC                         = 0x0
 	IFLA_IPVLAN_MODE                           = 0x1
 	IFLA_IPVLAN_FLAGS                          = 0x2
+	IFLA_NETKIT_UNSPEC                         = 0x0
+	IFLA_NETKIT_PEER_INFO                      = 0x1
+	IFLA_NETKIT_PRIMARY                        = 0x2
+	IFLA_NETKIT_POLICY                         = 0x3
+	IFLA_NETKIT_PEER_POLICY                    = 0x4
+	IFLA_NETKIT_MODE                           = 0x5
 	IFLA_VXLAN_UNSPEC                          = 0x0
 	IFLA_VXLAN_ID                              = 0x1
 	IFLA_VXLAN_GROUP                           = 0x2
@@ -1722,6 +1788,9 @@ const (
 	IFLA_VXLAN_GPE                             = 0x1b
 	IFLA_VXLAN_TTL_INHERIT                     = 0x1c
 	IFLA_VXLAN_DF                              = 0x1d
+	IFLA_VXLAN_VNIFILTER                       = 0x1e
+	IFLA_VXLAN_LOCALBYPASS                     = 0x1f
+	IFLA_VXLAN_LABEL_POLICY                    = 0x20
 	IFLA_GENEVE_UNSPEC                         = 0x0
 	IFLA_GENEVE_ID                             = 0x1
 	IFLA_GENEVE_REMOTE                         = 0x2
@@ -1736,6 +1805,7 @@ const (
 	IFLA_GENEVE_LABEL                          = 0xb
 	IFLA_GENEVE_TTL_INHERIT                    = 0xc
 	IFLA_GENEVE_DF                             = 0xd
+	IFLA_GENEVE_INNER_PROTO_INHERIT            = 0xe
 	IFLA_BAREUDP_UNSPEC                        = 0x0
 	IFLA_BAREUDP_PORT                          = 0x1
 	IFLA_BAREUDP_ETHERTYPE                     = 0x2
@@ -1748,6 +1818,10 @@ const (
 	IFLA_GTP_FD1                               = 0x2
 	IFLA_GTP_PDP_HASHSIZE                      = 0x3
 	IFLA_GTP_ROLE                              = 0x4
+	IFLA_GTP_CREATE_SOCKETS                    = 0x5
+	IFLA_GTP_RESTART_COUNT                     = 0x6
+	IFLA_GTP_LOCAL                             = 0x7
+	IFLA_GTP_LOCAL6                            = 0x8
 	IFLA_BOND_UNSPEC                           = 0x0
 	IFLA_BOND_MODE                             = 0x1
 	IFLA_BOND_ACTIVE_SLAVE                     = 0x2
@@ -1777,6 +1851,10 @@ const (
 	IFLA_BOND_AD_ACTOR_SYSTEM                  = 0x1a
 	IFLA_BOND_TLB_DYNAMIC_LB                   = 0x1b
 	IFLA_BOND_PEER_NOTIF_DELAY                 = 0x1c
+	IFLA_BOND_AD_LACP_ACTIVE                   = 0x1d
+	IFLA_BOND_MISSED_MAX                       = 0x1e
+	IFLA_BOND_NS_IP6_TARGET                    = 0x1f
+	IFLA_BOND_COUPLED_CONTROL                  = 0x20
 	IFLA_BOND_AD_INFO_UNSPEC                   = 0x0
 	IFLA_BOND_AD_INFO_AGGREGATOR               = 0x1
 	IFLA_BOND_AD_INFO_NUM_PORTS                = 0x2
@@ -1792,6 +1870,7 @@ const (
 	IFLA_BOND_SLAVE_AD_AGGREGATOR_ID           = 0x6
 	IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE   = 0x7
 	IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE = 0x8
+	IFLA_BOND_SLAVE_PRIO                       = 0x9
 	IFLA_VF_INFO_UNSPEC                        = 0x0
 	IFLA_VF_INFO                               = 0x1
 	IFLA_VF_UNSPEC                             = 0x0
@@ -1844,14 +1923,23 @@ const (
 	IFLA_HSR_SEQ_NR                            = 0x5
 	IFLA_HSR_VERSION                           = 0x6
 	IFLA_HSR_PROTOCOL                          = 0x7
+	IFLA_HSR_INTERLINK                         = 0x8
 	IFLA_STATS_UNSPEC                          = 0x0
 	IFLA_STATS_LINK_64                         = 0x1
 	IFLA_STATS_LINK_XSTATS                     = 0x2
 	IFLA_STATS_LINK_XSTATS_SLAVE               = 0x3
 	IFLA_STATS_LINK_OFFLOAD_XSTATS             = 0x4
 	IFLA_STATS_AF_SPEC                         = 0x5
+	IFLA_STATS_GETSET_UNSPEC                   = 0x0
+	IFLA_STATS_GET_FILTERS                     = 0x1
+	IFLA_STATS_SET_OFFLOAD_XSTATS_L3_STATS     = 0x2
 	IFLA_OFFLOAD_XSTATS_UNSPEC                 = 0x0
 	IFLA_OFFLOAD_XSTATS_CPU_HIT                = 0x1
+	IFLA_OFFLOAD_XSTATS_HW_S_INFO              = 0x2
+	IFLA_OFFLOAD_XSTATS_L3_STATS               = 0x3
+	IFLA_OFFLOAD_XSTATS_HW_S_INFO_UNSPEC       = 0x0
+	IFLA_OFFLOAD_XSTATS_HW_S_INFO_REQUEST      = 0x1
+	IFLA_OFFLOAD_XSTATS_HW_S_INFO_USED         = 0x2
 	IFLA_XDP_UNSPEC                            = 0x0
 	IFLA_XDP_FD                                = 0x1
 	IFLA_XDP_ATTACHED                          = 0x2
@@ -1881,6 +1969,20 @@ const (
 	IFLA_RMNET_UNSPEC                          = 0x0
 	IFLA_RMNET_MUX_ID                          = 0x1
 	IFLA_RMNET_FLAGS                           = 0x2
+	IFLA_MCTP_UNSPEC                           = 0x0
+	IFLA_MCTP_NET                              = 0x1
+	IFLA_DSA_UNSPEC                            = 0x0
+	IFLA_DSA_CONDUIT                           = 0x1
+	IFLA_DSA_MASTER                            = 0x1
+)
+
+const (
+	NETKIT_NEXT     = -0x1
+	NETKIT_PASS     = 0x0
+	NETKIT_DROP     = 0x2
+	NETKIT_REDIRECT = 0x7
+	NETKIT_L2       = 0x0
+	NETKIT_L3       = 0x1
 )
 
 const (
@@ -2417,6 +2519,15 @@ type XDPMmapOffsets struct {
 	Cr XDPRingOffset
 }
 
+type XDPUmemReg struct {
+	Addr            uint64
+	Len             uint64
+	Size            uint32
+	Headroom        uint32
+	Flags           uint32
+	Tx_metadata_len uint32
+}
+
 type XDPStatistics struct {
 	Rx_dropped               uint64
 	Rx_invalid_descs         uint64
@@ -2483,8 +2594,8 @@ const (
 	SOF_TIMESTAMPING_BIND_PHC     = 0x8000
 	SOF_TIMESTAMPING_OPT_ID_TCP   = 0x10000
 
-	SOF_TIMESTAMPING_LAST = 0x10000
-	SOF_TIMESTAMPING_MASK = 0x1ffff
+	SOF_TIMESTAMPING_LAST = 0x20000
+	SOF_TIMESTAMPING_MASK = 0x3ffff
 
 	SCM_TSTAMP_SND   = 0x0
 	SCM_TSTAMP_SCHED = 0x1
@@ -2871,7 +2982,7 @@ const (
 	BPF_TCP_LISTEN                             = 0xa
 	BPF_TCP_CLOSING                            = 0xb
 	BPF_TCP_NEW_SYN_RECV                       = 0xc
-	BPF_TCP_MAX_STATES                         = 0xd
+	BPF_TCP_MAX_STATES                         = 0xe
 	TCP_BPF_IW                                 = 0x3e9
 	TCP_BPF_SNDCWND_CLAMP                      = 0x3ea
 	TCP_BPF_DELACK_MAX                         = 0x3eb
@@ -3147,7 +3258,7 @@ const (
 	DEVLINK_CMD_LINECARD_NEW                           = 0x50
 	DEVLINK_CMD_LINECARD_DEL                           = 0x51
 	DEVLINK_CMD_SELFTESTS_GET                          = 0x52
-	DEVLINK_CMD_MAX                                    = 0x53
+	DEVLINK_CMD_MAX                                    = 0x54
 	DEVLINK_PORT_TYPE_NOTSET                           = 0x0
 	DEVLINK_PORT_TYPE_AUTO                             = 0x1
 	DEVLINK_PORT_TYPE_ETH                              = 0x2
@@ -3399,7 +3510,7 @@ const (
 	DEVLINK_PORT_FN_ATTR_STATE                         = 0x2
 	DEVLINK_PORT_FN_ATTR_OPSTATE                       = 0x3
 	DEVLINK_PORT_FN_ATTR_CAPS                          = 0x4
-	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x4
+	DEVLINK_PORT_FUNCTION_ATTR_MAX                     = 0x6
 )
 
 type FsverityDigest struct {
@@ -3430,7 +3541,7 @@ type Nhmsg struct {
 type NexthopGrp struct {
 	Id     uint32
 	Weight uint8
-	Resvd1 uint8
+	High   uint8
 	Resvd2 uint16
 }
 
@@ -3691,7 +3802,7 @@ const (
 	ETHTOOL_MSG_PSE_GET                       = 0x24
 	ETHTOOL_MSG_PSE_SET                       = 0x25
 	ETHTOOL_MSG_RSS_GET                       = 0x26
-	ETHTOOL_MSG_USER_MAX                      = 0x2b
+	ETHTOOL_MSG_USER_MAX                      = 0x2d
 	ETHTOOL_MSG_KERNEL_NONE                   = 0x0
 	ETHTOOL_MSG_STRSET_GET_REPLY              = 0x1
 	ETHTOOL_MSG_LINKINFO_GET_REPLY            = 0x2
@@ -3731,12 +3842,15 @@ const (
 	ETHTOOL_MSG_MODULE_NTF                    = 0x24
 	ETHTOOL_MSG_PSE_GET_REPLY                 = 0x25
 	ETHTOOL_MSG_RSS_GET_REPLY                 = 0x26
-	ETHTOOL_MSG_KERNEL_MAX                    = 0x2b
+	ETHTOOL_MSG_KERNEL_MAX                    = 0x2e
+	ETHTOOL_FLAG_COMPACT_BITSETS              = 0x1
+	ETHTOOL_FLAG_OMIT_REPLY                   = 0x2
+	ETHTOOL_FLAG_STATS                        = 0x4
 	ETHTOOL_A_HEADER_UNSPEC                   = 0x0
 	ETHTOOL_A_HEADER_DEV_INDEX                = 0x1
 	ETHTOOL_A_HEADER_DEV_NAME                 = 0x2
 	ETHTOOL_A_HEADER_FLAGS                    = 0x3
-	ETHTOOL_A_HEADER_MAX                      = 0x3
+	ETHTOOL_A_HEADER_MAX                      = 0x4
 	ETHTOOL_A_BITSET_BIT_UNSPEC               = 0x0
 	ETHTOOL_A_BITSET_BIT_INDEX                = 0x1
 	ETHTOOL_A_BITSET_BIT_NAME                 = 0x2
@@ -3873,7 +3987,7 @@ const (
 	ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL   = 0x17
 	ETHTOOL_A_COALESCE_USE_CQE_MODE_TX        = 0x18
 	ETHTOOL_A_COALESCE_USE_CQE_MODE_RX        = 0x19
-	ETHTOOL_A_COALESCE_MAX                    = 0x1c
+	ETHTOOL_A_COALESCE_MAX                    = 0x1e
 	ETHTOOL_A_PAUSE_UNSPEC                    = 0x0
 	ETHTOOL_A_PAUSE_HEADER                    = 0x1
 	ETHTOOL_A_PAUSE_AUTONEG                   = 0x2
@@ -3901,7 +4015,7 @@ const (
 	ETHTOOL_A_TSINFO_TX_TYPES                 = 0x3
 	ETHTOOL_A_TSINFO_RX_FILTERS               = 0x4
 	ETHTOOL_A_TSINFO_PHC_INDEX                = 0x5
-	ETHTOOL_A_TSINFO_MAX                      = 0x5
+	ETHTOOL_A_TSINFO_MAX                      = 0x6
 	ETHTOOL_A_CABLE_TEST_UNSPEC               = 0x0
 	ETHTOOL_A_CABLE_TEST_HEADER               = 0x1
 	ETHTOOL_A_CABLE_TEST_MAX                  = 0x1
@@ -3917,11 +4031,11 @@ const (
 	ETHTOOL_A_CABLE_RESULT_UNSPEC             = 0x0
 	ETHTOOL_A_CABLE_RESULT_PAIR               = 0x1
 	ETHTOOL_A_CABLE_RESULT_CODE               = 0x2
-	ETHTOOL_A_CABLE_RESULT_MAX                = 0x2
+	ETHTOOL_A_CABLE_RESULT_MAX                = 0x3
 	ETHTOOL_A_CABLE_FAULT_LENGTH_UNSPEC       = 0x0
 	ETHTOOL_A_CABLE_FAULT_LENGTH_PAIR         = 0x1
 	ETHTOOL_A_CABLE_FAULT_LENGTH_CM           = 0x2
-	ETHTOOL_A_CABLE_FAULT_LENGTH_MAX          = 0x2
+	ETHTOOL_A_CABLE_FAULT_LENGTH_MAX          = 0x3
 	ETHTOOL_A_CABLE_TEST_NTF_STATUS_UNSPEC    = 0x0
 	ETHTOOL_A_CABLE_TEST_NTF_STATUS_STARTED   = 0x1
 	ETHTOOL_A_CABLE_TEST_NTF_STATUS_COMPLETED = 0x2
@@ -4004,6 +4118,107 @@ type EthtoolDrvinfo struct {
 	Regdump_len  uint32
 }
 
+type EthtoolTsInfo struct {
+	Cmd             uint32
+	So_timestamping uint32
+	Phc_index       int32
+	Tx_types        uint32
+	Tx_reserved     [3]uint32
+	Rx_filters      uint32
+	Rx_reserved     [3]uint32
+}
+
+type HwTstampConfig struct {
+	Flags     int32
+	Tx_type   int32
+	Rx_filter int32
+}
+
+const (
+	HWTSTAMP_FILTER_NONE            = 0x0
+	HWTSTAMP_FILTER_ALL             = 0x1
+	HWTSTAMP_FILTER_SOME            = 0x2
+	HWTSTAMP_FILTER_PTP_V1_L4_EVENT = 0x3
+	HWTSTAMP_FILTER_PTP_V2_L4_EVENT = 0x6
+	HWTSTAMP_FILTER_PTP_V2_L2_EVENT = 0x9
+	HWTSTAMP_FILTER_PTP_V2_EVENT    = 0xc
+)
+
+const (
+	HWTSTAMP_TX_OFF          = 0x0
+	HWTSTAMP_TX_ON           = 0x1
+	HWTSTAMP_TX_ONESTEP_SYNC = 0x2
+)
+
+type (
+	PtpClockCaps struct {
+		Max_adj            int32
+		N_alarm            int32
+		N_ext_ts           int32
+		N_per_out          int32
+		Pps                int32
+		N_pins             int32
+		Cross_timestamping int32
+		Adjust_phase       int32
+		Max_phase_adj      int32
+		Rsv                [11]int32
+	}
+	PtpClockTime struct {
+		Sec      int64
+		Nsec     uint32
+		Reserved uint32
+	}
+	PtpExttsEvent struct {
+		T     PtpClockTime
+		Index uint32
+		Flags uint32
+		Rsv   [2]uint32
+	}
+	PtpExttsRequest struct {
+		Index uint32
+		Flags uint32
+		Rsv   [2]uint32
+	}
+	PtpPeroutRequest struct {
+		StartOrPhase PtpClockTime
+		Period       PtpClockTime
+		Index        uint32
+		Flags        uint32
+		On           PtpClockTime
+	}
+	PtpPinDesc struct {
+		Name  [64]byte
+		Index uint32
+		Func  uint32
+		Chan  uint32
+		Rsv   [5]uint32
+	}
+	PtpSysOffset struct {
+		Samples uint32
+		Rsv     [3]uint32
+		Ts      [51]PtpClockTime
+	}
+	PtpSysOffsetExtended struct {
+		Samples uint32
+		Clockid int32
+		Rsv     [2]uint32
+		Ts      [25][3]PtpClockTime
+	}
+	PtpSysOffsetPrecise struct {
+		Device   PtpClockTime
+		Realtime PtpClockTime
+		Monoraw  PtpClockTime
+		Rsv      [4]uint32
+	}
+)
+
+const (
+	PTP_PF_NONE    = 0x0
+	PTP_PF_EXTTS   = 0x1
+	PTP_PF_PEROUT  = 0x2
+	PTP_PF_PHYSYNC = 0x3
+)
+
 type (
 	HIDRawReportDescriptor struct {
 		Size  uint32
@@ -4183,7 +4398,9 @@ const (
 )
 
 type LandlockRulesetAttr struct {
-	Access_fs uint64
+	Access_fs  uint64
+	Access_net uint64
+	Scoped     uint64
 }
 
 type LandlockPathBeneathAttr struct {
@@ -4530,7 +4747,7 @@ const (
 	NL80211_ATTR_MAC_HINT                                   = 0xc8
 	NL80211_ATTR_MAC_MASK                                   = 0xd7
 	NL80211_ATTR_MAX_AP_ASSOC_STA                           = 0xca
-	NL80211_ATTR_MAX                                        = 0x146
+	NL80211_ATTR_MAX                                        = 0x14d
 	NL80211_ATTR_MAX_CRIT_PROT_DURATION                     = 0xb4
 	NL80211_ATTR_MAX_CSA_COUNTERS                           = 0xce
 	NL80211_ATTR_MAX_MATCH_SETS                             = 0x85
@@ -4796,7 +5013,7 @@ const (
 	NL80211_BSS_FREQUENCY_OFFSET                            = 0x14
 	NL80211_BSS_INFORMATION_ELEMENTS                        = 0x6
 	NL80211_BSS_LAST_SEEN_BOOTTIME                          = 0xf
-	NL80211_BSS_MAX                                         = 0x16
+	NL80211_BSS_MAX                                         = 0x18
 	NL80211_BSS_MLD_ADDR                                    = 0x16
 	NL80211_BSS_MLO_LINK_ID                                 = 0x15
 	NL80211_BSS_PAD                                         = 0x10
@@ -4900,7 +5117,7 @@ const (
 	NL80211_CMD_LEAVE_IBSS                                  = 0x2c
 	NL80211_CMD_LEAVE_MESH                                  = 0x45
 	NL80211_CMD_LEAVE_OCB                                   = 0x6d
-	NL80211_CMD_MAX                                         = 0x9a
+	NL80211_CMD_MAX                                         = 0x9b
 	NL80211_CMD_MICHAEL_MIC_FAILURE                         = 0x29
 	NL80211_CMD_MODIFY_LINK_STA                             = 0x97
 	NL80211_CMD_NAN_MATCH                                   = 0x78
@@ -5134,7 +5351,7 @@ const (
 	NL80211_FREQUENCY_ATTR_GO_CONCURRENT                    = 0xf
 	NL80211_FREQUENCY_ATTR_INDOOR_ONLY                      = 0xe
 	NL80211_FREQUENCY_ATTR_IR_CONCURRENT                    = 0xf
-	NL80211_FREQUENCY_ATTR_MAX                              = 0x1b
+	NL80211_FREQUENCY_ATTR_MAX                              = 0x21
 	NL80211_FREQUENCY_ATTR_MAX_TX_POWER                     = 0x6
 	NL80211_FREQUENCY_ATTR_NO_10MHZ                         = 0x11
 	NL80211_FREQUENCY_ATTR_NO_160MHZ                        = 0xc
@@ -5302,7 +5519,7 @@ const (
 	NL80211_MNTR_FLAG_CONTROL                               = 0x3
 	NL80211_MNTR_FLAG_COOK_FRAMES                           = 0x5
 	NL80211_MNTR_FLAG_FCSFAIL                               = 0x1
-	NL80211_MNTR_FLAG_MAX                                   = 0x6
+	NL80211_MNTR_FLAG_MAX                                   = 0x7
 	NL80211_MNTR_FLAG_OTHER_BSS                             = 0x4
 	NL80211_MNTR_FLAG_PLCPFAIL                              = 0x2
 	NL80211_MPATH_FLAG_ACTIVE                               = 0x1
@@ -5547,7 +5764,7 @@ const (
 	NL80211_REGDOM_TYPE_CUSTOM_WORLD                        = 0x2
 	NL80211_REGDOM_TYPE_INTERSECTION                        = 0x3
 	NL80211_REGDOM_TYPE_WORLD                               = 0x1
-	NL80211_REG_RULE_ATTR_MAX                               = 0x7
+	NL80211_REG_RULE_ATTR_MAX                               = 0x8
 	NL80211_REKEY_DATA_AKM                                  = 0x4
 	NL80211_REKEY_DATA_KCK                                  = 0x2
 	NL80211_REKEY_DATA_KEK                                  = 0x1
@@ -5628,7 +5845,7 @@ const (
 	NL80211_STA_FLAG_ASSOCIATED                             = 0x7
 	NL80211_STA_FLAG_AUTHENTICATED                          = 0x5
 	NL80211_STA_FLAG_AUTHORIZED                             = 0x1
-	NL80211_STA_FLAG_MAX                                    = 0x7
+	NL80211_STA_FLAG_MAX                                    = 0x8
 	NL80211_STA_FLAG_MAX_OLD_API                            = 0x6
 	NL80211_STA_FLAG_MFP                                    = 0x4
 	NL80211_STA_FLAG_SHORT_PREAMBLE                         = 0x2
@@ -5926,3 +6143,36 @@ type CachestatRange struct {
 	Off uint64
 	Len uint64
 }
+
+const (
+	SK_MEMINFO_RMEM_ALLOC          = 0x0
+	SK_MEMINFO_RCVBUF              = 0x1
+	SK_MEMINFO_WMEM_ALLOC          = 0x2
+	SK_MEMINFO_SNDBUF              = 0x3
+	SK_MEMINFO_FWD_ALLOC           = 0x4
+	SK_MEMINFO_WMEM_QUEUED         = 0x5
+	SK_MEMINFO_OPTMEM              = 0x6
+	SK_MEMINFO_BACKLOG             = 0x7
+	SK_MEMINFO_DROPS               = 0x8
+	SK_MEMINFO_VARS                = 0x9
+	SKNLGRP_NONE                   = 0x0
+	SKNLGRP_INET_TCP_DESTROY       = 0x1
+	SKNLGRP_INET_UDP_DESTROY       = 0x2
+	SKNLGRP_INET6_TCP_DESTROY      = 0x3
+	SKNLGRP_INET6_UDP_DESTROY      = 0x4
+	SK_DIAG_BPF_STORAGE_REQ_NONE   = 0x0
+	SK_DIAG_BPF_STORAGE_REQ_MAP_FD = 0x1
+	SK_DIAG_BPF_STORAGE_REP_NONE   = 0x0
+	SK_DIAG_BPF_STORAGE            = 0x1
+	SK_DIAG_BPF_STORAGE_NONE       = 0x0
+	SK_DIAG_BPF_STORAGE_PAD        = 0x1
+	SK_DIAG_BPF_STORAGE_MAP_ID     = 0x2
+	SK_DIAG_BPF_STORAGE_MAP_VALUE  = 0x3
+)
+
+type SockDiagReq struct {
+	Family   uint8
+	Protocol uint8
+}
+
+const RTM_NEWNVLAN = 0x70
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 438a30af..fd402da4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -477,14 +477,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index adceca35..eb7a5e18 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -492,15 +492,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index eeaa00a3..d78ac108 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -470,15 +470,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 6739aa91..cd06d47f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -471,15 +471,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index 9920ef63..2f28fe26 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -472,15 +472,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 2923b799..71d6cac2 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -476,15 +476,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index ce2750ee..8596d453 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -474,15 +474,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 3038811d..cd60ea18 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -474,15 +474,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index efc6fed1..b0ae420c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -476,15 +476,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 9a654b75..83597287 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -482,15 +482,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 40d358e3..69eb6a5c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -481,15 +481,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index 148c6ceb..5f583cb6 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -481,15 +481,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 72ba8154..ad05b51a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -499,15 +499,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]uint8
 	Driver_name [64]uint8
@@ -736,6 +727,37 @@ const (
 	RISCV_HWPROBE_EXT_ZBA                = 0x8
 	RISCV_HWPROBE_EXT_ZBB                = 0x10
 	RISCV_HWPROBE_EXT_ZBS                = 0x20
+	RISCV_HWPROBE_EXT_ZICBOZ             = 0x40
+	RISCV_HWPROBE_EXT_ZBC                = 0x80
+	RISCV_HWPROBE_EXT_ZBKB               = 0x100
+	RISCV_HWPROBE_EXT_ZBKC               = 0x200
+	RISCV_HWPROBE_EXT_ZBKX               = 0x400
+	RISCV_HWPROBE_EXT_ZKND               = 0x800
+	RISCV_HWPROBE_EXT_ZKNE               = 0x1000
+	RISCV_HWPROBE_EXT_ZKNH               = 0x2000
+	RISCV_HWPROBE_EXT_ZKSED              = 0x4000
+	RISCV_HWPROBE_EXT_ZKSH               = 0x8000
+	RISCV_HWPROBE_EXT_ZKT                = 0x10000
+	RISCV_HWPROBE_EXT_ZVBB               = 0x20000
+	RISCV_HWPROBE_EXT_ZVBC               = 0x40000
+	RISCV_HWPROBE_EXT_ZVKB               = 0x80000
+	RISCV_HWPROBE_EXT_ZVKG               = 0x100000
+	RISCV_HWPROBE_EXT_ZVKNED             = 0x200000
+	RISCV_HWPROBE_EXT_ZVKNHA             = 0x400000
+	RISCV_HWPROBE_EXT_ZVKNHB             = 0x800000
+	RISCV_HWPROBE_EXT_ZVKSED             = 0x1000000
+	RISCV_HWPROBE_EXT_ZVKSH              = 0x2000000
+	RISCV_HWPROBE_EXT_ZVKT               = 0x4000000
+	RISCV_HWPROBE_EXT_ZFH                = 0x8000000
+	RISCV_HWPROBE_EXT_ZFHMIN             = 0x10000000
+	RISCV_HWPROBE_EXT_ZIHINTNTL          = 0x20000000
+	RISCV_HWPROBE_EXT_ZVFH               = 0x40000000
+	RISCV_HWPROBE_EXT_ZVFHMIN            = 0x80000000
+	RISCV_HWPROBE_EXT_ZFA                = 0x100000000
+	RISCV_HWPROBE_EXT_ZTSO               = 0x200000000
+	RISCV_HWPROBE_EXT_ZACAS              = 0x400000000
+	RISCV_HWPROBE_EXT_ZICOND             = 0x800000000
+	RISCV_HWPROBE_EXT_ZIHINTPAUSE        = 0x1000000000
 	RISCV_HWPROBE_KEY_CPUPERF_0          = 0x5
 	RISCV_HWPROBE_MISALIGNED_UNKNOWN     = 0x0
 	RISCV_HWPROBE_MISALIGNED_EMULATED    = 0x1
@@ -743,4 +765,6 @@ const (
 	RISCV_HWPROBE_MISALIGNED_FAST        = 0x3
 	RISCV_HWPROBE_MISALIGNED_UNSUPPORTED = 0x4
 	RISCV_HWPROBE_MISALIGNED_MASK        = 0x7
+	RISCV_HWPROBE_KEY_ZICBOZ_BLOCK_SIZE  = 0x6
+	RISCV_HWPROBE_WHICH_CPUS             = 0x1
 )
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index 71e76550..cf3ce900 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -495,15 +495,6 @@ const (
 	BLKPG = 0x1269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 4abbdb9d..590b5673 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -476,15 +476,6 @@ const (
 	BLKPG = 0x20001269
 )
 
-type XDPUmemReg struct {
-	Addr     uint64
-	Len      uint64
-	Size     uint32
-	Headroom uint32
-	Flags    uint32
-	_        [4]byte
-}
-
 type CryptoUserAlg struct {
 	Name        [64]int8
 	Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
index 54f31be6..2e5d5a44 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -25,10 +25,13 @@ const (
 	SizeofIPv6Mreq      = 20
 	SizeofICMPv6Filter  = 32
 	SizeofIPv6MTUInfo   = 32
+	SizeofInet4Pktinfo  = 8
+	SizeofInet6Pktinfo  = 20
 	SizeofLinger        = 8
 	SizeofSockaddrInet4 = 16
 	SizeofSockaddrInet6 = 28
 	SizeofTCPInfo       = 0x68
+	SizeofUcred         = 12
 )
 
 type (
@@ -69,12 +72,17 @@ type Utimbuf struct {
 }
 
 type Utsname struct {
-	Sysname    [65]byte
-	Nodename   [65]byte
-	Release    [65]byte
-	Version    [65]byte
-	Machine    [65]byte
-	Domainname [65]byte
+	Sysname  [16]byte
+	Nodename [32]byte
+	Release  [8]byte
+	Version  [8]byte
+	Machine  [16]byte
+}
+
+type Ucred struct {
+	Pid int32
+	Uid uint32
+	Gid uint32
 }
 
 type RawSockaddrInet4 struct {
@@ -325,7 +333,7 @@ type Statvfs_t struct {
 }
 
 type Statfs_t struct {
-	Type    uint32
+	Type    uint64
 	Bsize   uint64
 	Blocks  uint64
 	Bfree   uint64
@@ -336,6 +344,7 @@ type Statfs_t struct {
 	Namelen uint64
 	Frsize  uint64
 	Flags   uint64
+	_       [4]uint64
 }
 
 type direntLE struct {
@@ -368,6 +377,12 @@ type Flock_t struct {
 	Pid    int32
 }
 
+type F_cnvrt struct {
+	Cvtcmd int32
+	Pccsid int16
+	Fccsid int16
+}
+
 type Termios struct {
 	Cflag uint32
 	Iflag uint32
@@ -412,3 +427,126 @@ type W_Mntent struct {
 	Quiesceowner [8]byte
 	_            [38]byte
 }
+
+type EpollEvent struct {
+	Events uint32
+	_      int32
+	Fd     int32
+	Pad    int32
+}
+
+type InotifyEvent struct {
+	Wd     int32
+	Mask   uint32
+	Cookie uint32
+	Len    uint32
+	Name   string
+}
+
+const (
+	SizeofInotifyEvent = 0x10
+)
+
+type ConsMsg2 struct {
+	Cm2Format       uint16
+	Cm2R1           uint16
+	Cm2Msglength    uint32
+	Cm2Msg          *byte
+	Cm2R2           [4]byte
+	Cm2R3           [4]byte
+	Cm2Routcde      *uint32
+	Cm2Descr        *uint32
+	Cm2Msgflag      uint32
+	Cm2Token        uint32
+	Cm2Msgid        *uint32
+	Cm2R4           [4]byte
+	Cm2DomToken     uint32
+	Cm2DomMsgid     *uint32
+	Cm2ModCartptr   *byte
+	Cm2ModConsidptr *byte
+	Cm2MsgCart      [8]byte
+	Cm2MsgConsid    [4]byte
+	Cm2R5           [12]byte
+}
+
+const (
+	CC_modify        = 1
+	CC_stop          = 2
+	CONSOLE_FORMAT_2 = 2
+	CONSOLE_FORMAT_3 = 3
+	CONSOLE_HRDCPY   = 0x80000000
+)
+
+type OpenHow struct {
+	Flags   uint64
+	Mode    uint64
+	Resolve uint64
+}
+
+const SizeofOpenHow = 0x18
+
+const (
+	RESOLVE_CACHED        = 0x20
+	RESOLVE_BENEATH       = 0x8
+	RESOLVE_IN_ROOT       = 0x10
+	RESOLVE_NO_MAGICLINKS = 0x2
+	RESOLVE_NO_SYMLINKS   = 0x4
+	RESOLVE_NO_XDEV       = 0x1
+)
+
+type Siginfo struct {
+	Signo int32
+	Errno int32
+	Code  int32
+	Pid   int32
+	Uid   uint32
+	_     [44]byte
+}
+
+type SysvIpcPerm struct {
+	Uid  uint32
+	Gid  uint32
+	Cuid uint32
+	Cgid uint32
+	Mode int32
+}
+
+type SysvShmDesc struct {
+	Perm   SysvIpcPerm
+	_      [4]byte
+	Lpid   int32
+	Cpid   int32
+	Nattch uint32
+	_      [4]byte
+	_      [4]byte
+	_      [4]byte
+	_      int32
+	_      uint8
+	_      uint8
+	_      uint16
+	_      *byte
+	Segsz  uint64
+	Atime  Time_t
+	Dtime  Time_t
+	Ctime  Time_t
+}
+
+type SysvShmDesc64 struct {
+	Perm   SysvIpcPerm
+	_      [4]byte
+	Lpid   int32
+	Cpid   int32
+	Nattch uint32
+	_      [4]byte
+	_      [4]byte
+	_      [4]byte
+	_      int32
+	_      byte
+	_      uint8
+	_      uint16
+	_      *byte
+	Segsz  uint64
+	Atime  int64
+	Dtime  int64
+	Ctime  int64
+}
diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go
index ce2d713d..16f90560 100644
--- a/vendor/golang.org/x/sys/windows/aliases.go
+++ b/vendor/golang.org/x/sys/windows/aliases.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build windows && go1.9
+//go:build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/dll_windows.go b/vendor/golang.org/x/sys/windows/dll_windows.go
index 115341fb..3ca814f5 100644
--- a/vendor/golang.org/x/sys/windows/dll_windows.go
+++ b/vendor/golang.org/x/sys/windows/dll_windows.go
@@ -43,8 +43,8 @@ type DLL struct {
 // LoadDLL loads DLL file into memory.
 //
 // Warning: using LoadDLL without an absolute path name is subject to
-// DLL preloading attacks. To safely load a system DLL, use LazyDLL
-// with System set to true, or use LoadLibraryEx directly.
+// DLL preloading attacks. To safely load a system DLL, use [NewLazySystemDLL],
+// or use [LoadLibraryEx] directly.
 func LoadDLL(name string) (dll *DLL, err error) {
 	namep, err := UTF16PtrFromString(name)
 	if err != nil {
@@ -65,7 +65,7 @@ func LoadDLL(name string) (dll *DLL, err error) {
 	return d, nil
 }
 
-// MustLoadDLL is like LoadDLL but panics if load operation failes.
+// MustLoadDLL is like LoadDLL but panics if load operation fails.
 func MustLoadDLL(name string) *DLL {
 	d, e := LoadDLL(name)
 	if e != nil {
@@ -271,6 +271,9 @@ func (d *LazyDLL) NewProc(name string) *LazyProc {
 }
 
 // NewLazyDLL creates new LazyDLL associated with DLL file.
+//
+// Warning: using NewLazyDLL without an absolute path name is subject to
+// DLL preloading attacks. To safely load a system DLL, use [NewLazySystemDLL].
 func NewLazyDLL(name string) *LazyDLL {
 	return &LazyDLL{Name: name}
 }
@@ -410,7 +413,3 @@ func loadLibraryEx(name string, system bool) (*DLL, error) {
 	}
 	return &DLL{Name: name, Handle: h}, nil
 }
-
-type errString string
-
-func (s errString) Error() string { return string(s) }
diff --git a/vendor/golang.org/x/sys/windows/empty.s b/vendor/golang.org/x/sys/windows/empty.s
deleted file mode 100644
index ba64caca..00000000
--- a/vendor/golang.org/x/sys/windows/empty.s
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.12
-
-// This file is here to allow bodyless functions with go:linkname for Go 1.11
-// and earlier (see https://golang.org/issue/23311).
diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go
index b8ad1925..d4577a42 100644
--- a/vendor/golang.org/x/sys/windows/env_windows.go
+++ b/vendor/golang.org/x/sys/windows/env_windows.go
@@ -37,14 +37,17 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) {
 		return nil, err
 	}
 	defer DestroyEnvironmentBlock(block)
-	blockp := unsafe.Pointer(block)
-	for {
-		entry := UTF16PtrToString((*uint16)(blockp))
-		if len(entry) == 0 {
-			break
+	size := unsafe.Sizeof(*block)
+	for *block != 0 {
+		// find NUL terminator
+		end := unsafe.Pointer(block)
+		for *(*uint16)(end) != 0 {
+			end = unsafe.Add(end, size)
 		}
-		env = append(env, entry)
-		blockp = unsafe.Add(blockp, 2*(len(entry)+1))
+
+		entry := unsafe.Slice(block, (uintptr(end)-uintptr(unsafe.Pointer(block)))/size)
+		env = append(env, UTF16ToString(entry))
+		block = (*uint16)(unsafe.Add(end, size))
 	}
 	return env, nil
 }
diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go
index 26be94a8..a8b0364c 100644
--- a/vendor/golang.org/x/sys/windows/security_windows.go
+++ b/vendor/golang.org/x/sys/windows/security_windows.go
@@ -68,6 +68,7 @@ type UserInfo10 struct {
 //sys	NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) = netapi32.NetUserGetInfo
 //sys	NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (neterr error) = netapi32.NetGetJoinInformation
 //sys	NetApiBufferFree(buf *byte) (neterr error) = netapi32.NetApiBufferFree
+//sys   NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) = netapi32.NetUserEnum
 
 const (
 	// do not reorder
@@ -893,7 +894,7 @@ type ACL struct {
 	aclRevision byte
 	sbz1        byte
 	aclSize     uint16
-	aceCount    uint16
+	AceCount    uint16
 	sbz2        uint16
 }
 
@@ -1086,6 +1087,27 @@ type EXPLICIT_ACCESS struct {
 	Trustee           TRUSTEE
 }
 
+// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
+type ACE_HEADER struct {
+	AceType  uint8
+	AceFlags uint8
+	AceSize  uint16
+}
+
+// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace
+type ACCESS_ALLOWED_ACE struct {
+	Header   ACE_HEADER
+	Mask     ACCESS_MASK
+	SidStart uint32
+}
+
+const (
+	// Constants for AceType
+	// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header
+	ACCESS_ALLOWED_ACE_TYPE = 0
+	ACCESS_DENIED_ACE_TYPE  = 1
+)
+
 // This type is the union inside of TRUSTEE and must be created using one of the TrusteeValueFrom* functions.
 type TrusteeValue uintptr
 
@@ -1157,6 +1179,7 @@ type OBJECTS_AND_NAME struct {
 //sys	makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) = advapi32.MakeSelfRelativeSD
 
 //sys	setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) = advapi32.SetEntriesInAclW
+//sys	GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (err error) = advapi32.GetAce
 
 // Control returns the security descriptor control bits.
 func (sd *SECURITY_DESCRIPTOR) Control() (control SECURITY_DESCRIPTOR_CONTROL, revision uint32, err error) {
@@ -1280,7 +1303,10 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DE
 		return nil, err
 	}
 	if absoluteSDSize > 0 {
-		absoluteSD = (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&make([]byte, absoluteSDSize)[0]))
+		absoluteSD = new(SECURITY_DESCRIPTOR)
+		if unsafe.Sizeof(*absoluteSD) < uintptr(absoluteSDSize) {
+			panic("sizeof(SECURITY_DESCRIPTOR) too small")
+		}
 	}
 	var (
 		dacl  *ACL
@@ -1289,19 +1315,55 @@ func (selfRelativeSD *SECURITY_DESCRIPTOR) ToAbsolute() (absoluteSD *SECURITY_DE
 		group *SID
 	)
 	if daclSize > 0 {
-		dacl = (*ACL)(unsafe.Pointer(&make([]byte, daclSize)[0]))
+		dacl = (*ACL)(unsafe.Pointer(unsafe.SliceData(make([]byte, daclSize))))
 	}
 	if saclSize > 0 {
-		sacl = (*ACL)(unsafe.Pointer(&make([]byte, saclSize)[0]))
+		sacl = (*ACL)(unsafe.Pointer(unsafe.SliceData(make([]byte, saclSize))))
 	}
 	if ownerSize > 0 {
-		owner = (*SID)(unsafe.Pointer(&make([]byte, ownerSize)[0]))
+		owner = (*SID)(unsafe.Pointer(unsafe.SliceData(make([]byte, ownerSize))))
 	}
 	if groupSize > 0 {
-		group = (*SID)(unsafe.Pointer(&make([]byte, groupSize)[0]))
+		group = (*SID)(unsafe.Pointer(unsafe.SliceData(make([]byte, groupSize))))
 	}
+	// We call into Windows via makeAbsoluteSD, which sets up
+	// pointers within absoluteSD that point to other chunks of memory
+	// we pass into makeAbsoluteSD, and that happens outside the view of the GC.
+	// We therefore take some care here to then verify the pointers are as we expect
+	// and set them explicitly in view of the GC. See https://go.dev/issue/73199.
+	// TODO: consider weak pointers once Go 1.24 is appropriate. See suggestion in https://go.dev/cl/663575.
 	err = makeAbsoluteSD(selfRelativeSD, absoluteSD, &absoluteSDSize,
 		dacl, &daclSize, sacl, &saclSize, owner, &ownerSize, group, &groupSize)
+	if err != nil {
+		// Don't return absoluteSD, which might be partially initialized.
+		return nil, err
+	}
+	// Before using any fields, verify absoluteSD is in the format we expect according to Windows.
+	// See https://learn.microsoft.com/en-us/windows/win32/secauthz/absolute-and-self-relative-security-descriptors
+	absControl, _, err := absoluteSD.Control()
+	if err != nil {
+		panic("absoluteSD: " + err.Error())
+	}
+	if absControl&SE_SELF_RELATIVE != 0 {
+		panic("absoluteSD not in absolute format")
+	}
+	if absoluteSD.dacl != dacl {
+		panic("dacl pointer mismatch")
+	}
+	if absoluteSD.sacl != sacl {
+		panic("sacl pointer mismatch")
+	}
+	if absoluteSD.owner != owner {
+		panic("owner pointer mismatch")
+	}
+	if absoluteSD.group != group {
+		panic("group pointer mismatch")
+	}
+	absoluteSD.dacl = dacl
+	absoluteSD.sacl = sacl
+	absoluteSD.owner = owner
+	absoluteSD.group = group
+
 	return
 }
 
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 47dc5796..640f6b15 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -17,8 +17,10 @@ import (
 	"unsafe"
 )
 
-type Handle uintptr
-type HWND uintptr
+type (
+	Handle uintptr
+	HWND   uintptr
+)
 
 const (
 	InvalidHandle = ^Handle(0)
@@ -125,8 +127,7 @@ func UTF16PtrToString(p *uint16) string {
 	for ptr := unsafe.Pointer(p); *(*uint16)(ptr) != 0; n++ {
 		ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p))
 	}
-
-	return string(utf16.Decode(unsafe.Slice(p, n)))
+	return UTF16ToString(unsafe.Slice(p, n))
 }
 
 func Getpagesize() int { return 4096 }
@@ -166,6 +167,9 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	CreateFile(name *uint16, access uint32, mode uint32, sa *SecurityAttributes, createmode uint32, attrs uint32, templatefile Handle) (handle Handle, err error) [failretval==InvalidHandle] = CreateFileW
 //sys	CreateNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *SecurityAttributes) (handle Handle, err error)  [failretval==InvalidHandle] = CreateNamedPipeW
 //sys	ConnectNamedPipe(pipe Handle, overlapped *Overlapped) (err error)
+//sys	DisconnectNamedPipe(pipe Handle) (err error)
+//sys   GetNamedPipeClientProcessId(pipe Handle, clientProcessID *uint32) (err error)
+//sys   GetNamedPipeServerProcessId(pipe Handle, serverProcessID *uint32) (err error)
 //sys	GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error)
 //sys	GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
 //sys	SetNamedPipeHandleState(pipe Handle, state *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32) (err error) = SetNamedPipeHandleState
@@ -194,6 +198,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	GetComputerName(buf *uint16, n *uint32) (err error) = GetComputerNameW
 //sys	GetComputerNameEx(nametype uint32, buf *uint16, n *uint32) (err error) = GetComputerNameExW
 //sys	SetEndOfFile(handle Handle) (err error)
+//sys	SetFileValidData(handle Handle, validDataLength int64) (err error)
 //sys	GetSystemTimeAsFileTime(time *Filetime)
 //sys	GetSystemTimePreciseAsFileTime(time *Filetime)
 //sys	GetTimeZoneInformation(tzi *Timezoneinformation) (rc uint32, err error) [failretval==0xffffffff]
@@ -210,6 +215,10 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	OpenProcess(desiredAccess uint32, inheritHandle bool, processId uint32) (handle Handle, err error)
 //sys	ShellExecute(hwnd Handle, verb *uint16, file *uint16, args *uint16, cwd *uint16, showCmd int32) (err error) [failretval<=32] = shell32.ShellExecuteW
 //sys	GetWindowThreadProcessId(hwnd HWND, pid *uint32) (tid uint32, err error) = user32.GetWindowThreadProcessId
+//sys	LoadKeyboardLayout(name *uint16, flags uint32) (hkl Handle, err error) [failretval==0] = user32.LoadKeyboardLayoutW
+//sys	UnloadKeyboardLayout(hkl Handle) (err error) = user32.UnloadKeyboardLayout
+//sys	GetKeyboardLayout(tid uint32) (hkl Handle) = user32.GetKeyboardLayout
+//sys	ToUnicodeEx(vkey uint32, scancode uint32, keystate *byte, pwszBuff *uint16, cchBuff int32, flags uint32, hkl Handle) (ret int32) = user32.ToUnicodeEx
 //sys	GetShellWindow() (shellWindow HWND) = user32.GetShellWindow
 //sys	MessageBox(hwnd HWND, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) [failretval==0] = user32.MessageBoxW
 //sys	ExitWindowsEx(flags uint32, reason uint32) (err error) = user32.ExitWindowsEx
@@ -306,6 +315,10 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	SetConsoleMode(console Handle, mode uint32) (err error) = kernel32.SetConsoleMode
 //sys	GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) = kernel32.GetConsoleScreenBufferInfo
 //sys	setConsoleCursorPosition(console Handle, position uint32) (err error) = kernel32.SetConsoleCursorPosition
+//sys	GetConsoleCP() (cp uint32, err error) = kernel32.GetConsoleCP
+//sys	GetConsoleOutputCP() (cp uint32, err error) = kernel32.GetConsoleOutputCP
+//sys	SetConsoleCP(cp uint32) (err error) = kernel32.SetConsoleCP
+//sys	SetConsoleOutputCP(cp uint32) (err error) = kernel32.SetConsoleOutputCP
 //sys	WriteConsole(console Handle, buf *uint16, towrite uint32, written *uint32, reserved *byte) (err error) = kernel32.WriteConsoleW
 //sys	ReadConsole(console Handle, buf *uint16, toread uint32, read *uint32, inputControl *byte) (err error) = kernel32.ReadConsoleW
 //sys	resizePseudoConsole(pconsole Handle, size uint32) (hr error) = kernel32.ResizePseudoConsole
@@ -348,8 +361,19 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	SetProcessPriorityBoost(process Handle, disable bool) (err error) = kernel32.SetProcessPriorityBoost
 //sys	GetProcessWorkingSetSizeEx(hProcess Handle, lpMinimumWorkingSetSize *uintptr, lpMaximumWorkingSetSize *uintptr, flags *uint32)
 //sys	SetProcessWorkingSetSizeEx(hProcess Handle, dwMinimumWorkingSetSize uintptr, dwMaximumWorkingSetSize uintptr, flags uint32) (err error)
+//sys	ClearCommBreak(handle Handle) (err error)
+//sys	ClearCommError(handle Handle, lpErrors *uint32, lpStat *ComStat) (err error)
+//sys	EscapeCommFunction(handle Handle, dwFunc uint32) (err error)
+//sys	GetCommState(handle Handle, lpDCB *DCB) (err error)
+//sys	GetCommModemStatus(handle Handle, lpModemStat *uint32) (err error)
 //sys	GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error)
+//sys	PurgeComm(handle Handle, dwFlags uint32) (err error)
+//sys	SetCommBreak(handle Handle) (err error)
+//sys	SetCommMask(handle Handle, dwEvtMask uint32) (err error)
+//sys	SetCommState(handle Handle, lpDCB *DCB) (err error)
 //sys	SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error)
+//sys	SetupComm(handle Handle, dwInQueue uint32, dwOutQueue uint32) (err error)
+//sys	WaitCommEvent(handle Handle, lpEvtMask *uint32, lpOverlapped *Overlapped) (err error)
 //sys	GetActiveProcessorCount(groupNumber uint16) (ret uint32)
 //sys	GetMaximumProcessorCount(groupNumber uint16) (ret uint32)
 //sys	EnumWindows(enumFunc uintptr, param unsafe.Pointer) (err error) = user32.EnumWindows
@@ -703,20 +727,12 @@ func DurationSinceBoot() time.Duration {
 }
 
 func Ftruncate(fd Handle, length int64) (err error) {
-	curoffset, e := Seek(fd, 0, 1)
-	if e != nil {
-		return e
+	type _FILE_END_OF_FILE_INFO struct {
+		EndOfFile int64
 	}
-	defer Seek(fd, curoffset, 0)
-	_, e = Seek(fd, length, 0)
-	if e != nil {
-		return e
-	}
-	e = SetEndOfFile(fd)
-	if e != nil {
-		return e
-	}
-	return nil
+	var info _FILE_END_OF_FILE_INFO
+	info.EndOfFile = length
+	return SetFileInformationByHandle(fd, FileEndOfFileInfo, (*byte)(unsafe.Pointer(&info)), uint32(unsafe.Sizeof(info)))
 }
 
 func Gettimeofday(tv *Timeval) (err error) {
@@ -854,6 +870,7 @@ const socket_error = uintptr(^uint32(0))
 //sys	WSARecvFrom(s Handle, bufs *WSABuf, bufcnt uint32, recvd *uint32, flags *uint32,  from *RawSockaddrAny, fromlen *int32, overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSARecvFrom
 //sys	WSASendTo(s Handle, bufs *WSABuf, bufcnt uint32, sent *uint32, flags uint32, to *RawSockaddrAny, tolen int32,  overlapped *Overlapped, croutine *byte) (err error) [failretval==socket_error] = ws2_32.WSASendTo
 //sys	WSASocket(af int32, typ int32, protocol int32, protoInfo *WSAProtocolInfo, group uint32, flags uint32) (handle Handle, err error) [failretval==InvalidHandle] = ws2_32.WSASocketW
+//sys	WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) [failretval!=0] = ws2_32.WSADuplicateSocketW
 //sys	GetHostByName(name string) (h *Hostent, err error) [failretval==nil] = ws2_32.gethostbyname
 //sys	GetServByName(name string, proto string) (s *Servent, err error) [failretval==nil] = ws2_32.getservbyname
 //sys	Ntohs(netshort uint16) (u uint16) = ws2_32.ntohs
@@ -872,6 +889,11 @@ const socket_error = uintptr(^uint32(0))
 //sys	GetACP() (acp uint32) = kernel32.GetACP
 //sys	MultiByteToWideChar(codePage uint32, dwFlags uint32, str *byte, nstr int32, wchar *uint16, nwchar int32) (nwrite int32, err error) = kernel32.MultiByteToWideChar
 //sys	getBestInterfaceEx(sockaddr unsafe.Pointer, pdwBestIfIndex *uint32) (errcode error) = iphlpapi.GetBestInterfaceEx
+//sys   GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) = iphlpapi.GetIfEntry2Ex
+//sys   GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) = iphlpapi.GetUnicastIpAddressEntry
+//sys   NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyIpInterfaceChange
+//sys   NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) = iphlpapi.NotifyUnicastIpAddressChange
+//sys   CancelMibChangeNotify2(notificationHandle Handle) (errcode error) = iphlpapi.CancelMibChangeNotify2
 
 // For testing: clients can set this flag to force
 // creation of IPv6 sockets to return EAFNOSUPPORT.
@@ -1356,9 +1378,11 @@ func SetsockoptLinger(fd Handle, level, opt int, l *Linger) (err error) {
 func SetsockoptInet4Addr(fd Handle, level, opt int, value [4]byte) (err error) {
 	return Setsockopt(fd, int32(level), int32(opt), (*byte)(unsafe.Pointer(&value[0])), 4)
 }
+
 func SetsockoptIPMreq(fd Handle, level, opt int, mreq *IPMreq) (err error) {
 	return Setsockopt(fd, int32(level), int32(opt), (*byte)(unsafe.Pointer(mreq)), int32(unsafe.Sizeof(*mreq)))
 }
+
 func SetsockoptIPv6Mreq(fd Handle, level, opt int, mreq *IPv6Mreq) (err error) {
 	return syscall.EWINDOWS
 }
@@ -1661,19 +1685,23 @@ func (s NTStatus) Error() string {
 // do not use NTUnicodeString, and instead UTF16PtrFromString should be used for
 // the more common *uint16 string type.
 func NewNTUnicodeString(s string) (*NTUnicodeString, error) {
-	var u NTUnicodeString
-	s16, err := UTF16PtrFromString(s)
+	s16, err := UTF16FromString(s)
 	if err != nil {
 		return nil, err
 	}
-	RtlInitUnicodeString(&u, s16)
-	return &u, nil
+	n := uint16(len(s16) * 2)
+	return &NTUnicodeString{
+		Length:        n - 2, // subtract 2 bytes for the NULL terminator
+		MaximumLength: n,
+		Buffer:        &s16[0],
+	}, nil
 }
 
 // Slice returns a uint16 slice that aliases the data in the NTUnicodeString.
 func (s *NTUnicodeString) Slice() []uint16 {
-	slice := unsafe.Slice(s.Buffer, s.MaximumLength)
-	return slice[:s.Length]
+	// Note: this rounds the length down, if it happens
+	// to (incorrectly) be odd. Probably safer than rounding up.
+	return unsafe.Slice(s.Buffer, s.MaximumLength/2)[:s.Length/2]
 }
 
 func (s *NTUnicodeString) String() string {
@@ -1834,3 +1862,73 @@ func ResizePseudoConsole(pconsole Handle, size Coord) error {
 	// accept arguments that can be casted to uintptr, and Coord can't.
 	return resizePseudoConsole(pconsole, *((*uint32)(unsafe.Pointer(&size))))
 }
+
+// DCB constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-dcb.
+const (
+	CBR_110    = 110
+	CBR_300    = 300
+	CBR_600    = 600
+	CBR_1200   = 1200
+	CBR_2400   = 2400
+	CBR_4800   = 4800
+	CBR_9600   = 9600
+	CBR_14400  = 14400
+	CBR_19200  = 19200
+	CBR_38400  = 38400
+	CBR_57600  = 57600
+	CBR_115200 = 115200
+	CBR_128000 = 128000
+	CBR_256000 = 256000
+
+	DTR_CONTROL_DISABLE   = 0x00000000
+	DTR_CONTROL_ENABLE    = 0x00000010
+	DTR_CONTROL_HANDSHAKE = 0x00000020
+
+	RTS_CONTROL_DISABLE   = 0x00000000
+	RTS_CONTROL_ENABLE    = 0x00001000
+	RTS_CONTROL_HANDSHAKE = 0x00002000
+	RTS_CONTROL_TOGGLE    = 0x00003000
+
+	NOPARITY    = 0
+	ODDPARITY   = 1
+	EVENPARITY  = 2
+	MARKPARITY  = 3
+	SPACEPARITY = 4
+
+	ONESTOPBIT   = 0
+	ONE5STOPBITS = 1
+	TWOSTOPBITS  = 2
+)
+
+// EscapeCommFunction constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-escapecommfunction.
+const (
+	SETXOFF  = 1
+	SETXON   = 2
+	SETRTS   = 3
+	CLRRTS   = 4
+	SETDTR   = 5
+	CLRDTR   = 6
+	SETBREAK = 8
+	CLRBREAK = 9
+)
+
+// PurgeComm constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-purgecomm.
+const (
+	PURGE_TXABORT = 0x0001
+	PURGE_RXABORT = 0x0002
+	PURGE_TXCLEAR = 0x0004
+	PURGE_RXCLEAR = 0x0008
+)
+
+// SetCommMask constants. See https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setcommmask.
+const (
+	EV_RXCHAR  = 0x0001
+	EV_RXFLAG  = 0x0002
+	EV_TXEMPTY = 0x0004
+	EV_CTS     = 0x0008
+	EV_DSR     = 0x0010
+	EV_RLSD    = 0x0020
+	EV_BREAK   = 0x0040
+	EV_ERR     = 0x0080
+	EV_RING    = 0x0100
+)
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index 359780f6..958bcf47 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -176,6 +176,7 @@ const (
 	WAIT_FAILED    = 0xFFFFFFFF
 
 	// Access rights for process.
+	PROCESS_ALL_ACCESS                = 0xFFFF
 	PROCESS_CREATE_PROCESS            = 0x0080
 	PROCESS_CREATE_THREAD             = 0x0002
 	PROCESS_DUP_HANDLE                = 0x0040
@@ -1060,6 +1061,7 @@ const (
 	SIO_GET_EXTENSION_FUNCTION_POINTER = IOC_INOUT | IOC_WS2 | 6
 	SIO_KEEPALIVE_VALS                 = IOC_IN | IOC_VENDOR | 4
 	SIO_UDP_CONNRESET                  = IOC_IN | IOC_VENDOR | 12
+	SIO_UDP_NETRESET                   = IOC_IN | IOC_VENDOR | 15
 
 	// cf. http://support.microsoft.com/default.aspx?scid=kb;en-us;257460
 
@@ -1072,6 +1074,7 @@ const (
 	IP_ADD_MEMBERSHIP  = 0xc
 	IP_DROP_MEMBERSHIP = 0xd
 	IP_PKTINFO         = 0x13
+	IP_MTU_DISCOVER    = 0x47
 
 	IPV6_V6ONLY         = 0x1b
 	IPV6_UNICAST_HOPS   = 0x4
@@ -1081,6 +1084,7 @@ const (
 	IPV6_JOIN_GROUP     = 0xc
 	IPV6_LEAVE_GROUP    = 0xd
 	IPV6_PKTINFO        = 0x13
+	IPV6_MTU_DISCOVER   = 0x47
 
 	MSG_OOB       = 0x1
 	MSG_PEEK      = 0x2
@@ -1130,6 +1134,15 @@ const (
 	WSASYS_STATUS_LEN  = 128
 )
 
+// enum PMTUD_STATE from ws2ipdef.h
+const (
+	IP_PMTUDISC_NOT_SET = 0
+	IP_PMTUDISC_DO      = 1
+	IP_PMTUDISC_DONT    = 2
+	IP_PMTUDISC_PROBE   = 3
+	IP_PMTUDISC_MAX     = 4
+)
+
 type WSABuf struct {
 	Len uint32
 	Buf *byte
@@ -1144,6 +1157,22 @@ type WSAMsg struct {
 	Flags       uint32
 }
 
+type WSACMSGHDR struct {
+	Len   uintptr
+	Level int32
+	Type  int32
+}
+
+type IN_PKTINFO struct {
+	Addr    [4]byte
+	Ifindex uint32
+}
+
+type IN6_PKTINFO struct {
+	Addr    [16]byte
+	Ifindex uint32
+}
+
 // Flags for WSASocket
 const (
 	WSA_FLAG_OVERLAPPED             = 0x01
@@ -2003,7 +2032,21 @@ const (
 	MOVEFILE_FAIL_IF_NOT_TRACKABLE = 0x20
 )
 
-const GAA_FLAG_INCLUDE_PREFIX = 0x00000010
+// Flags for GetAdaptersAddresses, see
+// https://learn.microsoft.com/en-us/windows/win32/api/iphlpapi/nf-iphlpapi-getadaptersaddresses.
+const (
+	GAA_FLAG_SKIP_UNICAST                = 0x1
+	GAA_FLAG_SKIP_ANYCAST                = 0x2
+	GAA_FLAG_SKIP_MULTICAST              = 0x4
+	GAA_FLAG_SKIP_DNS_SERVER             = 0x8
+	GAA_FLAG_INCLUDE_PREFIX              = 0x10
+	GAA_FLAG_SKIP_FRIENDLY_NAME          = 0x20
+	GAA_FLAG_INCLUDE_WINS_INFO           = 0x40
+	GAA_FLAG_INCLUDE_GATEWAYS            = 0x80
+	GAA_FLAG_INCLUDE_ALL_INTERFACES      = 0x100
+	GAA_FLAG_INCLUDE_ALL_COMPARTMENTS    = 0x200
+	GAA_FLAG_INCLUDE_TUNNEL_BINDINGORDER = 0x400
+)
 
 const (
 	IF_TYPE_OTHER              = 1
@@ -2017,6 +2060,50 @@ const (
 	IF_TYPE_IEEE1394           = 144
 )
 
+// Enum NL_PREFIX_ORIGIN for [IpAdapterUnicastAddress], see
+// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_prefix_origin
+const (
+	IpPrefixOriginOther               = 0
+	IpPrefixOriginManual              = 1
+	IpPrefixOriginWellKnown           = 2
+	IpPrefixOriginDhcp                = 3
+	IpPrefixOriginRouterAdvertisement = 4
+	IpPrefixOriginUnchanged           = 1 << 4
+)
+
+// Enum NL_SUFFIX_ORIGIN for [IpAdapterUnicastAddress], see
+// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_suffix_origin
+const (
+	NlsoOther                      = 0
+	NlsoManual                     = 1
+	NlsoWellKnown                  = 2
+	NlsoDhcp                       = 3
+	NlsoLinkLayerAddress           = 4
+	NlsoRandom                     = 5
+	IpSuffixOriginOther            = 0
+	IpSuffixOriginManual           = 1
+	IpSuffixOriginWellKnown        = 2
+	IpSuffixOriginDhcp             = 3
+	IpSuffixOriginLinkLayerAddress = 4
+	IpSuffixOriginRandom           = 5
+	IpSuffixOriginUnchanged        = 1 << 4
+)
+
+// Enum NL_DAD_STATE for [IpAdapterUnicastAddress], see
+// https://learn.microsoft.com/en-us/windows/win32/api/nldef/ne-nldef-nl_dad_state
+const (
+	NldsInvalid          = 0
+	NldsTentative        = 1
+	NldsDuplicate        = 2
+	NldsDeprecated       = 3
+	NldsPreferred        = 4
+	IpDadStateInvalid    = 0
+	IpDadStateTentative  = 1
+	IpDadStateDuplicate  = 2
+	IpDadStateDeprecated = 3
+	IpDadStatePreferred  = 4
+)
+
 type SocketAddress struct {
 	Sockaddr       *syscall.RawSockaddrAny
 	SockaddrLength int32
@@ -2144,6 +2231,132 @@ const (
 	IfOperStatusLowerLayerDown = 7
 )
 
+const (
+	IF_MAX_PHYS_ADDRESS_LENGTH = 32
+	IF_MAX_STRING_SIZE         = 256
+)
+
+// MIB_IF_ENTRY_LEVEL enumeration from netioapi.h or
+// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/nf-netioapi-getifentry2ex.
+const (
+	MibIfEntryNormal                  = 0
+	MibIfEntryNormalWithoutStatistics = 2
+)
+
+// MIB_NOTIFICATION_TYPE enumeration from netioapi.h or
+// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ne-netioapi-mib_notification_type.
+const (
+	MibParameterNotification = 0
+	MibAddInstance           = 1
+	MibDeleteInstance        = 2
+	MibInitialNotification   = 3
+)
+
+// MibIfRow2 stores information about a particular interface. See
+// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_if_row2.
+type MibIfRow2 struct {
+	InterfaceLuid               uint64
+	InterfaceIndex              uint32
+	InterfaceGuid               GUID
+	Alias                       [IF_MAX_STRING_SIZE + 1]uint16
+	Description                 [IF_MAX_STRING_SIZE + 1]uint16
+	PhysicalAddressLength       uint32
+	PhysicalAddress             [IF_MAX_PHYS_ADDRESS_LENGTH]uint8
+	PermanentPhysicalAddress    [IF_MAX_PHYS_ADDRESS_LENGTH]uint8
+	Mtu                         uint32
+	Type                        uint32
+	TunnelType                  uint32
+	MediaType                   uint32
+	PhysicalMediumType          uint32
+	AccessType                  uint32
+	DirectionType               uint32
+	InterfaceAndOperStatusFlags uint8
+	OperStatus                  uint32
+	AdminStatus                 uint32
+	MediaConnectState           uint32
+	NetworkGuid                 GUID
+	ConnectionType              uint32
+	TransmitLinkSpeed           uint64
+	ReceiveLinkSpeed            uint64
+	InOctets                    uint64
+	InUcastPkts                 uint64
+	InNUcastPkts                uint64
+	InDiscards                  uint64
+	InErrors                    uint64
+	InUnknownProtos             uint64
+	InUcastOctets               uint64
+	InMulticastOctets           uint64
+	InBroadcastOctets           uint64
+	OutOctets                   uint64
+	OutUcastPkts                uint64
+	OutNUcastPkts               uint64
+	OutDiscards                 uint64
+	OutErrors                   uint64
+	OutUcastOctets              uint64
+	OutMulticastOctets          uint64
+	OutBroadcastOctets          uint64
+	OutQLen                     uint64
+}
+
+// MIB_UNICASTIPADDRESS_ROW stores information about a unicast IP address. See
+// https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_unicastipaddress_row.
+type MibUnicastIpAddressRow struct {
+	Address            RawSockaddrInet6 // SOCKADDR_INET union
+	InterfaceLuid      uint64
+	InterfaceIndex     uint32
+	PrefixOrigin       uint32
+	SuffixOrigin       uint32
+	ValidLifetime      uint32
+	PreferredLifetime  uint32
+	OnLinkPrefixLength uint8
+	SkipAsSource       uint8
+	DadState           uint32
+	ScopeId            uint32
+	CreationTimeStamp  Filetime
+}
+
+const ScopeLevelCount = 16
+
+// MIB_IPINTERFACE_ROW stores interface management information for a particular IP address family on a network interface.
+// See https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipinterface_row.
+type MibIpInterfaceRow struct {
+	Family                               uint16
+	InterfaceLuid                        uint64
+	InterfaceIndex                       uint32
+	MaxReassemblySize                    uint32
+	InterfaceIdentifier                  uint64
+	MinRouterAdvertisementInterval       uint32
+	MaxRouterAdvertisementInterval       uint32
+	AdvertisingEnabled                   uint8
+	ForwardingEnabled                    uint8
+	WeakHostSend                         uint8
+	WeakHostReceive                      uint8
+	UseAutomaticMetric                   uint8
+	UseNeighborUnreachabilityDetection   uint8
+	ManagedAddressConfigurationSupported uint8
+	OtherStatefulConfigurationSupported  uint8
+	AdvertiseDefaultRoute                uint8
+	RouterDiscoveryBehavior              uint32
+	DadTransmits                         uint32
+	BaseReachableTime                    uint32
+	RetransmitTime                       uint32
+	PathMtuDiscoveryTimeout              uint32
+	LinkLocalAddressBehavior             uint32
+	LinkLocalAddressTimeout              uint32
+	ZoneIndices                          [ScopeLevelCount]uint32
+	SitePrefixLength                     uint32
+	Metric                               uint32
+	NlMtu                                uint32
+	Connected                            uint8
+	SupportsWakeUpPatterns               uint8
+	SupportsNeighborDiscovery            uint8
+	SupportsRouterDiscovery              uint8
+	ReachableTime                        uint32
+	TransmitOffload                      uint32
+	ReceiveOffload                       uint32
+	DisableDefaultRoutes                 uint8
+}
+
 // Console related constants used for the mode parameter to SetConsoleMode. See
 // https://docs.microsoft.com/en-us/windows/console/setconsolemode for details.
 
@@ -2487,6 +2700,8 @@ type CommTimeouts struct {
 
 // NTUnicodeString is a UTF-16 string for NT native APIs, corresponding to UNICODE_STRING.
 type NTUnicodeString struct {
+	// Note: Length and MaximumLength are in *bytes*, not uint16s.
+	// They should always be even.
 	Length        uint16
 	MaximumLength uint16
 	Buffer        *uint16
@@ -3380,3 +3595,248 @@ type BLOB struct {
 	Size     uint32
 	BlobData *byte
 }
+
+type ComStat struct {
+	Flags    uint32
+	CBInQue  uint32
+	CBOutQue uint32
+}
+
+type DCB struct {
+	DCBlength  uint32
+	BaudRate   uint32
+	Flags      uint32
+	wReserved  uint16
+	XonLim     uint16
+	XoffLim    uint16
+	ByteSize   uint8
+	Parity     uint8
+	StopBits   uint8
+	XonChar    byte
+	XoffChar   byte
+	ErrorChar  byte
+	EofChar    byte
+	EvtChar    byte
+	wReserved1 uint16
+}
+
+// Keyboard Layout Flags.
+// See https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-loadkeyboardlayoutw
+const (
+	KLF_ACTIVATE      = 0x00000001
+	KLF_SUBSTITUTE_OK = 0x00000002
+	KLF_REORDER       = 0x00000008
+	KLF_REPLACELANG   = 0x00000010
+	KLF_NOTELLSHELL   = 0x00000080
+	KLF_SETFORPROCESS = 0x00000100
+)
+
+// Virtual Key codes
+// https://docs.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes
+const (
+	VK_LBUTTON             = 0x01
+	VK_RBUTTON             = 0x02
+	VK_CANCEL              = 0x03
+	VK_MBUTTON             = 0x04
+	VK_XBUTTON1            = 0x05
+	VK_XBUTTON2            = 0x06
+	VK_BACK                = 0x08
+	VK_TAB                 = 0x09
+	VK_CLEAR               = 0x0C
+	VK_RETURN              = 0x0D
+	VK_SHIFT               = 0x10
+	VK_CONTROL             = 0x11
+	VK_MENU                = 0x12
+	VK_PAUSE               = 0x13
+	VK_CAPITAL             = 0x14
+	VK_KANA                = 0x15
+	VK_HANGEUL             = 0x15
+	VK_HANGUL              = 0x15
+	VK_IME_ON              = 0x16
+	VK_JUNJA               = 0x17
+	VK_FINAL               = 0x18
+	VK_HANJA               = 0x19
+	VK_KANJI               = 0x19
+	VK_IME_OFF             = 0x1A
+	VK_ESCAPE              = 0x1B
+	VK_CONVERT             = 0x1C
+	VK_NONCONVERT          = 0x1D
+	VK_ACCEPT              = 0x1E
+	VK_MODECHANGE          = 0x1F
+	VK_SPACE               = 0x20
+	VK_PRIOR               = 0x21
+	VK_NEXT                = 0x22
+	VK_END                 = 0x23
+	VK_HOME                = 0x24
+	VK_LEFT                = 0x25
+	VK_UP                  = 0x26
+	VK_RIGHT               = 0x27
+	VK_DOWN                = 0x28
+	VK_SELECT              = 0x29
+	VK_PRINT               = 0x2A
+	VK_EXECUTE             = 0x2B
+	VK_SNAPSHOT            = 0x2C
+	VK_INSERT              = 0x2D
+	VK_DELETE              = 0x2E
+	VK_HELP                = 0x2F
+	VK_LWIN                = 0x5B
+	VK_RWIN                = 0x5C
+	VK_APPS                = 0x5D
+	VK_SLEEP               = 0x5F
+	VK_NUMPAD0             = 0x60
+	VK_NUMPAD1             = 0x61
+	VK_NUMPAD2             = 0x62
+	VK_NUMPAD3             = 0x63
+	VK_NUMPAD4             = 0x64
+	VK_NUMPAD5             = 0x65
+	VK_NUMPAD6             = 0x66
+	VK_NUMPAD7             = 0x67
+	VK_NUMPAD8             = 0x68
+	VK_NUMPAD9             = 0x69
+	VK_MULTIPLY            = 0x6A
+	VK_ADD                 = 0x6B
+	VK_SEPARATOR           = 0x6C
+	VK_SUBTRACT            = 0x6D
+	VK_DECIMAL             = 0x6E
+	VK_DIVIDE              = 0x6F
+	VK_F1                  = 0x70
+	VK_F2                  = 0x71
+	VK_F3                  = 0x72
+	VK_F4                  = 0x73
+	VK_F5                  = 0x74
+	VK_F6                  = 0x75
+	VK_F7                  = 0x76
+	VK_F8                  = 0x77
+	VK_F9                  = 0x78
+	VK_F10                 = 0x79
+	VK_F11                 = 0x7A
+	VK_F12                 = 0x7B
+	VK_F13                 = 0x7C
+	VK_F14                 = 0x7D
+	VK_F15                 = 0x7E
+	VK_F16                 = 0x7F
+	VK_F17                 = 0x80
+	VK_F18                 = 0x81
+	VK_F19                 = 0x82
+	VK_F20                 = 0x83
+	VK_F21                 = 0x84
+	VK_F22                 = 0x85
+	VK_F23                 = 0x86
+	VK_F24                 = 0x87
+	VK_NUMLOCK             = 0x90
+	VK_SCROLL              = 0x91
+	VK_OEM_NEC_EQUAL       = 0x92
+	VK_OEM_FJ_JISHO        = 0x92
+	VK_OEM_FJ_MASSHOU      = 0x93
+	VK_OEM_FJ_TOUROKU      = 0x94
+	VK_OEM_FJ_LOYA         = 0x95
+	VK_OEM_FJ_ROYA         = 0x96
+	VK_LSHIFT              = 0xA0
+	VK_RSHIFT              = 0xA1
+	VK_LCONTROL            = 0xA2
+	VK_RCONTROL            = 0xA3
+	VK_LMENU               = 0xA4
+	VK_RMENU               = 0xA5
+	VK_BROWSER_BACK        = 0xA6
+	VK_BROWSER_FORWARD     = 0xA7
+	VK_BROWSER_REFRESH     = 0xA8
+	VK_BROWSER_STOP        = 0xA9
+	VK_BROWSER_SEARCH      = 0xAA
+	VK_BROWSER_FAVORITES   = 0xAB
+	VK_BROWSER_HOME        = 0xAC
+	VK_VOLUME_MUTE         = 0xAD
+	VK_VOLUME_DOWN         = 0xAE
+	VK_VOLUME_UP           = 0xAF
+	VK_MEDIA_NEXT_TRACK    = 0xB0
+	VK_MEDIA_PREV_TRACK    = 0xB1
+	VK_MEDIA_STOP          = 0xB2
+	VK_MEDIA_PLAY_PAUSE    = 0xB3
+	VK_LAUNCH_MAIL         = 0xB4
+	VK_LAUNCH_MEDIA_SELECT = 0xB5
+	VK_LAUNCH_APP1         = 0xB6
+	VK_LAUNCH_APP2         = 0xB7
+	VK_OEM_1               = 0xBA
+	VK_OEM_PLUS            = 0xBB
+	VK_OEM_COMMA           = 0xBC
+	VK_OEM_MINUS           = 0xBD
+	VK_OEM_PERIOD          = 0xBE
+	VK_OEM_2               = 0xBF
+	VK_OEM_3               = 0xC0
+	VK_OEM_4               = 0xDB
+	VK_OEM_5               = 0xDC
+	VK_OEM_6               = 0xDD
+	VK_OEM_7               = 0xDE
+	VK_OEM_8               = 0xDF
+	VK_OEM_AX              = 0xE1
+	VK_OEM_102             = 0xE2
+	VK_ICO_HELP            = 0xE3
+	VK_ICO_00              = 0xE4
+	VK_PROCESSKEY          = 0xE5
+	VK_ICO_CLEAR           = 0xE6
+	VK_OEM_RESET           = 0xE9
+	VK_OEM_JUMP            = 0xEA
+	VK_OEM_PA1             = 0xEB
+	VK_OEM_PA2             = 0xEC
+	VK_OEM_PA3             = 0xED
+	VK_OEM_WSCTRL          = 0xEE
+	VK_OEM_CUSEL           = 0xEF
+	VK_OEM_ATTN            = 0xF0
+	VK_OEM_FINISH          = 0xF1
+	VK_OEM_COPY            = 0xF2
+	VK_OEM_AUTO            = 0xF3
+	VK_OEM_ENLW            = 0xF4
+	VK_OEM_BACKTAB         = 0xF5
+	VK_ATTN                = 0xF6
+	VK_CRSEL               = 0xF7
+	VK_EXSEL               = 0xF8
+	VK_EREOF               = 0xF9
+	VK_PLAY                = 0xFA
+	VK_ZOOM                = 0xFB
+	VK_NONAME              = 0xFC
+	VK_PA1                 = 0xFD
+	VK_OEM_CLEAR           = 0xFE
+)
+
+// Mouse button constants.
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+	FROM_LEFT_1ST_BUTTON_PRESSED = 0x0001
+	RIGHTMOST_BUTTON_PRESSED     = 0x0002
+	FROM_LEFT_2ND_BUTTON_PRESSED = 0x0004
+	FROM_LEFT_3RD_BUTTON_PRESSED = 0x0008
+	FROM_LEFT_4TH_BUTTON_PRESSED = 0x0010
+)
+
+// Control key state constaints.
+// https://docs.microsoft.com/en-us/windows/console/key-event-record-str
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+	CAPSLOCK_ON        = 0x0080
+	ENHANCED_KEY       = 0x0100
+	LEFT_ALT_PRESSED   = 0x0002
+	LEFT_CTRL_PRESSED  = 0x0008
+	NUMLOCK_ON         = 0x0020
+	RIGHT_ALT_PRESSED  = 0x0001
+	RIGHT_CTRL_PRESSED = 0x0004
+	SCROLLLOCK_ON      = 0x0040
+	SHIFT_PRESSED      = 0x0010
+)
+
+// Mouse event record event flags.
+// https://docs.microsoft.com/en-us/windows/console/mouse-event-record-str
+const (
+	MOUSE_MOVED    = 0x0001
+	DOUBLE_CLICK   = 0x0002
+	MOUSE_WHEELED  = 0x0004
+	MOUSE_HWHEELED = 0x0008
+)
+
+// Input Record Event Types
+// https://learn.microsoft.com/en-us/windows/console/input-record-str
+const (
+	FOCUS_EVENT              = 0x0010
+	KEY_EVENT                = 0x0001
+	MENU_EVENT               = 0x0008
+	MOUSE_EVENT              = 0x0002
+	WINDOW_BUFFER_SIZE_EVENT = 0x0004
+)
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 146a1f01..a58bc48b 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -91,6 +91,7 @@ var (
 	procEnumServicesStatusExW                                = modadvapi32.NewProc("EnumServicesStatusExW")
 	procEqualSid                                             = modadvapi32.NewProc("EqualSid")
 	procFreeSid                                              = modadvapi32.NewProc("FreeSid")
+	procGetAce                                               = modadvapi32.NewProc("GetAce")
 	procGetLengthSid                                         = modadvapi32.NewProc("GetLengthSid")
 	procGetNamedSecurityInfoW                                = modadvapi32.NewProc("GetNamedSecurityInfoW")
 	procGetSecurityDescriptorControl                         = modadvapi32.NewProc("GetSecurityDescriptorControl")
@@ -180,14 +181,21 @@ var (
 	procDnsRecordListFree                                    = moddnsapi.NewProc("DnsRecordListFree")
 	procDwmGetWindowAttribute                                = moddwmapi.NewProc("DwmGetWindowAttribute")
 	procDwmSetWindowAttribute                                = moddwmapi.NewProc("DwmSetWindowAttribute")
+	procCancelMibChangeNotify2                               = modiphlpapi.NewProc("CancelMibChangeNotify2")
 	procGetAdaptersAddresses                                 = modiphlpapi.NewProc("GetAdaptersAddresses")
 	procGetAdaptersInfo                                      = modiphlpapi.NewProc("GetAdaptersInfo")
 	procGetBestInterfaceEx                                   = modiphlpapi.NewProc("GetBestInterfaceEx")
 	procGetIfEntry                                           = modiphlpapi.NewProc("GetIfEntry")
+	procGetIfEntry2Ex                                        = modiphlpapi.NewProc("GetIfEntry2Ex")
+	procGetUnicastIpAddressEntry                             = modiphlpapi.NewProc("GetUnicastIpAddressEntry")
+	procNotifyIpInterfaceChange                              = modiphlpapi.NewProc("NotifyIpInterfaceChange")
+	procNotifyUnicastIpAddressChange                         = modiphlpapi.NewProc("NotifyUnicastIpAddressChange")
 	procAddDllDirectory                                      = modkernel32.NewProc("AddDllDirectory")
 	procAssignProcessToJobObject                             = modkernel32.NewProc("AssignProcessToJobObject")
 	procCancelIo                                             = modkernel32.NewProc("CancelIo")
 	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
+	procClearCommBreak                                       = modkernel32.NewProc("ClearCommBreak")
+	procClearCommError                                       = modkernel32.NewProc("ClearCommError")
 	procCloseHandle                                          = modkernel32.NewProc("CloseHandle")
 	procClosePseudoConsole                                   = modkernel32.NewProc("ClosePseudoConsole")
 	procConnectNamedPipe                                     = modkernel32.NewProc("ConnectNamedPipe")
@@ -212,7 +220,9 @@ var (
 	procDeleteProcThreadAttributeList                        = modkernel32.NewProc("DeleteProcThreadAttributeList")
 	procDeleteVolumeMountPointW                              = modkernel32.NewProc("DeleteVolumeMountPointW")
 	procDeviceIoControl                                      = modkernel32.NewProc("DeviceIoControl")
+	procDisconnectNamedPipe                                  = modkernel32.NewProc("DisconnectNamedPipe")
 	procDuplicateHandle                                      = modkernel32.NewProc("DuplicateHandle")
+	procEscapeCommFunction                                   = modkernel32.NewProc("EscapeCommFunction")
 	procExitProcess                                          = modkernel32.NewProc("ExitProcess")
 	procExpandEnvironmentStringsW                            = modkernel32.NewProc("ExpandEnvironmentStringsW")
 	procFindClose                                            = modkernel32.NewProc("FindClose")
@@ -236,11 +246,15 @@ var (
 	procGenerateConsoleCtrlEvent                             = modkernel32.NewProc("GenerateConsoleCtrlEvent")
 	procGetACP                                               = modkernel32.NewProc("GetACP")
 	procGetActiveProcessorCount                              = modkernel32.NewProc("GetActiveProcessorCount")
+	procGetCommModemStatus                                   = modkernel32.NewProc("GetCommModemStatus")
+	procGetCommState                                         = modkernel32.NewProc("GetCommState")
 	procGetCommTimeouts                                      = modkernel32.NewProc("GetCommTimeouts")
 	procGetCommandLineW                                      = modkernel32.NewProc("GetCommandLineW")
 	procGetComputerNameExW                                   = modkernel32.NewProc("GetComputerNameExW")
 	procGetComputerNameW                                     = modkernel32.NewProc("GetComputerNameW")
+	procGetConsoleCP                                         = modkernel32.NewProc("GetConsoleCP")
 	procGetConsoleMode                                       = modkernel32.NewProc("GetConsoleMode")
+	procGetConsoleOutputCP                                   = modkernel32.NewProc("GetConsoleOutputCP")
 	procGetConsoleScreenBufferInfo                           = modkernel32.NewProc("GetConsoleScreenBufferInfo")
 	procGetCurrentDirectoryW                                 = modkernel32.NewProc("GetCurrentDirectoryW")
 	procGetCurrentProcessId                                  = modkernel32.NewProc("GetCurrentProcessId")
@@ -266,8 +280,10 @@ var (
 	procGetMaximumProcessorCount                             = modkernel32.NewProc("GetMaximumProcessorCount")
 	procGetModuleFileNameW                                   = modkernel32.NewProc("GetModuleFileNameW")
 	procGetModuleHandleExW                                   = modkernel32.NewProc("GetModuleHandleExW")
+	procGetNamedPipeClientProcessId                          = modkernel32.NewProc("GetNamedPipeClientProcessId")
 	procGetNamedPipeHandleStateW                             = modkernel32.NewProc("GetNamedPipeHandleStateW")
 	procGetNamedPipeInfo                                     = modkernel32.NewProc("GetNamedPipeInfo")
+	procGetNamedPipeServerProcessId                          = modkernel32.NewProc("GetNamedPipeServerProcessId")
 	procGetOverlappedResult                                  = modkernel32.NewProc("GetOverlappedResult")
 	procGetPriorityClass                                     = modkernel32.NewProc("GetPriorityClass")
 	procGetProcAddress                                       = modkernel32.NewProc("GetProcAddress")
@@ -322,6 +338,7 @@ var (
 	procProcess32NextW                                       = modkernel32.NewProc("Process32NextW")
 	procProcessIdToSessionId                                 = modkernel32.NewProc("ProcessIdToSessionId")
 	procPulseEvent                                           = modkernel32.NewProc("PulseEvent")
+	procPurgeComm                                            = modkernel32.NewProc("PurgeComm")
 	procQueryDosDeviceW                                      = modkernel32.NewProc("QueryDosDeviceW")
 	procQueryFullProcessImageNameW                           = modkernel32.NewProc("QueryFullProcessImageNameW")
 	procQueryInformationJobObject                            = modkernel32.NewProc("QueryInformationJobObject")
@@ -335,9 +352,14 @@ var (
 	procResetEvent                                           = modkernel32.NewProc("ResetEvent")
 	procResizePseudoConsole                                  = modkernel32.NewProc("ResizePseudoConsole")
 	procResumeThread                                         = modkernel32.NewProc("ResumeThread")
+	procSetCommBreak                                         = modkernel32.NewProc("SetCommBreak")
+	procSetCommMask                                          = modkernel32.NewProc("SetCommMask")
+	procSetCommState                                         = modkernel32.NewProc("SetCommState")
 	procSetCommTimeouts                                      = modkernel32.NewProc("SetCommTimeouts")
+	procSetConsoleCP                                         = modkernel32.NewProc("SetConsoleCP")
 	procSetConsoleCursorPosition                             = modkernel32.NewProc("SetConsoleCursorPosition")
 	procSetConsoleMode                                       = modkernel32.NewProc("SetConsoleMode")
+	procSetConsoleOutputCP                                   = modkernel32.NewProc("SetConsoleOutputCP")
 	procSetCurrentDirectoryW                                 = modkernel32.NewProc("SetCurrentDirectoryW")
 	procSetDefaultDllDirectories                             = modkernel32.NewProc("SetDefaultDllDirectories")
 	procSetDllDirectoryW                                     = modkernel32.NewProc("SetDllDirectoryW")
@@ -350,6 +372,7 @@ var (
 	procSetFileInformationByHandle                           = modkernel32.NewProc("SetFileInformationByHandle")
 	procSetFilePointer                                       = modkernel32.NewProc("SetFilePointer")
 	procSetFileTime                                          = modkernel32.NewProc("SetFileTime")
+	procSetFileValidData                                     = modkernel32.NewProc("SetFileValidData")
 	procSetHandleInformation                                 = modkernel32.NewProc("SetHandleInformation")
 	procSetInformationJobObject                              = modkernel32.NewProc("SetInformationJobObject")
 	procSetNamedPipeHandleState                              = modkernel32.NewProc("SetNamedPipeHandleState")
@@ -360,6 +383,7 @@ var (
 	procSetStdHandle                                         = modkernel32.NewProc("SetStdHandle")
 	procSetVolumeLabelW                                      = modkernel32.NewProc("SetVolumeLabelW")
 	procSetVolumeMountPointW                                 = modkernel32.NewProc("SetVolumeMountPointW")
+	procSetupComm                                            = modkernel32.NewProc("SetupComm")
 	procSizeofResource                                       = modkernel32.NewProc("SizeofResource")
 	procSleepEx                                              = modkernel32.NewProc("SleepEx")
 	procTerminateJobObject                                   = modkernel32.NewProc("TerminateJobObject")
@@ -378,6 +402,7 @@ var (
 	procVirtualQueryEx                                       = modkernel32.NewProc("VirtualQueryEx")
 	procVirtualUnlock                                        = modkernel32.NewProc("VirtualUnlock")
 	procWTSGetActiveConsoleSessionId                         = modkernel32.NewProc("WTSGetActiveConsoleSessionId")
+	procWaitCommEvent                                        = modkernel32.NewProc("WaitCommEvent")
 	procWaitForMultipleObjects                               = modkernel32.NewProc("WaitForMultipleObjects")
 	procWaitForSingleObject                                  = modkernel32.NewProc("WaitForSingleObject")
 	procWriteConsoleW                                        = modkernel32.NewProc("WriteConsoleW")
@@ -388,6 +413,7 @@ var (
 	procTransmitFile                                         = modmswsock.NewProc("TransmitFile")
 	procNetApiBufferFree                                     = modnetapi32.NewProc("NetApiBufferFree")
 	procNetGetJoinInformation                                = modnetapi32.NewProc("NetGetJoinInformation")
+	procNetUserEnum                                          = modnetapi32.NewProc("NetUserEnum")
 	procNetUserGetInfo                                       = modnetapi32.NewProc("NetUserGetInfo")
 	procNtCreateFile                                         = modntdll.NewProc("NtCreateFile")
 	procNtCreateNamedPipeFile                                = modntdll.NewProc("NtCreateNamedPipeFile")
@@ -463,12 +489,16 @@ var (
 	procGetDesktopWindow                                     = moduser32.NewProc("GetDesktopWindow")
 	procGetForegroundWindow                                  = moduser32.NewProc("GetForegroundWindow")
 	procGetGUIThreadInfo                                     = moduser32.NewProc("GetGUIThreadInfo")
+	procGetKeyboardLayout                                    = moduser32.NewProc("GetKeyboardLayout")
 	procGetShellWindow                                       = moduser32.NewProc("GetShellWindow")
 	procGetWindowThreadProcessId                             = moduser32.NewProc("GetWindowThreadProcessId")
 	procIsWindow                                             = moduser32.NewProc("IsWindow")
 	procIsWindowUnicode                                      = moduser32.NewProc("IsWindowUnicode")
 	procIsWindowVisible                                      = moduser32.NewProc("IsWindowVisible")
+	procLoadKeyboardLayoutW                                  = moduser32.NewProc("LoadKeyboardLayoutW")
 	procMessageBoxW                                          = moduser32.NewProc("MessageBoxW")
+	procToUnicodeEx                                          = moduser32.NewProc("ToUnicodeEx")
+	procUnloadKeyboardLayout                                 = moduser32.NewProc("UnloadKeyboardLayout")
 	procCreateEnvironmentBlock                               = moduserenv.NewProc("CreateEnvironmentBlock")
 	procDestroyEnvironmentBlock                              = moduserenv.NewProc("DestroyEnvironmentBlock")
 	procGetUserProfileDirectoryW                             = moduserenv.NewProc("GetUserProfileDirectoryW")
@@ -481,6 +511,7 @@ var (
 	procFreeAddrInfoW                                        = modws2_32.NewProc("FreeAddrInfoW")
 	procGetAddrInfoW                                         = modws2_32.NewProc("GetAddrInfoW")
 	procWSACleanup                                           = modws2_32.NewProc("WSACleanup")
+	procWSADuplicateSocketW                                  = modws2_32.NewProc("WSADuplicateSocketW")
 	procWSAEnumProtocolsW                                    = modws2_32.NewProc("WSAEnumProtocolsW")
 	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
 	procWSAIoctl                                             = modws2_32.NewProc("WSAIoctl")
@@ -774,6 +805,14 @@ func FreeSid(sid *SID) (err error) {
 	return
 }
 
+func GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetAce.Addr(), 3, uintptr(unsafe.Pointer(acl)), uintptr(aceIndex), uintptr(unsafe.Pointer(pAce)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetLengthSid(sid *SID) (len uint32) {
 	r0, _, _ := syscall.Syscall(procGetLengthSid.Addr(), 1, uintptr(unsafe.Pointer(sid)), 0, 0)
 	len = uint32(r0)
@@ -1575,6 +1614,14 @@ func DwmSetWindowAttribute(hwnd HWND, attribute uint32, value unsafe.Pointer, si
 	return
 }
 
+func CancelMibChangeNotify2(notificationHandle Handle) (errcode error) {
+	r0, _, _ := syscall.Syscall(procCancelMibChangeNotify2.Addr(), 1, uintptr(notificationHandle), 0, 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
+	return
+}
+
 func GetAdaptersAddresses(family uint32, flags uint32, reserved uintptr, adapterAddresses *IpAdapterAddresses, sizePointer *uint32) (errcode error) {
 	r0, _, _ := syscall.Syscall6(procGetAdaptersAddresses.Addr(), 5, uintptr(family), uintptr(flags), uintptr(reserved), uintptr(unsafe.Pointer(adapterAddresses)), uintptr(unsafe.Pointer(sizePointer)), 0)
 	if r0 != 0 {
@@ -1607,6 +1654,46 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) {
 	return
 }
 
+func GetIfEntry2Ex(level uint32, row *MibIfRow2) (errcode error) {
+	r0, _, _ := syscall.Syscall(procGetIfEntry2Ex.Addr(), 2, uintptr(level), uintptr(unsafe.Pointer(row)), 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
+	return
+}
+
+func GetUnicastIpAddressEntry(row *MibUnicastIpAddressRow) (errcode error) {
+	r0, _, _ := syscall.Syscall(procGetUnicastIpAddressEntry.Addr(), 1, uintptr(unsafe.Pointer(row)), 0, 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
+	return
+}
+
+func NotifyIpInterfaceChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) {
+	var _p0 uint32
+	if initialNotification {
+		_p0 = 1
+	}
+	r0, _, _ := syscall.Syscall6(procNotifyIpInterfaceChange.Addr(), 5, uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle)), 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
+	return
+}
+
+func NotifyUnicastIpAddressChange(family uint16, callback uintptr, callerContext unsafe.Pointer, initialNotification bool, notificationHandle *Handle) (errcode error) {
+	var _p0 uint32
+	if initialNotification {
+		_p0 = 1
+	}
+	r0, _, _ := syscall.Syscall6(procNotifyUnicastIpAddressChange.Addr(), 5, uintptr(family), uintptr(callback), uintptr(callerContext), uintptr(_p0), uintptr(unsafe.Pointer(notificationHandle)), 0)
+	if r0 != 0 {
+		errcode = syscall.Errno(r0)
+	}
+	return
+}
+
 func AddDllDirectory(path *uint16) (cookie uintptr, err error) {
 	r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
 	cookie = uintptr(r0)
@@ -1640,6 +1727,22 @@ func CancelIoEx(s Handle, o *Overlapped) (err error) {
 	return
 }
 
+func ClearCommBreak(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procClearCommBreak.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func ClearCommError(handle Handle, lpErrors *uint32, lpStat *ComStat) (err error) {
+	r1, _, e1 := syscall.Syscall(procClearCommError.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(lpErrors)), uintptr(unsafe.Pointer(lpStat)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func CloseHandle(handle Handle) (err error) {
 	r1, _, e1 := syscall.Syscall(procCloseHandle.Addr(), 1, uintptr(handle), 0, 0)
 	if r1 == 0 {
@@ -1844,6 +1947,14 @@ func DeviceIoControl(handle Handle, ioControlCode uint32, inBuffer *byte, inBuff
 	return
 }
 
+func DisconnectNamedPipe(pipe Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procDisconnectNamedPipe.Addr(), 1, uintptr(pipe), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetProcessHandle Handle, lpTargetHandle *Handle, dwDesiredAccess uint32, bInheritHandle bool, dwOptions uint32) (err error) {
 	var _p0 uint32
 	if bInheritHandle {
@@ -1856,6 +1967,14 @@ func DuplicateHandle(hSourceProcessHandle Handle, hSourceHandle Handle, hTargetP
 	return
 }
 
+func EscapeCommFunction(handle Handle, dwFunc uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procEscapeCommFunction.Addr(), 2, uintptr(handle), uintptr(dwFunc), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func ExitProcess(exitcode uint32) {
 	syscall.Syscall(procExitProcess.Addr(), 1, uintptr(exitcode), 0, 0)
 	return
@@ -2057,6 +2176,22 @@ func GetActiveProcessorCount(groupNumber uint16) (ret uint32) {
 	return
 }
 
+func GetCommModemStatus(handle Handle, lpModemStat *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetCommModemStatus.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpModemStat)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func GetCommState(handle Handle, lpDCB *DCB) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetCommState.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpDCB)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) {
 	r1, _, e1 := syscall.Syscall(procGetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0)
 	if r1 == 0 {
@@ -2087,6 +2222,15 @@ func GetComputerName(buf *uint16, n *uint32) (err error) {
 	return
 }
 
+func GetConsoleCP() (cp uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetConsoleCP.Addr(), 0, 0, 0, 0)
+	cp = uint32(r0)
+	if cp == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetConsoleMode(console Handle, mode *uint32) (err error) {
 	r1, _, e1 := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(mode)), 0)
 	if r1 == 0 {
@@ -2095,6 +2239,15 @@ func GetConsoleMode(console Handle, mode *uint32) (err error) {
 	return
 }
 
+func GetConsoleOutputCP() (cp uint32, err error) {
+	r0, _, e1 := syscall.Syscall(procGetConsoleOutputCP.Addr(), 0, 0, 0, 0)
+	cp = uint32(r0)
+	if cp == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetConsoleScreenBufferInfo(console Handle, info *ConsoleScreenBufferInfo) (err error) {
 	r1, _, e1 := syscall.Syscall(procGetConsoleScreenBufferInfo.Addr(), 2, uintptr(console), uintptr(unsafe.Pointer(info)), 0)
 	if r1 == 0 {
@@ -2296,6 +2449,14 @@ func GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err er
 	return
 }
 
+func GetNamedPipeClientProcessId(pipe Handle, clientProcessID *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetNamedPipeClientProcessId.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(clientProcessID)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetNamedPipeHandleState(pipe Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) {
 	r1, _, e1 := syscall.Syscall9(procGetNamedPipeHandleStateW.Addr(), 7, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize), 0, 0)
 	if r1 == 0 {
@@ -2312,6 +2473,14 @@ func GetNamedPipeInfo(pipe Handle, flags *uint32, outSize *uint32, inSize *uint3
 	return
 }
 
+func GetNamedPipeServerProcessId(pipe Handle, serverProcessID *uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procGetNamedPipeServerProcessId.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(serverProcessID)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetOverlappedResult(handle Handle, overlapped *Overlapped, done *uint32, wait bool) (err error) {
 	var _p0 uint32
 	if wait {
@@ -2809,6 +2978,14 @@ func PulseEvent(event Handle) (err error) {
 	return
 }
 
+func PurgeComm(handle Handle, dwFlags uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procPurgeComm.Addr(), 2, uintptr(handle), uintptr(dwFlags), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func QueryDosDevice(deviceName *uint16, targetPath *uint16, max uint32) (n uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procQueryDosDeviceW.Addr(), 3, uintptr(unsafe.Pointer(deviceName)), uintptr(unsafe.Pointer(targetPath)), uintptr(max))
 	n = uint32(r0)
@@ -2923,6 +3100,30 @@ func ResumeThread(thread Handle) (ret uint32, err error) {
 	return
 }
 
+func SetCommBreak(handle Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCommBreak.Addr(), 1, uintptr(handle), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetCommMask(handle Handle, dwEvtMask uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCommMask.Addr(), 2, uintptr(handle), uintptr(dwEvtMask), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+func SetCommState(handle Handle, lpDCB *DCB) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetCommState.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(lpDCB)), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetCommTimeouts.Addr(), 2, uintptr(handle), uintptr(unsafe.Pointer(timeouts)), 0)
 	if r1 == 0 {
@@ -2931,6 +3132,14 @@ func SetCommTimeouts(handle Handle, timeouts *CommTimeouts) (err error) {
 	return
 }
 
+func SetConsoleCP(cp uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetConsoleCP.Addr(), 1, uintptr(cp), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func setConsoleCursorPosition(console Handle, position uint32) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetConsoleCursorPosition.Addr(), 2, uintptr(console), uintptr(position), 0)
 	if r1 == 0 {
@@ -2947,6 +3156,14 @@ func SetConsoleMode(console Handle, mode uint32) (err error) {
 	return
 }
 
+func SetConsoleOutputCP(cp uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetConsoleOutputCP.Addr(), 1, uintptr(cp), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SetCurrentDirectory(path *uint16) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetCurrentDirectoryW.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
 	if r1 == 0 {
@@ -3051,6 +3268,14 @@ func SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetim
 	return
 }
 
+func SetFileValidData(handle Handle, validDataLength int64) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetFileValidData.Addr(), 2, uintptr(handle), uintptr(validDataLength), 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SetHandleInformation(handle Handle, mask uint32, flags uint32) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetHandleInformation.Addr(), 3, uintptr(handle), uintptr(mask), uintptr(flags))
 	if r1 == 0 {
@@ -3136,6 +3361,14 @@ func SetVolumeMountPoint(volumeMountPoint *uint16, volumeName *uint16) (err erro
 	return
 }
 
+func SetupComm(handle Handle, dwInQueue uint32, dwOutQueue uint32) (err error) {
+	r1, _, e1 := syscall.Syscall(procSetupComm.Addr(), 3, uintptr(handle), uintptr(dwInQueue), uintptr(dwOutQueue))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func SizeofResource(module Handle, resInfo Handle) (size uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procSizeofResource.Addr(), 2, uintptr(module), uintptr(resInfo), 0)
 	size = uint32(r0)
@@ -3282,6 +3515,14 @@ func WTSGetActiveConsoleSessionId() (sessionID uint32) {
 	return
 }
 
+func WaitCommEvent(handle Handle, lpEvtMask *uint32, lpOverlapped *Overlapped) (err error) {
+	r1, _, e1 := syscall.Syscall(procWaitCommEvent.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(lpEvtMask)), uintptr(unsafe.Pointer(lpOverlapped)))
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func waitForMultipleObjects(count uint32, handles uintptr, waitAll bool, waitMilliseconds uint32) (event uint32, err error) {
 	var _p0 uint32
 	if waitAll {
@@ -3369,6 +3610,14 @@ func NetGetJoinInformation(server *uint16, name **uint16, bufType *uint32) (nete
 	return
 }
 
+func NetUserEnum(serverName *uint16, level uint32, filter uint32, buf **byte, prefMaxLen uint32, entriesRead *uint32, totalEntries *uint32, resumeHandle *uint32) (neterr error) {
+	r0, _, _ := syscall.Syscall9(procNetUserEnum.Addr(), 8, uintptr(unsafe.Pointer(serverName)), uintptr(level), uintptr(filter), uintptr(unsafe.Pointer(buf)), uintptr(prefMaxLen), uintptr(unsafe.Pointer(entriesRead)), uintptr(unsafe.Pointer(totalEntries)), uintptr(unsafe.Pointer(resumeHandle)), 0)
+	if r0 != 0 {
+		neterr = syscall.Errno(r0)
+	}
+	return
+}
+
 func NetUserGetInfo(serverName *uint16, userName *uint16, level uint32, buf **byte) (neterr error) {
 	r0, _, _ := syscall.Syscall6(procNetUserGetInfo.Addr(), 4, uintptr(unsafe.Pointer(serverName)), uintptr(unsafe.Pointer(userName)), uintptr(level), uintptr(unsafe.Pointer(buf)), 0, 0)
 	if r0 != 0 {
@@ -3947,6 +4196,12 @@ func GetGUIThreadInfo(thread uint32, info *GUIThreadInfo) (err error) {
 	return
 }
 
+func GetKeyboardLayout(tid uint32) (hkl Handle) {
+	r0, _, _ := syscall.Syscall(procGetKeyboardLayout.Addr(), 1, uintptr(tid), 0, 0)
+	hkl = Handle(r0)
+	return
+}
+
 func GetShellWindow() (shellWindow HWND) {
 	r0, _, _ := syscall.Syscall(procGetShellWindow.Addr(), 0, 0, 0, 0)
 	shellWindow = HWND(r0)
@@ -3980,6 +4235,15 @@ func IsWindowVisible(hwnd HWND) (isVisible bool) {
 	return
 }
 
+func LoadKeyboardLayout(name *uint16, flags uint32) (hkl Handle, err error) {
+	r0, _, e1 := syscall.Syscall(procLoadKeyboardLayoutW.Addr(), 2, uintptr(unsafe.Pointer(name)), uintptr(flags), 0)
+	hkl = Handle(r0)
+	if hkl == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func MessageBox(hwnd HWND, text *uint16, caption *uint16, boxtype uint32) (ret int32, err error) {
 	r0, _, e1 := syscall.Syscall6(procMessageBoxW.Addr(), 4, uintptr(hwnd), uintptr(unsafe.Pointer(text)), uintptr(unsafe.Pointer(caption)), uintptr(boxtype), 0, 0)
 	ret = int32(r0)
@@ -3989,6 +4253,20 @@ func MessageBox(hwnd HWND, text *uint16, caption *uint16, boxtype uint32) (ret i
 	return
 }
 
+func ToUnicodeEx(vkey uint32, scancode uint32, keystate *byte, pwszBuff *uint16, cchBuff int32, flags uint32, hkl Handle) (ret int32) {
+	r0, _, _ := syscall.Syscall9(procToUnicodeEx.Addr(), 7, uintptr(vkey), uintptr(scancode), uintptr(unsafe.Pointer(keystate)), uintptr(unsafe.Pointer(pwszBuff)), uintptr(cchBuff), uintptr(flags), uintptr(hkl), 0, 0)
+	ret = int32(r0)
+	return
+}
+
+func UnloadKeyboardLayout(hkl Handle) (err error) {
+	r1, _, e1 := syscall.Syscall(procUnloadKeyboardLayout.Addr(), 1, uintptr(hkl), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) {
 	var _p0 uint32
 	if inheritExisting {
@@ -4114,6 +4392,14 @@ func WSACleanup() (err error) {
 	return
 }
 
+func WSADuplicateSocket(s Handle, processID uint32, info *WSAProtocolInfo) (err error) {
+	r1, _, e1 := syscall.Syscall(procWSADuplicateSocketW.Addr(), 3, uintptr(s), uintptr(processID), uintptr(unsafe.Pointer(info)))
+	if r1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func WSAEnumProtocols(protocols *int32, protocolBuffer *WSAProtocolInfo, bufferLength *uint32) (n int32, err error) {
 	r0, _, e1 := syscall.Syscall(procWSAEnumProtocolsW.Addr(), 3, uintptr(unsafe.Pointer(protocols)), uintptr(unsafe.Pointer(protocolBuffer)), uintptr(unsafe.Pointer(bufferLength)))
 	n = int32(r0)
diff --git a/vendor/golang.org/x/term/LICENSE b/vendor/golang.org/x/term/LICENSE
index 6a66aea5..2a7cf70d 100644
--- a/vendor/golang.org/x/term/LICENSE
+++ b/vendor/golang.org/x/term/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google Inc. nor the names of its
+   * Neither the name of Google LLC nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 
diff --git a/vendor/golang.org/x/term/README.md b/vendor/golang.org/x/term/README.md
index d03d0aef..05ff623f 100644
--- a/vendor/golang.org/x/term/README.md
+++ b/vendor/golang.org/x/term/README.md
@@ -4,16 +4,13 @@
 
 This repository provides Go terminal and console support packages.
 
-## Download/Install
-
-The easiest way to install is to run `go get -u golang.org/x/term`. You can
-also manually git clone the repository to `$GOPATH/src/golang.org/x/term`.
-
 ## Report Issues / Send Patches
 
 This repository uses Gerrit for code changes. To learn how to submit changes to
-this repository, see https://golang.org/doc/contribute.html.
+this repository, see https://go.dev/doc/contribute.
+
+The git repository is https://go.googlesource.com/term.
 
 The main issue tracker for the term repository is located at
-https://github.com/golang/go/issues. Prefix your issue with "x/term:" in the
+https://go.dev/issues. Prefix your issue with "x/term:" in the
 subject line, so it is easy to find.
diff --git a/vendor/golang.org/x/term/term_windows.go b/vendor/golang.org/x/term/term_windows.go
index 465f5606..df6bf948 100644
--- a/vendor/golang.org/x/term/term_windows.go
+++ b/vendor/golang.org/x/term/term_windows.go
@@ -26,6 +26,7 @@ func makeRaw(fd int) (*State, error) {
 		return nil, err
 	}
 	raw := st &^ (windows.ENABLE_ECHO_INPUT | windows.ENABLE_PROCESSED_INPUT | windows.ENABLE_LINE_INPUT | windows.ENABLE_PROCESSED_OUTPUT)
+	raw |= windows.ENABLE_VIRTUAL_TERMINAL_INPUT
 	if err := windows.SetConsoleMode(windows.Handle(fd), raw); err != nil {
 		return nil, err
 	}
diff --git a/vendor/golang.org/x/term/terminal.go b/vendor/golang.org/x/term/terminal.go
index f636667f..13e9a64a 100644
--- a/vendor/golang.org/x/term/terminal.go
+++ b/vendor/golang.org/x/term/terminal.go
@@ -6,6 +6,7 @@ package term
 
 import (
 	"bytes"
+	"fmt"
 	"io"
 	"runtime"
 	"strconv"
@@ -36,6 +37,26 @@ var vt100EscapeCodes = EscapeCodes{
 	Reset: []byte{keyEscape, '[', '0', 'm'},
 }
 
+// A History provides a (possibly bounded) queue of input lines read by [Terminal.ReadLine].
+type History interface {
+	// Add will be called by [Terminal.ReadLine] to add
+	// a new, most recent entry to the history.
+	// It is allowed to drop any entry, including
+	// the entry being added (e.g., if it's deemed an invalid entry),
+	// the least-recent entry (e.g., to keep the history bounded),
+	// or any other entry.
+	Add(entry string)
+
+	// Len returns the number of entries in the history.
+	Len() int
+
+	// At returns an entry from the history.
+	// Index 0 is the most-recently added entry and
+	// index Len()-1 is the least-recently added entry.
+	// If index is < 0 or >= Len(), it panics.
+	At(idx int) string
+}
+
 // Terminal contains the state for running a VT100 terminal that is capable of
 // reading lines of input.
 type Terminal struct {
@@ -44,6 +65,8 @@ type Terminal struct {
 	// bytes, as an index into |line|). If it returns ok=false, the key
 	// press is processed normally. Otherwise it returns a replacement line
 	// and the new cursor position.
+	//
+	// This will be disabled during ReadPassword.
 	AutoCompleteCallback func(line string, pos int, key rune) (newLine string, newPos int, ok bool)
 
 	// Escape contains a pointer to the escape codes for this terminal.
@@ -84,9 +107,14 @@ type Terminal struct {
 	remainder []byte
 	inBuf     [256]byte
 
-	// history contains previously entered commands so that they can be
-	// accessed with the up and down keys.
-	history stRingBuffer
+	// History records and retrieves lines of input read by [ReadLine] which
+	// a user can retrieve and navigate using the up and down arrow keys.
+	//
+	// It is not safe to call ReadLine concurrently with any methods on History.
+	//
+	// [NewTerminal] sets this to a default implementation that records the
+	// last 100 lines of input.
+	History History
 	// historyIndex stores the currently accessed history entry, where zero
 	// means the immediately previous entry.
 	historyIndex int
@@ -109,6 +137,7 @@ func NewTerminal(c io.ReadWriter, prompt string) *Terminal {
 		termHeight:   24,
 		echo:         true,
 		historyIndex: -1,
+		History:      &stRingBuffer{},
 	}
 }
 
@@ -448,6 +477,23 @@ func visualLength(runes []rune) int {
 	return length
 }
 
+// histroryAt unlocks the terminal and relocks it while calling History.At.
+func (t *Terminal) historyAt(idx int) (string, bool) {
+	t.lock.Unlock()     // Unlock to avoid deadlock if History methods use the output writer.
+	defer t.lock.Lock() // panic in At (or Len) protection.
+	if idx < 0 || idx >= t.History.Len() {
+		return "", false
+	}
+	return t.History.At(idx), true
+}
+
+// historyAdd unlocks the terminal and relocks it while calling History.Add.
+func (t *Terminal) historyAdd(entry string) {
+	t.lock.Unlock()     // Unlock to avoid deadlock if History methods use the output writer.
+	defer t.lock.Lock() // panic in Add protection.
+	t.History.Add(entry)
+}
+
 // handleKey processes the given key and, optionally, returns a line of text
 // that the user has entered.
 func (t *Terminal) handleKey(key rune) (line string, ok bool) {
@@ -495,7 +541,7 @@ func (t *Terminal) handleKey(key rune) (line string, ok bool) {
 		t.pos = len(t.line)
 		t.moveCursorToPos(t.pos)
 	case keyUp:
-		entry, ok := t.history.NthPreviousEntry(t.historyIndex + 1)
+		entry, ok := t.historyAt(t.historyIndex + 1)
 		if !ok {
 			return "", false
 		}
@@ -514,7 +560,7 @@ func (t *Terminal) handleKey(key rune) (line string, ok bool) {
 			t.setLine(runes, len(runes))
 			t.historyIndex--
 		default:
-			entry, ok := t.history.NthPreviousEntry(t.historyIndex - 1)
+			entry, ok := t.historyAt(t.historyIndex - 1)
 			if ok {
 				t.historyIndex--
 				runes := []rune(entry)
@@ -692,6 +738,8 @@ func (t *Terminal) Write(buf []byte) (n int, err error) {
 
 // ReadPassword temporarily changes the prompt and reads a password, without
 // echo, from the terminal.
+//
+// The AutoCompleteCallback is disabled during this call.
 func (t *Terminal) ReadPassword(prompt string) (line string, err error) {
 	t.lock.Lock()
 	defer t.lock.Unlock()
@@ -699,6 +747,11 @@ func (t *Terminal) ReadPassword(prompt string) (line string, err error) {
 	oldPrompt := t.prompt
 	t.prompt = []rune(prompt)
 	t.echo = false
+	oldAutoCompleteCallback := t.AutoCompleteCallback
+	t.AutoCompleteCallback = nil
+	defer func() {
+		t.AutoCompleteCallback = oldAutoCompleteCallback
+	}()
 
 	line, err = t.readLine()
 
@@ -772,7 +825,7 @@ func (t *Terminal) readLine() (line string, err error) {
 		if lineOk {
 			if t.echo {
 				t.historyIndex = -1
-				t.history.Add(line)
+				t.historyAdd(line)
 			}
 			if lineIsPasted {
 				err = ErrPasteIndicator
@@ -929,19 +982,23 @@ func (s *stRingBuffer) Add(a string) {
 	}
 }
 
-// NthPreviousEntry returns the value passed to the nth previous call to Add.
+func (s *stRingBuffer) Len() int {
+	return s.size
+}
+
+// At returns the value passed to the nth previous call to Add.
 // If n is zero then the immediately prior value is returned, if one, then the
 // next most recent, and so on. If such an element doesn't exist then ok is
 // false.
-func (s *stRingBuffer) NthPreviousEntry(n int) (value string, ok bool) {
+func (s *stRingBuffer) At(n int) string {
 	if n < 0 || n >= s.size {
-		return "", false
+		panic(fmt.Sprintf("term: history index [%d] out of range [0,%d)", n, s.size))
 	}
 	index := s.head - n
 	if index < 0 {
 		index += s.max
 	}
-	return s.entries[index], true
+	return s.entries[index]
 }
 
 // readPasswordLine reads from reader until it finds \n or io.EOF.
diff --git a/vendor/golang.org/x/text/LICENSE b/vendor/golang.org/x/text/LICENSE
index 6a66aea5..2a7cf70d 100644
--- a/vendor/golang.org/x/text/LICENSE
+++ b/vendor/golang.org/x/text/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google Inc. nor the names of its
+   * Neither the name of Google LLC nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 
diff --git a/vendor/golang.org/x/text/language/parse.go b/vendor/golang.org/x/text/language/parse.go
index 4d57222e..053336e2 100644
--- a/vendor/golang.org/x/text/language/parse.go
+++ b/vendor/golang.org/x/text/language/parse.go
@@ -59,7 +59,7 @@ func (c CanonType) Parse(s string) (t Tag, err error) {
 	if changed {
 		tt.RemakeString()
 	}
-	return makeTag(tt), err
+	return makeTag(tt), nil
 }
 
 // Compose creates a Tag from individual parts, which may be of type Tag, Base,
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 228dad72..1a218695 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -10,29 +10,33 @@ github.com/GehirnInc/crypt/md5_crypt
 # github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815
 ## explicit
 github.com/docopt/docopt-go
+# github.com/emersion/go-msgauth v0.7.0
+## explicit; go 1.18
+github.com/emersion/go-msgauth/dkim
 # github.com/ergochat/confusables v0.0.0-20201108231250-4ab98ab61fb1
 ## explicit
 github.com/ergochat/confusables
 # github.com/ergochat/go-ident v0.0.0-20230911071154-8c30606d6881
 ## explicit; go 1.18
 github.com/ergochat/go-ident
-# github.com/ergochat/irc-go v0.4.0
+# github.com/ergochat/irc-go v0.5.0-rc2
 ## explicit; go 1.15
 github.com/ergochat/irc-go/ircfmt
 github.com/ergochat/irc-go/ircmsg
 github.com/ergochat/irc-go/ircreader
 github.com/ergochat/irc-go/ircutils
+# github.com/ergochat/webpush-go/v2 v2.0.0
+## explicit; go 1.20
+github.com/ergochat/webpush-go/v2
 # github.com/go-sql-driver/mysql v1.7.0
 ## explicit; go 1.13
 github.com/go-sql-driver/mysql
-# github.com/go-test/deep v1.0.6
-## explicit; go 1.13
 # github.com/gofrs/flock v0.8.1
 ## explicit
 github.com/gofrs/flock
-# github.com/golang-jwt/jwt v3.2.2+incompatible
-## explicit
-github.com/golang-jwt/jwt
+# github.com/golang-jwt/jwt/v5 v5.2.2
+## explicit; go 1.18
+github.com/golang-jwt/jwt/v5
 # github.com/gorilla/websocket v1.4.2 => github.com/ergochat/websocket v1.4.2-oragono1
 ## explicit; go 1.12
 github.com/gorilla/websocket
@@ -48,7 +52,7 @@ github.com/okzk/sdnotify
 # github.com/tidwall/btree v1.4.2
 ## explicit; go 1.18
 github.com/tidwall/btree
-# github.com/tidwall/buntdb v1.2.10
+# github.com/tidwall/buntdb v1.3.2
 ## explicit; go 1.18
 github.com/tidwall/buntdb
 # github.com/tidwall/gjson v1.14.3
@@ -70,32 +74,29 @@ github.com/tidwall/rtred/base
 # github.com/tidwall/tinyqueue v0.1.1
 ## explicit; go 1.15
 github.com/tidwall/tinyqueue
-# github.com/toorop/go-dkim v0.0.0-20201103131630-e1cd1a0a5208
-## explicit
-github.com/toorop/go-dkim
 # github.com/xdg-go/pbkdf2 v1.0.0
 ## explicit; go 1.9
 github.com/xdg-go/pbkdf2
 # github.com/xdg-go/scram v1.0.2 => github.com/ergochat/scram v1.0.2-ergo1
 ## explicit; go 1.11
 github.com/xdg-go/scram
-# golang.org/x/crypto v0.17.0
-## explicit; go 1.18
+# golang.org/x/crypto v0.38.0
+## explicit; go 1.23.0
 golang.org/x/crypto/bcrypt
 golang.org/x/crypto/blowfish
+golang.org/x/crypto/ed25519
+golang.org/x/crypto/hkdf
 golang.org/x/crypto/pbkdf2
-golang.org/x/crypto/sha3
-# golang.org/x/sys v0.15.0
-## explicit; go 1.18
-golang.org/x/sys/cpu
+# golang.org/x/sys v0.33.0
+## explicit; go 1.23.0
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
-# golang.org/x/term v0.15.0
-## explicit; go 1.18
+# golang.org/x/term v0.32.0
+## explicit; go 1.23.0
 golang.org/x/term
-# golang.org/x/text v0.14.0
-## explicit; go 1.18
+# golang.org/x/text v0.25.0
+## explicit; go 1.23.0
 golang.org/x/text/cases
 golang.org/x/text/internal
 golang.org/x/text/internal/language