diff --git a/www/davical/Makefile b/www/davical/Makefile
index 148a9b6d5b41..43d48acda575 100644
--- a/www/davical/Makefile
+++ b/www/davical/Makefile
@@ -1,77 +1,78 @@
 PORTNAME=	davical
 DISTVERSIONPREFIX=	r
 DISTVERSION=	1.1.12
+PORTREVISION=	1
 CATEGORIES?=	www
 PKGNAMESUFFIX=	${PHP_PKGNAMESUFFIX}
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	dinoex@FreeBSD.org
 COMMENT=	Simple CalDAV server using a postgres backend
 WWW=		https://www.davical.org/
 
 LICENSE=	GPLv2 LGPL21
 LICENSE_COMB=	multi
 LICENSE_FILE=	${WRKSRC}/COPYING
 
 RUN_DEPENDS=	${PHP_PKGNAMEPREFIX}libawl>=0.60:devel/php-libawl@${PHP_FLAVOR} \
 		p5-DBD-Pg>=0:databases/p5-DBD-Pg \
 		p5-DBI>=0:databases/p5-DBI \
 		p5-YAML>=0:textproc/p5-YAML \
 		pwgen:sysutils/pwgen
 
 USES=		cpe pgsql php:flavors shebangfix
 
 USE_GITLAB=	yes
 GL_ACCOUNT=	davical-project
 GL_TAGNAME=	4301a795ac7a7636846bcc15348d96c68a1830fd
 
 USE_PHP=	calendar curl gettext iconv pdo \
 		pdo_pgsql pgsql session xml
 
 NO_ARCH=	yes
 NO_BUILD=	yes
 
 PORTDOCS=	README INSTALL davical_en_user_guide.odt \
 		phpdoc.ini translation.rst
 PORTEXAMPLES=	config
 
 SHEBANG_FILES=	scripts/sync-remote-caldav.php
 SUB_FILES=	pkg-message httpd-davical.conf
 
 OPTIONS_DEFINE=	DOCS EXAMPLES
 
 post-extract:
 	${FIND} ${WRKSRC} -name .gitignore -delete
 
 do-install:
 	${MKDIR} ${STAGEDIR}${WWWDIR}/htdocs \
 		${STAGEDIR}${WWWDIR}/inc \
 		${STAGEDIR}${WWWDIR}/config \
 		${STAGEDIR}${DATADIR}
 	# WWWDIR
 	(cd ${WRKSRC}/htdocs && \
 		${COPYTREE_SHARE} . ${STAGEDIR}${WWWDIR}/htdocs)
 	(cd ${WRKSRC}/inc && ${COPYTREE_SHARE} . \
 		${STAGEDIR}${WWWDIR}/inc "! -name always.php.in")
 	${INSTALL_DATA} ${WRKSRC}/config/example-config.php \
 		${STAGEDIR}${WWWDIR}/config/config.php.sample
 	# DATADIR
 	(cd ${WRKSRC} && ${COPYTREE_SHARE} scripts ${STAGEDIR}${DATADIR})
 	(cd ${WRKSRC} && ${COPYTREE_SHARE} dba ${STAGEDIR}${DATADIR} \
 		"! -name update-davical-database")
 	${INSTALL_DATA} ${WRKDIR}/httpd-davical.conf ${STAGEDIR}${DATADIR}
 	${INSTALL_SCRIPT} ${WRKSRC}/dba/update-davical-database \
 		${STAGEDIR}${DATADIR}/dba
 
 do-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	(cd ${WRKSRC}/docs && \
 		${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR})
 	${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/INSTALL ${STAGEDIR}${DOCSDIR}
 
 do-install-EXAMPLES-on:
 	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 	(cd ${WRKSRC} && \
 		${COPYTREE_SHARE} config ${STAGEDIR}${EXAMPLESDIR})
 
 .include <bsd.port.mk>
diff --git a/www/davical/files/patch-caldav-ACL.php b/www/davical/files/patch-caldav-ACL.php
new file mode 100644
index 000000000000..1f4ae0bf13e4
--- /dev/null
+++ b/www/davical/files/patch-caldav-ACL.php
@@ -0,0 +1,85 @@
+commit effc00474111bf5dff1297dd3c6811c1fdf6b6ca
+Author: Florian Schlichting <fsfs@debian.org>
+Date:   Thu Mar 23 22:14:41 2023 +0100
+
+    use "." to concatenate strings, not "+" (fixes #288)
+    
+    Unsupported operand types: string + string at /usr/share/davical/inc/caldav-ACL.php:146
+
+diff --git a/inc/caldav-ACL.php b/inc/caldav-ACL.php
+index 861d4389..cb0fa213 100644
+--- inc/caldav-ACL.php.orig
++++ inc/caldav-ACL.php
+@@ -143,7 +143,7 @@ function process_ace( $grantor, $by_principal, $by_collection, $ace ) {
+       $grantee = new DAVResource( DeconstructURL($principal_content->GetContent()) );
+       $grantee_id = $grantee->getProperty('principal_id');
+       if ( !$grantee->Exists() || !$grantee->IsPrincipal() )
+-        $request->PreconditionFailed(403,'recognized-principal', 'Principal "' + $principal_content->GetContent() + '" not found.');
++        $request->PreconditionFailed(403,'recognized-principal', 'Principal "' . $principal_content->GetContent() . '" not found.');
+       $sqlparms = array( ':to_principal' => $grantee_id);
+       $where = 'WHERE to_principal=:to_principal AND ';
+       if ( isset($by_principal) ) {
+diff --git a/testing/tests/regression-suite/0946-ACL-err.result b/testing/tests/regression-suite/0946-ACL-err.result
+new file mode 100644
+index 00000000..c0ad5ef7
+--- /dev/null
++++ testing/tests/regression-suite/0946-ACL-err.result
+@@ -0,0 +1,11 @@
++HTTP/1.1 403 Forbidden
++Date: Dow, 01 Jan 2000 00:00:00 GMT
++DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule
++DAV: extended-mkcol, bind, addressbook, calendar-auto-schedule, calendar-proxy
++Content-Length: 137
++Content-Type: text/xml; charset="utf-8"
++
++<?xml version="1.0" encoding="utf-8" ?>
++<error xmlns="DAV:">
++  <recognized-principal/>Principal "/caldav.php/user40/" not found.
++</error>
+diff --git a/testing/tests/regression-suite/0946-ACL-err.test b/testing/tests/regression-suite/0946-ACL-err.test
+new file mode 100644
+index 00000000..945f3a13
+--- /dev/null
++++ testing/tests/regression-suite/0946-ACL-err.test
+@@ -0,0 +1,41 @@
++#
++# ACL setting default privileges on a collection to nothing, and
++#     specific privileges to include read-acl.
++#
++TYPE=ACL
++URL=http://regression.host/caldav.php/user1/home/
++HEADER=User-Agent: RFC3744 Spec Tests
++HEADER=Content-Type: text/xml; charset="UTF-8"
++HEAD
++
++
++BEGINDATA
++<?xml version="1.0" encoding="utf-8" ?>
++<acl xmlns="DAV:" xmlns:CalDAV="urn:ietf:params:xml:ns:caldav">
++  <ace>
++    <principal>
++      <href>/caldav.php/user40/</href>
++    </principal>
++    <grant>
++      <privilege><read/></privilege>
++      <privilege><read-acl/></privilege>
++      <privilege><read-current-user-privilege-set/></privilege>
++      <privilege><CalDAV:read-free-busy/></privilege>
++    </grant>
++  </ace>
++  <ace>
++    <principal><authenticated/></principal>
++    <grant>
++      <privilege/>
++    </grant>
++  </ace>
++</acl>
++ENDDATA
++
++QUERY
++SELECT by_principal, by_collection, privileges, p_to.displayname, to_principal
++   FROM grants JOIN dav_principal p_to ON (to_principal=principal_id)
++          LEFT JOIN collection ON (by_collection=collection.collection_id)
++  WHERE collection.dav_name = '/user1/home/'
++ENDQUERY
++
diff --git a/www/davical/files/patch-principal-edit.php b/www/davical/files/patch-principal-edit.php
new file mode 100644
index 000000000000..361be905cb0e
--- /dev/null
+++ b/www/davical/files/patch-principal-edit.php
@@ -0,0 +1,27 @@
+commit e8f3a3e6f2c27e78c2778e0040b385b430dfc9fc
+Author: Andrew Ruthven <puck@catalystcloud.nz>
+Date:   Sun Apr 30 12:13:37 2023 +1200
+
+    Add a missing space to a SQL statement to fix adding groups.
+    
+    It looks to me like this bug has been present since 2011.
+    
+    Closes: #294
+
+diff --git a/inc/ui/principal-edit.php b/inc/ui/principal-edit.php
+index 603fd1e1..df975e22 100644
+--- inc/ui/principal-edit.php.orig
++++ inc/ui/principal-edit.php
+@@ -495,9 +495,9 @@ function group_memberships_browser() {
+ function group_row_editor() {
+   global $c, $id, $editor, $can_write_principal;
+   $grouprow = new Editor("Group Members", "group_member");
+-  $sql = 'SELECT principal_id, coalesce(displayname,fullname,username) FROM dav_principal ';
+-  $sql .= 'WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = '.$id.') ';
+-  $sql .= 'AND principal_id != '.$id;
++  $sql = 'SELECT principal_id, coalesce(displayname, fullname, username) FROM dav_principal ';
++  $sql .= 'WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = ' . $id . ') ';
++  $sql .= 'AND principal_id != ' . $id . ' ';
+   $sql .= 'ORDER BY 2';
+   $grouprow->SetLookup( 'member_id', $sql);
+   $grouprow->SetSubmitName( 'savegrouprow' );