235 files changed, 4866 insertions, 11759 deletions

diff --git a/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb b/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb
deleted file mode 100644
index eea4d70fab..0000000000
--- a/meta/recipes-connectivity/avahi/avahi-ui_0.6.31.bb
+++ /dev/null
@@ -1,72 +0,0 @@
-LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
-                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
-                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
-                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
-                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
-
-require avahi.inc
-
-inherit python-dir pythonnative
-
-PACKAGECONFIG ??= "python"
-PACKAGECONFIG[python] = "--enable-python,--disable-python,python-native python"
-
-PR = "${INC_PR}.0"
-
-SRC_URI[md5sum] = "2f22745b8f7368ad5a0a3fddac343f2d"
-SRC_URI[sha256sum] = "8372719b24e2dd75de6f59bb1315e600db4fd092805bd1201ed0cb651a2dab48"
-
-DEPENDS += "avahi gtk+ libglade"
-
-AVAHI_GTK = "--enable-gtk --disable-gtk3"
-
-S = "${WORKDIR}/avahi-${PV}"
-
-PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc python-avahi avahi-discover avahi-discover-standalone"
-
-FILES_${PN} = "${libdir}/libavahi-ui*.so.*"
-FILES_${PN}-dbg += "${libdir}/.debug/libavah-ui*"
-FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}"
-FILES_${PN}-staticdev += "${libdir}/libavahi-ui.a"
-
-FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*"
-
-FILES_python-avahi = "${PYTHON_SITEPACKAGES_DIR}/avahi ${PYTHON_SITEPACKAGES_DIR}/avahi_discover"
-FILES_avahi-discover = "${bindir}/avahi-discover \
-                        ${datadir}/applications/avahi-discover.desktop \
-                        ${datadir}/avahi/interfaces/avahi-discover*"
-FILES_avahi-discover-standalone = "${bindir}/avahi-discover-standalone \
-                                   ${datadir}/avahi/interfaces/avahi-discover.glade"
-
-RDEPENDS_avahi-discover = "python-avahi python-pygtk"
-RDEPENDS_python-avahi = "python-core python-dbus"
-
-
-do_install_append () {
-	rm ${D}${sysconfdir} -rf
-	rm ${D}${base_libdir} -rf
-	rm ${D}${systemd_unitdir} -rf
-	# The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib,
-	# but not ${base_libdir} here. And the /lib may not exist
-	# whithout systemd.
-	[ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty
-	rm ${D}${bindir}/avahi-b*
-	rm ${D}${bindir}/avahi-p*
-	rm ${D}${bindir}/avahi-r*
-	rm ${D}${bindir}/avahi-s*
-	rm ${D}${includedir}/avahi-c* -rf
-	rm ${D}${includedir}/avahi-g* -rf
-	rm ${D}${libdir}/libavahi-c*
-	rm ${D}${libdir}/libavahi-g*
-	rm ${D}${libdir}/pkgconfig/avahi-c*
-	rm ${D}${libdir}/pkgconfig/avahi-g*
-	rm ${D}${sbindir} -rf
-	rm ${D}${datadir}/avahi/a*
-	rm ${D}${datadir}/avahi/s*
-	rm ${D}${datadir}/locale/ -rf
-	rm ${D}${datadir}/dbus* -rf
-	rm ${D}${mandir}/man1/a*
-	rm ${D}${mandir}/man5 -rf
-	rm ${D}${mandir}/man8 -rf
-}
-
diff --git a/meta/recipes-connectivity/avahi/avahi_0.6.31.bb b/meta/recipes-connectivity/avahi/avahi_0.6.31.bb
deleted file mode 100644
index 5d796a202b..0000000000
--- a/meta/recipes-connectivity/avahi/avahi_0.6.31.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-require avahi.inc
-
-inherit systemd
-
-SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
-SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service"
-SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
-                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
-                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
-                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
-                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
-
-PR = "${INC_PR}.1"
-
-SRC_URI[md5sum] = "2f22745b8f7368ad5a0a3fddac343f2d"
-SRC_URI[sha256sum] = "8372719b24e2dd75de6f59bb1315e600db4fd092805bd1201ed0cb651a2dab48"
-
-DEPENDS += "intltool-native"
-
-PACKAGES =+ "libavahi-gobject"
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 825197d610..c8a3f876aa 100644
--- a/meta/recipes-connectivity/avahi/avahi.inc
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -7,71 +7,112 @@ configuration from the link-local 169.254.0.0/16 range without the need for a ce
 server.'
 AUTHOR = "Lennart Poettering <lennart@poettering.net>"
 HOMEPAGE = "http://avahi.org"
-BUGTRACKER = "http://avahi.org/report"
+BUGTRACKER = "https://github.com/lathiat/avahi/issues"
 SECTION = "network"
 
 # major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and
 # python scripts are under GPLv2+
 LICENSE = "GPLv2+ & LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
+                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
+                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
+                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
+
+SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
+           file://00avahi-autoipd \
+           file://99avahi-autoipd \
+           file://initscript.patch \
+           file://0001-Fix-opening-etc-resolv.conf-error.patch \
+           "
 
-INC_PR = "r11"
+UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
+SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
+SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
 
-DEPENDS = "expat libcap libdaemon dbus glib-2.0"
+DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native"
 
-SRC_URI = "http://avahi.org/download/avahi-${PV}.tar.gz \
-          file://00avahi-autoipd \
-          file://99avahi-autoipd \
-          file://initscript.patch \
-          file://avahi_fix_install_issue.patch \
-          file://fix_for_automake_1.12.x.patch \
-          file://out-of-tree.patch \
-          file://0001-avahi-fix-avahi-status-command-error-prompt.patch \
-          file://reuseport-check.patch \
-          "
+# For gtk related PACKAGECONFIGs: gtk, gtk3
+AVAHI_GTK ?= "gtk3"
 
-USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
-USERADD_PARAM_avahi-daemon = "--system --home /var/run/avahi-daemon \
-                              --no-create-home --shell /bin/false \
-                              --user-group avahi"
+PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}"
+PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+"
+PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3"
+PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus"
+PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent"
+PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase"
 
-USERADD_PARAM_avahi-autoipd = "--system --home /var/run/avahi-autoipd \
-                              --no-create-home --shell /bin/false \
-                              --user-group \
-                              -c \"Avahi autoip daemon\" \
-                              avahi-autoipd"
-
-inherit autotools pkgconfig update-rc.d gettext useradd
+inherit autotools pkgconfig gettext gobject-introspection
 
-EXTRA_OECONF = "--disable-introspection \
-             --with-avahi-priv-access-group=adm \
+EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
              --disable-stack-protector \
              --disable-gdbm \
+             --disable-dbm \
              --disable-mono \
              --disable-monodoc \
              --disable-qt3 \
              --disable-qt4 \
              --disable-python \
              --disable-doxygen-doc \
+             --enable-manpages \
              ${EXTRA_OECONF_SYSVINIT} \
              ${EXTRA_OECONF_SYSTEMD} \
-             ${AVAHI_GTK} \
            "
 
 # The distro choice determines what init scripts are installed
 EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
 EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}"
 
-AVAHI_GTK ?= "--disable-gtk --disable-gtk3"
+do_configure_prepend() {
+    # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes
+    rm "${S}/common/introspection.m4" || true
+}
+
+do_compile_prepend() {
+    export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
+}
 
-LDFLAGS_append_libc-uclibc = " -lintl"
-LDFLAGS_append_uclinux-uclibc = " -lintl"
+RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns"
 
-do_configure_prepend() {
-    sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac
+do_install() {
+	autotools_do_install
+	rm -rf ${D}/run
+	rm -rf ${D}${datadir}/dbus-1/interfaces
+	test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
+	rm -rf ${D}${libdir}/avahi
+
+	# Move example service files out of /etc/avahi/services so we don't
+	# advertise ssh & sftp-ssh by default
+	install -d ${D}${docdir}/avahi
+	mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi
 }
 
+PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}"
+
+FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*"
+
+RPROVIDES_libavahi-compat-libdnssd = "libdns-sd"
 
-PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils"
+inherit update-rc.d systemd useradd
+
+PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui"
+
+FILES_avahi-ui = "${libdir}/libavahi-ui*.so.*"
+FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \
+                        ${datadir}/avahi/interfaces/avahi-discover.ui \
+                        ${bindir}/avahi-discover-standalone \
+                        "
+
+LICENSE_libavahi-gobject = "LGPLv2.1+"
+LICENSE_avahi-daemon = "LGPLv2.1+"
+LICENSE_libavahi-common = "LGPLv2.1+"
+LICENSE_libavahi-core = "LGPLv2.1+"
+LICENSE_libavahi-client = "LGPLv2.1+"
+LICENSE_avahi-dnsconfd = "LGPLv2.1+"
+LICENSE_libavahi-glib = "LGPLv2.1+"
+LICENSE_avahi-autoipd = "LGPLv2.1+"
+LICENSE_avahi-utils = "LGPLv2.1+"
 
 # As avahi doesn't put any files into PN, clear the files list to avoid problems
 # if extra libraries appear.
@@ -82,7 +123,7 @@ FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \
                        ${sysconfdir}/udhcpc.d/00avahi-autoipd \
                        ${sysconfdir}/udhcpc.d/99avahi-autoipd"
 FILES_libavahi-common = "${libdir}/libavahi-common.so.*"
-FILES_libavahi-core = "${libdir}/libavahi-core.so.*"
+FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib"
 FILES_avahi-daemon = "${sbindir}/avahi-daemon \
                       ${sysconfdir}/avahi/avahi-daemon.conf \
                       ${sysconfdir}/avahi/hosts \
@@ -94,26 +135,31 @@ FILES_avahi-daemon = "${sbindir}/avahi-daemon \
                       ${datadir}/avahi/service-types \
                       ${datadir}/dbus-1/system-services"
 FILES_libavahi-client = "${libdir}/libavahi-client.so.*"
-FILES_libavahi-ui = "${libdir}/libavahi-ui.so.*"
 FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
                         ${sysconfdir}/avahi/avahi-dnsconfd.action \
                         ${sysconfdir}/init.d/avahi-dnsconfd"
 FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*"
-FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.*"
-FILES_avahi-utils = "${bindir}/avahi-*"
+FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.*  ${libdir}/girepository-1.0/Avahi*.typelib"
+FILES_avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*"
 
-RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})"
+RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})"
+RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}"
+RDEPENDS_${PN}-dnsconfd = "${PN}-daemon"
 
-# uclibc has no nss
 RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
-RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns"
 
-RRECOMMENDS_avahi-dev = "expat-dev libcap-dev libdaemon-dev dbus-dev glib-2.0-dev update-rc.d-dev"
-RRECOMMENDS_avahi-dev_append_libc-glibc = " gettext-dev"
+CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
 
-RRECOMMENDS_avahi-dev[nodeprrecs] = "1"
+USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
+USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \
+                              --no-create-home --shell /bin/false \
+                              --user-group avahi"
 
-CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
+USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \
+                              --no-create-home --shell /bin/false \
+                              --user-group \
+                              -c \"Avahi autoip daemon\" \
+                              avahi-autoipd"
 
 INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
 INITSCRIPT_NAME_avahi-daemon = "avahi-daemon"
@@ -121,18 +167,11 @@ INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19"
 INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd"
 INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19"
 
-do_install() {
-	autotools_do_install
-
-	# don't install /var/run when populating rootfs. Do it through volatile
-	# /var/run of current version is empty, so just remove it.
-	# if /var/run become non-empty in the future, need to install it via volatile
-	rm -rf ${D}${localstatedir}/run
-	rmdir --ignore-fail-on-non-empty ${D}${localstatedir}
-	rm -rf ${D}${datadir}/dbus-1/interfaces
-	rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
-	rm -rf ${D}${libdir}/avahi
+SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
+SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service"
+SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service"
 
+do_install_append() {
 	install -d ${D}${sysconfdir}/udhcpc.d
 	install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
 	install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
@@ -140,19 +179,9 @@ do_install() {
 
 # At the time the postinst runs, dbus might not be setup so only restart if running 
 # Don't exit early, because update-rc.d needs to run subsequently.
-
 pkg_postinst_avahi-daemon () {
 if [ -z "$D" ]; then
 	killall -q -HUP dbus-daemon || true
 fi
 }
 
-pkg_postrm_avahi-daemon () {
-	deluser avahi || true
-	delgroup avahi || true
-}
-
-pkg_postrm_avahi-autoipd () {
-	deluser avahi-autoipd || true
-	delgroup avahi-autoipd || true
-}
diff --git a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
new file mode 100644
index 0000000000..cb8b83fd23
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
@@ -0,0 +1,45 @@
+From 78967814f5c37ed67f4cf64d70c9f76a03ee89bc Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Wed, 20 Jun 2018 13:57:35 +0800
+Subject: [PATCH] Fix opening /etc/resolv.conf error
+
+Fix to start avahi-daemon after systemd-resolved.service. This is because
+/etc/resolv.conf is a link to /etc/resolv-conf.systemd which in turn is
+a symlink to /run/systemd/resolve/resolv.conf. And /run/systemd/resolve/resolv.conf
+is created by systemd-resolved.service by default in current OE's systemd
+based systems.
+
+This fixes errro like below.
+
+  Failed to open /etc/resolv.conf: Invalid argument
+
+In fact, handling of /etc/resolv.conf is quite distro specific. So this patch
+is marked as OE specific.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+When connman installed to image, /etc/resolv.conf is link to
+/etc/resolv-conf.connman. So launch avahi-daemon after connman too.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ avahi-daemon/avahi-daemon.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/avahi-daemon/avahi-daemon.service.in b/avahi-daemon/avahi-daemon.service.in
+index 548c834..63e28e4 100644
+--- a/avahi-daemon/avahi-daemon.service.in
++++ b/avahi-daemon/avahi-daemon.service.in
+@@ -18,6 +18,7 @@
+ [Unit]
+ Description=Avahi mDNS/DNS-SD Stack
+ Requires=avahi-daemon.socket
++After=systemd-resolved.service connman.service
+ 
+ [Service]
+ Type=dbus
+-- 
+2.11.0
+
diff --git a/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch b/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch
deleted file mode 100644
index 7590df79f0..0000000000
--- a/meta/recipes-connectivity/avahi/files/0001-avahi-fix-avahi-status-command-error-prompt.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From f774ac25f436a782ccccc4dbe68378a684596799 Mon Sep 17 00:00:00 2001
-From: Lu Chong <Chong.Lu@windriver.com>
-Date: Thu, 7 Nov 2013 14:36:28 +0800
-Subject: [PATCH] avahi: fix avahi status command error prompt
-
-service --status-all command will display wrong status for avahi-daemon.
-This commit fix this error prompt and make service display right status
-for avahi-daemon.
-
-Upstream-Status: Pending
-
-Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
----
- initscript/debian/avahi-daemon.in |   14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in
-index 4793b46..49ec358 100755
---- a/initscript/debian/avahi-daemon.in
-+++ b/initscript/debian/avahi-daemon.in
-@@ -153,7 +153,15 @@ d_reload() {
- #       Function that check the status of the daemon/service.
- #
- d_status() {
--    $DAEMON -c && echo "$DESC is running" || echo "$DESC is not running"
-+    $DAEMON -c
-+    status=$?
-+    if [ $status = 0 ]; then
-+        echo "$DESC is running"
-+        return 0
-+    else
-+        echo "$DESC is not running"
-+        return 3
-+    fi
- }
- 
- case "$1" in
-@@ -182,9 +190,9 @@ case "$1" in
-         d_status
- 	;;
-     *)
--        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|reload}" >&2
-+        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|reload|status}" >&2
-         exit 1
-         ;;
- esac
- 
--exit 0
-+exit $?
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch b/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch
deleted file mode 100644
index 32f20ece43..0000000000
--- a/meta/recipes-connectivity/avahi/files/avahi_fix_install_issue.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Upstream-Status: Pending
-
-Fixes this install issue
-#| /bin/sh: line 0: cd: /srv/home/nitin/builds/build-gcc47/tmp/work/i586-poky-linux/avahi-0.6.31-r3.0/image//usr/bin: No such file or directory
-
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
-2012/05/03
-
-Index: avahi-0.6.31/avahi-utils/Makefile.am
-===================================================================
---- avahi-0.6.31.orig/avahi-utils/Makefile.am
-+++ avahi-0.6.31/avahi-utils/Makefile.am
-@@ -54,6 +54,7 @@ avahi_set_host_name_CFLAGS = $(AM_CFLAGS
- avahi_set_host_name_LDADD = $(AM_LDADD) ../avahi-client/libavahi-client.la ../avahi-common/libavahi-common.la
- 
- install-exec-local:
-+	$(MKDIR_P) $(DESTDIR)/$(bindir) && \
- 	cd $(DESTDIR)/$(bindir) && \
- 		rm -f avahi-resolve-host-name avahi-resolve-address avahi-browse-domains avahi-publish-address avahi-publish-service && \
- 		$(LN_S) avahi-resolve avahi-resolve-host-name && \
-Index: avahi-0.6.31/avahi-utils/Makefile.in
-===================================================================
---- avahi-0.6.31.orig/avahi-utils/Makefile.in
-+++ avahi-0.6.31/avahi-utils/Makefile.in
-@@ -906,6 +906,7 @@ uninstall-am: uninstall-binPROGRAMS
- 
- 
- @HAVE_DBUS_TRUE@install-exec-local:
-+@HAVE_DBUS_TRUE@	$(MKDIR_P) $(DESTDIR)/$(bindir) && \
- @HAVE_DBUS_TRUE@	cd $(DESTDIR)/$(bindir) && \
- @HAVE_DBUS_TRUE@		rm -f avahi-resolve-host-name avahi-resolve-address avahi-browse-domains avahi-publish-address avahi-publish-service && \
- @HAVE_DBUS_TRUE@		$(LN_S) avahi-resolve avahi-resolve-host-name && \
diff --git a/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch b/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch
deleted file mode 100644
index 0fc4c290c4..0000000000
--- a/meta/recipes-connectivity/avahi/files/fix_for_automake_1.12.x.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Upstream-Status: Pending
-
-autoamke 1.12.x has depricated use of mkdir_p , and recommends use of MKDIR_P
-instead. Fixed the automake files accordingly to avoid warning-errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
-2012/07/09
-
-
-Index: avahi-0.6.31/avahi-daemon/Makefile.am
-===================================================================
---- avahi-0.6.31.orig/avahi-daemon/Makefile.am
-+++ avahi-0.6.31/avahi-daemon/Makefile.am
-@@ -169,7 +169,7 @@ xmllint:
- 	done
- 
- install-data-local:
--	test -z "$(localstatedir)/run" || $(mkdir_p) "$(DESTDIR)$(localstatedir)/run"
-+	test -z "$(localstatedir)/run" || $(MKDIR_P) "$(DESTDIR)$(localstatedir)/run"
- 
- update-systemd:
- 	curl http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c > sd-daemon.c
-Index: avahi-0.6.31/avahi-autoipd/Makefile.am
-===================================================================
---- avahi-0.6.31.orig/avahi-autoipd/Makefile.am
-+++ avahi-0.6.31/avahi-autoipd/Makefile.am
-@@ -76,7 +76,7 @@ dhcliententerdir = $(sysconfdir)/dhcp/dh
- dhclientexitdir = $(sysconfdir)/dhcp/dhclient-exit-hooks.d
- 
- install-exec-hook: dhclient-exit-hook dhclient-enter-hook
--	$(mkdir_p) $(DESTDIR)$(dhcliententerdir) $(DESTDIR)$(dhclientexitdir)
-+	$(MKDIR_P) $(DESTDIR)$(dhcliententerdir) $(DESTDIR)$(dhclientexitdir)
- 	$(INSTALL) dhclient-enter-hook $(DESTDIR)$(dhcliententerdir)/avahi-autoipd
- 	$(INSTALL) dhclient-exit-hook $(DESTDIR)$(dhclientexitdir)/avahi-autoipd
- 
diff --git a/meta/recipes-connectivity/avahi/files/initscript.patch b/meta/recipes-connectivity/avahi/files/initscript.patch
index 193889eb5c..c856c3df04 100644
--- a/meta/recipes-connectivity/avahi/files/initscript.patch
+++ b/meta/recipes-connectivity/avahi/files/initscript.patch
@@ -1,10 +1,10 @@
 Upstream-Status: Pending
 
-diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in
-index 30a2c2f..b5848a8 100755
---- a/initscript/debian/avahi-daemon.in
-+++ b/initscript/debian/avahi-daemon.in
-@@ -1,2 +1,14 @@
+Index: avahi-0.7/initscript/debian/avahi-daemon.in
+===================================================================
+--- avahi-0.7.orig/initscript/debian/avahi-daemon.in
++++ avahi-0.7/initscript/debian/avahi-daemon.in
+@@ -1,5 +1,17 @@
  #!/bin/sh
 -
 +### BEGIN INIT INFO
@@ -20,11 +20,14 @@ index 30a2c2f..b5848a8 100755
 +#                    automatically
 +### END INIT INFO
 +#
-diff --git a/initscript/debian/avahi-dnsconfd.in b/initscript/debian/avahi-dnsconfd.in
-index ac34804..f95c340 100755
---- a/initscript/debian/avahi-dnsconfd.in
-+++ b/initscript/debian/avahi-dnsconfd.in
-@@ -1,1 +1,14 @@
+ # This file is part of avahi.
+ #
+ # avahi is free software; you can redistribute it and/or modify it
+Index: avahi-0.7/initscript/debian/avahi-dnsconfd.in
+===================================================================
+--- avahi-0.7.orig/initscript/debian/avahi-dnsconfd.in
++++ avahi-0.7/initscript/debian/avahi-dnsconfd.in
+@@ -1,4 +1,17 @@
  #!/bin/sh
 +### BEGIN INIT INFO
 +# Provides:          avahi-dnsconfd
@@ -39,3 +42,6 @@ index ac34804..f95c340 100755
 +#                    automatically
 +### END INIT INFO
 +#
+ 
+ # This file is part of avahi.
+ #
diff --git a/meta/recipes-connectivity/avahi/files/out-of-tree.patch b/meta/recipes-connectivity/avahi/files/out-of-tree.patch
deleted file mode 100644
index 43476cde05..0000000000
--- a/meta/recipes-connectivity/avahi/files/out-of-tree.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From a62dc95d75691ea4aefa86d8bbe54c62afd78ff6 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 17 Sep 2013 12:27:36 +0100
-Subject: [PATCH] build-sys: fix out-of-tree builds without xmltoman
-
-If manpages are enabled but xmltoman isn't present, out-of-tree builds fail
-because it checks inside the build directory for the pre-generated manpages.
-
-Fix this by using $srcdir when looking for files inside the source directory.
----
- configure.ac |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9debce2..047c7ae 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1021,7 +1021,7 @@ if test x$manpages = xyes ; then
-     fi
- 
-     if test x$have_xmltoman = xno -o x$xmltoman = xno; then
--        if ! test -e man/avahi-daemon.8 ; then
-+        if ! test -e $srcdir/man/avahi-daemon.8 ; then
-             AC_MSG_ERROR([*** xmltoman was not found or was disabled, it is required to build the manpages as they have not been pre-built, install xmltoman, pass --disable-manpages or dont pass --disable-xmltoman])
-             exit 1
-         fi
--- 
-1.7.10.4
-
diff --git a/meta/recipes-connectivity/avahi/files/reuseport-check.patch b/meta/recipes-connectivity/avahi/files/reuseport-check.patch
deleted file mode 100644
index bb81c2cb4e..0000000000
--- a/meta/recipes-connectivity/avahi/files/reuseport-check.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix avahi-daemon when running on kernel < 3.9 (patch taken from Ubuntu).
-
-Upstream-Status: Pending (unmaintained upstream)
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Description: SO_REUSEPORT may not exist in running kernel
- When userspace defines SO_REUSEPORT we will attempt to enable socket
- port number reuse.  However if the running kernel does not support
- this call it will fail preventing daemon startup.  If this call is
- present but fails ENOPROTOOPT then we know that actually the kernel
- does not support it and we should continue as if we did not have the
- call at all.  (LP: #1228204)
- .
- This patch could be removed from the debian package after jessie release.
-Author: Andy Whitcroft <apw@canonical.com>
-
-Index: avahi-0.6.31/avahi-core/socket.c
-===================================================================
---- avahi-0.6.31.orig/avahi-core/socket.c	2013-09-20 16:36:50.000000000 +0100
-+++ avahi-0.6.31/avahi-core/socket.c	2013-09-20 16:38:23.781863644 +0100
-@@ -177,7 +177,8 @@
-     yes = 1;
-     if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &yes, sizeof(yes)) < 0) {
-         avahi_log_warn("SO_REUSEPORT failed: %s", strerror(errno));
--        return -1;
-+        if (errno != ENOPROTOOPT)
-+            return -1;
-     }
- #endif
- 
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.16.7/0001-avoid-start-failure-with-bind-user.patch
new file mode 100644
index 0000000000..8db96ec049
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/0001-avoid-start-failure-with-bind-user.patch
@@ -0,0 +1,27 @@
+From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Mon, 15 Oct 2018 16:55:09 +0800
+Subject: [PATCH] avoid start failure with bind user
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/init.d b/init.d
+index b2eec60..6e03936 100644
+--- a/init.d
++++ b/init.d
+@@ -57,6 +57,7 @@ case "$1" in
+ 	modprobe capability >/dev/null 2>&1 || true
+ 	if [ ! -f /etc/bind/rndc.key ]; then
+ 	    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
++	    chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
+ 	    chmod 0640 /etc/bind/rndc.key
+ 	fi
+ 	if [ -f /var/run/named/named.pid ]; then
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch
new file mode 100644
index 0000000000..5bcc16c9b2
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/0001-named-lwresd-V-and-start-log-hide-build-options.patch
@@ -0,0 +1,35 @@
+From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Mon, 27 Aug 2018 21:24:20 +0800
+Subject: [PATCH] `named/lwresd -V' and start log hide build options
+
+The build options expose build path directories, so hide them.
+[snip]
+$ named -V
+|built by make with *** (options are hidden)
+[snip]
+
+Upstream-Status: Inappropriate [oe-core specific]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
+Refreshed for 9.16.0
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bin/named/include/named/globals.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: bind-9.16.0/bin/named/include/named/globals.h
+===================================================================
+--- bind-9.16.0.orig/bin/named/include/named/globals.h
++++ bind-9.16.0/bin/named/include/named/globals.h
+@@ -69,7 +69,7 @@ EXTERN const char *named_g_version     I
+ EXTERN const char *named_g_product     INIT(PRODUCT);
+ EXTERN const char *named_g_description INIT(DESCRIPTION);
+ EXTERN const char *named_g_srcid       INIT(SRCID);
+-EXTERN const char *named_g_configargs  INIT(CONFIGARGS);
++EXTERN const char *named_g_configargs  INIT("*** (options are hidden)");
+ EXTERN const char *named_g_builder     INIT(BUILDER);
+ EXTERN in_port_t named_g_port	       INIT(0);
+ EXTERN isc_dscp_t named_g_dscp	       INIT(-1);
diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.16.7/bind-ensure-searching-for-json-headers-searches-sysr.patch
index dedc437507..f9cdc7ca4d 100644
--- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -1,4 +1,4 @@
-From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001
+From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001
 From: Paul Gortmaker <paul.gortmaker@windriver.com>
 Date: Tue, 9 Jun 2015 11:22:00 -0400
 Subject: [PATCH] bind: ensure searching for json headers searches sysroot
@@ -25,25 +25,23 @@ to make use of the combination some day.
 [1] https://trac.macports.org/ticket/45305
 [2] https://trac.macports.org/changeset/126406
 
-Upstream-status: Inappropriate [OE Specific]
+Upstream-Status: Inappropriate [OE Specific]
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+
 ---
- configure.in | 2 +-
+ configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/configure.in b/configure.in
-index c9ef3a601343..17a1f613e9ac 100644
---- a/configure.in
-+++ b/configure.in
-@@ -2139,7 +2139,7 @@ case "$use_libjson" in
- 		libjson_libs=""
+Index: bind-9.16.4/configure.ac
+===================================================================
+--- bind-9.16.4.orig/configure.ac
++++ bind-9.16.4/configure.ac
+@@ -1232,7 +1232,7 @@ case "$use_lmdb" in
+ 		LMDB_LIBS=""
  		;;
  	auto|yes)
 -		for d in /usr /usr/local /opt/local
 +		for d in "${STAGING_INCDIR}"
  		do
- 			if test -f "${d}/include/json/json.h"
+ 			if test -f "${d}/include/lmdb.h"
  			then
--- 
-2.4.2
-
diff --git a/meta/recipes-connectivity/bind/bind/bind9 b/meta/recipes-connectivity/bind/bind-9.16.7/bind9
index 968679ff7f..968679ff7f 100644
--- a/meta/recipes-connectivity/bind/bind/bind9
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/bind9
diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind-9.16.7/conf.patch
index aad345f9fc..aad345f9fc 100644
--- a/meta/recipes-connectivity/bind/bind/conf.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/conf.patch
diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.16.7/generate-rndc-key.sh
index db201270fa..633e29c0e6 100644
--- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/generate-rndc-key.sh
@@ -2,6 +2,7 @@
 
 if [ ! -s /etc/bind/rndc.key ]; then
     echo -n "Generating /etc/bind/rndc.key:"
-    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+    /usr/sbin/rndc-confgen -a -b 512
+    chown root:bind /etc/bind/rndc.key
     chmod 0640 /etc/bind/rndc.key
 fi
diff --git a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.16.7/init.d-add-support-for-read-only-rootfs.patch
index 11db95ede1..11db95ede1 100644
--- a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.16.7/make-etc-initd-bind-stop-work.patch
index 146f3e35db..146f3e35db 100644
--- a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind/named.service b/meta/recipes-connectivity/bind/bind-9.16.7/named.service
index cda56ef015..cda56ef015 100644
--- a/meta/recipes-connectivity/bind/bind/named.service
+++ b/meta/recipes-connectivity/bind/bind-9.16.7/named.service
diff --git a/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
deleted file mode 100644
index cb5251d159..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-xml2-config is disabled, so change the configure script to use pkgconfig to find
-libxml2.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
----
- configure.in | 18 +++---------------
- 1 file changed, 3 insertions(+), 15 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index d566e1c..c9ef3a6 100644
---- a/configure.in
-+++ b/configure.in
-@@ -2102,21 +2102,9 @@ case "$use_libxml2" in
- 		DST_LIBXML2_INC=""
- 		;;
- 	auto|yes)
--		case X`(xml2-config --version) 2>/dev/null` in
--		X2.[[6789]].*)
--			libxml2_libs=`xml2-config --libs`
--			libxml2_cflags=`xml2-config --cflags`
--			;;
--		*)
--			libxml2_libs=
--			libxml2_cflags=
--			;;
--		esac
--		;;
--	*)
--		if test -f "$use_libxml2/bin/xml2-config" ; then
--			libxml2_libs=`$use_libxml2/bin/xml2-config --libs`
--			libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags`
-+		if pkg-config --exists libxml-2.0 ; then
-+			libxml2_libs=`pkg-config libxml-2.0 --libs`
-+			libxml2_cflags=`pkg-config libxml-2.0 --cflags`
- 		fi
- 		;;
- esac
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
deleted file mode 100644
index 096d5d84fc..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 9b40619ff6fddfef2758ba797789f8487f412df3 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 16 Feb 2015 00:50:01 -0800
-Subject: [PATCH] confgen: don't build unix.o twice
-
-Fixed:
-unix/os.o: file not recognized: File truncated
-collect2: error: ld returned 1 exit status
-
-This is because os.o was built twice:
-* The implicity rule (depends on unix/os.o)
-* The "make all" in unix subdir (depends on unix/os.o)
-
-Depend on subdirs which is unix only rather than unix/os.o will fix the
-problem.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- bin/confgen/Makefile.in |    4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
-index 8b3e5aa..4868a24 100644
---- a/bin/confgen/Makefile.in
-+++ b/bin/confgen/Makefile.in
-@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c
- ddns-confgen.@O@: ddns-confgen.c
- 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
- 
--rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} 
-+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS)
- 	export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
- 	${FINALBUILDCMD}
- 
--ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} 
-+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS)
- 	export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
- 	${FINALBUILDCMD}
- 
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
deleted file mode 100644
index 6989d6d4b0..0000000000
--- a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Upstream-Status: Pending
-
-Signed-off-by Saul Wold <sgw@linux.intel.com>
-
-Index: bind-9.9.5/bin/Makefile.in
-===================================================================
---- bind-9.9.5.orig/bin/Makefile.in
-+++ bind-9.9.5/bin/Makefile.in
-@@ -19,7 +19,7 @@ srcdir =	@srcdir@
- VPATH =		@srcdir@
- top_srcdir =	@top_srcdir@
- 
--SUBDIRS =	named rndc dig delv dnssec tools tests nsupdate \
-+SUBDIRS =	named rndc dig delv dnssec tools nsupdate \
- 		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
- TARGETS =
- 
diff --git a/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
deleted file mode 100644
index 2930796b6a..0000000000
--- a/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
+++ /dev/null
@@ -1,104 +0,0 @@
-bind: port a patch to fix a build failure
-
-mips1 does not support ll and sc instructions, and lead to below error, now
-we port a patch from debian to fix it
-[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz]
-
-| {standard input}: Assembler messages:
-| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)'
-| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)'
-
-Upstream-Status: Pending
-
-Signed-off-by: Roy Li <rongqing.li@windriver.com>
-
---- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h
-+++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h
-@@ -31,18 +31,20 @@
- isc_atomic_xadd(isc_int32_t *p, int val) {
- 	isc_int32_t orig;
- 
--	/* add is a cheat, since MIPS has no mov instruction */
--	__asm__ volatile (
--	    "1:"
--	    "ll $3, %1\n"
--	    "add %0, $0, $3\n"
--	    "add $3, $3, %2\n"
--	    "sc $3, %1\n"
--	    "beq $3, 0, 1b"
--	    : "=&r"(orig)
--	    : "m"(*p), "r"(val)
--	    : "memory", "$3"
--		);
-+	__asm__ __volatile__ (
-+	"	.set	push		\n"
-+	"	.set	mips2		\n"
-+	"	.set	noreorder	\n"
-+	"	.set	noat		\n"
-+	"1:	ll	$1, %1		\n"
-+	"	addu	%0, $1, %2	\n"
-+	"	sc	%0, %1		\n"
-+	"	beqz	%0, 1b		\n"
-+	"	move	%0, $1		\n"
-+	"	.set	pop		\n"
-+	: "=&r" (orig), "+R" (*p)
-+	: "r" (val)
-+	: "memory");
- 
- 	return (orig);
- }
-@@ -52,16 +54,7 @@
-  */
- static inline void
- isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
--	__asm__ volatile (
--	    "1:"
--	    "ll $3, %0\n"
--	    "add $3, $0, %1\n"
--	    "sc $3, %0\n"
--	    "beq $3, 0, 1b"
--	    :
--	    : "m"(*p), "r"(val)
--	    : "memory", "$3"
--		);
-+	*p = val;
- }
- 
- /*
-@@ -72,20 +65,23 @@
- static inline isc_int32_t
- isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) {
- 	isc_int32_t orig;
-+	isc_int32_t tmp;
- 
--	__asm__ volatile(
--	    "1:"
--	    "ll $3, %1\n"
--	    "add %0, $0, $3\n"
--	    "bne $3, %2, 2f\n"
--	    "add $3, $0, %3\n"
--	    "sc $3, %1\n"
--	    "beq $3, 0, 1b\n"
--	    "2:"
--	    : "=&r"(orig)
--	    : "m"(*p), "r"(cmpval), "r"(val)
--	    : "memory", "$3"
--		);
-+	__asm__ __volatile__ (
-+	"	.set	push		\n"
-+	"	.set	mips2		\n"
-+	"	.set	noreorder	\n"
-+	"	.set	noat		\n"
-+	"1:	ll	$1, %1		\n"
-+	"	bne	$1, %3, 2f	\n"
-+	"	move	%2, %4		\n"
-+	"	sc	%2, %1		\n"
-+	"	beqz	%2, 1b		\n"
-+	"2:	move	%0, $1		\n"
-+	"	.set	pop		\n"
-+	: "=&r"(orig), "+R" (*p), "=r" (tmp)
-+	: "r"(cmpval), "r"(val)
-+	: "memory");
- 
- 	return (orig);
- }
diff --git a/meta/recipes-connectivity/bind/bind_9.10.2-P3.bb b/meta/recipes-connectivity/bind/bind_9.10.2-P3.bb
deleted file mode 100644
index 52244b0c59..0000000000
--- a/meta/recipes-connectivity/bind/bind_9.10.2-P3.bb
+++ /dev/null
@@ -1,101 +0,0 @@
-SUMMARY = "ISC Internet Domain Name Server"
-HOMEPAGE = "http://www.isc.org/sw/bind/"
-SECTION = "console/network"
-
-LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=0a95f52a0ab6c5f52dedc9a45e7abb3f"
-
-DEPENDS = "openssl libcap"
-
-SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
-           file://conf.patch \
-           file://make-etc-initd-bind-stop-work.patch \
-           file://mips1-not-support-opcode.diff \
-           file://dont-test-on-host.patch \
-           file://generate-rndc-key.sh \
-           file://named.service \
-           file://bind9 \
-           file://init.d-add-support-for-read-only-rootfs.patch \
-           file://bind-confgen-build-unix.o-once.patch \
-           file://0001-build-use-pkg-config-to-find-libxml2.patch \
-           file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
-           "
-
-SRC_URI[md5sum] = "a810d5d65fbdcf28dcda80d646913c3a"
-SRC_URI[sha256sum] = "78079a66dda455ffecfe93ef72d1ffc947f17b1c453d55ec06b860b49a5e1d4a"
-
-# --enable-exportlib is necessary for building dhcp
-ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
-EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \
-                 --disable-devpoll --disable-epoll --with-gost=no \
-                 --with-gssapi=no --with-ecdsa=yes \
-                 --sysconfdir=${sysconfdir}/bind \
-                 --with-openssl=${STAGING_LIBDIR}/.. \
-               "
-inherit autotools update-rc.d systemd useradd pkgconfig
-
-PACKAGECONFIG ?= ""
-PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2"
-
-USERADD_PACKAGES = "${PN}"
-USERADD_PARAM_${PN} = "--system --home /var/cache/bind --no-create-home \
-                       --user-group bind"
-
-INITSCRIPT_NAME = "bind"
-INITSCRIPT_PARAMS = "defaults"
-
-SYSTEMD_SERVICE_${PN} = "named.service"
-
-PARALLEL_MAKE = ""
-
-RDEPENDS_${PN} = "python-core"
-
-PACKAGE_BEFORE_PN += "${PN}-utils"
-FILES_${PN}-utils = "${bindir}/host ${bindir}/dig"
-FILES_${PN}-dev += "${bindir}/isc-config.h"
-FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
-
-do_install_prepend() {
-	# clean host path in isc-config.sh before the hardlink created
-	# by "make install":
-	#   bind9-config -> isc-config.sh
-	sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh
-}
-
-do_install_append() {
-	rm "${D}${bindir}/nslookup"
-	rm "${D}${mandir}/man1/nslookup.1"
-	rmdir "${D}${localstatedir}/run"
-	rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
-	install -d "${D}${localstatedir}/cache/bind"
-	install -d "${D}${sysconfdir}/bind"
-	install -d "${D}${sysconfdir}/init.d"
-	install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
-	install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
-	sed -i -e '1s,#!.*python,#! /usr/bin/env python,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds
-
-	# Install systemd related files
-	install -d ${D}${localstatedir}/cache/bind
-	install -d ${D}${sbindir}
-	install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
-	install -d ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
-	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
-	       -e 's,@SBINDIR@,${sbindir},g' \
-	       ${D}${systemd_unitdir}/system/named.service
-
-	install -d ${D}${sysconfdir}/default
-	install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
-}
-
-CONFFILES_${PN} = " \
-	${sysconfdir}/bind/named.conf \
-	${sysconfdir}/bind/named.conf.local \
-	${sysconfdir}/bind/named.conf.options \
-	${sysconfdir}/bind/db.0 \
-	${sysconfdir}/bind/db.127 \
-	${sysconfdir}/bind/db.empty \
-	${sysconfdir}/bind/db.local \
-	${sysconfdir}/bind/db.root \
-	"
-
diff --git a/meta/recipes-connectivity/bind/bind_9.16.7.bb b/meta/recipes-connectivity/bind/bind_9.16.7.bb
new file mode 100644
index 0000000000..5fc2c1d3cd
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind_9.16.7.bb
@@ -0,0 +1,123 @@
+SUMMARY = "ISC Internet Domain Name Server"
+HOMEPAGE = "http://www.isc.org/sw/bind/"
+SECTION = "console/network"
+
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=188b8d0644bd6835df43b84e3f180be1"
+
+DEPENDS = "openssl libcap zlib libuv"
+
+SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
+           file://conf.patch \
+           file://named.service \
+           file://bind9 \
+           file://generate-rndc-key.sh \
+           file://make-etc-initd-bind-stop-work.patch \
+           file://init.d-add-support-for-read-only-rootfs.patch \
+           file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
+           file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
+           file://0001-avoid-start-failure-with-bind-user.patch \
+           "
+
+SRC_URI[sha256sum] = "9f7d1812ebbd26a699f62b6fa8522d5dec57e4bf43af0042a0d60d39ed8314d1"
+
+UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
+# stay at 9.16 follow the ESV versions divisible by 4
+UPSTREAM_CHECK_REGEX = "(?P<pver>9.(16|20|24|28)(\.\d+)+(-P\d+)*)/"
+
+inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
+
+# PACKAGECONFIGs readline and libedit should NOT be set at same time
+PACKAGECONFIG ?= "readline"
+PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2"
+PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
+PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
+PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
+
+EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --enable-epoll \
+                 --with-gssapi=no --with-lmdb=no --with-zlib \
+                 --sysconfdir=${sysconfdir}/bind \
+                 --with-openssl=${STAGING_DIR_HOST}${prefix} \
+               "
+LDFLAGS_append = " -lz"
+
+inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)}
+
+# dhcp needs .la so keep them
+REMOVE_LIBTOOL_LA = "0"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
+                       --user-group bind"
+
+INITSCRIPT_NAME = "bind"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_SERVICE_${PN} = "named.service"
+
+do_install_append() {
+
+	rmdir "${D}${localstatedir}/run"
+	rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+	install -d -o bind "${D}${localstatedir}/cache/bind"
+	install -d "${D}${sysconfdir}/bind"
+	install -d "${D}${sysconfdir}/init.d"
+	install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
+	install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
+        if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then
+		sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \
+		${D}${sbindir}/dnssec-coverage \
+		${D}${sbindir}/dnssec-checkds \
+		${D}${sbindir}/dnssec-keymgr
+	fi
+
+	# Install systemd related files
+	install -d ${D}${sbindir}
+	install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
+	install -d ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
+	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+	       -e 's,@SBINDIR@,${sbindir},g' \
+	       ${D}${systemd_unitdir}/system/named.service
+
+	install -d ${D}${sysconfdir}/default
+	install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
+
+	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+		install -d ${D}${sysconfdir}/tmpfiles.d
+		echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
+	fi
+
+    oe_multilib_header isc/platform.h
+}
+
+CONFFILES_${PN} = " \
+	${sysconfdir}/bind/named.conf \
+	${sysconfdir}/bind/named.conf.local \
+	${sysconfdir}/bind/named.conf.options \
+	${sysconfdir}/bind/db.0 \
+	${sysconfdir}/bind/db.127 \
+	${sysconfdir}/bind/db.empty \
+	${sysconfdir}/bind/db.local \
+	${sysconfdir}/bind/db.root \
+	"
+
+ALTERNATIVE_${PN}-utils = "nslookup"
+ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
+ALTERNATIVE_PRIORITY = "100"
+
+PACKAGE_BEFORE_PN += "${PN}-utils"
+FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
+FILES_${PN}-dev += "${bindir}/isc-config.h"
+FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
+
+PACKAGE_BEFORE_PN += "${PN}-libs"
+FILES_${PN}-libs = "${libdir}/*.so* ${libdir}/named/*.so*"
+FILES_${PN}-staticdev += "${libdir}/*.la"
+
+PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}"
+FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \
+                ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}"
+
+RDEPENDS_${PN}-dev = ""
+RDEPENDS_python3-bind = "python3-core python3-ply"
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 0fe5be5ba5..4c1156c67c 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -6,75 +6,120 @@ LICENSE = "GPLv2+ & LGPLv2.1+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
                     file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
                     file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
-DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck readline"
+DEPENDS = "dbus glib-2.0"
 PROVIDES += "bluez-hcidump"
 RPROVIDES_${PN} += "bluez-hcidump"
 
 RCONFLICTS_${PN} = "bluez4"
 
-PACKAGECONFIG ??= "obex-profiles"
-PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
-PACKAGECONFIG[experimental] = "--enable-experimental,--disable-experimental,"
-
-SRC_URI = "\
-    ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
-    file://bluetooth.conf \
+PACKAGECONFIG ??= "obex-profiles \
+    readline \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+    a2dp-profiles \
+    avrcp-profiles \
+    network-profiles \
+    hid-profiles \
+    hog-profiles \
+    tools \
+    deprecated \
+    udev \
 "
+PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
+PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline,"
+PACKAGECONFIG[testing] = "--enable-testing,--disable-testing"
+PACKAGECONFIG[midi] = "--enable-midi,--disable-midi,alsa-lib"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
+PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,,cups"
+PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc"
+PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap"
+PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp"
+PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp"
+PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network"
+PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid"
+PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog"
+PACKAGECONFIG[health-profiles] = "--enable-health,--disable-health"
+PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
+PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
+PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
+PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
+PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell"
+PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell"
+PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
+           file://init \
+           file://run-ptest \
+           ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
+           file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
+           file://0001-test-gatt-Fix-hung-issue.patch \
+           "
 S = "${WORKDIR}/bluez-${PV}"
 
-inherit autotools-brokensep pkgconfig systemd
+CVE_PRODUCT = "bluez"
+
+inherit autotools pkgconfig systemd update-rc.d ptest gobject-introspection-data
 
 EXTRA_OECONF = "\
-  --enable-tools \
-  --disable-cups \
   --enable-test \
   --enable-datafiles \
-  ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-systemd', '--disable-systemd', d)} \
   --enable-library \
+  --without-zsh-completion-dir \
 "
 
 # bluez5 builds a large number of useful utilities but does not
 # install them.  Specify which ones we want put into ${PN}-noinst-tools.
 NOINST_TOOLS_READLINE ??= ""
-NOINST_TOOLS_EXPERIMENTAL ??= ""
+NOINST_TOOLS_TESTING ??= ""
+NOINST_TOOLS_BT ??= ""
 NOINST_TOOLS = " \
-    ${NOINST_TOOLS_READLINE} \
-    ${@bb.utils.contains('PACKAGECONFIG', 'experimental', '${NOINST_TOOLS_EXPERIMENTAL}', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'readline', '${NOINST_TOOLS_READLINE}', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'testing', '${NOINST_TOOLS_TESTING}', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \
 "
 
 do_install_append() {
+	install -d ${D}${INIT_D_DIR}
+	install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth
+
 	install -d ${D}${sysconfdir}/bluetooth/
-	if [ -f ${S}/profiles/audio/audio.conf ]; then
-	    install -m 0644 ${S}/profiles/audio/audio.conf ${D}/${sysconfdir}/bluetooth/
-	fi
 	if [ -f ${S}/profiles/network/network.conf ]; then
-	    install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
+		install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
 	fi
 	if [ -f ${S}/profiles/input/input.conf ]; then
-	    install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
+		install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
+	fi
+
+	if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
+		sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
 	fi
-	# at_console doesn't really work with the current state of OE, so punch some more holes so people can actually use BT
-	install -m 0644 ${WORKDIR}/bluetooth.conf ${D}/${sysconfdir}/dbus-1/system.d/
 
 	# Install desired tools that upstream leaves in build area
-        for f in ${NOINST_TOOLS} ; do
-	    install -m 755 ${B}/$f ${D}/${bindir}
+	for f in ${NOINST_TOOLS} ; do
+		install -m 755 ${B}/$f ${D}/${bindir}
 	done
+
+	# Patch python tools to use Python 3; they should be source compatible, but
+	# still refer to Python 2 in the shebang
+	sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/*
 }
 
-ALLOW_EMPTY_libasound-module-bluez = "1"
-PACKAGES =+ "libasound-module-bluez ${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
+PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
 
-FILES_libasound-module-bluez = "${libdir}/alsa-lib/lib*.so ${datadir}/alsa"
-FILES_${PN} += "${libdir}/bluetooth/plugins/*.so ${base_libdir}/udev/ ${nonarch_base_libdir}/udev/ ${systemd_unitdir}/ ${datadir}/dbus-1"
-FILES_${PN}-dev += "\
-  ${libdir}/bluetooth/plugins/*.la \
-  ${libdir}/alsa-lib/*.la \
+FILES_${PN} += " \
+    ${libdir}/bluetooth/plugins/*.so \
+    ${systemd_unitdir}/ ${datadir}/dbus-1 \
+    ${libdir}/cups \
+"
+FILES_${PN}-dev += " \
+    ${libdir}/bluetooth/plugins/*.la \
 "
 
 FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \
                     ${exec_prefix}/lib/systemd/user/obex.service \
+                    ${systemd_system_unitdir}/obex.service \
+                    ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \
                     ${datadir}/dbus-1/services/org.bluez.obex.service \
+                    ${sysconfdir}/dbus-1/system.d/obexd.conf \
                    "
 SYSTEMD_SERVICE_${PN}-obex = "obex.service"
 
@@ -82,23 +127,28 @@ FILES_${PN}-testtools = "${libdir}/bluez/test/*"
 
 def get_noinst_tools_paths (d, bb, tools):
     s = list()
-    bindir = d.getVar("bindir", True)
+    bindir = d.getVar("bindir")
     for bdp in tools.split():
         f = os.path.basename(bdp)
         s.append("%s/%s" % (bindir, f))
     return "\n".join(s)
 
-FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS', True))}"
+FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}"
 
-FILES_${PN}-dbg += "\
-  ${libexecdir}/bluetooth/.debug \
-  ${libdir}/bluetooth/plugins/.debug \
-  ${libdir}/*/.debug \
-  */udev/.debug \
-  "
+RDEPENDS_${PN}-testtools += "python3-core python3-dbus"
+RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
 
-RDEPENDS_${PN}-testtools += "python python-dbus python-pygobject"
+SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME_${PN} = "bluetooth"
 
-SYSTEMD_SERVICE_${PN} = "bluetooth.service"
+do_compile_ptest() {
+	oe_runmake buildtests
+}
+
+do_install_ptest() {
+	cp -r ${B}/unit/ ${D}${PTEST_PATH}
+	rm -f ${D}${PTEST_PATH}/unit/*.o
+}
 
-EXCLUDE_FROM_WORLD = "1"
+RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-utf-16"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
new file mode 100644
index 0000000000..618ed734a9
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
@@ -0,0 +1,56 @@
+From f74eb97c9fb3c0ee2895742e773ac6a3c41c999c Mon Sep 17 00:00:00 2001
+From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org>
+Date: Sat, 12 Oct 2013 17:45:25 +0200
+Subject: [PATCH] Allow using obexd without systemd in the user session
+
+Not all sessions run systemd --user (actually, the majority
+doesn't), so the dbus daemon must be able to spawn obexd
+directly, and to do so it needs the full path of the daemon.
+
+Upstream-Status: Denied
+
+Not accepted by upstream maintainer for being a distro specific
+configuration. See thread:
+
+http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843
+
+Signed-off-by: Javier Viguera <javier.viguera@digi.com>
+
+---
+ Makefile.obexd                                                | 4 ++--
+ .../src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+ rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%)
+
+diff --git a/Makefile.obexd b/Makefile.obexd
+index de59d29..73004a3 100644
+--- a/Makefile.obexd
++++ b/Makefile.obexd
+@@ -1,12 +1,12 @@
+ if SYSTEMD
+ systemduserunitdir = $(SYSTEMD_USERUNITDIR)
+ systemduserunit_DATA = obexd/src/obex.service
++endif
+ 
+ dbussessionbusdir = $(DBUS_SESSIONBUSDIR)
+ dbussessionbus_DATA = obexd/src/org.bluez.obex.service
+-endif
+ 
+-EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service
++EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service.in
+ 
+ if OBEX
+ 
+diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service.in
+similarity index 76%
+rename from obexd/src/org.bluez.obex.service
+rename to obexd/src/org.bluez.obex.service.in
+index a538088..9c815f2 100644
+--- a/obexd/src/org.bluez.obex.service
++++ b/obexd/src/org.bluez.obex.service.in
+@@ -1,4 +1,4 @@
+ [D-BUS Service]
+ Name=org.bluez.obex
+-Exec=/bin/false
++Exec=@libexecdir@/obexd
+ SystemdService=dbus-org.bluez.obex.service
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
new file mode 100644
index 0000000000..e90b6a546f
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
@@ -0,0 +1,43 @@
+From 61e741654cc2eb167bca212a3bb2ba8f3ba280c1 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Fri, 24 Aug 2018 12:04:03 +0800
+Subject: [PATCH] test-gatt: Fix hung issue
+
+The below test hangs infinitely
+$ unit/test-gatt -p  /robustness/unkown-request -d
+/robustness/unkown-request - init
+/robustness/unkown-request - setup
+/robustness/unkown-request - setup complete
+/robustness/unkown-request - run
+  GATT: < 02 17 00                                         ...
+  bt_gatt_server:MTU exchange complete, with MTU: 23
+  GATT: > 03 00 02                                         ...
+  PDU: = 03 00 02                                         ...
+  GATT: < bf 00
+
+Actually, the /robustness/unkown-request test does
+no action.
+
+Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ unit/test-gatt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unit/test-gatt.c b/unit/test-gatt.c
+index c7e28f8..b57373b 100644
+--- a/unit/test-gatt.c
++++ b/unit/test-gatt.c
+@@ -4463,7 +4463,7 @@ int main(int argc, char *argv[])
+ 			test_server, service_db_1, NULL,
+ 			raw_pdu(0x03, 0x00, 0x02),
+ 			raw_pdu(0xbf, 0x00),
+-			raw_pdu(0x01, 0xbf, 0x00, 0x00, 0x06));
++			raw_pdu());
+ 
+ 	define_test_server("/robustness/unkown-command",
+ 			test_server, service_db_1, NULL,
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
new file mode 100644
index 0000000000..24ddae6b63
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-tests-add-a-target-for-building-tests-without-runnin.patch
@@ -0,0 +1,28 @@
+From 4bdf0f96dcaa945fd29f26d56e5b36d8c23e4c8b Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Fri, 1 Apr 2016 17:07:34 +0300
+Subject: [PATCH] tests: add a target for building tests without running them
+
+Upstream-Status: Inappropriate [oe specific]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Makefile.am | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 1a48a71..ba3b92f 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -425,6 +425,9 @@ endif
+ TESTS = $(unit_tests)
+ AM_TESTS_ENVIRONMENT = MALLOC_CHECK_=3 MALLOC_PERTURB_=69
+ 
++# This allows building tests without running them
++buildtests: $(TESTS)
++
+ if DBUS_RUN_SESSION
+ AM_TESTS_ENVIRONMENT += dbus-run-session --
+ endif
+-- 
+2.8.0.rc3
+
diff --git a/meta/recipes-connectivity/bluez5/bluez5/bluetooth.conf b/meta/recipes-connectivity/bluez5/bluez5/bluetooth.conf
deleted file mode 100644
index 26845bb73c..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/bluetooth.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-<!-- This configuration file specifies the required security policies
-     for Bluetooth core daemon to work. -->
-
-<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-
-  <!-- ../system.conf have denied everything, so we just punch some holes -->
-
-  <policy context="default">
-    <allow own="org.bluez"/>
-    <allow send_destination="org.bluez"/>
-    <allow send_interface="org.bluez.Agent1"/>
-    <allow send_type="method_call"/>
-  </policy>
-
-</busconfig>
diff --git a/meta/recipes-connectivity/bluez5/bluez5/init b/meta/recipes-connectivity/bluez5/bluez5/init
new file mode 100644
index 0000000000..ca9fa18549
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/init
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+# Source function library
+. /etc/init.d/functions
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DESC=bluetooth
+
+DAEMON=@LIBEXECDIR@/bluetooth/bluetoothd
+
+# If you want to be ignore error of "org.freedesktop.hostname1",
+# please enable NOPLUGIN_OPTION.
+# NOPLUGIN_OPTION="--noplugin=hostname"
+NOPLUGIN_OPTION=""
+SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- $NOPLUGIN_OPTION"
+
+test -f $DAEMON || exit 0
+
+# FIXME: any of the sourced files may fail if/with syntax errors
+test -f /etc/default/bluetooth && . /etc/default/bluetooth
+test -f /etc/default/rcS && . /etc/default/rcS
+
+set -e
+
+case $1 in
+  start)
+	echo -n "Starting $DESC: "
+	if test "$BLUETOOTH_ENABLED" = 0; then
+		echo "disabled (see /etc/default/bluetooth)."
+		exit 0
+	fi
+	start-stop-daemon --start --background $SSD_OPTIONS
+	echo "${DAEMON##*/}."
+  ;;
+  stop)
+	echo -n "Stopping $DESC: "
+	if test "$BLUETOOTH_ENABLED" = 0; then
+		echo "disabled (see /etc/default/bluetooth)."
+		exit 0
+	fi
+	start-stop-daemon --stop $SSD_OPTIONS
+	echo "${DAEMON##*/}."
+  ;;
+  restart|force-reload)
+	$0 stop
+	sleep 1
+	$0 start
+  ;;
+  status)
+	status ${DAEMON} || exit $?
+   ;;
+   *)
+	N=/etc/init.d/bluetooth
+	echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+	exit 1
+	;;
+esac
+
+exit 0
+
+# vim:noet
diff --git a/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/meta/recipes-connectivity/bluez5/bluez5/run-ptest
new file mode 100644
index 0000000000..0335e68e48
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/run-ptest
@@ -0,0 +1,31 @@
+#! /bin/sh
+
+cd unit
+
+failed=0
+all=0
+
+for f in test-*; do
+    "./$f" -q
+    case "$?" in
+        0)
+            echo "PASS: $f"
+            all=$((all + 1))
+            ;;
+        77)
+            echo "SKIP: $f"
+            ;;
+        *)
+            echo "FAIL: $f"
+            failed=$((failed + 1))
+            all=$((all + 1))
+            ;;
+    esac
+done
+
+if [ "$failed" -eq 0 ] ; then
+  echo "All $all tests passed"
+else
+  echo "$failed of $all tests failed"
+fi
+
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.33.bb b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
index 23c7397e16..260eee1402 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.33.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.54.bb
@@ -1,23 +1,26 @@
 require bluez5.inc
-SRC_URI[md5sum] = "78782dc33d9a8b6344c4cc1af70c8a98"
-SRC_URI[sha256sum] = "1801807a13506678cbfeb15c6a4b89ecb5739efe1067eb464da6641d731436d3"
+
+SRC_URI[md5sum] = "e637feb2dbb7582bbbff1708367a847c"
+SRC_URI[sha256sum] = "68cdab9e63e8832b130d5979dc8c96fdb087b31278f342874d992af3e56656dc"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
 NOINST_TOOLS_READLINE ?= " \
-    attrib/gatttool \
+    ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \
     tools/obex-client-tool \
     tools/obex-server-tool \
     tools/bluetooth-player \
     tools/obexctl \
+    tools/btmgmt \
 "
 
-# noinst programs in Makefile.tools that are conditional on EXPERIMENTAL
+# noinst programs in Makefile.tools that are conditional on TESTING
 # support
-NOINST_TOOLS_EXPERIMENTAL ?= " \
+NOINST_TOOLS_TESTING ?= " \
     emulator/btvirt \
     emulator/b1ee \
     emulator/hfp \
+    peripheral/btsensor \
     tools/3dsp \
     tools/mgmt-tester \
     tools/gap-tester \
@@ -26,6 +29,13 @@ NOINST_TOOLS_EXPERIMENTAL ?= " \
     tools/smp-tester \
     tools/hci-tester \
     tools/rfcomm-tester \
+    tools/bnep-tester \
+    tools/userchan-tester \
+"
+
+# noinst programs in Makefile.tools that are conditional on TOOLS
+# support
+NOINST_TOOLS_BT ?= " \
     tools/bdaddr \
     tools/avinfo \
     tools/avtest \
@@ -34,19 +44,25 @@ NOINST_TOOLS_EXPERIMENTAL ?= " \
     tools/hwdb \
     tools/hcieventmask \
     tools/hcisecfilter \
-    tools/btmgmt \
     tools/btinfo \
-    tools/btattach \
     tools/btsnoop \
     tools/btproxy \
     tools/btiotest \
+    tools/bneptest \
     tools/mcaptest \
     tools/cltest \
     tools/oobtest \
+    tools/advtest \
     tools/seq2bseq \
+    tools/nokfw \
+    tools/create-image \
+    tools/eddystone \
     tools/ibeacon \
     tools/btgatt-client \
     tools/btgatt-server \
+    tools/test-runner \
+    tools/check-selftest \
     tools/gatt-service \
     profiles/iap/iapd \
+    ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \
 "
diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb
index bd4c28d997..9a519ec866 100644
--- a/meta/recipes-connectivity/connman/connman-conf.bb
+++ b/meta/recipes-connectivity/connman/connman-conf.bb
@@ -4,8 +4,11 @@ network interface for a qemu machine."
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
 
+inherit systemd
+
 SRC_URI_append_qemuall = " file://wired.config \
                            file://wired-setup \
+                           file://wired-connection.service \
 "
 PR = "r2"
 
@@ -13,14 +16,21 @@ S = "${WORKDIR}"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-FILES_${PN} = "${localstatedir}/* ${libdir}/*"
+FILES_${PN} = "${localstatedir}/* ${datadir}/*"
 
 do_install() {
     #Configure Wired network interface in case of qemu* machines
-    if test -e ${WORKDIR}/wired.config && test -e ${WORKDIR}/wired-setup; then
+    if test -e ${WORKDIR}/wired.config &&
+       test -e ${WORKDIR}/wired-setup &&
+       test -e ${WORKDIR}/wired-connection.service; then
         install -d ${D}${localstatedir}/lib/connman
         install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman
-        install -d ${D}${libdir}/connman
-        install -m 0755 ${WORKDIR}/wired-setup ${D}${libdir}/connman
+        install -d ${D}${datadir}/connman
+        install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman
+        install -d ${D}${systemd_system_unitdir}
+        install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir}
+        sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service
     fi
 }
+
+SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service"
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service
new file mode 100644
index 0000000000..48adfc08ac
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Setup a wired interface
+Before=connman.service
+
+[Service]
+Type=oneshot
+ExecStart=@SCRIPTDIR@/wired-setup
+
+[Install]
+WantedBy=network.target
diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
new file mode 100644
index 0000000000..c93e9b4654
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
@@ -0,0 +1,277 @@
+From a59b0fac02e74a971ac3f08bf28c17ce361a9526 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Wed, 2 Mar 2016 15:47:49 +0200
+Subject: [PATCH] Port to Gtk3
+
+Some unused (or not useful) code was removed, functionality should stay
+the same.
+
+Code still contains quite a few uses of deprecated API.
+
+Upstream-Status: Submitted
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+---
+ applet/agent.c        |  3 +--
+ applet/main.c         | 43 -------------------------------------------
+ applet/status.c       |  8 --------
+ configure.ac          |  3 +--
+ properties/ethernet.c | 14 +++++++-------
+ properties/main.c     |  2 +-
+ properties/wifi.c     | 12 ++++++------
+ 7 files changed, 16 insertions(+), 69 deletions(-)
+
+diff --git a/applet/agent.c b/applet/agent.c
+index 65bed08..04fe86a 100644
+--- a/applet/agent.c
++++ b/applet/agent.c
+@@ -126,7 +126,6 @@ static void request_input_dialog(GHashTable *request,
+ 	gtk_window_set_position(GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+ 	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+ 	gtk_window_set_urgency_hint(GTK_WINDOW(dialog), TRUE);
+-	gtk_dialog_set_has_separator(GTK_DIALOG(dialog), FALSE);
+ 	input->dialog = dialog;
+ 
+ 	gtk_dialog_add_button(GTK_DIALOG(dialog),
+@@ -139,7 +138,7 @@ static void request_input_dialog(GHashTable *request,
+ 	gtk_table_set_row_spacings(GTK_TABLE(table), 4);
+ 	gtk_table_set_col_spacings(GTK_TABLE(table), 20);
+ 	gtk_container_set_border_width(GTK_CONTAINER(table), 12);
+-	gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
++	gtk_container_add(GTK_CONTAINER(gtk_dialog_get_content_area (GTK_DIALOG(dialog))), table);
+ 
+ 	label = gtk_label_new(_("Please provide some network information:"));
+ 	gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0);
+diff --git a/applet/main.c b/applet/main.c
+index f12d371..cd16285 100644
+--- a/applet/main.c
++++ b/applet/main.c
+@@ -157,46 +157,6 @@ static void name_owner_changed(DBusGProxy *proxy, const char *name,
+ 	}
+ }
+ 
+-static void open_uri(GtkWindow *parent, const char *uri)
+-{
+-	GtkWidget *dialog;
+-	GdkScreen *screen;
+-	GError *error = NULL;
+-	gchar *cmdline;
+-
+-	screen = gtk_window_get_screen(parent);
+-
+-	cmdline = g_strconcat("xdg-open ", uri, NULL);
+-
+-	if (gdk_spawn_command_line_on_screen(screen,
+-				cmdline, &error) == FALSE) {
+-		dialog = gtk_message_dialog_new(parent,
+-				GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR,
+-				GTK_BUTTONS_CLOSE, "%s", error->message);
+-		gtk_dialog_run(GTK_DIALOG(dialog));
+-		gtk_widget_destroy(dialog);
+-		g_error_free(error);
+-	}
+-
+-	g_free(cmdline);
+-}
+-
+-static void about_url_hook(GtkAboutDialog *dialog,
+-				const gchar *url, gpointer data)
+-{
+-	open_uri(GTK_WINDOW(dialog), url);
+-}
+-
+-static void about_email_hook(GtkAboutDialog *dialog,
+-				const gchar *email, gpointer data)
+-{
+-	gchar *uri;
+-
+-	uri = g_strconcat("mailto:", email, NULL);
+-	open_uri(GTK_WINDOW(dialog), uri);
+-	g_free(uri);
+-}
+-
+ static void about_callback(GtkWidget *item, gpointer user_data)
+ {
+ 	const gchar *authors[] = {
+@@ -204,9 +164,6 @@ static void about_callback(GtkWidget *item, gpointer user_data)
+ 		NULL
+ 	};
+ 
+-	gtk_about_dialog_set_url_hook(about_url_hook, NULL, NULL);
+-	gtk_about_dialog_set_email_hook(about_email_hook, NULL, NULL);
+-
+ 	gtk_show_about_dialog(NULL, "version", VERSION,
+ 			"copyright", "Copyright \xc2\xa9 2008 Intel Corporation",
+ 			"comments", _("A connection manager for the GNOME desktop"),
+diff --git a/applet/status.c b/applet/status.c
+index aed6f1e..015ff29 100644
+--- a/applet/status.c
++++ b/applet/status.c
+@@ -102,8 +102,6 @@ static void icon_animation_start(IconAnimation *animation,
+ {
+ 	available = TRUE;
+ 
+-	gtk_status_icon_set_tooltip(statusicon, NULL);
+-
+ 	animation->start = start;
+ 	animation->end = (end == 0) ? animation->count - 1 : end;
+ 
+@@ -120,8 +118,6 @@ static void icon_animation_stop(IconAnimation *animation)
+ {
+ 	available = TRUE;
+ 
+-	gtk_status_icon_set_tooltip(statusicon, NULL);
+-
+ 	if (animation->id > 0)
+ 		g_source_remove(animation->id);
+ 
+@@ -251,8 +247,6 @@ void status_unavailable(void)
+ 	available = FALSE;
+ 
+ 	gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_notifier);
+-	gtk_status_icon_set_tooltip(statusicon,
+-				"Connection Manager daemon is not running");
+ 
+ 	gtk_status_icon_set_visible(statusicon, TRUE);
+ }
+@@ -299,7 +293,6 @@ static void set_ready(gint signal)
+ 
+ 	if (signal < 0) {
+ 		gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_wired);
+-		gtk_status_icon_set_tooltip(statusicon, NULL);
+ 		return;
+ 	}
+ 
+@@ -311,7 +304,6 @@ static void set_ready(gint signal)
+ 		index = 4;
+ 
+ 	gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_signal[index]);
+-	gtk_status_icon_set_tooltip(statusicon, NULL);
+ }
+ 
+ struct timeout_data {
+diff --git a/configure.ac b/configure.ac
+index b972e07..a4dad5d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -55,8 +55,7 @@ AC_SUBST(DBUS_LIBS)
+ DBUS_BINDING_TOOL="dbus-binding-tool"
+ AC_SUBST(DBUS_BINDING_TOOL)
+ 
+-PKG_CHECK_MODULES(GTK, gtk+-2.0 >= 2.8, dummy=yes,
+-				AC_MSG_ERROR(gtk+ >= 2.8 is required))
++PKG_CHECK_MODULES(GTK, gtk+-3.0)
+ AC_SUBST(GTK_CFLAGS)
+ AC_SUBST(GTK_LIBS)
+ 
+diff --git a/properties/ethernet.c b/properties/ethernet.c
+index 31db7a0..0b6b423 100644
+--- a/properties/ethernet.c
++++ b/properties/ethernet.c
+@@ -82,7 +82,7 @@ void add_ethernet_switch_button(GtkWidget *mainbox, GtkTreeIter *iter,
+ 	gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ 	gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+ 
+-	table = gtk_table_new(1, 1, TRUE);
++	table = gtk_table_new(1, 1, FALSE);
+ 	gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ 	gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ 	gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -136,7 +136,7 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d
+ 	gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ 	gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+ 
+-	table = gtk_table_new(5, 5, TRUE);
++	table = gtk_table_new(5, 5, FALSE);
+ 	gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ 	gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ 	gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -144,9 +144,9 @@ void add_ethernet_service(GtkWidget *mainbox, GtkTreeIter *iter, struct config_d
+ 	label = gtk_label_new(_("Configuration:"));
+ 	gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 0, 1);
+ 
+-	combo = gtk_combo_box_new_text();
+-	gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP");
+-	gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "MANUAL");
++	combo = gtk_combo_box_text_new();
++	gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP");
++	gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "MANUAL");
+ 	gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo),
+ 					separator_function, NULL, NULL);
+ 	gtk_table_attach_defaults(GTK_TABLE(table), combo, 2, 4, 0, 1);
+@@ -219,7 +219,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy)
+ 	case CONNMAN_POLICY_DHCP:
+ 		gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
+ 		for (i = 0; i < 3; i++) {
+-			gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0);
++			gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0);
+ 			gtk_widget_set_sensitive(entry[i], 0);
+ 			gtk_entry_set_text(GTK_ENTRY(entry[i]), _(""));
+ 		}
+@@ -227,7 +227,7 @@ void update_ethernet_ipv4(struct config_data *data, guint policy)
+ 	case CONNMAN_POLICY_MANUAL:
+ 		gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1);
+ 		for (i = 0; i < 3; i++) {
+-			gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1);
++			gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1);
+ 			gtk_widget_set_sensitive(entry[i], 1);
+ 		}
+ 		break;
+diff --git a/properties/main.c b/properties/main.c
+index c05f443..6f76361 100644
+--- a/properties/main.c
++++ b/properties/main.c
+@@ -429,7 +429,7 @@ static GtkWidget *create_interfaces(GtkWidget *window)
+ 
+ 	scrolled = gtk_scrolled_window_new(NULL, NULL);
+ 	gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(scrolled),
+-				GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC);
++				GTK_POLICY_NEVER, GTK_POLICY_AUTOMATIC);
+ 	gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW(scrolled),
+ 							GTK_SHADOW_OUT);
+ 	gtk_box_pack_start(GTK_BOX(hbox), scrolled, FALSE, TRUE, 0);
+diff --git a/properties/wifi.c b/properties/wifi.c
+index bd325ef..a5827e0 100644
+--- a/properties/wifi.c
++++ b/properties/wifi.c
+@@ -125,7 +125,7 @@ void add_wifi_switch_button(GtkWidget *mainbox, GtkTreeIter *iter,
+ 	gtk_container_set_border_width(GTK_CONTAINER(vbox), 24);
+ 	gtk_box_pack_start(GTK_BOX(mainbox), vbox, FALSE, FALSE, 0);
+ 
+-	table = gtk_table_new(1, 1, TRUE);
++	table = gtk_table_new(1, 1, FALSE);
+ 	gtk_table_set_row_spacings(GTK_TABLE(table), 10);
+ 	gtk_table_set_col_spacings(GTK_TABLE(table), 10);
+ 	gtk_box_pack_start(GTK_BOX(vbox), table, FALSE, FALSE, 0);
+@@ -185,9 +185,9 @@ static void wifi_ipconfig(GtkWidget *table, struct config_data *data, GtkTreeIte
+ 	gtk_table_attach_defaults(GTK_TABLE(table), label, 1, 2, 3, 4);
+ 	data->ipv4.label[0] = label;
+ 
+-	combo = gtk_combo_box_new_text();
+-	gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "DHCP");
+-	gtk_combo_box_append_text(GTK_COMBO_BOX(combo), "Manual");
++	combo = gtk_combo_box_text_new();
++	gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "DHCP");
++	gtk_combo_box_text_append_text(GTK_COMBO_BOX_TEXT(combo), "Manual");
+ 
+ 	gtk_combo_box_set_row_separator_func(GTK_COMBO_BOX(combo),
+ 			separator_function, NULL, NULL);
+@@ -335,14 +335,14 @@ void update_wifi_ipv4(struct config_data *data, guint policy)
+ 	case CONNMAN_POLICY_DHCP:
+ 		gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 0);
+ 		for (i = 0; i < 3; i++) {
+-			gtk_entry_set_editable(GTK_ENTRY(entry[i]), 0);
++			gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 0);
+ 			gtk_widget_set_sensitive(entry[i], 0);
+ 		}
+ 		break;
+ 	case CONNMAN_POLICY_MANUAL:
+ 		gtk_combo_box_set_active(GTK_COMBO_BOX(combo), 1);
+ 		for (i = 0; i < 3; i++) {
+-			gtk_entry_set_editable(GTK_ENTRY(entry[i]), 1);
++			gtk_editable_set_editable(GTK_EDITABLE(entry[i]), 1);
+ 			gtk_widget_set_sensitive(entry[i], 1);
+ 		}
+ 		break;
+-- 
+2.8.1
+
diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
index 4f36b95601..7957500dcf 100644
--- a/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
+++ b/meta/recipes-connectivity/connman/connman-gnome/0001-Removed-icon-from-connman-gnome-about-applet.patch
@@ -10,7 +10,7 @@ it was removed.
 
 [OE-Core #2509]
 
-Upstream-Status : Pending
+Upstream-Status: Pending
 
 Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
 ---
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index f5575d2938..af986c4eab 100644
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -6,20 +6,22 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                     file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \
                     file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a"
 
-DEPENDS = "gtk+ dbus-glib intltool-native"
+DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native"
 
 # 0.7 tag
 SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
 SRC_URI = "git://github.com/connectivity/connman-gnome.git \
            file://0001-Removed-icon-from-connman-gnome-about-applet.patch \
            file://null_check_for_ipv4_config.patch \
-           file://images/* \
+           file://images/ \
            file://connman-gnome-fix-dbus-interface-name.patch \
+           file://0001-Port-to-Gtk3.patch \
           "
 
 S = "${WORKDIR}/git"
 
-inherit autotools-brokensep gtk-icon-cache pkgconfig
+inherit autotools-brokensep gtk-icon-cache pkgconfig features_check
+ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
 RDEPENDS_${PN} = "connman"
 
diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
index 17dc4b938c..776bbfbff2 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -13,11 +13,9 @@ LICENSE  = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
                     file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
 
-inherit autotools pkgconfig systemd update-rc.d bluetooth
+inherit autotools pkgconfig systemd update-rc.d update-alternatives
 
-DEPENDS  = "dbus glib-2.0 ppp iptables"
-
-INC_PR = "r20"
+DEPENDS  = "dbus glib-2.0 ppp"
 
 EXTRA_OECONF += "\
     ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \
@@ -26,25 +24,21 @@ EXTRA_OECONF += "\
     --enable-loopback \
     --enable-ethernet \
     --enable-tools \
-    --enable-test \
     --disable-polkit \
-    --enable-client \
 "
 
-PACKAGECONFIG ??= "wispr \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'systemd','systemd', '', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wifi', '', d)} \
+PACKAGECONFIG ??= "wispr iptables client\
+                   ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', '3g','3g', '', d)} \
 "
 
 # If you want ConnMan to support VPN, add following statement into
 # local.conf or distro config
 # PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp"
 
-PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir="
+PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''"
 PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant"
-PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}, ${BLUEZ}"
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5"
 PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono"
 PACKAGECONFIG[tist] = "--enable-tist,--disable-tist,"
 PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn"
@@ -53,13 +47,18 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t
 PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux"
 # WISPr support for logging into hotspots, requires TLS
 PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls,"
+PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat"
+PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables"
+PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard"
+PACKAGECONFIG[client] = "--enable-client,--disable-client,readline"
+PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl"
 
 INITSCRIPT_NAME = "connman"
 INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
 
 python __anonymous () {
-    systemd_packages = "${PN}"
-    pkgconfig = d.getVar('PACKAGECONFIG', True)
+    systemd_packages = "${PN} ${PN}-wait-online"
+    pkgconfig = d.getVar('PACKAGECONFIG')
     if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
         systemd_packages += " ${PN}-vpn"
     d.setVar('SYSTEMD_PACKAGES', systemd_packages)
@@ -67,23 +66,18 @@ python __anonymous () {
 
 SYSTEMD_SERVICE_${PN} = "connman.service"
 SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service"
-SYSTEMD_WIRED_SETUP = "ExecStartPre=-${libdir}/connman/wired-setup"
-
-# This allows *everyone* to access ConnMan over DBus, without any access
-# control.  Really the at_console flag should work, which would mean that
-# both this and the xuser patch can be dropped.
-do_compile_append() {
-	sed -i -e s:deny:allow:g ${S}/src/connman-dbus.conf
-	sed -i -e s:deny:allow:g ${S}/vpn/vpn-dbus.conf
+SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service"
 
-	sed -i "s#ExecStart=#${SYSTEMD_WIRED_SETUP}\nExecStart=#" ${B}/src/connman.service
-}
+ALTERNATIVE_PRIORITY = "100"
+ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
+ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}"
+ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
 
 do_install_append() {
 	if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
 		install -d ${D}${sysconfdir}/init.d
 		install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman
-		sed -i s%@LIBDIR@%${libdir}% ${D}${sysconfdir}/init.d/connman
+		sed -i s%@DATADIR@%${datadir}% ${D}${sysconfdir}/init.d/connman
 	fi
 
 	install -d ${D}${bindir}
@@ -91,7 +85,6 @@ do_install_append() {
 	if [ -e ${B}/tools/wispr ]; then
 		install -m 0755 ${B}/tools/wispr ${D}${bindir}
 	fi
-	install -m 0755 ${B}/client/connmanctl ${D}${bindir}
 
 	# We don't need to package an empty directory
 	rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts
@@ -99,6 +92,11 @@ do_install_append() {
 	# Automake 1.12 won't install empty directories, but we need the
 	# plugins directory to be present for ownership
 	mkdir -p ${D}${libdir}/connman/plugins
+
+    # For read-only filesystem, do not create links during bootup
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman
+    fi
 }
 
 # These used to be plugins, but now they are core
@@ -112,7 +110,6 @@ RPROVIDES_${PN} = "\
 
 RDEPENDS_${PN} = "\
 	dbus \
-	${@base_conditional('ROOTLESS_X', '1', 'xuser-account', '', d)} \
 	"
 
 PACKAGES_DYNAMIC += "^${PN}-plugin-.*"
@@ -128,43 +125,43 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip):
 
 python populate_packages_prepend() {
     depmap = dict(pppd="ppp")
-    multilib_prefix = (d.getVar("MLPREFIX", True) or "")
+    multilib_prefix = (d.getVar("MLPREFIX") or "")
 
     hook = lambda file,pkg,x,y,z: \
         add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False)
     plugin_dir = d.expand('${libdir}/connman/plugins/')
     plugin_name = d.expand('${PN}-plugin-%s')
-    do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+    do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
         '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True )
 
     hook = lambda file,pkg,x,y,z: \
         add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True)
     plugin_dir = d.expand('${libdir}/connman/plugins-vpn/')
     plugin_name = d.expand('${PN}-plugin-vpn-%s')
-    do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+    do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
         '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True )
 }
 
 PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client"
 
 FILES_${PN}-tools = "${bindir}/wispr"
+RDEPENDS_${PN}-tools ="${PN}"
 
-FILES_${PN}-tests = "${bindir}/*-test ${libdir}/${BPN}/test/*"
-RDEPENDS_${PN}-tests = "python-dbus python-pygobject python-textutils python-subprocess python-fcntl python-netclient"
+FILES_${PN}-tests = "${bindir}/*-test"
 
 FILES_${PN}-client = "${bindir}/connmanctl"
+RDEPENDS_${PN}-client ="${PN}"
 
 FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
             ${libdir}/connman/plugins \
-            ${sysconfdir} ${sharedstatedir} ${localstatedir} \
+            ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \
             ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
-            ${datadir}/dbus-1/system-services/*"
-
-FILES_${PN}-dbg += "${libdir}/connman/*/.debug"
+            ${datadir}/dbus-1/system-services/* \
+            ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
 
 FILES_${PN}-dev += "${libdir}/connman/*/*.la"
 
-PACKAGES =+ "${PN}-vpn"
+PACKAGES =+ "${PN}-vpn ${PN}-wait-online"
 
 SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices"
 DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \
@@ -178,6 +175,12 @@ FILES_${PN}-vpn += "${sbindir}/connman-vpnd \
                     ${datadir}/dbus-1/system-services/net.connman.vpn.service \
                     ${systemd_unitdir}/system/connman-vpn.service"
 
+SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network"
+DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \
+the system waits until a network connection is established."
+FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \
+                            ${systemd_unitdir}/system/connman-wait-online.service"
+
 SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN"
 DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \
 to create a VPN connection to OpenVPN server."
@@ -190,7 +193,8 @@ SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN"
 DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \
 to create a VPN connection to Cisco3000 VPN Concentrator."
 FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \
-                                ${libdir}/connman/plugins-vpn/vpnc.so"
+                                ${libdir}/connman/plugins-vpn/vpnc.so \
+                                ${libdir}/connman/scripts/vpn-script"
 RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn"
 RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}"
 
diff --git a/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch b/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch
new file mode 100644
index 0000000000..8e2e0bd02d
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch
@@ -0,0 +1,29 @@
+From 9f70b94ebf18f52c115634642652830fa77f27a1 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Mon, 12 Jun 2017 16:52:39 +0300
+Subject: [PATCH] connman.service: stop systemd-resolved when we use connman
+
+Stop systemd-resolved service when we use connman as network manager.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ src/connman.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/connman.service.in b/src/connman.service.in
+index 9f5c10f..dab48bc 100644
+--- a/src/connman.service.in
++++ b/src/connman.service.in
+@@ -6,6 +6,7 @@ RequiresMountsFor=@localstatedir@/lib/connman
+ After=dbus.service network-pre.target systemd-sysusers.service
+ Before=network.target multi-user.target shutdown.target
+ Wants=network.target
++Conflicts=systemd-resolved.service
+ 
+ [Service]
+ Type=dbus
+-- 
+2.4.0
+
diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
new file mode 100644
index 0000000000..942b9c97b6
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
@@ -0,0 +1,83 @@
+From c7734e1547db967eccf242fe4b9e8a30b9ff141c Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 6 Apr 2015 23:02:21 -0700
+Subject: [PATCH] resolve: musl does not implement res_ninit
+
+ported from
+http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ gweb/gresolv.c | 34 +++++++++++++---------------------
+ 1 file changed, 13 insertions(+), 21 deletions(-)
+
+diff --git a/gweb/gresolv.c b/gweb/gresolv.c
+index 38a554e..a9e8740 100644
+--- a/gweb/gresolv.c
++++ b/gweb/gresolv.c
+@@ -36,6 +36,7 @@
+ #include <arpa/inet.h>
+ #include <arpa/nameser.h>
+ #include <net/if.h>
++#include <ctype.h>
+ 
+ #include "gresolv.h"
+ 
+@@ -877,8 +878,6 @@ GResolv *g_resolv_new(int index)
+ 	resolv->index = index;
+ 	resolv->nameserver_list = NULL;
+ 
+-	res_ninit(&resolv->res);
+-
+ 	return resolv;
+ }
+ 
+@@ -918,8 +917,6 @@ void g_resolv_unref(GResolv *resolv)
+ 
+ 	flush_nameservers(resolv);
+ 
+-	res_nclose(&resolv->res);
+-
+ 	g_free(resolv);
+ }
+ 
+@@ -1022,24 +1019,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
+ 	debug(resolv, "hostname %s", hostname);
+ 
+ 	if (!resolv->nameserver_list) {
+-		int i;
+-
+-		for (i = 0; i < resolv->res.nscount; i++) {
+-			char buf[100];
+-			int family = resolv->res.nsaddr_list[i].sin_family;
+-			void *sa_addr = &resolv->res.nsaddr_list[i].sin_addr;
+-
+-			if (family != AF_INET &&
+-					resolv->res._u._ext.nsaddrs[i]) {
+-				family = AF_INET6;
+-				sa_addr = &resolv->res._u._ext.nsaddrs[i]->sin6_addr;
++		FILE *f = fopen("/etc/resolv.conf", "r");
++		if (f) {
++			char line[256], *s;
++			int i;
++			while (fgets(line, sizeof(line), f)) {
++				if (strncmp(line, "nameserver", 10) || !isspace(line[10]))
++					continue;
++				for (s = &line[11]; isspace(s[0]); s++);
++				for (i = 0; s[i] && !isspace(s[i]); i++);
++				s[i] = 0;
++				g_resolv_add_nameserver(resolv, s, 53, 0);
+ 			}
+-
+-			if (family != AF_INET && family != AF_INET6)
+-				continue;
+-
+-			if (inet_ntop(family, sa_addr, buf, sizeof(buf)))
+-				g_resolv_add_nameserver(resolv, buf, 53, 0);
++			fclose(f);
+ 		}
+ 
+ 		if (!resolv->nameserver_list)
diff --git a/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch b/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch
deleted file mode 100644
index 707b3cafba..0000000000
--- a/meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Because Poky doesn't support at_console we need to special-case the session
-user.
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-diff --git a/src/connman-dbus.conf b/src/connman-dbus.conf
-index 98a773e..466809c 100644
---- a/src/connman-dbus.conf
-+++ b/src/connman-dbus.conf
-@@ -8,6 +8,9 @@
-         <allow send_interface="net.connman.Counter"/>
-         <allow send_interface="net.connman.Notification"/>
-     </policy>
-+    <policy user="xuser">
-+        <allow send_destination="net.connman"/>
-+    </policy>
-     <policy at_console="true">
-         <allow send_destination="net.connman"/>
-     </policy>
diff --git a/meta/recipes-connectivity/connman/connman/build-create-dirs-before-putting-files-in-them.patch b/meta/recipes-connectivity/connman/connman/build-create-dirs-before-putting-files-in-them.patch
deleted file mode 100644
index 260d68d3df..0000000000
--- a/meta/recipes-connectivity/connman/connman/build-create-dirs-before-putting-files-in-them.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-When automake's dependency tracking is enabled a mirror of the source tree is
-created in the build directory as it writes the dependency information.
-
-However, if dependency tracking is disabled on an out-of-tree build this mirror
-isn't created and it's possible that the .service files can't be written as the
-directories they go into haven't been created yet (racing against the compiles,
-which do create directories).
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
----
- Makefile.am | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/Makefile.am b/Makefile.am
-index 507736d..bc3c695 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -410,9 +410,11 @@ MAINTAINERCLEANFILES = Makefile.in \
-
-
- src/builtin.h: src/genbuiltin $(builtin_sources)
-+	$(AM_V_AT)$(MKDIR_P) $(dir $@)
- 	$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
-
- vpn/builtin.h: src/genbuiltin $(builtin_vpn_sources)
-+	$(AM_V_AT)$(MKDIR_P) $(dir $@)
- 	$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_vpn_modules) > $@
-
- src/connman.conf: src/connman-dbus.conf src/connman-polkit.conf
-@@ -449,9 +451,11 @@ do_subst = $(AM_V_GEN)$(SED) \
- 		-e 's,[@]sysconfdir[@],$(sysconfdir),g'
-
- %.service: %.service.in Makefile
-+	$(AM_V_AT)$(MKDIR_P) $(dir $@)
- 	$(do_subst) < $< > $@
-
- scripts/connman: scripts/connman.in Makefile
-+	$(AM_V_at)$(MKDIR_P) scripts
- 	$(do_subst) < $< > $@
-
- include/connman/version.h: include/version.h
---
-2.1.4
-
diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman
index bf7a94a06d..c64fa0d715 100644
--- a/meta/recipes-connectivity/connman/connman/connman
+++ b/meta/recipes-connectivity/connman/connman/connman
@@ -49,8 +49,8 @@ do_start() {
 		fi
 	    fi
 	fi
-	if [ -f @LIBDIR@/connman/wired-setup ] ; then
-		. @LIBDIR@/connman/wired-setup
+	if [ -f @DATADIR@/connman/wired-setup ] ; then
+		. @DATADIR@/connman/wired-setup
 	fi
 	$DAEMON $EXTRA_PARAM
 }
diff --git a/meta/recipes-connectivity/connman/connman/no-version-scripts.patch b/meta/recipes-connectivity/connman/connman/no-version-scripts.patch
new file mode 100644
index 0000000000..e96e38bcf9
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/no-version-scripts.patch
@@ -0,0 +1,27 @@
+With binutils 2.27 on at least MIPS, connmand will crash on startup.  This
+appears to be due to the symbol visibilty scripts hiding symbols that stdio
+looks up at runtime, resulting in it segfaulting.
+
+This certainly appears to be a bug in binutils 2.27 although the problem has
+been known about for some time:
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=17908
+
+As the version scripts are only used to hide symbols from plugins we can safely
+remove the scripts to work around the problem until binutils is fixed.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Makefile.am b/Makefile.am
+index d70725c..76ae432 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -132,2 +132 @@ src_connmand_LDADD = gdbus/libgdbus-internal.la $(builtin_libadd) \
+-src_connmand_LDFLAGS = -Wl,--export-dynamic \
+-				-Wl,--version-script=$(srcdir)/src/connman.ver
++src_connmand_LDFLAGS = -Wl,--export-dynamic
+@@ -166,2 +165 @@ vpn_connman_vpnd_LDADD = gdbus/libgdbus-internal.la $(builtin_vpn_libadd) \
+-vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic \
+-				-Wl,--version-script=$(srcdir)/vpn/vpn.ver
++vpn_connman_vpnd_LDFLAGS = -Wl,--export-dynamic
diff --git a/meta/recipes-connectivity/connman/connman_1.29.bb b/meta/recipes-connectivity/connman/connman_1.29.bb
deleted file mode 100644
index 3bcd778ddb..0000000000
--- a/meta/recipes-connectivity/connman/connman_1.29.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require connman.inc
-
-SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-            file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
-            file://add_xuser_dbus_permission.patch \
-            file://build-create-dirs-before-putting-files-in-them.patch \
-            file://connman \
-            "
-SRC_URI[md5sum] = "5283884504860f5fba2e6f489f517293"
-SRC_URI[sha256sum] = "2a5a69693566f7fd59b2e677fa89356ada6d709998aa665caef8707b1e7a8594"
-
-RRECOMMENDS_${PN} = "connman-conf"
-
diff --git a/meta/recipes-connectivity/connman/connman_1.38.bb b/meta/recipes-connectivity/connman/connman_1.38.bb
new file mode 100644
index 0000000000..027c41e9af
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman_1.38.bb
@@ -0,0 +1,16 @@
+require connman.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+           file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+           file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
+           file://connman \
+           file://no-version-scripts.patch \
+           "
+
+SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
+
+SRC_URI[md5sum] = "1ed8745354c7254bdfd4def54833ee94"
+SRC_URI[sha256sum] = "cb30aca97c2f79ccaed8802aa2909ac5100a3969de74c0af8a9d73b85fc4932b"
+
+RRECOMMENDS_${PN} = "connman-conf"
+RCONFLICTS_${PN} = "networkmanager"
diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc b/meta/recipes-connectivity/dhcp/dhcp.inc
deleted file mode 100644
index d883a8df48..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp.inc
+++ /dev/null
@@ -1,115 +0,0 @@
-SECTION = "console/network"
-SUMMARY = "Internet Software Consortium DHCP package"
-DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \
-which allows individual devices on an IP network to get their own \
-network configuration information from a server.  DHCP helps make it \
-easier to administer devices."
-
-HOMEPAGE = "http://www.isc.org/"
-
-LICENSE = "ISC"
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753"
-
-DEPENDS = "openssl bind"
-
-SRC_URI = "ftp://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
-           file://define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \
-           file://init-relay file://default-relay \
-           file://init-server file://default-server \
-           file://dhclient.conf file://dhcpd.conf \
-           file://dhcpd.service file://dhcrelay.service \
-           file://dhcpd6.service "
-
-inherit autotools systemd
-
-SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay"
-SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service"
-SYSTEMD_AUTO_ENABLE_${PN}-server = "disable"
-
-SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service"
-SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable"
-
-TARGET_CFLAGS += "-D_GNU_SOURCE"
-EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
-                --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \
-                --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
-                --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
-                --with-libbind=${STAGING_LIBDIR}/ \
-               "
-
-do_install_append () {
-	install -d ${D}${sysconfdir}/init.d
-	install -d ${D}${sysconfdir}/default
-	install -d ${D}${sysconfdir}/dhcp
-	install -m 0755 ${WORKDIR}/init-relay ${D}${sysconfdir}/init.d/dhcp-relay
-	install -m 0644 ${WORKDIR}/default-relay ${D}${sysconfdir}/default/dhcp-relay
-	install -m 0755 ${WORKDIR}/init-server ${D}${sysconfdir}/init.d/dhcp-server
-	install -m 0644 ${WORKDIR}/default-server ${D}${sysconfdir}/default/dhcp-server
-
-	rm -f ${D}${sysconfdir}/dhclient.conf*
-	rm -f ${D}${sysconfdir}/dhcpd.conf*
-	install -m 0644 ${WORKDIR}/dhclient.conf ${D}${sysconfdir}/dhcp/dhclient.conf
-	install -m 0644 ${WORKDIR}/dhcpd.conf ${D}${sysconfdir}/dhcp/dhcpd.conf
-
-	install -d ${D}${base_sbindir}/
-	if [ "${sbindir}" != "${base_sbindir}" ]; then
-		mv ${D}${sbindir}/dhclient ${D}${base_sbindir}/
-	fi
-	install -m 0755 ${S}/client/scripts/linux ${D}${base_sbindir}/dhclient-script
-
-	# Install systemd unit files
-	install -d ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/dhcpd.service ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/dhcpd6.service ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/dhcrelay.service ${D}${systemd_unitdir}/system
-	sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service ${D}${systemd_unitdir}/system/dhcrelay.service
-	sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
-	sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
-	sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
-}
-
-PACKAGES += "dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
-
-FILES_${PN} = ""
-RDEPENDS_${PN}-dev = ""
-RDEPENDS_${PN}-staticdev = ""
-
-FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server"
-RRECOMMENDS_${PN}-server = "dhcp-server-config"
-
-FILES_${PN}-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhcp/dhcpd.conf"
-
-FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay"
-
-FILES_${PN}-client = "${base_sbindir}/dhclient ${base_sbindir}/dhclient-script ${sysconfdir}/dhcp/dhclient.conf"
-RDEPENDS_${PN}-client = "bash"
-
-FILES_${PN}-omshell = "${bindir}/omshell"
-
-pkg_postinst_dhcp-server() {
-    mkdir -p $D/${localstatedir}/lib/dhcp
-    touch $D/${localstatedir}/lib/dhcp/dhcpd.leases
-    touch $D/${localstatedir}/lib/dhcp/dhcpd6.leases
-}
-
-pkg_postinst_dhcp-client() {
-    mkdir -p $D/${localstatedir}/lib/dhcp
-}
-
-pkg_postrm_dhcp-server() {
-    rm -f $D/${localstatedir}/lib/dhcp/dhcpd.leases
-    rm -f $D/${localstatedir}/lib/dhcp/dhcpd6.leases
-
-    if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then
-        echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty."
-    fi
-}
-
-pkg_postrm_dhcp-client() {
-    rm -f $D/${localstatedir}/lib/dhcp/dhclient.leases
-    rm -f $D/${localstatedir}/lib/dhcp/dhclient6.leases
-
-    if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then
-        echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty."
-    fi
-}
diff --git a/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
deleted file mode 100644
index 12d3c9bdbd..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
-
-Upstream-Status: inappropriate <oe specific>
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- includes/site.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/includes/site.h b/includes/site.h
-index d87b309..17bc40d 100644
---- a/includes/site.h
-+++ b/includes/site.h
-@@ -139,7 +139,8 @@
- /* Define this if you want the dhcpd.conf file to go somewhere other than
-    the default location.   By default, it goes in /etc/dhcpd.conf. */
- 
--/* #define _PATH_DHCPD_CONF	"/etc/dhcpd.conf" */
-+#define _PATH_DHCPD_CONF	"/etc/dhcp/dhcpd.conf"
-+#define _PATH_DHCLIENT_CONF	"/etc/dhcp/dhclient.conf"
- 
- /* Network API definitions.   You do not need to choose one of these - if
-    you don't choose, one will be chosen for you in your system's config
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch b/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
deleted file mode 100644
index 47ea5554b8..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-dhcp-client: fix invoke dhclient-script failed on Read-only file system
-
-In read-only file system, '/etc' is on the readonly partition,
-and '/etc/resolv.conf' is symlinked to a separate writable
-partition.
-
-In this situation, we should use shell variable to instead of
-temp files '/etc/resolv.conf.dhclient' and '/etc/resolv.conf.dhclient6'.
-
-Upstream-Status: Pending
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/scripts/linux | 20 +++++++++-----------
- 1 file changed, 9 insertions(+), 11 deletions(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -27,27 +27,25 @@ ip=/sbin/ip
- 
- make_resolv_conf() {
-   if [ x"$new_domain_name_servers" != x ]; then
--    cat /dev/null > /etc/resolv.conf.dhclient
--    chmod 644 /etc/resolv.conf.dhclient
-+    resolv_conf=""
-     if [ x"$new_domain_search" != x ]; then
--      echo search $new_domain_search >> /etc/resolv.conf.dhclient
-+      resolv_conf="search ${new_domain_search}\n"
-     elif [ x"$new_domain_name" != x ]; then
-       # Note that the DHCP 'Domain Name Option' is really just a domain
-       # name, and that this practice of using the domain name option as
-       # a search path is both nonstandard and deprecated.
--      echo search $new_domain_name >> /etc/resolv.conf.dhclient
-+      resolv_conf="search ${new_domain_name}\n"
-     fi
-     for nameserver in $new_domain_name_servers; do
--      echo nameserver $nameserver >>/etc/resolv.conf.dhclient
-+      resolv_conf="${resolv_conf}nameserver ${nameserver}\n"
-     done
- 
--    mv /etc/resolv.conf.dhclient /etc/resolv.conf
-+    echo -e "${resolv_conf}" > /etc/resolv.conf
-   elif [ "x${new_dhcp6_name_servers}" != x ] ; then
--    cat /dev/null > /etc/resolv.conf.dhclient6
--    chmod 644 /etc/resolv.conf.dhclient6
-+    resolv_conf=""
- 
-     if [ "x${new_dhcp6_domain_search}" != x ] ; then
--      echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6
-+      resolv_conf="search ${new_dhcp6_domain_search}\n"
-     fi
-     shopt -s nocasematch 
-     for nameserver in ${new_dhcp6_name_servers} ; do
-@@ -59,11 +57,11 @@ make_resolv_conf() {
-       else
- 	zone_id=
-       fi
--      echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6
-+      resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n"
-     done
-     shopt -u nocasematch 
- 
--    mv /etc/resolv.conf.dhclient6 /etc/resolv.conf
-+    echo -e "${resolv_conf}" > /etc/resolv.conf
-   fi
- }
- 
--- 
-1.8.1.2
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch b/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch
deleted file mode 100644
index b4a666d106..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Upstream-Status: Inappropriate [distribution]
-
---- client/scripts/bsdos
-+++ client/scripts/bsdos
-@@ -47,6 +47,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/freebsd
-+++ client/scripts/freebsd
-@@ -57,6 +57,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/linux
-+++ client/scripts/linux
-@@ -69,6 +69,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/netbsd
-+++ client/scripts/netbsd
-@@ -47,6 +47,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/openbsd
-+++ client/scripts/openbsd
-@@ -47,6 +47,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/solaris
-+++ client/scripts/solaris
-@@ -47,6 +47,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
diff --git a/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch b/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch
deleted file mode 100644
index a291fdaf52..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/fix-external-bind.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-Upstream-Status: Pending
-
-11/30/2010
---with-libbind=PATH is available but not used by Makefile,
-this patch is to allow building with external bind
-
-Signed-off-by: Qing He <qing.he@intel.com>
-
-Index: dhcp-4.3.0/Makefile.am
-===================================================================
---- dhcp-4.3.0.orig/Makefile.am
-+++ dhcp-4.3.0/Makefile.am
-@@ -25,7 +25,7 @@ EXTRA_DIST = RELNOTES LICENSE \
- 	     bind/Makefile bind/bind.tar.gz bind/version.tmp \
- 	     common/tests/Atffile server/tests/Atffile
- 
--SUBDIRS = bind includes tests common dst omapip client dhcpctl relay server
-+SUBDIRS = includes tests common dst omapip client dhcpctl relay server
- 
- nobase_include_HEADERS = dhcpctl/dhcpctl.h
- 
-Index: dhcp-4.3.0/client/Makefile.am
-===================================================================
---- dhcp-4.3.0.orig/client/Makefile.am
-+++ dhcp-4.3.0/client/Makefile.am
-@@ -4,8 +4,8 @@ dhclient_SOURCES = clparse.c dhclient.c
- 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
- 		   scripts/netbsd scripts/nextstep scripts/openbsd \
- 		   scripts/solaris scripts/openwrt
--dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a ../bind/lib/libirs.a \
--		 ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+dhclient_LDADD = ../common/libdhcp.a ../omapip/libomapi.a $(libbind)/libirs.a \
-+		 $(libbind)/libdns.a $(libbind)/libisccfg.a $(libbind)/libisc.a
- man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
- EXTRA_DIST = $(man_MANS)
- 
-Index: dhcp-4.3.0/configure.ac
-===================================================================
---- dhcp-4.3.0.orig/configure.ac
-+++ dhcp-4.3.0/configure.ac
-@@ -566,6 +566,7 @@ no)
- 	libbind="$use_libbind"
- 	;;
- esac
-+AC_SUBST([libbind])
- 
- # OpenLDAP support.
- AC_ARG_WITH(ldap,
-Index: dhcp-4.3.0/dhcpctl/Makefile.am
-===================================================================
---- dhcp-4.3.0.orig/dhcpctl/Makefile.am
-+++ dhcp-4.3.0/dhcpctl/Makefile.am
-@@ -6,12 +6,12 @@ EXTRA_DIST = $(man_MANS)
- 
- omshell_SOURCES = omshell.c
- omshell_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
--	        ../bind/lib/libirs.a ../bind/lib/libdns.a \
--	        ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+	        $(libbind)/libirs.a $(libbind)/libdns.a \
-+	        $(libbind)/libisccfg.a $(libbind)/libisc.a
- 
- libdhcpctl_a_SOURCES = dhcpctl.c callback.c remote.c
- 
- cltest_SOURCES = cltest.c
- cltest_LDADD = libdhcpctl.a ../common/libdhcp.a ../omapip/libomapi.a \
--	       ../bind/lib/libirs.a ../bind/lib/libdns.a \
--               ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+	       $(libbind)/libirs.a $(libbind)/libdns.a \
-+               $(libbind)/libisccfg.a $(libbind)/libisc.a
-Index: dhcp-4.3.0/omapip/Makefile.am
-===================================================================
---- dhcp-4.3.0.orig/omapip/Makefile.am
-+++ dhcp-4.3.0/omapip/Makefile.am
-@@ -10,6 +10,6 @@ man_MANS = omapi.3
- EXTRA_DIST = $(man_MANS)
- 
- svtest_SOURCES = test.c
--svtest_LDADD = libomapi.a ../bind/lib/libirs.a ../bind/lib/libdns.a \
--		../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+svtest_LDADD = libomapi.a $(libbind)/libirs.a $(libbind)/libdns.a \
-+		$(libbind)/libisccfg.a $(libbind)/libisc.a
- 
-Index: dhcp-4.3.0/relay/Makefile.am
-===================================================================
---- dhcp-4.3.0.orig/relay/Makefile.am
-+++ dhcp-4.3.0/relay/Makefile.am
-@@ -3,8 +3,8 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
- sbin_PROGRAMS = dhcrelay
- dhcrelay_SOURCES = dhcrelay.c
- dhcrelay_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--		 ../bind/lib/libirs.a ../bind/lib/libdns.a \
--		 ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+		 $(libbind)/libirs.a $(libbind)/libdns.a \
-+		 $(libbind)/libisccfg.a $(libbind)/libisc.a
- man_MANS = dhcrelay.8
- EXTRA_DIST = $(man_MANS)
- 
-Index: dhcp-4.3.0/server/Makefile.am
-===================================================================
---- dhcp-4.3.0.orig/server/Makefile.am
-+++ dhcp-4.3.0/server/Makefile.am
-@@ -14,8 +14,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
- 
- dhcpd_CFLAGS = $(LDAP_CFLAGS)
- dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--	      ../dhcpctl/libdhcpctl.a ../bind/lib/libirs.a \
--	      ../bind/lib/libdns.a ../bind/lib/libisccfg.a ../bind/lib/libisc.a
-+	      ../dhcpctl/libdhcpctl.a $(libbind)/libirs.a \
-+	      $(libbind)/libdns.a $(libbind)/libisccfg.a $(libbind)/libisc.a
- 
- man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
- EXTRA_DIST = $(man_MANS)
diff --git a/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch b/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
deleted file mode 100644
index 14e75a37ea..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-Fix out of tree builds
-
-Upstream-Status: Pending
-
-RP 2013/03/21
-
-Rebase to 4.3.1
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/Makefile.am  | 6 ++++--
- common/Makefile.am  | 2 +-
- dhcpctl/Makefile.am | 2 ++
- dst/Makefile.am     | 2 +-
- omapip/Makefile.am  | 2 ++
- relay/Makefile.am   | 2 +-
- server/Makefile.am  | 2 +-
- 7 files changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/client/Makefile.am b/client/Makefile.am
-index 8411960..1740f72 100644
---- a/client/Makefile.am
-+++ b/client/Makefile.am
-@@ -4,6 +4,8 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
- 
-+AM_CPPFLAGS = -I$(top_srcdir)/includes
-+
- dist_sysconf_DATA = dhclient.conf.example
- sbin_PROGRAMS = dhclient
- dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
-@@ -17,8 +19,8 @@ EXTRA_DIST = $(man_MANS)
- 
- dhclient.o: dhclient.c
- 	$(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
--		   -DLOCALSTATEDIR='"$(localstatedir)"' -c dhclient.c
-+		   -DLOCALSTATEDIR='"$(localstatedir)"' -c $(srcdir)/dhclient.c
- 
- dhc6.o: dhc6.c
- 	$(COMPILE) -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
--		   -DLOCALSTATEDIR='"$(localstatedir)"' -c dhc6.c
-+		   -DLOCALSTATEDIR='"$(localstatedir)"' -c $(srcdir)/dhc6.c
-diff --git a/common/Makefile.am b/common/Makefile.am
-index eddef05..5ce045f 100644
---- a/common/Makefile.am
-+++ b/common/Makefile.am
-@@ -1,4 +1,4 @@
--AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
- AM_CFLAGS = $(LDAP_CFLAGS)
- 
- noinst_LIBRARIES = libdhcp.a
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index 2987a53..cd72d75 100644
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
-@@ -1,3 +1,5 @@
-+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
-+
- bin_PROGRAMS = omshell
- lib_LIBRARIES = libdhcpctl.a
- noinst_PROGRAMS = cltest
-diff --git a/dst/Makefile.am b/dst/Makefile.am
-index 8937fe8..a14798b 100644
---- a/dst/Makefile.am
-+++ b/dst/Makefile.am
-@@ -1,4 +1,4 @@
--AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
-+AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5 -I$(top_srcdir)/includes
- 
- lib_LIBRARIES = libdst.a
- 
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index 5074479..9c0fab3 100644
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
-@@ -1,3 +1,5 @@
-+AM_CPPFLAGS = -I$(top_srcdir)/includes
-+
- lib_LIBRARIES = libomapi.a
- noinst_PROGRAMS = svtest
- 
-diff --git a/relay/Makefile.am b/relay/Makefile.am
-index ec72a31..f842071 100644
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
-@@ -1,4 +1,4 @@
--AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
- sbin_PROGRAMS = dhcrelay
- dhcrelay_SOURCES = dhcrelay.c
-diff --git a/server/Makefile.am b/server/Makefile.am
-index a446f0b..d0b873a 100644
---- a/server/Makefile.am
-+++ b/server/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
- 
--AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
- dist_sysconf_DATA = dhcpd.conf.example
- sbin_PROGRAMS = dhcpd
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch b/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
deleted file mode 100644
index 57e10b0297..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Author: Andrei Gherzan <andrei@gherzan.ro>
-Date:   Thu Feb 2 23:59:11 2012 +0200
-
-From 4.2.0 final release, -lcrypto check was removed and we compile static libraries
-from bind that are linked to libcrypto. This is why i added a patch in order to add
--lcrypto to LIBS.
-
-Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
-Upstream-Status: Pending
-
-Index: dhcp-4.2.3-P2-r0/dhcp-4.2.3-P2/configure.ac
-===================================================================
---- dhcp-4.2.3-P2.orig/configure.ac	2012-02-02 18:04:20.843023196 +0200
-+++ dhcp-4.2.3-P2/configure.ac	2012-02-02 17:58:16.000000000 +0200
-@@ -456,6 +456,10 @@
- # Look for optional headers.
- AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
- 
-+# find an MD5 library
-+AC_SEARCH_LIBS(MD5_Init, [crypto])
-+AC_SEARCH_LIBS(MD5Init, [crypto])
-+
- # Solaris needs some libraries for functions
- AC_SEARCH_LIBS(socket, [socket])
- AC_SEARCH_LIBS(inet_ntoa, [nsl])
diff --git a/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch b/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
deleted file mode 100644
index 61dd6a7186..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-Found this patch here:
-https://lists.isc.org/pipermail/dhcp-users/2011-January/012910.html
-
-and made some adjustments/updates to make it work with this version.
-Wasn't able to find that why this patch was not accepted by ISC DHCP developers.
-
-Upstream-Status: Pending
-
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
---- dhcp-4.2.5-P1/client/scripts/linux.orig	2013-09-04 12:22:55.000000000 +0500
-+++ dhcp-4.2.5-P1/client/scripts/linux	2013-09-04 12:52:19.068761518 +0500
-@@ -103,17 +103,11 @@
- if [ x$old_broadcast_address != x ]; then
-   old_broadcast_arg="broadcast $old_broadcast_address"
- fi
--if [ x$new_subnet_mask != x ]; then
--  new_subnet_arg="netmask $new_subnet_mask"
--fi
--if [ x$old_subnet_mask != x ]; then
--  old_subnet_arg="netmask $old_subnet_mask"
--fi
--if [ x$alias_subnet_mask != x ]; then
--  alias_subnet_arg="netmask $alias_subnet_mask"
-+if [ -n "$new_subnet_mask" ]; then
-+    new_mask="/$new_subnet_mask"
- fi
--if [ x$new_interface_mtu != x ]; then
--  mtu_arg="mtu $new_interface_mtu"
-+if [ -n "$alias_subnet_mask" ]; then
-+    alias_mask="/$alias_subnet_mask"
- fi
- if [ x$IF_METRIC != x ]; then
-   metric_arg="metric $IF_METRIC"
-@@ -127,9 +121,9 @@
- if [ x$reason = xPREINIT ]; then
-   if [ x$alias_ip_address != x ]; then
-     # Bring down alias interface. Its routes will disappear too.
--    ifconfig $interface:0- inet 0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-   fi
--  ifconfig $interface 0 up
-+  ${ip} link set dev ${interface} up
- 
-   # We need to give the kernel some time to get the interface up.
-   sleep 1
-@@ -156,25 +150,30 @@
-   if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
- 		[ x$alias_ip_address != x$old_ip_address ]; then
-     # Possible new alias. Remove old alias.
--    ifconfig $interface:0- inet 0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-   fi
-   if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then
-     # IP address changed. Bringing down the interface will delete all routes,
-     # and clear the ARP cache.
--    ifconfig $interface inet 0 down
-+    ${ip} -4 addr flush dev ${interface} label ${interface}
- 
-   fi
-   if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \
-      [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then
- 
--    ifconfig $interface inet $new_ip_address $new_subnet_arg \
--					$new_broadcast_arg $mtu_arg
-+    ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \
-+                dev ${interface} label ${interface}
-+    if [ -n "$new_interface_mtu" ]; then
-+      # set MTU
-+      ${ip} link set dev ${interface} mtu ${new_interface_mtu}
-+    fi
-     # Add a network route to the computed network address.
-     for router in $new_routers; do
-       if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
--	route add -host $router dev $interface
-+        ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
-       fi
--      route add default gw $router $metric_arg dev $interface
-+      ${ip} -4 route add default via ${router} dev ${interface} \
-+        ${metric_arg} >/dev/null 2>&1
-     done
-   else
-     # we haven't changed the address, have we changed other options           
-@@ -182,21 +181,23 @@
-     if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ] ; then
-       # if we've changed routers delete the old and add the new.
-       for router in $old_routers; do
--        route del default gw $router
-+        ${ip} -4 route delete default via ${router}
-       done
-       for router in $new_routers; do
-         if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
--	  route add -host $router dev $interface
--	fi
--	route add default gw $router $metric_arg dev $interface
-+	      ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
-+	    fi
-+        ${ip} -4 route add default via ${router} dev ${interface} \
-+          ${metric_arg} >/dev/null 2>&1
-       done
-     fi
-   fi
-   if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ];
-    then
--    ifconfig $interface:0- inet 0
--    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--    route add -host $alias_ip_address $interface:0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-+    ${ip} -4 addr add ${alias_ip_address}${alias_mask} \
-+        dev ${interface} label ${interface}:0
-+    ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
-   fi
-   make_resolv_conf
-   exit_with_hooks 0
-@@ -206,42 +207,49 @@
-    || [ x$reason = xSTOP ]; then
-   if [ x$alias_ip_address != x ]; then
-     # Turn off alias interface.
--    ifconfig $interface:0- inet 0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-   fi
-   if [ x$old_ip_address != x ]; then
-     # Shut down interface, which will delete routes and clear arp cache.
--    ifconfig $interface inet 0 down
-+    ${ip} -4 addr flush dev ${interface} label ${interface}
-   fi
-   if [ x$alias_ip_address != x ]; then
--    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--    route add -host $alias_ip_address $interface:0
-+    ${ip} -4 addr add ${alias_ip_address}${alias_network_arg} \
-+        dev ${interface} label ${interface}:0
-+    ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
-   fi
-   exit_with_hooks 0
- fi
- 
- if [ x$reason = xTIMEOUT ]; then
-   if [ x$alias_ip_address != x ]; then
--    ifconfig $interface:0- inet 0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-+  fi
-+  ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \
-+            dev ${interface} label ${interface}
-+  if [ -n "$new_interface_mtu" ]; then
-+    # set MTU
-+    ip link set dev ${interface} mtu ${new_interface_mtu}
-   fi
--  ifconfig $interface inet $new_ip_address $new_subnet_arg \
--					$new_broadcast_arg $mtu_arg
-   set $new_routers
-   if ping -q -c 1 $1; then
-     if [ x$new_ip_address != x$alias_ip_address ] && \
- 			[ x$alias_ip_address != x ]; then
--      ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--      route add -host $alias_ip_address dev $interface:0
-+      ${ip} -4 addr add ${alias_ip_address}${alias_mask} \
-+            dev ${interface} label ${interface}:0
-+      ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
-     fi
-     for router in $new_routers; do
-       if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
--	route add -host $router dev $interface
-+	    ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
-       fi
--      route add default gw $router $metric_arg dev $interface
-+      ${ip} -4 route add default via ${router} dev ${interface} \
-+        ${metric_arg} >/dev/null 2>&1
-     done
-     make_resolv_conf
-     exit_with_hooks 0
-   fi
--  ifconfig $interface inet 0 down
-+  ${ip} -4 addr flush dev ${interface}
-   exit_with_hooks 1
- fi
- 
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb
deleted file mode 100644
index b4a05fcd9d..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require dhcp.inc
-
-SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
-            file://fix-external-bind.patch \
-            file://link-with-lcrypto.patch \
-            file://fixsepbuild.patch \
-            file://dhclient-script-drop-resolv.conf.dhclient.patch \
-            file://replace-ifconfig-route.patch \
-           "
-
-SRC_URI[md5sum] = "5a284875dd2c12ddd388416d69156a67"
-SRC_URI[sha256sum] = "6246c9b358759f6cdcc45104caaf76e732a211dbbbbf64a21f499c8db1298165"
diff --git a/meta/recipes-connectivity/dhcp/files/default-relay b/meta/recipes-connectivity/dhcp/files/default-relay
deleted file mode 100644
index 7961f014be..0000000000
--- a/meta/recipes-connectivity/dhcp/files/default-relay
+++ /dev/null
@@ -1,12 +0,0 @@
-# Defaults for dhcp-relay initscript
-# sourced by /etc/init.d/dhcp-relay
-
-# What servers should the DHCP relay forward requests to?
-# e.g: SERVERS="192.168.0.1"
-SERVERS=""
-
-# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests?
-INTERFACES=""
-
-# Additional options that are passed to the DHCP relay daemon?
-OPTIONS=""
diff --git a/meta/recipes-connectivity/dhcp/files/default-server b/meta/recipes-connectivity/dhcp/files/default-server
deleted file mode 100644
index 0385d16992..0000000000
--- a/meta/recipes-connectivity/dhcp/files/default-server
+++ /dev/null
@@ -1,7 +0,0 @@
-# Defaults for dhcp initscript
-# sourced by /etc/init.d/dhcp-server
-# installed at /etc/default/dhcp-server by the maintainer scripts
-
-# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
-#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
-INTERFACES=""
diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.conf b/meta/recipes-connectivity/dhcp/files/dhclient.conf
deleted file mode 100644
index 0e6dcf96c2..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhclient.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-# Configuration file for /sbin/dhclient, which is included in Debian's
-#	dhcp3-client package.
-#
-# This is a sample configuration file for dhclient. See dhclient.conf's
-#	man page for more information about the syntax of this file
-#	and a more comprehensive list of the parameters understood by
-#	dhclient.
-#
-# Normally, if the DHCP server provides reasonable information and does
-#	not leave anything out (like the domain name, for example), then
-#	few changes must be made to this file, if any.
-#
-
-#send host-name "andare.fugue.com";
-#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
-#send dhcp-lease-time 3600;
-#supersede domain-name "fugue.com home.vix.com";
-#prepend domain-name-servers 127.0.0.1;
-request subnet-mask, broadcast-address, time-offset, routers,
-	domain-name, domain-name-servers, host-name,
-	netbios-name-servers, netbios-scope;
-#require subnet-mask, domain-name-servers;
-#timeout 60;
-#retry 60;
-#reboot 10;
-#select-timeout 5;
-#initial-interval 2;
-#script "/etc/dhcp3/dhclient-script";
-#media "-link0 -link1 -link2", "link0 link1";
-#reject 192.33.137.209;
-
-#alias {
-#  interface "eth0";
-#  fixed-address 192.5.5.213;
-#  option subnet-mask 255.255.255.255;
-#}
-
-#lease {
-#  interface "eth0";
-#  fixed-address 192.33.137.200;
-#  medium "link0 link1";
-#  option host-name "andare.swiftmedia.com";
-#  option subnet-mask 255.255.255.0;
-#  option broadcast-address 192.33.137.255;
-#  option routers 192.33.137.250;
-#  option domain-name-servers 127.0.0.1;
-#  renew 2 2000/1/12 00:00:01;
-#  rebind 2 2000/1/12 00:00:01;
-#  expire 2 2000/1/12 00:00:01;
-#}
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.conf b/meta/recipes-connectivity/dhcp/files/dhcpd.conf
deleted file mode 100644
index 0001c0f00e..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhcpd.conf
+++ /dev/null
@@ -1,108 +0,0 @@
-#
-# Sample configuration file for ISC dhcpd for Debian
-#
-# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
-#
-
-# The ddns-updates-style parameter controls whether or not the server will
-# attempt to do a DNS update when a lease is confirmed. We default to the
-# behavior of the version 2 packages ('none', since DHCP v2 didn't
-# have support for DDNS.)
-ddns-update-style none;
-
-# option definitions common to all supported networks...
-option domain-name "example.org";
-option domain-name-servers ns1.example.org, ns2.example.org;
-
-default-lease-time 600;
-max-lease-time 7200;
-
-# If this DHCP server is the official DHCP server for the local
-# network, the authoritative directive should be uncommented.
-#authoritative;
-
-# Use this to send dhcp log messages to a different log file (you also
-# have to hack syslog.conf to complete the redirection).
-log-facility local7;
-
-# No service will be given on this subnet, but declaring it helps the 
-# DHCP server to understand the network topology.
-
-#subnet 10.152.187.0 netmask 255.255.255.0 {
-#}
-
-# This is a very basic subnet declaration.
-
-#subnet 10.254.239.0 netmask 255.255.255.224 {
-#  range 10.254.239.10 10.254.239.20;
-#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
-#}
-
-# This declaration allows BOOTP clients to get dynamic addresses,
-# which we don't really recommend.
-
-#subnet 10.254.239.32 netmask 255.255.255.224 {
-#  range dynamic-bootp 10.254.239.40 10.254.239.60;
-#  option broadcast-address 10.254.239.31;
-#  option routers rtr-239-32-1.example.org;
-#}
-
-# A slightly different configuration for an internal subnet.
-#subnet 10.5.5.0 netmask 255.255.255.224 {
-#  range 10.5.5.26 10.5.5.30;
-#  option domain-name-servers ns1.internal.example.org;
-#  option domain-name "internal.example.org";
-#  option routers 10.5.5.1;
-#  option broadcast-address 10.5.5.31;
-#  default-lease-time 600;
-#  max-lease-time 7200;
-#}
-
-# Hosts which require special configuration options can be listed in
-# host statements.   If no address is specified, the address will be
-# allocated dynamically (if possible), but the host-specific information
-# will still come from the host declaration.
-
-#host passacaglia {
-#  hardware ethernet 0:0:c0:5d:bd:95;
-#  filename "vmunix.passacaglia";
-#  server-name "toccata.fugue.com";
-#}
-
-# Fixed IP addresses can also be specified for hosts.   These addresses
-# should not also be listed as being available for dynamic assignment.
-# Hosts for which fixed IP addresses have been specified can boot using
-# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
-# be booted with DHCP, unless there is an address range on the subnet
-# to which a BOOTP client is connected which has the dynamic-bootp flag
-# set.
-#host fantasia {
-#  hardware ethernet 08:00:07:26:c0:a5;
-#  fixed-address fantasia.fugue.com;
-#}
-
-# You can declare a class of clients and then do address allocation
-# based on that.   The example below shows a case where all clients
-# in a certain class get addresses on the 10.17.224/24 subnet, and all
-# other clients get addresses on the 10.0.29/24 subnet.
-
-#class "foo" {
-#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
-#}
-
-#shared-network 224-29 {
-#  subnet 10.17.224.0 netmask 255.255.255.0 {
-#    option routers rtr-224.example.org;
-#  }
-#  subnet 10.0.29.0 netmask 255.255.255.0 {
-#    option routers rtr-29.example.org;
-#  }
-#  pool {
-#    allow members of "foo";
-#    range 10.17.224.10 10.17.224.250;
-#  }
-#  pool {
-#    deny members of "foo";
-#    range 10.0.29.10 10.0.29.230;
-#  }
-#}
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.service b/meta/recipes-connectivity/dhcp/files/dhcpd.service
deleted file mode 100644
index ae4f93eca5..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhcpd.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=DHCPv4 Server Daemon
-Documentation=man:dhcpd(8) man:dhcpd.conf(5)
-After=network.target
-After=time-sync.target
-
-[Service]
-PIDFile=@localstatedir@/run/dhcpd.pid
-EnvironmentFile=@SYSCONFDIR@/default/dhcp-server
-EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcp-server
-ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd.leases
-ExecStart=@SBINDIR@/dhcpd -f -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd.pid $DHCPDARGS -q $INTERFACES
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd6.service b/meta/recipes-connectivity/dhcp/files/dhcpd6.service
deleted file mode 100644
index ca96abb838..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhcpd6.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=DHCPv6 Server Daemon
-Documentation=man:dhcpd(8) man:dhcpd.conf(5)
-After=network.target
-After=time-sync.target
-
-[Service]
-PIDFile=@localstatedir@/run/dhcpd6.pid
-EnvironmentFile=@SYSCONFDIR@/default/dhcp-server
-EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcpd6
-ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd6.leases
-ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/dhcrelay.service b/meta/recipes-connectivity/dhcp/files/dhcrelay.service
deleted file mode 100644
index a2d818917d..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhcrelay.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=DHCP Relay Agent Daemon
-After=network.target
-
-[Service]
-ExecStart=@SBINDIR@/dhcrelay -d --no-pid
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/init-relay b/meta/recipes-connectivity/dhcp/files/init-relay
deleted file mode 100644
index 019a7e84cf..0000000000
--- a/meta/recipes-connectivity/dhcp/files/init-relay
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-#
-# $Id: dhcp3-relay,v 1.1 2004/04/16 15:41:08 ml Exp $
-#
-
-# It is not safe to start if we don't have a default configuration...
-if [ ! -f /etc/default/dhcp-relay ]; then
-	echo "/etc/default/dhcp-relay does not exist! - Aborting..."
-	echo "create this file to fix the problem."
-	exit 1
-fi
-
-# Read init script configuration (interfaces the daemon should listen on
-# and the DHCP server we should forward requests to.)
-. /etc/default/dhcp-relay
-
-# Build command line for interfaces (will be passed to dhrelay below.)
-IFCMD=""
-if test "$INTERFACES" != ""; then
-	for I in $INTERFACES; do
-		IFCMD=${IFCMD}"-i "${I}" "
-	done
-fi
-
-DHCRELAYPID=/var/run/dhcrelay.pid
-
-case "$1" in
-	start)
-		start-stop-daemon -S -x /usr/sbin/dhcrelay -- -q $OPTIONS $IFCMD $SERVERS
-		;;
-	stop)
-		start-stop-daemon -K -x /usr/sbin/dhcrelay
-		;;
-	restart | force-reload)
-		$0 stop
-		sleep 2
-		$0 start
-		;;
-	*)
-		echo "Usage: /etc/init.d/dhcp-relay {start|stop|restart|force-reload}"
-		exit 1 
-esac
-
-exit 0
diff --git a/meta/recipes-connectivity/dhcp/files/init-server b/meta/recipes-connectivity/dhcp/files/init-server
deleted file mode 100644
index 34c20852b9..0000000000
--- a/meta/recipes-connectivity/dhcp/files/init-server
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-#
-# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $
-#
-
-test -f /usr/sbin/dhcpd || exit 0
-
-# It is not safe to start if we don't have a default configuration...
-if [ ! -f /etc/default/dhcp-server ]; then
-	echo "/etc/default/dhcp-server does not exist! - Aborting..."
-	exit 0
-fi
-
-# Read init script configuration (so far only interfaces the daemon
-# should listen on.)
-. /etc/default/dhcp-server
-
-case "$1" in
-	start)
-		echo -n "Starting DHCP server: "
-		test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/
-		test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases	
-		start-stop-daemon -S -x /usr/sbin/dhcpd -- -q $INTERFACES
-		echo "."
-		;;
-	stop)
-		echo -n "Stopping DHCP server: dhcpd3"
-		start-stop-daemon -K -x /usr/sbin/dhcpd
-		echo "."
-		;;
-	restart | force-reload)
-		$0 stop
-		sleep 2
-		$0 start
-		if [ "$?" != "0" ]; then
-			exit 1
-		fi
-		;;
-	*)
-		echo "Usage: /etc/init.d/dhcp-server {start|stop|restart|force-reload}"
-		exit 1 
-esac
-
-exit 0
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.2.0.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.2.0.bb
new file mode 100644
index 0000000000..13467189b4
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.2.0.bb
@@ -0,0 +1,56 @@
+SECTION = "console/network"
+SUMMARY = "dhcpcd - a DHCP client"
+DESCRIPTION = "dhcpcd runs on your machine and silently configures your \
+               computer to work on the attached networks without trouble \
+               and mostly without configuration."
+
+HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/"
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9674cc803c5d71306941e6e8b5c002f2"
+
+UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/"
+
+SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
+           file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
+           file://dhcpcd.service \
+           file://dhcpcd@.service \
+           "
+
+SRC_URI[sha256sum] = "fcb2d19672d445bbfd38678fdee4f556ef967a3ea6bd81092d10545df2cb9666"
+
+inherit pkgconfig autotools-brokensep systemd useradd
+
+SYSTEMD_SERVICE_${PN} = "dhcpcd.service"
+
+PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
+
+PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6"
+# ntp conflicts with chrony
+PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp"
+PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony"
+PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt"
+
+EXTRA_OECONF = "--enable-ipv4 \
+                --dbdir=${localstatedir}/lib/${BPN} \
+                --runstatedir=/run \
+                --enable-privsep \
+                --privsepuser=dhcpcd \
+                --with-hooks \
+                --with-eghooks \
+               "
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system -d ${localstatedir}/lib/${BPN} -M -s /bin/false -U dhcpcd"
+
+do_install_append () {
+    # install systemd unit files
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_unitdir}/system
+
+    chmod 700 ${D}${localstatedir}/lib/${BPN}
+    chown dhcpcd:dhcpcd ${D}${localstatedir}/lib/${BPN}
+}
+
+FILES_${PN}-dbg += "${libdir}/dhcpcd/dev/.debug"
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
new file mode 100644
index 0000000000..37d2344438
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
@@ -0,0 +1,45 @@
+From aa9e3982c1e75ad49945a62f5e262279c7a905a4 Mon Sep 17 00:00:00 2001
+From: Stefano Cappa <stefano.cappa.ks89@gmail.com>
+Date: Sun, 13 Jan 2019 01:50:52 +0100
+Subject: [PATCH] remove INCLUDEDIR to prevent build issues
+
+Upstream-Status: Pending
+
+Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com>
+---
+ configure | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/configure b/configure
+index 6c81e0db..32dea2b4 100755
+--- a/configure
++++ b/configure
+@@ -20,7 +20,6 @@ BUILD=
+ HOST=
+ HOSTCC=
+ TARGET=
+-INCLUDEDIR=
+ DEBUG=
+ FORK=
+ STATIC=
+@@ -72,7 +71,6 @@ for x do
+ 	--mandir) MANDIR=$var;;
+ 	--datadir) DATADIR=$var;;
+ 	--with-ccopts|CFLAGS) CFLAGS=$var;;
+-	-I|--includedir) INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }-I$var";;
+ 	CC) CC=$var;;
+ 	CPPFLAGS) CPPFLAGS=$var;;
+ 	PKG_CONFIG) PKG_CONFIG=$var;;
+@@ -309,9 +307,6 @@ if [ -n "$CPPFLAGS" ]; then
+ 	echo "CPPFLAGS=" >>$CONFIG_MK
+ 	echo "CPPFLAGS+=	$CPPFLAGS" >>$CONFIG_MK
+ fi
+-if [ -n "$INCLUDEDIR" ]; then
+-	echo "CPPFLAGS+=	$INCLUDEDIR" >>$CONFIG_MK
+-fi
+ if [ -n "$LDFLAGS" ]; then
+ 	echo "LDFLAGS=" >>$CONFIG_MK
+ 	echo "LDFLAGS+=	$LDFLAGS" >>$CONFIG_MK
+-- 
+2.17.2 (Apple Git-113)
+
diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service
new file mode 100644
index 0000000000..bbed6d85c4
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support
+Wants=network.target
+Before=network.target
+Conflicts=connman.service
+
+[Service]
+ExecStart=/usr/sbin/dhcpcd -q --nobackground
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service
new file mode 100644
index 0000000000..389b076c38
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=dhcpcd on %I
+Wants=network.target
+Before=network.target
+BindsTo=sys-subsystem-net-devices-%i.device
+After=sys-subsystem-net-devices-%i.device
+Conflicts=connman.service
+
+[Service]
+Type=forking
+PIDFile=/run/dhcpcd/%I.pid
+ExecStart=/usr/sbin/dhcpcd -q %I
+ExecStop=/usr/sbin/dhcpcd -x %I
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch
new file mode 100644
index 0000000000..49d319f59d
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch
@@ -0,0 +1,58 @@
+From 7d39930468e272c740b0eed3c7e5b7fb3abf29e8 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 5 Aug 2020 10:36:22 -0700
+Subject: [PATCH] ftpd,telnetd: Fix multiple definitions of errcatch and not42
+
+This helps fix build failures when -fno-common option is used
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ ftpd/extern.h     | 2 +-
+ ftpd/ftpcmd.c     | 1 +
+ telnetd/utility.c | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/ftpd/extern.h b/ftpd/extern.h
+index ab33cf3..91dbbee 100644
+--- a/ftpd/extern.h
++++ b/ftpd/extern.h
+@@ -90,7 +90,7 @@ extern void user (const char *);
+ extern char *sgetsave (const char *);
+ 
+ /* Exported from ftpd.c.  */
+-jmp_buf errcatch;
++extern jmp_buf errcatch;
+ extern struct sockaddr_storage data_dest;
+ extern socklen_t data_dest_len;
+ extern struct sockaddr_storage his_addr;
+diff --git a/ftpd/ftpcmd.c b/ftpd/ftpcmd.c
+index beb1f06..d272e9d 100644
+--- a/ftpd/ftpcmd.c
++++ b/ftpd/ftpcmd.c
+@@ -106,6 +106,7 @@
+ #endif
+ 
+ off_t restart_point;
++jmp_buf errcatch;
+ 
+ static char cbuf[512];           /* Command Buffer.  */
+ static char *fromname;
+diff --git a/telnetd/utility.c b/telnetd/utility.c
+index e7ffb8e..46bf91e 100644
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -63,7 +63,7 @@ static int ncc;
+ static char ptyibuf[BUFSIZ], *ptyip;
+ static int pcc;
+ 
+-int not42;
++extern int not42;
+ 
+ static int
+ readstream (int p, char *ibuf, int bufsize)
+-- 
+2.28.0
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
new file mode 100644
index 0000000000..d4764f5867
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
@@ -0,0 +1,31 @@
+Upstream-Status: Pending
+
+Subject: rcp: fix to work with large files
+
+When we copy file by rcp command, if the file > 2GB, it will fail.
+The cause is that it used incorrect data type on file size in sink() of rcp.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/rcp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rcp.c b/src/rcp.c
+index 21f55b6..bafa35f 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -876,9 +876,9 @@ sink (int argc, char *argv[])
+   enum
+   { YES, NO, DISPLAYED } wrerr;
+   BUF *bp;
+-  off_t i, j;
++  off_t i, j, size;
+   int amt, count, exists, first, mask, mode, ofd, omode;
+-  int setimes, size, targisdir, wrerrno;
++  int setimes, targisdir, wrerrno;
+   char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ];
+   const char *why;
+ 
+-- 
+1.9.1
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
new file mode 100644
index 0000000000..a91913cb51
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
@@ -0,0 +1,25 @@
+tftpd: Fix abort on error path
+
+When trying to fetch a non existent file, the app crashes with:
+
+*** buffer overflow detected ***: 
+Aborted
+
+
+Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205]
+Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
+diff --git a/src/tftpd.c b/src/tftpd.c
+index 56002a0..144012f 100644
+--- a/src/tftpd.c
++++ b/src/tftpd.c
+@@ -864,9 +864,8 @@ nak (int error)
+       pe->e_msg = strerror (error - 100);
+       tp->th_code = EUNDEF;	/* set 'undef' errorcode */
+     }
+-  strcpy (tp->th_msg, pe->e_msg);
+   length = strlen (pe->e_msg);
+-  tp->th_msg[length] = '\0';
++  memcpy(tp->th_msg, pe->e_msg, length + 1);
+   length += 5;
+   if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length)
+     syslog (LOG_ERR, "nak: %m\n");
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
new file mode 100644
index 0000000000..24c134fcac
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
@@ -0,0 +1,83 @@
+Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ ping/ping_common.h | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/ping/ping_common.h b/ping/ping_common.h
+index 1dfd1b5..3bfbd12 100644
+--- a/ping/ping_common.h
++++ b/ping/ping_common.h
+@@ -17,10 +17,14 @@
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see `http://www.gnu.org/licenses/'. */
+ 
++#include <config.h>
++
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>
+ #include <netinet/ip.h>
++#ifdef HAVE_IPV6
+ #include <netinet/icmp6.h>
++#endif
+ #include <icmp.h>
+ #include <error.h>
+ #include <progname.h>
+@@ -62,7 +66,12 @@ struct ping_stat
+    want to follow the traditional behaviour of ping.  */
+ #define DEFAULT_PING_COUNT 0
+ 
++#ifdef HAVE_IPV6
+ #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
++#else
++#define PING_HEADER_LEN (ICMP_MINLEN)
++#endif
++
+ #define PING_TIMING(s)  ((s) >= sizeof (struct timeval))
+ #define PING_DATALEN    (64 - PING_HEADER_LEN)  /* default data length */
+ 
+@@ -74,13 +83,20 @@ struct ping_stat
+   (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\
+ } while (0)
+ 
++#ifdef HAVE_IPV6
+ /* FIXME: Adjust IPv6 case for options and their consumption.  */
+ #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
+ 				   (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
+ 
++#else
++#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
++#endif
++
++#ifdef HAVE_IPV6
+ typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
+ 			  struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
+ 			  int datalen);
++#endif
+ 
+ typedef int (*ping_efp) (int code,
+ 			 void *closure,
+@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code,
+ 			 struct ip * ip, icmphdr_t * icmp, int datalen);
+ 
+ union event {
++#ifdef HAVE_IPV6
+   ping_efp6 handler6;
++#endif
+   ping_efp handler;
+ };
+ 
+ union ping_address {
+   struct sockaddr_in ping_sockaddr;
++#ifdef HAVE_IPV6
+   struct sockaddr_in6 ping_sockaddr6;
++#endif
+ };
+ 
+ typedef struct ping_data PING;
+-- 
+2.8.3
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
new file mode 100644
index 0000000000..3da4e9f55a
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
@@ -0,0 +1,29 @@
+From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier at gentoo.org>
+Date: Thu, 18 Nov 2010 16:59:14 -0500
+Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__
+
+Upstream-Status: Pending
+
+Signed-off-by: Mike Frysinger <vapier at gentoo.org>
+---
+ lib/printf-parse.h |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/lib/printf-parse.h b/lib/printf-parse.h
+index 67a4a2a..3bd6152 100644
+--- a/lib/printf-parse.h
++++ b/lib/printf-parse.h
+@@ -25,6 +25,9 @@
+ 
+ #include "printf-args.h"
+ 
++#ifdef HAVE_FEATURES_H
++# include <features.h>	/* for __GLIBC__ */
++#endif
+ 
+ /* Flags */
+ #define FLAG_GROUP       1      /* ' flag */
+-- 
+1.7.3.2
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
new file mode 100644
index 0000000000..b13bb9229f
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
@@ -0,0 +1,14 @@
+Upstream-Status: Pending
+
+--- inetutils-1.8/lib/wchar.in.h
++++ inetutils-1.8/lib/wchar.in.h
+@@ -70,6 +70,9 @@
+ /* The include_next requires a split double-inclusion guard.  */
+ #if @HAVE_WCHAR_H@
+ # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
++#else
++# include <stddef.h>
++# define MB_CUR_MAX 1
+ #endif
+ 
+ #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
new file mode 100644
index 0000000000..2592989a90
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
@@ -0,0 +1,26 @@
+inetutils: define PATH_PROCNET_DEV if not already defined
+
+this prevents the following compilation error :
+system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
+
+this patch comes from :
+ http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
+
+Upstream-Status: Inappropriate [not author]
+
+Signed-of-by: Eric Bénard <eric@eukrea.com>
+---
+diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c
+--- inetutils-1.9.orig/ifconfig/system/linux.c	2012-01-04 16:31:36.000000000 -0500
++++ inetutils-1.9/ifconfig/system/linux.c	2012-01-04 16:40:53.000000000 -0500
+@@ -49,6 +49,10 @@
+ #include "../ifconfig.h"
+ 
+ 
++#ifndef PATH_PROCNET_DEV
++  #define PATH_PROCNET_DEV "/proc/net/dev"
++#endif
++
+ /* ARPHRD stuff.  */
+ 
+ static void
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
new file mode 100644
index 0000000000..ff3abd86aa
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
@@ -0,0 +1,40 @@
+Only check security/pam_appl.h which is provided by package libpam when pam is
+enabled.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+diff --git a/configure.ac b/configure.ac
+index b35e672..e78a751 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -195,6 +195,19 @@ fi
+ 
+ # See if we have libpam.a.  Investigate PAM versus Linux-PAM.
+ if test "$with_pam" = yes ; then
++  AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
++#include <sys/types.h>
++#ifdef HAVE_NETINET_IN_SYSTM_H
++# include <netinet/in_systm.h>
++#endif
++#include <netinet/in.h>
++#ifdef HAVE_NETINET_IP_H
++# include <netinet/ip.h>
++#endif
++#ifdef HAVE_SYS_PARAM_H
++# include <sys/param.h>
++#endif
++])
+   AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
+   AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
+   if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
+@@ -587,7 +600,7 @@ AC_HEADER_DIRENT
+ AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \
+ 		  glob.h memory.h netinet/ether.h netinet/in_systm.h \
+ 		  netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
+-		  security/pam_appl.h shadow.h \
++		  shadow.h \
+ 		  stdarg.h stdlib.h string.h stropts.h sys/tty.h \
+ 		  sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
+ 		  sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
new file mode 100644
index 0000000000..30e81ef450
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
@@ -0,0 +1,20 @@
+# default: off
+# description:
+# Rexecd is the server for the rexec program. The server provides remote 
+# execution facilities with authentication based on user names and 
+# passwords.
+#
+service exec
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rexecd
+	disable		= yes
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
new file mode 100644
index 0000000000..21b55da9a9
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
@@ -0,0 +1,23 @@
+# default: off
+# description:
+# Rlogind is a server for the rlogin program. The server provides remote 
+# execution with authentication based on privileged port numbers from trusted
+# host
+#
+service login
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rlogind -a
+	disable		= yes
+}
+							
+							
+							
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
new file mode 100644
index 0000000000..2b894a74bd
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
@@ -0,0 +1,21 @@
+# default: off
+# description:
+# The rshd server is a server for the rcmd(3) routine and, 
+# consequently, for the rsh(1) program. The server provides 
+# remote execution facilities with authentication based on 
+# privileged port numbers from trusted hosts.
+#
+service shell
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rshd -aL
+	disable		= yes
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
new file mode 100644
index 0000000000..2d9a0408c0
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
@@ -0,0 +1,13 @@
+# default: on
+# description: The telnet server serves telnet sessions; it uses \
+#       unencrypted username/password pairs for authentication.
+service telnet
+{
+	disable		= no
+	flags		= REUSE
+	socket_type	= stream
+	wait		= no
+	user		= root
+	server		= @SBINDIR@/in.telnetd
+	log_on_failure	+= USERID
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
new file mode 100644
index 0000000000..67b44c43e8
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
@@ -0,0 +1,19 @@
+# default: off
+# description:
+# Tftpd is a server which supports the Internet Trivial File Transfer
+# Pro-tocol (RFC 783). The TFTP server operates at the port indicated
+# in the tftp service description; see services(5).
+#
+service tftp
+{
+        disable         = yes
+        socket_type     = dgram
+        protocol        = udp
+        flags           = IPv6
+        wait            = yes
+        user            = root
+        group           = root
+        server          = @SBINDIR@/in.tftpd
+        server_args     = /tftpboot
+}
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/version.patch b/meta/recipes-connectivity/inetutils/inetutils/version.patch
new file mode 100644
index 0000000000..532a0e5c08
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/version.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Pending
+
+remove m4_esyscmd function
+
+Signed-off-by: Chunrong Guo <b40290@freescale.com>
+--- inetutils-1.9.1/configure.ac	2012-01-06 22:05:05.000000000 +0800
++++ inetutils-1.9.1/configure.ac	2012-11-12 14:01:11.732957019 +0800
+@@ -20,8 +20,7 @@
+ 
+ AC_PREREQ(2.59)
+ 
+-AC_INIT([GNU inetutils],
+- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']),
++AC_INIT([GNU inetutils],[1.9.4],
+  [bug-inetutils@gnu.org])
+ 
+ AC_CONFIG_SRCDIR([src/inetd.c])
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
new file mode 100644
index 0000000000..adf6d4414e
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -0,0 +1,215 @@
+DESCRIPTION = "The GNU inetutils are a collection of common \
+networking utilities and servers including ftp, ftpd, rcp, \
+rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \
+talkd, telnet, telnetd, tftp, tftpd, and uucpd."
+HOMEPAGE = "http://www.gnu.org/software/inetutils"
+SECTION = "net"
+DEPENDS = "ncurses netbase readline virtual/crypt"
+
+LICENSE = "GPLv3"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
+
+SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
+           file://version.patch \
+           file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
+           file://inetutils-1.8-0003-wchar.patch \
+           file://rexec.xinetd.inetutils  \
+           file://rlogin.xinetd.inetutils \
+           file://rsh.xinetd.inetutils \
+           file://telnet.xinetd.inetutils \
+           file://tftpd.xinetd.inetutils \
+           file://inetutils-1.9-PATH_PROCNET_DEV.patch \
+           file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+           file://0001-rcp-fix-to-work-with-large-files.patch \
+           file://fix-buffer-fortify-tfpt.patch \
+           file://0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch \
+"
+
+SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"
+SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616"
+
+inherit autotools gettext update-alternatives texinfo
+
+acpaths = "-I ./m4"
+
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
+
+PACKAGECONFIG ??= "ftp uucpd \
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
+                  "
+PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline"
+PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline"
+PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
+PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
+
+EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
+        inetutils_cv_path_login=${base_bindir}/login \
+        --with-libreadline-prefix=${STAGING_LIBDIR} \
+        --enable-rpath=no \
+"
+
+# These are horrible for security, disable them
+EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \
+        --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
+
+do_configure_prepend () {
+    export HELP2MAN='true'
+    cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
+    install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
+    install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
+    rm -f ${S}/glob/configure*
+}
+
+do_install_append () {
+    install -m 0755 -d ${D}${base_sbindir}
+    install -m 0755 -d ${D}${sbindir}
+    install -m 0755 -d ${D}${sysconfdir}/xinetd.d
+    if [ "${base_bindir}" != "${bindir}" ] ; then
+         install -m 0755 -d ${D}${base_bindir}
+         mv ${D}${bindir}/ping* ${D}${base_bindir}/
+         mv ${D}${bindir}/hostname ${D}${base_bindir}/
+    fi
+    mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/
+    mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/
+    mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd
+    mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd
+    if [ -e ${D}${libexecdir}/rexecd ]; then
+        mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd
+        cp ${WORKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec
+    fi
+    if [ -e ${D}${libexecdir}/rlogind ]; then
+        mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind
+        cp ${WORKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin
+    fi
+    if [ -e ${D}${libexecdir}/rshd ]; then
+        mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd
+        cp ${WORKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh
+    fi
+    if [ -e ${D}${libexecdir}/talkd ]; then
+        mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd
+    fi
+    mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd
+    mv ${D}${libexecdir}/* ${D}${bindir}/
+    cp ${WORKDIR}/telnet.xinetd.inetutils  ${D}/${sysconfdir}/xinetd.d/telnet
+    cp ${WORKDIR}/tftpd.xinetd.inetutils  ${D}/${sysconfdir}/xinetd.d/tftpd
+
+    sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/*
+    if [ -e ${D}${libdir}/charset.alias ]; then
+        rm -rf ${D}${libdir}/charset.alias
+    fi
+    rm -rf ${D}${libexecdir}/
+    # remove usr/lib if empty
+    rmdir ${D}${libdir} || true
+}
+
+PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \
+${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \
+${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \
+${PN}-rsh ${PN}-rshd"
+
+# The packages tftpd, telnetd and rshd conflict with the ones
+# provided by netkit, so add the corresponding -dbg packages
+# for them to avoid the confliction between the dbg package
+# of inetutils and netkit.
+PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg"
+NOAUTOPACKAGEDEBUG = "1"
+
+ALTERNATIVE_PRIORITY = "79"
+ALTERNATIVE_${PN} = "whois"
+ALTERNATIVE_LINK_NAME[uucpd]  = "${sbindir}/in.uucpd"
+
+ALTERNATIVE_PRIORITY_${PN}-logger = "60"
+ALTERNATIVE_${PN}-logger = "logger"
+ALTERNATIVE_${PN}-syslogd = "syslogd"
+ALTERNATIVE_LINK_NAME[syslogd]  = "${base_sbindir}/syslogd"
+
+ALTERNATIVE_${PN}-ftp = "ftp"
+ALTERNATIVE_${PN}-ftpd = "ftpd"
+ALTERNATIVE_${PN}-tftp = "tftp"
+ALTERNATIVE_${PN}-tftpd = "tftpd"
+ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd"
+ALTERNATIVE_TARGET[tftpd]  = "${sbindir}/in.tftpd"
+
+ALTERNATIVE_${PN}-telnet = "telnet"
+ALTERNATIVE_${PN}-telnetd = "telnetd"
+ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd"
+ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd"
+
+ALTERNATIVE_${PN}-inetd= "inetd"
+ALTERNATIVE_${PN}-traceroute = "traceroute"
+
+ALTERNATIVE_${PN}-hostname = "hostname"
+ALTERNATIVE_LINK_NAME[hostname]  = "${base_bindir}/hostname"
+
+ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \
+                         tftpd.8 tftp.1 telnetd.8"
+ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
+ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
+ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
+ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
+ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
+ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8"
+ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1"
+
+ALTERNATIVE_${PN}-ifconfig = "ifconfig"
+ALTERNATIVE_LINK_NAME[ifconfig]  = "${base_sbindir}/ifconfig"
+
+ALTERNATIVE_${PN}-ping = "ping"
+ALTERNATIVE_LINK_NAME[ping]   = "${base_bindir}/ping"
+
+ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}"
+ALTERNATIVE_LINK_NAME[ping6]  = "${base_bindir}/ping6"
+
+
+FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug"
+FILES_${PN}-ping = "${base_bindir}/ping.${BPN}"
+FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}"
+FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}"
+FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}"
+FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}"
+FILES_${PN}-logger = "${bindir}/logger.${BPN}"
+
+FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}"
+RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng"
+
+FILES_${PN}-ftp = "${bindir}/ftp.${BPN}"
+
+FILES_${PN}-tftp = "${bindir}/tftp.${BPN}"
+FILES_${PN}-telnet = "${bindir}/telnet.${BPN}"
+
+# We make us of RCONFLICTS / RPROVIDES here rather than using the normal
+# alternatives method as this leads to packaging QA issues when using
+# musl as that library does not provide what these applications need to
+# build.
+FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp"
+RCONFLICTS_${PN}-rsh += "netkit-rsh-client"
+RPROVIDES_${PN}-rsh = "rsh"
+
+FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \
+                    ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec"
+FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd"
+RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers"
+RCONFLICTS_${PN}-rshd += "netkit-rshd-server"
+RPROVIDES_${PN}-rshd = "rshd"
+
+FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}"
+FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}"
+RDEPENDS_${PN}-ftpd += "xinetd"
+
+FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd"
+FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd"
+RCONFLICTS_${PN}-tftpd += "netkit-tftpd"
+RDEPENDS_${PN}-tftpd += "xinetd"
+
+FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet"
+FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd"
+RCONFLICTS_${PN}-telnetd += "netkit-telnet"
+RPROVIDES_${PN}-telnetd = "telnetd"
+RDEPENDS_${PN}-telnetd += "xinetd"
+
+FILES_${PN}-inetd = "${bindir}/inetd.${BPN}"
+
+RDEPENDS_${PN} = "xinetd"
diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2.inc
index 09ea3d2602..403d264308 100644
--- a/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -9,11 +9,31 @@ LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                     file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817"
 
-DEPENDS = "flex-native bison-native iptables"
+DEPENDS = "flex-native bison-native iptables libcap"
 
-inherit update-alternatives
+inherit update-alternatives bash-completion pkgconfig
 
-EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
+CLEANBROKEN = "1"
+
+PACKAGECONFIG ??= "tipc elf devlink"
+PACKAGECONFIG[tipc] = ",,libmnl,"
+PACKAGECONFIG[elf] = ",,elfutils,"
+PACKAGECONFIG[devlink] = ",,libmnl,"
+
+EXTRA_OEMAKE = "\
+    CC='${CC}' \
+    KERNEL_INCLUDE=${STAGING_INCDIR} \
+    DOCDIR=${docdir}/iproute2 \
+    SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc', d)}' \
+    SBINDIR='${base_sbindir}' \
+    LIBDIR='${libdir}' \
+"
+
+do_configure_append () {
+    sh configure ${STAGING_INCDIR}
+    # Explicitly disable ATM support
+    sed -i -e '/TC_CONFIG_ATM/d' config.mk
+}
 
 do_install () {
     oe_runmake DESTDIR=${D} install
@@ -26,13 +46,36 @@ do_install () {
 # The .so files in iproute2-tc are modules, not traditional libraries
 INSANE_SKIP_${PN}-tc = "dev-so"
 
-PACKAGES =+ "${PN}-tc"
+PACKAGES =+ "\
+    ${PN}-devlink \
+    ${PN}-genl \
+    ${PN}-ifstat \
+    ${PN}-lnstat \
+    ${PN}-nstat \
+    ${PN}-rtacct \
+    ${PN}-ss \
+    ${PN}-tc \
+    ${PN}-tipc \
+"
+
 FILES_${PN}-tc = "${base_sbindir}/tc* \
                   ${libdir}/tc/*.so"
-
-FILES_${PN}-dbg += "${libdir}/tc/.debug"
+FILES_${PN}-lnstat = "${base_sbindir}/lnstat \
+                      ${base_sbindir}/ctstat \
+                      ${base_sbindir}/rtstat"
+FILES_${PN}-ifstat = "${base_sbindir}/ifstat"
+FILES_${PN}-genl = "${base_sbindir}/genl"
+FILES_${PN}-rtacct = "${base_sbindir}/rtacct"
+FILES_${PN}-nstat = "${base_sbindir}/nstat"
+FILES_${PN}-ss = "${base_sbindir}/ss"
+FILES_${PN}-tipc = "${base_sbindir}/tipc"
+FILES_${PN}-devlink = "${base_sbindir}/devlink"
 
 ALTERNATIVE_${PN} = "ip"
 ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
 ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
 ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN}-tc = "tc"
+ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc"
+ALTERNATIVE_PRIORITY_${PN}-tc = "100"
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-devlink.c-add-missing-include.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-devlink.c-add-missing-include.patch
new file mode 100644
index 0000000000..fdd8bbfb3c
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2/0001-devlink.c-add-missing-include.patch
@@ -0,0 +1,24 @@
+From ce39396d4617874323f6039a5b476e44bf552908 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Sat, 6 Jun 2020 18:00:13 +0000
+Subject: [PATCH] devlink.c: add missing include
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
+---
+ devlink/devlink.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/devlink/devlink.c b/devlink/devlink.c
+index 0982fae..93dc01c 100644
+--- a/devlink/devlink.c
++++ b/devlink/devlink.c
+@@ -33,6 +33,7 @@
+ #include <sys/select.h>
+ #include <sys/socket.h>
+ #include <sys/types.h>
++#include <signal.h>
+ 
+ #include "version.h"
+ #include "list.h"
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch
deleted file mode 100644
index 39c7d40319..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Subject: [PATCH] iproute2: de-bash scripts
-
-de-bash these two scripts to make iproute2 not depend on bash.
-
-Upstream-Status: Pending
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
----
- ip/ifcfg |   15 ++++++++-------
- ip/rtpr  |    2 +-
- 2 files changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/ip/ifcfg b/ip/ifcfg
-index 083d9df..60bcf1f 100644
---- a/ip/ifcfg
-+++ b/ip/ifcfg
-@@ -1,12 +1,13 @@
--#! /bin/bash
-+#! /bin/sh
- 
- CheckForwarding () {
--  local sbase fwd
-+  local sbase fwd forwarding
-   sbase=/proc/sys/net/ipv4/conf
-   fwd=0
-   if [ -d $sbase ]; then
-     for dir in $sbase/*/forwarding; do
--      fwd=$[$fwd + `cat $dir`]
-+      forwarding=`cat $dir`
-+      fwd=$(($fwd+$forwarding))
-     done
-   else
-     fwd=2
-@@ -127,12 +128,12 @@ fi
- arping -q -A -c 1 -I $dev $ipaddr
- noarp=$?
- ( sleep 2 ;
--  arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null &
-+  arping -q -U -c 1 -I $dev $ipaddr ) > /dev/null 2>&1 </dev/null &
- 
--ip route add unreachable 224.0.0.0/24 >& /dev/null
--ip route add unreachable 255.255.255.255 >& /dev/null
-+ip route add unreachable 224.0.0.0/24 > /dev/null 2>&1
-+ip route add unreachable 255.255.255.255 > /dev/null 2>&1
- if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
--  ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
-+  ip route add 224.0.0.0/4 dev $dev scope global > /dev/null 2>&1
- fi
- 
- if [ $fwd -eq 0 ]; then
-diff --git a/ip/rtpr b/ip/rtpr
-index c3629fd..674198d 100644
---- a/ip/rtpr
-+++ b/ip/rtpr
-@@ -1,4 +1,4 @@
--#! /bin/bash
-+#! /bin/sh
- 
- exec tr "[\\\\]" "[
- ]"
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
new file mode 100644
index 0000000000..74e3de1ce9
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
@@ -0,0 +1,39 @@
+From c25f8d1f7a6203dfeb10b39f80ffd314bb84a58d Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Thu, 22 Dec 2016 15:26:30 +0200
+Subject: [PATCH] libc-compat.h: add musl workaround
+
+The libc-compat.h kernel header uses glibc specific macros (__GLIBC__ and
+__USE_MISC) to solve conflicts with libc provided headers. This patch makes
+libc-compat.h work for musl libc as well.
+
+Upstream-Status: Pending
+
+Taken From:
+https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-workaround-to-the-libc-compat.h-copy.patch
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+
+---
+ include/uapi/linux/libc-compat.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h
+index a159991..22198fa 100644
+--- a/include/uapi/linux/libc-compat.h
++++ b/include/uapi/linux/libc-compat.h
+@@ -50,10 +50,12 @@
+ #define _LIBC_COMPAT_H
+ 
+ /* We have included glibc headers... */
+-#if defined(__GLIBC__)
++#if 1
++#define __USE_MISC
+ 
+ /* Coordinate with glibc net/if.h header. */
+ #if defined(_NET_IF_H) && defined(__USE_MISC)
++#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0
+ 
+ /* GLIBC headers included first so don't define anything
+  * that would already be defined. */
diff --git a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch b/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
deleted file mode 100644
index 866609ca99..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 85b0589b4843c03e8e6fd9416d71ea449a73c5c0 Mon Sep 17 00:00:00 2001
-From: Koen Kooi <koen@dominion.thruhere.net>
-Date: Thu, 3 Nov 2011 10:46:16 +0100
-Subject: [PATCH] make configure cross compile safe
-
-According to Kevin Tian:
-Upstream-Status: Pending
-
-Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
-Signed-off-by: Shane Wang <shane.wang@intel.com>
-
-Index: iproute2-3.7.0/configure
-===================================================================
---- iproute2-3.7.0.orig/configure
-+++ iproute2-3.7.0/configure
-@@ -2,6 +2,7 @@
- # This is not an autconf generated configure
- #
- INCLUDE=${1:-"$PWD/include"}
-+SYSROOT=$1
- 
- # Make a temp directory in build tree.
- TMPDIR=$(mktemp -d config.XXXXXX)
-@@ -158,7 +159,7 @@ check_ipt_lib_dir()
- 		return
- 	fi
- 
--	for dir in /lib /usr/lib /usr/local/lib
-+	for dir in $SYSROOT/lib $SYSROOT/usr/lib $SYSROOT/usr/local/lib
- 	do
- 		for file in $dir/{xtables,iptables}/lib*t_*so ; do
- 			if [ -f $file ]; then
diff --git a/meta/recipes-connectivity/iproute2/iproute2_3.17.0.bb b/meta/recipes-connectivity/iproute2/iproute2_3.17.0.bb
deleted file mode 100644
index d12b33fbd1..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2_3.17.0.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require iproute2.inc
-
-SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
-           file://configure-cross.patch \
-           file://0001-iproute2-de-bash-scripts.patch \
-          "
-SRC_URI[md5sum] = "b741a02c6dda5818d18011d572874493"
-SRC_URI[sha256sum] = "09e406636e7598e46d5d4f7b928bf5db57049d65dbeb9a496005957ee16f6000"
-
-# CFLAGS are computed in Makefile and reference CCOPTS
-#
-EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/meta/recipes-connectivity/iproute2/iproute2_5.8.0.bb b/meta/recipes-connectivity/iproute2/iproute2_5.8.0.bb
new file mode 100644
index 0000000000..3a590f9122
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2_5.8.0.bb
@@ -0,0 +1,12 @@
+require iproute2.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
+           file://0001-libc-compat.h-add-musl-workaround.patch \
+           file://0001-devlink.c-add-missing-include.patch \
+           "
+
+SRC_URI[sha256sum] = "cfcd1f890290f8c8afcc91d9444ad929b9252c16f9ab3f286c50dd3c59dc646e"
+
+# CFLAGS are computed in Makefile and reference CCOPTS
+#
+EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
deleted file mode 100755
index 6f29e9c6ed..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
+++ /dev/null
@@ -1,78 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides:          irda
-# Required-Start:    $network $remote_fs
-# Required-Stop:     $network $remote_fs
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: Infrared port support
-### END INIT INFO
-
-NAME="irattach"
-test -x "$IRDA_DAEMON" || IRDA_DAEMON=/usr/sbin/irattach
-test -z "$IRATTACH_PID" && IRATTACH_PID=/var/run/irattach.pid
-
-# Source function library.
-. /etc/init.d/functions
-
-module_id() {
-        awk 'BEGIN { FS=": " } /Hardware/ { print $2 } ' </proc/cpuinfo
-}
-
-if [ ! -f /etc/sysconfig/irda ]; then
-    case `module_id` in
-	"HP iPAQ H2200" | "HP iPAQ HX4700" | "HTC Universal")
-	    IRDA=yes
-	    DEVICE=/dev/ttyS2
-	    DONGLE=
-	    DISCOVERY=
-	    ;;
-	*)
-	    IRDA=yes
-	    DEVICE=/dev/ttyS1
-	    DONGLE=
-	    DISCOVERY=
-	    ;;
-    esac
-else
-    . /etc/sysconfig/irda
-fi
-
-# Check that irda is up.
-[ ${IRDA} = "no" ] && exit 0
-
-[ -f /usr/sbin/irattach ] || exit 0
-
-ARGS=
-if [ $DONGLE ]; then
-	ARGS="$ARGS -d $DONGLE"
-fi
-if [ "$DISCOVERY" = "yes" ];then
-	ARGS="$ARGS -s"
-fi
-
-case "$1" in
-  start)
-	echo -n "Starting IrDA: $NAME"
-	start-stop-daemon --start --quiet --exec "$IRDA_DAEMON" ${DEVICE} ${ARGS} --pidfile "$IRATTACH_PID"
-	sleep 1
-	[ -f /var/run/irattach.pid ] && echo " done" || echo " fail"
-	;;
-  stop)
-	echo "Stopping IrDA: $NAME"
-	start-stop-daemon --stop --quiet --exec "$IRDA_DAEMON" --pidfile "$IRATTACH_PID"
-	;;
-  restart|force-reload)
-	$0 stop
-	$0 start
-	;;
-  status)
-	status irattach
-	exit $?
-	;;
-  *)
-	N=/etc/init.d/$NAME
-	echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
-	exit 1
-	;;
-esac
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
deleted file mode 100644
index 2cdd1ac08b..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-Obey LDFLAGS
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Upstream-status: Pending
-
---- irda-utils-0.9.18.orig/findchip/Makefile
-+++ irda-utils-0.9.18/findchip/Makefile
-@@ -65,5 +65,5 @@ install: findchip
-
- gfindchip: gfindchip.c
-	$(prn_cc)
--	$(ECMD))$(CC) $(CFLAGS) `gtk-config --cflags`  $< -o $@ `gtk-config --libs`
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `gtk-config --cflags`  $< -o $@ `gtk-config --libs`
-
---- irda-utils-0.9.18.orig/irattach/Makefile
-+++ irda-utils-0.9.18/irattach/Makefile
-@@ -49,13 +49,13 @@ all: $(TARGETS)
-
- irattach: irattach.o util.o
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) irattach.o util.o -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) irattach.o util.o -o $@
-
-
-
- dongle_attach: dongle_attach.o
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) dongle_attach.o -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) dongle_attach.o -o $@
-
-
- install: $(TARGETS)
---- irda-utils-0.9.18.orig/irdadump/Makefile
-+++ irda-utils-0.9.18/irdadump/Makefile
-@@ -40,7 +40,7 @@ lib_irdadump.a: $(LIBIRDADUMP_OBJS)
-
- irdadump: $(IRDADUMP_OBJS) $(LIBIRDADUMP_TARGET)
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) `pkg-config --libs glib-2.0` -o  $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `pkg-config --libs glib-2.0` -o  $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
-
-
- .c.o:
---- irda-utils-0.9.18.orig/irdaping/Makefile
-+++ irda-utils-0.9.18/irdaping/Makefile
-@@ -56,7 +56,7 @@ all: $(TARGETS)
-
- irdaping: $(OBJS)
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
-
-
- .c.o:
---- irda-utils-0.9.18.orig/irnetd/Makefile
-+++ irda-utils-0.9.18/irnetd/Makefile
-@@ -50,7 +50,7 @@ all: $(TARGETS)
-
- irnetd: $(OBJS)
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
-
-
- install: irnetd
---- irda-utils-0.9.18.orig/psion/Makefile
-+++ irda-utils-0.9.18/psion/Makefile
-@@ -25,4 +25,4 @@ install: $(PSION_TARGETS)
- CFLAGS += -g -I../include -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS)
- irpsion5:
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(PSION_SRC) -o $@
-\ No newline at end of file
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(PSION_SRC) -o $@
-\ No newline at end of file
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb b/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
deleted file mode 100644
index bd60b9f1e6..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
+++ /dev/null
@@ -1,47 +0,0 @@
-SUMMARY = "Common files for IrDA"
-DESCRIPTION = "Provides common files needed to use IrDA. \
-IrDA allows communication over Infrared with other devices \
-such as phones and laptops."
-HOMEPAGE = "http://irda.sourceforge.net/"
-BUGTRACKER = "irda-users@lists.sourceforge.net"
-SECTION = "base"
-LICENSE = "GPLv2+"
-LIC_FILES_CHKSUM = "file://irdadump/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-                    file://smcinit/COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
-                    file://man/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-                    file://irdadump/irdadump.c;beginline=1;endline=24;md5=d78b9dce3cd78c2220250c9c7a2be178"
-
-SRC_URI = "${SOURCEFORGE_MIRROR}/irda/irda-utils-${PV}.tar.gz \
-           file://ldflags.patch \
-           file://init"
-
-SRC_URI[md5sum] = "84dc12aa4c3f61fccb8d8919bf4079bb"
-SRC_URI[sha256sum] = "61980551e46b2eaa9e17ad31cbc1a638074611fc33bff34163d10c7a67a9fdc6"
-
-inherit update-rc.d
-
-EXTRA_OEMAKE = "\
-    'CC=${CC}' \
-    'LD=${LD}' \
-    'CFLAGS=${CFLAGS}' \
-    'LDFLAGS=${LDFLAGS}' \
-    'SYS_INCLUDES=' \
-    'V=1' \
-"
-
-INITSCRIPT_NAME = "irattach"
-INITSCRIPT_PARAMS = "defaults 20"
-
-do_compile () {
-	oe_runmake -C irattach
-	oe_runmake -C irdaping
-}
-
-do_install () {
-	install -d ${D}${sbindir}
-	oe_runmake -C irattach ROOT="${D}" install
-	oe_runmake -C irdaping ROOT="${D}" install
-
-	install -d ${D}${sysconfdir}/init.d
-	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
-}
diff --git a/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch b/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
new file mode 100644
index 0000000000..715b88d466
--- /dev/null
+++ b/meta/recipes-connectivity/iw/iw/0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch
@@ -0,0 +1,41 @@
+Subject: [PATCH] iw: version.sh: don't use git describe for versioning
+
+It will detect top-level git repositories like the Angstrom setup-scripts and break.
+
+Upstream-Status: Pending
+
+Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+diff -Naur iw-4.7-orig/version.sh iw-4.7/version.sh
+--- iw-4.7-orig/version.sh	2016-05-31 12:52:46.000000000 +0300
++++ iw-4.7/version.sh	2016-06-01 11:21:58.307409060 +0300
+@@ -15,27 +15,7 @@
+ SRC_DIR=$(cd ${SRC_DIR}; pwd)
+ cd "${SRC_DIR}"
+ 
+-v=""
+-if [ -d .git ] && head=`git rev-parse --verify HEAD 2>/dev/null`; then
+-    git update-index --refresh --unmerged > /dev/null
+-    descr=$(git describe --match=v* 2>/dev/null)
+-    if [ $? -eq 0 ]; then
+-        # on git builds check that the version number above
+-        # is correct...
+-        if [ "${descr%%-*}" = "v$VERSION" ]; then
+-            v="${descr#v}"
+-            if git diff-index --name-only HEAD | read dummy ; then
+-                v="$v"-dirty
+-            fi
+-        fi
+-    fi
+-fi
+-
+-# set to the default version when failed to get the version
+-# information with git
+-if [ -z "${v}" ]; then
+-    v="$VERSION"
+-fi
++v="$VERSION"
+ 
+ echo '#include "iw.h"' > "$OUT"
+ echo "const char iw_version[] = \"$v\";" >> "$OUT"
diff --git a/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/meta/recipes-connectivity/iw/iw/separate-objdir.patch
new file mode 100644
index 0000000000..179fd90124
--- /dev/null
+++ b/meta/recipes-connectivity/iw/iw/separate-objdir.patch
@@ -0,0 +1,50 @@
+From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001
+From: Changhyeok Bae <changhyeok.bae@gmail.com>
+Date: Mon, 27 Jan 2020 22:48:03 +0100
+Subject: [PATCH] Support separation of SRCDIR and OBJDIR
+
+Typical use of VPATH to locate the sources.
+
+Upstream-Status: Pending
+
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ Makefile | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 90f2251..714cdb9 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,5 +1,9 @@
+ MAKEFLAGS += --no-print-directory
+ 
++SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
++OBJDIR ?= $(PWD)
++VPATH = $(SRCDIR)
++
+ PREFIX ?= /usr
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+@@ -92,7 +96,7 @@ all: $(ALL)
+ version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \
+ 		$(wildcard .git/index .git/refs/tags)
+ 	@$(NQ) ' GEN ' $@
+-	$(Q)./version.sh $@
++	$(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@
+ 
+ nl80211-commands.inc: nl80211.h
+ 	@$(NQ) ' GEN ' $@
+@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h
+ 
+ %.o: %.c iw.h nl80211.h nl80211-commands.inc
+ 	@$(NQ) ' CC  ' $@
+-	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
++	$(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
+ 
+ ifeq ($(IW_ANDROID_BUILD),)
+ iw:	$(OBJS)
+-- 
+2.23.0
+
diff --git a/meta/recipes-connectivity/iw/iw_5.8.bb b/meta/recipes-connectivity/iw/iw_5.8.bb
new file mode 100644
index 0000000000..97ca66d66f
--- /dev/null
+++ b/meta/recipes-connectivity/iw/iw_5.8.bb
@@ -0,0 +1,32 @@
+SUMMARY = "nl80211 based CLI configuration utility for wireless devices"
+DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \
+wireless devices. It supports almost all new drivers that have been added \
+to the kernel recently. "
+HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw"
+SECTION = "base"
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774"
+
+DEPENDS = "libnl"
+
+SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
+           file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \
+           file://separate-objdir.patch \
+"
+
+SRC_URI[md5sum] = "98129d64212bdbb408f009c56ed5c62a"
+SRC_URI[sha256sum] = "cd9125c7e560926d66b09977fe0f75e5365ffd05a15df67d86a421dc76f96a96"
+
+inherit pkgconfig
+
+EXTRA_OEMAKE = "\
+    -f '${S}/Makefile' \
+    \
+    'PREFIX=${prefix}' \
+    'SBINDIR=${sbindir}' \
+    'MANDIR=${mandir}' \
+"
+
+do_install() {
+    oe_runmake 'DESTDIR=${D}' install
+}
diff --git a/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch b/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch
new file mode 100644
index 0000000000..ab3fd83946
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch
@@ -0,0 +1,39 @@
+From 639dc25cdabc9d1846000a542c8cc19158b69994 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Fri, 18 Sep 2020 08:18:08 +0000
+Subject: [PATCH] keactrl.in: create /var/lib/kea and /var/run/kea folder
+
+Create /var/lib/kea and /var/run/kea folder to fix below error:
+ # keactrl start
+ INFO/keactrl: Starting /usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
+ INFO/keactrl: Starting /usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
+ INFO/keactrl: Starting /usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
+ Unable to use interprocess sync lockfile (No such file or directory): /var/run/kea/logger_lockfile
+ Service failed: Launch failed: Unable to open PID file '/var/run/kea/kea-ctrl-agent.kea-ctrl-agent.pid' for write
+ [snip]
+ ERROR [kea-dhcp4.dhcp4/615.140641792751488] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf, reason: Unable to open database: unable to open '/var/lib/kea/kea-leases4.csv'
+ [snip]
+
+Upstream-Status: Inappropriate [config specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ src/bin/keactrl/keactrl.in | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in
+index 12b2b3f..47cf6f9 100644
+--- a/src/bin/keactrl/keactrl.in
++++ b/src/bin/keactrl/keactrl.in
+@@ -482,6 +482,8 @@ case ${command} in
+         # The variables (dhcp4_srv, dhcp6_serv, dhcp_ddns_srv etc) are set in the
+         # keactrl.conf file that shellcheck is unable to read.
+         # shellcheck disable=SC2154
++        [ -d @LOCALSTATEDIR@/run/kea ] || mkdir -p @LOCALSTATEDIR@/run/kea
++        [ -d @LOCALSTATEDIR@/lib/kea ] || mkdir -p @LOCALSTATEDIR@/lib/kea
+         run_conditional "dhcp4" "start_server ${dhcp4_srv} -c ${kea_dhcp4_config_file} ${args}" 1
+         run_conditional "dhcp6" "start_server ${dhcp6_srv} -c ${kea_dhcp6_config_file} ${args}" 1
+         # shellcheck disable=SC2154
+-- 
+2.26.2
+
diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
new file mode 100644
index 0000000000..733adf5536
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
@@ -0,0 +1,55 @@
+There are conflict of config files between kea and lib32-kea:
+
+| Error: Transaction test error:
+|  file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of
+     lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64
+|  file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of
+     lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64
+
+Because they are all commented out, replace the expanded libdir path with
+'$libdir' in the config files to avoid conflict.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++-
+ src/bin/keactrl/kea-dhcp4.conf.pre      | 6 ++++--
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+index 211b7ff..d710ec7 100644
+--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+@@ -45,7 +45,8 @@
+     // Agent will fail to start.
+     "hooks-libraries": [
+ //  {
+-//      "library": "@libdir@/kea/hooks/control-agent-commands.so",
++//      // Replace $libdir with real library path /usr/lib or /usr/lib64
++//      "library": "$libdir/kea/hooks/control-agent-commands.so",
+ //      "parameters": {
+ //          "param1": "foo"
+ //      }
+diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre
+index 5f77a32..70ae3d9 100644
+--- a/src/bin/keactrl/kea-dhcp4.conf.pre
++++ b/src/bin/keactrl/kea-dhcp4.conf.pre
+@@ -252,7 +252,8 @@
+     //      // of all devices serviced by Kea, including their identifiers
+     //      // (like MAC address), their location in the network, times
+     //      // when they were active etc.
+-    //      "library": "@libdir@/kea/hooks/libdhcp_legal_log.so"
++    //      // Replace $libdir with real library path /usr/lib or /usr/lib64
++    //      "library": "$libdir/kea/hooks/libdhcp_legal_log.so"
+     //      "parameters": {
+     //          "path": "/var/lib/kea",
+     //          "base-name": "kea-forensic4"
+@@ -269,7 +270,8 @@
+     //      // of specific options or perhaps even a combination of several
+     //      // options and fields to uniquely identify a client. Those scenarios
+     //      // are addressed by the Flexible Identifiers hook application.
+-    //      "library": "@libdir@/kea/hooks/libdhcp_flex_id.so",
++    //      // Replace $libdir with real library path /usr/lib or /usr/lib64
++    //      "library": "$libdir/kea/hooks/libdhcp_flex_id.so",
+     //      "parameters": {
+     //          "identifier-expression": "substring(relay6[0].option[18],0,8)"
+     //      }
diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
new file mode 100644
index 0000000000..eeeb89942b
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
@@ -0,0 +1,22 @@
+Busybox does not support ps -p so use pgrep
+
+Upstream-Status: Inappropriate [embedded specific]
+Based on changes from Diego Sueiro <Diego.Sueiro@arm.com>
+
+Signed-off-by: Armin kuster <akuster808@gmail.com>
+
+Index: kea-1.7.10/src/bin/keactrl/keactrl.in
+===================================================================
+--- kea-1.7.10.orig/src/bin/keactrl/keactrl.in
++++ kea-1.7.10/src/bin/keactrl/keactrl.in
+@@ -137,8 +137,8 @@ check_running() {
+     # Get the PID from the PID file (if it exists)
+     get_pid_from_file "${proc_name}"
+     if [ ${_pid} -gt 0 ]; then
+-        # Use ps to check if PID is alive
+-        ps -p ${_pid} 1>/dev/null
++        # Use pgrep and grep to check if PID is alive
++        pgrep -v 1 | grep ${_pid} 1>/dev/null
+         retcode=$?
+         if [ $retcode -eq 0 ]; then
+             # No error, so PID IS ALIVE
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server
new file mode 100644
index 0000000000..50fe40d439
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server
@@ -0,0 +1,46 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          kea-dhcp-ddns-server
+# Required-Start:    $local_fs $network $remote_fs $syslog
+# Required-Stop:     $local_fs $network $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: ISC KEA DHCP IPv6 Server
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp-ddns-server"
+NAME=kea-dhcp-ddns
+DAEMON=/usr/sbin/keactrl
+DAEMON_ARGS=" -s dhcp_ddns"
+
+set -e
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Source function library.
+. /etc/init.d/functions
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
+        echo "done."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        kpid=`pidof $NAME`
+        kill $kpid
+        echo "done."
+        ;;
+  restart|force-reload)
+        #
+        $0 stop
+        $0 start
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
new file mode 100644
index 0000000000..91aa2eb14f
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCP-DDNS Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/kea
+ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4-server b/meta/recipes-connectivity/kea/files/kea-dhcp4-server
new file mode 100644
index 0000000000..e83e51025d
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp4-server
@@ -0,0 +1,46 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          kea-dhcp4-server
+# Required-Start:    $local_fs $network $remote_fs $syslog
+# Required-Stop:     $local_fs $network $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: ISC KEA DHCP IPv6 Server
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp4-server"
+NAME=kea-dhcp4
+DAEMON=/usr/sbin/keactrl
+DAEMON_ARGS=" -s dhcp4"
+
+set -e
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Source function library.
+. /etc/init.d/functions
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
+        echo "done."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        kpid=`pidof $NAME`
+        kill $kpid
+        echo "done."
+        ;;
+  restart|force-reload)
+        #
+        $0 stop
+        $0 start
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
new file mode 100644
index 0000000000..b851ea71c5
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCPv4 Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
+ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6-server b/meta/recipes-connectivity/kea/files/kea-dhcp6-server
new file mode 100644
index 0000000000..10f2d22641
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp6-server
@@ -0,0 +1,47 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          kea-dhcp6-server
+# Required-Start:    $local_fs $network $remote_fs $syslog
+# Required-Stop:     $local_fs $network $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: ISC KEA DHCP IPv6 Server
+### END INIT INFO
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp6-server"
+NAME=kea-dhcp6
+DAEMON=/usr/sbin/keactrl
+DAEMON_ARGS=" -s dhcp6"
+
+set -e
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Source function library.
+. /etc/init.d/functions
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
+        echo "done."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        kpid=`pidof $NAME`
+        kill $kpid
+        echo "done."
+        ;;
+  restart|force-reload)
+        #
+        $0 stop
+        $0 start
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
new file mode 100644
index 0000000000..0f9f0ef8d9
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCPv6 Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
+ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/kea_1.7.10.bb b/meta/recipes-connectivity/kea/kea_1.7.10.bb
new file mode 100644
index 0000000000..c9a5819e47
--- /dev/null
+++ b/meta/recipes-connectivity/kea/kea_1.7.10.bb
@@ -0,0 +1,73 @@
+SUMMARY = "ISC Kea DHCP Server"
+DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS."
+HOMEPAGE = "http://kea.isc.org"
+SECTION = "connectivity"
+LICENSE = "MPL-2.0 & Apache-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=68d95543d2096459290a4e6b9ceccffa"
+
+DEPENDS = "boost log4cplus openssl"
+
+SRC_URI = "\
+    http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \
+    file://0001-keactrl.in-create-var-lib-kea-and-var-run-kea-folder.patch \
+    file://kea-dhcp4.service \
+    file://kea-dhcp6.service \
+    file://kea-dhcp-ddns.service \
+    file://kea-dhcp4-server \
+    file://kea-dhcp6-server \
+    file://kea-dhcp-ddns-server \
+    file://fix-multilib-conflict.patch \
+    file://fix_pid_keactrl.patch \
+"
+SRC_URI[sha256sum] = "4e121f0e58b175a827581c69cb1d60778647049fa47f142940dddc9ce58f3c82"
+
+inherit autotools systemd update-rc.d
+
+INITSCRIPT_NAME = "kea-dhcp4-server"
+INITSCRIPT_PARAMS = "defaults 30"
+
+SYSTEMD_SERVICE_${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+DEBUG_OPTIMIZATION_remove_mips = " -Og"
+DEBUG_OPTIMIZATION_append_mips = " -O"
+BUILD_OPTIMIZATION_remove_mips = " -Og"
+BUILD_OPTIMIZATION_append_mips = " -O"
+
+DEBUG_OPTIMIZATION_remove_mipsel = " -Og"
+DEBUG_OPTIMIZATION_append_mipsel = " -O"
+BUILD_OPTIMIZATION_remove_mipsel = " -Og"
+BUILD_OPTIMIZATION_append_mipsel = " -O"
+
+EXTRA_OECONF = "--with-boost-libs=-lboost_system \
+                --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \
+                --with-openssl=${STAGING_DIR_TARGET}${prefix}"
+
+do_configure_prepend() {
+    # replace abs_top_builddir to avoid introducing the build path
+    # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target
+    find ${S} -type f -name *.sh.in | xargs sed -i  "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g"
+    sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in
+}
+
+do_install_append() {
+    install -d ${D}${sysconfdir}/init.d
+    install -d ${D}${systemd_system_unitdir}
+
+    install -m 0644 ${WORKDIR}/kea-dhcp*service ${D}${systemd_system_unitdir}
+    install -m 0755 ${WORKDIR}/kea-*-server ${D}${sysconfdir}/init.d
+    sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@BASE_BINDIR@,${base_bindir},g' \
+           -e 's,@LOCALSTATEDIR@,${localstatedir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' \
+           ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl
+}
+
+do_install_append() {
+    rm -rf "${D}${localstatedir}"
+}
+
+CONFFILES_${PN} = "${sysconfdir}/kea/keactrl.conf"
+
+FILES_${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a"
+FILES_${PN} += "${libdir}/hooks/*.so"
+
+PARALLEL_MAKEINST = ""
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
deleted file mode 100644
index 0b936ef092..0000000000
--- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
+++ /dev/null
@@ -1,38 +0,0 @@
-SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
-HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/"
-SECTION = "libs"
-
-LICENSE = "LGPLv2.1+"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
-
-DEPENDS = "avahi"
-PR = "r7"
-
-SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz"
-
-SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7"
-SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d"
-
-S = "${WORKDIR}/nss-mdns-${PV}"
-
-inherit autotools
-
-EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi"
-
-# suppress warning, but don't bother with autonamer
-LEAD_SONAME = "libnss_mdns.so"
-DEBIANNAME_${PN} = "libnss-mdns"
-
-RDEPENDS_${PN} = "avahi-daemon"
-
-pkg_postinst_${PN} () {
-	sed -e '/^hosts:/s/\s*\<mdns\>//' \
-		-e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 mdns4_minimal [NOTFOUND=return]\3\4 mdns\5/' \
-		-i $D${sysconfdir}/nsswitch.conf
-}
-
-pkg_prerm_${PN} () {
-	sed -e '/^hosts:/s/\s*\<mdns\>//' \
-		-e '/^hosts:/s/\s*mdns4_minimal\s\+\[NOTFOUND=return\]//' \
-		-i $D${sysconfdir}/nsswitch.conf
-}
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
new file mode 100644
index 0000000000..5e4460045b
--- /dev/null
+++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.14.1.bb
@@ -0,0 +1,38 @@
+SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
+HOMEPAGE = "https://github.com/lathiat/nss-mdns"
+SECTION = "libs"
+
+LICENSE = "LGPLv2.1+"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
+
+DEPENDS = "avahi"
+
+SRC_URI = "git://github.com/lathiat/nss-mdns \
+           "
+
+SRCREV = "41c9c5e78f287ed4b41ac438c1873fa71bfa70ae"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
+
+COMPATIBLE_HOST_libc-musl = 'null'
+
+EXTRA_OECONF = "--libdir=${base_libdir}"
+
+RDEPENDS_${PN} = "avahi-daemon"
+
+pkg_postinst_${PN} () {
+	sed '
+		/^hosts:/ !b
+		/\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b
+		s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g
+		' -i $D${sysconfdir}/nsswitch.conf
+}
+
+pkg_prerm_${PN} () {
+	sed '
+		/^hosts:/ !b
+		s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g
+		' -i $D${sysconfdir}/nsswitch.conf
+}
diff --git a/meta/recipes-connectivity/libpcap/libpcap.inc b/meta/recipes-connectivity/libpcap/libpcap.inc
deleted file mode 100644
index 0873c248c5..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap.inc
+++ /dev/null
@@ -1,40 +0,0 @@
-SUMMARY = "Interface for user-level network packet capture"
-DESCRIPTION = "Libpcap provides a portable framework for low-level network \
-monitoring.  Libpcap can provide network statistics collection, \
-security monitoring and network debugging."
-HOMEPAGE = "http://www.tcpdump.org/"
-BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
-SECTION = "libs/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=1d4b0366557951c84a94fabe3529f867 \
-                    file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
-DEPENDS = "flex-native bison-native"
-
-INC_PR = "r5"
-
-SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz"
-
-BINCONFIG = "${bindir}/pcap-config"
-
-inherit autotools binconfig-disabled pkgconfig bluetooth
-
-EXTRA_OECONF = "--with-pcap=linux"
-
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)}"
-PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4"
-# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap.
-PACKAGECONFIG[bluez5] = ",,"
-PACKAGECONFIG[canusb] = "--enable-canusb,--enable-canusb=no,libusb"
-PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
-PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
-
-CPPFLAGS_prepend = "-I${S} "
-CFLAGS_prepend = "-I${S} "
-CXXFLAGS_prepend = "-I${S} "
-
-do_configure_prepend () {
-    if [ ! -e ${S}/acinclude.m4 ]; then
-        cat ${S}/aclocal.m4 > ${S}/acinclude.m4
-    fi
-    sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in
-}
diff --git a/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch b/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch
deleted file mode 100644
index 21519825c3..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-diff -ruN libpcap-1.1.1-orig/aclocal.m4 libpcap-1.1.1/aclocal.m4
---- libpcap-1.1.1-orig/aclocal.m4	2010-06-29 10:46:32.815117569 +0800
-+++ libpcap-1.1.1/aclocal.m4	2010-06-29 10:49:17.150149949 +0800
-@@ -37,7 +37,7 @@
- dnl AC_LBL_C_INIT.  Now, we run AC_LBL_C_INIT_BEFORE_CC, AC_PROG_CC,
- dnl and AC_LBL_C_INIT at the top level.
- dnl
--AC_DEFUN(AC_LBL_C_INIT_BEFORE_CC,
-+AC_DEFUN([AC_LBL_C_INIT_BEFORE_CC],
- [
-     AC_BEFORE([$0], [AC_LBL_C_INIT])
-     AC_BEFORE([$0], [AC_PROG_CC])
-@@ -90,7 +90,7 @@
- dnl     LDFLAGS
- dnl     LBL_CFLAGS
- dnl
--AC_DEFUN(AC_LBL_C_INIT,
-+AC_DEFUN([AC_LBL_C_INIT],
- [
-     AC_BEFORE([$0], [AC_LBL_FIXINCLUDES])
-     AC_BEFORE([$0], [AC_LBL_DEVEL])
-@@ -217,7 +217,7 @@
- dnl	V_SONAME_OPT
- dnl	V_RPATH_OPT
- dnl
--AC_DEFUN(AC_LBL_SHLIBS_INIT,
-+AC_DEFUN([AC_LBL_SHLIBS_INIT],
-     [AC_PREREQ(2.50)
-     if test "$GCC" = yes ; then
- 	    #
-@@ -361,7 +361,7 @@
- # Make sure we use the V_CCOPT flags, because some of those might
- # disable inlining.
- #
--AC_DEFUN(AC_LBL_C_INLINE,
-+AC_DEFUN([AC_LBL_C_INLINE],
-     [AC_MSG_CHECKING(for inline)
-     save_CFLAGS="$CFLAGS"
-     CFLAGS="$V_CCOPT"
-@@ -407,7 +407,7 @@
- dnl
- dnl	AC_LBL_FIXINCLUDES
- dnl
--AC_DEFUN(AC_LBL_FIXINCLUDES,
-+AC_DEFUN([AC_LBL_FIXINCLUDES],
-     [if test "$GCC" = yes ; then
- 	    AC_MSG_CHECKING(for ANSI ioctl definitions)
- 	    AC_CACHE_VAL(ac_cv_lbl_gcc_fixincludes,
-@@ -453,7 +453,7 @@
- dnl	$2 (yacc appended)
- dnl	$3 (optional flex and bison -P prefix)
- dnl
--AC_DEFUN(AC_LBL_LEX_AND_YACC,
-+AC_DEFUN([AC_LBL_LEX_AND_YACC],
-     [AC_ARG_WITH(flex, [  --without-flex          don't use flex])
-     AC_ARG_WITH(bison, [  --without-bison         don't use bison])
-     if test "$with_flex" = no ; then
-@@ -506,7 +506,7 @@
- dnl
- dnl	DECLWAITSTATUS (defined)
- dnl
--AC_DEFUN(AC_LBL_UNION_WAIT,
-+AC_DEFUN([AC_LBL_UNION_WAIT],
-     [AC_MSG_CHECKING(if union wait is used)
-     AC_CACHE_VAL(ac_cv_lbl_union_wait,
- 	AC_TRY_COMPILE([
-@@ -535,7 +535,7 @@
- dnl
- dnl	HAVE_SOCKADDR_SA_LEN (defined)
- dnl
--AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
-+AC_DEFUN([AC_LBL_SOCKADDR_SA_LEN],
-     [AC_MSG_CHECKING(if sockaddr struct has the sa_len member)
-     AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len,
- 	AC_TRY_COMPILE([
-@@ -560,7 +560,7 @@
- dnl
- dnl	HAVE_SOCKADDR_STORAGE (defined)
- dnl
--AC_DEFUN(AC_LBL_SOCKADDR_STORAGE,
-+AC_DEFUN([AC_LBL_SOCKADDR_STORAGE],
-     [AC_MSG_CHECKING(if sockaddr_storage struct exists)
-     AC_CACHE_VAL(ac_cv_lbl_has_sockaddr_storage,
- 	AC_TRY_COMPILE([
-@@ -593,7 +593,7 @@
- dnl won't be using code that would use that member, or we wouldn't
- dnl compile in any case).
- dnl
--AC_DEFUN(AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1,
-+AC_DEFUN([AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1],
-     [AC_MSG_CHECKING(if dl_hp_ppa_info_t struct has dl_module_id_1 member)
-     AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
- 	AC_TRY_COMPILE([
-@@ -619,7 +619,7 @@
- dnl
- dnl	ac_cv_lbl_have_run_path (yes or no)
- dnl
--AC_DEFUN(AC_LBL_HAVE_RUN_PATH,
-+AC_DEFUN([AC_LBL_HAVE_RUN_PATH],
-     [AC_MSG_CHECKING(for ${CC-cc} -R)
-     AC_CACHE_VAL(ac_cv_lbl_have_run_path,
- 	[echo 'main(){}' > conftest.c
-@@ -644,7 +644,7 @@
- dnl
- dnl	LBL_ALIGN (DEFINED)
- dnl
--AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
-+AC_DEFUN([AC_LBL_UNALIGNED_ACCESS],
-     [AC_MSG_CHECKING(if unaligned accesses fail)
-     AC_CACHE_VAL(ac_cv_lbl_unaligned_fail,
- 	[case "$host_cpu" in
-@@ -749,7 +749,7 @@
- dnl	HAVE_OS_PROTO_H (defined)
- dnl	os-proto.h (symlinked)
- dnl
--AC_DEFUN(AC_LBL_DEVEL,
-+AC_DEFUN([AC_LBL_DEVEL],
-     [rm -f os-proto.h
-     if test "${LBL_CFLAGS+set}" = set; then
- 	    $1="$$1 ${LBL_CFLAGS}"
-@@ -886,7 +886,7 @@
- dnl statically and happen to have a libresolv.a lying around (and no
- dnl libnsl.a).
- dnl
--AC_DEFUN(AC_LBL_LIBRARY_NET, [
-+AC_DEFUN([AC_LBL_LIBRARY_NET], [
-     # Most operating systems have gethostbyname() in the default searched
-     # libraries (i.e. libc):
-     # Some OSes (eg. Solaris) place it in libnsl
-@@ -909,7 +909,7 @@
- dnl Test for __attribute__
- dnl
- 
--AC_DEFUN(AC_C___ATTRIBUTE__, [
-+AC_DEFUN([AC_C___ATTRIBUTE__], [
- AC_MSG_CHECKING(for __attribute__)
- AC_CACHE_VAL(ac_cv___attribute__, [
- AC_COMPILE_IFELSE(
-@@ -947,7 +947,7 @@
- dnl
- dnl -Scott Barron
- dnl
--AC_DEFUN(AC_LBL_TPACKET_STATS,
-+AC_DEFUN([AC_LBL_TPACKET_STATS],
-    [AC_MSG_CHECKING(if if_packet.h has tpacket_stats defined)
-    AC_CACHE_VAL(ac_cv_lbl_tpacket_stats,
-    AC_TRY_COMPILE([
-@@ -976,7 +976,7 @@
- dnl doesn't have that member (which is OK, as either we won't be using
- dnl code that would use that member, or we wouldn't compile in any case).
- dnl
--AC_DEFUN(AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI,
-+AC_DEFUN([AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI],
-     [AC_MSG_CHECKING(if tpacket_auxdata struct has tp_vlan_tci member)
-     AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
- 	AC_TRY_COMPILE([
-@@ -1003,7 +1003,7 @@
- dnl 
- dnl 	HAVE_DLPI_PASSIVE (defined)
- dnl
--AC_DEFUN(AC_LBL_DL_PASSIVE_REQ_T,
-+AC_DEFUN([AC_LBL_DL_PASSIVE_REQ_T],
-         [AC_MSG_CHECKING(if dl_passive_req_t struct exists)
-        AC_CACHE_VAL(ac_cv_lbl_has_dl_passive_req_t,
-                 AC_TRY_COMPILE([
diff --git a/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
deleted file mode 100644
index 9cfb9df880..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 8887132e85892a72a84ca3878e60f254ad2ce939 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Tue, 24 Feb 2015 15:56:06 -0500
-Subject: [PATCH] libpcap: pkgconfig support
-
-Adding basic structure to support pkg-config.
-
-Upstream-status: Inappropriate [embedded specific]
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
----
- Makefile.in   |  5 +++++
- configure.in  |  1 +
- libpcap.pc.in | 10 ++++++++++
- 3 files changed, 16 insertions(+)
- create mode 100644 libpcap.pc.in
-
-diff --git a/Makefile.in b/Makefile.in
-index 1c2d745..1f25faf 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -60,6 +60,10 @@ V_RPATH_OPT = @V_RPATH_OPT@
- DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
- PROG=libpcap
- 
-+# pkgconfig support
-+pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfig_DATA = libpcap.pc
-+
- # Standard CFLAGS
- FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS)
- 
-@@ -275,6 +279,7 @@ EXTRA_DIST = \
- 	lbl/os-solaris2.h \
- 	lbl/os-sunos4.h \
- 	lbl/os-ultrix4.h \
-+	libpcap.pc \
- 	missing/snprintf.c \
- 	mkdep \
- 	msdos/bin2c.c \
-diff --git a/configure.in b/configure.in
-index 8f5c86b..fb51b35 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1700,6 +1700,7 @@ esac
- AC_PROG_INSTALL
- 
- AC_CONFIG_HEADER(config.h)
-+AC_CONFIG_FILES([libpcap.pc])
- 
- AC_OUTPUT_COMMANDS([if test -f .devel; then
- 	echo timestamp > stamp-h
-diff --git a/libpcap.pc.in b/libpcap.pc.in
-new file mode 100644
-index 0000000..4f78ad8
---- /dev/null
-+++ b/libpcap.pc.in
-@@ -0,0 +1,10 @@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+Name: libpcap
-+Description: System-independent interface for user-level packet capture.
-+Version: @VERSION@
-+Libs: -L${libdir} -lpcap
-+Cflags: -I${includedir}
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.6.2.bb b/meta/recipes-connectivity/libpcap/libpcap_1.6.2.bb
deleted file mode 100644
index 611543e42c..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap_1.6.2.bb
+++ /dev/null
@@ -1,26 +0,0 @@
-require libpcap.inc
-
-SRC_URI += "file://aclocal.patch \
-            file://libpcap-pkgconfig-support.patch \
-           "
-SRC_URI[md5sum] = "5f14191c1a684a75532c739c2c4059fa"
-SRC_URI[sha256sum] = "5db3e2998f1eeba2c76da55da5d474248fe19c44f49e15cac8a796a2c7e19690"
-
-#
-# make install doesn't cover the shared lib
-# make install-shared is just broken (no symlinks)
-#
-
-do_configure_prepend () {
-    #remove hardcoded references to /usr/include
-    sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.in
-}
-
-do_install_prepend () {
-    install -d ${D}${libdir}
-    install -d ${D}${bindir}
-    oe_runmake install-shared DESTDIR=${D}
-    oe_libinstall -a -so libpcap ${D}${libdir}
-    sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc
-    install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc
-}
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
new file mode 100644
index 0000000000..35bb5650b3
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
@@ -0,0 +1,44 @@
+SUMMARY = "Interface for user-level network packet capture"
+DESCRIPTION = "Libpcap provides a portable framework for low-level network \
+monitoring.  Libpcap can provide network statistics collection, \
+security monitoring and network debugging."
+HOMEPAGE = "http://www.tcpdump.org/"
+BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
+SECTION = "libs/network"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
+                    file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
+DEPENDS = "flex-native bison-native"
+
+SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
+           "
+SRC_URI[md5sum] = "21af603d9a591c7d96a6457021d84e6c"
+SRC_URI[sha256sum] = "635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094"
+
+inherit autotools binconfig-disabled pkgconfig
+
+BINCONFIG = "${bindir}/pcap-config"
+
+# Explicitly disable dag support. We don't have recipe for it and if enabled here,
+# configure script poisons the include dirs with /usr/local/include even when the
+# support hasn't been detected.
+EXTRA_OECONF = " \
+                 --with-pcap=linux \
+                 --without-dag \
+                 "
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5"
+PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
+
+do_configure_prepend () {
+    #remove hardcoded references to /usr/include
+    sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
+}
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-connectivity/libuv/libuv_1.39.0.bb b/meta/recipes-connectivity/libuv/libuv_1.39.0.bb
new file mode 100644
index 0000000000..b6ce4757fd
--- /dev/null
+++ b/meta/recipes-connectivity/libuv/libuv_1.39.0.bb
@@ -0,0 +1,19 @@
+SUMMARY = "A multi-platform support library with a focus on asynchronous I/O"
+HOMEPAGE = "https://github.com/libuv/libuv"
+BUGTRACKER = "https://github.com/libuv/libuv/issues"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=a68902a430e32200263d182d44924d47"
+
+SRCREV = "25f4b8b8a3c0f934158cd37a37b0525d75ca488e"
+SRC_URI = "git://github.com/libuv/libuv;branch=v1.x"
+
+S = "${WORKDIR}/git"
+
+inherit autotools
+
+do_configure() {
+    ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh"
+    oe_runconf
+}
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 31cf2bb5fc..0b0bbab168 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -1,12 +1,15 @@
 SUMMARY = "Mobile Broadband Service Provider Database"
+HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders"
 SECTION = "network"
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "d06ebd314a7cdd087d38e4966c19de42c8c55246"
-PV = "20140618+gitr${SRCPV}"
+SRCREV = "22b49d86fb7aded2c195a9d49e5924da696b3228"
+PV = "20190618"
 PE = "1"
 
-SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https"
 S = "${WORKDIR}/git"
 
 inherit autotools
+
+DEPENDS += "libxslt-native"
diff --git a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
new file mode 100644
index 0000000000..d8e8a5e5da
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
@@ -0,0 +1,35 @@
+From affaa2021a54c30353e4e1fee09c13a4de2196be Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Fri, 17 Mar 2017 14:24:29 +0200
+Subject: [PATCH] Add header dependency to nciattach.o
+
+This can happen when compiling nciattach.o:
+
+| In file included from ../neard-0.16/tools/nciattach.c:47:0:
+| ../neard-0.16/src/near.h:30:27: fatal error: near/nfc_copy.h: No such
+file or directory
+|  #include <near/nfc_copy.h>
+
+Add the missing dependency to local headers.
+
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Upstream-Status: Submitted [mailinglist]
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index fa552ee..acef6ba 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -253,6 +253,7 @@ se/builtin.h: src/genbuiltin $(builtin_se_sources)
+ 
+ $(src_neard_OBJECTS) \
+ $(tools_nfctool_nfctool_OBJECTS) \
++$(tools_nciattach_OBJECTS) \
+ $(plugin_objects) \
+ $(se_seeld_OBJECTS) \
+ $(unit_test_ndef_parse_OBJECTS) \
+-- 
+2.11.0
+
diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
index 466067693d..6e864079a9 100644
--- a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
+++ b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
@@ -16,18 +16,15 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
  Makefile.am |    1 +
  1 file changed, 1 insertion(+)
 
-diff --git a/Makefile.am b/Makefile.am
-index 3241311..a43eaa2 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -164,6 +164,7 @@ MAINTAINERCLEANFILES = Makefile.in \
+Index: neard-0.16/Makefile.am
+===================================================================
+--- neard-0.16.orig/Makefile.am
++++ neard-0.16/Makefile.am
+@@ -244,6 +244,7 @@ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(di
  src/plugin.$(OBJEXT): src/builtin.h
  
  src/builtin.h: src/genbuiltin $(builtin_sources)
 +	$(AM_V_at)$(MKDIR_P) src
  	$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
  
- $(src_neard_OBJECTS) \
--- 
-1.7.9.5
-
+ se/plugin.$(OBJEXT): se/builtin.h
diff --git a/meta/recipes-connectivity/neard/neard_0.15.bb b/meta/recipes-connectivity/neard/neard_0.16.bb
index 8adf70cc9c..7c124a3c0b 100644
--- a/meta/recipes-connectivity/neard/neard_0.15.bb
+++ b/meta/recipes-connectivity/neard/neard_0.16.bb
@@ -9,17 +9,18 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \
            file://neard.in \
            file://Makefile.am-fix-parallel-issue.patch \
            file://Makefile.am-do-not-ship-version.h.patch \
+           file://0001-Add-header-dependency-to-nciattach.o.patch \
           "
-SRC_URI[md5sum] = "b746ce62eeef88e8de90765e00a75a1c"
-SRC_URI[sha256sum] = "651f6513d32cdaf8a426255d03aff38a6620a89b0567ec2b36606c6330a93353"
+SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41"
+SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
  file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
  "
 
-inherit autotools pkgconfig systemd update-rc.d bluetooth
+inherit autotools pkgconfig systemd update-rc.d
 
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 
 PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd"
 
@@ -33,28 +34,16 @@ do_install_append() {
 		  > ${D}${sysconfdir}/init.d/neard
 		chmod 0755 ${D}${sysconfdir}/init.d/neard
 	fi
-
-	# Install the tests for neard-tests
-	install -d ${D}${libdir}/neard
-	install -m 0755 ${S}/test/* ${D}${libdir}/${BPN}/
-	install -m 0755 ${B}/tools/nfctool/nfctool ${D}${libdir}/${BPN}/
 }
 
-PACKAGES =+ "${PN}-tests"
-
-FILES_${PN}-tests = "${libdir}/${BPN}/*-test"
-FILES_${PN}-dbg += "${libdir}/${BPN}/*/.debug"
-
-RDEPENDS_${PN} = "dbus python python-dbus python-pygobject"
+RDEPENDS_${PN} = "dbus"
 
 # Bluez & Wifi are not mandatory except for handover
 RRECOMMENDS_${PN} = "\
-                     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+                     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
                      ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \
                     "
 
-RDEPENDS_${PN}-tests = "python python-dbus python-pygobject"
-
 INITSCRIPT_NAME = "neard"
 INITSCRIPT_PARAMS = "defaults 64"
 
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch
deleted file mode 100644
index 4ac5290440..0000000000
--- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a5e95a42e7bceddc9ecad06694c1a0588f4bafc8 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 14 Apr 2015 07:22:47 -0700
-Subject: [PATCH] include sys/types.h for getting u_* typedefs
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- cfg.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/cfg.h b/cfg.h
-index d4d4cab..fe49e8f 100644
---- a/cfg.h
-+++ b/cfg.h
-@@ -33,6 +33,7 @@
- #ifndef _CONF_H_
- #define _CONF_H_
- 
-+#include <sys/types.h>
- #include "queue.h"
- 
- struct conf_list_node {
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch
deleted file mode 100644
index 4633da919e..0000000000
--- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Set nobody user and group
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Roy.Li <rongqing.li@windriver.com>
---- a/idmapd.conf
-+++ b/idmapd.conf
-@@ -17,8 +17,8 @@
- 
- [Mapping]
- 
--#Nobody-User = nobody
--#Nobody-Group = nobody
-+Nobody-User = nobody
-+Nobody-Group = nogroup
- 
- [Translation]
- 
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch
deleted file mode 100644
index d81c7c5f32..0000000000
--- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
---- a/configure.in
-+++ b/configure.in
-@@ -1,7 +1,7 @@
- #                                               -*- Autoconf -*-
- # Process this file with autoconf to produce a configure script.
- 
--AC_PREREQ([2.68])
-+AC_PREREQ([2.65])
- AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org])
- AC_CONFIG_SRCDIR([nfsidmap.h])
- AC_CONFIG_MACRO_DIR([m4])
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb b/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb
deleted file mode 100644
index 5b578e9a1c..0000000000
--- a/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb
+++ /dev/null
@@ -1,25 +0,0 @@
-SUMMARY = "NFS id mapping library"
-HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/"
-SECTION = "libs"
-
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d9c6a2a0ca6017fda7cd905ed2739b37"
-
-SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/${BPN}-${PV}.tar.gz \
-           file://fix-ac-prereq.patch \
-           file://Set_nobody_user_group.patch \
-           file://0001-include-sys-types.h-for-getting-u_-typedefs.patch \
-          "
-
-SRC_URI[md5sum] = "2ac4893c92716add1a1447ae01df77ab"
-SRC_URI[sha256sum] = "656d245d84400e1030f8f40a5a27da76370690c4a932baf249110f047fe7efcf"
-
-inherit autotools
-
-EXTRA_OECONF = "--disable-ldap"
-
-do_install_append () {
-	install -d ${D}${sysconfdir}/
-	install -m 0644 ${WORKDIR}/${BPN}-${PV}/idmapd.conf ${D}${sysconfdir}/idmapd.conf
-}
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
new file mode 100644
index 0000000000..bd350144e3
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
@@ -0,0 +1,299 @@
+From 690a90a5b7786e40b5447ad7c5f19a7657d27405 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Fri, 14 Dec 2018 17:44:32 +0800
+Subject: [PATCH] Makefile.am: fix undefined function for libnsm.a
+
+The source file of libnsm.a uses some function
+in ../support/misc/file.c, add ../support/misc/file.c
+to libnsm_a_SOURCES to fix build error when run
+"make -C tests statdb_dump":
+| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:280: undefined reference to `generic_setup_basedir'
+| collect2: error: ld returned 1 exit status
+
+As there is already one source file named file.c
+as support/nsm/file.c in support/nsm/Makefile.am,
+so rename ../support/misc/file.c to ../support/misc/misc.c.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+
+Rebase it.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ support/misc/Makefile.am |   2 +-
+ support/misc/file.c      | 115 ---------------------------------------------------------------------------------------------------------------
+ support/misc/misc.c      | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ support/nsm/Makefile.am  |   2 +-
+ 4 files changed, 113 insertions(+), 117 deletions(-)
+
+diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am
+index f9993e3..8b0e9db 100644
+--- a/support/misc/Makefile.am
++++ b/support/misc/Makefile.am
+@@ -1,7 +1,7 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+ noinst_LIBRARIES = libmisc.a
+-libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c \
++libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c \
+ 		    nfsd_path.c workqueue.c xstat.c
+ 
+ MAINTAINERCLEANFILES = Makefile.in
+diff --git a/support/misc/file.c b/support/misc/file.c
+deleted file mode 100644
+index 06f6bb2..0000000
+--- a/support/misc/file.c
++++ /dev/null
+@@ -1,115 +0,0 @@
+-/*
+- * Copyright 2009 Oracle.  All rights reserved.
+- * Copyright 2017 Red Hat, Inc.  All rights reserved.
+- *
+- * This file is part of nfs-utils.
+- *
+- * nfs-utils is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
+- *
+- * nfs-utils is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with nfs-utils.  If not, see <http://www.gnu.org/licenses/>.
+- */
+-
+-#ifdef HAVE_CONFIG_H
+-#include <config.h>
+-#endif
+-
+-#include <sys/stat.h>
+-
+-#include <string.h>
+-#include <libgen.h>
+-#include <stdio.h>
+-#include <errno.h>
+-#include <dirent.h>
+-#include <stdlib.h>
+-#include <stdbool.h>
+-#include <limits.h>
+-
+-#include "xlog.h"
+-#include "misc.h"
+-
+-/*
+- * Returns a dynamically allocated, '\0'-terminated buffer
+- * containing an appropriate pathname, or NULL if an error
+- * occurs.  Caller must free the returned result with free(3).
+- */
+-__attribute__((__malloc__))
+-char *
+-generic_make_pathname(const char *base, const char *leaf)
+-{
+-	size_t size;
+-	char *path;
+-	int len;
+-
+-	size = strlen(base) + strlen(leaf) + 2;
+-	if (size > PATH_MAX)
+-		return NULL;
+-
+-	path = malloc(size);
+-	if (path == NULL)
+-		return NULL;
+-
+-	len = snprintf(path, size, "%s/%s", base, leaf);
+-	if ((len < 0) || ((size_t)len >= size)) {
+-		free(path);
+-		return NULL;
+-	}
+-
+-	return path;
+-}
+-
+-
+-/**
+- * generic_setup_basedir - set up basedir
+- * @progname: C string containing name of program, for error messages
+- * @parentdir: C string containing pathname to on-disk state, or NULL
+- * @base: character buffer to contain the basedir that is set up
+- * @baselen: size of @base in bytes
+- *
+- * This runs before logging is set up, so error messages are directed
+- * to stderr.
+- *
+- * Returns true and sets up our basedir, if @parentdir was valid
+- * and usable; otherwise false is returned.
+- */
+-_Bool
+-generic_setup_basedir(const char *progname, const char *parentdir, char *base,
+-		      const size_t baselen)
+-{
+-	static char buf[PATH_MAX];
+-	struct stat st;
+-	char *path;
+-
+-	/* First: test length of name and whether it exists */
+-	if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
+-		(void)fprintf(stderr, "%s: Directory name too long: %s",
+-				progname, parentdir);
+-		return false;
+-	}
+-	if (lstat(parentdir, &st) == -1) {
+-		(void)fprintf(stderr, "%s: Failed to stat %s: %s",
+-				progname, parentdir, strerror(errno));
+-		return false;
+-	}
+-
+-	/* Ensure we have a clean directory pathname */
+-	strncpy(buf, parentdir, sizeof(buf)-1);
+-	path = dirname(buf);
+-	if (*path == '.') {
+-		(void)fprintf(stderr, "%s: Unusable directory %s",
+-				progname, parentdir);
+-		return false;
+-	}
+-
+-	xlog(D_CALL, "Using %s as the state directory", parentdir);
+-	strcpy(base, parentdir);
+-	return true;
+-}
+diff --git a/support/misc/misc.c b/support/misc/misc.c
+new file mode 100644
+index 0000000..e7c3819
+--- /dev/null
++++ b/support/misc/misc.c
+@@ -0,0 +1,111 @@
++/*
++ * Copyright 2009 Oracle.  All rights reserved.
++ * Copyright 2017 Red Hat, Inc.  All rights reserved.
++ *
++ * This file is part of nfs-utils.
++ *
++ * nfs-utils is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * nfs-utils is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with nfs-utils.  If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <sys/stat.h>
++
++#include <string.h>
++#include <libgen.h>
++#include <stdio.h>
++#include <errno.h>
++#include <dirent.h>
++#include <stdlib.h>
++#include <stdbool.h>
++#include <limits.h>
++
++#include "xlog.h"
++#include "misc.h"
++
++/*
++ * Returns a dynamically allocated, '\0'-terminated buffer
++ * containing an appropriate pathname, or NULL if an error
++ * occurs.  Caller must free the returned result with free(3).
++ */
++__attribute__((__malloc__))
++char *
++generic_make_pathname(const char *base, const char *leaf)
++{
++	size_t size;
++	char *path;
++	int len;
++
++	size = strlen(base) + strlen(leaf) + 2;
++	if (size > PATH_MAX)
++		return NULL;
++
++	path = malloc(size);
++	if (path == NULL)
++		return NULL;
++
++	len = snprintf(path, size, "%s/%s", base, leaf);
++	if ((len < 0) || ((size_t)len >= size)) {
++		free(path);
++		return NULL;
++	}
++
++	return path;
++}
++
++
++/**
++ * generic_setup_basedir - set up basedir
++ * @progname: C string containing name of program, for error messages
++ * @parentdir: C string containing pathname to on-disk state, or NULL
++ * @base: character buffer to contain the basedir that is set up
++ * @baselen: size of @base in bytes
++ *
++ * This runs before logging is set up, so error messages are directed
++ * to stderr.
++ *
++ * Returns true and sets up our basedir, if @parentdir was valid
++ * and usable; otherwise false is returned.
++ */
++_Bool
++generic_setup_basedir(const char *progname, const char *parentdir, char *base,
++		      const size_t baselen)
++{
++	static char buf[PATH_MAX];
++	struct stat st;
++	char *path;
++
++	/* First: test length of name and whether it exists */
++	if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
++		(void)fprintf(stderr, "%s: Directory name too long: %s",
++				progname, parentdir);
++		return false;
++	}
++	if (lstat(parentdir, &st) == -1) {
++		(void)fprintf(stderr, "%s: Failed to stat %s: %s",
++				progname, parentdir, strerror(errno));
++		return false;
++	}
++
++	/* Ensure we have a clean directory pathname */
++	strncpy(buf, parentdir, sizeof(buf)-1);
++	path = dirname(buf);
++	if (*path == '.') {
++		(void)fprintf(stderr, "%s: Unusable directory %s",
++				progname, parentdir);
++		return false;
++	}
++
++	xlog(D_CALL, "Using %s as the state directory", parentdir);
++	strcpy(base, parentdir);
++	return true;
++}
+diff --git a/support/nsm/Makefile.am b/support/nsm/Makefile.am
+index 8f5874e..68f1a46 100644
+--- a/support/nsm/Makefile.am
++++ b/support/nsm/Makefile.am
+@@ -10,7 +10,7 @@ GENFILES	= $(GENFILES_CLNT) $(GENFILES_SVC) $(GENFILES_XDR) $(GENFILES_H)
+ EXTRA_DIST	= sm_inter.x
+ 
+ noinst_LIBRARIES = libnsm.a
+-libnsm_a_SOURCES = $(GENFILES) file.c rpc.c
++libnsm_a_SOURCES = $(GENFILES) ../misc/misc.c file.c rpc.c
+ 
+ BUILT_SOURCES = $(GENFILES)
+ 
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch
deleted file mode 100644
index 7025fb555c..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 9b84cff305866abd150cf1a4c6e7e5ebf8a7eb3a Mon Sep 17 00:00:00 2001
-From: Martin Jansa <Martin.Jansa@gmail.com>
-Date: Fri, 15 Nov 2013 23:21:35 +0100
-Subject: [PATCH] configure: Allow to explicitly disable nfsidmap
-
-* keyutils availability is autodetected and builds aren't reproducible
-
-Upstream-Status: Pending
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
----
- configure.ac | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index bf433d6..28a8f62 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -69,6 +69,12 @@ AC_ARG_ENABLE(nfsv4,
- 	AC_SUBST(enable_nfsv4)
- 	AM_CONDITIONAL(CONFIG_NFSV4, [test "$enable_nfsv4" = "yes"])
- 
-+AC_ARG_ENABLE(nfsidmap,
-+        [AC_HELP_STRING([--enable-nfsidmap],
-+                        [enable support for NFSv4 idmapper @<:@default=yes@:>@])],
-+        enable_nfsidmap=$enableval,
-+        enable_nfsidmap=yes)
-+
- AC_ARG_ENABLE(nfsv41,
- 	[AC_HELP_STRING([--enable-nfsv41],
-                         [enable support for NFSv41 @<:@default=yes@:>@])],
-@@ -296,7 +302,7 @@ fi
- 
- dnl enable nfsidmap when its support by libnfsidmap
- AM_CONDITIONAL(CONFIG_NFSDCLTRACK, [test "$enable_nfsdcltrack" = "yes" ])
--AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"])
-+AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyesyes"])
- 
- 
- if test "$knfsd_cv_glibc2" = no; then
--- 
-1.8.4.3
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
new file mode 100644
index 0000000000..f13d7b380c
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
@@ -0,0 +1,39 @@
+From 398fed3bb0350cb1229e54e7020ae0e044c206d1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ulrich=20=C3=96lmann?= <u.oelmann@pengutronix.de>
+Date: Wed, 17 Feb 2016 08:33:45 +0100
+Subject: bugfix: adjust statd service name
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upstream uses 'rpc-statd.service' and Yocto introduced 'nfs-statd.service'
+instead but forgot to update the mount.nfs helper 'start-statd' accordingly.
+
+Upstream-Status: Inappropriate [other]
+
+Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
+
+Rebase it.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ utils/statd/start-statd | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/utils/statd/start-statd b/utils/statd/start-statd
+index af5c950..df9b9be 100755
+--- a/utils/statd/start-statd
++++ b/utils/statd/start-statd
+@@ -28,10 +28,10 @@ fi
+ # First try systemd if it's installed.
+ if [ -d /run/systemd/system ]; then
+     # Quit only if the call worked.
+-    if systemctl start rpc-statd.service; then
++    if systemctl start nfs-statd.service; then
+         # Ensure systemd knows not to stop rpc.statd or its dependencies
+         # on 'systemctl isolate ..'
+-        systemctl add-wants --runtime remote-fs.target rpc-statd.service
++        systemctl add-wants --runtime remote-fs.target nfs-statd.service
+         exit 0
+     fi
+ fi
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch
new file mode 100644
index 0000000000..20400fef67
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch
@@ -0,0 +1,61 @@
+Detect warning options during configure
+
+Certain options maybe compiler specific therefore its better
+to detect them before use.
+
+nfs_error copies the format string and appends newline to it
+but compiler can forget that it was format string since its not
+same fmt string that was passed. Ignore the warning
+
+Wdiscarded-qualifiers is gcc specific and this is no longer needed
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -599,7 +599,6 @@ my_am_cflags="\
+  -Werror=parentheses \
+  -Werror=aggregate-return \
+  -Werror=unused-result \
+- -Wno-cast-function-type \
+  -fno-strict-aliasing \
+ "
+ 
+@@ -619,9 +618,10 @@ CHECK_CCSUPPORT([-Werror=format-overflow
+ CHECK_CCSUPPORT([-Werror=int-conversion], [flg2])
+ CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3])
+ CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4])
++CHECK_CCSUPPORT([-Wno-cast-function-type], [flg5])
+ AX_GCC_FUNC_ATTRIBUTE([format])
+ 
+-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"])
++AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4 $flg5"])
+ 
+ # Make sure that $ACLOCAL_FLAGS are used during a rebuild
+ AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"])
+--- a/support/nfs/xcommon.c
++++ b/support/nfs/xcommon.c
+@@ -98,7 +98,10 @@ nfs_error (const char *fmt, ...) {
+ 
+      fmt2 = xstrconcat2 (fmt, "\n");
+      va_start (args, fmt);
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat-nonliteral"
+      vfprintf (stderr, fmt2, args);
++#pragma GCC diagnostic pop
+      va_end (args);
+      free (fmt2);
+ }
+--- a/utils/mount/stropts.c
++++ b/utils/mount/stropts.c
+@@ -1094,9 +1094,7 @@ static int nfsmount_fg(struct nfsmount_i
+ 		if (nfs_try_mount(mi))
+ 			return EX_SUCCESS;
+ 
+-#pragma GCC diagnostic ignored "-Wdiscarded-qualifiers"
+ 		if (errno == EBUSY && is_mountpoint(mi->node)) {
+-#pragma GCC diagnostic warning "-Wdiscarded-qualifiers"
+ 			/*
+ 			 * EBUSY can happen when mounting a filesystem that
+ 			 * is already mounted or when the context= are
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
index 613ddc003a..c01415de84 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
@@ -1,11 +1,17 @@
 [Unit]
 Description=NFS Mount Daemon
-After=rpcbind.service nfs-server.service
-Requires=rpcbind.service nfs-server.service
+DefaultDependencies=no
+After=rpcbind.socket
+Requires=proc-fs-nfsd.mount
+After=proc-fs-nfsd.mount
+After=network.target local-fs.target
+BindsTo=nfs-server.service
+ConditionPathExists=@SYSCONFDIR@/exports
 
 [Service]
 EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS
+LimitNOFILE=@HIGH_RLIMIT_NOFILE@
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
index 147d7a7b5f..5c845b7e82 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
@@ -1,7 +1,12 @@
 [Unit]
-Description=NFS Server
-Requires=rpcbind.service nfs-mountd.service
-After=rpcbind.service
+Description=NFS server and services
+DefaultDependencies=no
+Requires=network.target proc-fs-nfsd.mount
+Requires=nfs-mountd.service
+Wants=rpcbind.service
+After=local-fs.target
+After=network.target proc-fs-nfsd.mount rpcbind.service nfs-mountd.service
+ConditionPathExists=@SYSCONFDIR@/exports
 
 [Service]
 Type=oneshot
@@ -9,9 +14,9 @@ EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStartPre=@SBINDIR@/exportfs -r
 ExecStart=@SBINDIR@/rpc.nfsd $NFSD_OPTS $NFSD_COUNT
 ExecStop=@SBINDIR@/rpc.nfsd 0
+ExecStopPost=@SBINDIR@/exportfs -au
 ExecStopPost=@SBINDIR@/exportfs -f
 ExecReload=@SBINDIR@/exportfs -r
-StandardError=syslog
 RemainAfterExit=yes
 
 [Install]
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
index 746dacf056..4fa64e1998 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
@@ -1,12 +1,14 @@
 [Unit]
-Description=NFS file locking service
-After=rpcbind.service
-Requires=rpcbind.service
-Before=remote-fs-pre.target
+Description=NFS status monitor for NFSv2/3 locking.
+DefaultDependencies=no
+Conflicts=umount.target
+Requires=nss-lookup.target rpcbind.service
+After=network.target nss-lookup.target rpcbind.service
 
 [Service]
 EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS
+LimitNOFILE=@HIGH_RLIMIT_NOFILE@
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch
deleted file mode 100644
index d8f8181670..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fixes errors like
-sm-notify[1070]: DNS resolution of a.b.c.d..com failed; retrying later
-This error will occur anytime sm-notify is run before the network if fully up,
-which is happening more and more with parallel startup systems.
-The res_init() call is simple, safe, quick, and a patch to use it should be
-able to go upstream.  Presumably the whole reason sm-notify tries several
-times is to wait for possible changes to the network configuration, but without
-calling res_init() it will never be aware of those changes
-
-Backported drom Fedora
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-
-diff -up nfs-utils-1.2.3/utils/statd/sm-notify.c.orig nfs-utils-1.2.3/utils/statd/sm-notify.c
---- nfs-utils-1.2.3/utils/statd/sm-notify.c.orig	2010-09-28 08:24:16.000000000 -0400
-+++ nfs-utils-1.2.3/utils/statd/sm-notify.c	2010-10-15 16:44:43.487119601 -0400
-@@ -28,6 +28,9 @@
- #include <netdb.h>
- #include <errno.h>
- #include <grp.h>
-+#include <netinet/in.h>
-+#include <arpa/nameser.h>
-+#include <resolv.h>
- 
- #include "sockaddr.h"
- #include "xlog.h"
-@@ -84,6 +87,7 @@ smn_lookup(const char *name)
- 	};
- 	int error;
- 
-+	res_init();
- 	error = getaddrinfo(name, NULL, &hint, &ai);
- 	if (error != 0) {
- 		xlog(D_GENERAL, "getaddrinfo(3): %s", gai_strerror(error));
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
deleted file mode 100644
index 993f1e5ea5..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-nfs-utils: Do not pass CFLAGS to gcc while building
-
-Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has
-been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD).
-
-Upstream-Status: Pending
-
-Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
----
- tools/locktest/Makefile.am |    2 ++
- tools/rpcgen/Makefile.am   |    2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
-index 3156815..1729fd1 100644
---- a/tools/locktest/Makefile.am
-+++ b/tools/locktest/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
- 
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
- 
- noinst_PROGRAMS = testlk
-diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
-index 8a9ec89..8bacdaa 100644
---- a/tools/rpcgen/Makefile.am
-+++ b/tools/rpcgen/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
- 
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
- 
- noinst_PROGRAMS = rpcgen
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-debianize-start-statd.patch
index 5a2d5c8544..ede0dcefc4 100644
--- a/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-debianize-start-statd.patch
@@ -1,6 +1,6 @@
 [PATCH] nfs-utils: debianize start-statd
 
-Upstream-status: Pending
+Upstream-Status: Pending
 
 make start-statd command to use nfscommon configure, too.
 
@@ -9,17 +9,18 @@ Signed-off-by: Li Wang <li.wang@windriver.com>
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
- utils/statd/start-statd | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
+ utils/statd/start-statd | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
 
 diff --git a/utils/statd/start-statd b/utils/statd/start-statd
-index ec9383b..3969b8c 100755
+index 2fd6039..f591b34 100755
 --- a/utils/statd/start-statd
 +++ b/utils/statd/start-statd
-@@ -6,6 +6,13 @@
- # site.
- PATH="/sbin:/usr/sbin:/bin:/usr/bin"
- 
+@@ -17,6 +17,14 @@ then
+     # statd already running - must have been slow to respond.
+     exit 0
+ fi
++
 +# Read config
 +DEFAULTFILE=/etc/default/nfs-common
 +NEED_IDMAPD=
@@ -28,14 +29,14 @@ index ec9383b..3969b8c 100755
 +fi
 +
  # First try systemd if it's installed.
- if systemctl --help >/dev/null 2>&1; then
+ if [ -d /run/systemd/system ]; then
      # Quit only if the call worked.
-@@ -13,4 +20,4 @@ if systemctl --help >/dev/null 2>&1; then
- fi
+@@ -25,4 +33,4 @@ fi
  
+ cd /
  # Fall back to launching it ourselves.
 -exec rpc.statd --no-notify
 +exec rpc.statd --no-notify $STATDOPTS
 -- 
-1.9.1
+2.6.6
 
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
index 7ed93a59d4..0f5747cc6d 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
@@ -40,7 +40,7 @@ test "$NFS_SERVERS" != "" && test "$NFS_SERVERS" -gt 0 && test "$NFS_SERVERS" -l
 #mountd
 start_mountd(){
 	echo -n 'starting mountd: '
-	start-stop-daemon --start --exec "$NFS_MOUNTD" -- "-f /etc/exports $@"
+	start-stop-daemon --start --exec "$NFS_MOUNTD" -- "$@"
 	echo done
 }
 stop_mountd(){
@@ -107,7 +107,7 @@ stop_nfsd(){
 #FIXME: need to create the /var/lib/nfs/... directories
 case "$1" in
   start)
-	exportfs -r
+	test -r /etc/exports && exportfs -r
 	start_nfsd "$NFS_SERVERS"
 	start_mountd
 	test -r /etc/exports && exportfs -a;;
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.1.bb
index 6da85090d5..b8ad23a0d8 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.1.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.5.1.bb
@@ -8,9 +8,8 @@ LICENSE = "MIT & GPLv2+ & BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
 
 # util-linux for libblkid
-DEPENDS = "libcap libnfsidmap libevent util-linux sqlite3"
-RDEPENDS_${PN}-client = "rpcbind bash"
-RDEPENDS_${PN} = "${PN}-client bash"
+DEPENDS = "libcap libevent util-linux sqlite3 libtirpc"
+RDEPENDS_${PN} = "${PN}-client"
 RRECOMMENDS_${PN} = "kernel-module-nfsd"
 
 inherit useradd
@@ -20,8 +19,6 @@ USERADD_PARAM_${PN}-client = "--system  --home-dir /var/lib/nfs \
 			      --shell /bin/false --user-group rpcuser"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \
-           file://0001-configure-Allow-to-explicitly-disable-nfsidmap.patch \
-           file://nfs-utils-1.2.3-sm-notify-res_init.patch \
            file://nfsserver \
            file://nfscommon \
            file://nfs-utils.conf \
@@ -29,12 +26,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
            file://nfs-mountd.service \
            file://nfs-statd.service \
            file://proc-fs-nfsd.mount \
-           file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
            file://nfs-utils-debianize-start-statd.patch \
-"
-
-SRC_URI[md5sum] = "8de676b9ff34b8f9addc1d0800fabdf8"
-SRC_URI[sha256sum] = "ff79d70b7b58b2c8f9b798c58721127e82bb96022adc04a5c4cb251630e696b8"
+           file://bugfix-adjust-statd-service-name.patch \
+           file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
+           file://clang-warnings.patch \
+           "
+SRC_URI[sha256sum] = "0f1c8170e16a07d9836bbf0836d48d0c842b6f0e0e8b18748f099751851d30c4"
 
 # Only kernel-module-nfsd is required here (but can be built-in)  - the nfsd module will
 # pull in the remainder of the dependencies.
@@ -47,29 +44,33 @@ INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21"
 
 inherit autotools-brokensep update-rc.d systemd pkgconfig
 
+SYSTEMD_PACKAGES = "${PN} ${PN}-client"
 SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service"
 SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service"
-SYSTEMD_AUTO_ENABLE = "disable"
 
 # --enable-uuid is need for cross-compiling
 EXTRA_OECONF = "--with-statduser=rpcuser \
                 --enable-mountconfig \
                 --enable-libmount-mount \
-                --disable-nfsv41 \
                 --enable-uuid \
                 --disable-gss \
-                --disable-tirpc \
                 --disable-nfsdcltrack \
                 --with-statdpath=/var/lib/nfs/statd \
+                --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \
                "
 
-PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG ??= "tcp-wrappers \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+PACKAGECONFIG_remove_libc-musl = "tcp-wrappers"
 PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
-PACKAGECONFIG[nfsidmap] = "--enable-nfsidmap,--disable-nfsidmap,keyutils"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+# libdevmapper is available in meta-oe
+PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper"
+# keyutils is available in meta-oe
+PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core"
 
-INHIBIT_AUTO_STAGE = "1"
-
-PACKAGES =+ "${PN}-client ${PN}-stats"
+PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats"
 
 CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \
 			   ${localstatedir}/lib/nfs/rmtab \
@@ -77,7 +78,7 @@ CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \
 			   ${localstatedir}/lib/nfs/statd/state \
 			   ${sysconfdir}/nfsmount.conf"
 
-FILES_${PN}-client = "${base_sbindir}/*mount.nfs* ${sbindir}/*statd \
+FILES_${PN}-client = "${sbindir}/*statd \
 		      ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \
 		      ${sbindir}/showmount ${sbindir}/nfsstat \
 		      ${localstatedir}/lib/nfs \
@@ -85,10 +86,21 @@ FILES_${PN}-client = "${base_sbindir}/*mount.nfs* ${sbindir}/*statd \
 		      ${sysconfdir}/nfsmount.conf \
 		      ${sysconfdir}/init.d/nfscommon \
 		      ${systemd_unitdir}/system/nfs-statd.service"
-FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat"
-RDEPENDS_${PN}-stats = "python"
+RDEPENDS_${PN}-client = "${PN}-mount rpcbind"
+
+FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*"
 
-FILES_${PN} += "${systemd_unitdir}"
+FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts"
+RDEPENDS_${PN}-stats = "python3-core"
+
+FILES_${PN}-staticdev += "${libdir}/libnfsidmap/*.a"
+
+FILES_${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/"
+
+do_configure_prepend() {
+	sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
+		${S}/utils/mount/Makefile.am
+}
 
 # Make clean needed because the package comes with
 # precompiled 64-bit objects that break the build
@@ -96,6 +108,9 @@ do_compile_prepend() {
 	make clean
 }
 
+# Works on systemd only
+HIGH_RLIMIT_NOFILE ??= "4096"
+
 do_install_append () {
 	install -d ${D}${sysconfdir}/init.d
 	install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver
@@ -110,13 +125,12 @@ do_install_append () {
 	install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/
 	sed -i -e 's,@SBINDIR@,${sbindir},g' \
 		-e 's,@SYSCONFDIR@,${sysconfdir},g' \
+		-e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \
 		${D}${systemd_unitdir}/system/*.service
 	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-	    install -d ${D}${sysconfdir}/modules-load.d
-	    echo "nfsd" > ${D}${sysconfdir}/modules-load.d/nfsd.conf
-	    install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/
-	    install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/
-	    ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount
+		install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/
+		install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/
+		ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount
 	fi
 
 	# kernel code as of 3.8 hard-codes this path as a default
@@ -126,8 +140,6 @@ do_install_append () {
 	chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
 	chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
 
-	# the following are built by CC_FOR_BUILD
-	rm -f ${D}${sbindir}/rpcdebug
-	rm -f ${D}${sbindir}/rpcgen
-	rm -f ${D}${sbindir}/locktest
+	# Make python tools use python 3
+	sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
 }
diff --git a/meta/recipes-connectivity/ofono/ofono/0001-backtrace-Disable-for-non-glibc-C-libraries.patch b/meta/recipes-connectivity/ofono/ofono/0001-backtrace-Disable-for-non-glibc-C-libraries.patch
deleted file mode 100644
index 306b6da337..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/0001-backtrace-Disable-for-non-glibc-C-libraries.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 2d729af0897d7d72b83d111876febf9e0eec1a68 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 3 Apr 2015 20:50:56 -0700
-Subject: [PATCH] backtrace: Disable for non-glibc C libraries
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Pending
-
----
- src/log.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/log.c b/src/log.c
-index febc874..9db4ae7 100644
---- a/src/log.c
-+++ b/src/log.c
-@@ -30,7 +30,9 @@
- #include <stdlib.h>
- #include <string.h>
- #include <syslog.h>
-+#ifdef __GLIBC__
- #include <execinfo.h>
-+#endif
- #include <dlfcn.h>
- 
- #include "ofono.h"
-@@ -219,8 +221,9 @@ static void signal_handler(int signo)
- {
- 	ofono_error("Aborting (signal %d) [%s]", signo, program_exec);
- 
-+#ifdef __GLIBC__
- 	print_backtrace(2);
--
-+#endif
- 	exit(EXIT_FAILURE);
- }
- 
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
new file mode 100644
index 0000000000..8a5a300adc
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
@@ -0,0 +1,36 @@
+From 22b52db4842611ac31a356f023fc09595384e2ad Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 23 May 2019 18:11:22 -0700
+Subject: [PATCH] mbim: add an optional TEMP_FAILURE_RETRY macro copy
+
+Fixes build on musl which does not provide this macro
+
+Upstream-Status: Submitted [https://lists.ofono.org/pipermail/ofono/2019-May/019370.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ drivers/mbimmodem/mbim-private.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
+index e159235..51693ea 100644
+--- a/drivers/mbimmodem/mbim-private.h
++++ b/drivers/mbimmodem/mbim-private.h
+@@ -21,6 +21,15 @@
+ 
+ #define align_len(len, boundary) (((len)+(boundary)-1) & ~((boundary)-1))
+ 
++#ifndef TEMP_FAILURE_RETRY
++#define TEMP_FAILURE_RETRY(expression) ({     \
++  __typeof(expression) __result;              \
++  do {                                        \
++    __result = (expression);                  \
++  } while (__result == -1 && errno == EINTR); \
++  __result; })
++#endif
++
+ enum mbim_control_message {
+ 	MBIM_OPEN_MSG = 0x1,
+ 	MBIM_CLOSE_MSG = 0x2,
+-- 
+2.21.0
+
diff --git a/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch b/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch
deleted file mode 100644
index 5f8ca77101..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/Revert-test-Convert-to-Python-3.patch
+++ /dev/null
@@ -1,1270 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-From 572fc23f6efd65a2ef9e6c957b2506108738672b Mon Sep 17 00:00:00 2001
-From: Cristian Iorga <cristian.iorga@intel.com>
-Date: Mon, 25 Aug 2014 16:59:39 +0300
-Subject: [PATCH] Revert "test: Convert to Python 3"
-
-This reverts commit c027ab9fbc1a8e8c9e76bcd123df1ad7696307c2.
----
- test/activate-context          |  2 +-
- test/answer-calls              |  2 +-
- test/backtrace                 |  2 +-
- test/cancel-ussd               |  2 +-
- test/cdma-connman-disable      |  2 +-
- test/cdma-connman-enable       |  2 +-
- test/cdma-dial-number          |  2 +-
- test/cdma-hangup               |  2 +-
- test/cdma-list-call            |  2 +-
- test/cdma-set-credentials      |  2 +-
- test/change-pin                |  2 +-
- test/create-internet-context   |  2 +-
- test/create-mms-context        |  2 +-
- test/create-multiparty         |  2 +-
- test/deactivate-all            |  2 +-
- test/deactivate-context        |  2 +-
- test/dial-number               |  2 +-
- test/disable-call-forwarding   |  2 +-
- test/disable-gprs              |  2 +-
- test/disable-modem             |  2 +-
- test/display-icon              |  2 +-
- test/enable-cbs                |  2 +-
- test/enable-gprs               |  2 +-
- test/enable-modem              |  2 +-
- test/enter-pin                 |  2 +-
- test/get-icon                  |  2 +-
- test/get-operators             |  2 +-
- test/get-tech-preference       |  2 +-
- test/hangup-active             |  2 +-
- test/hangup-all                |  2 +-
- test/hangup-call               |  2 +-
- test/hangup-multiparty         |  2 +-
- test/hold-and-answer           |  2 +-
- test/initiate-ussd             |  4 ++--
- test/list-calls                |  2 +-
- test/list-contexts             |  2 +-
- test/list-messages             |  2 +-
- test/list-modems               |  2 +-
- test/list-operators            |  2 +-
- test/lock-pin                  |  2 +-
- test/lockdown-modem            |  2 +-
- test/monitor-ofono             |  4 ++--
- test/offline-modem             |  2 +-
- test/online-modem              |  2 +-
- test/private-chat              |  2 +-
- test/process-context-settings  |  2 +-
- test/receive-sms               |  2 +-
- test/reject-calls              |  2 +-
- test/release-and-answer        |  2 +-
- test/release-and-swap          |  2 +-
- test/remove-contexts           |  2 +-
- test/reset-pin                 |  2 +-
- test/scan-for-operators        |  2 +-
- test/send-sms                  |  2 +-
- test/send-ussd                 |  4 ++--
- test/send-vcal                 |  2 +-
- test/send-vcard                |  2 +-
- test/set-call-forwarding       |  2 +-
- test/set-cbs-topics            |  2 +-
- test/set-context-property      |  2 +-
- test/set-fast-dormancy         |  2 +-
- test/set-gsm-band              |  2 +-
- test/set-mic-volume            |  2 +-
- test/set-mms-details           |  2 +-
- test/set-msisdn                |  2 +-
- test/set-roaming-allowed       |  2 +-
- test/set-speaker-volume        |  2 +-
- test/set-tech-preference       |  2 +-
- test/set-tty                   |  2 +-
- test/set-umts-band             |  2 +-
- test/set-use-sms-reports       |  2 +-
- test/swap-calls                |  2 +-
- test/test-advice-of-charge     |  2 +-
- test/test-call-barring         |  2 +-
- test/test-call-forwarding      |  2 +-
- test/test-call-settings        |  2 +-
- test/test-cbs                  |  4 ++--
- test/test-gnss                 |  4 ++--
- test/test-message-waiting      |  2 +-
- test/test-modem                |  2 +-
- test/test-network-registration |  2 +-
- test/test-phonebook            |  2 +-
- test/test-push-notification    |  2 +-
- test/test-smart-messaging      |  2 +-
- test/test-sms                  | 18 +++++++++---------
- test/test-ss                   |  2 +-
- test/test-ss-control-cb        |  2 +-
- test/test-ss-control-cf        |  2 +-
- test/test-ss-control-cs        |  2 +-
- test/test-stk-menu             | 34 +++++++++++++++++-----------------
- test/unlock-pin                |  2 +-
- 94 files changed, 124 insertions(+), 124 deletions(-)
-
-diff --git a/test/activate-context b/test/activate-context
-index e4fc702..4241396 100755
---- a/test/activate-context
-+++ b/test/activate-context
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/answer-calls b/test/answer-calls
-index daa794b..45ff08f 100755
---- a/test/answer-calls
-+++ b/test/answer-calls
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/backtrace b/test/backtrace
-index 03c7632..c624709 100755
---- a/test/backtrace
-+++ b/test/backtrace
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import os
- import re
-diff --git a/test/cancel-ussd b/test/cancel-ussd
-index e7559ba..1797f26 100755
---- a/test/cancel-ussd
-+++ b/test/cancel-ussd
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/cdma-connman-disable b/test/cdma-connman-disable
-index 3adc14d..0ddc0cd 100755
---- a/test/cdma-connman-disable
-+++ b/test/cdma-connman-disable
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/cdma-connman-enable b/test/cdma-connman-enable
-index ac16a2d..a3cca01 100755
---- a/test/cdma-connman-enable
-+++ b/test/cdma-connman-enable
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/cdma-dial-number b/test/cdma-dial-number
-index 683431e..9cdfb24 100755
---- a/test/cdma-dial-number
-+++ b/test/cdma-dial-number
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/cdma-hangup b/test/cdma-hangup
-index 41ffa60..493ece4 100755
---- a/test/cdma-hangup
-+++ b/test/cdma-hangup
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/cdma-list-call b/test/cdma-list-call
-index b132353..5d36a69 100755
---- a/test/cdma-list-call
-+++ b/test/cdma-list-call
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/cdma-set-credentials b/test/cdma-set-credentials
-index a60c86e..a286b0e 100755
---- a/test/cdma-set-credentials
-+++ b/test/cdma-set-credentials
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/change-pin b/test/change-pin
-index 301c6ce..000ce53 100755
---- a/test/change-pin
-+++ b/test/change-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/create-internet-context b/test/create-internet-context
-index 1089053..efd0998 100755
---- a/test/create-internet-context
-+++ b/test/create-internet-context
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/create-mms-context b/test/create-mms-context
-index 598336f..e5be08d 100755
---- a/test/create-mms-context
-+++ b/test/create-mms-context
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/create-multiparty b/test/create-multiparty
-index 1b76010..97047c3 100755
---- a/test/create-multiparty
-+++ b/test/create-multiparty
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/deactivate-all b/test/deactivate-all
-index 5aa8587..427009e 100755
---- a/test/deactivate-all
-+++ b/test/deactivate-all
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/deactivate-context b/test/deactivate-context
-index 5c86a71..df47d2e 100755
---- a/test/deactivate-context
-+++ b/test/deactivate-context
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/dial-number b/test/dial-number
-index fe5adad..ee674d9 100755
---- a/test/dial-number
-+++ b/test/dial-number
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/disable-call-forwarding b/test/disable-call-forwarding
-index 811e4fa..3609816 100755
---- a/test/disable-call-forwarding
-+++ b/test/disable-call-forwarding
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- from gi.repository import GLib
-diff --git a/test/disable-gprs b/test/disable-gprs
-index 61ce216..c6c40a5 100755
---- a/test/disable-gprs
-+++ b/test/disable-gprs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/disable-modem b/test/disable-modem
-index 6fba857..ca8c8d8 100755
---- a/test/disable-modem
-+++ b/test/disable-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/display-icon b/test/display-icon
-index ac40818..753d14d 100755
---- a/test/display-icon
-+++ b/test/display-icon
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/enable-cbs b/test/enable-cbs
-index 4a8bf66..c08bf2b 100755
---- a/test/enable-cbs
-+++ b/test/enable-cbs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/enable-gprs b/test/enable-gprs
-index 68d5ef0..8664891 100755
---- a/test/enable-gprs
-+++ b/test/enable-gprs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/enable-modem b/test/enable-modem
-index fc5958a..dfaaaa8 100755
---- a/test/enable-modem
-+++ b/test/enable-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/enter-pin b/test/enter-pin
-index 9556363..c6ee669 100755
---- a/test/enter-pin
-+++ b/test/enter-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/get-icon b/test/get-icon
-index 5569a33..fdaaee7 100755
---- a/test/get-icon
-+++ b/test/get-icon
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/get-operators b/test/get-operators
-index 0f35c80..62354c5 100755
---- a/test/get-operators
-+++ b/test/get-operators
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/get-tech-preference b/test/get-tech-preference
-index 7ba6365..77d20d0 100755
---- a/test/get-tech-preference
-+++ b/test/get-tech-preference
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus, sys
- 
-diff --git a/test/hangup-active b/test/hangup-active
-index 82e0eb0..5af62ab 100755
---- a/test/hangup-active
-+++ b/test/hangup-active
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/hangup-all b/test/hangup-all
-index 3a0138d..32933db 100755
---- a/test/hangup-all
-+++ b/test/hangup-all
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/hangup-call b/test/hangup-call
-index 5a2de20..447020c 100755
---- a/test/hangup-call
-+++ b/test/hangup-call
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/hangup-multiparty b/test/hangup-multiparty
-index 24751c3..48fe342 100755
---- a/test/hangup-multiparty
-+++ b/test/hangup-multiparty
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/hold-and-answer b/test/hold-and-answer
-index da3be57..2c47e27 100755
---- a/test/hold-and-answer
-+++ b/test/hold-and-answer
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/initiate-ussd b/test/initiate-ussd
-index faf50d0..d7022f1 100755
---- a/test/initiate-ussd
-+++ b/test/initiate-ussd
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-@@ -45,7 +45,7 @@ if state == "idle":
- print("State: %s" % (state))
- 
- while state == "user-response":
--	response = input("Enter response: ")
-+	response = raw_input("Enter response: ")
- 
- 	result = ussd.Respond(response, timeout=100)
- 
-diff --git a/test/list-calls b/test/list-calls
-index f3ee991..08668c6 100755
---- a/test/list-calls
-+++ b/test/list-calls
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/list-contexts b/test/list-contexts
-index 78278ca..f0d4094 100755
---- a/test/list-contexts
-+++ b/test/list-contexts
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/list-messages b/test/list-messages
-index 9f5bce3..cfccbea 100755
---- a/test/list-messages
-+++ b/test/list-messages
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/list-modems b/test/list-modems
-index b9f510a..ed66124 100755
---- a/test/list-modems
-+++ b/test/list-modems
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/list-operators b/test/list-operators
-index 064c4e3..349bf41 100755
---- a/test/list-operators
-+++ b/test/list-operators
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/lock-pin b/test/lock-pin
-index 96ea9c2..5579735 100755
---- a/test/lock-pin
-+++ b/test/lock-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/lockdown-modem b/test/lockdown-modem
-index 4e04205..781abb6 100755
---- a/test/lockdown-modem
-+++ b/test/lockdown-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/monitor-ofono b/test/monitor-ofono
-index 8830757..bd31617 100755
---- a/test/monitor-ofono
-+++ b/test/monitor-ofono
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-@@ -6,7 +6,7 @@ import dbus
- import dbus.mainloop.glib
- 
- _dbus2py = {
--	dbus.String : str,
-+	dbus.String : unicode,
- 	dbus.UInt32 : int,
- 	dbus.Int32 : int,
- 	dbus.Int16 : int,
-diff --git a/test/offline-modem b/test/offline-modem
-index e8c043a..ea1f522 100755
---- a/test/offline-modem
-+++ b/test/offline-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus, sys
- 
-diff --git a/test/online-modem b/test/online-modem
-index 029c4a5..310ed7d 100755
---- a/test/online-modem
-+++ b/test/online-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus, sys
- 
-diff --git a/test/private-chat b/test/private-chat
-index e7e5406..ef2ef6c 100755
---- a/test/private-chat
-+++ b/test/private-chat
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/process-context-settings b/test/process-context-settings
-index 8a3ecfa..0f058b2 100755
---- a/test/process-context-settings
-+++ b/test/process-context-settings
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import os
- import dbus
-diff --git a/test/receive-sms b/test/receive-sms
-index a0c6915..c23eb14 100755
---- a/test/receive-sms
-+++ b/test/receive-sms
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/reject-calls b/test/reject-calls
-index 71b243e..9edf1ff 100755
---- a/test/reject-calls
-+++ b/test/reject-calls
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/release-and-answer b/test/release-and-answer
-index dec8e17..25fd818 100755
---- a/test/release-and-answer
-+++ b/test/release-and-answer
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/release-and-swap b/test/release-and-swap
-index cb8c84e..7b3569f 100755
---- a/test/release-and-swap
-+++ b/test/release-and-swap
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/remove-contexts b/test/remove-contexts
-index b54184e..c5082cb 100755
---- a/test/remove-contexts
-+++ b/test/remove-contexts
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- 
-diff --git a/test/reset-pin b/test/reset-pin
-index 3fbd126..b429254 100755
---- a/test/reset-pin
-+++ b/test/reset-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/scan-for-operators b/test/scan-for-operators
-index b4fc05e..749c710 100755
---- a/test/scan-for-operators
-+++ b/test/scan-for-operators
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/send-sms b/test/send-sms
-index 98808aa..e06444d 100755
---- a/test/send-sms
-+++ b/test/send-sms
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/send-ussd b/test/send-ussd
-index a20e098..e585883 100755
---- a/test/send-ussd
-+++ b/test/send-ussd
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-@@ -46,7 +46,7 @@ if state == "idle":
- print("State: %s" % (state))
- 
- while state == "user-response":
--	response = input("Enter response: ")
-+	response = raw_input("Enter response: ")
- 
- 	print(ussd.Respond(response, timeout=100))
- 
-diff --git a/test/send-vcal b/test/send-vcal
-index 566daef..7f8272b 100755
---- a/test/send-vcal
-+++ b/test/send-vcal
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/send-vcard b/test/send-vcard
-index 4dedf51..250b36f 100755
---- a/test/send-vcard
-+++ b/test/send-vcard
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-call-forwarding b/test/set-call-forwarding
-index 49d1ce0..9fd358b 100755
---- a/test/set-call-forwarding
-+++ b/test/set-call-forwarding
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- from gi.repository import GLib
-diff --git a/test/set-cbs-topics b/test/set-cbs-topics
-index db95e16..78d6d44 100755
---- a/test/set-cbs-topics
-+++ b/test/set-cbs-topics
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-context-property b/test/set-context-property
-index 5ff7a67..64a6fb8 100755
---- a/test/set-context-property
-+++ b/test/set-context-property
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-fast-dormancy b/test/set-fast-dormancy
-index ef77bcd..7bf7715 100755
---- a/test/set-fast-dormancy
-+++ b/test/set-fast-dormancy
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-gsm-band b/test/set-gsm-band
-index b37bcb5..3c17c10 100755
---- a/test/set-gsm-band
-+++ b/test/set-gsm-band
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-mic-volume b/test/set-mic-volume
-index cd6c73f..e0bff49 100755
---- a/test/set-mic-volume
-+++ b/test/set-mic-volume
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-mms-details b/test/set-mms-details
-index 6ee59fa..d2d0838 100755
---- a/test/set-mms-details
-+++ b/test/set-mms-details
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-msisdn b/test/set-msisdn
-index b5fe819..01f284d 100755
---- a/test/set-msisdn
-+++ b/test/set-msisdn
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-roaming-allowed b/test/set-roaming-allowed
-index 698c8b6..9e3e058 100755
---- a/test/set-roaming-allowed
-+++ b/test/set-roaming-allowed
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-speaker-volume b/test/set-speaker-volume
-index 6d4e301..7962f39 100755
---- a/test/set-speaker-volume
-+++ b/test/set-speaker-volume
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/set-tech-preference b/test/set-tech-preference
-index b549abc..2666cbd 100755
---- a/test/set-tech-preference
-+++ b/test/set-tech-preference
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-tty b/test/set-tty
-index eed1fba..53d6b99 100755
---- a/test/set-tty
-+++ b/test/set-tty
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-umts-band b/test/set-umts-band
-index 0bae5c4..c1e6448 100755
---- a/test/set-umts-band
-+++ b/test/set-umts-band
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/set-use-sms-reports b/test/set-use-sms-reports
-index 288d4e1..a4efe4f 100755
---- a/test/set-use-sms-reports
-+++ b/test/set-use-sms-reports
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
-diff --git a/test/swap-calls b/test/swap-calls
-index 018a8d3..eeb257b 100755
---- a/test/swap-calls
-+++ b/test/swap-calls
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/test-advice-of-charge b/test/test-advice-of-charge
-index 6e87e61..0f1f57f 100755
---- a/test/test-advice-of-charge
-+++ b/test/test-advice-of-charge
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-diff --git a/test/test-call-barring b/test/test-call-barring
-index eedb69f..be4ab57 100755
---- a/test/test-call-barring
-+++ b/test/test-call-barring
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-diff --git a/test/test-call-forwarding b/test/test-call-forwarding
-index 5db84d7..01a7294 100755
---- a/test/test-call-forwarding
-+++ b/test/test-call-forwarding
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-call-settings b/test/test-call-settings
-index 435594c..5d7ee49 100755
---- a/test/test-call-settings
-+++ b/test/test-call-settings
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-cbs b/test/test-cbs
-index a5cec06..13cdd80 100755
---- a/test/test-cbs
-+++ b/test/test-cbs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import dbus.mainloop.glib
-@@ -78,7 +78,7 @@ def set_topics(cbs):
- 	invalidData = False;
- 	index = 0
- 
--	topics = input('Enter the topic ID(s) you want to register to: ')
-+	topics = raw_input('Enter the topic ID(s) you want to register to: ')
- 
- 	while index < len(topics):
- 		if topics[index] == ',' or topics[index] == '-':
-diff --git a/test/test-gnss b/test/test-gnss
-index 6ae64db..aa0b160 100755
---- a/test/test-gnss
-+++ b/test/test-gnss
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-@@ -40,7 +40,7 @@ def print_menu():
- def stdin_handler(channel, condition, gnss, path):
- 	in_key = os.read(channel.unix_get_fd(), 160).rstrip().decode('UTF-8')
- 	if in_key == '0':
--		xml = input('type the element and press enter: ')
-+		xml = raw_input('type the element and press enter: ')
- 		try:
- 			gnss.SendPositioningElement(dbus.String(xml))
- 			print("ok")
-diff --git a/test/test-message-waiting b/test/test-message-waiting
-index 432862e..b93fbf3 100755
---- a/test/test-message-waiting
-+++ b/test/test-message-waiting
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-diff --git a/test/test-modem b/test/test-modem
-index aa38b1f..29dbf14 100755
---- a/test/test-modem
-+++ b/test/test-modem
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-network-registration b/test/test-network-registration
-index 68b4347..c5ad586 100755
---- a/test/test-network-registration
-+++ b/test/test-network-registration
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- import sys
-diff --git a/test/test-phonebook b/test/test-phonebook
-index 42646d3..116fd4f 100755
---- a/test/test-phonebook
-+++ b/test/test-phonebook
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus, sys
- 
-diff --git a/test/test-push-notification b/test/test-push-notification
-index d972ad3..ecc6afb 100755
---- a/test/test-push-notification
-+++ b/test/test-push-notification
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-smart-messaging b/test/test-smart-messaging
-index f22efd2..188ac1e 100755
---- a/test/test-smart-messaging
-+++ b/test/test-smart-messaging
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-sms b/test/test-sms
-index 30ac651..49935e1 100755
---- a/test/test-sms
-+++ b/test/test-sms
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- # -*- coding: utf-8 -*-
- 
- from gi.repository import GLib
-@@ -132,7 +132,7 @@ def stdin_handler(channel, condition, sms, value, number):
- 		lock = "on"
- 		if in_key == '0':
- 			print_send_sms_menu()
--			sms_type = input('Select SMS type: ')
-+			sms_type = raw_input('Select SMS type: ')
- 
- 			if sms_type == '1':
- 				message_send(sms, number, value)
-@@ -150,49 +150,49 @@ def stdin_handler(channel, condition, sms, value, number):
- 
- 		elif in_key == '1':
- 			message_delivery_report(sms, 1)
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(1)" + value +
- 						": UseDeliveryReports[TRUE]"))
- 
- 		elif in_key == '2':
- 			message_delivery_report(sms, 0)
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(2) " + value +
- 						": UseDeliveryReports[FALSE]"))
- 
- 		elif in_key == '3':
- 			message_service_center_address(sms, SCA)
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(3) " + value +
- 						": ServiceCenterAddress"))
- 
- 		elif in_key == '4':
- 			message_bearer(sms, "ps-only")
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(4) " + value +
- 						": Bearer[ps-only]"))
- 
- 		elif in_key == '5':
- 			message_bearer(sms, "cs-only")
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(5) " + value +
- 						": Bearer[cs-only]"))
- 
- 		elif in_key == '6':
- 			message_bearer(sms, "ps-preferred")
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms, number, ("(6) " + value +
- 						": Bearer[ps-preferred]"))
- 
- 		elif in_key == '7':
- 			message_bearer(sms, "cs-preferred")
--			send_msg = input('Send test message[y/n]?: ')
-+			send_msg = raw_input('Send test message[y/n]?: ')
- 			if send_msg == 'y':
- 				message_send(sms,number, ("(7) " + value +
- 						": Bearer[cs-preferred]"))
-diff --git a/test/test-ss b/test/test-ss
-index 4cd8732..2c80806 100755
---- a/test/test-ss
-+++ b/test/test-ss
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import sys
- import dbus
-diff --git a/test/test-ss-control-cb b/test/test-ss-control-cb
-index ddae6d3..86bac9b 100755
---- a/test/test-ss-control-cb
-+++ b/test/test-ss-control-cb
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-ss-control-cf b/test/test-ss-control-cf
-index 095eb5d..d30bf4f 100755
---- a/test/test-ss-control-cf
-+++ b/test/test-ss-control-cf
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-ss-control-cs b/test/test-ss-control-cs
-index 8180474..e0ed1d1 100755
---- a/test/test-ss-control-cs
-+++ b/test/test-ss-control-cs
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-diff --git a/test/test-stk-menu b/test/test-stk-menu
-index 0cf8fa2..ac0a5bd 100755
---- a/test/test-stk-menu
-+++ b/test/test-stk-menu
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- from gi.repository import GLib
- 
-@@ -58,7 +58,7 @@ class StkAgent(dbus.service.Object):
- 			index += 1
- 
- 		print("\nDefault: %d" % (default))
--		select = input("Enter Selection (t, b):")
-+		select = raw_input("Enter Selection (t, b):")
- 
- 		if select == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -75,7 +75,7 @@ class StkAgent(dbus.service.Object):
- 		print("DisplayText (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
- 		print("Urgent: (%d)" % (urgent))
--		key = input("Press return to clear ('t' terminates, "
-+		key = raw_input("Press return to clear ('t' terminates, "
- 						"'b' goes back, 'n' busy, "
- 						"'w' return and wait):")
- 
-@@ -108,7 +108,7 @@ class StkAgent(dbus.service.Object):
- 		print("Hide typing: (%s)" % (hide_typing))
- 		print("Enter characters, min: %d, max: %d:" % (min_chars,
- 								max_chars))
--		userin = input("")
-+		userin = raw_input("")
- 
- 		return userin
- 
-@@ -122,7 +122,7 @@ class StkAgent(dbus.service.Object):
- 		print("Hide typing: (%s)" % (hide_typing))
- 		print("Enter digits, min: %d, max: %d:" % (min_chars,
- 								max_chars))
--		userin = input("'t' terminates, 'b' goes back:")
-+		userin = raw_input("'t' terminates, 'b' goes back:")
- 
- 		if userin == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -136,7 +136,7 @@ class StkAgent(dbus.service.Object):
- 	def RequestKey(self, title, icon):
- 		print("Title: (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Key (t, b):")
-+		key = raw_input("Enter Key (t, b):")
- 
- 		if key == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -150,7 +150,7 @@ class StkAgent(dbus.service.Object):
- 	def RequestDigit(self, title, icon):
- 		print("Title: (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Digit (t, b):")
-+		key = raw_input("Enter Digit (t, b):")
- 
- 		if key == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -164,7 +164,7 @@ class StkAgent(dbus.service.Object):
- 	def RequestQuickDigit(self, title, icon):
- 		print("Title: (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Quick digit (0-9, *, #, t, b):")
-+		key = raw_input("Quick digit (0-9, *, #, t, b):")
- 
- 		if key == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -178,7 +178,7 @@ class StkAgent(dbus.service.Object):
- 	def RequestConfirmation(self, title, icon):
- 		print("Title: (%s)" % (title))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Confirmation (t, b, y, n):")
-+		key = raw_input("Enter Confirmation (t, b, y, n):")
- 
- 		if key == 'b':
- 			raise GoBack("User wishes to go back")
-@@ -194,7 +194,7 @@ class StkAgent(dbus.service.Object):
- 	def ConfirmCallSetup(self, info, icon):
- 		print("Information: (%s)" % (info))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Confirmation (t, y, n):")
-+		key = raw_input("Enter Confirmation (t, y, n):")
- 
- 		if key == 't':
- 			raise EndSession("User wishes to terminate session")
-@@ -209,7 +209,7 @@ class StkAgent(dbus.service.Object):
- 		print("Information: (%s)" % (info))
- 		print("Icon: (%d)" % (int(icon)))
- 		print("URL (%s)" % (url))
--		key = input("Enter Confirmation (y, n):")
-+		key = raw_input("Enter Confirmation (y, n):")
- 
- 		if key == 'y':
- 			return True
-@@ -232,7 +232,7 @@ class StkAgent(dbus.service.Object):
- 		signal.alarm(5)
- 
- 		try:
--			key = input("Press return to end before end of"
-+			key = raw_input("Press return to end before end of"
- 							 " single tone (t):")
- 			signal.alarm(0)
- 
-@@ -250,7 +250,7 @@ class StkAgent(dbus.service.Object):
- 		print("LoopTone: %s" % (tone))
- 		print("Text: %s" % (text))
- 		print("Icon: %d" % (int(icon)))
--		key = input("Press return to end before timeout "
-+		key = raw_input("Press return to end before timeout "
- 				"('t' terminates, 'w' return and wait):")
- 
- 		if key == 'w':
-@@ -279,7 +279,7 @@ class StkAgent(dbus.service.Object):
- 	def DisplayAction(self, text, icon):
- 		print("Text: (%s)" % (text))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Press 't' to terminate the session ")
-+		key = raw_input("Press 't' to terminate the session ")
- 
- 		if key == 't':
- 			raise EndSession("User wishes to terminate session")
-@@ -289,7 +289,7 @@ class StkAgent(dbus.service.Object):
- 	def ConfirmOpenChannel(self, info, icon):
- 		print("Open channel confirmation: (%s)" % (info))
- 		print("Icon: (%d)" % (int(icon)))
--		key = input("Enter Confirmation (t, y, n):")
-+		key = raw_input("Enter Confirmation (t, y, n):")
- 
- 		if key == 't':
- 			raise EndSession("User wishes to terminate session")
-@@ -299,7 +299,7 @@ class StkAgent(dbus.service.Object):
- 			return False
- 
- _dbus2py = {
--	dbus.String : str,
-+	dbus.String : unicode,
- 	dbus.UInt32 : int,
- 	dbus.Int32 : int,
- 	dbus.Int16 : int,
-@@ -396,7 +396,7 @@ if __name__ == '__main__':
- 		except:
- 			pass
- 
--		select = int(input("Enter Selection: "))
-+		select = int(raw_input("Enter Selection: "))
- 		stk.SelectItem(select, path)
- 	elif mode == 'agent':
- 		path = "/test/agent"
-diff --git a/test/unlock-pin b/test/unlock-pin
-index 61f4765..10b6626 100755
---- a/test/unlock-pin
-+++ b/test/unlock-pin
-@@ -1,4 +1,4 @@
--#!/usr/bin/python3
-+#!/usr/bin/python
- 
- import dbus
- import sys
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/ofono/ofono_1.16.bb b/meta/recipes-connectivity/ofono/ofono_1.16.bb
deleted file mode 100644
index fbf13e52b7..0000000000
--- a/meta/recipes-connectivity/ofono/ofono_1.16.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require ofono.inc
-
-SRC_URI  = "\
-  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-  file://ofono \
-  file://Revert-test-Convert-to-Python-3.patch \
-  file://0001-backtrace-Disable-for-non-glibc-C-libraries.patch \
-"
-SRC_URI[md5sum] = "c31b5b55a1d68354bff771d3edf02829"
-SRC_URI[sha256sum] = "403b98dadece8bc804c0bd16b96d3db5a3bb0f84af64b3d67924da2d1a754b07"
-
-CFLAGS_append_libc-uclibc = " -D_GNU_SOURCE"
diff --git a/meta/recipes-connectivity/ofono/ofono.inc b/meta/recipes-connectivity/ofono/ofono_1.31.bb
index c415a39981..7d0976ad7f 100644
--- a/meta/recipes-connectivity/ofono/ofono.inc
+++ b/meta/recipes-connectivity/ofono/ofono_1.31.bb
@@ -1,27 +1,34 @@
-HOMEPAGE = "http://www.ofono.org"
-SUMMARY  = "open source telephony"
+SUMMARY = "open source telephony"
 DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
-LICENSE  = "GPLv2"
+HOMEPAGE = "http://www.ofono.org"
+BUGTRACKER = "https://01.org/jira/browse/OF"
+LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                     file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
+DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
 
-inherit autotools pkgconfig update-rc.d systemd bluetooth
+SRC_URI = "\
+    ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+    file://ofono \
+    file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
+"
+SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc"
+SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b"
 
-DEPENDS  = "dbus glib-2.0 udev mobile-broadband-provider-info"
+inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
 
 INITSCRIPT_NAME = "ofono"
 INITSCRIPT_PARAMS = "defaults 22"
+SYSTEMD_SERVICE_${PN} = "ofono.service"
 
 PACKAGECONFIG ??= "\
-    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
-    "
+"
 PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir="
-PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}"
-
-EXTRA_OECONF += "--enable-test"
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5"
 
-SYSTEMD_SERVICE_${PN} = "ofono.service"
+EXTRA_OECONF += "--enable-test --enable-external-ell"
 
 do_install_append() {
   install -d ${D}${sysconfdir}/init.d/
@@ -30,8 +37,14 @@ do_install_append() {
 
 PACKAGES =+ "${PN}-tests"
 
+FILES_${PN} += "${systemd_unitdir}"
+FILES_${PN}-tests = "${libdir}/${BPN}/test"
+
 RDEPENDS_${PN} += "dbus"
+RDEPENDS_${PN}-tests = "\
+    python3-core \
+    python3-dbus \
+    ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \
+"
 
-FILES_${PN} += "${base_libdir}/udev ${systemd_unitdir}"
-FILES_${PN}-tests = "${libdir}/${BPN}/test"
-RDEPENDS_${PN}-tests = "python python-pygobject python-dbus"
+RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
diff --git a/meta/recipes-connectivity/ofono/ofono_git.bb b/meta/recipes-connectivity/ofono/ofono_git.bb
deleted file mode 100644
index beafb775c2..0000000000
--- a/meta/recipes-connectivity/ofono/ofono_git.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require ofono.inc
-
-S	 = "${WORKDIR}/git"
-SRCREV = "14544d5996836f628613c2ce544380ee6fc8f514"
-PV	 = "0.12-git${SRCPV}"
-PR = "r5"
-
-SRC_URI  = "git://git.kernel.org/pub/scm/network/ofono/ofono.git \
-	    file://ofono"
-
-do_configure_prepend () {
-  ${S}/bootstrap
-}
-
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
index adc25c668f..b8402a4dee 100644
--- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
+++ b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
@@ -6,64 +6,42 @@ Adjust test cases to work with busybox.
 Signed-off-by: Maxin B. John <maxin.john@enea.com>
 Upstream-Status: Pending
 
-Index: openssh-6.8p1/regress/cipher-speed.sh
+Index: openssh-7.6p1/regress/cipher-speed.sh
 ===================================================================
---- openssh-6.8p1.orig/regress/cipher-speed.sh
-+++ openssh-6.8p1/regress/cipher-speed.sh
+--- openssh-7.6p1.orig/regress/cipher-speed.sh
++++ openssh-7.6p1/regress/cipher-speed.sh
 @@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for
  		printf "%-60s" "$c/$m:"
  		( ${SSH} -o 'compression no' \
- 			-F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
+ 			-F $OBJ/ssh_proxy -m $m -c $c somehost \
 -			exec sh -c \'"dd of=/dev/null obs=32k"\' \
 +			exec sh -c \'"dd of=/dev/null bs=32k"\' \
  		< ${DATA} ) 2>&1 | getbytes
  
  		if [ $? -ne 0 ]; then
-@@ -42,7 +42,7 @@ for c in $ciphers; do
- 		printf "%-60s" "$c:"
- 		( ${SSH} -o 'compression no' \
- 			-F $OBJ/ssh_proxy -1 -c $c somehost \
--			exec sh -c \'"dd of=/dev/null obs=32k"\' \
-+			exec sh -c \'"dd of=/dev/null bs=32k"\' \
- 		< ${DATA} ) 2>&1 | getbytes
- 		if [ $? -ne 0 ]; then
- 			fail "ssh -1 failed with cipher $c"
-Index: openssh-6.8p1/regress/transfer.sh
-===================================================================
---- openssh-6.8p1.orig/regress/transfer.sh
-+++ openssh-6.8p1/regress/transfer.sh
-@@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do
- 	for s in 10 100 1k 32k 64k 128k 256k; do
- 		trace "proto $p dd-size ${s}"
- 		rm -f ${COPY}
--		dd if=$DATA obs=${s} 2> /dev/null | \
-+		dd if=$DATA bs=${s} 2> /dev/null | \
- 			${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
- 		if [ $? -ne 0 ]; then
- 			fail "ssh cat $DATA failed"
-Index: openssh-6.8p1/regress/yes-head.sh
+Index: openssh-7.6p1/regress/transfer.sh
 ===================================================================
---- openssh-6.8p1.orig/regress/yes-head.sh
-+++ openssh-6.8p1/regress/yes-head.sh
-@@ -4,7 +4,7 @@
- tid="yes pipe head"
- 
- for p in ${SSH_PROTOCOLS}; do
--	lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
-+	lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)`
+--- openssh-7.6p1.orig/regress/transfer.sh
++++ openssh-7.6p1/regress/transfer.sh
+@@ -13,7 +13,7 @@ cmp ${DATA} ${COPY}		|| fail "corrupted
+ for s in 10 100 1k 32k 64k 128k 256k; do
+ 	trace "dd-size ${s}"
+ 	rm -f ${COPY}
+-	dd if=$DATA obs=${s} 2> /dev/null | \
++	dd if=$DATA bs=${s} 2> /dev/null | \
+ 		${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
  	if [ $? -ne 0 ]; then
- 		fail "yes|head test failed"
- 		lines = 0;
-Index: openssh-6.8p1/regress/key-options.sh
+ 		fail "ssh cat $DATA failed"
+Index: openssh-7.6p1/regress/key-options.sh
 ===================================================================
---- openssh-6.8p1.orig/regress/key-options.sh
-+++ openssh-6.8p1/regress/key-options.sh
-@@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do
+--- openssh-7.6p1.orig/regress/key-options.sh
++++ openssh-7.6p1/regress/key-options.sh
+@@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
  	fi
  
  	sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
 -	from=`head -1 $authkeys | cut -f1 -d ' '`
 +	from=`head -n 1 $authkeys | cut -f1 -d ' '`
- 	verbose "key option proto $p $from"
- 	r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
+ 	verbose "key option $from"
+ 	r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
  	if [ "$r" = "true" ]; then
diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
new file mode 100644
index 0000000000..20036da931
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -0,0 +1,111 @@
+From 3328e98bcbf2930cd7eea3e6c92ad5dcbdf4794f Mon Sep 17 00:00:00 2001
+From: Yuanjie Huang <yuanjie.huang@windriver.com>
+Date: Wed, 24 Aug 2016 03:15:43 +0000
+Subject: [PATCH] Fix potential signed overflow in pointer arithmatic
+
+Pointer arithmatic results in implementation defined signed integer
+type, so that 's - src' in strlcpy and others may trigger signed overflow.
+In case of compilation by gcc or clang with -ftrapv option, the overflow
+would lead to program abort.
+
+Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
+
+Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+
+Complete the fix
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ openbsd-compat/strlcat.c | 10 +++++++---
+ openbsd-compat/strlcpy.c |  8 ++++++--
+ openbsd-compat/strnlen.c |  8 ++++++--
+ 3 files changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
+index bcc1b61..124e1e3 100644
+--- a/openbsd-compat/strlcat.c
++++ b/openbsd-compat/strlcat.c
+@@ -23,6 +23,7 @@
+ 
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdint.h>
+ 
+ /*
+  * Appends src to string dst of size siz (unlike strncat, siz is the
+@@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz)
+ 	/* Find the end of dst and adjust bytes left but don't go past end */
+ 	while (n-- != 0 && *d != '\0')
+ 		d++;
+-	dlen = d - dst;
++	dlen = (uintptr_t)d - (uintptr_t)dst;
+ 	n = siz - dlen;
+ 
+ 	if (n == 0)
+@@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
+ 		s++;
+ 	}
+ 	*d = '\0';
+-
+-	return(dlen + (s - src));	/* count does not include NUL */
++        /*
++	 * Cast pointers to unsigned type before calculation, to avoid signed
++	 * overflow when the string ends where the MSB has changed.
++	 */
++	return (dlen + ((uintptr_t)s - (uintptr_t)src));	/* count does not include NUL */
+ }
+ 
+ #endif /* !HAVE_STRLCAT */
+diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
+index b4b1b60..b06f374 100644
+--- a/openbsd-compat/strlcpy.c
++++ b/openbsd-compat/strlcpy.c
+@@ -23,6 +23,7 @@
+ 
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdint.h>
+ 
+ /*
+  * Copy src to string dst of size siz.  At most siz-1 characters
+@@ -51,8 +52,11 @@ strlcpy(char *dst, const char *src, size_t siz)
+ 		while (*s++)
+ 			;
+ 	}
+-
+-	return(s - src - 1);	/* count does not include NUL */
++        /*
++	 * Cast pointers to unsigned type before calculation, to avoid signed
++	 * overflow when the string ends where the MSB has changed.
++	 */
++	return ((uintptr_t)s - (uintptr_t)src - 1);	/* count does not include NUL */
+ }
+ 
+ #endif /* !HAVE_STRLCPY */
+diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
+index 7ad3573..7040f1f 100644
+--- a/openbsd-compat/strnlen.c
++++ b/openbsd-compat/strnlen.c
+@@ -23,6 +23,7 @@
+ #include <sys/types.h>
+ 
+ #include <string.h>
++#include <stdint.h>
+ 
+ size_t
+ strnlen(const char *str, size_t maxlen)
+@@ -31,7 +32,10 @@ strnlen(const char *str, size_t maxlen)
+ 
+ 	for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--)
+ 		;
+-
+-	return (size_t)(cp - str);
++        /*
++	 * Cast pointers to unsigned type before calculation, to avoid signed
++	 * overflow when the string ends where the MSB has changed.
++	 */
++	return (size_t)((uintptr_t)cp - (uintptr_t)str);
+ }
+ #endif
+-- 
+2.17.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init
index 70d4a34659..8887e3af13 100644
--- a/meta/recipes-connectivity/openssh/openssh/init
+++ b/meta/recipes-connectivity/openssh/openssh/init
@@ -19,11 +19,6 @@ fi
 [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
 mkdir -p $SYSCONFDIR
 
-HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
-HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
-HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
-
 check_for_no_start() {
     # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
     if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
@@ -41,27 +36,7 @@ check_privsep_dir() {
 }
 
 check_config() {
-	/usr/sbin/sshd -t || exit 1
-}
-
-check_keys() {
-	# create keys if necessary
-	if [ ! -f $HOST_KEY_RSA ]; then
-		echo "  generating ssh RSA key..."
-		ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
-	fi
-	if [ ! -f $HOST_KEY_ECDSA ]; then
-		echo "  generating ssh ECDSA key..."
-		ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
-	fi
-	if [ ! -f $HOST_KEY_DSA ]; then
-		echo "  generating ssh DSA key..."
-		ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
-	fi
-	if [ ! -f $HOST_KEY_ED25519 ]; then
-		echo "  generating ssh ED25519 key..."
-		ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
-	fi
+    /usr/sbin/sshd $SSHD_OPTS -t || exit 1
 }
 
 export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
@@ -70,30 +45,30 @@ case "$1" in
   start)
 	check_for_no_start
 	echo "Starting OpenBSD Secure Shell server: sshd"
-	check_keys
+	@LIBEXECDIR@/sshd_check_keys
 	check_privsep_dir
 	start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
-        echo "done."
+	echo "done."
 	;;
   stop)
-        echo -n "Stopping OpenBSD Secure Shell server: sshd"
+	echo -n "Stopping OpenBSD Secure Shell server: sshd"
 	start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd
-        echo "."
+	echo "."
 	;;
 
   reload|force-reload)
 	check_for_no_start
-	check_keys
+	@LIBEXECDIR@/sshd_check_keys
 	check_config
-        echo -n "Reloading OpenBSD Secure Shell server's configuration"
+	echo -n "Reloading OpenBSD Secure Shell server's configuration"
 	start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd
 	echo "."
 	;;
 
   restart)
-  	check_keys
+	@LIBEXECDIR@/sshd_check_keys
 	check_config
-        echo -n "Restarting OpenBSD Secure Shell server: sshd"
+	echo -n "Restarting OpenBSD Secure Shell server: sshd"
 	start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd
 	check_for_no_start
 	check_privsep_dir
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest
index 3e725cf282..ae03e929b2 100755
--- a/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ b/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -1,7 +1,45 @@
 #!/bin/sh
 
 export TEST_SHELL=sh
+export SKIP_UNIT=1
 
 cd regress
-make -k .OBJDIR=`pwd` .CURDIR=`pwd` tests \
-        | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
+sed -i "/\t\tagent-ptrace /d" Makefile
+make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \
+        | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
+
+SSHAGENT=`which ssh-agent`
+GDB=`which gdb`
+
+if [ -z "${SSHAGENT}" -o -z "${GDB}" ]; then
+       echo "SKIP: agent-ptrace"
+       exit
+fi
+
+useradd openssh-test
+
+eval `su -c "${SSHAGENT} -s" openssh-test` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+	echo "FAIL: could not start ssh-agent: exit code $r"
+else
+	su -c "gdb -p ${SSH_AGENT_PID}" openssh-test > /tmp/gdb.out 2>&1 << EOF
+		quit
+EOF
+	r=$?
+	if [ $r -ne 0 ]; then
+		echo "gdb failed: exit code $r"
+	fi
+	egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null /tmp/gdb.out
+	r=$?
+	rm -f /tmp/gdb.out
+	if [ $r -ne 0 ]; then
+		echo "FAIL: ptrace agent"
+	else
+		echo "PASS: ptrace agent"
+	fi
+
+	${SSHAGENT} -k > /dev/null
+fi
+userdel openssh-test
+
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index 9e919156d3..e0d023803e 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
+#	$OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -31,14 +31,14 @@ Host *
 #   AddressFamily any
 #   ConnectTimeout 0
 #   StrictHostKeyChecking ask
-#   IdentityFile ~/.ssh/identity
 #   IdentityFile ~/.ssh/id_rsa
 #   IdentityFile ~/.ssh/id_dsa
+#   IdentityFile ~/.ssh/id_ecdsa
+#   IdentityFile ~/.ssh/id_ed25519
 #   Port 22
-#   Protocol 2,1
-#   Cipher 3des
-#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
-#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   Protocol 2
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
 #   EscapeChar ~
 #   Tunnel no
 #   TunnelDevice any:any
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 12c39b26b5..8d76d62309 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,5 +1,6 @@
 [Unit]
 Conflicts=sshd.service
+Wants=sshdgenkeys.service
 
 [Socket]
 ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service
index bb2d68e96a..9d9965e624 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd@.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service
@@ -1,11 +1,10 @@
 [Unit]
 Description=OpenSSH Per-Connection Daemon
-Wants=sshdgenkeys.service
 After=sshdgenkeys.service
 
 [Service]
-ExecStart=-@SBINDIR@/sshd -i
-ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
+Environment="SSHD_OPTS="
+EnvironmentFile=-/etc/default/ssh
+ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS
 StandardInput=socket
-StandardError=syslog
 KillMode=process
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
new file mode 100644
index 0000000000..1931dc7153
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -0,0 +1,78 @@
+#! /bin/sh
+
+generate_key() {
+    local FILE=$1
+    local TYPE=$2
+    local DIR="$(dirname "$FILE")"
+
+    mkdir -p "$DIR"
+    ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
+
+    # Atomically rename file public key
+    mv -f "${FILE}.tmp.pub" "${FILE}.pub"
+
+    # This sync does double duty: Ensuring that the data in the temporary
+    # private key file is on disk before the rename, and ensuring that the
+    # public key rename is completed before the private key rename, since we
+    # switch on the existence of the private key to trigger key generation.
+    # This does mean it is possible for the public key to exist, but be garbage
+    # but this is OK because in that case the private key won't exist and the
+    # keys will be regenerated.
+    #
+    # In the event that sync understands arguments that limit what it tries to
+    # fsync(), we provided them. If it does not, it will simply call sync()
+    # which is just as well
+    sync "${FILE}.pub" "$DIR" "${FILE}.tmp"
+
+    mv "${FILE}.tmp" "$FILE"
+
+    # sync to ensure the atomic rename is committed
+    sync "$DIR"
+}
+
+# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
+if test -f /etc/default/ssh; then
+    . /etc/default/ssh
+fi
+
+[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
+mkdir -p $SYSCONFDIR
+
+# parse sshd options
+set -- ${SSHD_OPTS} --
+sshd_config=/etc/ssh/sshd_config
+while true ; do
+    case "$1" in
+    -f*) if [ "$1" = "-f" ] ; then
+            sshd_config="$2"
+            shift
+        else
+            sshd_config="${1#-f}"
+        fi
+        shift
+        ;;
+    --) shift; break;;
+    *) shift;;
+    esac
+done
+
+HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}")
+[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key"
+
+for key in ${HOST_KEYS} ; do
+    [ -f $key ] && continue
+    case $key in
+    *_rsa_key)
+        echo "  generating ssh RSA host key..."
+        generate_key $key rsa
+        ;;
+    *_ecdsa_key)
+        echo "  generating ssh ECDSA host key..."
+        generate_key $key ecdsa
+        ;;
+    *_ed25519_key)
+        echo "  generating ssh ED25519 host key..."
+        generate_key $key ed25519
+        ;;
+    esac
+done
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index d48bd2b98d..15f061b570 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+#	$OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -7,7 +7,7 @@
 
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
-# possible, but leave them commented.  Uncommented options change a
+# possible, but leave them commented.  Uncommented options override the
 # default value.
 
 #Port 22
@@ -15,43 +15,30 @@
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
-# The default requires explicit activation of protocol 1
-Protocol 2
-
-# HostKey for protocol version 1
-#HostKey /etc/ssh/ssh_host_key
-# HostKeys for protocol version 2
 #HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
 
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-#ServerKeyBits 1024
-
 # Ciphers and keying
 #RekeyLimit default none
 
 # Logging
-# obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
 #LogLevel INFO
 
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin prohibit-password
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 
-#RSAAuthentication yes
 #PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
 
 #AuthorizedPrincipalsFile none
 
@@ -59,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys
 #AuthorizedKeysCommandUser nobody
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
 #HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
-# RhostsRSAAuthentication and HostbasedAuthentication
+# HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
@@ -72,7 +57,8 @@ AuthorizedKeysFile .ssh/authorized_keys
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 
-# Change to no to disable s/key passwords
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
 ChallengeResponseAuthentication no
 
 # Kerberos options
@@ -107,12 +93,11 @@ ChallengeResponseAuthentication no
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-UsePrivilegeSeparation sandbox # Default for new installations.
 #PermitUserEnvironment no
 Compression no
 ClientAliveInterval 15
 ClientAliveCountMax 4
-#UseDNS yes
+#UseDNS no
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index d65086fc8a..fd81793d51 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -1,11 +1,9 @@
 [Unit]
 Description=OpenSSH Key Generation
-ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
-ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
-ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
-ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
+RequiresMountsFor=/var /run
 
 [Service]
-ExecStart=@BINDIR@/ssh-keygen -A
+ExecStart=@LIBEXECDIR@/sshd_check_keys
 Type=oneshot
 RemainAfterExit=yes
+Nice=10
diff --git a/meta/recipes-connectivity/openssh/openssh_6.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.3p1.bb
index 3529c86e85..e007328704 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.3p1.bb
@@ -1,16 +1,17 @@
-SUMMARY = "Secure rlogin/rsh/rcp/telnet replacement"
+SUMMARY = "A suite of security-related network utilities based on \
+the SSH protocol including the ssh client and sshd server"
 DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
 Ssh (Secure Shell) is a program for logging into a remote machine \
 and for executing commands on a remote machine."
-HOMEPAGE = "http://openssh.org"
+HOMEPAGE = "http://www.openssh.com/"
 SECTION = "console/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
+LICENSE = "BSD & ISC & MIT"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3"
 
-DEPENDS = "zlib openssl"
+DEPENDS = "zlib openssl virtual/crypt"
 DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
-SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
            file://sshd_config \
            file://ssh_config \
            file://init \
@@ -19,15 +20,16 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://sshd@.service \
            file://sshdgenkeys.service \
            file://volatiles.99_sshd \
+           file://run-ptest \
+           file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
+           file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
-           file://run-ptest"
+           "
+SRC_URI[sha256sum] = "f2befbe0472fe7eb75d23340eb17531cb6b3aac24075e2066b41f814e12387b2"
 
 PAM_SRC_URI = "file://sshd"
 
-SRC_URI[md5sum] = "0b161c44fc31fbc6b76a6f8ae639f16f"
-SRC_URI[sha256sum] = "6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe"
-
-inherit useradd update-rc.d update-alternatives systemd
+inherit manpages useradd update-rc.d update-alternatives systemd
 
 USERADD_PACKAGES = "${PN}-sshd"
 USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
@@ -40,19 +42,30 @@ SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
 
 inherit autotools-brokensep ptest
 
-# LFS support:
-CFLAGS += "-D__FILE_OFFSET_BITS=64"
+PACKAGECONFIG ??= "rng-tools"
+PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
+PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
+PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
+PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
+
+# Add RRECOMMENDS to rng-tools for sshd package
+PACKAGECONFIG[rng-tools] = ""
+
+EXTRA_AUTORECONF += "--exclude=aclocal"
 
 # login path is hardcoded in sshd
 EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
                 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
                 --without-zlib-version-check \
-                --with-privsep-path=/var/run/sshd \
+                --with-privsep-path=${localstatedir}/run/sshd \
                 --sysconfdir=${sysconfdir}/ssh \
-                --with-xauth=/usr/bin/xauth \
+                --with-xauth=${bindir}/xauth \
                 --disable-strip \
                 "
 
+# musl doesn't implement wtmp/utmp
+EXTRA_OECONF_append_libc-musl = " --disable-wtmp"
+
 # Since we do not depend on libbsd, we do not want configure to use it
 # just because it finds libutil.h.  But, specifying --disable-libutil
 # causes compile errors, so...
@@ -64,25 +77,27 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
 # We don't want to depend on libblockfile
 CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
 
-# This is a workaround for uclibc because including stdio.h
-# pulls in pthreads.h and causes conflicts in function prototypes.
-# This results in compilation failure, so unless this is fixed,
-# disable pam for uclibc.
-EXTRA_OECONF_append_libc-uclibc=" --without-pam"
-
 do_configure_prepend () {
 	export LD="${CC}"
 	install -m 0644 ${WORKDIR}/sshd_config ${B}/
 	install -m 0644 ${WORKDIR}/ssh_config ${B}/
-	if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
-		cp aclocal.m4 acinclude.m4
-	fi
+}
+
+do_compile_ptest() {
+        # skip regress/unittests/ binaries: this will silently skip
+        # unittests in run-ptests which is good because they are so slow.
+        oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \
+                   regress/check-perm regress/mkdtemp
 }
 
 do_install_append () {
-	if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
-		install -D -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
-		sed -i -e 's:#UsePAM no:UsePAM yes:' ${WORKDIR}/sshd_config ${D}${sysconfdir}/ssh/sshd_config
+	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
+		install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+		sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
+	fi
+
+	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
+		sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
 	fi
 
 	install -d ${D}${sysconfdir}/init.d
@@ -98,8 +113,8 @@ do_install_append () {
 	install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
 	sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
-	echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+	echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 
 	install -d ${D}${systemd_unitdir}/system
 	install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
@@ -108,11 +123,17 @@ do_install_append () {
 	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
 		-e 's,@SBINDIR@,${sbindir},g' \
 		-e 's,@BINDIR@,${bindir},g' \
+		-e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
 		${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
+
+	sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+		${D}${sysconfdir}/init.d/sshd
+
+	install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
 }
 
 do_install_ptest () {
-	sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libdir}/${PN}/sftp-server|" regress/test-exec.sh
+	sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
 	cp -r regress ${D}${PTEST_PATH}
 }
 
@@ -123,6 +144,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}"
 FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
 FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
 FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
 FILES_${PN}-sftp = "${bindir}/sftp"
 FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
 FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
@@ -130,14 +152,18 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
 
 RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
 RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
+RRECOMMENDS_${PN}-sshd_append_class-target = "\
+    ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
+"
+
+# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
+RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"
 
 RPROVIDES_${PN}-ssh = "ssh"
 RPROVIDES_${PN}-sshd = "sshd"
 
 RCONFLICTS_${PN} = "dropbear"
 RCONFLICTS_${PN}-sshd = "dropbear"
-RCONFLICTS_${PN}-keygen = "ssh-keygen"
 
 CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
 CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
@@ -146,3 +172,4 @@ ALTERNATIVE_PRIORITY = "90"
 ALTERNATIVE_${PN}-scp = "scp"
 ALTERNATIVE_${PN}-ssh = "ssh"
 
+BBCLASSEXTEND += "nativesdk"
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
new file mode 100644
index 0000000000..b9cc24a7ac
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -0,0 +1 @@
+export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
deleted file mode 100644
index 53dcfd9f37..0000000000
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ /dev/null
@@ -1,214 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-
-# "openssl | SSLeay" dual license
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
-
-DEPENDS = "perl-native-runtime"
-DEPENDS_append_class-target = " openssl-native"
-
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
-          "
-S = "${WORKDIR}/openssl-${PV}"
-
-PACKAGECONFIG[perl] = ",,,"
-
-AR_append = " r"
-# Avoid binaries being marked as requiring an executable stack since it 
-# doesn't(which causes and this causes issues with SELinux
-CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
-	-DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack"
-
-# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
-CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
-CFLAG_mtx-2 := "${@'${CFLAG}'.replace('-O2', '')}"
-
-export DIRS = "crypto ssl apps"
-export EX_LIBS = "-lgcc -ldl"
-export AS = "${CC} -c"
-
-inherit pkgconfig siteinfo multilib_header ptest
-
-PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
-FILES_libcrypto = "${base_libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl.so.*"
-FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc ${bindir}/c_rehash"
-RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
-FILES_${PN}-dev += "${base_libdir}/libcrypto${SOLIBSDEV}"
-
-# Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
-# package RRECOMMENDS on this package.  This will enable the configuration
-# file to be installed for both the base openssl package and the libcrypto
-# package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
-
-# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
-# vulnerability
-EXTRA_OECONF = " -no-ssl3"
-
-do_configure_prepend_darwin () {
-	sed -i -e '/version-script=openssl\.ld/d' Configure
-}
-
-do_configure () {
-	cd util
-	perl perlpath.pl ${STAGING_BINDIR_NATIVE}
-	cd ..
-	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
-
-	os=${HOST_OS}
-	case $os in
-	linux-uclibc |\
-	linux-uclibceabi |\
-	linux-gnueabi |\
-	linux-uclibcspe |\
-	linux-gnuspe |\
-	linux-musl*)
-		os=linux
-		;;
-		*)
-		;;
-	esac
-	target="$os-${HOST_ARCH}"
-	case $target in
-	linux-arm)
-		target=linux-armv4
-		;;
-	linux-armeb)
-		target=linux-elf-armeb
-		;;
-	linux-aarch64*)
-		target=linux-generic64
-		;;
-	linux-sh3)
-		target=debian-sh3
-		;;
-	linux-sh4)
-		target=debian-sh4
-		;;
-	linux-i486)
-		target=debian-i386-i486
-		;;
-	linux-i586 | linux-viac3)
-		target=debian-i386-i586
-		;;
-	linux-i686)
-		target=debian-i386-i686/cmov
-		;;
-	linux-gnux32-x86_64)
-		target=linux-x32
-		;;
-	linux-gnu64-x86_64)
-		target=linux-x86_64
-		;;
-	linux-mips)
-		target=debian-mips
-		;;
-	linux-mipsel)
-		target=debian-mipsel
-		;;
-        linux-*-mips64)
-               target=linux-mips
-                ;;
-	linux-microblaze*)
-		target=linux-generic32
-		;;
-	linux-powerpc)
-		target=linux-ppc
-		;;
-	linux-powerpc64)
-		target=linux-ppc64
-		;;
-	linux-supersparc)
-		target=linux-sparcv8
-		;;
-	linux-sparc)
-		target=linux-sparcv8
-		;;
-	darwin-i386)
-		target=darwin-i386-cc
-		;;
-	esac
-	# inject machine-specific flags
-	sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
-        useprefix=${prefix}
-        if [ "x$useprefix" = "x" ]; then
-                useprefix=/
-        fi        
-	perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
-}
-
-do_compile_prepend_class-target () {
-    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
-}
-
-do_compile () {
-	oe_runmake
-}
-
-do_compile_ptest () {
-	oe_runmake buildtest
-}
-
-do_install () {
-	# Create ${D}/${prefix} to fix parallel issues
-	mkdir -p ${D}/${prefix}/
-
-	oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
-
-	oe_libinstall -so libcrypto ${D}${libdir}
-	oe_libinstall -so libssl ${D}${libdir}
-
-	# Moving libcrypto to /lib
-	if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then
-		mkdir -p ${D}/${base_libdir}/
-		mv ${D}${libdir}/libcrypto* ${D}${base_libdir}/
-		sed -i s#libdir=\$\{exec_prefix\}\/lib#libdir=${base_libdir}# ${D}/${libdir}/pkgconfig/libcrypto.pc
-	fi
-
-	install -d ${D}${includedir}
-	cp --dereference -R include/openssl ${D}${includedir}
-
-	oe_multilib_header openssl/opensslconf.h
-	if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
-		install -m 0755 ${S}/tools/c_rehash ${D}${bindir}
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${bindir}/c_rehash
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
-		# The c_rehash utility isn't installed by the normal installation process.
-	else
-		rm -f ${D}${bindir}/c_rehash
-		rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
-	fi
-}
-
-do_install_ptest () {
-	cp -r Makefile test ${D}${PTEST_PATH}
-	cp -r certs ${D}${PTEST_PATH}
-	mkdir -p ${D}${PTEST_PATH}/apps
-	ln -sf /usr/lib/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
-	ln -sf /usr/lib/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
-	ln -sf /usr/bin/openssl         ${D}${PTEST_PATH}/apps
-	cp apps/server2.pem             ${D}${PTEST_PATH}/apps
-	mkdir -p ${D}${PTEST_PATH}/util
-	install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
-	install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
-}
-
-do_install_append_class-native() {
-	create_wrapper ${D}${bindir}/openssl \
-	    OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
-	    SSL_CERT_DIR=${libdir}/ssl/certs \
-	    SSL_CERT_FILE=${libdir}/ssl/cert.pem \
-	    OPENSSL_ENGINES=${libdir}/ssl/engines
-}
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
new file mode 100644
index 0000000000..949c788344
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -0,0 +1,76 @@
+From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
+Date: Tue, 6 Nov 2018 14:50:47 +0100
+Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
+ info
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The openssl build system generates buildinf.h containing the full
+compiler command line used to compile objects. This breaks
+reproducibility, as the compile command is baked into libcrypto, where
+it is used when running `openssl version -f`.
+
+Add stripped build variables for the compiler and cflags lines, and use
+those when generating buildinfo.h.
+
+This is based on a similar patch for older openssl versions:
+https://patchwork.openembedded.org/patch/147229/
+
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Martin Hundebøll <martin@geanix.com>
+
+
+Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ Configurations/unix-Makefile.tmpl | 10 +++++++++-
+ crypto/build.info                 |  2 +-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 16af4d2087..54c162784c 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+                          '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+ BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+ 
+-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
++# *_Q variables are used for one thing only: to build up buildinf.h
+ CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
+               $cppflags2 =~ s|([\\"])|\\$1|g;
+               $lib_cppflags =~ s|([\\"])|\\$1|g;
+               join(' ', $lib_cppflags || (), $cppflags2 || (),
+                         $cppflags1 || ()) -}
+ 
++CFLAGS_Q={- for (@{$config{CFLAGS}}) {
++              s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
++              s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
++            }
++            join(' ', @{$config{CFLAGS}}) -}
++
++CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g;
++        join(' ', $config{CC}) -}
++
+ PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+ 
+ # For x86 assembler: Set PROCESSOR to 386 if you want to support
+diff --git a/crypto/build.info b/crypto/build.info
+index b515b7318e..8c9cee2a09 100644
+--- a/crypto/build.info
++++ b/crypto/build.info
+@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
+         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+ 
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
+ DEPEND[buildinf.h]=../configdata.pm
+ 
+ GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
+-- 
+2.19.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
new file mode 100644
index 0000000000..d8d9651b64
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
@@ -0,0 +1,46 @@
+From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 2 Oct 2018 23:58:24 +0800
+Subject: [PATCH] skip test_symbol_presence
+
+We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared'
+as INSTALL told us the shared libraries will not be built.
+
+[INSTALL snip]
+ Notes on shared libraries
+ -------------------------
+
+ For most systems the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl. On these systems
+ the shared libraries will be created by default. This can be suppressed and
+ only static libraries created by using the "no-shared" option. On systems
+ where OpenSSL does not know how to build shared libraries the "no-shared"
+ option will be forced and only static libraries will be created.
+[INSTALL snip]
+
+Hence directly modification the case to skip it.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ test/recipes/01-test_symbol_presence.t | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index 7f2a2d7..0b93745 100644
+--- a/test/recipes/01-test_symbol_presence.t
++++ b/test/recipes/01-test_symbol_presence.t
+@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils;
+ 
+ setup("test_symbol_presence");
+ 
+-plan skip_all => "Only useful when building shared libraries"
+-    if disabled("shared");
++plan skip_all => "The case needs debug symbols then we just disable it";
+ 
+ my @libnames = ("crypto", "ssl");
+ my $testcount = scalar @libnames;
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
deleted file mode 100644
index 249446a5bd..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
-cross-compiled.
-
-Signed-off-by: Anders Roxell <anders.roxell@enea.com>
-Signed-off-by: Maxin B. John <maxin.john@enea.com>
-Upstream-Status: Pending
----
-Index: openssl-1.0.2/Makefile.org
-===================================================================
---- openssl-1.0.2.orig/Makefile.org
-+++ openssl-1.0.2/Makefile.org
-@@ -451,8 +451,16 @@ rehash.time: certs apps
- test:   tests
- 
- tests: rehash
-+	$(MAKE) buildtest
-+	$(MAKE) runtest
-+
-+buildtest:
-+	@(cd test && \
-+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
-+
-+runtest:
- 	@(cd test && echo "testing..." && \
--	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
- 	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
- 
- report:
-Index: openssl-1.0.2/test/Makefile
-===================================================================
---- openssl-1.0.2.orig/test/Makefile
-+++ openssl-1.0.2/test/Makefile
-@@ -137,7 +137,7 @@ tests:	exe apps $(TESTS)
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
- 
--alltests: \
-+all-tests= \
- 	test_des test_idea test_sha test_md4 test_md5 test_hmac \
- 	test_md2 test_mdc2 test_wp \
- 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
-@@ -148,6 +148,11 @@ alltests: \
- 	test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
- 	test_constant_time
- 
-+alltests:
-+	@(for i in $(all-tests); do \
-+	( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
-+	done)
-+
- test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
- 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
- 
-@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
- 	echo test second x509v3 certificate
- 	sh ./tx509 v3-cert2.pem 2>/dev/null
- 
--test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
-+test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
- 	@sh ./trsa 2>/dev/null
- 	../util/shlib_wrap.sh ./$(RSATEST)
- 
-@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
- 	  sh ./testtsa; \
- 	fi
- 
--test_ige: $(IGETEST)$(EXE_EXT)
-+test_ige:
- 	@echo "Test IGE mode"
- 	../util/shlib_wrap.sh ./$(IGETEST)
- 
--test_jpake: $(JPAKETEST)$(EXE_EXT)
-+test_jpake:
- 	@echo "Test JPAKE"
- 	../util/shlib_wrap.sh ./$(JPAKETEST)
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
new file mode 100644
index 0000000000..b7c0e9697f
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+-        my $minver = 4*10000 + 1*100 + 0;
+-        if ($config{CROSS_COMPILE} eq "") {
+-            my $verstr = `uname -r`;
+-            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+-            ($mi2) = $mi2 =~ /(\d+)/;
+-            my $ver = $ma*10000 + $mi1*100 + $mi2;
+-            if ($ver < $minver) {
+-                disable('too-old-kernel', 'afalgeng');
+-            } else {
+-                push @{$config{engdirs}}, "afalg";
+-            }
+-        } else {
+-            disable('cross-compiling', 'afalgeng');
+-        }
++        push @{$config{engdirs}}, "afalg";
+     } else {
+         disable('not-linux', 'afalgeng');
+     }
diff --git a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
deleted file mode 100644
index 691e74afbd..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Upstream-Status: Inappropriate [embedded specific]
-
-The number of colons are important :)
-
-
----
- Configure |   16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-Index: openssl-1.0.2a/Configure
-===================================================================
---- openssl-1.0.2a.orig/Configure
-+++ openssl-1.0.2a/Configure
-@@ -443,6 +443,23 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- 
-+ 
-+# Linux on ARM
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
-+"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
-+
-+#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Android: linux-* but without pointers to headers and libs.
- "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch b/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
deleted file mode 100644
index c397af2f0e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upsteram Status: Backport
-
-When building on x32 systems where the default type is 32bit, make sure
-we can transparently represent 64bit integers.  Otherwise we end up with
-build errors like:
-/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
-Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
-...
-ghash-x86_64.s: Assembler messages:
-ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
-
-We don't enable this globally as there are some cases where we'd get
-32bit values interpreted as unsigned when we need them as signed.
-
-Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
-URL: https://bugs.gentoo.org/542618
-
-Signed-off-By: Armin Kuster <akuster@mvista.com>
-
-Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
-===================================================================
---- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl
-+++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl
-@@ -194,7 +194,10 @@ my %globals;
-     }
-     sub out {
-     	my $self = shift;
--
-+	# When building on x32 ABIs, the expanded hex value might be too
-+	# big to fit into 32bits. Enable transparent 64bit support here
-+	# so we can safely print it out.
-+	use bigint;
- 	if ($gas) {
- 	    # Solaris /usr/ccs/bin/as can't handle multiplications
- 	    # in $self->{value}
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
deleted file mode 100644
index 68e54d561e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
-From: Ludwig Nussel <ludwig.nussel@suse.de>
-Date: Wed, 21 Apr 2010 15:52:10 +0200
-Subject: [PATCH] also create old hash for compatibility
-
-Upstream-Status: Backport [debian]
-
-diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index b086ff9..b777d79 100644
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
-@@ -8,8 +8,6 @@ my $prefix;
- 
- my $openssl = $ENV{OPENSSL} || "openssl";
- my $pwd;
--my $x509hash = "-subject_hash";
--my $crlhash = "-hash";
- my $verbose = 0;
- my $symlink_exists=eval {symlink("",""); 1};
- my $removelinks = 1;
-@@ -18,10 +16,7 @@ my $removelinks = 1;
- while ( $ARGV[0] =~ /^-/ ) {
-     my $flag = shift @ARGV;
-     last if ( $flag eq '--');
--    if ( $flag eq '-old') {
--	    $x509hash = "-subject_hash_old";
--	    $crlhash = "-hash_old";
--    } elsif ( $flag eq '-h') {
-+    if ( $flag eq '-h') {
- 	    help();
-     } elsif ( $flag eq '-n' ) {
- 	    $removelinks = 0;
-@@ -113,7 +108,9 @@ sub hash_dir {
- 			next;
- 		}
- 		link_hash_cert($fname) if($cert);
-+		link_hash_cert_old($fname) if($cert);
- 		link_hash_crl($fname) if($crl);
-+		link_hash_crl_old($fname) if($crl);
- 	}
- }
- 
-@@ -146,6 +143,7 @@ sub check_file {
- 
- sub link_hash_cert {
- 		my $fname = $_[0];
-+		my $x509hash = $_[1] || '-subject_hash';
- 		$fname =~ s/'/'\\''/g;
- 		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
- 		chomp $hash;
-@@ -176,11 +174,21 @@ sub link_hash_cert {
- 		$hashlist{$hash} = $fprint;
- }
- 
-+sub link_hash_cert_old {
-+		link_hash_cert($_[0], '-subject_hash_old');
-+}
-+
-+sub link_hash_crl_old {
-+		link_hash_crl($_[0], '-hash_old');
-+}
-+
-+
- # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
- 
- sub link_hash_crl {
- 		my $fname = $_[0];
-+		my $crlhash = $_[1] || "-hash";
- 		$fname =~ s/'/'\\''/g;
- 		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
- 		chomp $hash;
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
deleted file mode 100644
index aba4d42983..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-0.9.8m/apps/CA.pl.in
-===================================================================
---- openssl-0.9.8m.orig/apps/CA.pl.in	2006-04-28 00:28:51.000000000 +0000
-+++ openssl-0.9.8m/apps/CA.pl.in	2010-02-27 00:36:51.000000000 +0000
-@@ -65,6 +65,7 @@
- foreach (@ARGV) {
- 	if ( /^(-\?|-h|-help)$/ ) {
- 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- 	    exit 0;
- 	} elsif (/^-newcert$/) {
- 	    # create a certificate
-@@ -165,6 +166,7 @@
- 	} else {
- 	    print STDERR "Unknown arg $_\n";
- 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- 	    exit 1;
- 	}
- }
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
deleted file mode 100644
index 39d4328184..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.2/Configure
-===================================================================
---- openssl-1.0.2.orig/Configure
-+++ openssl-1.0.2/Configure
-@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
- 
- my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
- 
-+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
-+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
-+$debian_cflags =~ s/\n/ /g;
-+
- my $strict_warnings = 0;
- 
- my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -343,6 +347,55 @@ my %table=(
- "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
- "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
- 
-+# Debian GNU/* (various architectures)
-+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32",   "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32el",   "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64",   "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64el",   "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-i386",	"gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-m68k",	"gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-sparc",	"gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
-+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
-+
- ####
- #### Variety of LINUX:-)
- ####
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
deleted file mode 100644
index 4085e3b1d7..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.org
-===================================================================
---- openssl-1.0.0c.orig/Makefile.org	2010-12-12 16:11:27.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org	2010-12-12 16:11:37.000000000 +0100
-@@ -131,7 +131,7 @@
- 
- MAKEFILE= Makefile
- 
--MANDIR=$(OPENSSLDIR)/man
-+MANDIR=/usr/share/man
- MAN1=1
- MAN3=3
- MANSUFFIX=
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
deleted file mode 100644
index 21c1d1a4eb..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.org
-===================================================================
---- openssl-1.0.0c.orig/Makefile.org	2010-12-12 16:11:37.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org	2010-12-12 16:13:28.000000000 +0100
-@@ -160,7 +160,8 @@
- MANDIR=/usr/share/man
- MAN1=1
- MAN3=3
--MANSUFFIX=
-+MANSUFFIX=ssl
-+MANSECTION=SSL
- HTMLSUFFIX=html
- HTMLDIR=$(OPENSSLDIR)/html
- SHELL=/bin/sh
-@@ -651,7 +652,7 @@
- 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- 		(cd `$(PERL) util/dirname.pl $$i`; \
- 		sh -c "$$pod2man \
--			--section=$$sec --center=OpenSSL \
-+			--section=$${sec}$(MANSECTION) --center=OpenSSL \
- 			--release=$(VERSION) `basename $$i`") \
- 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- 		$(PERL) util/extract-names.pl < $$i | \
-@@ -668,7 +669,7 @@
- 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- 		(cd `$(PERL) util/dirname.pl $$i`; \
- 		sh -c "$$pod2man \
--			--section=$$sec --center=OpenSSL \
-+			--section=$${sec}$(MANSECTION) --center=OpenSSL \
- 			--release=$(VERSION) `basename $$i`") \
- 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- 		$(PERL) util/extract-names.pl < $$i | \
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
deleted file mode 100644
index 1ccb3b86ee..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.shared
-===================================================================
---- openssl-1.0.0c.orig/Makefile.shared	2010-08-21 13:36:49.000000000 +0200
-+++ openssl-1.0.0c/Makefile.shared	2010-12-12 16:13:36.000000000 +0100
-@@ -153,7 +153,7 @@
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
- #This is rather special.  It's a special target with which one can link
- #applications without bothering with any features that have anything to
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
deleted file mode 100644
index cc4408ab7d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.shared
-===================================================================
---- openssl-1.0.0c.orig/Makefile.shared	2010-12-12 16:13:36.000000000 +0100
-+++ openssl-1.0.0c/Makefile.shared	2010-12-12 16:13:44.000000000 +0100
-@@ -151,7 +151,7 @@
- 	SHLIB_SUFFIX=; \
- 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
--	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
- DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
deleted file mode 100644
index bfda3888bf..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl	2001-10-24 23:20:56.000000000 +0200
-+++ openssl-1.0.1c/crypto/des/asm/desboth.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -16,6 +16,11 @@
- 
- 	&push("edi");
- 
-+	&call   (&label("pic_point0"));
-+	&set_label("pic_point0");
-+	&blindpop("ebp");
-+	&add    ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+
- 	&comment("");
- 	&comment("Load the data words");
- 	&mov($L,&DWP(0,"ebx","",0));
-@@ -47,15 +52,21 @@
- 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
- 	&mov(&swtmp(1),	"eax");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
- 	&mov(&swtmp(1),	"edi");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
- 	&mov(&swtmp(1),	"esi");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 
- 	&stack_pop(3);
- 	&mov($L,&DWP(0,"ebx","",0));
-Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl	2011-07-13 08:22:46.000000000 +0200
-+++ openssl-1.0.1c/crypto/perlasm/cbc.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -122,7 +122,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($enc_func);
-+	&call	(&label("pic_point0"));
-+	&set_label("pic_point0");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+	&call("$enc_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));
-@@ -185,7 +189,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($enc_func);
-+	&call	(&label("pic_point1"));
-+	&set_label("pic_point1");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
-+	&call("$enc_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));
-@@ -218,7 +226,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($dec_func);
-+	&call	(&label("pic_point2"));
-+	&set_label("pic_point2");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
-+	&call("$dec_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
-@@ -261,7 +273,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($dec_func);
-+	&call	(&label("pic_point3"));
-+	&set_label("pic_point3");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
-+	&call("$dec_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
-Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl	2011-12-09 20:16:35.000000000 +0100
-+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -161,6 +161,7 @@
- 	if ($::macosx)	{ push (@out,"$tmp,2\n"); }
- 	elsif ($::elf)	{ push (@out,"$tmp,4\n"); }
- 	else		{ push (@out,"$tmp\n"); }
-+	if ($::elf)	{ push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
-     }
-     push(@out,$initseg) if ($initseg);
- }
-@@ -218,8 +219,23 @@
-     elsif ($::elf)
-     {	$initseg.=<<___;
- .section	.init
-+___
-+        if ($::pic)
-+	{   $initseg.=<<___;
-+	pushl	%ebx
-+	call	.pic_point0
-+.pic_point0:
-+	popl	%ebx
-+	addl	\$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
-+	call	$f\@PLT
-+	popl	%ebx
-+___
-+	}
-+	else
-+	{   $initseg.=<<___;
- 	call	$f
- ___
-+	}
-     }
-     elsif ($::coff)
-     {   $initseg.=<<___;	# applies to both Cygwin and Mingw
-Index: openssl-1.0.1c/crypto/x86cpuid.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/x86cpuid.pl	2012-02-28 15:20:34.000000000 +0100
-+++ openssl-1.0.1c/crypto/x86cpuid.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -8,6 +8,8 @@
- 
- for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- 
-+push(@out, ".hidden OPENSSL_ia32cap_P\n");
-+
- &function_begin("OPENSSL_ia32_cpuid");
- 	&xor	("edx","edx");
- 	&pushf	();
-@@ -139,9 +141,7 @@
- &set_label("nocpuid");
- &function_end("OPENSSL_ia32_cpuid");
- 
--&external_label("OPENSSL_ia32cap_P");
--
--&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_rdtsc");
- 	&xor	("eax","eax");
- 	&xor	("edx","edx");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -155,7 +155,7 @@
- # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
- # but it's safe to call it on any [supported] 32-bit platform...
- # Just check for [non-]zero return value...
--&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_instrument_halt");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
- 	&bt	(&DWP(0,"ecx"),4);
- 	&jnc	(&label("nohalt"));	# no TSC
-@@ -222,7 +222,7 @@
- 	&ret	();
- &function_end_B("OPENSSL_far_spin");
- 
--&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_wipe_cpu");
- 	&xor	("eax","eax");
- 	&xor	("edx","edx");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
deleted file mode 100644
index a24918000a..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
+++ /dev/null
@@ -1,4663 +0,0 @@
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
-===================================================================
---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure	2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure	2014-02-24 21:02:30.000000000 +0100
-@@ -1651,6 +1651,8 @@
- 		}
- 	}
- 
-+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
-+
- open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
- unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
- open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4615 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		BIO_f_ssl;
-+		BIO_new_buffer_ssl_connect;
-+		BIO_new_ssl;
-+		BIO_new_ssl_connect;
-+		BIO_proxy_ssl_copy_session_id;
-+		BIO_ssl_copy_session_id;
-+		BIO_ssl_shutdown;
-+		d2i_SSL_SESSION;
-+		DTLSv1_client_method;
-+		DTLSv1_method;
-+		DTLSv1_server_method;
-+		ERR_load_SSL_strings;
-+		i2d_SSL_SESSION;
-+		kssl_build_principal_2;
-+		kssl_cget_tkt;
-+		kssl_check_authent;
-+		kssl_ctx_free;
-+		kssl_ctx_new;
-+		kssl_ctx_setkey;
-+		kssl_ctx_setprinc;
-+		kssl_ctx_setstring;
-+		kssl_ctx_show;
-+		kssl_err_set;
-+		kssl_krb5_free_data_contents;
-+		kssl_sget_tkt;
-+		kssl_skip_confound;
-+		kssl_validate_times;
-+		PEM_read_bio_SSL_SESSION;
-+		PEM_read_SSL_SESSION;
-+		PEM_write_bio_SSL_SESSION;
-+		PEM_write_SSL_SESSION;
-+		SSL_accept;
-+		SSL_add_client_CA;
-+		SSL_add_dir_cert_subjects_to_stack;
-+		SSL_add_dir_cert_subjs_to_stk;
-+		SSL_add_file_cert_subjects_to_stack;
-+		SSL_add_file_cert_subjs_to_stk;
-+		SSL_alert_desc_string;
-+		SSL_alert_desc_string_long;
-+		SSL_alert_type_string;
-+		SSL_alert_type_string_long;
-+		SSL_callback_ctrl;
-+		SSL_check_private_key;
-+		SSL_CIPHER_description;
-+		SSL_CIPHER_get_bits;
-+		SSL_CIPHER_get_name;
-+		SSL_CIPHER_get_version;
-+		SSL_clear;
-+		SSL_COMP_add_compression_method;
-+		SSL_COMP_get_compression_methods;
-+		SSL_COMP_get_compress_methods;
-+		SSL_COMP_get_name;
-+		SSL_connect;
-+		SSL_copy_session_id;
-+		SSL_ctrl;
-+		SSL_CTX_add_client_CA;
-+		SSL_CTX_add_session;
-+		SSL_CTX_callback_ctrl;
-+		SSL_CTX_check_private_key;
-+		SSL_CTX_ctrl;
-+		SSL_CTX_flush_sessions;
-+		SSL_CTX_free;
-+		SSL_CTX_get_cert_store;
-+		SSL_CTX_get_client_CA_list;
-+		SSL_CTX_get_client_cert_cb;
-+		SSL_CTX_get_ex_data;
-+		SSL_CTX_get_ex_new_index;
-+		SSL_CTX_get_info_callback;
-+		SSL_CTX_get_quiet_shutdown;
-+		SSL_CTX_get_timeout;
-+		SSL_CTX_get_verify_callback;
-+		SSL_CTX_get_verify_depth;
-+		SSL_CTX_get_verify_mode;
-+		SSL_CTX_load_verify_locations;
-+		SSL_CTX_new;
-+		SSL_CTX_remove_session;
-+		SSL_CTX_sess_get_get_cb;
-+		SSL_CTX_sess_get_new_cb;
-+		SSL_CTX_sess_get_remove_cb;
-+		SSL_CTX_sessions;
-+		SSL_CTX_sess_set_get_cb;
-+		SSL_CTX_sess_set_new_cb;
-+		SSL_CTX_sess_set_remove_cb;
-+		SSL_CTX_set1_param;
-+		SSL_CTX_set_cert_store;
-+		SSL_CTX_set_cert_verify_callback;
-+		SSL_CTX_set_cert_verify_cb;
-+		SSL_CTX_set_cipher_list;
-+		SSL_CTX_set_client_CA_list;
-+		SSL_CTX_set_client_cert_cb;
-+		SSL_CTX_set_client_cert_engine;
-+		SSL_CTX_set_cookie_generate_cb;
-+		SSL_CTX_set_cookie_verify_cb;
-+		SSL_CTX_set_default_passwd_cb;
-+		SSL_CTX_set_default_passwd_cb_userdata;
-+		SSL_CTX_set_default_verify_paths;
-+		SSL_CTX_set_def_passwd_cb_ud;
-+		SSL_CTX_set_def_verify_paths;
-+		SSL_CTX_set_ex_data;
-+		SSL_CTX_set_generate_session_id;
-+		SSL_CTX_set_info_callback;
-+		SSL_CTX_set_msg_callback;
-+		SSL_CTX_set_psk_client_callback;
-+		SSL_CTX_set_psk_server_callback;
-+		SSL_CTX_set_purpose;
-+		SSL_CTX_set_quiet_shutdown;
-+		SSL_CTX_set_session_id_context;
-+		SSL_CTX_set_ssl_version;
-+		SSL_CTX_set_timeout;
-+		SSL_CTX_set_tmp_dh_callback;
-+		SSL_CTX_set_tmp_ecdh_callback;
-+		SSL_CTX_set_tmp_rsa_callback;
-+		SSL_CTX_set_trust;
-+		SSL_CTX_set_verify;
-+		SSL_CTX_set_verify_depth;
-+		SSL_CTX_use_cert_chain_file;
-+		SSL_CTX_use_certificate;
-+		SSL_CTX_use_certificate_ASN1;
-+		SSL_CTX_use_certificate_chain_file;
-+		SSL_CTX_use_certificate_file;
-+		SSL_CTX_use_PrivateKey;
-+		SSL_CTX_use_PrivateKey_ASN1;
-+		SSL_CTX_use_PrivateKey_file;
-+		SSL_CTX_use_psk_identity_hint;
-+		SSL_CTX_use_RSAPrivateKey;
-+		SSL_CTX_use_RSAPrivateKey_ASN1;
-+		SSL_CTX_use_RSAPrivateKey_file;
-+		SSL_do_handshake;
-+		SSL_dup;
-+		SSL_dup_CA_list;
-+		SSLeay_add_ssl_algorithms;
-+		SSL_free;
-+		SSL_get1_session;
-+		SSL_get_certificate;
-+		SSL_get_cipher_list;
-+		SSL_get_ciphers;
-+		SSL_get_client_CA_list;
-+		SSL_get_current_cipher;
-+		SSL_get_current_compression;
-+		SSL_get_current_expansion;
-+		SSL_get_default_timeout;
-+		SSL_get_error;
-+		SSL_get_ex_data;
-+		SSL_get_ex_data_X509_STORE_CTX_idx;
-+		SSL_get_ex_d_X509_STORE_CTX_idx;
-+		SSL_get_ex_new_index;
-+		SSL_get_fd;
-+		SSL_get_finished;
-+		SSL_get_info_callback;
-+		SSL_get_peer_cert_chain;
-+		SSL_get_peer_certificate;
-+		SSL_get_peer_finished;
-+		SSL_get_privatekey;
-+		SSL_get_psk_identity;
-+		SSL_get_psk_identity_hint;
-+		SSL_get_quiet_shutdown;
-+		SSL_get_rbio;
-+		SSL_get_read_ahead;
-+		SSL_get_rfd;
-+		SSL_get_servername;
-+		SSL_get_servername_type;
-+		SSL_get_session;
-+		SSL_get_shared_ciphers;
-+		SSL_get_shutdown;
-+		SSL_get_SSL_CTX;
-+		SSL_get_ssl_method;
-+		SSL_get_verify_callback;
-+		SSL_get_verify_depth;
-+		SSL_get_verify_mode;
-+		SSL_get_verify_result;
-+		SSL_get_version;
-+		SSL_get_wbio;
-+		SSL_get_wfd;
-+		SSL_has_matching_session_id;
-+		SSL_library_init;
-+		SSL_load_client_CA_file;
-+		SSL_load_error_strings;
-+		SSL_new;
-+		SSL_peek;
-+		SSL_pending;
-+		SSL_read;
-+		SSL_renegotiate;
-+		SSL_renegotiate_pending;
-+		SSL_rstate_string;
-+		SSL_rstate_string_long;
-+		SSL_SESSION_cmp;
-+		SSL_SESSION_free;
-+		SSL_SESSION_get_ex_data;
-+		SSL_SESSION_get_ex_new_index;
-+		SSL_SESSION_get_id;
-+		SSL_SESSION_get_time;
-+		SSL_SESSION_get_timeout;
-+		SSL_SESSION_hash;
-+		SSL_SESSION_new;
-+		SSL_SESSION_print;
-+		SSL_SESSION_print_fp;
-+		SSL_SESSION_set_ex_data;
-+		SSL_SESSION_set_time;
-+		SSL_SESSION_set_timeout;
-+		SSL_set1_param;
-+		SSL_set_accept_state;
-+		SSL_set_bio;
-+		SSL_set_cipher_list;
-+		SSL_set_client_CA_list;
-+		SSL_set_connect_state;
-+		SSL_set_ex_data;
-+		SSL_set_fd;
-+		SSL_set_generate_session_id;
-+		SSL_set_info_callback;
-+		SSL_set_msg_callback;
-+		SSL_set_psk_client_callback;
-+		SSL_set_psk_server_callback;
-+		SSL_set_purpose;
-+		SSL_set_quiet_shutdown;
-+		SSL_set_read_ahead;
-+		SSL_set_rfd;
-+		SSL_set_session;
-+		SSL_set_session_id_context;
-+		SSL_set_session_secret_cb;
-+		SSL_set_session_ticket_ext;
-+		SSL_set_session_ticket_ext_cb;
-+		SSL_set_shutdown;
-+		SSL_set_SSL_CTX;
-+		SSL_set_ssl_method;
-+		SSL_set_tmp_dh_callback;
-+		SSL_set_tmp_ecdh_callback;
-+		SSL_set_tmp_rsa_callback;
-+		SSL_set_trust;
-+		SSL_set_verify;
-+		SSL_set_verify_depth;
-+		SSL_set_verify_result;
-+		SSL_set_wfd;
-+		SSL_shutdown;
-+		SSL_state;
-+		SSL_state_string;
-+		SSL_state_string_long;
-+		SSL_use_certificate;
-+		SSL_use_certificate_ASN1;
-+		SSL_use_certificate_file;
-+		SSL_use_PrivateKey;
-+		SSL_use_PrivateKey_ASN1;
-+		SSL_use_PrivateKey_file;
-+		SSL_use_psk_identity_hint;
-+		SSL_use_RSAPrivateKey;
-+		SSL_use_RSAPrivateKey_ASN1;
-+		SSL_use_RSAPrivateKey_file;
-+		SSLv23_client_method;
-+		SSLv23_method;
-+		SSLv23_server_method;
-+		SSLv2_client_method;
-+		SSLv2_method;
-+		SSLv2_server_method;
-+		SSLv3_client_method;
-+		SSLv3_method;
-+		SSLv3_server_method;
-+		SSL_version;
-+		SSL_want;
-+		SSL_write;
-+		TLSv1_client_method;
-+		TLSv1_method;
-+		TLSv1_server_method;
-+
-+
-+		SSLeay;
-+		SSLeay_version;
-+		ASN1_BIT_STRING_asn1_meth;
-+		ASN1_HEADER_free;
-+		ASN1_HEADER_new;
-+		ASN1_IA5STRING_asn1_meth;
-+		ASN1_INTEGER_get;
-+		ASN1_INTEGER_set;
-+		ASN1_INTEGER_to_BN;
-+		ASN1_OBJECT_create;
-+		ASN1_OBJECT_free;
-+		ASN1_OBJECT_new;
-+		ASN1_PRINTABLE_type;
-+		ASN1_STRING_cmp;
-+		ASN1_STRING_dup;
-+		ASN1_STRING_free;
-+		ASN1_STRING_new;
-+		ASN1_STRING_print;
-+		ASN1_STRING_set;
-+		ASN1_STRING_type_new;
-+		ASN1_TYPE_free;
-+		ASN1_TYPE_new;
-+		ASN1_UNIVERSALSTRING_to_string;
-+		ASN1_UTCTIME_check;
-+		ASN1_UTCTIME_print;
-+		ASN1_UTCTIME_set;
-+		ASN1_check_infinite_end;
-+		ASN1_d2i_bio;
-+		ASN1_d2i_fp;
-+		ASN1_digest;
-+		ASN1_dup;
-+		ASN1_get_object;
-+		ASN1_i2d_bio;
-+		ASN1_i2d_fp;
-+		ASN1_object_size;
-+		ASN1_parse;
-+		ASN1_put_object;
-+		ASN1_sign;
-+		ASN1_verify;
-+		BF_cbc_encrypt;
-+		BF_cfb64_encrypt;
-+		BF_ecb_encrypt;
-+		BF_encrypt;
-+		BF_ofb64_encrypt;
-+		BF_options;
-+		BF_set_key;
-+		BIO_CONNECT_free;
-+		BIO_CONNECT_new;
-+		BIO_accept;
-+		BIO_ctrl;
-+		BIO_int_ctrl;
-+		BIO_debug_callback;
-+		BIO_dump;
-+		BIO_dup_chain;
-+		BIO_f_base64;
-+		BIO_f_buffer;
-+		BIO_f_cipher;
-+		BIO_f_md;
-+		BIO_f_null;
-+		BIO_f_proxy_server;
-+		BIO_fd_non_fatal_error;
-+		BIO_fd_should_retry;
-+		BIO_find_type;
-+		BIO_free;
-+		BIO_free_all;
-+		BIO_get_accept_socket;
-+		BIO_get_filter_bio;
-+		BIO_get_host_ip;
-+		BIO_get_port;
-+		BIO_get_retry_BIO;
-+		BIO_get_retry_reason;
-+		BIO_gethostbyname;
-+		BIO_gets;
-+		BIO_new;
-+		BIO_new_accept;
-+		BIO_new_connect;
-+		BIO_new_fd;
-+		BIO_new_file;
-+		BIO_new_fp;
-+		BIO_new_socket;
-+		BIO_pop;
-+		BIO_printf;
-+		BIO_push;
-+		BIO_puts;
-+		BIO_read;
-+		BIO_s_accept;
-+		BIO_s_connect;
-+		BIO_s_fd;
-+		BIO_s_file;
-+		BIO_s_mem;
-+		BIO_s_null;
-+		BIO_s_proxy_client;
-+		BIO_s_socket;
-+		BIO_set;
-+		BIO_set_cipher;
-+		BIO_set_tcp_ndelay;
-+		BIO_sock_cleanup;
-+		BIO_sock_error;
-+		BIO_sock_init;
-+		BIO_sock_non_fatal_error;
-+		BIO_sock_should_retry;
-+		BIO_socket_ioctl;
-+		BIO_write;
-+		BN_CTX_free;
-+		BN_CTX_new;
-+		BN_MONT_CTX_free;
-+		BN_MONT_CTX_new;
-+		BN_MONT_CTX_set;
-+		BN_add;
-+		BN_add_word;
-+		BN_hex2bn;
-+		BN_bin2bn;
-+		BN_bn2hex;
-+		BN_bn2bin;
-+		BN_clear;
-+		BN_clear_bit;
-+		BN_clear_free;
-+		BN_cmp;
-+		BN_copy;
-+		BN_div;
-+		BN_div_word;
-+		BN_dup;
-+		BN_free;
-+		BN_from_montgomery;
-+		BN_gcd;
-+		BN_generate_prime;
-+		BN_get_word;
-+		BN_is_bit_set;
-+		BN_is_prime;
-+		BN_lshift;
-+		BN_lshift1;
-+		BN_mask_bits;
-+		BN_mod;
-+		BN_mod_exp;
-+		BN_mod_exp_mont;
-+		BN_mod_exp_simple;
-+		BN_mod_inverse;
-+		BN_mod_mul;
-+		BN_mod_mul_montgomery;
-+		BN_mod_word;
-+		BN_mul;
-+		BN_new;
-+		BN_num_bits;
-+		BN_num_bits_word;
-+		BN_options;
-+		BN_print;
-+		BN_print_fp;
-+		BN_rand;
-+		BN_reciprocal;
-+		BN_rshift;
-+		BN_rshift1;
-+		BN_set_bit;
-+		BN_set_word;
-+		BN_sqr;
-+		BN_sub;
-+		BN_to_ASN1_INTEGER;
-+		BN_ucmp;
-+		BN_value_one;
-+		BUF_MEM_free;
-+		BUF_MEM_grow;
-+		BUF_MEM_new;
-+		BUF_strdup;
-+		CONF_free;
-+		CONF_get_number;
-+		CONF_get_section;
-+		CONF_get_string;
-+		CONF_load;
-+		CRYPTO_add_lock;
-+		CRYPTO_dbg_free;
-+		CRYPTO_dbg_malloc;
-+		CRYPTO_dbg_realloc;
-+		CRYPTO_dbg_remalloc;
-+		CRYPTO_free;
-+		CRYPTO_get_add_lock_callback;
-+		CRYPTO_get_id_callback;
-+		CRYPTO_get_lock_name;
-+		CRYPTO_get_locking_callback;
-+		CRYPTO_get_mem_functions;
-+		CRYPTO_lock;
-+		CRYPTO_malloc;
-+		CRYPTO_mem_ctrl;
-+		CRYPTO_mem_leaks;
-+		CRYPTO_mem_leaks_cb;
-+		CRYPTO_mem_leaks_fp;
-+		CRYPTO_realloc;
-+		CRYPTO_remalloc;
-+		CRYPTO_set_add_lock_callback;
-+		CRYPTO_set_id_callback;
-+		CRYPTO_set_locking_callback;
-+		CRYPTO_set_mem_functions;
-+		CRYPTO_thread_id;
-+		DH_check;
-+		DH_compute_key;
-+		DH_free;
-+		DH_generate_key;
-+		DH_generate_parameters;
-+		DH_new;
-+		DH_size;
-+		DHparams_print;
-+		DHparams_print_fp;
-+		DSA_free;
-+		DSA_generate_key;
-+		DSA_generate_parameters;
-+		DSA_is_prime;
-+		DSA_new;
-+		DSA_print;
-+		DSA_print_fp;
-+		DSA_sign;
-+		DSA_sign_setup;
-+		DSA_size;
-+		DSA_verify;
-+		DSAparams_print;
-+		DSAparams_print_fp;
-+		ERR_clear_error;
-+		ERR_error_string;
-+		ERR_free_strings;
-+		ERR_func_error_string;
-+		ERR_get_err_state_table;
-+		ERR_get_error;
-+		ERR_get_error_line;
-+		ERR_get_state;
-+		ERR_get_string_table;
-+		ERR_lib_error_string;
-+		ERR_load_ASN1_strings;
-+		ERR_load_BIO_strings;
-+		ERR_load_BN_strings;
-+		ERR_load_BUF_strings;
-+		ERR_load_CONF_strings;
-+		ERR_load_DH_strings;
-+		ERR_load_DSA_strings;
-+		ERR_load_ERR_strings;
-+		ERR_load_EVP_strings;
-+		ERR_load_OBJ_strings;
-+		ERR_load_PEM_strings;
-+		ERR_load_PROXY_strings;
-+		ERR_load_RSA_strings;
-+		ERR_load_X509_strings;
-+		ERR_load_crypto_strings;
-+		ERR_load_strings;
-+		ERR_peek_error;
-+		ERR_peek_error_line;
-+		ERR_print_errors;
-+		ERR_print_errors_fp;
-+		ERR_put_error;
-+		ERR_reason_error_string;
-+		ERR_remove_state;
-+		EVP_BytesToKey;
-+		EVP_CIPHER_CTX_cleanup;
-+		EVP_CipherFinal;
-+		EVP_CipherInit;
-+		EVP_CipherUpdate;
-+		EVP_DecodeBlock;
-+		EVP_DecodeFinal;
-+		EVP_DecodeInit;
-+		EVP_DecodeUpdate;
-+		EVP_DecryptFinal;
-+		EVP_DecryptInit;
-+		EVP_DecryptUpdate;
-+		EVP_DigestFinal;
-+		EVP_DigestInit;
-+		EVP_DigestUpdate;
-+		EVP_EncodeBlock;
-+		EVP_EncodeFinal;
-+		EVP_EncodeInit;
-+		EVP_EncodeUpdate;
-+		EVP_EncryptFinal;
-+		EVP_EncryptInit;
-+		EVP_EncryptUpdate;
-+		EVP_OpenFinal;
-+		EVP_OpenInit;
-+		EVP_PKEY_assign;
-+		EVP_PKEY_copy_parameters;
-+		EVP_PKEY_free;
-+		EVP_PKEY_missing_parameters;
-+		EVP_PKEY_new;
-+		EVP_PKEY_save_parameters;
-+		EVP_PKEY_size;
-+		EVP_PKEY_type;
-+		EVP_SealFinal;
-+		EVP_SealInit;
-+		EVP_SignFinal;
-+		EVP_VerifyFinal;
-+		EVP_add_alias;
-+		EVP_add_cipher;
-+		EVP_add_digest;
-+		EVP_bf_cbc;
-+		EVP_bf_cfb64;
-+		EVP_bf_ecb;
-+		EVP_bf_ofb;
-+		EVP_cleanup;
-+		EVP_des_cbc;
-+		EVP_des_cfb64;
-+		EVP_des_ecb;
-+		EVP_des_ede;
-+		EVP_des_ede3;
-+		EVP_des_ede3_cbc;
-+		EVP_des_ede3_cfb64;
-+		EVP_des_ede3_ofb;
-+		EVP_des_ede_cbc;
-+		EVP_des_ede_cfb64;
-+		EVP_des_ede_ofb;
-+		EVP_des_ofb;
-+		EVP_desx_cbc;
-+		EVP_dss;
-+		EVP_dss1;
-+		EVP_enc_null;
-+		EVP_get_cipherbyname;
-+		EVP_get_digestbyname;
-+		EVP_get_pw_prompt;
-+		EVP_idea_cbc;
-+		EVP_idea_cfb64;
-+		EVP_idea_ecb;
-+		EVP_idea_ofb;
-+		EVP_md2;
-+		EVP_md5;
-+		EVP_md_null;
-+		EVP_rc2_cbc;
-+		EVP_rc2_cfb64;
-+		EVP_rc2_ecb;
-+		EVP_rc2_ofb;
-+		EVP_rc4;
-+		EVP_read_pw_string;
-+		EVP_set_pw_prompt;
-+		EVP_sha;
-+		EVP_sha1;
-+		MD2;
-+		MD2_Final;
-+		MD2_Init;
-+		MD2_Update;
-+		MD2_options;
-+		MD5;
-+		MD5_Final;
-+		MD5_Init;
-+		MD5_Update;
-+		MDC2;
-+		MDC2_Final;
-+		MDC2_Init;
-+		MDC2_Update;
-+		NETSCAPE_SPKAC_free;
-+		NETSCAPE_SPKAC_new;
-+		NETSCAPE_SPKI_free;
-+		NETSCAPE_SPKI_new;
-+		NETSCAPE_SPKI_sign;
-+		NETSCAPE_SPKI_verify;
-+		OBJ_add_object;
-+		OBJ_bsearch;
-+		OBJ_cleanup;
-+		OBJ_cmp;
-+		OBJ_create;
-+		OBJ_dup;
-+		OBJ_ln2nid;
-+		OBJ_new_nid;
-+		OBJ_nid2ln;
-+		OBJ_nid2obj;
-+		OBJ_nid2sn;
-+		OBJ_obj2nid;
-+		OBJ_sn2nid;
-+		OBJ_txt2nid;
-+		PEM_ASN1_read;
-+		PEM_ASN1_read_bio;
-+		PEM_ASN1_write;
-+		PEM_ASN1_write_bio;
-+		PEM_SealFinal;
-+		PEM_SealInit;
-+		PEM_SealUpdate;
-+		PEM_SignFinal;
-+		PEM_SignInit;
-+		PEM_SignUpdate;
-+		PEM_X509_INFO_read;
-+		PEM_X509_INFO_read_bio;
-+		PEM_X509_INFO_write_bio;
-+		PEM_dek_info;
-+		PEM_do_header;
-+		PEM_get_EVP_CIPHER_INFO;
-+		PEM_proc_type;
-+		PEM_read;
-+		PEM_read_DHparams;
-+		PEM_read_DSAPrivateKey;
-+		PEM_read_DSAparams;
-+		PEM_read_PKCS7;
-+		PEM_read_PrivateKey;
-+		PEM_read_RSAPrivateKey;
-+		PEM_read_X509;
-+		PEM_read_X509_CRL;
-+		PEM_read_X509_REQ;
-+		PEM_read_bio;
-+		PEM_read_bio_DHparams;
-+		PEM_read_bio_DSAPrivateKey;
-+		PEM_read_bio_DSAparams;
-+		PEM_read_bio_PKCS7;
-+		PEM_read_bio_PrivateKey;
-+		PEM_read_bio_RSAPrivateKey;
-+		PEM_read_bio_X509;
-+		PEM_read_bio_X509_CRL;
-+		PEM_read_bio_X509_REQ;
-+		PEM_write;
-+		PEM_write_DHparams;
-+		PEM_write_DSAPrivateKey;
-+		PEM_write_DSAparams;
-+		PEM_write_PKCS7;
-+		PEM_write_PrivateKey;
-+		PEM_write_RSAPrivateKey;
-+		PEM_write_X509;
-+		PEM_write_X509_CRL;
-+		PEM_write_X509_REQ;
-+		PEM_write_bio;
-+		PEM_write_bio_DHparams;
-+		PEM_write_bio_DSAPrivateKey;
-+		PEM_write_bio_DSAparams;
-+		PEM_write_bio_PKCS7;
-+		PEM_write_bio_PrivateKey;
-+		PEM_write_bio_RSAPrivateKey;
-+		PEM_write_bio_X509;
-+		PEM_write_bio_X509_CRL;
-+		PEM_write_bio_X509_REQ;
-+		PKCS7_DIGEST_free;
-+		PKCS7_DIGEST_new;
-+		PKCS7_ENCRYPT_free;
-+		PKCS7_ENCRYPT_new;
-+		PKCS7_ENC_CONTENT_free;
-+		PKCS7_ENC_CONTENT_new;
-+		PKCS7_ENVELOPE_free;
-+		PKCS7_ENVELOPE_new;
-+		PKCS7_ISSUER_AND_SERIAL_digest;
-+		PKCS7_ISSUER_AND_SERIAL_free;
-+		PKCS7_ISSUER_AND_SERIAL_new;
-+		PKCS7_RECIP_INFO_free;
-+		PKCS7_RECIP_INFO_new;
-+		PKCS7_SIGNED_free;
-+		PKCS7_SIGNED_new;
-+		PKCS7_SIGNER_INFO_free;
-+		PKCS7_SIGNER_INFO_new;
-+		PKCS7_SIGN_ENVELOPE_free;
-+		PKCS7_SIGN_ENVELOPE_new;
-+		PKCS7_dup;
-+		PKCS7_free;
-+		PKCS7_new;
-+		PROXY_ENTRY_add_noproxy;
-+		PROXY_ENTRY_clear_noproxy;
-+		PROXY_ENTRY_free;
-+		PROXY_ENTRY_get_noproxy;
-+		PROXY_ENTRY_new;
-+		PROXY_ENTRY_set_server;
-+		PROXY_add_noproxy;
-+		PROXY_add_server;
-+		PROXY_check_by_host;
-+		PROXY_check_url;
-+		PROXY_clear_noproxy;
-+		PROXY_free;
-+		PROXY_get_noproxy;
-+		PROXY_get_proxies;
-+		PROXY_get_proxy_entry;
-+		PROXY_load_conf;
-+		PROXY_new;
-+		PROXY_print;
-+		RAND_bytes;
-+		RAND_cleanup;
-+		RAND_file_name;
-+		RAND_load_file;
-+		RAND_screen;
-+		RAND_seed;
-+		RAND_write_file;
-+		RC2_cbc_encrypt;
-+		RC2_cfb64_encrypt;
-+		RC2_ecb_encrypt;
-+		RC2_encrypt;
-+		RC2_ofb64_encrypt;
-+		RC2_set_key;
-+		RC4;
-+		RC4_options;
-+		RC4_set_key;
-+		RSAPrivateKey_asn1_meth;
-+		RSAPrivateKey_dup;
-+		RSAPublicKey_dup;
-+		RSA_PKCS1_SSLeay;
-+		RSA_free;
-+		RSA_generate_key;
-+		RSA_new;
-+		RSA_new_method;
-+		RSA_print;
-+		RSA_print_fp;
-+		RSA_private_decrypt;
-+		RSA_private_encrypt;
-+		RSA_public_decrypt;
-+		RSA_public_encrypt;
-+		RSA_set_default_method;
-+		RSA_sign;
-+		RSA_sign_ASN1_OCTET_STRING;
-+		RSA_size;
-+		RSA_verify;
-+		RSA_verify_ASN1_OCTET_STRING;
-+		SHA;
-+		SHA1;
-+		SHA1_Final;
-+		SHA1_Init;
-+		SHA1_Update;
-+		SHA_Final;
-+		SHA_Init;
-+		SHA_Update;
-+		OpenSSL_add_all_algorithms;
-+		OpenSSL_add_all_ciphers;
-+		OpenSSL_add_all_digests;
-+		TXT_DB_create_index;
-+		TXT_DB_free;
-+		TXT_DB_get_by_index;
-+		TXT_DB_insert;
-+		TXT_DB_read;
-+		TXT_DB_write;
-+		X509_ALGOR_free;
-+		X509_ALGOR_new;
-+		X509_ATTRIBUTE_free;
-+		X509_ATTRIBUTE_new;
-+		X509_CINF_free;
-+		X509_CINF_new;
-+		X509_CRL_INFO_free;
-+		X509_CRL_INFO_new;
-+		X509_CRL_add_ext;
-+		X509_CRL_cmp;
-+		X509_CRL_delete_ext;
-+		X509_CRL_dup;
-+		X509_CRL_free;
-+		X509_CRL_get_ext;
-+		X509_CRL_get_ext_by_NID;
-+		X509_CRL_get_ext_by_OBJ;
-+		X509_CRL_get_ext_by_critical;
-+		X509_CRL_get_ext_count;
-+		X509_CRL_new;
-+		X509_CRL_sign;
-+		X509_CRL_verify;
-+		X509_EXTENSION_create_by_NID;
-+		X509_EXTENSION_create_by_OBJ;
-+		X509_EXTENSION_dup;
-+		X509_EXTENSION_free;
-+		X509_EXTENSION_get_critical;
-+		X509_EXTENSION_get_data;
-+		X509_EXTENSION_get_object;
-+		X509_EXTENSION_new;
-+		X509_EXTENSION_set_critical;
-+		X509_EXTENSION_set_data;
-+		X509_EXTENSION_set_object;
-+		X509_INFO_free;
-+		X509_INFO_new;
-+		X509_LOOKUP_by_alias;
-+		X509_LOOKUP_by_fingerprint;
-+		X509_LOOKUP_by_issuer_serial;
-+		X509_LOOKUP_by_subject;
-+		X509_LOOKUP_ctrl;
-+		X509_LOOKUP_file;
-+		X509_LOOKUP_free;
-+		X509_LOOKUP_hash_dir;
-+		X509_LOOKUP_init;
-+		X509_LOOKUP_new;
-+		X509_LOOKUP_shutdown;
-+		X509_NAME_ENTRY_create_by_NID;
-+		X509_NAME_ENTRY_create_by_OBJ;
-+		X509_NAME_ENTRY_dup;
-+		X509_NAME_ENTRY_free;
-+		X509_NAME_ENTRY_get_data;
-+		X509_NAME_ENTRY_get_object;
-+		X509_NAME_ENTRY_new;
-+		X509_NAME_ENTRY_set_data;
-+		X509_NAME_ENTRY_set_object;
-+		X509_NAME_add_entry;
-+		X509_NAME_cmp;
-+		X509_NAME_delete_entry;
-+		X509_NAME_digest;
-+		X509_NAME_dup;
-+		X509_NAME_entry_count;
-+		X509_NAME_free;
-+		X509_NAME_get_entry;
-+		X509_NAME_get_index_by_NID;
-+		X509_NAME_get_index_by_OBJ;
-+		X509_NAME_get_text_by_NID;
-+		X509_NAME_get_text_by_OBJ;
-+		X509_NAME_hash;
-+		X509_NAME_new;
-+		X509_NAME_oneline;
-+		X509_NAME_print;
-+		X509_NAME_set;
-+		X509_OBJECT_free_contents;
-+		X509_OBJECT_retrieve_by_subject;
-+		X509_OBJECT_up_ref_count;
-+		X509_PKEY_free;
-+		X509_PKEY_new;
-+		X509_PUBKEY_free;
-+		X509_PUBKEY_get;
-+		X509_PUBKEY_new;
-+		X509_PUBKEY_set;
-+		X509_REQ_INFO_free;
-+		X509_REQ_INFO_new;
-+		X509_REQ_dup;
-+		X509_REQ_free;
-+		X509_REQ_get_pubkey;
-+		X509_REQ_new;
-+		X509_REQ_print;
-+		X509_REQ_print_fp;
-+		X509_REQ_set_pubkey;
-+		X509_REQ_set_subject_name;
-+		X509_REQ_set_version;
-+		X509_REQ_sign;
-+		X509_REQ_to_X509;
-+		X509_REQ_verify;
-+		X509_REVOKED_add_ext;
-+		X509_REVOKED_delete_ext;
-+		X509_REVOKED_free;
-+		X509_REVOKED_get_ext;
-+		X509_REVOKED_get_ext_by_NID;
-+		X509_REVOKED_get_ext_by_OBJ;
-+		X509_REVOKED_get_ext_by_critical;
-+		X509_REVOKED_get_ext_by_critic;
-+		X509_REVOKED_get_ext_count;
-+		X509_REVOKED_new;
-+		X509_SIG_free;
-+		X509_SIG_new;
-+		X509_STORE_CTX_cleanup;
-+		X509_STORE_CTX_init;
-+		X509_STORE_add_cert;
-+		X509_STORE_add_lookup;
-+		X509_STORE_free;
-+		X509_STORE_get_by_subject;
-+		X509_STORE_load_locations;
-+		X509_STORE_new;
-+		X509_STORE_set_default_paths;
-+		X509_VAL_free;
-+		X509_VAL_new;
-+		X509_add_ext;
-+		X509_asn1_meth;
-+		X509_certificate_type;
-+		X509_check_private_key;
-+		X509_cmp_current_time;
-+		X509_delete_ext;
-+		X509_digest;
-+		X509_dup;
-+		X509_free;
-+		X509_get_default_cert_area;
-+		X509_get_default_cert_dir;
-+		X509_get_default_cert_dir_env;
-+		X509_get_default_cert_file;
-+		X509_get_default_cert_file_env;
-+		X509_get_default_private_dir;
-+		X509_get_ext;
-+		X509_get_ext_by_NID;
-+		X509_get_ext_by_OBJ;
-+		X509_get_ext_by_critical;
-+		X509_get_ext_count;
-+		X509_get_issuer_name;
-+		X509_get_pubkey;
-+		X509_get_pubkey_parameters;
-+		X509_get_serialNumber;
-+		X509_get_subject_name;
-+		X509_gmtime_adj;
-+		X509_issuer_and_serial_cmp;
-+		X509_issuer_and_serial_hash;
-+		X509_issuer_name_cmp;
-+		X509_issuer_name_hash;
-+		X509_load_cert_file;
-+		X509_new;
-+		X509_print;
-+		X509_print_fp;
-+		X509_set_issuer_name;
-+		X509_set_notAfter;
-+		X509_set_notBefore;
-+		X509_set_pubkey;
-+		X509_set_serialNumber;
-+		X509_set_subject_name;
-+		X509_set_version;
-+		X509_sign;
-+		X509_subject_name_cmp;
-+		X509_subject_name_hash;
-+		X509_to_X509_REQ;
-+		X509_verify;
-+		X509_verify_cert;
-+		X509_verify_cert_error_string;
-+		X509v3_add_ext;
-+		X509v3_add_extension;
-+		X509v3_add_netscape_extensions;
-+		X509v3_add_standard_extensions;
-+		X509v3_cleanup_extensions;
-+		X509v3_data_type_by_NID;
-+		X509v3_data_type_by_OBJ;
-+		X509v3_delete_ext;
-+		X509v3_get_ext;
-+		X509v3_get_ext_by_NID;
-+		X509v3_get_ext_by_OBJ;
-+		X509v3_get_ext_by_critical;
-+		X509v3_get_ext_count;
-+		X509v3_pack_string;
-+		X509v3_pack_type_by_NID;
-+		X509v3_pack_type_by_OBJ;
-+		X509v3_unpack_string;
-+		_des_crypt;
-+		a2d_ASN1_OBJECT;
-+		a2i_ASN1_INTEGER;
-+		a2i_ASN1_STRING;
-+		asn1_Finish;
-+		asn1_GetSequence;
-+		bn_div_words;
-+		bn_expand2;
-+		bn_mul_add_words;
-+		bn_mul_words;
-+		BN_uadd;
-+		BN_usub;
-+		bn_sqr_words;
-+		_ossl_old_crypt;
-+		d2i_ASN1_BIT_STRING;
-+		d2i_ASN1_BOOLEAN;
-+		d2i_ASN1_HEADER;
-+		d2i_ASN1_IA5STRING;
-+		d2i_ASN1_INTEGER;
-+		d2i_ASN1_OBJECT;
-+		d2i_ASN1_OCTET_STRING;
-+		d2i_ASN1_PRINTABLE;
-+		d2i_ASN1_PRINTABLESTRING;
-+		d2i_ASN1_SET;
-+		d2i_ASN1_T61STRING;
-+		d2i_ASN1_TYPE;
-+		d2i_ASN1_UTCTIME;
-+		d2i_ASN1_bytes;
-+		d2i_ASN1_type_bytes;
-+		d2i_DHparams;
-+		d2i_DSAPrivateKey;
-+		d2i_DSAPrivateKey_bio;
-+		d2i_DSAPrivateKey_fp;
-+		d2i_DSAPublicKey;
-+		d2i_DSAparams;
-+		d2i_NETSCAPE_SPKAC;
-+		d2i_NETSCAPE_SPKI;
-+		d2i_Netscape_RSA;
-+		d2i_PKCS7;
-+		d2i_PKCS7_DIGEST;
-+		d2i_PKCS7_ENCRYPT;
-+		d2i_PKCS7_ENC_CONTENT;
-+		d2i_PKCS7_ENVELOPE;
-+		d2i_PKCS7_ISSUER_AND_SERIAL;
-+		d2i_PKCS7_RECIP_INFO;
-+		d2i_PKCS7_SIGNED;
-+		d2i_PKCS7_SIGNER_INFO;
-+		d2i_PKCS7_SIGN_ENVELOPE;
-+		d2i_PKCS7_bio;
-+		d2i_PKCS7_fp;
-+		d2i_PrivateKey;
-+		d2i_PublicKey;
-+		d2i_RSAPrivateKey;
-+		d2i_RSAPrivateKey_bio;
-+		d2i_RSAPrivateKey_fp;
-+		d2i_RSAPublicKey;
-+		d2i_X509;
-+		d2i_X509_ALGOR;
-+		d2i_X509_ATTRIBUTE;
-+		d2i_X509_CINF;
-+		d2i_X509_CRL;
-+		d2i_X509_CRL_INFO;
-+		d2i_X509_CRL_bio;
-+		d2i_X509_CRL_fp;
-+		d2i_X509_EXTENSION;
-+		d2i_X509_NAME;
-+		d2i_X509_NAME_ENTRY;
-+		d2i_X509_PKEY;
-+		d2i_X509_PUBKEY;
-+		d2i_X509_REQ;
-+		d2i_X509_REQ_INFO;
-+		d2i_X509_REQ_bio;
-+		d2i_X509_REQ_fp;
-+		d2i_X509_REVOKED;
-+		d2i_X509_SIG;
-+		d2i_X509_VAL;
-+		d2i_X509_bio;
-+		d2i_X509_fp;
-+		DES_cbc_cksum;
-+		DES_cbc_encrypt;
-+		DES_cblock_print_file;
-+		DES_cfb64_encrypt;
-+		DES_cfb_encrypt;
-+		DES_decrypt3;
-+		DES_ecb3_encrypt;
-+		DES_ecb_encrypt;
-+		DES_ede3_cbc_encrypt;
-+		DES_ede3_cfb64_encrypt;
-+		DES_ede3_ofb64_encrypt;
-+		DES_enc_read;
-+		DES_enc_write;
-+		DES_encrypt1;
-+		DES_encrypt2;
-+		DES_encrypt3;
-+		DES_fcrypt;
-+		DES_is_weak_key;
-+		DES_key_sched;
-+		DES_ncbc_encrypt;
-+		DES_ofb64_encrypt;
-+		DES_ofb_encrypt;
-+		DES_options;
-+		DES_pcbc_encrypt;
-+		DES_quad_cksum;
-+		DES_random_key;
-+		_ossl_old_des_random_seed;
-+		_ossl_old_des_read_2passwords;
-+		_ossl_old_des_read_password;
-+		_ossl_old_des_read_pw;
-+		_ossl_old_des_read_pw_string;
-+		DES_set_key;
-+		DES_set_odd_parity;
-+		DES_string_to_2keys;
-+		DES_string_to_key;
-+		DES_xcbc_encrypt;
-+		DES_xwhite_in2out;
-+		fcrypt_body;
-+		i2a_ASN1_INTEGER;
-+		i2a_ASN1_OBJECT;
-+		i2a_ASN1_STRING;
-+		i2d_ASN1_BIT_STRING;
-+		i2d_ASN1_BOOLEAN;
-+		i2d_ASN1_HEADER;
-+		i2d_ASN1_IA5STRING;
-+		i2d_ASN1_INTEGER;
-+		i2d_ASN1_OBJECT;
-+		i2d_ASN1_OCTET_STRING;
-+		i2d_ASN1_PRINTABLE;
-+		i2d_ASN1_SET;
-+		i2d_ASN1_TYPE;
-+		i2d_ASN1_UTCTIME;
-+		i2d_ASN1_bytes;
-+		i2d_DHparams;
-+		i2d_DSAPrivateKey;
-+		i2d_DSAPrivateKey_bio;
-+		i2d_DSAPrivateKey_fp;
-+		i2d_DSAPublicKey;
-+		i2d_DSAparams;
-+		i2d_NETSCAPE_SPKAC;
-+		i2d_NETSCAPE_SPKI;
-+		i2d_Netscape_RSA;
-+		i2d_PKCS7;
-+		i2d_PKCS7_DIGEST;
-+		i2d_PKCS7_ENCRYPT;
-+		i2d_PKCS7_ENC_CONTENT;
-+		i2d_PKCS7_ENVELOPE;
-+		i2d_PKCS7_ISSUER_AND_SERIAL;
-+		i2d_PKCS7_RECIP_INFO;
-+		i2d_PKCS7_SIGNED;
-+		i2d_PKCS7_SIGNER_INFO;
-+		i2d_PKCS7_SIGN_ENVELOPE;
-+		i2d_PKCS7_bio;
-+		i2d_PKCS7_fp;
-+		i2d_PrivateKey;
-+		i2d_PublicKey;
-+		i2d_RSAPrivateKey;
-+		i2d_RSAPrivateKey_bio;
-+		i2d_RSAPrivateKey_fp;
-+		i2d_RSAPublicKey;
-+		i2d_X509;
-+		i2d_X509_ALGOR;
-+		i2d_X509_ATTRIBUTE;
-+		i2d_X509_CINF;
-+		i2d_X509_CRL;
-+		i2d_X509_CRL_INFO;
-+		i2d_X509_CRL_bio;
-+		i2d_X509_CRL_fp;
-+		i2d_X509_EXTENSION;
-+		i2d_X509_NAME;
-+		i2d_X509_NAME_ENTRY;
-+		i2d_X509_PKEY;
-+		i2d_X509_PUBKEY;
-+		i2d_X509_REQ;
-+		i2d_X509_REQ_INFO;
-+		i2d_X509_REQ_bio;
-+		i2d_X509_REQ_fp;
-+		i2d_X509_REVOKED;
-+		i2d_X509_SIG;
-+		i2d_X509_VAL;
-+		i2d_X509_bio;
-+		i2d_X509_fp;
-+		idea_cbc_encrypt;
-+		idea_cfb64_encrypt;
-+		idea_ecb_encrypt;
-+		idea_encrypt;
-+		idea_ofb64_encrypt;
-+		idea_options;
-+		idea_set_decrypt_key;
-+		idea_set_encrypt_key;
-+		lh_delete;
-+		lh_doall;
-+		lh_doall_arg;
-+		lh_free;
-+		lh_insert;
-+		lh_new;
-+		lh_node_stats;
-+		lh_node_stats_bio;
-+		lh_node_usage_stats;
-+		lh_node_usage_stats_bio;
-+		lh_retrieve;
-+		lh_stats;
-+		lh_stats_bio;
-+		lh_strhash;
-+		sk_delete;
-+		sk_delete_ptr;
-+		sk_dup;
-+		sk_find;
-+		sk_free;
-+		sk_insert;
-+		sk_new;
-+		sk_pop;
-+		sk_pop_free;
-+		sk_push;
-+		sk_set_cmp_func;
-+		sk_shift;
-+		sk_unshift;
-+		sk_zero;
-+		BIO_f_nbio_test;
-+		ASN1_TYPE_get;
-+		ASN1_TYPE_set;
-+		PKCS7_content_free;
-+		ERR_load_PKCS7_strings;
-+		X509_find_by_issuer_and_serial;
-+		X509_find_by_subject;
-+		PKCS7_ctrl;
-+		PKCS7_set_type;
-+		PKCS7_set_content;
-+		PKCS7_SIGNER_INFO_set;
-+		PKCS7_add_signer;
-+		PKCS7_add_certificate;
-+		PKCS7_add_crl;
-+		PKCS7_content_new;
-+		PKCS7_dataSign;
-+		PKCS7_dataVerify;
-+		PKCS7_dataInit;
-+		PKCS7_add_signature;
-+		PKCS7_cert_from_signer_info;
-+		PKCS7_get_signer_info;
-+		EVP_delete_alias;
-+		EVP_mdc2;
-+		PEM_read_bio_RSAPublicKey;
-+		PEM_write_bio_RSAPublicKey;
-+		d2i_RSAPublicKey_bio;
-+		i2d_RSAPublicKey_bio;
-+		PEM_read_RSAPublicKey;
-+		PEM_write_RSAPublicKey;
-+		d2i_RSAPublicKey_fp;
-+		i2d_RSAPublicKey_fp;
-+		BIO_copy_next_retry;
-+		RSA_flags;
-+		X509_STORE_add_crl;
-+		X509_load_crl_file;
-+		EVP_rc2_40_cbc;
-+		EVP_rc4_40;
-+		EVP_CIPHER_CTX_init;
-+		HMAC;
-+		HMAC_Init;
-+		HMAC_Update;
-+		HMAC_Final;
-+		ERR_get_next_error_library;
-+		EVP_PKEY_cmp_parameters;
-+		HMAC_cleanup;
-+		BIO_ptr_ctrl;
-+		BIO_new_file_internal;
-+		BIO_new_fp_internal;
-+		BIO_s_file_internal;
-+		BN_BLINDING_convert;
-+		BN_BLINDING_invert;
-+		BN_BLINDING_update;
-+		RSA_blinding_on;
-+		RSA_blinding_off;
-+		i2t_ASN1_OBJECT;
-+		BN_BLINDING_new;
-+		BN_BLINDING_free;
-+		EVP_cast5_cbc;
-+		EVP_cast5_cfb64;
-+		EVP_cast5_ecb;
-+		EVP_cast5_ofb;
-+		BF_decrypt;
-+		CAST_set_key;
-+		CAST_encrypt;
-+		CAST_decrypt;
-+		CAST_ecb_encrypt;
-+		CAST_cbc_encrypt;
-+		CAST_cfb64_encrypt;
-+		CAST_ofb64_encrypt;
-+		RC2_decrypt;
-+		OBJ_create_objects;
-+		BN_exp;
-+		BN_mul_word;
-+		BN_sub_word;
-+		BN_dec2bn;
-+		BN_bn2dec;
-+		BIO_ghbn_ctrl;
-+		CRYPTO_free_ex_data;
-+		CRYPTO_get_ex_data;
-+		CRYPTO_set_ex_data;
-+		ERR_load_CRYPTO_strings;
-+		ERR_load_CRYPTOlib_strings;
-+		EVP_PKEY_bits;
-+		MD5_Transform;
-+		SHA1_Transform;
-+		SHA_Transform;
-+		X509_STORE_CTX_get_chain;
-+		X509_STORE_CTX_get_current_cert;
-+		X509_STORE_CTX_get_error;
-+		X509_STORE_CTX_get_error_depth;
-+		X509_STORE_CTX_get_ex_data;
-+		X509_STORE_CTX_set_cert;
-+		X509_STORE_CTX_set_chain;
-+		X509_STORE_CTX_set_error;
-+		X509_STORE_CTX_set_ex_data;
-+		CRYPTO_dup_ex_data;
-+		CRYPTO_get_new_lockid;
-+		CRYPTO_new_ex_data;
-+		RSA_set_ex_data;
-+		RSA_get_ex_data;
-+		RSA_get_ex_new_index;
-+		RSA_padding_add_PKCS1_type_1;
-+		RSA_padding_add_PKCS1_type_2;
-+		RSA_padding_add_SSLv23;
-+		RSA_padding_add_none;
-+		RSA_padding_check_PKCS1_type_1;
-+		RSA_padding_check_PKCS1_type_2;
-+		RSA_padding_check_SSLv23;
-+		RSA_padding_check_none;
-+		bn_add_words;
-+		d2i_Netscape_RSA_2;
-+		CRYPTO_get_ex_new_index;
-+		RIPEMD160_Init;
-+		RIPEMD160_Update;
-+		RIPEMD160_Final;
-+		RIPEMD160;
-+		RIPEMD160_Transform;
-+		RC5_32_set_key;
-+		RC5_32_ecb_encrypt;
-+		RC5_32_encrypt;
-+		RC5_32_decrypt;
-+		RC5_32_cbc_encrypt;
-+		RC5_32_cfb64_encrypt;
-+		RC5_32_ofb64_encrypt;
-+		BN_bn2mpi;
-+		BN_mpi2bn;
-+		ASN1_BIT_STRING_get_bit;
-+		ASN1_BIT_STRING_set_bit;
-+		BIO_get_ex_data;
-+		BIO_get_ex_new_index;
-+		BIO_set_ex_data;
-+		X509v3_get_key_usage;
-+		X509v3_set_key_usage;
-+		a2i_X509v3_key_usage;
-+		i2a_X509v3_key_usage;
-+		EVP_PKEY_decrypt;
-+		EVP_PKEY_encrypt;
-+		PKCS7_RECIP_INFO_set;
-+		PKCS7_add_recipient;
-+		PKCS7_add_recipient_info;
-+		PKCS7_set_cipher;
-+		ASN1_TYPE_get_int_octetstring;
-+		ASN1_TYPE_get_octetstring;
-+		ASN1_TYPE_set_int_octetstring;
-+		ASN1_TYPE_set_octetstring;
-+		ASN1_UTCTIME_set_string;
-+		ERR_add_error_data;
-+		ERR_set_error_data;
-+		EVP_CIPHER_asn1_to_param;
-+		EVP_CIPHER_param_to_asn1;
-+		EVP_CIPHER_get_asn1_iv;
-+		EVP_CIPHER_set_asn1_iv;
-+		EVP_rc5_32_12_16_cbc;
-+		EVP_rc5_32_12_16_cfb64;
-+		EVP_rc5_32_12_16_ecb;
-+		EVP_rc5_32_12_16_ofb;
-+		asn1_add_error;
-+		d2i_ASN1_BMPSTRING;
-+		i2d_ASN1_BMPSTRING;
-+		BIO_f_ber;
-+		BN_init;
-+		COMP_CTX_new;
-+		COMP_CTX_free;
-+		COMP_CTX_compress_block;
-+		COMP_CTX_expand_block;
-+		X509_STORE_CTX_get_ex_new_index;
-+		OBJ_NAME_add;
-+		BIO_socket_nbio;
-+		EVP_rc2_64_cbc;
-+		OBJ_NAME_cleanup;
-+		OBJ_NAME_get;
-+		OBJ_NAME_init;
-+		OBJ_NAME_new_index;
-+		OBJ_NAME_remove;
-+		BN_MONT_CTX_copy;
-+		BIO_new_socks4a_connect;
-+		BIO_s_socks4a_connect;
-+		PROXY_set_connect_mode;
-+		RAND_SSLeay;
-+		RAND_set_rand_method;
-+		RSA_memory_lock;
-+		bn_sub_words;
-+		bn_mul_normal;
-+		bn_mul_comba8;
-+		bn_mul_comba4;
-+		bn_sqr_normal;
-+		bn_sqr_comba8;
-+		bn_sqr_comba4;
-+		bn_cmp_words;
-+		bn_mul_recursive;
-+		bn_mul_part_recursive;
-+		bn_sqr_recursive;
-+		bn_mul_low_normal;
-+		BN_RECP_CTX_init;
-+		BN_RECP_CTX_new;
-+		BN_RECP_CTX_free;
-+		BN_RECP_CTX_set;
-+		BN_mod_mul_reciprocal;
-+		BN_mod_exp_recp;
-+		BN_div_recp;
-+		BN_CTX_init;
-+		BN_MONT_CTX_init;
-+		RAND_get_rand_method;
-+		PKCS7_add_attribute;
-+		PKCS7_add_signed_attribute;
-+		PKCS7_digest_from_attributes;
-+		PKCS7_get_attribute;
-+		PKCS7_get_issuer_and_serial;
-+		PKCS7_get_signed_attribute;
-+		COMP_compress_block;
-+		COMP_expand_block;
-+		COMP_rle;
-+		COMP_zlib;
-+		ms_time_diff;
-+		ms_time_new;
-+		ms_time_free;
-+		ms_time_cmp;
-+		ms_time_get;
-+		PKCS7_set_attributes;
-+		PKCS7_set_signed_attributes;
-+		X509_ATTRIBUTE_create;
-+		X509_ATTRIBUTE_dup;
-+		ASN1_GENERALIZEDTIME_check;
-+		ASN1_GENERALIZEDTIME_print;
-+		ASN1_GENERALIZEDTIME_set;
-+		ASN1_GENERALIZEDTIME_set_string;
-+		ASN1_TIME_print;
-+		BASIC_CONSTRAINTS_free;
-+		BASIC_CONSTRAINTS_new;
-+		ERR_load_X509V3_strings;
-+		NETSCAPE_CERT_SEQUENCE_free;
-+		NETSCAPE_CERT_SEQUENCE_new;
-+		OBJ_txt2obj;
-+		PEM_read_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_NS_CERT_SEQ;
-+		PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_bio_NS_CERT_SEQ;
-+		PEM_write_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_NS_CERT_SEQ;
-+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_bio_NS_CERT_SEQ;
-+		X509V3_EXT_add;
-+		X509V3_EXT_add_alias;
-+		X509V3_EXT_add_conf;
-+		X509V3_EXT_cleanup;
-+		X509V3_EXT_conf;
-+		X509V3_EXT_conf_nid;
-+		X509V3_EXT_get;
-+		X509V3_EXT_get_nid;
-+		X509V3_EXT_print;
-+		X509V3_EXT_print_fp;
-+		X509V3_add_standard_extensions;
-+		X509V3_add_value;
-+		X509V3_add_value_bool;
-+		X509V3_add_value_int;
-+		X509V3_conf_free;
-+		X509V3_get_value_bool;
-+		X509V3_get_value_int;
-+		X509V3_parse_list;
-+		d2i_ASN1_GENERALIZEDTIME;
-+		d2i_ASN1_TIME;
-+		d2i_BASIC_CONSTRAINTS;
-+		d2i_NETSCAPE_CERT_SEQUENCE;
-+		d2i_ext_ku;
-+		ext_ku_free;
-+		ext_ku_new;
-+		i2d_ASN1_GENERALIZEDTIME;
-+		i2d_ASN1_TIME;
-+		i2d_BASIC_CONSTRAINTS;
-+		i2d_NETSCAPE_CERT_SEQUENCE;
-+		i2d_ext_ku;
-+		EVP_MD_CTX_copy;
-+		i2d_ASN1_ENUMERATED;
-+		d2i_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_set;
-+		ASN1_ENUMERATED_get;
-+		BN_to_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_to_BN;
-+		i2a_ASN1_ENUMERATED;
-+		a2i_ASN1_ENUMERATED;
-+		i2d_GENERAL_NAME;
-+		d2i_GENERAL_NAME;
-+		GENERAL_NAME_new;
-+		GENERAL_NAME_free;
-+		GENERAL_NAMES_new;
-+		GENERAL_NAMES_free;
-+		d2i_GENERAL_NAMES;
-+		i2d_GENERAL_NAMES;
-+		i2v_GENERAL_NAMES;
-+		i2s_ASN1_OCTET_STRING;
-+		s2i_ASN1_OCTET_STRING;
-+		X509V3_EXT_check_conf;
-+		hex_to_string;
-+		string_to_hex;
-+		DES_ede3_cbcm_encrypt;
-+		RSA_padding_add_PKCS1_OAEP;
-+		RSA_padding_check_PKCS1_OAEP;
-+		X509_CRL_print_fp;
-+		X509_CRL_print;
-+		i2v_GENERAL_NAME;
-+		v2i_GENERAL_NAME;
-+		i2d_PKEY_USAGE_PERIOD;
-+		d2i_PKEY_USAGE_PERIOD;
-+		PKEY_USAGE_PERIOD_new;
-+		PKEY_USAGE_PERIOD_free;
-+		v2i_GENERAL_NAMES;
-+		i2s_ASN1_INTEGER;
-+		X509V3_EXT_d2i;
-+		name_cmp;
-+		str_dup;
-+		i2s_ASN1_ENUMERATED;
-+		i2s_ASN1_ENUMERATED_TABLE;
-+		BIO_s_log;
-+		BIO_f_reliable;
-+		PKCS7_dataFinal;
-+		PKCS7_dataDecode;
-+		X509V3_EXT_CRL_add_conf;
-+		BN_set_params;
-+		BN_get_params;
-+		BIO_get_ex_num;
-+		BIO_set_ex_free_func;
-+		EVP_ripemd160;
-+		ASN1_TIME_set;
-+		i2d_AUTHORITY_KEYID;
-+		d2i_AUTHORITY_KEYID;
-+		AUTHORITY_KEYID_new;
-+		AUTHORITY_KEYID_free;
-+		ASN1_seq_unpack;
-+		ASN1_seq_pack;
-+		ASN1_unpack_string;
-+		ASN1_pack_string;
-+		PKCS12_pack_safebag;
-+		PKCS12_MAKE_KEYBAG;
-+		PKCS8_encrypt;
-+		PKCS12_MAKE_SHKEYBAG;
-+		PKCS12_pack_p7data;
-+		PKCS12_pack_p7encdata;
-+		PKCS12_add_localkeyid;
-+		PKCS12_add_friendlyname_asc;
-+		PKCS12_add_friendlyname_uni;
-+		PKCS12_get_friendlyname;
-+		PKCS12_pbe_crypt;
-+		PKCS12_decrypt_d2i;
-+		PKCS12_i2d_encrypt;
-+		PKCS12_init;
-+		PKCS12_key_gen_asc;
-+		PKCS12_key_gen_uni;
-+		PKCS12_gen_mac;
-+		PKCS12_verify_mac;
-+		PKCS12_set_mac;
-+		PKCS12_setup_mac;
-+		OPENSSL_asc2uni;
-+		OPENSSL_uni2asc;
-+		i2d_PKCS12_BAGS;
-+		PKCS12_BAGS_new;
-+		d2i_PKCS12_BAGS;
-+		PKCS12_BAGS_free;
-+		i2d_PKCS12;
-+		d2i_PKCS12;
-+		PKCS12_new;
-+		PKCS12_free;
-+		i2d_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_new;
-+		d2i_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_free;
-+		i2d_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_new;
-+		d2i_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_free;
-+		ERR_load_PKCS12_strings;
-+		PKCS12_PBE_add;
-+		PKCS8_add_keyusage;
-+		PKCS12_get_attr_gen;
-+		PKCS12_parse;
-+		PKCS12_create;
-+		i2d_PKCS12_bio;
-+		i2d_PKCS12_fp;
-+		d2i_PKCS12_bio;
-+		d2i_PKCS12_fp;
-+		i2d_PBEPARAM;
-+		PBEPARAM_new;
-+		d2i_PBEPARAM;
-+		PBEPARAM_free;
-+		i2d_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_new;
-+		d2i_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_free;
-+		EVP_PKCS82PKEY;
-+		EVP_PKEY2PKCS8;
-+		PKCS8_set_broken;
-+		EVP_PBE_ALGOR_CipherInit;
-+		EVP_PBE_alg_add;
-+		PKCS5_pbe_set;
-+		EVP_PBE_cleanup;
-+		i2d_SXNET;
-+		d2i_SXNET;
-+		SXNET_new;
-+		SXNET_free;
-+		i2d_SXNETID;
-+		d2i_SXNETID;
-+		SXNETID_new;
-+		SXNETID_free;
-+		DSA_SIG_new;
-+		DSA_SIG_free;
-+		DSA_do_sign;
-+		DSA_do_verify;
-+		d2i_DSA_SIG;
-+		i2d_DSA_SIG;
-+		i2d_ASN1_VISIBLESTRING;
-+		d2i_ASN1_VISIBLESTRING;
-+		i2d_ASN1_UTF8STRING;
-+		d2i_ASN1_UTF8STRING;
-+		i2d_DIRECTORYSTRING;
-+		d2i_DIRECTORYSTRING;
-+		i2d_DISPLAYTEXT;
-+		d2i_DISPLAYTEXT;
-+		d2i_ASN1_SET_OF_X509;
-+		i2d_ASN1_SET_OF_X509;
-+		i2d_PBKDF2PARAM;
-+		PBKDF2PARAM_new;
-+		d2i_PBKDF2PARAM;
-+		PBKDF2PARAM_free;
-+		i2d_PBE2PARAM;
-+		PBE2PARAM_new;
-+		d2i_PBE2PARAM;
-+		PBE2PARAM_free;
-+		d2i_ASN1_SET_OF_GENERAL_NAME;
-+		i2d_ASN1_SET_OF_GENERAL_NAME;
-+		d2i_ASN1_SET_OF_SXNETID;
-+		i2d_ASN1_SET_OF_SXNETID;
-+		d2i_ASN1_SET_OF_POLICYQUALINFO;
-+		i2d_ASN1_SET_OF_POLICYQUALINFO;
-+		d2i_ASN1_SET_OF_POLICYINFO;
-+		i2d_ASN1_SET_OF_POLICYINFO;
-+		SXNET_add_id_asc;
-+		SXNET_add_id_ulong;
-+		SXNET_add_id_INTEGER;
-+		SXNET_get_id_asc;
-+		SXNET_get_id_ulong;
-+		SXNET_get_id_INTEGER;
-+		X509V3_set_conf_lhash;
-+		i2d_CERTIFICATEPOLICIES;
-+		CERTIFICATEPOLICIES_new;
-+		CERTIFICATEPOLICIES_free;
-+		d2i_CERTIFICATEPOLICIES;
-+		i2d_POLICYINFO;
-+		POLICYINFO_new;
-+		d2i_POLICYINFO;
-+		POLICYINFO_free;
-+		i2d_POLICYQUALINFO;
-+		POLICYQUALINFO_new;
-+		d2i_POLICYQUALINFO;
-+		POLICYQUALINFO_free;
-+		i2d_USERNOTICE;
-+		USERNOTICE_new;
-+		d2i_USERNOTICE;
-+		USERNOTICE_free;
-+		i2d_NOTICEREF;
-+		NOTICEREF_new;
-+		d2i_NOTICEREF;
-+		NOTICEREF_free;
-+		X509V3_get_string;
-+		X509V3_get_section;
-+		X509V3_string_free;
-+		X509V3_section_free;
-+		X509V3_set_ctx;
-+		s2i_ASN1_INTEGER;
-+		CRYPTO_set_locked_mem_functions;
-+		CRYPTO_get_locked_mem_functions;
-+		CRYPTO_malloc_locked;
-+		CRYPTO_free_locked;
-+		BN_mod_exp2_mont;
-+		ERR_get_error_line_data;
-+		ERR_peek_error_line_data;
-+		PKCS12_PBE_keyivgen;
-+		X509_ALGOR_dup;
-+		d2i_ASN1_SET_OF_DIST_POINT;
-+		i2d_ASN1_SET_OF_DIST_POINT;
-+		i2d_CRL_DIST_POINTS;
-+		CRL_DIST_POINTS_new;
-+		CRL_DIST_POINTS_free;
-+		d2i_CRL_DIST_POINTS;
-+		i2d_DIST_POINT;
-+		DIST_POINT_new;
-+		d2i_DIST_POINT;
-+		DIST_POINT_free;
-+		i2d_DIST_POINT_NAME;
-+		DIST_POINT_NAME_new;
-+		DIST_POINT_NAME_free;
-+		d2i_DIST_POINT_NAME;
-+		X509V3_add_value_uchar;
-+		d2i_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_ASN1_TYPE;
-+		d2i_ASN1_SET_OF_X509_EXTENSION;
-+		d2i_ASN1_SET_OF_X509_NAME_ENTRY;
-+		d2i_ASN1_SET_OF_ASN1_TYPE;
-+		i2d_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_X509_EXTENSION;
-+		i2d_ASN1_SET_OF_X509_NAME_ENTRY;
-+		X509V3_EXT_i2d;
-+		X509V3_EXT_val_prn;
-+		X509V3_EXT_add_list;
-+		EVP_CIPHER_type;
-+		EVP_PBE_CipherInit;
-+		X509V3_add_value_bool_nf;
-+		d2i_ASN1_UINTEGER;
-+		sk_value;
-+		sk_num;
-+		sk_set;
-+		i2d_ASN1_SET_OF_X509_REVOKED;
-+		sk_sort;
-+		d2i_ASN1_SET_OF_X509_REVOKED;
-+		i2d_ASN1_SET_OF_X509_ALGOR;
-+		i2d_ASN1_SET_OF_X509_CRL;
-+		d2i_ASN1_SET_OF_X509_ALGOR;
-+		d2i_ASN1_SET_OF_X509_CRL;
-+		i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		PKCS5_PBE_add;
-+		PEM_write_bio_PKCS8;
-+		i2d_PKCS8_fp;
-+		PEM_read_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_bio_P8_PRIV_KEY_INFO;
-+		d2i_PKCS8_bio;
-+		d2i_PKCS8_PRIV_KEY_INFO_fp;
-+		PEM_write_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_bio_P8_PRIV_KEY_INFO;
-+		PEM_read_PKCS8;
-+		d2i_PKCS8_PRIV_KEY_INFO_bio;
-+		d2i_PKCS8_fp;
-+		PEM_write_PKCS8;
-+		PEM_read_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_P8_PRIV_KEY_INFO;
-+		PEM_read_bio_PKCS8;
-+		PEM_write_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_P8_PRIV_KEY_INFO;
-+		PKCS5_PBE_keyivgen;
-+		i2d_PKCS8_bio;
-+		i2d_PKCS8_PRIV_KEY_INFO_fp;
-+		i2d_PKCS8_PRIV_KEY_INFO_bio;
-+		BIO_s_bio;
-+		PKCS5_pbe2_set;
-+		PKCS5_PBKDF2_HMAC_SHA1;
-+		PKCS5_v2_PBE_keyivgen;
-+		PEM_write_bio_PKCS8PrivateKey;
-+		PEM_write_PKCS8PrivateKey;
-+		BIO_ctrl_get_read_request;
-+		BIO_ctrl_pending;
-+		BIO_ctrl_wpending;
-+		BIO_new_bio_pair;
-+		BIO_ctrl_get_write_guarantee;
-+		CRYPTO_num_locks;
-+		CONF_load_bio;
-+		CONF_load_fp;
-+		i2d_ASN1_SET_OF_ASN1_OBJECT;
-+		d2i_ASN1_SET_OF_ASN1_OBJECT;
-+		PKCS7_signatureVerify;
-+		RSA_set_method;
-+		RSA_get_method;
-+		RSA_get_default_method;
-+		RSA_check_key;
-+		OBJ_obj2txt;
-+		DSA_dup_DH;
-+		X509_REQ_get_extensions;
-+		X509_REQ_set_extension_nids;
-+		BIO_nwrite;
-+		X509_REQ_extension_nid;
-+		BIO_nread;
-+		X509_REQ_get_extension_nids;
-+		BIO_nwrite0;
-+		X509_REQ_add_extensions_nid;
-+		BIO_nread0;
-+		X509_REQ_add_extensions;
-+		BIO_new_mem_buf;
-+		DH_set_ex_data;
-+		DH_set_method;
-+		DSA_OpenSSL;
-+		DH_get_ex_data;
-+		DH_get_ex_new_index;
-+		DSA_new_method;
-+		DH_new_method;
-+		DH_OpenSSL;
-+		DSA_get_ex_new_index;
-+		DH_get_default_method;
-+		DSA_set_ex_data;
-+		DH_set_default_method;
-+		DSA_get_ex_data;
-+		X509V3_EXT_REQ_add_conf;
-+		NETSCAPE_SPKI_print;
-+		NETSCAPE_SPKI_set_pubkey;
-+		NETSCAPE_SPKI_b64_encode;
-+		NETSCAPE_SPKI_get_pubkey;
-+		NETSCAPE_SPKI_b64_decode;
-+		UTF8_putc;
-+		UTF8_getc;
-+		RSA_null_method;
-+		ASN1_tag2str;
-+		BIO_ctrl_reset_read_request;
-+		DISPLAYTEXT_new;
-+		ASN1_GENERALIZEDTIME_free;
-+		X509_REVOKED_get_ext_d2i;
-+		X509_set_ex_data;
-+		X509_reject_set_bit_asc;
-+		X509_NAME_add_entry_by_txt;
-+		X509_NAME_add_entry_by_NID;
-+		X509_PURPOSE_get0;
-+		PEM_read_X509_AUX;
-+		d2i_AUTHORITY_INFO_ACCESS;
-+		PEM_write_PUBKEY;
-+		ACCESS_DESCRIPTION_new;
-+		X509_CERT_AUX_free;
-+		d2i_ACCESS_DESCRIPTION;
-+		X509_trust_clear;
-+		X509_TRUST_add;
-+		ASN1_VISIBLESTRING_new;
-+		X509_alias_set1;
-+		ASN1_PRINTABLESTRING_free;
-+		EVP_PKEY_get1_DSA;
-+		ASN1_BMPSTRING_new;
-+		ASN1_mbstring_copy;
-+		ASN1_UTF8STRING_new;
-+		DSA_get_default_method;
-+		i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_T61STRING_free;
-+		DSA_set_method;
-+		X509_get_ex_data;
-+		ASN1_STRING_type;
-+		X509_PURPOSE_get_by_sname;
-+		ASN1_TIME_free;
-+		ASN1_OCTET_STRING_cmp;
-+		ASN1_BIT_STRING_new;
-+		X509_get_ext_d2i;
-+		PEM_read_bio_X509_AUX;
-+		ASN1_STRING_set_default_mask_asc;
-+		ASN1_STRING_set_def_mask_asc;
-+		PEM_write_bio_RSA_PUBKEY;
-+		ASN1_INTEGER_cmp;
-+		d2i_RSA_PUBKEY_fp;
-+		X509_trust_set_bit_asc;
-+		PEM_write_bio_DSA_PUBKEY;
-+		X509_STORE_CTX_free;
-+		EVP_PKEY_set1_DSA;
-+		i2d_DSA_PUBKEY_fp;
-+		X509_load_cert_crl_file;
-+		ASN1_TIME_new;
-+		i2d_RSA_PUBKEY;
-+		X509_STORE_CTX_purpose_inherit;
-+		PEM_read_RSA_PUBKEY;
-+		d2i_X509_AUX;
-+		i2d_DSA_PUBKEY;
-+		X509_CERT_AUX_print;
-+		PEM_read_DSA_PUBKEY;
-+		i2d_RSA_PUBKEY_bio;
-+		ASN1_BIT_STRING_num_asc;
-+		i2d_PUBKEY;
-+		ASN1_UTCTIME_free;
-+		DSA_set_default_method;
-+		X509_PURPOSE_get_by_id;
-+		ACCESS_DESCRIPTION_free;
-+		PEM_read_bio_PUBKEY;
-+		ASN1_STRING_set_by_NID;
-+		X509_PURPOSE_get_id;
-+		DISPLAYTEXT_free;
-+		OTHERNAME_new;
-+		X509_CERT_AUX_new;
-+		X509_TRUST_cleanup;
-+		X509_NAME_add_entry_by_OBJ;
-+		X509_CRL_get_ext_d2i;
-+		X509_PURPOSE_get0_name;
-+		PEM_read_PUBKEY;
-+		i2d_DSA_PUBKEY_bio;
-+		i2d_OTHERNAME;
-+		ASN1_OCTET_STRING_free;
-+		ASN1_BIT_STRING_set_asc;
-+		X509_get_ex_new_index;
-+		ASN1_STRING_TABLE_cleanup;
-+		X509_TRUST_get_by_id;
-+		X509_PURPOSE_get_trust;
-+		ASN1_STRING_length;
-+		d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_PRINTABLESTRING_new;
-+		X509V3_get_d2i;
-+		ASN1_ENUMERATED_free;
-+		i2d_X509_CERT_AUX;
-+		X509_STORE_CTX_set_trust;
-+		ASN1_STRING_set_default_mask;
-+		X509_STORE_CTX_new;
-+		EVP_PKEY_get1_RSA;
-+		DIRECTORYSTRING_free;
-+		PEM_write_X509_AUX;
-+		ASN1_OCTET_STRING_set;
-+		d2i_DSA_PUBKEY_fp;
-+		d2i_RSA_PUBKEY;
-+		X509_TRUST_get0_name;
-+		X509_TRUST_get0;
-+		AUTHORITY_INFO_ACCESS_free;
-+		ASN1_IA5STRING_new;
-+		d2i_DSA_PUBKEY;
-+		X509_check_purpose;
-+		ASN1_ENUMERATED_new;
-+		d2i_RSA_PUBKEY_bio;
-+		d2i_PUBKEY;
-+		X509_TRUST_get_trust;
-+		X509_TRUST_get_flags;
-+		ASN1_BMPSTRING_free;
-+		ASN1_T61STRING_new;
-+		ASN1_UTCTIME_new;
-+		i2d_AUTHORITY_INFO_ACCESS;
-+		EVP_PKEY_set1_RSA;
-+		X509_STORE_CTX_set_purpose;
-+		ASN1_IA5STRING_free;
-+		PEM_write_bio_X509_AUX;
-+		X509_PURPOSE_get_count;
-+		CRYPTO_add_info;
-+		X509_NAME_ENTRY_create_by_txt;
-+		ASN1_STRING_get_default_mask;
-+		X509_alias_get0;
-+		ASN1_STRING_data;
-+		i2d_ACCESS_DESCRIPTION;
-+		X509_trust_set_bit;
-+		ASN1_BIT_STRING_free;
-+		PEM_read_bio_RSA_PUBKEY;
-+		X509_add1_reject_object;
-+		X509_check_trust;
-+		PEM_read_bio_DSA_PUBKEY;
-+		X509_PURPOSE_add;
-+		ASN1_STRING_TABLE_get;
-+		ASN1_UTF8STRING_free;
-+		d2i_DSA_PUBKEY_bio;
-+		PEM_write_RSA_PUBKEY;
-+		d2i_OTHERNAME;
-+		X509_reject_set_bit;
-+		PEM_write_DSA_PUBKEY;
-+		X509_PURPOSE_get0_sname;
-+		EVP_PKEY_set1_DH;
-+		ASN1_OCTET_STRING_dup;
-+		ASN1_BIT_STRING_set;
-+		X509_TRUST_get_count;
-+		ASN1_INTEGER_free;
-+		OTHERNAME_free;
-+		i2d_RSA_PUBKEY_fp;
-+		ASN1_INTEGER_dup;
-+		d2i_X509_CERT_AUX;
-+		PEM_write_bio_PUBKEY;
-+		ASN1_VISIBLESTRING_free;
-+		X509_PURPOSE_cleanup;
-+		ASN1_mbstring_ncopy;
-+		ASN1_GENERALIZEDTIME_new;
-+		EVP_PKEY_get1_DH;
-+		ASN1_OCTET_STRING_new;
-+		ASN1_INTEGER_new;
-+		i2d_X509_AUX;
-+		ASN1_BIT_STRING_name_print;
-+		X509_cmp;
-+		ASN1_STRING_length_set;
-+		DIRECTORYSTRING_new;
-+		X509_add1_trust_object;
-+		PKCS12_newpass;
-+		SMIME_write_PKCS7;
-+		SMIME_read_PKCS7;
-+		DES_set_key_checked;
-+		PKCS7_verify;
-+		PKCS7_encrypt;
-+		DES_set_key_unchecked;
-+		SMIME_crlf_copy;
-+		i2d_ASN1_PRINTABLESTRING;
-+		PKCS7_get0_signers;
-+		PKCS7_decrypt;
-+		SMIME_text;
-+		PKCS7_simple_smimecap;
-+		PKCS7_get_smimecap;
-+		PKCS7_sign;
-+		PKCS7_add_attrib_smimecap;
-+		CRYPTO_dbg_set_options;
-+		CRYPTO_remove_all_info;
-+		CRYPTO_get_mem_debug_functions;
-+		CRYPTO_is_mem_check_on;
-+		CRYPTO_set_mem_debug_functions;
-+		CRYPTO_pop_info;
-+		CRYPTO_push_info_;
-+		CRYPTO_set_mem_debug_options;
-+		PEM_write_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivKey_nid;
-+		d2i_PKCS8PrivateKey_bio;
-+		ASN1_NULL_free;
-+		d2i_ASN1_NULL;
-+		ASN1_NULL_new;
-+		i2d_PKCS8PrivateKey_bio;
-+		i2d_PKCS8PrivateKey_fp;
-+		i2d_ASN1_NULL;
-+		i2d_PKCS8PrivateKey_nid_fp;
-+		d2i_PKCS8PrivateKey_fp;
-+		i2d_PKCS8PrivateKey_nid_bio;
-+		i2d_PKCS8PrivateKeyInfo_fp;
-+		i2d_PKCS8PrivateKeyInfo_bio;
-+		PEM_cb;
-+		i2d_PrivateKey_fp;
-+		d2i_PrivateKey_bio;
-+		d2i_PrivateKey_fp;
-+		i2d_PrivateKey_bio;
-+		X509_reject_clear;
-+		X509_TRUST_set_default;
-+		d2i_AutoPrivateKey;
-+		X509_ATTRIBUTE_get0_type;
-+		X509_ATTRIBUTE_set1_data;
-+		X509at_get_attr;
-+		X509at_get_attr_count;
-+		X509_ATTRIBUTE_create_by_NID;
-+		X509_ATTRIBUTE_set1_object;
-+		X509_ATTRIBUTE_count;
-+		X509_ATTRIBUTE_create_by_OBJ;
-+		X509_ATTRIBUTE_get0_object;
-+		X509at_get_attr_by_NID;
-+		X509at_add1_attr;
-+		X509_ATTRIBUTE_get0_data;
-+		X509at_delete_attr;
-+		X509at_get_attr_by_OBJ;
-+		RAND_add;
-+		BIO_number_written;
-+		BIO_number_read;
-+		X509_STORE_CTX_get1_chain;
-+		ERR_load_RAND_strings;
-+		RAND_pseudo_bytes;
-+		X509_REQ_get_attr_by_NID;
-+		X509_REQ_get_attr;
-+		X509_REQ_add1_attr_by_NID;
-+		X509_REQ_get_attr_by_OBJ;
-+		X509at_add1_attr_by_NID;
-+		X509_REQ_add1_attr_by_OBJ;
-+		X509_REQ_get_attr_count;
-+		X509_REQ_add1_attr;
-+		X509_REQ_delete_attr;
-+		X509at_add1_attr_by_OBJ;
-+		X509_REQ_add1_attr_by_txt;
-+		X509_ATTRIBUTE_create_by_txt;
-+		X509at_add1_attr_by_txt;
-+		BN_pseudo_rand;
-+		BN_is_prime_fasttest;
-+		BN_CTX_end;
-+		BN_CTX_start;
-+		BN_CTX_get;
-+		EVP_PKEY2PKCS8_broken;
-+		ASN1_STRING_TABLE_add;
-+		CRYPTO_dbg_get_options;
-+		AUTHORITY_INFO_ACCESS_new;
-+		CRYPTO_get_mem_debug_options;
-+		DES_crypt;
-+		PEM_write_bio_X509_REQ_NEW;
-+		PEM_write_X509_REQ_NEW;
-+		BIO_callback_ctrl;
-+		RAND_egd;
-+		RAND_status;
-+		bn_dump1;
-+		DES_check_key_parity;
-+		lh_num_items;
-+		RAND_event;
-+		DSO_new;
-+		DSO_new_method;
-+		DSO_free;
-+		DSO_flags;
-+		DSO_up;
-+		DSO_set_default_method;
-+		DSO_get_default_method;
-+		DSO_get_method;
-+		DSO_set_method;
-+		DSO_load;
-+		DSO_bind_var;
-+		DSO_METHOD_null;
-+		DSO_METHOD_openssl;
-+		DSO_METHOD_dlfcn;
-+		DSO_METHOD_win32;
-+		ERR_load_DSO_strings;
-+		DSO_METHOD_dl;
-+		NCONF_load;
-+		NCONF_load_fp;
-+		NCONF_new;
-+		NCONF_get_string;
-+		NCONF_free;
-+		NCONF_get_number;
-+		CONF_dump_fp;
-+		NCONF_load_bio;
-+		NCONF_dump_fp;
-+		NCONF_get_section;
-+		NCONF_dump_bio;
-+		CONF_dump_bio;
-+		NCONF_free_data;
-+		CONF_set_default_method;
-+		ERR_error_string_n;
-+		BIO_snprintf;
-+		DSO_ctrl;
-+		i2d_ASN1_SET_OF_ASN1_INTEGER;
-+		i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		i2d_ASN1_SET_OF_PKCS7;
-+		BIO_vfree;
-+		d2i_ASN1_SET_OF_ASN1_INTEGER;
-+		d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		ASN1_UTCTIME_get;
-+		X509_REQ_digest;
-+		X509_CRL_digest;
-+		d2i_ASN1_SET_OF_PKCS7;
-+		EVP_CIPHER_CTX_set_key_length;
-+		EVP_CIPHER_CTX_ctrl;
-+		BN_mod_exp_mont_word;
-+		RAND_egd_bytes;
-+		X509_REQ_get1_email;
-+		X509_get1_email;
-+		X509_email_free;
-+		i2d_RSA_NET;
-+		d2i_RSA_NET_2;
-+		d2i_RSA_NET;
-+		DSO_bind_func;
-+		CRYPTO_get_new_dynlockid;
-+		sk_new_null;
-+		CRYPTO_set_dynlock_destroy_callback;
-+		CRYPTO_set_dynlock_destroy_cb;
-+		CRYPTO_destroy_dynlockid;
-+		CRYPTO_set_dynlock_size;
-+		CRYPTO_set_dynlock_create_callback;
-+		CRYPTO_set_dynlock_create_cb;
-+		CRYPTO_set_dynlock_lock_callback;
-+		CRYPTO_set_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_lock_callback;
-+		CRYPTO_get_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_destroy_callback;
-+		CRYPTO_get_dynlock_destroy_cb;
-+		CRYPTO_get_dynlock_value;
-+		CRYPTO_get_dynlock_create_callback;
-+		CRYPTO_get_dynlock_create_cb;
-+		c2i_ASN1_BIT_STRING;
-+		i2c_ASN1_BIT_STRING;
-+		RAND_poll;
-+		c2i_ASN1_INTEGER;
-+		i2c_ASN1_INTEGER;
-+		BIO_dump_indent;
-+		ASN1_parse_dump;
-+		c2i_ASN1_OBJECT;
-+		X509_NAME_print_ex_fp;
-+		ASN1_STRING_print_ex_fp;
-+		X509_NAME_print_ex;
-+		ASN1_STRING_print_ex;
-+		MD4;
-+		MD4_Transform;
-+		MD4_Final;
-+		MD4_Update;
-+		MD4_Init;
-+		EVP_md4;
-+		i2d_PUBKEY_bio;
-+		i2d_PUBKEY_fp;
-+		d2i_PUBKEY_bio;
-+		ASN1_STRING_to_UTF8;
-+		BIO_vprintf;
-+		BIO_vsnprintf;
-+		d2i_PUBKEY_fp;
-+		X509_cmp_time;
-+		X509_STORE_CTX_set_time;
-+		X509_STORE_CTX_get1_issuer;
-+		X509_OBJECT_retrieve_match;
-+		X509_OBJECT_idx_by_subject;
-+		X509_STORE_CTX_set_flags;
-+		X509_STORE_CTX_trusted_stack;
-+		X509_time_adj;
-+		X509_check_issued;
-+		ASN1_UTCTIME_cmp_time_t;
-+		DES_set_weak_key_flag;
-+		DES_check_key;
-+		DES_rw_mode;
-+		RSA_PKCS1_RSAref;
-+		X509_keyid_set1;
-+		BIO_next;
-+		DSO_METHOD_vms;
-+		BIO_f_linebuffer;
-+		BN_bntest_rand;
-+		OPENSSL_issetugid;
-+		BN_rand_range;
-+		ERR_load_ENGINE_strings;
-+		ENGINE_set_DSA;
-+		ENGINE_get_finish_function;
-+		ENGINE_get_default_RSA;
-+		ENGINE_get_BN_mod_exp;
-+		DSA_get_default_openssl_method;
-+		ENGINE_set_DH;
-+		ENGINE_set_def_BN_mod_exp_crt;
-+		ENGINE_set_default_BN_mod_exp_crt;
-+		ENGINE_init;
-+		DH_get_default_openssl_method;
-+		RSA_set_default_openssl_method;
-+		ENGINE_finish;
-+		ENGINE_load_public_key;
-+		ENGINE_get_DH;
-+		ENGINE_ctrl;
-+		ENGINE_get_init_function;
-+		ENGINE_set_init_function;
-+		ENGINE_set_default_DSA;
-+		ENGINE_get_name;
-+		ENGINE_get_last;
-+		ENGINE_get_prev;
-+		ENGINE_get_default_DH;
-+		ENGINE_get_RSA;
-+		ENGINE_set_default;
-+		ENGINE_get_RAND;
-+		ENGINE_get_first;
-+		ENGINE_by_id;
-+		ENGINE_set_finish_function;
-+		ENGINE_get_def_BN_mod_exp_crt;
-+		ENGINE_get_default_BN_mod_exp_crt;
-+		RSA_get_default_openssl_method;
-+		ENGINE_set_RSA;
-+		ENGINE_load_private_key;
-+		ENGINE_set_default_RAND;
-+		ENGINE_set_BN_mod_exp;
-+		ENGINE_remove;
-+		ENGINE_free;
-+		ENGINE_get_BN_mod_exp_crt;
-+		ENGINE_get_next;
-+		ENGINE_set_name;
-+		ENGINE_get_default_DSA;
-+		ENGINE_set_default_BN_mod_exp;
-+		ENGINE_set_default_RSA;
-+		ENGINE_get_default_RAND;
-+		ENGINE_get_default_BN_mod_exp;
-+		ENGINE_set_RAND;
-+		ENGINE_set_id;
-+		ENGINE_set_BN_mod_exp_crt;
-+		ENGINE_set_default_DH;
-+		ENGINE_new;
-+		ENGINE_get_id;
-+		DSA_set_default_openssl_method;
-+		ENGINE_add;
-+		DH_set_default_openssl_method;
-+		ENGINE_get_DSA;
-+		ENGINE_get_ctrl_function;
-+		ENGINE_set_ctrl_function;
-+		BN_pseudo_rand_range;
-+		X509_STORE_CTX_set_verify_cb;
-+		ERR_load_COMP_strings;
-+		PKCS12_item_decrypt_d2i;
-+		ASN1_UTF8STRING_it;
-+		ENGINE_unregister_ciphers;
-+		ENGINE_get_ciphers;
-+		d2i_OCSP_BASICRESP;
-+		KRB5_CHECKSUM_it;
-+		EC_POINT_add;
-+		ASN1_item_ex_i2d;
-+		OCSP_CERTID_it;
-+		d2i_OCSP_RESPBYTES;
-+		X509V3_add1_i2d;
-+		PKCS7_ENVELOPE_it;
-+		UI_add_input_boolean;
-+		ENGINE_unregister_RSA;
-+		X509V3_EXT_nconf;
-+		ASN1_GENERALSTRING_free;
-+		d2i_OCSP_CERTSTATUS;
-+		X509_REVOKED_set_serialNumber;
-+		X509_print_ex;
-+		OCSP_ONEREQ_get1_ext_d2i;
-+		ENGINE_register_all_RAND;
-+		ENGINE_load_dynamic;
-+		PBKDF2PARAM_it;
-+		EXTENDED_KEY_USAGE_new;
-+		EC_GROUP_clear_free;
-+		OCSP_sendreq_bio;
-+		ASN1_item_digest;
-+		OCSP_BASICRESP_delete_ext;
-+		OCSP_SIGNATURE_it;
-+		X509_CRL_it;
-+		OCSP_BASICRESP_add_ext;
-+		KRB5_ENCKEY_it;
-+		UI_method_set_closer;
-+		X509_STORE_set_purpose;
-+		i2d_ASN1_GENERALSTRING;
-+		OCSP_response_status;
-+		i2d_OCSP_SERVICELOC;
-+		ENGINE_get_digest_engine;
-+		EC_GROUP_set_curve_GFp;
-+		OCSP_REQUEST_get_ext_by_OBJ;
-+		_ossl_old_des_random_key;
-+		ASN1_T61STRING_it;
-+		EC_GROUP_method_of;
-+		i2d_KRB5_APREQ;
-+		_ossl_old_des_encrypt;
-+		ASN1_PRINTABLE_new;
-+		HMAC_Init_ex;
-+		d2i_KRB5_AUTHENT;
-+		OCSP_archive_cutoff_new;
-+		EC_POINT_set_Jprojective_coordinates_GFp;
-+		EC_POINT_set_Jproj_coords_GFp;
-+		_ossl_old_des_is_weak_key;
-+		OCSP_BASICRESP_get_ext_by_OBJ;
-+		EC_POINT_oct2point;
-+		OCSP_SINGLERESP_get_ext_count;
-+		UI_ctrl;
-+		_shadow_DES_rw_mode;
-+		asn1_do_adb;
-+		ASN1_template_i2d;
-+		ENGINE_register_DH;
-+		UI_construct_prompt;
-+		X509_STORE_set_trust;
-+		UI_dup_input_string;
-+		d2i_KRB5_APREQ;
-+		EVP_MD_CTX_copy_ex;
-+		OCSP_request_is_signed;
-+		i2d_OCSP_REQINFO;
-+		KRB5_ENCKEY_free;
-+		OCSP_resp_get0;
-+		GENERAL_NAME_it;
-+		ASN1_GENERALIZEDTIME_it;
-+		X509_STORE_set_flags;
-+		EC_POINT_set_compressed_coordinates_GFp;
-+		EC_POINT_set_compr_coords_GFp;
-+		OCSP_response_status_str;
-+		d2i_OCSP_REVOKEDINFO;
-+		OCSP_basic_add1_cert;
-+		ERR_get_implementation;
-+		EVP_CipherFinal_ex;
-+		OCSP_CERTSTATUS_new;
-+		CRYPTO_cleanup_all_ex_data;
-+		OCSP_resp_find;
-+		BN_nnmod;
-+		X509_CRL_sort;
-+		X509_REVOKED_set_revocationDate;
-+		ENGINE_register_RAND;
-+		OCSP_SERVICELOC_new;
-+		EC_POINT_set_affine_coordinates_GFp;
-+		EC_POINT_set_affine_coords_GFp;
-+		_ossl_old_des_options;
-+		SXNET_it;
-+		UI_dup_input_boolean;
-+		PKCS12_add_CSPName_asc;
-+		EC_POINT_is_at_infinity;
-+		ENGINE_load_cryptodev;
-+		DSO_convert_filename;
-+		POLICYQUALINFO_it;
-+		ENGINE_register_ciphers;
-+		BN_mod_lshift_quick;
-+		DSO_set_filename;
-+		ASN1_item_free;
-+		KRB5_TKTBODY_free;
-+		AUTHORITY_KEYID_it;
-+		KRB5_APREQBODY_new;
-+		X509V3_EXT_REQ_add_nconf;
-+		ENGINE_ctrl_cmd_string;
-+		i2d_OCSP_RESPDATA;
-+		EVP_MD_CTX_init;
-+		EXTENDED_KEY_USAGE_free;
-+		PKCS7_ATTR_SIGN_it;
-+		UI_add_error_string;
-+		KRB5_CHECKSUM_free;
-+		OCSP_REQUEST_get_ext;
-+		ENGINE_load_ubsec;
-+		ENGINE_register_all_digests;
-+		PKEY_USAGE_PERIOD_it;
-+		PKCS12_unpack_authsafes;
-+		ASN1_item_unpack;
-+		NETSCAPE_SPKAC_it;
-+		X509_REVOKED_it;
-+		ASN1_STRING_encode;
-+		EVP_aes_128_ecb;
-+		KRB5_AUTHENT_free;
-+		OCSP_BASICRESP_get_ext_by_critical;
-+		OCSP_BASICRESP_get_ext_by_crit;
-+		OCSP_cert_status_str;
-+		d2i_OCSP_REQUEST;
-+		UI_dup_info_string;
-+		_ossl_old_des_xwhite_in2out;
-+		PKCS12_it;
-+		OCSP_SINGLERESP_get_ext_by_critical;
-+		OCSP_SINGLERESP_get_ext_by_crit;
-+		OCSP_CERTSTATUS_free;
-+		_ossl_old_des_crypt;
-+		ASN1_item_i2d;
-+		EVP_DecryptFinal_ex;
-+		ENGINE_load_openssl;
-+		ENGINE_get_cmd_defns;
-+		ENGINE_set_load_privkey_function;
-+		ENGINE_set_load_privkey_fn;
-+		EVP_EncryptFinal_ex;
-+		ENGINE_set_default_digests;
-+		X509_get0_pubkey_bitstr;
-+		asn1_ex_i2c;
-+		ENGINE_register_RSA;
-+		ENGINE_unregister_DSA;
-+		_ossl_old_des_key_sched;
-+		X509_EXTENSION_it;
-+		i2d_KRB5_AUTHENT;
-+		SXNETID_it;
-+		d2i_OCSP_SINGLERESP;
-+		EDIPARTYNAME_new;
-+		PKCS12_certbag2x509;
-+		_ossl_old_des_ofb64_encrypt;
-+		d2i_EXTENDED_KEY_USAGE;
-+		ERR_print_errors_cb;
-+		ENGINE_set_ciphers;
-+		d2i_KRB5_APREQBODY;
-+		UI_method_get_flusher;
-+		X509_PUBKEY_it;
-+		_ossl_old_des_enc_read;
-+		PKCS7_ENCRYPT_it;
-+		i2d_OCSP_RESPONSE;
-+		EC_GROUP_get_cofactor;
-+		PKCS12_unpack_p7data;
-+		d2i_KRB5_AUTHDATA;
-+		OCSP_copy_nonce;
-+		KRB5_AUTHDATA_new;
-+		OCSP_RESPDATA_new;
-+		EC_GFp_mont_method;
-+		OCSP_REVOKEDINFO_free;
-+		UI_get_ex_data;
-+		KRB5_APREQBODY_free;
-+		EC_GROUP_get0_generator;
-+		UI_get_default_method;
-+		X509V3_set_nconf;
-+		PKCS12_item_i2d_encrypt;
-+		X509_add1_ext_i2d;
-+		PKCS7_SIGNER_INFO_it;
-+		KRB5_PRINCNAME_new;
-+		PKCS12_SAFEBAG_it;
-+		EC_GROUP_get_order;
-+		d2i_OCSP_RESPID;
-+		OCSP_request_verify;
-+		NCONF_get_number_e;
-+		_ossl_old_des_decrypt3;
-+		X509_signature_print;
-+		OCSP_SINGLERESP_free;
-+		ENGINE_load_builtin_engines;
-+		i2d_OCSP_ONEREQ;
-+		OCSP_REQUEST_add_ext;
-+		OCSP_RESPBYTES_new;
-+		EVP_MD_CTX_create;
-+		OCSP_resp_find_status;
-+		X509_ALGOR_it;
-+		ASN1_TIME_it;
-+		OCSP_request_set1_name;
-+		OCSP_ONEREQ_get_ext_count;
-+		UI_get0_result;
-+		PKCS12_AUTHSAFES_it;
-+		EVP_aes_256_ecb;
-+		PKCS12_pack_authsafes;
-+		ASN1_IA5STRING_it;
-+		UI_get_input_flags;
-+		EC_GROUP_set_generator;
-+		_ossl_old_des_string_to_2keys;
-+		OCSP_CERTID_free;
-+		X509_CERT_AUX_it;
-+		CERTIFICATEPOLICIES_it;
-+		_ossl_old_des_ede3_cbc_encrypt;
-+		RAND_set_rand_engine;
-+		DSO_get_loaded_filename;
-+		X509_ATTRIBUTE_it;
-+		OCSP_ONEREQ_get_ext_by_NID;
-+		PKCS12_decrypt_skey;
-+		KRB5_AUTHENT_it;
-+		UI_dup_error_string;
-+		RSAPublicKey_it;
-+		i2d_OCSP_REQUEST;
-+		PKCS12_x509crl2certbag;
-+		OCSP_SERVICELOC_it;
-+		ASN1_item_sign;
-+		X509_CRL_set_issuer_name;
-+		OBJ_NAME_do_all_sorted;
-+		i2d_OCSP_BASICRESP;
-+		i2d_OCSP_RESPBYTES;
-+		PKCS12_unpack_p7encdata;
-+		HMAC_CTX_init;
-+		ENGINE_get_digest;
-+		OCSP_RESPONSE_print;
-+		KRB5_TKTBODY_it;
-+		ACCESS_DESCRIPTION_it;
-+		PKCS7_ISSUER_AND_SERIAL_it;
-+		PBE2PARAM_it;
-+		PKCS12_certbag2x509crl;
-+		PKCS7_SIGNED_it;
-+		ENGINE_get_cipher;
-+		i2d_OCSP_CRLID;
-+		OCSP_SINGLERESP_new;
-+		ENGINE_cmd_is_executable;
-+		RSA_up_ref;
-+		ASN1_GENERALSTRING_it;
-+		ENGINE_register_DSA;
-+		X509V3_EXT_add_nconf_sk;
-+		ENGINE_set_load_pubkey_function;
-+		PKCS8_decrypt;
-+		PEM_bytes_read_bio;
-+		DIRECTORYSTRING_it;
-+		d2i_OCSP_CRLID;
-+		EC_POINT_is_on_curve;
-+		CRYPTO_set_locked_mem_ex_functions;
-+		CRYPTO_set_locked_mem_ex_funcs;
-+		d2i_KRB5_CHECKSUM;
-+		ASN1_item_dup;
-+		X509_it;
-+		BN_mod_add;
-+		KRB5_AUTHDATA_free;
-+		_ossl_old_des_cbc_cksum;
-+		ASN1_item_verify;
-+		CRYPTO_set_mem_ex_functions;
-+		EC_POINT_get_Jprojective_coordinates_GFp;
-+		EC_POINT_get_Jproj_coords_GFp;
-+		ZLONG_it;
-+		CRYPTO_get_locked_mem_ex_functions;
-+		CRYPTO_get_locked_mem_ex_funcs;
-+		ASN1_TIME_check;
-+		UI_get0_user_data;
-+		HMAC_CTX_cleanup;
-+		DSA_up_ref;
-+		_ossl_old_des_ede3_cfb64_encrypt;
-+		_ossl_odes_ede3_cfb64_encrypt;
-+		ASN1_BMPSTRING_it;
-+		ASN1_tag2bit;
-+		UI_method_set_flusher;
-+		X509_ocspid_print;
-+		KRB5_ENCDATA_it;
-+		ENGINE_get_load_pubkey_function;
-+		UI_add_user_data;
-+		OCSP_REQUEST_delete_ext;
-+		UI_get_method;
-+		OCSP_ONEREQ_free;
-+		ASN1_PRINTABLESTRING_it;
-+		X509_CRL_set_nextUpdate;
-+		OCSP_REQUEST_it;
-+		OCSP_BASICRESP_it;
-+		AES_ecb_encrypt;
-+		BN_mod_sqr;
-+		NETSCAPE_CERT_SEQUENCE_it;
-+		GENERAL_NAMES_it;
-+		AUTHORITY_INFO_ACCESS_it;
-+		ASN1_FBOOLEAN_it;
-+		UI_set_ex_data;
-+		_ossl_old_des_string_to_key;
-+		ENGINE_register_all_RSA;
-+		d2i_KRB5_PRINCNAME;
-+		OCSP_RESPBYTES_it;
-+		X509_CINF_it;
-+		ENGINE_unregister_digests;
-+		d2i_EDIPARTYNAME;
-+		d2i_OCSP_SERVICELOC;
-+		ENGINE_get_digests;
-+		_ossl_old_des_set_odd_parity;
-+		OCSP_RESPDATA_free;
-+		d2i_KRB5_TICKET;
-+		OTHERNAME_it;
-+		EVP_MD_CTX_cleanup;
-+		d2i_ASN1_GENERALSTRING;
-+		X509_CRL_set_version;
-+		BN_mod_sub;
-+		OCSP_SINGLERESP_get_ext_by_NID;
-+		ENGINE_get_ex_new_index;
-+		OCSP_REQUEST_free;
-+		OCSP_REQUEST_add1_ext_i2d;
-+		X509_VAL_it;
-+		EC_POINTs_make_affine;
-+		EC_POINT_mul;
-+		X509V3_EXT_add_nconf;
-+		X509_TRUST_set;
-+		X509_CRL_add1_ext_i2d;
-+		_ossl_old_des_fcrypt;
-+		DISPLAYTEXT_it;
-+		X509_CRL_set_lastUpdate;
-+		OCSP_BASICRESP_free;
-+		OCSP_BASICRESP_add1_ext_i2d;
-+		d2i_KRB5_AUTHENTBODY;
-+		CRYPTO_set_ex_data_implementation;
-+		CRYPTO_set_ex_data_impl;
-+		KRB5_ENCDATA_new;
-+		DSO_up_ref;
-+		OCSP_crl_reason_str;
-+		UI_get0_result_string;
-+		ASN1_GENERALSTRING_new;
-+		X509_SIG_it;
-+		ERR_set_implementation;
-+		ERR_load_EC_strings;
-+		UI_get0_action_string;
-+		OCSP_ONEREQ_get_ext;
-+		EC_POINT_method_of;
-+		i2d_KRB5_APREQBODY;
-+		_ossl_old_des_ecb3_encrypt;
-+		CRYPTO_get_mem_ex_functions;
-+		ENGINE_get_ex_data;
-+		UI_destroy_method;
-+		ASN1_item_i2d_bio;
-+		OCSP_ONEREQ_get_ext_by_OBJ;
-+		ASN1_primitive_new;
-+		ASN1_PRINTABLE_it;
-+		EVP_aes_192_ecb;
-+		OCSP_SIGNATURE_new;
-+		LONG_it;
-+		ASN1_VISIBLESTRING_it;
-+		OCSP_SINGLERESP_add1_ext_i2d;
-+		d2i_OCSP_CERTID;
-+		ASN1_item_d2i_fp;
-+		CRL_DIST_POINTS_it;
-+		GENERAL_NAME_print;
-+		OCSP_SINGLERESP_delete_ext;
-+		PKCS12_SAFEBAGS_it;
-+		d2i_OCSP_SIGNATURE;
-+		OCSP_request_add1_nonce;
-+		ENGINE_set_cmd_defns;
-+		OCSP_SERVICELOC_free;
-+		EC_GROUP_free;
-+		ASN1_BIT_STRING_it;
-+		X509_REQ_it;
-+		_ossl_old_des_cbc_encrypt;
-+		ERR_unload_strings;
-+		PKCS7_SIGN_ENVELOPE_it;
-+		EDIPARTYNAME_free;
-+		OCSP_REQINFO_free;
-+		EC_GROUP_new_curve_GFp;
-+		OCSP_REQUEST_get1_ext_d2i;
-+		PKCS12_item_pack_safebag;
-+		asn1_ex_c2i;
-+		ENGINE_register_digests;
-+		i2d_OCSP_REVOKEDINFO;
-+		asn1_enc_restore;
-+		UI_free;
-+		UI_new_method;
-+		EVP_EncryptInit_ex;
-+		X509_pubkey_digest;
-+		EC_POINT_invert;
-+		OCSP_basic_sign;
-+		i2d_OCSP_RESPID;
-+		OCSP_check_nonce;
-+		ENGINE_ctrl_cmd;
-+		d2i_KRB5_ENCKEY;
-+		OCSP_parse_url;
-+		OCSP_SINGLERESP_get_ext;
-+		OCSP_CRLID_free;
-+		OCSP_BASICRESP_get1_ext_d2i;
-+		RSAPrivateKey_it;
-+		ENGINE_register_all_DH;
-+		i2d_EDIPARTYNAME;
-+		EC_POINT_get_affine_coordinates_GFp;
-+		EC_POINT_get_affine_coords_GFp;
-+		OCSP_CRLID_new;
-+		ENGINE_get_flags;
-+		OCSP_ONEREQ_it;
-+		UI_process;
-+		ASN1_INTEGER_it;
-+		EVP_CipherInit_ex;
-+		UI_get_string_type;
-+		ENGINE_unregister_DH;
-+		ENGINE_register_all_DSA;
-+		OCSP_ONEREQ_get_ext_by_critical;
-+		bn_dup_expand;
-+		OCSP_cert_id_new;
-+		BASIC_CONSTRAINTS_it;
-+		BN_mod_add_quick;
-+		EC_POINT_new;
-+		EVP_MD_CTX_destroy;
-+		OCSP_RESPBYTES_free;
-+		EVP_aes_128_cbc;
-+		OCSP_SINGLERESP_get1_ext_d2i;
-+		EC_POINT_free;
-+		DH_up_ref;
-+		X509_NAME_ENTRY_it;
-+		UI_get_ex_new_index;
-+		BN_mod_sub_quick;
-+		OCSP_ONEREQ_add_ext;
-+		OCSP_request_sign;
-+		EVP_DigestFinal_ex;
-+		ENGINE_set_digests;
-+		OCSP_id_issuer_cmp;
-+		OBJ_NAME_do_all;
-+		EC_POINTs_mul;
-+		ENGINE_register_complete;
-+		X509V3_EXT_nconf_nid;
-+		ASN1_SEQUENCE_it;
-+		UI_set_default_method;
-+		RAND_query_egd_bytes;
-+		UI_method_get_writer;
-+		UI_OpenSSL;
-+		PEM_def_callback;
-+		ENGINE_cleanup;
-+		DIST_POINT_it;
-+		OCSP_SINGLERESP_it;
-+		d2i_KRB5_TKTBODY;
-+		EC_POINT_cmp;
-+		OCSP_REVOKEDINFO_new;
-+		i2d_OCSP_CERTSTATUS;
-+		OCSP_basic_add1_nonce;
-+		ASN1_item_ex_d2i;
-+		BN_mod_lshift1_quick;
-+		UI_set_method;
-+		OCSP_id_get0_info;
-+		BN_mod_sqrt;
-+		EC_GROUP_copy;
-+		KRB5_ENCDATA_free;
-+		_ossl_old_des_cfb_encrypt;
-+		OCSP_SINGLERESP_get_ext_by_OBJ;
-+		OCSP_cert_to_id;
-+		OCSP_RESPID_new;
-+		OCSP_RESPDATA_it;
-+		d2i_OCSP_RESPDATA;
-+		ENGINE_register_all_complete;
-+		OCSP_check_validity;
-+		PKCS12_BAGS_it;
-+		OCSP_url_svcloc_new;
-+		ASN1_template_free;
-+		OCSP_SINGLERESP_add_ext;
-+		KRB5_AUTHENTBODY_it;
-+		X509_supported_extension;
-+		i2d_KRB5_AUTHDATA;
-+		UI_method_get_opener;
-+		ENGINE_set_ex_data;
-+		OCSP_REQUEST_print;
-+		CBIGNUM_it;
-+		KRB5_TICKET_new;
-+		KRB5_APREQ_new;
-+		EC_GROUP_get_curve_GFp;
-+		KRB5_ENCKEY_new;
-+		ASN1_template_d2i;
-+		_ossl_old_des_quad_cksum;
-+		OCSP_single_get0_status;
-+		BN_swap;
-+		POLICYINFO_it;
-+		ENGINE_set_destroy_function;
-+		asn1_enc_free;
-+		OCSP_RESPID_it;
-+		EC_GROUP_new;
-+		EVP_aes_256_cbc;
-+		i2d_KRB5_PRINCNAME;
-+		_ossl_old_des_encrypt2;
-+		_ossl_old_des_encrypt3;
-+		PKCS8_PRIV_KEY_INFO_it;
-+		OCSP_REQINFO_it;
-+		PBEPARAM_it;
-+		KRB5_AUTHENTBODY_new;
-+		X509_CRL_add0_revoked;
-+		EDIPARTYNAME_it;
-+		NETSCAPE_SPKI_it;
-+		UI_get0_test_string;
-+		ENGINE_get_cipher_engine;
-+		ENGINE_register_all_ciphers;
-+		EC_POINT_copy;
-+		BN_kronecker;
-+		_ossl_old_des_ede3_ofb64_encrypt;
-+		_ossl_odes_ede3_ofb64_encrypt;
-+		UI_method_get_reader;
-+		OCSP_BASICRESP_get_ext_count;
-+		ASN1_ENUMERATED_it;
-+		UI_set_result;
-+		i2d_KRB5_TICKET;
-+		X509_print_ex_fp;
-+		EVP_CIPHER_CTX_set_padding;
-+		d2i_OCSP_RESPONSE;
-+		ASN1_UTCTIME_it;
-+		_ossl_old_des_enc_write;
-+		OCSP_RESPONSE_new;
-+		AES_set_encrypt_key;
-+		OCSP_resp_count;
-+		KRB5_CHECKSUM_new;
-+		ENGINE_load_cswift;
-+		OCSP_onereq_get0_id;
-+		ENGINE_set_default_ciphers;
-+		NOTICEREF_it;
-+		X509V3_EXT_CRL_add_nconf;
-+		OCSP_REVOKEDINFO_it;
-+		AES_encrypt;
-+		OCSP_REQUEST_new;
-+		ASN1_ANY_it;
-+		CRYPTO_ex_data_new_class;
-+		_ossl_old_des_ncbc_encrypt;
-+		i2d_KRB5_TKTBODY;
-+		EC_POINT_clear_free;
-+		AES_decrypt;
-+		asn1_enc_init;
-+		UI_get_result_maxsize;
-+		OCSP_CERTID_new;
-+		ENGINE_unregister_RAND;
-+		UI_method_get_closer;
-+		d2i_KRB5_ENCDATA;
-+		OCSP_request_onereq_count;
-+		OCSP_basic_verify;
-+		KRB5_AUTHENTBODY_free;
-+		ASN1_item_d2i;
-+		ASN1_primitive_free;
-+		i2d_EXTENDED_KEY_USAGE;
-+		i2d_OCSP_SIGNATURE;
-+		asn1_enc_save;
-+		ENGINE_load_nuron;
-+		_ossl_old_des_pcbc_encrypt;
-+		PKCS12_MAC_DATA_it;
-+		OCSP_accept_responses_new;
-+		asn1_do_lock;
-+		PKCS7_ATTR_VERIFY_it;
-+		KRB5_APREQBODY_it;
-+		i2d_OCSP_SINGLERESP;
-+		ASN1_item_ex_new;
-+		UI_add_verify_string;
-+		_ossl_old_des_set_key;
-+		KRB5_PRINCNAME_it;
-+		EVP_DecryptInit_ex;
-+		i2d_OCSP_CERTID;
-+		ASN1_item_d2i_bio;
-+		EC_POINT_dbl;
-+		asn1_get_choice_selector;
-+		i2d_KRB5_CHECKSUM;
-+		ENGINE_set_table_flags;
-+		AES_options;
-+		ENGINE_load_chil;
-+		OCSP_id_cmp;
-+		OCSP_BASICRESP_new;
-+		OCSP_REQUEST_get_ext_by_NID;
-+		KRB5_APREQ_it;
-+		ENGINE_get_destroy_function;
-+		CONF_set_nconf;
-+		ASN1_PRINTABLE_free;
-+		OCSP_BASICRESP_get_ext_by_NID;
-+		DIST_POINT_NAME_it;
-+		X509V3_extensions_print;
-+		_ossl_old_des_cfb64_encrypt;
-+		X509_REVOKED_add1_ext_i2d;
-+		_ossl_old_des_ofb_encrypt;
-+		KRB5_TKTBODY_new;
-+		ASN1_OCTET_STRING_it;
-+		ERR_load_UI_strings;
-+		i2d_KRB5_ENCKEY;
-+		ASN1_template_new;
-+		OCSP_SIGNATURE_free;
-+		ASN1_item_i2d_fp;
-+		KRB5_PRINCNAME_free;
-+		PKCS7_RECIP_INFO_it;
-+		EXTENDED_KEY_USAGE_it;
-+		EC_GFp_simple_method;
-+		EC_GROUP_precompute_mult;
-+		OCSP_request_onereq_get0;
-+		UI_method_set_writer;
-+		KRB5_AUTHENT_new;
-+		X509_CRL_INFO_it;
-+		DSO_set_name_converter;
-+		AES_set_decrypt_key;
-+		PKCS7_DIGEST_it;
-+		PKCS12_x5092certbag;
-+		EVP_DigestInit_ex;
-+		i2a_ACCESS_DESCRIPTION;
-+		OCSP_RESPONSE_it;
-+		PKCS7_ENC_CONTENT_it;
-+		OCSP_request_add0_id;
-+		EC_POINT_make_affine;
-+		DSO_get_filename;
-+		OCSP_CERTSTATUS_it;
-+		OCSP_request_add1_cert;
-+		UI_get0_output_string;
-+		UI_dup_verify_string;
-+		BN_mod_lshift;
-+		KRB5_AUTHDATA_it;
-+		asn1_set_choice_selector;
-+		OCSP_basic_add1_status;
-+		OCSP_RESPID_free;
-+		asn1_get_field_ptr;
-+		UI_add_input_string;
-+		OCSP_CRLID_it;
-+		i2d_KRB5_AUTHENTBODY;
-+		OCSP_REQUEST_get_ext_count;
-+		ENGINE_load_atalla;
-+		X509_NAME_it;
-+		USERNOTICE_it;
-+		OCSP_REQINFO_new;
-+		OCSP_BASICRESP_get_ext;
-+		CRYPTO_get_ex_data_implementation;
-+		CRYPTO_get_ex_data_impl;
-+		ASN1_item_pack;
-+		i2d_KRB5_ENCDATA;
-+		X509_PURPOSE_set;
-+		X509_REQ_INFO_it;
-+		UI_method_set_opener;
-+		ASN1_item_ex_free;
-+		ASN1_BOOLEAN_it;
-+		ENGINE_get_table_flags;
-+		UI_create_method;
-+		OCSP_ONEREQ_add1_ext_i2d;
-+		_shadow_DES_check_key;
-+		d2i_OCSP_REQINFO;
-+		UI_add_info_string;
-+		UI_get_result_minsize;
-+		ASN1_NULL_it;
-+		BN_mod_lshift1;
-+		d2i_OCSP_ONEREQ;
-+		OCSP_ONEREQ_new;
-+		KRB5_TICKET_it;
-+		EVP_aes_192_cbc;
-+		KRB5_TICKET_free;
-+		UI_new;
-+		OCSP_response_create;
-+		_ossl_old_des_xcbc_encrypt;
-+		PKCS7_it;
-+		OCSP_REQUEST_get_ext_by_critical;
-+		OCSP_REQUEST_get_ext_by_crit;
-+		ENGINE_set_flags;
-+		_ossl_old_des_ecb_encrypt;
-+		OCSP_response_get1_basic;
-+		EVP_Digest;
-+		OCSP_ONEREQ_delete_ext;
-+		ASN1_TBOOLEAN_it;
-+		ASN1_item_new;
-+		ASN1_TIME_to_generalizedtime;
-+		BIGNUM_it;
-+		AES_cbc_encrypt;
-+		ENGINE_get_load_privkey_function;
-+		ENGINE_get_load_privkey_fn;
-+		OCSP_RESPONSE_free;
-+		UI_method_set_reader;
-+		i2d_ASN1_T61STRING;
-+		EC_POINT_set_to_infinity;
-+		ERR_load_OCSP_strings;
-+		EC_POINT_point2oct;
-+		KRB5_APREQ_free;
-+		ASN1_OBJECT_it;
-+		OCSP_crlID_new;
-+		OCSP_crlID2_new;
-+		CONF_modules_load_file;
-+		CONF_imodule_set_usr_data;
-+		ENGINE_set_default_string;
-+		CONF_module_get_usr_data;
-+		ASN1_add_oid_module;
-+		CONF_modules_finish;
-+		OPENSSL_config;
-+		CONF_modules_unload;
-+		CONF_imodule_get_value;
-+		CONF_module_set_usr_data;
-+		CONF_parse_list;
-+		CONF_module_add;
-+		CONF_get1_default_config_file;
-+		CONF_imodule_get_flags;
-+		CONF_imodule_get_module;
-+		CONF_modules_load;
-+		CONF_imodule_get_name;
-+		ERR_peek_top_error;
-+		CONF_imodule_get_usr_data;
-+		CONF_imodule_set_flags;
-+		ENGINE_add_conf_module;
-+		ERR_peek_last_error_line;
-+		ERR_peek_last_error_line_data;
-+		ERR_peek_last_error;
-+		DES_read_2passwords;
-+		DES_read_password;
-+		UI_UTIL_read_pw;
-+		UI_UTIL_read_pw_string;
-+		ENGINE_load_aep;
-+		ENGINE_load_sureware;
-+		OPENSSL_add_all_algorithms_noconf;
-+		OPENSSL_add_all_algo_noconf;
-+		OPENSSL_add_all_algorithms_conf;
-+		OPENSSL_add_all_algo_conf;
-+		OPENSSL_load_builtin_modules;
-+		AES_ofb128_encrypt;
-+		AES_ctr128_encrypt;
-+		AES_cfb128_encrypt;
-+		ENGINE_load_4758cca;
-+		_ossl_096_des_random_seed;
-+		EVP_aes_256_ofb;
-+		EVP_aes_192_ofb;
-+		EVP_aes_128_cfb128;
-+		EVP_aes_256_cfb128;
-+		EVP_aes_128_ofb;
-+		EVP_aes_192_cfb128;
-+		CONF_modules_free;
-+		NCONF_default;
-+		OPENSSL_no_config;
-+		NCONF_WIN32;
-+		ASN1_UNIVERSALSTRING_new;
-+		EVP_des_ede_ecb;
-+		i2d_ASN1_UNIVERSALSTRING;
-+		ASN1_UNIVERSALSTRING_free;
-+		ASN1_UNIVERSALSTRING_it;
-+		d2i_ASN1_UNIVERSALSTRING;
-+		EVP_des_ede3_ecb;
-+		X509_REQ_print_ex;
-+		ENGINE_up_ref;
-+		BUF_MEM_grow_clean;
-+		CRYPTO_realloc_clean;
-+		BUF_strlcat;
-+		BIO_indent;
-+		BUF_strlcpy;
-+		OpenSSLDie;
-+		OPENSSL_cleanse;
-+		ENGINE_setup_bsd_cryptodev;
-+		ERR_release_err_state_table;
-+		EVP_aes_128_cfb8;
-+		FIPS_corrupt_rsa;
-+		FIPS_selftest_des;
-+		EVP_aes_128_cfb1;
-+		EVP_aes_192_cfb8;
-+		FIPS_mode_set;
-+		FIPS_selftest_dsa;
-+		EVP_aes_256_cfb8;
-+		FIPS_allow_md5;
-+		DES_ede3_cfb_encrypt;
-+		EVP_des_ede3_cfb8;
-+		FIPS_rand_seeded;
-+		AES_cfbr_encrypt_block;
-+		AES_cfb8_encrypt;
-+		FIPS_rand_seed;
-+		FIPS_corrupt_des;
-+		EVP_aes_192_cfb1;
-+		FIPS_selftest_aes;
-+		FIPS_set_prng_key;
-+		EVP_des_cfb8;
-+		FIPS_corrupt_dsa;
-+		FIPS_test_mode;
-+		FIPS_rand_method;
-+		EVP_aes_256_cfb1;
-+		ERR_load_FIPS_strings;
-+		FIPS_corrupt_aes;
-+		FIPS_selftest_sha1;
-+		FIPS_selftest_rsa;
-+		FIPS_corrupt_sha1;
-+		EVP_des_cfb1;
-+		FIPS_dsa_check;
-+		AES_cfb1_encrypt;
-+		EVP_des_ede3_cfb1;
-+		FIPS_rand_check;
-+		FIPS_md5_allowed;
-+		FIPS_mode;
-+		FIPS_selftest_failed;
-+		sk_is_sorted;
-+		X509_check_ca;
-+		HMAC_CTX_set_flags;
-+		d2i_PROXY_CERT_INFO_EXTENSION;
-+		PROXY_POLICY_it;
-+		i2d_PROXY_POLICY;
-+		i2d_PROXY_CERT_INFO_EXTENSION;
-+		d2i_PROXY_POLICY;
-+		PROXY_CERT_INFO_EXTENSION_new;
-+		PROXY_CERT_INFO_EXTENSION_free;
-+		PROXY_CERT_INFO_EXTENSION_it;
-+		PROXY_POLICY_free;
-+		PROXY_POLICY_new;
-+		BN_MONT_CTX_set_locked;
-+		FIPS_selftest_rng;
-+		EVP_sha384;
-+		EVP_sha512;
-+		EVP_sha224;
-+		EVP_sha256;
-+		FIPS_selftest_hmac;
-+		FIPS_corrupt_rng;
-+		BN_mod_exp_mont_consttime;
-+		RSA_X931_hash_id;
-+		RSA_padding_check_X931;
-+		RSA_verify_PKCS1_PSS;
-+		RSA_padding_add_X931;
-+		RSA_padding_add_PKCS1_PSS;
-+		PKCS1_MGF1;
-+		BN_X931_generate_Xpq;
-+		RSA_X931_generate_key;
-+		BN_X931_derive_prime;
-+		BN_X931_generate_prime;
-+		RSA_X931_derive;
-+		BIO_new_dgram;
-+		BN_get0_nist_prime_384;
-+		ERR_set_mark;
-+		X509_STORE_CTX_set0_crls;
-+		ENGINE_set_STORE;
-+		ENGINE_register_ECDSA;
-+		STORE_meth_set_list_start_fn;
-+		STORE_method_set_list_start_function;
-+		BN_BLINDING_invert_ex;
-+		NAME_CONSTRAINTS_free;
-+		STORE_ATTR_INFO_set_number;
-+		BN_BLINDING_get_thread_id;
-+		X509_STORE_CTX_set0_param;
-+		POLICY_MAPPING_it;
-+		STORE_parse_attrs_start;
-+		POLICY_CONSTRAINTS_free;
-+		EVP_PKEY_add1_attr_by_NID;
-+		BN_nist_mod_192;
-+		EC_GROUP_get_trinomial_basis;
-+		STORE_set_method;
-+		GENERAL_SUBTREE_free;
-+		NAME_CONSTRAINTS_it;
-+		ECDH_get_default_method;
-+		PKCS12_add_safe;
-+		EC_KEY_new_by_curve_name;
-+		STORE_meth_get_update_store_fn;
-+		STORE_method_get_update_store_function;
-+		ENGINE_register_ECDH;
-+		SHA512_Update;
-+		i2d_ECPrivateKey;
-+		BN_get0_nist_prime_192;
-+		STORE_modify_certificate;
-+		EC_POINT_set_affine_coordinates_GF2m;
-+		EC_POINT_set_affine_coords_GF2m;
-+		BN_GF2m_mod_exp_arr;
-+		STORE_ATTR_INFO_modify_number;
-+		X509_keyid_get0;
-+		ENGINE_load_gmp;
-+		pitem_new;
-+		BN_GF2m_mod_mul_arr;
-+		STORE_list_public_key_endp;
-+		o2i_ECPublicKey;
-+		EC_KEY_copy;
-+		BIO_dump_fp;
-+		X509_policy_node_get0_parent;
-+		EC_GROUP_check_discriminant;
-+		i2o_ECPublicKey;
-+		EC_KEY_precompute_mult;
-+		a2i_IPADDRESS;
-+		STORE_meth_set_initialise_fn;
-+		STORE_method_set_initialise_function;
-+		X509_STORE_CTX_set_depth;
-+		X509_VERIFY_PARAM_inherit;
-+		EC_POINT_point2bn;
-+		STORE_ATTR_INFO_set_dn;
-+		X509_policy_tree_get0_policies;
-+		EC_GROUP_new_curve_GF2m;
-+		STORE_destroy_method;
-+		ENGINE_unregister_STORE;
-+		EVP_PKEY_get1_EC_KEY;
-+		STORE_ATTR_INFO_get0_number;
-+		ENGINE_get_default_ECDH;
-+		EC_KEY_get_conv_form;
-+		ASN1_OCTET_STRING_NDEF_it;
-+		STORE_delete_public_key;
-+		STORE_get_public_key;
-+		STORE_modify_arbitrary;
-+		ENGINE_get_static_state;
-+		pqueue_iterator;
-+		ECDSA_SIG_new;
-+		OPENSSL_DIR_end;
-+		BN_GF2m_mod_sqr;
-+		EC_POINT_bn2point;
-+		X509_VERIFY_PARAM_set_depth;
-+		EC_KEY_set_asn1_flag;
-+		STORE_get_method;
-+		EC_KEY_get_key_method_data;
-+		ECDSA_sign_ex;
-+		STORE_parse_attrs_end;
-+		EC_GROUP_get_point_conversion_form;
-+		EC_GROUP_get_point_conv_form;
-+		STORE_method_set_store_function;
-+		STORE_ATTR_INFO_in;
-+		PEM_read_bio_ECPKParameters;
-+		EC_GROUP_get_pentanomial_basis;
-+		EVP_PKEY_add1_attr_by_txt;
-+		BN_BLINDING_set_flags;
-+		X509_VERIFY_PARAM_set1_policies;
-+		X509_VERIFY_PARAM_set1_name;
-+		X509_VERIFY_PARAM_set_purpose;
-+		STORE_get_number;
-+		ECDSA_sign_setup;
-+		BN_GF2m_mod_solve_quad_arr;
-+		EC_KEY_up_ref;
-+		POLICY_MAPPING_free;
-+		BN_GF2m_mod_div;
-+		X509_VERIFY_PARAM_set_flags;
-+		EC_KEY_free;
-+		STORE_meth_set_list_next_fn;
-+		STORE_method_set_list_next_function;
-+		PEM_write_bio_ECPrivateKey;
-+		d2i_EC_PUBKEY;
-+		STORE_meth_get_generate_fn;
-+		STORE_method_get_generate_function;
-+		STORE_meth_set_list_end_fn;
-+		STORE_method_set_list_end_function;
-+		pqueue_print;
-+		EC_GROUP_have_precompute_mult;
-+		EC_KEY_print_fp;
-+		BN_GF2m_mod_arr;
-+		PEM_write_bio_X509_CERT_PAIR;
-+		EVP_PKEY_cmp;
-+		X509_policy_level_node_count;
-+		STORE_new_engine;
-+		STORE_list_public_key_start;
-+		X509_VERIFY_PARAM_new;
-+		ECDH_get_ex_data;
-+		EVP_PKEY_get_attr;
-+		ECDSA_do_sign;
-+		ENGINE_unregister_ECDH;
-+		ECDH_OpenSSL;
-+		EC_KEY_set_conv_form;
-+		EC_POINT_dup;
-+		GENERAL_SUBTREE_new;
-+		STORE_list_crl_endp;
-+		EC_get_builtin_curves;
-+		X509_policy_node_get0_qualifiers;
-+		X509_pcy_node_get0_qualifiers;
-+		STORE_list_crl_end;
-+		EVP_PKEY_set1_EC_KEY;
-+		BN_GF2m_mod_sqrt_arr;
-+		i2d_ECPrivateKey_bio;
-+		ECPKParameters_print_fp;
-+		pqueue_find;
-+		ECDSA_SIG_free;
-+		PEM_write_bio_ECPKParameters;
-+		STORE_method_set_ctrl_function;
-+		STORE_list_public_key_end;
-+		EC_KEY_set_private_key;
-+		pqueue_peek;
-+		STORE_get_arbitrary;
-+		STORE_store_crl;
-+		X509_policy_node_get0_policy;
-+		PKCS12_add_safes;
-+		BN_BLINDING_convert_ex;
-+		X509_policy_tree_free;
-+		OPENSSL_ia32cap_loc;
-+		BN_GF2m_poly2arr;
-+		STORE_ctrl;
-+		STORE_ATTR_INFO_compare;
-+		BN_get0_nist_prime_224;
-+		i2d_ECParameters;
-+		i2d_ECPKParameters;
-+		BN_GENCB_call;
-+		d2i_ECPKParameters;
-+		STORE_meth_set_generate_fn;
-+		STORE_method_set_generate_function;
-+		ENGINE_set_ECDH;
-+		NAME_CONSTRAINTS_new;
-+		SHA256_Init;
-+		EC_KEY_get0_public_key;
-+		PEM_write_bio_EC_PUBKEY;
-+		STORE_ATTR_INFO_set_cstr;
-+		STORE_list_crl_next;
-+		STORE_ATTR_INFO_in_range;
-+		ECParameters_print;
-+		STORE_meth_set_delete_fn;
-+		STORE_method_set_delete_function;
-+		STORE_list_certificate_next;
-+		ASN1_generate_nconf;
-+		BUF_memdup;
-+		BN_GF2m_mod_mul;
-+		STORE_meth_get_list_next_fn;
-+		STORE_method_get_list_next_function;
-+		STORE_ATTR_INFO_get0_dn;
-+		STORE_list_private_key_next;
-+		EC_GROUP_set_seed;
-+		X509_VERIFY_PARAM_set_trust;
-+		STORE_ATTR_INFO_free;
-+		STORE_get_private_key;
-+		EVP_PKEY_get_attr_count;
-+		STORE_ATTR_INFO_new;
-+		EC_GROUP_get_curve_GF2m;
-+		STORE_meth_set_revoke_fn;
-+		STORE_method_set_revoke_function;
-+		STORE_store_number;
-+		BN_is_prime_ex;
-+		STORE_revoke_public_key;
-+		X509_STORE_CTX_get0_param;
-+		STORE_delete_arbitrary;
-+		PEM_read_X509_CERT_PAIR;
-+		X509_STORE_set_depth;
-+		ECDSA_get_ex_data;
-+		SHA224;
-+		BIO_dump_indent_fp;
-+		EC_KEY_set_group;
-+		BUF_strndup;
-+		STORE_list_certificate_start;
-+		BN_GF2m_mod;
-+		X509_REQ_check_private_key;
-+		EC_GROUP_get_seed_len;
-+		ERR_load_STORE_strings;
-+		PEM_read_bio_EC_PUBKEY;
-+		STORE_list_private_key_end;
-+		i2d_EC_PUBKEY;
-+		ECDSA_get_default_method;
-+		ASN1_put_eoc;
-+		X509_STORE_CTX_get_explicit_policy;
-+		X509_STORE_CTX_get_expl_policy;
-+		X509_VERIFY_PARAM_table_cleanup;
-+		STORE_modify_private_key;
-+		X509_VERIFY_PARAM_free;
-+		EC_METHOD_get_field_type;
-+		EC_GFp_nist_method;
-+		STORE_meth_set_modify_fn;
-+		STORE_method_set_modify_function;
-+		STORE_parse_attrs_next;
-+		ENGINE_load_padlock;
-+		EC_GROUP_set_curve_name;
-+		X509_CERT_PAIR_it;
-+		STORE_meth_get_revoke_fn;
-+		STORE_method_get_revoke_function;
-+		STORE_method_set_get_function;
-+		STORE_modify_number;
-+		STORE_method_get_store_function;
-+		STORE_store_private_key;
-+		BN_GF2m_mod_sqr_arr;
-+		RSA_setup_blinding;
-+		BIO_s_datagram;
-+		STORE_Memory;
-+		sk_find_ex;
-+		EC_GROUP_set_curve_GF2m;
-+		ENGINE_set_default_ECDSA;
-+		POLICY_CONSTRAINTS_new;
-+		BN_GF2m_mod_sqrt;
-+		ECDH_set_default_method;
-+		EC_KEY_generate_key;
-+		SHA384_Update;
-+		BN_GF2m_arr2poly;
-+		STORE_method_get_get_function;
-+		STORE_meth_set_cleanup_fn;
-+		STORE_method_set_cleanup_function;
-+		EC_GROUP_check;
-+		d2i_ECPrivateKey_bio;
-+		EC_KEY_insert_key_method_data;
-+		STORE_meth_get_lock_store_fn;
-+		STORE_method_get_lock_store_function;
-+		X509_VERIFY_PARAM_get_depth;
-+		SHA224_Final;
-+		STORE_meth_set_update_store_fn;
-+		STORE_method_set_update_store_function;
-+		SHA224_Update;
-+		d2i_ECPrivateKey;
-+		ASN1_item_ndef_i2d;
-+		STORE_delete_private_key;
-+		ERR_pop_to_mark;
-+		ENGINE_register_all_STORE;
-+		X509_policy_level_get0_node;
-+		i2d_PKCS7_NDEF;
-+		EC_GROUP_get_degree;
-+		ASN1_generate_v3;
-+		STORE_ATTR_INFO_modify_cstr;
-+		X509_policy_tree_level_count;
-+		BN_GF2m_add;
-+		EC_KEY_get0_group;
-+		STORE_generate_crl;
-+		STORE_store_public_key;
-+		X509_CERT_PAIR_free;
-+		STORE_revoke_private_key;
-+		BN_nist_mod_224;
-+		SHA512_Final;
-+		STORE_ATTR_INFO_modify_dn;
-+		STORE_meth_get_initialise_fn;
-+		STORE_method_get_initialise_function;
-+		STORE_delete_number;
-+		i2d_EC_PUBKEY_bio;
-+		BIO_dgram_non_fatal_error;
-+		EC_GROUP_get_asn1_flag;
-+		STORE_ATTR_INFO_in_ex;
-+		STORE_list_crl_start;
-+		ECDH_get_ex_new_index;
-+		STORE_meth_get_modify_fn;
-+		STORE_method_get_modify_function;
-+		v2i_ASN1_BIT_STRING;
-+		STORE_store_certificate;
-+		OBJ_bsearch_ex;
-+		X509_STORE_CTX_set_default;
-+		STORE_ATTR_INFO_set_sha1str;
-+		BN_GF2m_mod_inv;
-+		BN_GF2m_mod_exp;
-+		STORE_modify_public_key;
-+		STORE_meth_get_list_start_fn;
-+		STORE_method_get_list_start_function;
-+		EC_GROUP_get0_seed;
-+		STORE_store_arbitrary;
-+		STORE_meth_set_unlock_store_fn;
-+		STORE_method_set_unlock_store_function;
-+		BN_GF2m_mod_div_arr;
-+		ENGINE_set_ECDSA;
-+		STORE_create_method;
-+		ECPKParameters_print;
-+		EC_KEY_get0_private_key;
-+		PEM_write_EC_PUBKEY;
-+		X509_VERIFY_PARAM_set1;
-+		ECDH_set_method;
-+		v2i_GENERAL_NAME_ex;
-+		ECDH_set_ex_data;
-+		STORE_generate_key;
-+		BN_nist_mod_521;
-+		X509_policy_tree_get0_level;
-+		EC_GROUP_set_point_conversion_form;
-+		EC_GROUP_set_point_conv_form;
-+		PEM_read_EC_PUBKEY;
-+		i2d_ECDSA_SIG;
-+		ECDSA_OpenSSL;
-+		STORE_delete_crl;
-+		EC_KEY_get_enc_flags;
-+		ASN1_const_check_infinite_end;
-+		EVP_PKEY_delete_attr;
-+		ECDSA_set_default_method;
-+		EC_POINT_set_compressed_coordinates_GF2m;
-+		EC_POINT_set_compr_coords_GF2m;
-+		EC_GROUP_cmp;
-+		STORE_revoke_certificate;
-+		BN_get0_nist_prime_256;
-+		STORE_meth_get_delete_fn;
-+		STORE_method_get_delete_function;
-+		SHA224_Init;
-+		PEM_read_ECPrivateKey;
-+		SHA512_Init;
-+		STORE_parse_attrs_endp;
-+		BN_set_negative;
-+		ERR_load_ECDSA_strings;
-+		EC_GROUP_get_basis_type;
-+		STORE_list_public_key_next;
-+		i2v_ASN1_BIT_STRING;
-+		STORE_OBJECT_free;
-+		BN_nist_mod_384;
-+		i2d_X509_CERT_PAIR;
-+		PEM_write_ECPKParameters;
-+		ECDH_compute_key;
-+		STORE_ATTR_INFO_get0_sha1str;
-+		ENGINE_register_all_ECDH;
-+		pqueue_pop;
-+		STORE_ATTR_INFO_get0_cstr;
-+		POLICY_CONSTRAINTS_it;
-+		STORE_get_ex_new_index;
-+		EVP_PKEY_get_attr_by_OBJ;
-+		X509_VERIFY_PARAM_add0_policy;
-+		BN_GF2m_mod_solve_quad;
-+		SHA256;
-+		i2d_ECPrivateKey_fp;
-+		X509_policy_tree_get0_user_policies;
-+		X509_pcy_tree_get0_usr_policies;
-+		OPENSSL_DIR_read;
-+		ENGINE_register_all_ECDSA;
-+		X509_VERIFY_PARAM_lookup;
-+		EC_POINT_get_affine_coordinates_GF2m;
-+		EC_POINT_get_affine_coords_GF2m;
-+		EC_GROUP_dup;
-+		ENGINE_get_default_ECDSA;
-+		EC_KEY_new;
-+		SHA256_Transform;
-+		EC_KEY_set_enc_flags;
-+		ECDSA_verify;
-+		EC_POINT_point2hex;
-+		ENGINE_get_STORE;
-+		SHA512;
-+		STORE_get_certificate;
-+		ECDSA_do_sign_ex;
-+		ECDSA_do_verify;
-+		d2i_ECPrivateKey_fp;
-+		STORE_delete_certificate;
-+		SHA512_Transform;
-+		X509_STORE_set1_param;
-+		STORE_method_get_ctrl_function;
-+		STORE_free;
-+		PEM_write_ECPrivateKey;
-+		STORE_meth_get_unlock_store_fn;
-+		STORE_method_get_unlock_store_function;
-+		STORE_get_ex_data;
-+		EC_KEY_set_public_key;
-+		PEM_read_ECPKParameters;
-+		X509_CERT_PAIR_new;
-+		ENGINE_register_STORE;
-+		RSA_generate_key_ex;
-+		DSA_generate_parameters_ex;
-+		ECParameters_print_fp;
-+		X509V3_NAME_from_section;
-+		EVP_PKEY_add1_attr;
-+		STORE_modify_crl;
-+		STORE_list_private_key_start;
-+		POLICY_MAPPINGS_it;
-+		GENERAL_SUBTREE_it;
-+		EC_GROUP_get_curve_name;
-+		PEM_write_X509_CERT_PAIR;
-+		BIO_dump_indent_cb;
-+		d2i_X509_CERT_PAIR;
-+		STORE_list_private_key_endp;
-+		asn1_const_Finish;
-+		i2d_EC_PUBKEY_fp;
-+		BN_nist_mod_256;
-+		X509_VERIFY_PARAM_add0_table;
-+		pqueue_free;
-+		BN_BLINDING_create_param;
-+		ECDSA_size;
-+		d2i_EC_PUBKEY_bio;
-+		BN_get0_nist_prime_521;
-+		STORE_ATTR_INFO_modify_sha1str;
-+		BN_generate_prime_ex;
-+		EC_GROUP_new_by_curve_name;
-+		SHA256_Final;
-+		DH_generate_parameters_ex;
-+		PEM_read_bio_ECPrivateKey;
-+		STORE_meth_get_cleanup_fn;
-+		STORE_method_get_cleanup_function;
-+		ENGINE_get_ECDH;
-+		d2i_ECDSA_SIG;
-+		BN_is_prime_fasttest_ex;
-+		ECDSA_sign;
-+		X509_policy_check;
-+		EVP_PKEY_get_attr_by_NID;
-+		STORE_set_ex_data;
-+		ENGINE_get_ECDSA;
-+		EVP_ecdsa;
-+		BN_BLINDING_get_flags;
-+		PKCS12_add_cert;
-+		STORE_OBJECT_new;
-+		ERR_load_ECDH_strings;
-+		EC_KEY_dup;
-+		EVP_CIPHER_CTX_rand_key;
-+		ECDSA_set_method;
-+		a2i_IPADDRESS_NC;
-+		d2i_ECParameters;
-+		STORE_list_certificate_end;
-+		STORE_get_crl;
-+		X509_POLICY_NODE_print;
-+		SHA384_Init;
-+		EC_GF2m_simple_method;
-+		ECDSA_set_ex_data;
-+		SHA384_Final;
-+		PKCS7_set_digest;
-+		EC_KEY_print;
-+		STORE_meth_set_lock_store_fn;
-+		STORE_method_set_lock_store_function;
-+		ECDSA_get_ex_new_index;
-+		SHA384;
-+		POLICY_MAPPING_new;
-+		STORE_list_certificate_endp;
-+		X509_STORE_CTX_get0_policy_tree;
-+		EC_GROUP_set_asn1_flag;
-+		EC_KEY_check_key;
-+		d2i_EC_PUBKEY_fp;
-+		PKCS7_set0_type_other;
-+		PEM_read_bio_X509_CERT_PAIR;
-+		pqueue_next;
-+		STORE_meth_get_list_end_fn;
-+		STORE_method_get_list_end_function;
-+		EVP_PKEY_add1_attr_by_OBJ;
-+		X509_VERIFY_PARAM_set_time;
-+		pqueue_new;
-+		ENGINE_set_default_ECDH;
-+		STORE_new_method;
-+		PKCS12_add_key;
-+		DSO_merge;
-+		EC_POINT_hex2point;
-+		BIO_dump_cb;
-+		SHA256_Update;
-+		pqueue_insert;
-+		pitem_free;
-+		BN_GF2m_mod_inv_arr;
-+		ENGINE_unregister_ECDSA;
-+		BN_BLINDING_set_thread_id;
-+		get_rfc3526_prime_8192;
-+		X509_VERIFY_PARAM_clear_flags;
-+		get_rfc2409_prime_1024;
-+		DH_check_pub_key;
-+		get_rfc3526_prime_2048;
-+		get_rfc3526_prime_6144;
-+		get_rfc3526_prime_1536;
-+		get_rfc3526_prime_3072;
-+		get_rfc3526_prime_4096;
-+		get_rfc2409_prime_768;
-+		X509_VERIFY_PARAM_get_flags;
-+		EVP_CIPHER_CTX_new;
-+		EVP_CIPHER_CTX_free;
-+		Camellia_cbc_encrypt;
-+		Camellia_cfb128_encrypt;
-+		Camellia_cfb1_encrypt;
-+		Camellia_cfb8_encrypt;
-+		Camellia_ctr128_encrypt;
-+		Camellia_cfbr_encrypt_block;
-+		Camellia_decrypt;
-+		Camellia_ecb_encrypt;
-+		Camellia_encrypt;
-+		Camellia_ofb128_encrypt;
-+		Camellia_set_key;
-+		EVP_camellia_128_cbc;
-+		EVP_camellia_128_cfb128;
-+		EVP_camellia_128_cfb1;
-+		EVP_camellia_128_cfb8;
-+		EVP_camellia_128_ecb;
-+		EVP_camellia_128_ofb;
-+		EVP_camellia_192_cbc;
-+		EVP_camellia_192_cfb128;
-+		EVP_camellia_192_cfb1;
-+		EVP_camellia_192_cfb8;
-+		EVP_camellia_192_ecb;
-+		EVP_camellia_192_ofb;
-+		EVP_camellia_256_cbc;
-+		EVP_camellia_256_cfb128;
-+		EVP_camellia_256_cfb1;
-+		EVP_camellia_256_cfb8;
-+		EVP_camellia_256_ecb;
-+		EVP_camellia_256_ofb;
-+		a2i_ipadd;
-+		ASIdentifiers_free;
-+		i2d_ASIdOrRange;
-+		EVP_CIPHER_block_size;
-+		v3_asid_is_canonical;
-+		IPAddressChoice_free;
-+		EVP_CIPHER_CTX_set_app_data;
-+		BIO_set_callback_arg;
-+		v3_addr_add_prefix;
-+		IPAddressOrRange_it;
-+		BIO_set_flags;
-+		ASIdentifiers_it;
-+		v3_addr_get_range;
-+		BIO_method_type;
-+		v3_addr_inherits;
-+		IPAddressChoice_it;
-+		AES_ige_encrypt;
-+		v3_addr_add_range;
-+		EVP_CIPHER_CTX_nid;
-+		d2i_ASRange;
-+		v3_addr_add_inherit;
-+		v3_asid_add_id_or_range;
-+		v3_addr_validate_resource_set;
-+		EVP_CIPHER_iv_length;
-+		EVP_MD_type;
-+		v3_asid_canonize;
-+		IPAddressRange_free;
-+		v3_asid_add_inherit;
-+		EVP_CIPHER_CTX_key_length;
-+		IPAddressRange_new;
-+		ASIdOrRange_new;
-+		EVP_MD_size;
-+		EVP_MD_CTX_test_flags;
-+		BIO_clear_flags;
-+		i2d_ASRange;
-+		IPAddressRange_it;
-+		IPAddressChoice_new;
-+		ASIdentifierChoice_new;
-+		ASRange_free;
-+		EVP_MD_pkey_type;
-+		EVP_MD_CTX_clear_flags;
-+		IPAddressFamily_free;
-+		i2d_IPAddressFamily;
-+		IPAddressOrRange_new;
-+		EVP_CIPHER_flags;
-+		v3_asid_validate_resource_set;
-+		d2i_IPAddressRange;
-+		AES_bi_ige_encrypt;
-+		BIO_get_callback;
-+		IPAddressOrRange_free;
-+		v3_addr_subset;
-+		d2i_IPAddressFamily;
-+		v3_asid_subset;
-+		BIO_test_flags;
-+		i2d_ASIdentifierChoice;
-+		ASRange_it;
-+		d2i_ASIdentifiers;
-+		ASRange_new;
-+		d2i_IPAddressChoice;
-+		v3_addr_get_afi;
-+		EVP_CIPHER_key_length;
-+		EVP_Cipher;
-+		i2d_IPAddressOrRange;
-+		ASIdOrRange_it;
-+		EVP_CIPHER_nid;
-+		i2d_IPAddressChoice;
-+		EVP_CIPHER_CTX_block_size;
-+		ASIdentifiers_new;
-+		v3_addr_validate_path;
-+		IPAddressFamily_new;
-+		EVP_MD_CTX_set_flags;
-+		v3_addr_is_canonical;
-+		i2d_IPAddressRange;
-+		IPAddressFamily_it;
-+		v3_asid_inherits;
-+		EVP_CIPHER_CTX_cipher;
-+		EVP_CIPHER_CTX_get_app_data;
-+		EVP_MD_block_size;
-+		EVP_CIPHER_CTX_flags;
-+		v3_asid_validate_path;
-+		d2i_IPAddressOrRange;
-+		v3_addr_canonize;
-+		ASIdentifierChoice_it;
-+		EVP_MD_CTX_md;
-+		d2i_ASIdentifierChoice;
-+		BIO_method_name;
-+		EVP_CIPHER_CTX_iv_length;
-+		ASIdOrRange_free;
-+		ASIdentifierChoice_free;
-+		BIO_get_callback_arg;
-+		BIO_set_callback;
-+		d2i_ASIdOrRange;
-+		i2d_ASIdentifiers;
-+		SEED_decrypt;
-+		SEED_encrypt;
-+		SEED_cbc_encrypt;
-+		EVP_seed_ofb;
-+		SEED_cfb128_encrypt;
-+		SEED_ofb128_encrypt;
-+		EVP_seed_cbc;
-+		SEED_ecb_encrypt;
-+		EVP_seed_ecb;
-+		SEED_set_key;
-+		EVP_seed_cfb128;
-+		X509_EXTENSIONS_it;
-+		X509_get1_ocsp;
-+		OCSP_REQ_CTX_free;
-+		i2d_X509_EXTENSIONS;
-+		OCSP_sendreq_nbio;
-+		OCSP_sendreq_new;
-+		d2i_X509_EXTENSIONS;
-+		X509_ALGORS_it;
-+		X509_ALGOR_get0;
-+		X509_ALGOR_set0;
-+		AES_unwrap_key;
-+		AES_wrap_key;
-+		X509at_get0_data_by_OBJ;
-+		ASN1_TYPE_set1;
-+		ASN1_STRING_set0;
-+		i2d_X509_ALGORS;
-+		BIO_f_zlib;
-+		COMP_zlib_cleanup;
-+		d2i_X509_ALGORS;
-+		CMS_ReceiptRequest_free;
-+		PEM_write_CMS;
-+		CMS_add0_CertificateChoices;
-+		CMS_unsigned_add1_attr_by_OBJ;
-+		ERR_load_CMS_strings;
-+		CMS_sign_receipt;
-+		i2d_CMS_ContentInfo;
-+		CMS_signed_delete_attr;
-+		d2i_CMS_bio;
-+		CMS_unsigned_get_attr_by_NID;
-+		CMS_verify;
-+		SMIME_read_CMS;
-+		CMS_decrypt_set1_key;
-+		CMS_SignerInfo_get0_algs;
-+		CMS_add1_cert;
-+		CMS_set_detached;
-+		CMS_encrypt;
-+		CMS_EnvelopedData_create;
-+		CMS_uncompress;
-+		CMS_add0_crl;
-+		CMS_SignerInfo_verify_content;
-+		CMS_unsigned_get0_data_by_OBJ;
-+		PEM_write_bio_CMS;
-+		CMS_unsigned_get_attr;
-+		CMS_RecipientInfo_ktri_cert_cmp;
-+		CMS_RecipientInfo_ktri_get0_algs;
-+		CMS_RecipInfo_ktri_get0_algs;
-+		CMS_ContentInfo_free;
-+		CMS_final;
-+		CMS_add_simple_smimecap;
-+		CMS_SignerInfo_verify;
-+		CMS_data;
-+		CMS_ContentInfo_it;
-+		d2i_CMS_ReceiptRequest;
-+		CMS_compress;
-+		CMS_digest_create;
-+		CMS_SignerInfo_cert_cmp;
-+		CMS_SignerInfo_sign;
-+		CMS_data_create;
-+		i2d_CMS_bio;
-+		CMS_EncryptedData_set1_key;
-+		CMS_decrypt;
-+		int_smime_write_ASN1;
-+		CMS_unsigned_delete_attr;
-+		CMS_unsigned_get_attr_count;
-+		CMS_add_smimecap;
-+		PEM_read_CMS;
-+		CMS_signed_get_attr_by_OBJ;
-+		d2i_CMS_ContentInfo;
-+		CMS_add_standard_smimecap;
-+		CMS_ContentInfo_new;
-+		CMS_RecipientInfo_type;
-+		CMS_get0_type;
-+		CMS_is_detached;
-+		CMS_sign;
-+		CMS_signed_add1_attr;
-+		CMS_unsigned_get_attr_by_OBJ;
-+		SMIME_write_CMS;
-+		CMS_EncryptedData_decrypt;
-+		CMS_get0_RecipientInfos;
-+		CMS_add0_RevocationInfoChoice;
-+		CMS_decrypt_set1_pkey;
-+		CMS_SignerInfo_set1_signer_cert;
-+		CMS_get0_signers;
-+		CMS_ReceiptRequest_get0_values;
-+		CMS_signed_get0_data_by_OBJ;
-+		CMS_get0_SignerInfos;
-+		CMS_add0_cert;
-+		CMS_EncryptedData_encrypt;
-+		CMS_digest_verify;
-+		CMS_set1_signers_certs;
-+		CMS_signed_get_attr;
-+		CMS_RecipientInfo_set0_key;
-+		CMS_SignedData_init;
-+		CMS_RecipientInfo_kekri_get0_id;
-+		CMS_verify_receipt;
-+		CMS_ReceiptRequest_it;
-+		PEM_read_bio_CMS;
-+		CMS_get1_crls;
-+		CMS_add0_recipient_key;
-+		SMIME_read_ASN1;
-+		CMS_ReceiptRequest_new;
-+		CMS_get0_content;
-+		CMS_get1_ReceiptRequest;
-+		CMS_signed_add1_attr_by_OBJ;
-+		CMS_RecipientInfo_kekri_id_cmp;
-+		CMS_add1_ReceiptRequest;
-+		CMS_SignerInfo_get0_signer_id;
-+		CMS_unsigned_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr;
-+		CMS_signed_get_attr_by_NID;
-+		CMS_get1_certs;
-+		CMS_signed_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr_by_txt;
-+		CMS_dataFinal;
-+		CMS_RecipientInfo_ktri_get0_signer_id;
-+		CMS_RecipInfo_ktri_get0_sigr_id;
-+		i2d_CMS_ReceiptRequest;
-+		CMS_add1_recipient_cert;
-+		CMS_dataInit;
-+		CMS_signed_add1_attr_by_txt;
-+		CMS_RecipientInfo_decrypt;
-+		CMS_signed_get_attr_count;
-+		CMS_get0_eContentType;
-+		CMS_set1_eContentType;
-+		CMS_ReceiptRequest_create0;
-+		CMS_add1_signer;
-+		CMS_RecipientInfo_set0_pkey;
-+		ENGINE_set_load_ssl_client_cert_function;
-+		ENGINE_set_ld_ssl_clnt_cert_fn;
-+		ENGINE_get_ssl_client_cert_function;
-+		ENGINE_get_ssl_client_cert_fn;
-+		ENGINE_load_ssl_client_cert;
-+		ENGINE_load_capi;
-+		OPENSSL_isservice;
-+		FIPS_dsa_sig_decode;
-+		EVP_CIPHER_CTX_clear_flags;
-+		FIPS_rand_status;
-+		FIPS_rand_set_key;
-+		CRYPTO_set_mem_info_functions;
-+		RSA_X931_generate_key_ex;
-+		int_ERR_set_state_func;
-+		int_EVP_MD_set_engine_callbacks;
-+		int_CRYPTO_set_do_dynlock_callback;
-+		FIPS_rng_stick;
-+		EVP_CIPHER_CTX_set_flags;
-+		BN_X931_generate_prime_ex;
-+		FIPS_selftest_check;
-+		FIPS_rand_set_dt;
-+		CRYPTO_dbg_pop_info;
-+		FIPS_dsa_free;
-+		RSA_X931_derive_ex;
-+		FIPS_rsa_new;
-+		FIPS_rand_bytes;
-+		fips_cipher_test;
-+		EVP_CIPHER_CTX_test_flags;
-+		CRYPTO_malloc_debug_init;
-+		CRYPTO_dbg_push_info;
-+		FIPS_corrupt_rsa_keygen;
-+		FIPS_dh_new;
-+		FIPS_corrupt_dsa_keygen;
-+		FIPS_dh_free;
-+		fips_pkey_signature_test;
-+		EVP_add_alg_module;
-+		int_RAND_init_engine_callbacks;
-+		int_EVP_CIPHER_set_engine_callbacks;
-+		int_EVP_MD_init_engine_callbacks;
-+		FIPS_rand_test_mode;
-+		FIPS_rand_reset;
-+		FIPS_dsa_new;
-+		int_RAND_set_callbacks;
-+		BN_X931_derive_prime_ex;
-+		int_ERR_lib_init;
-+		int_EVP_CIPHER_init_engine_callbacks;
-+		FIPS_rsa_free;
-+		FIPS_dsa_sig_encode;
-+		CRYPTO_dbg_remove_all_info;
-+		OPENSSL_init;
-+		CRYPTO_strdup;
-+		JPAKE_STEP3A_process;
-+		JPAKE_STEP1_release;
-+		JPAKE_get_shared_key;
-+		JPAKE_STEP3B_init;
-+		JPAKE_STEP1_generate;
-+		JPAKE_STEP1_init;
-+		JPAKE_STEP3B_process;
-+		JPAKE_STEP2_generate;
-+		JPAKE_CTX_new;
-+		JPAKE_CTX_free;
-+		JPAKE_STEP3B_release;
-+		JPAKE_STEP3A_release;
-+		JPAKE_STEP2_process;
-+		JPAKE_STEP3B_generate;
-+		JPAKE_STEP1_process;
-+		JPAKE_STEP3A_generate;
-+		JPAKE_STEP2_release;
-+		JPAKE_STEP3A_init;
-+		ERR_load_JPAKE_strings;
-+		JPAKE_STEP2_init;
-+		pqueue_size;
-+		i2d_TS_ACCURACY;
-+		i2d_TS_MSG_IMPRINT_fp;
-+		i2d_TS_MSG_IMPRINT;
-+		EVP_PKEY_print_public;
-+		EVP_PKEY_CTX_new;
-+		i2d_TS_TST_INFO;
-+		EVP_PKEY_asn1_find;
-+		DSO_METHOD_beos;
-+		TS_CONF_load_cert;
-+		TS_REQ_get_ext;
-+		EVP_PKEY_sign_init;
-+		ASN1_item_print;
-+		TS_TST_INFO_set_nonce;
-+		TS_RESP_dup;
-+		ENGINE_register_pkey_meths;
-+		EVP_PKEY_asn1_add0;
-+		PKCS7_add0_attrib_signing_time;
-+		i2d_TS_TST_INFO_fp;
-+		BIO_asn1_get_prefix;
-+		TS_TST_INFO_set_time;
-+		EVP_PKEY_meth_set_decrypt;
-+		EVP_PKEY_set_type_str;
-+		EVP_PKEY_CTX_get_keygen_info;
-+		TS_REQ_set_policy_id;
-+		d2i_TS_RESP_fp;
-+		ENGINE_get_pkey_asn1_meth_engine;
-+		ENGINE_get_pkey_asn1_meth_eng;
-+		WHIRLPOOL_Init;
-+		TS_RESP_set_status_info;
-+		EVP_PKEY_keygen;
-+		EVP_DigestSignInit;
-+		TS_ACCURACY_set_millis;
-+		TS_REQ_dup;
-+		GENERAL_NAME_dup;
-+		ASN1_SEQUENCE_ANY_it;
-+		WHIRLPOOL;
-+		X509_STORE_get1_crls;
-+		ENGINE_get_pkey_asn1_meth;
-+		EVP_PKEY_asn1_new;
-+		BIO_new_NDEF;
-+		ENGINE_get_pkey_meth;
-+		TS_MSG_IMPRINT_set_algo;
-+		i2d_TS_TST_INFO_bio;
-+		TS_TST_INFO_set_ordering;
-+		TS_TST_INFO_get_ext_by_OBJ;
-+		CRYPTO_THREADID_set_pointer;
-+		TS_CONF_get_tsa_section;
-+		SMIME_write_ASN1;
-+		TS_RESP_CTX_set_signer_key;
-+		EVP_PKEY_encrypt_old;
-+		EVP_PKEY_encrypt_init;
-+		CRYPTO_THREADID_cpy;
-+		ASN1_PCTX_get_cert_flags;
-+		i2d_ESS_SIGNING_CERT;
-+		TS_CONF_load_key;
-+		i2d_ASN1_SEQUENCE_ANY;
-+		d2i_TS_MSG_IMPRINT_bio;
-+		EVP_PKEY_asn1_set_public;
-+		b2i_PublicKey_bio;
-+		BIO_asn1_set_prefix;
-+		EVP_PKEY_new_mac_key;
-+		BIO_new_CMS;
-+		CRYPTO_THREADID_cmp;
-+		TS_REQ_ext_free;
-+		EVP_PKEY_asn1_set_free;
-+		EVP_PKEY_get0_asn1;
-+		d2i_NETSCAPE_X509;
-+		EVP_PKEY_verify_recover_init;
-+		EVP_PKEY_CTX_set_data;
-+		EVP_PKEY_keygen_init;
-+		TS_RESP_CTX_set_status_info;
-+		TS_MSG_IMPRINT_get_algo;
-+		TS_REQ_print_bio;
-+		EVP_PKEY_CTX_ctrl_str;
-+		EVP_PKEY_get_default_digest_nid;
-+		PEM_write_bio_PKCS7_stream;
-+		TS_MSG_IMPRINT_print_bio;
-+		BN_asc2bn;
-+		TS_REQ_get_policy_id;
-+		ENGINE_set_default_pkey_asn1_meths;
-+		ENGINE_set_def_pkey_asn1_meths;
-+		d2i_TS_ACCURACY;
-+		DSO_global_lookup;
-+		TS_CONF_set_tsa_name;
-+		i2d_ASN1_SET_ANY;
-+		ENGINE_load_gost;
-+		WHIRLPOOL_BitUpdate;
-+		ASN1_PCTX_get_flags;
-+		TS_TST_INFO_get_ext_by_NID;
-+		TS_RESP_new;
-+		ESS_CERT_ID_dup;
-+		TS_STATUS_INFO_dup;
-+		TS_REQ_delete_ext;
-+		EVP_DigestVerifyFinal;
-+		EVP_PKEY_print_params;
-+		i2d_CMS_bio_stream;
-+		TS_REQ_get_msg_imprint;
-+		OBJ_find_sigid_by_algs;
-+		TS_TST_INFO_get_serial;
-+		TS_REQ_get_nonce;
-+		X509_PUBKEY_set0_param;
-+		EVP_PKEY_CTX_set0_keygen_info;
-+		DIST_POINT_set_dpname;
-+		i2d_ISSUING_DIST_POINT;
-+		ASN1_SET_ANY_it;
-+		EVP_PKEY_CTX_get_data;
-+		TS_STATUS_INFO_print_bio;
-+		EVP_PKEY_derive_init;
-+		d2i_TS_TST_INFO;
-+		EVP_PKEY_asn1_add_alias;
-+		d2i_TS_RESP_bio;
-+		OTHERNAME_cmp;
-+		GENERAL_NAME_set0_value;
-+		PKCS7_RECIP_INFO_get0_alg;
-+		TS_RESP_CTX_new;
-+		TS_RESP_set_tst_info;
-+		PKCS7_final;
-+		EVP_PKEY_base_id;
-+		TS_RESP_CTX_set_signer_cert;
-+		TS_REQ_set_msg_imprint;
-+		EVP_PKEY_CTX_ctrl;
-+		TS_CONF_set_digests;
-+		d2i_TS_MSG_IMPRINT;
-+		EVP_PKEY_meth_set_ctrl;
-+		TS_REQ_get_ext_by_NID;
-+		PKCS5_pbe_set0_algor;
-+		BN_BLINDING_thread_id;
-+		TS_ACCURACY_new;
-+		X509_CRL_METHOD_free;
-+		ASN1_PCTX_get_nm_flags;
-+		EVP_PKEY_meth_set_sign;
-+		CRYPTO_THREADID_current;
-+		EVP_PKEY_decrypt_init;
-+		NETSCAPE_X509_free;
-+		i2b_PVK_bio;
-+		EVP_PKEY_print_private;
-+		GENERAL_NAME_get0_value;
-+		b2i_PVK_bio;
-+		ASN1_UTCTIME_adj;
-+		TS_TST_INFO_new;
-+		EVP_MD_do_all_sorted;
-+		TS_CONF_set_default_engine;
-+		TS_ACCURACY_set_seconds;
-+		TS_TST_INFO_get_time;
-+		PKCS8_pkey_get0;
-+		EVP_PKEY_asn1_get0;
-+		OBJ_add_sigid;
-+		PKCS7_SIGNER_INFO_sign;
-+		EVP_PKEY_paramgen_init;
-+		EVP_PKEY_sign;
-+		OBJ_sigid_free;
-+		EVP_PKEY_meth_set_init;
-+		d2i_ESS_ISSUER_SERIAL;
-+		ISSUING_DIST_POINT_new;
-+		ASN1_TIME_adj;
-+		TS_OBJ_print_bio;
-+		EVP_PKEY_meth_set_verify_recover;
-+		EVP_PKEY_meth_set_vrfy_recover;
-+		TS_RESP_get_status_info;
-+		CMS_stream;
-+		EVP_PKEY_CTX_set_cb;
-+		PKCS7_to_TS_TST_INFO;
-+		ASN1_PCTX_get_oid_flags;
-+		TS_TST_INFO_add_ext;
-+		EVP_PKEY_meth_set_derive;
-+		i2d_TS_RESP_fp;
-+		i2d_TS_MSG_IMPRINT_bio;
-+		TS_RESP_CTX_set_accuracy;
-+		TS_REQ_set_nonce;
-+		ESS_CERT_ID_new;
-+		ENGINE_pkey_asn1_find_str;
-+		TS_REQ_get_ext_count;
-+		BUF_reverse;
-+		TS_TST_INFO_print_bio;
-+		d2i_ISSUING_DIST_POINT;
-+		ENGINE_get_pkey_meths;
-+		i2b_PrivateKey_bio;
-+		i2d_TS_RESP;
-+		b2i_PublicKey;
-+		TS_VERIFY_CTX_cleanup;
-+		TS_STATUS_INFO_free;
-+		TS_RESP_verify_token;
-+		OBJ_bsearch_ex_;
-+		ASN1_bn_print;
-+		EVP_PKEY_asn1_get_count;
-+		ENGINE_register_pkey_asn1_meths;
-+		ASN1_PCTX_set_nm_flags;
-+		EVP_DigestVerifyInit;
-+		ENGINE_set_default_pkey_meths;
-+		TS_TST_INFO_get_policy_id;
-+		TS_REQ_get_cert_req;
-+		X509_CRL_set_meth_data;
-+		PKCS8_pkey_set0;
-+		ASN1_STRING_copy;
-+		d2i_TS_TST_INFO_fp;
-+		X509_CRL_match;
-+		EVP_PKEY_asn1_set_private;
-+		TS_TST_INFO_get_ext_d2i;
-+		TS_RESP_CTX_add_policy;
-+		d2i_TS_RESP;
-+		TS_CONF_load_certs;
-+		TS_TST_INFO_get_msg_imprint;
-+		ERR_load_TS_strings;
-+		TS_TST_INFO_get_version;
-+		EVP_PKEY_CTX_dup;
-+		EVP_PKEY_meth_set_verify;
-+		i2b_PublicKey_bio;
-+		TS_CONF_set_certs;
-+		EVP_PKEY_asn1_get0_info;
-+		TS_VERIFY_CTX_free;
-+		TS_REQ_get_ext_by_critical;
-+		TS_RESP_CTX_set_serial_cb;
-+		X509_CRL_get_meth_data;
-+		TS_RESP_CTX_set_time_cb;
-+		TS_MSG_IMPRINT_get_msg;
-+		TS_TST_INFO_ext_free;
-+		TS_REQ_get_version;
-+		TS_REQ_add_ext;
-+		EVP_PKEY_CTX_set_app_data;
-+		OBJ_bsearch_;
-+		EVP_PKEY_meth_set_verifyctx;
-+		i2d_PKCS7_bio_stream;
-+		CRYPTO_THREADID_set_numeric;
-+		PKCS7_sign_add_signer;
-+		d2i_TS_TST_INFO_bio;
-+		TS_TST_INFO_get_ordering;
-+		TS_RESP_print_bio;
-+		TS_TST_INFO_get_exts;
-+		HMAC_CTX_copy;
-+		PKCS5_pbe2_set_iv;
-+		ENGINE_get_pkey_asn1_meths;
-+		b2i_PrivateKey;
-+		EVP_PKEY_CTX_get_app_data;
-+		TS_REQ_set_cert_req;
-+		CRYPTO_THREADID_set_callback;
-+		TS_CONF_set_serial;
-+		TS_TST_INFO_free;
-+		d2i_TS_REQ_fp;
-+		TS_RESP_verify_response;
-+		i2d_ESS_ISSUER_SERIAL;
-+		TS_ACCURACY_get_seconds;
-+		EVP_CIPHER_do_all;
-+		b2i_PrivateKey_bio;
-+		OCSP_CERTID_dup;
-+		X509_PUBKEY_get0_param;
-+		TS_MSG_IMPRINT_dup;
-+		PKCS7_print_ctx;
-+		i2d_TS_REQ_bio;
-+		EVP_whirlpool;
-+		EVP_PKEY_asn1_set_param;
-+		EVP_PKEY_meth_set_encrypt;
-+		ASN1_PCTX_set_flags;
-+		i2d_ESS_CERT_ID;
-+		TS_VERIFY_CTX_new;
-+		TS_RESP_CTX_set_extension_cb;
-+		ENGINE_register_all_pkey_meths;
-+		TS_RESP_CTX_set_status_info_cond;
-+		TS_RESP_CTX_set_stat_info_cond;
-+		EVP_PKEY_verify;
-+		WHIRLPOOL_Final;
-+		X509_CRL_METHOD_new;
-+		EVP_DigestSignFinal;
-+		TS_RESP_CTX_set_def_policy;
-+		NETSCAPE_X509_it;
-+		TS_RESP_create_response;
-+		PKCS7_SIGNER_INFO_get0_algs;
-+		TS_TST_INFO_get_nonce;
-+		EVP_PKEY_decrypt_old;
-+		TS_TST_INFO_set_policy_id;
-+		TS_CONF_set_ess_cert_id_chain;
-+		EVP_PKEY_CTX_get0_pkey;
-+		d2i_TS_REQ;
-+		EVP_PKEY_asn1_find_str;
-+		BIO_f_asn1;
-+		ESS_SIGNING_CERT_new;
-+		EVP_PBE_find;
-+		X509_CRL_get0_by_cert;
-+		EVP_PKEY_derive;
-+		i2d_TS_REQ;
-+		TS_TST_INFO_delete_ext;
-+		ESS_ISSUER_SERIAL_free;
-+		ASN1_PCTX_set_str_flags;
-+		ENGINE_get_pkey_asn1_meth_str;
-+		TS_CONF_set_signer_key;
-+		TS_ACCURACY_get_millis;
-+		TS_RESP_get_token;
-+		TS_ACCURACY_dup;
-+		ENGINE_register_all_pkey_asn1_meths;
-+		ENGINE_reg_all_pkey_asn1_meths;
-+		X509_CRL_set_default_method;
-+		CRYPTO_THREADID_hash;
-+		CMS_ContentInfo_print_ctx;
-+		TS_RESP_free;
-+		ISSUING_DIST_POINT_free;
-+		ESS_ISSUER_SERIAL_new;
-+		CMS_add1_crl;
-+		PKCS7_add1_attrib_digest;
-+		TS_RESP_CTX_add_md;
-+		TS_TST_INFO_dup;
-+		ENGINE_set_pkey_asn1_meths;
-+		PEM_write_bio_Parameters;
-+		TS_TST_INFO_get_accuracy;
-+		X509_CRL_get0_by_serial;
-+		TS_TST_INFO_set_version;
-+		TS_RESP_CTX_get_tst_info;
-+		TS_RESP_verify_signature;
-+		CRYPTO_THREADID_get_callback;
-+		TS_TST_INFO_get_tsa;
-+		TS_STATUS_INFO_new;
-+		EVP_PKEY_CTX_get_cb;
-+		TS_REQ_get_ext_d2i;
-+		GENERAL_NAME_set0_othername;
-+		TS_TST_INFO_get_ext_count;
-+		TS_RESP_CTX_get_request;
-+		i2d_NETSCAPE_X509;
-+		ENGINE_get_pkey_meth_engine;
-+		EVP_PKEY_meth_set_signctx;
-+		EVP_PKEY_asn1_copy;
-+		ASN1_TYPE_cmp;
-+		EVP_CIPHER_do_all_sorted;
-+		EVP_PKEY_CTX_free;
-+		ISSUING_DIST_POINT_it;
-+		d2i_TS_MSG_IMPRINT_fp;
-+		X509_STORE_get1_certs;
-+		EVP_PKEY_CTX_get_operation;
-+		d2i_ESS_SIGNING_CERT;
-+		TS_CONF_set_ordering;
-+		EVP_PBE_alg_add_type;
-+		TS_REQ_set_version;
-+		EVP_PKEY_get0;
-+		BIO_asn1_set_suffix;
-+		i2d_TS_STATUS_INFO;
-+		EVP_MD_do_all;
-+		TS_TST_INFO_set_accuracy;
-+		PKCS7_add_attrib_content_type;
-+		ERR_remove_thread_state;
-+		EVP_PKEY_meth_add0;
-+		TS_TST_INFO_set_tsa;
-+		EVP_PKEY_meth_new;
-+		WHIRLPOOL_Update;
-+		TS_CONF_set_accuracy;
-+		ASN1_PCTX_set_oid_flags;
-+		ESS_SIGNING_CERT_dup;
-+		d2i_TS_REQ_bio;
-+		X509_time_adj_ex;
-+		TS_RESP_CTX_add_flags;
-+		d2i_TS_STATUS_INFO;
-+		TS_MSG_IMPRINT_set_msg;
-+		BIO_asn1_get_suffix;
-+		TS_REQ_free;
-+		EVP_PKEY_meth_free;
-+		TS_REQ_get_exts;
-+		TS_RESP_CTX_set_clock_precision_digits;
-+		TS_RESP_CTX_set_clk_prec_digits;
-+		TS_RESP_CTX_add_failure_info;
-+		i2d_TS_RESP_bio;
-+		EVP_PKEY_CTX_get0_peerkey;
-+		PEM_write_bio_CMS_stream;
-+		TS_REQ_new;
-+		TS_MSG_IMPRINT_new;
-+		EVP_PKEY_meth_find;
-+		EVP_PKEY_id;
-+		TS_TST_INFO_set_serial;
-+		a2i_GENERAL_NAME;
-+		TS_CONF_set_crypto_device;
-+		EVP_PKEY_verify_init;
-+		TS_CONF_set_policies;
-+		ASN1_PCTX_new;
-+		ESS_CERT_ID_free;
-+		ENGINE_unregister_pkey_meths;
-+		TS_MSG_IMPRINT_free;
-+		TS_VERIFY_CTX_init;
-+		PKCS7_stream;
-+		TS_RESP_CTX_set_certs;
-+		TS_CONF_set_def_policy;
-+		ASN1_GENERALIZEDTIME_adj;
-+		NETSCAPE_X509_new;
-+		TS_ACCURACY_free;
-+		TS_RESP_get_tst_info;
-+		EVP_PKEY_derive_set_peer;
-+		PEM_read_bio_Parameters;
-+		TS_CONF_set_clock_precision_digits;
-+		TS_CONF_set_clk_prec_digits;
-+		ESS_ISSUER_SERIAL_dup;
-+		TS_ACCURACY_get_micros;
-+		ASN1_PCTX_get_str_flags;
-+		NAME_CONSTRAINTS_check;
-+		ASN1_BIT_STRING_check;
-+		X509_check_akid;
-+		ENGINE_unregister_pkey_asn1_meths;
-+		ENGINE_unreg_pkey_asn1_meths;
-+		ASN1_PCTX_free;
-+		PEM_write_bio_ASN1_stream;
-+		i2d_ASN1_bio_stream;
-+		TS_X509_ALGOR_print_bio;
-+		EVP_PKEY_meth_set_cleanup;
-+		EVP_PKEY_asn1_free;
-+		ESS_SIGNING_CERT_free;
-+		TS_TST_INFO_set_msg_imprint;
-+		GENERAL_NAME_cmp;
-+		d2i_ASN1_SET_ANY;
-+		ENGINE_set_pkey_meths;
-+		i2d_TS_REQ_fp;
-+		d2i_ASN1_SEQUENCE_ANY;
-+		GENERAL_NAME_get0_otherName;
-+		d2i_ESS_CERT_ID;
-+		OBJ_find_sigid_algs;
-+		EVP_PKEY_meth_set_keygen;
-+		PKCS5_PBKDF2_HMAC;
-+		EVP_PKEY_paramgen;
-+		EVP_PKEY_meth_set_paramgen;
-+		BIO_new_PKCS7;
-+		EVP_PKEY_verify_recover;
-+		TS_ext_print_bio;
-+		TS_ASN1_INTEGER_print_bio;
-+		check_defer;
-+		DSO_pathbyaddr;
-+		EVP_PKEY_set_type;
-+		TS_ACCURACY_set_micros;
-+		TS_REQ_to_TS_VERIFY_CTX;
-+		EVP_PKEY_meth_set_copy;
-+		ASN1_PCTX_set_cert_flags;
-+		TS_TST_INFO_get_ext;
-+		EVP_PKEY_asn1_set_ctrl;
-+		TS_TST_INFO_get_ext_by_critical;
-+		EVP_PKEY_CTX_new_id;
-+		TS_REQ_get_ext_by_OBJ;
-+		TS_CONF_set_signer_cert;
-+		X509_NAME_hash_old;
-+		ASN1_TIME_set_string;
-+		EVP_MD_flags;
-+		TS_RESP_CTX_free;
-+		DSAparams_dup;
-+		DHparams_dup;
-+		OCSP_REQ_CTX_add1_header;
-+		OCSP_REQ_CTX_set1_req;
-+		X509_STORE_set_verify_cb;
-+		X509_STORE_CTX_get0_current_crl;
-+		X509_STORE_CTX_get0_parent_ctx;
-+		X509_STORE_CTX_get0_current_issuer;
-+		X509_STORE_CTX_get0_cur_issuer;
-+		X509_issuer_name_hash_old;
-+		X509_subject_name_hash_old;
-+		EVP_CIPHER_CTX_copy;
-+		UI_method_get_prompt_constructor;
-+		UI_method_get_prompt_constructr;
-+		UI_method_set_prompt_constructor;
-+		UI_method_set_prompt_constructr;
-+		EVP_read_pw_string_min;
-+		CRYPTO_cts128_encrypt;
-+		CRYPTO_cts128_decrypt_block;
-+		CRYPTO_cfb128_1_encrypt;
-+		CRYPTO_cbc128_encrypt;
-+		CRYPTO_ctr128_encrypt;
-+		CRYPTO_ofb128_encrypt;
-+		CRYPTO_cts128_decrypt;
-+		CRYPTO_cts128_encrypt_block;
-+		CRYPTO_cbc128_decrypt;
-+		CRYPTO_cfb128_encrypt;
-+		CRYPTO_cfb128_8_encrypt;
-+
-+	local:
-+		*;
-+};
-+
-+
-+OPENSSL_1.0.1 {
-+	global:
-+		SSL_renegotiate_abbreviated;
-+		TLSv1_1_method;
-+		TLSv1_1_client_method;
-+		TLSv1_1_server_method;
-+		SSL_CTX_set_srp_client_pwd_callback;
-+		SSL_CTX_set_srp_client_pwd_cb;
-+		SSL_get_srp_g;
-+		SSL_CTX_set_srp_username_callback;
-+		SSL_CTX_set_srp_un_cb;
-+		SSL_get_srp_userinfo;
-+		SSL_set_srp_server_param;
-+		SSL_set_srp_server_param_pw;
-+		SSL_get_srp_N;
-+		SSL_get_srp_username;
-+		SSL_CTX_set_srp_password;
-+		SSL_CTX_set_srp_strength;
-+		SSL_CTX_set_srp_verify_param_callback;
-+		SSL_CTX_set_srp_vfy_param_cb;
-+		SSL_CTX_set_srp_cb_arg;
-+		SSL_CTX_set_srp_username;
-+		SSL_CTX_SRP_CTX_init;
-+		SSL_SRP_CTX_init;
-+		SRP_Calc_A_param;
-+		SRP_generate_server_master_secret;
-+		SRP_gen_server_master_secret;
-+		SSL_CTX_SRP_CTX_free;
-+		SRP_generate_client_master_secret;
-+		SRP_gen_client_master_secret;
-+		SSL_srp_server_param_with_username;
-+		SSL_srp_server_param_with_un;
-+		SSL_SRP_CTX_free;
-+		SSL_set_debug;
-+		SSL_SESSION_get0_peer;
-+		TLSv1_2_client_method;
-+		SSL_SESSION_set1_id_context;
-+		TLSv1_2_server_method;
-+		SSL_cache_hit;
-+		SSL_get0_kssl_ctx;
-+		SSL_set0_kssl_ctx;
-+		SSL_set_state;
-+		SSL_CIPHER_get_id;
-+		TLSv1_2_method;
-+		kssl_ctx_get0_client_princ;
-+		SSL_export_keying_material;
-+		SSL_set_tlsext_use_srtp;
-+		SSL_CTX_set_next_protos_advertised_cb;
-+		SSL_CTX_set_next_protos_adv_cb;
-+		SSL_get0_next_proto_negotiated;
-+		SSL_get_selected_srtp_profile;
-+		SSL_CTX_set_tlsext_use_srtp;
-+		SSL_select_next_proto;
-+		SSL_get_srtp_profiles;
-+		SSL_CTX_set_next_proto_select_cb;
-+		SSL_CTX_set_next_proto_sel_cb;
-+		SSL_SESSION_get_compress_id;
-+
-+		SRP_VBASE_get_by_user;
-+		SRP_Calc_server_key;
-+		SRP_create_verifier;
-+		SRP_create_verifier_BN;
-+		SRP_Calc_u;
-+		SRP_VBASE_free;
-+		SRP_Calc_client_key;
-+		SRP_get_default_gN;
-+		SRP_Calc_x;
-+		SRP_Calc_B;
-+		SRP_VBASE_new;
-+		SRP_check_known_gN_param;
-+		SRP_Calc_A;
-+		SRP_Verify_A_mod_N;
-+		SRP_VBASE_init;
-+		SRP_Verify_B_mod_N;
-+		EC_KEY_set_public_key_affine_coordinates;
-+		EC_KEY_set_pub_key_aff_coords;
-+		EVP_aes_192_ctr;
-+		EVP_PKEY_meth_get0_info;
-+		EVP_PKEY_meth_copy;
-+		ERR_add_error_vdata;
-+		EVP_aes_128_ctr;
-+		EVP_aes_256_ctr;
-+		EC_GFp_nistp224_method;
-+		EC_KEY_get_flags;
-+		RSA_padding_add_PKCS1_PSS_mgf1;
-+		EVP_aes_128_xts;
-+		EVP_aes_256_xts;
-+		EVP_aes_128_gcm;
-+		EC_KEY_clear_flags;
-+		EC_KEY_set_flags;
-+		EVP_aes_256_ccm;
-+		RSA_verify_PKCS1_PSS_mgf1;
-+		EVP_aes_128_ccm;
-+		EVP_aes_192_gcm;
-+		X509_ALGOR_set_md;
-+		RAND_init_fips;
-+		EVP_aes_256_gcm;
-+		EVP_aes_192_ccm;
-+		CMAC_CTX_copy;
-+		CMAC_CTX_free;
-+		CMAC_CTX_get0_cipher_ctx;
-+		CMAC_CTX_cleanup;
-+		CMAC_Init;
-+		CMAC_Update;
-+		CMAC_resume;
-+		CMAC_CTX_new;
-+		CMAC_Final;
-+		CRYPTO_ctr128_encrypt_ctr32;
-+		CRYPTO_gcm128_release;
-+		CRYPTO_ccm128_decrypt_ccm64;
-+		CRYPTO_ccm128_encrypt;
-+		CRYPTO_gcm128_encrypt;
-+		CRYPTO_xts128_encrypt;
-+		EVP_rc4_hmac_md5;
-+		CRYPTO_nistcts128_decrypt_block;
-+		CRYPTO_gcm128_setiv;
-+		CRYPTO_nistcts128_encrypt;
-+		EVP_aes_128_cbc_hmac_sha1;
-+		CRYPTO_gcm128_tag;
-+		CRYPTO_ccm128_encrypt_ccm64;
-+		ENGINE_load_rdrand;
-+		CRYPTO_ccm128_setiv;
-+		CRYPTO_nistcts128_encrypt_block;
-+		CRYPTO_gcm128_aad;
-+		CRYPTO_ccm128_init;
-+		CRYPTO_nistcts128_decrypt;
-+		CRYPTO_gcm128_new;
-+		CRYPTO_ccm128_tag;
-+		CRYPTO_ccm128_decrypt;
-+		CRYPTO_ccm128_aad;
-+		CRYPTO_gcm128_init;
-+		CRYPTO_gcm128_decrypt;
-+		ENGINE_load_rsax;
-+		CRYPTO_gcm128_decrypt_ctr32;
-+		CRYPTO_gcm128_encrypt_ctr32;
-+		CRYPTO_gcm128_finish;
-+		EVP_aes_256_cbc_hmac_sha1;
-+		PKCS5_pbkdf2_set;
-+		CMS_add0_recipient_password;
-+		CMS_decrypt_set1_password;
-+		CMS_RecipientInfo_set0_password;
-+		RAND_set_fips_drbg_type;
-+		X509_REQ_sign_ctx;
-+		RSA_PSS_PARAMS_new;
-+		X509_CRL_sign_ctx;
-+		X509_signature_dump;
-+		d2i_RSA_PSS_PARAMS;
-+		RSA_PSS_PARAMS_it;
-+		RSA_PSS_PARAMS_free;
-+		X509_sign_ctx;
-+		i2d_RSA_PSS_PARAMS;
-+		ASN1_item_sign_ctx;
-+		EC_GFp_nistp521_method;
-+		EC_GFp_nistp256_method;
-+		OPENSSL_stderr;
-+		OPENSSL_cpuid_setup;
-+		OPENSSL_showfatal;
-+		BIO_new_dgram_sctp;
-+		BIO_dgram_sctp_msg_waiting;
-+		BIO_dgram_sctp_wait_for_dry;
-+		BIO_s_datagram_sctp;
-+		BIO_dgram_is_sctp;
-+		BIO_dgram_sctp_notification_cb;
-+} OPENSSL_1.0.0;
-+
-+OPENSSL_1.0.1d {
-+	global:
-+		CRYPTO_memcmp;
-+} OPENSSL_1.0.1;
-+
-+OPENSSL_1.0.2 {
-+	global:
-+		SSL_CTX_set_alpn_protos;
-+		SSL_set_alpn_protos;
-+		SSL_CTX_set_alpn_select_cb;
-+		SSL_get0_alpn_selected;
-+		SSL_CTX_set_custom_cli_ext;
-+		SSL_CTX_set_custom_srv_ext;
-+		SSL_CTX_set_srv_supp_data;
-+		SSL_CTX_set_cli_supp_data;
-+		SSL_set_cert_cb;
-+		SSL_CTX_use_serverinfo;
-+		SSL_CTX_use_serverinfo_file;
-+		SSL_CTX_set_cert_cb;
-+		SSL_CTX_get0_param;
-+		SSL_get0_param;
-+		SSL_certs_clear;
-+		DTLSv1_2_method;
-+		DTLSv1_2_server_method;
-+		DTLSv1_2_client_method;
-+		DTLS_method;
-+		DTLS_server_method;
-+		DTLS_client_method;
-+		SSL_CTX_get_ssl_method;
-+		SSL_CTX_get0_certificate;
-+		SSL_CTX_get0_privatekey;
-+		SSL_COMP_set0_compression_methods;
-+		SSL_COMP_free_compression_methods;
-+		SSL_CIPHER_find;
-+		SSL_is_server;
-+		SSL_CONF_CTX_new;
-+		SSL_CONF_CTX_finish;
-+		SSL_CONF_CTX_free;
-+		SSL_CONF_CTX_set_flags;
-+		SSL_CONF_CTX_clear_flags;
-+		SSL_CONF_CTX_set1_prefix;
-+		SSL_CONF_CTX_set_ssl;
-+		SSL_CONF_CTX_set_ssl_ctx;
-+		SSL_CONF_cmd;
-+		SSL_CONF_cmd_argv;
-+		SSL_CONF_cmd_value_type;
-+		SSL_trace;
-+		SSL_CIPHER_standard_name;
-+		SSL_get_tlsa_record_byname;
-+		ASN1_TIME_diff;
-+		BIO_hex_string;
-+		CMS_RecipientInfo_get0_pkey_ctx;
-+		CMS_RecipientInfo_encrypt;
-+		CMS_SignerInfo_get0_pkey_ctx;
-+		CMS_SignerInfo_get0_md_ctx;
-+		CMS_SignerInfo_get0_signature;
-+		CMS_RecipientInfo_kari_get0_alg;
-+		CMS_RecipientInfo_kari_get0_reks;
-+		CMS_RecipientInfo_kari_get0_orig_id;
-+		CMS_RecipientInfo_kari_orig_id_cmp;
-+		CMS_RecipientEncryptedKey_get0_id;
-+		CMS_RecipientEncryptedKey_cert_cmp;
-+		CMS_RecipientInfo_kari_set0_pkey;
-+		CMS_RecipientInfo_kari_get0_ctx;
-+		CMS_RecipientInfo_kari_decrypt;
-+		CMS_SharedInfo_encode;
-+		DH_compute_key_padded;
-+		d2i_DHxparams;
-+		i2d_DHxparams;
-+		DH_get_1024_160;
-+		DH_get_2048_224;
-+		DH_get_2048_256;
-+		DH_KDF_X9_42;
-+		ECDH_KDF_X9_62;
-+		ECDSA_METHOD_new;
-+		ECDSA_METHOD_free;
-+		ECDSA_METHOD_set_app_data;
-+		ECDSA_METHOD_get_app_data;
-+		ECDSA_METHOD_set_sign;
-+		ECDSA_METHOD_set_sign_setup;
-+		ECDSA_METHOD_set_verify;
-+		ECDSA_METHOD_set_flags;
-+		ECDSA_METHOD_set_name;
-+		EVP_des_ede3_wrap;
-+		EVP_aes_128_wrap;
-+		EVP_aes_192_wrap;
-+		EVP_aes_256_wrap;
-+		EVP_aes_128_cbc_hmac_sha256;
-+		EVP_aes_256_cbc_hmac_sha256;
-+		CRYPTO_128_wrap;
-+		CRYPTO_128_unwrap;
-+		OCSP_REQ_CTX_nbio;
-+		OCSP_REQ_CTX_new;
-+		OCSP_set_max_response_length;
-+		OCSP_REQ_CTX_i2d;
-+		OCSP_REQ_CTX_nbio_d2i;
-+		OCSP_REQ_CTX_get0_mem_bio;
-+		OCSP_REQ_CTX_http;
-+		RSA_padding_add_PKCS1_OAEP_mgf1;
-+		RSA_padding_check_PKCS1_OAEP_mgf1;
-+		RSA_OAEP_PARAMS_free;
-+		RSA_OAEP_PARAMS_it;
-+		RSA_OAEP_PARAMS_new;
-+		SSL_get_sigalgs;
-+		SSL_get_shared_sigalgs;
-+		SSL_check_chain;
-+		X509_chain_up_ref;
-+		X509_http_nbio;
-+		X509_CRL_http_nbio;
-+		X509_REVOKED_dup;
-+		i2d_re_X509_tbs;
-+		X509_get0_signature;
-+		X509_get_signature_nid;
-+		X509_CRL_diff;
-+		X509_chain_check_suiteb;
-+		X509_CRL_check_suiteb;
-+		X509_check_host;
-+		X509_check_email;
-+		X509_check_ip;
-+		X509_check_ip_asc;
-+		X509_STORE_set_lookup_crls_cb;
-+		X509_STORE_CTX_get0_store;
-+		X509_VERIFY_PARAM_set1_host;
-+		X509_VERIFY_PARAM_add1_host;
-+		X509_VERIFY_PARAM_set_hostflags;
-+		X509_VERIFY_PARAM_get0_peername;
-+		X509_VERIFY_PARAM_set1_email;
-+		X509_VERIFY_PARAM_set1_ip;
-+		X509_VERIFY_PARAM_set1_ip_asc;
-+		X509_VERIFY_PARAM_get0_name;
-+		X509_VERIFY_PARAM_get_count;
-+		X509_VERIFY_PARAM_get0;
-+		X509V3_EXT_free;
-+		EC_GROUP_get_mont_data;
-+		EC_curve_nid2nist;
-+		EC_curve_nist2nid;
-+		PEM_write_bio_DHxparams;
-+		PEM_write_DHxparams;
-+		SSL_CTX_add_client_custom_ext;
-+		SSL_CTX_add_server_custom_ext;
-+		SSL_extension_supported;
-+		BUF_strnlen;
-+		sk_deep_copy;
-+		SSL_test_functions;
-+} OPENSSL_1.0.1d;
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
deleted file mode 100644
index c43bcd1c77..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-11-05
-
-Upstream-Status: Backport [debian]
-
-
-Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c	2014-02-25 00:16:12.488028844 +0100
-+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c	2014-02-25 00:16:12.484028929 +0100
-@@ -964,10 +964,11 @@
- 	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
- 		{
- 		x = sk_X509_value(ctx->chain, i);
--		/* Mark DigiNotar certificates as revoked, no matter
--		 * where in the chain they are.
-+		/* Mark certificates containing the following names as
-+		 * revoked, no matter where in the chain they are.
- 		 */
--		if (x->name && strstr(x->name, "DigiNotar"))
-+		if (x->name && (strstr(x->name, "DigiNotar") ||
-+			strstr(x->name, "Digicert Sdn. Bhd.")))
- 			{
- 			ctx->error = X509_V_ERR_CERT_REVOKED;
- 			ctx->error_depth = i;
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
deleted file mode 100644
index 0c1a0b651f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "DigiNotar" is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-09-08
-Bug: http://bugs.debian.org/639744
-Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
-
-This is not meant as final patch.  
- 
-Upstream-Status: Backport [debian]
-
-
-Index: openssl-1.0.2/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
-+++ openssl-1.0.2/crypto/x509/x509_vfy.c
-@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
- static int check_revocation(X509_STORE_CTX *ctx);
- static int check_cert(X509_STORE_CTX *ctx);
- static int check_policy(X509_STORE_CTX *ctx);
-+static int check_ca_blacklist(X509_STORE_CTX *ctx);
- 
- static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
-                          unsigned int *preasons, X509_CRL *crl, X509 *x);
-@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
-     if (!ok)
-         goto end;
- 
-+	ok = check_ca_blacklist(ctx);
-+	if(!ok) goto end;
-+
- #ifndef OPENSSL_NO_RFC3779
-     /* RFC 3779 path validation, now that CRL check has been done */
-     ok = v3_asid_validate_path(ctx);
-@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
-     return 1;
- }
- 
-+static int check_ca_blacklist(X509_STORE_CTX *ctx)
-+	{
-+	X509 *x;
-+	int i;
-+	/* Check all certificates against the blacklist */
-+	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
-+		{
-+		x = sk_X509_value(ctx->chain, i);
-+		/* Mark DigiNotar certificates as revoked, no matter
-+		 * where in the chain they are.
-+		 */
-+		if (x->name && strstr(x->name, "DigiNotar"))
-+			{
-+			ctx->error = X509_V_ERR_CERT_REVOKED;
-+			ctx->error_depth = i;
-+			ctx->current_cert = x;
-+			if (!ctx->verify_cb(0,ctx))
-+				return 0;
-+			}
-+		}
-+	return 1;
-+	}
-+
- static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
-                       X509 **pissuer, int *pscore, unsigned int *preasons,
-                       STACK_OF(X509_CRL) *crls)
diff --git a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
deleted file mode 100644
index a5746483e6..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-
-Index: openssl-1.0.2/engines/Makefile
-===================================================================
---- openssl-1.0.2.orig/engines/Makefile
-+++ openssl-1.0.2/engines/Makefile
-@@ -107,13 +107,13 @@ install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
--		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
-+		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
- 		for l in $(LIBNAMES); do \
- 			( echo installing $$l; \
- 			  pfx=lib; \
- 			  if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- 				sfx=".so"; \
--				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- 			  else \
- 				case "$(CFLAGS)" in \
- 				*DSO_BEOS*)	sfx=".so";;	\
-@@ -122,10 +122,10 @@ install:
- 				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
- 				*)		sfx=".bad";;	\
- 				esac; \
--				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- 			  fi; \
--			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
--			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-+			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
-+			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
- 	@target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.2/engines/ccgost/Makefile
-===================================================================
---- openssl-1.0.2.orig/engines/ccgost/Makefile
-+++ openssl-1.0.2/engines/ccgost/Makefile
-@@ -47,7 +47,7 @@ install:
- 		pfx=lib; \
- 		if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- 			sfx=".so"; \
--			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- 		else \
- 			case "$(CFLAGS)" in \
- 			*DSO_BEOS*) sfx=".so";; \
-@@ -56,10 +56,10 @@ install:
- 			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- 			*) sfx=".bad";; \
- 			esac; \
--			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- 		fi; \
--		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
--		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
-+		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
- 	fi
- 
- links:
diff --git a/meta/recipes-connectivity/openssl/openssl/find.pl b/meta/recipes-connectivity/openssl/openssl/find.pl
deleted file mode 100644
index 8e1b42c88a..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/find.pl
+++ /dev/null
@@ -1,54 +0,0 @@
-warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
-
-# This library is deprecated and unmaintained. It is included for
-# compatibility with Perl 4 scripts which may use it, but it will be
-# removed in a future version of Perl. Please use the File::Find module
-# instead.
-
-# Usage:
-#	require "find.pl";
-#
-#	&find('/foo','/bar');
-#
-#	sub wanted { ... }
-#		where wanted does whatever you want.  $dir contains the
-#		current directory name, and $_ the current filename within
-#		that directory.  $name contains "$dir/$_".  You are cd'ed
-#		to $dir when the function is called.  The function may
-#		set $prune to prune the tree.
-#
-# For example,
-#
-#   find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
-#
-# corresponds to this
-#
-#	sub wanted {
-#	    /^\.nfs.*$/ &&
-#	    (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
-#	    int(-M _) > 7 &&
-#	    unlink($_)
-#	    ||
-#	    ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
-#	    $dev < 0 &&
-#	    ($prune = 1);
-#	}
-#
-# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
-
-use File::Find ();
-
-*name		= *File::Find::name;
-*prune		= *File::Find::prune;
-*dir		= *File::Find::dir;
-*topdir		= *File::Find::topdir;
-*topdev		= *File::Find::topdev;
-*topino		= *File::Find::topino;
-*topmode	= *File::Find::topmode;
-*topnlink	= *File::Find::topnlink;
-
-sub find {
-    &File::Find::find(\&wanted, @_);
-}
-
-1;
diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
deleted file mode 100644
index 06d1ea69d3..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Upstream-Status: Submitted
-
-This patch adds the fix for one of the ciphers used in openssl, namely
-the cipher des-ede3-cfb1. Complete bug log and patch is present here:
-http://rt.openssl.org/Ticket/Display.html?id=2867
-
-Signed-Off-By: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
-Index: openssl-1.0.2/crypto/evp/e_des3.c
-===================================================================
---- openssl-1.0.2.orig/crypto/evp/e_des3.c
-+++ openssl-1.0.2/crypto/evp/e_des3.c
-@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
-     size_t n;
-     unsigned char c[1], d[1];
- 
--    for (n = 0; n < inl; ++n) {
-+    for (n = 0; n * 8 < inl; ++n) {
-         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
-         DES_ede3_cfb_encrypt(c, d, 1, 1,
-                              &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
deleted file mode 100644
index 292e13dc5f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Upstream-Status: Inappropriate [open-embedded]
-
-Index: openssl-1.0.0/Makefile.shared
-===================================================================
---- openssl-1.0.0.orig/Makefile.shared
-+++ openssl-1.0.0/Makefile.shared
-@@ -92,7 +92,7 @@
- LINK_APP=	\
-   ( $(SET_X);   \
-     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
--    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
-+    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-@@ -102,7 +102,7 @@
-   ( $(SET_X);   \
-     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
-     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
--    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-+    SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch
deleted file mode 100644
index 1e5bfa17d6..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
-
-From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 21 Mar 2015 06:01:25 -0400
-Subject: [PATCH] crypto: use bigint in x86-64 perl
-
-Upstream-Status: Pending
-Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
-
-When building on x32 systems where the default type is 32bit, make sure
-we can transparently represent 64bit integers.  Otherwise we end up with
-build errors like:
-/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
-Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
-...
-ghash-x86_64.s: Assembler messages:
-ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
-
-We don't enable this globally as there are some cases where we'd get
-32bit values interpreted as unsigned when we need them as signed.
-
-Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
-URL: https://bugs.gentoo.org/542618
----
- crypto/perlasm/x86_64-xlate.pl | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
-index aae8288..0bf9774 100755
---- a/crypto/perlasm/x86_64-xlate.pl
-+++ b/crypto/perlasm/x86_64-xlate.pl
-@@ -195,6 +195,10 @@ my %globals;
-     sub out {
-     	my $self = shift;
- 
-+	# When building on x32 ABIs, the expanded hex value might be too
-+	# big to fit into 32bits.  Enable transparent 64bit support here
-+	# so we can safely print it out.
-+	use bigint;
- 	if ($gas) {
- 	    # Solaris /usr/ccs/bin/as can't handle multiplications
- 	    # in $self->{value}
--- 
-2.3.3
-
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
deleted file mode 100644
index cebc8cf0d0..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
-
-We should avoid accessing the type pointer if it's NULL,
-this could happen if ctx->digest is not NULL.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
----
-Index: openssl-1.0.2/crypto/evp/digest.c
-===================================================================
---- openssl-1.0.2.orig/crypto/evp/digest.c
-+++ openssl-1.0.2/crypto/evp/digest.c
-@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
-         return 0;
-     }
- #endif
--    if (ctx->digest != type) {
-+    if (type && (ctx->digest != type)) {
-         if (ctx->digest && ctx->digest->ctx_size)
-             OPENSSL_free(ctx->md_data);
-         ctx->digest = type;
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
deleted file mode 100644
index de49729e5e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-openssl: Fix pod2man des.pod error on Ubuntu 12.04
-
-This is a formatting fix, '=back' is required before
-'=head1' on Ubuntu 12.04.
-
-Upstream-Status: Pending
-Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
-diff -urpN a_origin/des.pod b_modify/des.pod
---- a_origin/crypto/des/des.pod	2013-08-15 15:02:56.211674589 +0800
-+++ b_modify/crypto/des/des.pod	2013-08-15 15:04:14.439674580 +0800
-@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
- output.  If there is no name specified after the B<-u>, the name text.des
- will be embedded in the header.
- 
-+=back
-+
- =head1 SEE ALSO
- 
- ps(1),
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
deleted file mode 100644
index cbce32c89b..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Upstream-Status: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.2/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.2.orig/crypto/bn/bn.h
-+++ openssl-1.0.2/crypto/bn/bn.h
-@@ -173,6 +173,13 @@ extern "C" {
- #  endif
- # endif
- 
-+/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /*
-  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
-  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
-Index: openssl-1.0.2/crypto/bn/bn_exp.c
-===================================================================
---- openssl-1.0.2.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.2/crypto/bn/bn_exp.c
-@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
-  * multiple.
-  */
- #define MOD_EXP_CTIME_ALIGN(x_) \
--        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
- 
- /*
-  * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
deleted file mode 100644
index ef6d17934d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Remove Makefile dependencies for test targets
-
-These are probably here because the executables aren't always built for
-other platforms (e.g. Windows); however we can safely assume they'll
-always be there. None of the other test targets have such dependencies
-and if we don't remove them, make tries to rebuild the executables and
-fails during run-ptest.
-
-Upstream-Status: Inappropriate [config]
-
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
-Index: openssl-1.0.2/test/Makefile
-===================================================================
---- openssl-1.0.2.orig/test/Makefile
-+++ openssl-1.0.2/test/Makefile
-@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
- 	@echo "CMS consistency test"
- 	$(PERL) cms-test.pl
- 
--test_srp: $(SRPTEST)$(EXE_EXT)
-+test_srp:
- 	@echo "Test SRP"
- 	../util/shlib_wrap.sh ./srptest
- 
-@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
- 	@echo "Test X509v3_check_*"
- 	../util/shlib_wrap.sh ./$(V3NAMETEST)
- 
--test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
-+test_heartbeat:
- 	../util/shlib_wrap.sh ./$(HEARTBEATTEST)
- 
- test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducible.patch b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
new file mode 100644
index 0000000000..a24260c95d
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/reproducible.patch
@@ -0,0 +1,32 @@
+The value for perl_archname can vary depending on the host, e.g. 
+x86_64-linux-gnu-thread-multi or x86_64-linux-thread-multi which
+makes the ptest package non-reproducible. Its unused other than 
+these references so drop it.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: openssl-1.1.1d/Configure
+===================================================================
+--- openssl-1.1.1d.orig/Configure
++++ openssl-1.1.1d/Configure
+@@ -286,7 +286,7 @@ if (defined env($local_config_envname))
+ # Save away perl command information
+ $config{perl_cmd} = $^X;
+ $config{perl_version} = $Config{version};
+-$config{perl_archname} = $Config{archname};
++#$config{perl_archname} = $Config{archname};
+ 
+ $config{prefix}="";
+ $config{openssldir}="";
+@@ -2517,7 +2517,7 @@ _____
+                           @{$config{perlargv}}), "\n";
+         print "\nPerl information:\n\n";
+         print '    ',$config{perl_cmd},"\n";
+-        print '    ',$config{perl_version},' for ',$config{perl_archname},"\n";
++        print '    ',$config{perl_version},"\n";
+     }
+     if ($dump || $options) {
+         my $longest = 0;
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
index 3b20fce1ee..3fb22471f8 100755..100644
--- a/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -1,2 +1,12 @@
 #!/bin/sh
-make -k runtest
+
+set -e
+
+# Optional arguments are 'list' to lists all tests, or the test name (base name
+# ie test_evp, not 03_test_evp.t).
+
+export TOP=.
+# OPENSSL_ENGINES is relative from the test binaries
+export OPENSSL_ENGINES=../engines
+
+perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;'
diff --git a/meta/recipes-connectivity/openssl/openssl/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
deleted file mode 100644
index a7ca0a3078..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-Index: openssl-1.0.1e/crypto/Makefile
-===================================================================
---- openssl-1.0.1e.orig/crypto/Makefile
-+++ openssl-1.0.1e/crypto/Makefile
-@@ -108,7 +108,7 @@ $(LIB):	$(LIBOBJ)
- 
- shared: buildinf.h lib subdirs
- 	if [ -n "$(SHARED_LIBS)" ]; then \
--		(cd ..; $(MAKE) $(SHARED_LIB)); \
-+		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
- 	fi
- 
- libs:
-Index: openssl-1.0.1e/Makefile.org
-===================================================================
---- openssl-1.0.1e.orig/Makefile.org
-+++ openssl-1.0.1e/Makefile.org
-@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
- 
- libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
--		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-+		$(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- 	else \
- 		echo "There's no support for shared libraries on this platform" >&2; \
- 		exit 1; \
-Index: openssl-1.0.1e/ssl/Makefile
-===================================================================
---- openssl-1.0.1e.orig/ssl/Makefile
-+++ openssl-1.0.1e/ssl/Makefile
-@@ -62,7 +62,7 @@ lib:	$(LIBOBJ)
- 
- shared: lib
- 	if [ -n "$(SHARED_LIBS)" ]; then \
--		(cd ..; $(MAKE) $(SHARED_LIB)); \
-+		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
- 	fi
- 
- files:
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
deleted file mode 100644
index 32d8dce269..0000000000
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ /dev/null
@@ -1,57 +0,0 @@
-require openssl.inc
-
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-DEPENDS += "cryptodev-linux"
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://configure-targets.patch \
-            file://shared-libs.patch \
-            file://oe-ldflags.patch \
-            file://engines-install-in-libdir-ssl.patch \
-            file://debian1.0.2/block_diginotar.patch \
-            file://debian1.0.2/block_digicert_malaysia.patch \
-            file://debian/ca.patch \
-            file://debian/c_rehash-compat.patch \
-            file://debian/debian-targets.patch \
-            file://debian/man-dir.patch \
-            file://debian/man-section.patch \
-            file://debian/no-rpath.patch \
-            file://debian/no-symbolic.patch \
-            file://debian/pic.patch \
-            file://debian/version-script.patch \
-            file://openssl_fix_for_x32.patch \
-            file://fix-cipher-des-ede3-cfb1.patch \
-            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
-            file://find.pl \
-            file://openssl-fix-des.pod-error.patch \
-            file://Makefiles-ptest.patch \
-            file://ptest-deps.patch \
-            file://run-ptest \
-            file://crypto_use_bigint_in_x86-64_perl.patch \
-            file://openssl-1.0.2a-x32-asm.patch \
-           "
-
-SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"
-SRC_URI[sha256sum] = "671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8"
-
-PACKAGES =+ " \
-	${PN}-engines \
-	${PN}-engines-dbg \
-	"
-
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-FILES_${PN}-engines-dbg = "${libdir}/ssl/engines/.debug"
-
-PARALLEL_MAKE = ""
-PARALLEL_MAKEINST = ""
-
-do_configure_prepend() {
-  cp ${WORKDIR}/find.pl ${S}/util/find.pl
-}
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
new file mode 100644
index 0000000000..815955837b
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1g.bb
@@ -0,0 +1,215 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl" here actually means both OpenSSL and SSLeay licenses apply
+# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+
+DEPENDS = "hostperl-runtime-native"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+           file://run-ptest \
+           file://0001-skip-test_symbol_presence.patch \
+           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+           file://afalg.patch \
+           file://reproducible.patch \
+           "
+
+SRC_URI_append_class-nativesdk = " \
+           file://environment.d-openssl.sh \
+           "
+
+SRC_URI[sha256sum] = "ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
+
+inherit lib_package multilib_header multilib_script ptest
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
+
+B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF_append_libc-musl = " no-async"
+EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
+
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
+
+# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
+CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+
+do_configure () {
+	os=${HOST_OS}
+	case $os in
+	linux-gnueabi |\
+	linux-gnuspe |\
+	linux-musleabi |\
+	linux-muslspe |\
+	linux-musl )
+		os=linux
+		;;
+	*)
+		;;
+	esac
+	target="$os-${HOST_ARCH}"
+	case $target in
+	linux-arm*)
+		target=linux-armv4
+		;;
+	linux-aarch64*)
+		target=linux-aarch64
+		;;
+	linux-i?86 | linux-viac3)
+		target=linux-x86
+		;;
+	linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+		target=linux-x32
+		;;
+	linux-gnu64-x86_64)
+		target=linux-x86_64
+		;;
+	linux-mips | linux-mipsel)
+		# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+		target="linux-mips32 ${TARGET_CC_ARCH}"
+		;;
+	linux-gnun32-mips*)
+		target=linux-mips64
+		;;
+	linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
+		target=linux64-mips64
+		;;
+	linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
+		target=linux-generic32
+		;;
+	linux-powerpc)
+		target=linux-ppc
+		;;
+	linux-powerpc64)
+		target=linux-ppc64
+		;;
+	linux-powerpc64le)
+		target=linux-ppc64le
+		;;
+	linux-riscv32)
+		target=linux-generic32
+		;;
+	linux-riscv64)
+		target=linux-generic64
+		;;
+	linux-sparc | linux-supersparc)
+		target=linux-sparcv9
+		;;
+	esac
+
+	useprefix=${prefix}
+	if [ "x$useprefix" = "x" ]; then
+		useprefix=/
+	fi
+	# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+	# environment variables set by bitbake. Adjust the environment variables instead.
+	HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+	perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
+	perl ${B}/configdata.pm --dump
+}
+
+do_install () {
+	oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+
+	oe_multilib_header openssl/opensslconf.h
+
+	# Create SSL structure for packages such as ca-certificates which
+	# contain hard-coded paths to /etc/ssl. Debian does the same.
+	install -d ${D}${sysconfdir}/ssl
+	mv ${D}${libdir}/ssl-1.1/certs \
+	   ${D}${libdir}/ssl-1.1/private \
+	   ${D}${libdir}/ssl-1.1/openssl.cnf \
+	   ${D}${sysconfdir}/ssl/
+
+	# Although absolute symlinks would be OK for the target, they become
+	# invalid if native or nativesdk are relocated from sstate.
+	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
+	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
+	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+}
+
+do_install_append_class-native () {
+	create_wrapper ${D}${bindir}/openssl \
+	    OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
+	    SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
+	    SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
+	    OPENSSL_ENGINES=${libdir}/engines-1.1
+}
+
+do_install_append_class-nativesdk () {
+	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+	sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
+do_install_ptest () {
+	# Prune the build tree
+	rm -f ${B}/fuzz/*.* ${B}/test/*.*
+
+	cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+	cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
+
+	# For test_shlibload
+	ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+	ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+
+	install -d ${D}${PTEST_PATH}/apps
+	ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
+	install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
+	install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
+
+	install -d ${D}${PTEST_PATH}/engines
+	install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the openssl-bin package and the libcrypto
+# package since the openssl-bin package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
+
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
+                      ${libdir}/ssl-1.1/openssl.cnf* \
+                      "
+FILES_${PN}-engines = "${libdir}/engines-1.1"
+FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS_libcrypto += "openssl-conf"
+RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
+
+RDEPENDS_${PN}-bin += "openssl-conf"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_WHITELIST += "CVE-2019-0190"
diff --git a/meta/recipes-connectivity/portmap/portmap.inc b/meta/recipes-connectivity/portmap/portmap.inc
deleted file mode 100644
index 338af33a38..0000000000
--- a/meta/recipes-connectivity/portmap/portmap.inc
+++ /dev/null
@@ -1,17 +0,0 @@
-SUMMARY = "RPC program number mapper"
-HOMEPAGE = "http://neil.brown.name/portmap/"
-SECTION = "console/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://portmap.c;beginline=2;endline=31;md5=51ff67e66ec84b2009b017b1f94afbf4 \
-                    file://from_local.c;beginline=9;endline=35;md5=1bec938a2268b8b423c58801ace3adc1"
-
-INITSCRIPT_NAME = "portmap"
-INITSCRIPT_PARAMS = "start 10 2 3 4 5 . stop 32 0 1 6 ."
-
-inherit update-rc.d systemd
-
-SYSTEMD_SERVICE_${PN} = "portmap.service"
-
-PACKAGES =+ "portmap-utils"
-FILES_portmap-utils = "${base_sbindir}/pmap_set ${base_sbindir}/pmap_dump"
-FILES_${PN}-doc += "${docdir}"
diff --git a/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch b/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch
deleted file mode 100644
index 2fbf784b73..0000000000
--- a/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Upstream-Status: Backport
-
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 13 May 2007 21:15:12 +0000 (-0400)
-Subject: respect DESTDIR and dont use -s with install
-X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=603c59b978c04df2354f68d4a2dc676a758ff46d
-
-respect DESTDIR and dont use -s with install
-
-$(DESTDIR) is the standard for installing into other trees, not $(BASEDIR) ...
-so I've converted the Makefile to use that.  I've also left in $(BASEDIR) as a
-default to support old installs; not sure if you'd just cut it.
-
-Stripping should be left to the person to handle, not automatically done by
-the install step.  Also, `install -s` always calls `strip` which is
-wrong/undesired in cross-compiling scenarios.
-
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-Signed-off-by: Neil Brown <neilb@suse.de>
----
-
-diff --git a/Makefile b/Makefile
-index 9e9a4b4..5343428 100644
---- a/Makefile
-+++ b/Makefile
-@@ -135,13 +135,14 @@ from_local: CPPFLAGS += -DTEST
- portmap.man : portmap.8
- 	sed $(MAN_SED) < portmap.8 > portmap.man
- 
-+DESTDIR = $(BASEDIR)
- install: all
--	install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin
--	install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin
--	install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin
--	install -o root -g root -m 0644 portmap.man ${BASEDIR}/usr/share/man/man8/portmap.8
--	install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8
--	install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8
-+	install -o root -g root -m 0755 portmap $(DESTDIR)/sbin
-+	install -o root -g root -m 0755 pmap_dump $(DESTDIR)/sbin
-+	install -o root -g root -m 0755 pmap_set $(DESTDIR)/sbin
-+	install -o root -g root -m 0644 portmap.man $(DESTDIR)/usr/share/man/man8/portmap.8
-+	install -o root -g root -m 0644 pmap_dump.8 $(DESTDIR)/usr/share/man/man8
-+	install -o root -g root -m 0644 pmap_set.8 $(DESTDIR)/usr/share/man/man8
- 
- clean:
- 	rm -f *.o portmap pmap_dump pmap_set from_local \
diff --git a/meta/recipes-connectivity/portmap/portmap/portmap.init b/meta/recipes-connectivity/portmap/portmap/portmap.init
deleted file mode 100755
index 621aa171ae..0000000000
--- a/meta/recipes-connectivity/portmap/portmap/portmap.init
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-#
-### BEGIN INIT INFO
-# Provides:          portmap
-# Required-Start:    $network
-# Required-Stop:     $network
-# Default-Start:     S 2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: The RPC portmapper
-# Description:       Portmap is a server that converts RPC (Remote
-#                    Procedure Call) program numbers into DARPA
-#                    protocol port numbers. It must be running in
-#                    order to make RPC calls. Services that use
-#                    RPC include NFS and NIS.
-### END INIT INFO
-
-test -f /sbin/portmap || exit 0
-
-case "$1" in
-    start)
-	echo "Starting portmap daemon..."
-        start-stop-daemon --start --quiet --exec /sbin/portmap
-
-	if [ -f /var/run/portmap.upgrade-state ]; then
-          echo "Restoring old RPC service information..."
-          sleep 1 # needs a short pause or pmap_set won't work. :(
-	  pmap_set </var/run/portmap.upgrade-state
-	  rm -f /var/run/portmap.upgrade-state
-          echo "done."
-        fi
-
-	;;
-    stop)
-        echo "Stopping portmap daemon..."
-        start-stop-daemon --stop --quiet --exec /sbin/portmap
-	;;
-    reload)
-	;;
-    force-reload)
-        $0 restart
-	;;
-    restart)
-	# pmap_dump and pmap_set may be in a different package and not installed...
-	if [ -f /sbin/pmap_dump -a -f /sbin/pmap_set ]; then
-		do_state=1
-	else
-		do_state=0
-	fi
-	[ $do_state -eq 1 ] && pmap_dump >/var/run/portmap.state
-        $0 stop
-        $0 start
-	if [ $do_state -eq 1 ]; then
-	  if [ ! -f /var/run/portmap.upgrade-state ]; then
-            sleep 1
-	    pmap_set </var/run/portmap.state
-	  fi
-	  rm -f /var/run/portmap.state
-	fi
-	;;
-    *)
-	echo "Usage: /etc/init.d/portmap {start|stop|reload|restart}"
-	exit 1
-	;;
-esac
-
-exit 0
-
diff --git a/meta/recipes-connectivity/portmap/portmap/portmap.service b/meta/recipes-connectivity/portmap/portmap/portmap.service
deleted file mode 100644
index 7ef9d7b02e..0000000000
--- a/meta/recipes-connectivity/portmap/portmap/portmap.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=The RPC portmapper
-After=network.target
-
-[Service]
-Type=forking
-ExecStart=@BASE_SBINDIR@/portmap
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch b/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch
deleted file mode 100644
index 2f25058095..0000000000
--- a/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Upstream-Status: Backport
-
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 13 May 2007 21:17:32 +0000 (-0400)
-Subject: fix building with tcpd support disabled
-X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=7847207aed1b44faf077eed14a9ac9c68244eba5
-
-fix building with tcpd support disabled
-
-Make sure pmap_check.c only includes tcpd.h when HOSTS_ACCESS is defined.
-
-Signed-off-by: Timothy Redaelli <drizzt@gentoo.org>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-Signed-off-by: Neil Brown <neilb@suse.de>
----
-
-diff --git a/pmap_check.c b/pmap_check.c
-index 84f2c12..443a822 100644
---- a/pmap_check.c
-+++ b/pmap_check.c
-@@ -44,7 +44,9 @@
- #include <netinet/in.h>
- #include <rpc/rpcent.h>
- #endif
-+#ifdef HOSTS_ACCESS
- #include <tcpd.h>
-+#endif
- #include <arpa/inet.h>
- #include <grp.h>
- 
diff --git a/meta/recipes-connectivity/portmap/portmap_6.0.bb b/meta/recipes-connectivity/portmap/portmap_6.0.bb
deleted file mode 100644
index e727fe3cb9..0000000000
--- a/meta/recipes-connectivity/portmap/portmap_6.0.bb
+++ /dev/null
@@ -1,31 +0,0 @@
-require portmap.inc
-
-PR = "r9"
-
-SRC_URI = "http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz \
-           file://destdir-no-strip.patch \
-           file://tcpd-config.patch \
-           file://portmap.init \
-           file://portmap.service"
-
-SRC_URI[md5sum] = "ac108ab68bf0f34477f8317791aaf1ff"
-SRC_URI[sha256sum] = "02c820d39f3e6e729d1bea3287a2d8a6c684f1006fb9612f97dcad4a281d41de"
-
-S = "${WORKDIR}/${BPN}_${PV}/"
-
-PACKAGECONFIG ??= "tcp-wrappers"
-PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers"
-
-CPPFLAGS += "-DFACILITY=LOG_DAEMON -DENABLE_DNS -DHOSTS_ACCESS"
-CFLAGS += "-Wall -Wstrict-prototypes -fPIC"
-EXTRA_OEMAKE += "'NO_TCP_WRAPPER=${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', '', '1', d)}'"
-
-do_install() {
-    install -d ${D}${mandir}/man8/ ${D}${base_sbindir} ${D}${sysconfdir}/init.d
-    install -m 0755 ${WORKDIR}/portmap.init ${D}${sysconfdir}/init.d/portmap
-    oe_runmake install DESTDIR=${D}
-
-    install -d ${D}${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/portmap.service ${D}${systemd_unitdir}/system
-    sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/portmap.service
-}
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
index 51a76b4299..b5f68951d7 100644
--- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
+++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
@@ -4,8 +4,7 @@ DEPENDS = "ppp"
 RDEPENDS_${PN} = "ppp"
 PR = "r8"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
-                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
 SRC_URI = "file://host-peer \
            file://ppp-dialin"
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch
new file mode 100644
index 0000000000..65291368bd
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch
@@ -0,0 +1,124 @@
+From e50cdaed07e51f2508f94eb1f34fe43776e4ca78 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 29 May 2015 14:57:05 -0700
+Subject: [PATCH] Fix build with musl
+
+There are several assumption about glibc
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Pending
+---
+ include/net/ppp_defs.h                  | 2 ++
+ pppd/Makefile.linux                     | 2 +-
+ pppd/plugins/rp-pppoe/config.h          | 3 ++-
+ pppd/plugins/rp-pppoe/plugin.c          | 1 -
+ pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 ++++----
+ pppd/plugins/rp-pppoe/pppoe.h           | 2 +-
+ pppd/sys-linux.c                        | 3 ++-
+ 7 files changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h
+index b06eda5..dafa36c 100644
+--- a/include/net/ppp_defs.h
++++ b/include/net/ppp_defs.h
+@@ -38,6 +38,8 @@
+ #ifndef _PPP_DEFS_H_
+ #define _PPP_DEFS_H_
+ 
++#include <sys/time.h>
++
+ /*
+  * The basic PPP frame.
+  */
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 4e485a1..76411bc 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -131,7 +131,7 @@ LIBS	+= -lcrypt
+ endif
+ 
+ ifdef USE_LIBUTIL
+-CFLAGS	+= -DHAVE_LOGWTMP=1
++#CFLAGS	+= -DHAVE_LOGWTMP=1
+ LIBS	+= -lutil
+ endif
+ 
+diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h
+index a708859..4a16a88 100644
+--- a/pppd/plugins/rp-pppoe/config.h
++++ b/pppd/plugins/rp-pppoe/config.h
+@@ -78,8 +78,9 @@
+ #define HAVE_NET_IF_ARP_H 1
+ 
+ /* Define if you have the <net/ethernet.h> header file.  */
++#ifdef __GLIBC__
+ #define HAVE_NET_ETHERNET_H 1
+-
++#endif
+ /* Define if you have the <net/if.h> header file.  */
+ #define HAVE_NET_IF_H 1
+ 
+diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
+index 44e0c31..93c0906 100644
+--- a/pppd/plugins/rp-pppoe/plugin.c
++++ b/pppd/plugins/rp-pppoe/plugin.c
+@@ -46,7 +46,6 @@ static char const RCSID[] =
+ #include <unistd.h>
+ #include <fcntl.h>
+ #include <signal.h>
+-#include <net/ethernet.h>
+ #include <net/if_arp.h>
+ #include <linux/ppp_defs.h>
+ #include <linux/if_pppox.h>
+diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+index f19c6d8..f45df2c 100644
+--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
+@@ -29,10 +29,6 @@
+ #include <linux/if_packet.h>
+ #endif
+ 
+-#ifdef HAVE_NET_ETHERNET_H
+-#include <net/ethernet.h>
+-#endif
+-
+ #ifdef HAVE_ASM_TYPES_H
+ #include <asm/types.h>
+ #endif
+diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+index a4e7d5c..de191c8 100644
+--- a/pppd/plugins/rp-pppoe/pppoe.h
++++ b/pppd/plugins/rp-pppoe/pppoe.h
+@@ -90,7 +90,7 @@ typedef unsigned long UINT32_t;
+ #ifdef HAVE_SYS_SOCKET_H
+ #include <sys/socket.h>
+ #endif
+-#ifndef HAVE_SYS_DLPI_H
++#if !defined HAVE_SYS_DLPI_H && defined HAVE_NET_ETHERNET_H
+ #include <netinet/if_ether.h>
+ #endif
+ #endif
+diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
+index a0531e9..84ee394 100644
+--- a/pppd/sys-linux.c
++++ b/pppd/sys-linux.c
+@@ -112,7 +112,7 @@
+ #include <linux/types.h>
+ #include <linux/if.h>
+ #include <linux/if_arp.h>
+-#include <linux/route.h>
++/* #include <linux/route.h> */
+ #include <linux/if_ether.h>
+ #endif
+ #include <netinet/in.h>
+@@ -145,6 +145,7 @@
+ #endif
+ 
+ #ifdef INET6
++#include <net/route.h>
+ #ifndef _LINUX_IN6_H
+ /*
+  *    This is in linux/include/net/ipv6.h.
+-- 
+2.17.1
+
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
deleted file mode 100644
index 8aa2d2e678..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From ba0f6058d1f25b2b60fc31ab2656bf12a71ffdab Mon Sep 17 00:00:00 2001
-From: Lu Chong <Chong.Lu@windriver.com>
-Date: Tue, 5 Nov 2013 17:32:56 +0800
-Subject: [PATCH] ppp: Fix compilation errors in Makefile
-
-This patch fixes below issues:
-
-1. Make can't exit while compilation error occurs in subdir for plugins building.
-
-2. If build ppp with newer kernel (3.10.10), it will pick 'if_pppox.h' from sysroot-dir and
-   'if_pppol2tp.h' from its own source dir, this cause below build errors:
-
-        bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:84:26:
-        error: field 'pppol2tp' has incomplete type
-          struct pppol2tpin6_addr pppol2tp;
-                                  ^
-        bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:99:28:
-        error: field 'pppol2tp' has incomplete type
-          struct pppol2tpv3in6_addr pppol2tp;
-                                    ^
-
-The 'sysroot-dir/if_pppox.h' enabled ipv6 support but the 'source-dir/if_pppol2tp.h' lost
-related structure definitions, we should use both header files from sysroots to fix this
-build failure.
-
-Upstream-Status: Pending
-
-Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
----
- pppd/plugins/Makefile.linux          |    2 +-
- pppd/plugins/pppol2tp/Makefile.linux |    2 +-
- pppd/plugins/rp-pppoe/Makefile.linux |    2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
-index 0a7ec7b..2a2c15a 100644
---- a/pppd/plugins/Makefile.linux
-+++ b/pppd/plugins/Makefile.linux
-@@ -20,7 +20,7 @@ include .depend
- endif
- 
- all:	$(PLUGINS)
--	for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
-+	for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit 1; done
- 
- %.so: %.c
- 	$(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
-diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
-index 19eff67..feb2f52 100644
---- a/pppd/plugins/pppol2tp/Makefile.linux
-+++ b/pppd/plugins/pppol2tp/Makefile.linux
-@@ -1,6 +1,6 @@
- #CC	= gcc
- COPTS	= -O2 -g
--CFLAGS	= $(COPTS) -I. -I../.. -I../../../include -fPIC
-+CFLAGS	= $(COPTS) -I. -I../.. -fPIC
- LDFLAGS	= -shared
- INSTALL	= install
- 
-diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
-index f078991..15b9118 100644
---- a/pppd/plugins/rp-pppoe/Makefile.linux
-+++ b/pppd/plugins/rp-pppoe/Makefile.linux
-@@ -26,7 +26,7 @@ INSTALL	= install
- RP_VERSION=3.8p
- 
- COPTS=-O2 -g
--CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
-+CFLAGS=$(COPTS) '-DRP_VERSION="$(RP_VERSION)"'
- all: rp-pppoe.so pppoe-discovery
- 
- pppoe-discovery: pppoe-discovery.o debug.o
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
new file mode 100644
index 0000000000..a32f89fbc8
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
@@ -0,0 +1,43 @@
+commit cd90fd147844a0cfec101f1e2db7a3c59d236621
+Author: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date:   Wed Dec 28 14:11:22 2016 +0200
+
+pppol2tp plugin: Remove unneeded include
+
+The include is not required and will break compile on musl libc with
+    
+| In file included from pppol2tp.c:34:0:
+| /usr/include/linux/if.h:97:2: error: expected identifier before numeric constant
+|   IFF_LOWER_UP   = 1<<16, /* __volatile__ */
+
+Patch originally from Khem Raj.
+
+Upstream-Status: Pending [https://github.com/paulusmack/ppp/issues/73]
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+
+diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
+index 9643b96..458316b 100644
+--- a/pppd/plugins/pppol2tp/openl2tp.c
++++ b/pppd/plugins/pppol2tp/openl2tp.c
+@@ -47,7 +47,6 @@
+ #include <linux/if_ether.h>
+ #include <linux/ppp_defs.h>
+ #include <linux/if_ppp.h>
+-#include <linux/if_pppox.h>
+ #include <linux/if_pppol2tp.h>
+ 
+ #include "l2tp_event.h"
+diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
+index 0e28606..4f6d98c 100644
+--- a/pppd/plugins/pppol2tp/pppol2tp.c
++++ b/pppd/plugins/pppol2tp/pppol2tp.c
+@@ -46,7 +46,6 @@
+ #include <linux/if_ether.h>
+ #include <linux/ppp_defs.h>
+ #include <linux/if_ppp.h>
+-#include <linux/if_pppox.h>
+ #include <linux/if_pppol2tp.h>
+ 
+ /* should be added to system's socket.h... */
+---
+
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
new file mode 100644
index 0000000000..b7ba7ba643
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-pppd-Fix-bounds-check-in-EAP-code.patch
@@ -0,0 +1,47 @@
+From 8d7970b8f3db727fe798b65f3377fe6787575426 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Mon, 3 Feb 2020 15:53:28 +1100
+Subject: [PATCH] pppd: Fix bounds check in EAP code
+
+Given that we have just checked vallen < len, it can never be the case
+that vallen >= len + sizeof(rhostname).  This fixes the check so we
+actually avoid overflowing the rhostname array.
+
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+
+Upstream-Status: Backport
+[https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426]
+
+CVE: CVE-2020-8597
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ pppd/eap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/eap.c b/pppd/eap.c
+index 94407f5..1b93db0 100644
+--- a/pppd/eap.c
++++ b/pppd/eap.c
+@@ -1420,7 +1420,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+@@ -1846,7 +1846,7 @@ int len;
+ 		}
+ 
+ 		/* Not so likely to happen. */
+-		if (vallen >= len + sizeof (rhostname)) {
++		if (len - vallen >= sizeof (rhostname)) {
+ 			dbglog("EAP: trimming really long peer name down");
+ 			BCOPY(inp + vallen, rhostname, sizeof (rhostname) - 1);
+ 			rhostname[sizeof (rhostname) - 1] = '\0';
+-- 
+2.17.1
+
diff --git a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch b/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
deleted file mode 100644
index db4dbc27a9..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
+++ /dev/null
@@ -1,292 +0,0 @@
-This patch comes from OpenEmbedded.
-The original patch is from Debian / SuSE to implement replacedefaultroute
-Rebased it to fit ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
-
-Upstream-Status: Inappropriate [debian/suse patches]
-
-diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
---- ppp-2.4.5-orig/pppd/ipcp.c	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/pppd/ipcp.c	2010-06-30 16:40:00.478716855 +0800
-@@ -198,6 +198,16 @@
-       "disable defaultroute option", OPT_ALIAS | OPT_A2CLR,
-       &ipcp_wantoptions[0].default_route },
- 
-+#ifdef __linux__
-+    { "replacedefaultroute", o_bool,
-+                               &ipcp_wantoptions[0].replace_default_route,
-+      "Replace default route", 1
-+    },
-+    { "noreplacedefaultroute", o_bool,
-+                               &ipcp_allowoptions[0].replace_default_route,
-+      "Never replace default route", OPT_A2COPY,
-+                               &ipcp_wantoptions[0].replace_default_route },
-+#endif
-     { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp,
-       "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp },
-     { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp,
-@@ -271,7 +281,7 @@
-     ip_active_pkt
- };
- 
--static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t));
-+static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool));
- static void ipcp_script __P((char *, int));	/* Run an up/down script */
- static void ipcp_script_done __P((void *));
- 
-@@ -1742,7 +1752,12 @@
-     if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE))
- 	return 0;
-     if (wo->default_route)
-+#ifndef __linux__
- 	if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr))
-+#else
-+	if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr,
-+                                            wo->replace_default_route))
-+#endif
- 	    default_route_set[u] = 1;
-     if (wo->proxy_arp)
- 	if (sifproxyarp(u, wo->hisaddr))
-@@ -1830,7 +1845,8 @@
-      */
-     if (demand) {
- 	if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) {
--	    ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr);
-+	    ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, 
-+				      wo->replace_default_route);
- 	    if (go->ouraddr != wo->ouraddr) {
- 		warn("Local IP address changed to %I", go->ouraddr);
- 		script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
-@@ -1855,7 +1871,12 @@
- 
- 	    /* assign a default route through the interface if required */
- 	    if (ipcp_wantoptions[f->unit].default_route) 
-+#ifndef __linux__
- 		if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr))
-+#else
-+		if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr,
-+					     wo->replace_default_route))
-+#endif
- 		    default_route_set[f->unit] = 1;
- 
- 	    /* Make a proxy ARP entry if requested. */
-@@ -1905,7 +1926,12 @@
- 
- 	/* assign a default route through the interface if required */
- 	if (ipcp_wantoptions[f->unit].default_route) 
-+#ifndef __linux__
- 	    if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr))
-+#else
-+	    if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr,
-+					 wo->replace_default_route))
-+#endif
- 		default_route_set[f->unit] = 1;
- 
- 	/* Make a proxy ARP entry if requested. */
-@@ -1983,7 +2009,7 @@
- 	sifnpmode(f->unit, PPP_IP, NPMODE_DROP);
- 	sifdown(f->unit);
- 	ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr,
--			 ipcp_hisoptions[f->unit].hisaddr);
-+			 ipcp_hisoptions[f->unit].hisaddr, 0);
-     }
- 
-     /* Execute the ip-down script */
-@@ -1999,12 +2025,21 @@
-  * proxy arp entries, etc.
-  */
- static void
--ipcp_clear_addrs(unit, ouraddr, hisaddr)
-+ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute)
-     int unit;
-     u_int32_t ouraddr;  /* local address */
-     u_int32_t hisaddr;  /* remote address */
-+    bool replacedefaultroute;
- {
--    if (proxy_arp_set[unit]) {
-+    /* If replacedefaultroute, sifdefaultroute will be called soon
-+     * with replacedefaultroute set and that will overwrite the current
-+     * default route. This is the case only when doing demand, otherwise
-+     * during demand, this cifdefaultroute would restore the old default
-+     * route which is not what we want in this case. In the non-demand
-+     * case, we'll delete the default route and restore the old if there
-+     * is one saved by an sifdefaultroute with replacedefaultroute.
-+     */
-+    if (!replacedefaultroute && default_route_set[unit]) {
- 	cifproxyarp(unit, hisaddr);
- 	proxy_arp_set[unit] = 0;
-     }
-diff -urN ppp-2.4.5-orig/pppd/ipcp.h ppp-2.4.5/pppd/ipcp.h
---- ppp-2.4.5-orig/pppd/ipcp.h	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/ipcp.h	2010-06-30 16:40:49.586203129 +0800
-@@ -70,6 +70,7 @@
-     bool old_addrs;		/* Use old (IP-Addresses) option? */
-     bool req_addr;		/* Ask peer to send IP address? */
-     bool default_route;		/* Assign default route through interface? */
-+    bool replace_default_route; /* Replace default route through interface? */
-     bool proxy_arp;		/* Make proxy ARP entry for peer? */
-     bool neg_vj;		/* Van Jacobson Compression? */
-     bool old_vj;		/* use old (short) form of VJ option? */
-diff -urN ppp-2.4.5-orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8
---- ppp-2.4.5-orig/pppd/pppd.8	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/pppd.8	2010-06-30 16:42:47.102413859 +0800
-@@ -121,6 +121,13 @@
- This entry is removed when the PPP connection is broken.  This option
- is privileged if the \fInodefaultroute\fR option has been specified.
- .TP
-+.B replacedefaultroute
-+This option is a flag to the defaultroute option. If defaultroute is
-+set and this flag is also set, pppd replaces an existing default route
-+with the new default route.
-+
-+
-+.TP
- .B disconnect \fIscript
- Execute the command specified by \fIscript\fR, by passing it to a
- shell, after
-@@ -717,7 +724,12 @@
- .TP
- .B nodefaultroute
- Disable the \fIdefaultroute\fR option.  The system administrator who
--wishes to prevent users from creating default routes with pppd
-+wishes to prevent users from adding a default route with pppd
-+can do so by placing this option in the /etc/ppp/options file.
-+.TP
-+.B noreplacedefaultroute
-+Disable the \fIreplacedefaultroute\fR option. The system administrator who
-+wishes to prevent users from replacing a default route with pppd
- can do so by placing this option in the /etc/ppp/options file.
- .TP
- .B nodeflate
-diff -urN ppp-2.4.5-orig/pppd/pppd.h ppp-2.4.5/pppd/pppd.h
---- ppp-2.4.5-orig/pppd/pppd.h	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/pppd/pppd.h	2010-06-30 16:43:36.514148327 +0800
-@@ -643,7 +643,11 @@
- int  cif6addr __P((int, eui64_t, eui64_t));
- 				/* Remove an IPv6 address from i/f */
- #endif
-+#ifndef __linux__
- int  sifdefaultroute __P((int, u_int32_t, u_int32_t));
-+#else
-+int  sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt));
-+#endif
- 				/* Create default route through i/f */
- int  cifdefaultroute __P((int, u_int32_t, u_int32_t));
- 				/* Delete default route through i/f */
-diff -urN ppp-2.4.5-orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c
---- ppp-2.4.5-orig/pppd/sys-linux.c	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/pppd/sys-linux.c	2010-06-30 16:54:00.362716231 +0800
-@@ -206,6 +206,8 @@
- 
- static int	if_is_up;	/* Interface has been marked up */
- static int	have_default_route;	/* Gateway for default route added */
-+static struct rtentry old_def_rt;       /* Old default route */
-+static int       default_rt_repl_rest;  /* replace and restore old default rt */
- static u_int32_t proxy_arp_addr;	/* Addr for proxy arp entry added */
- static char proxy_arp_dev[16];		/* Device for proxy arp entry */
- static u_int32_t our_old_addr;		/* for detecting address changes */
-@@ -1537,6 +1539,9 @@
- 	p = NULL;
-     }
- 
-+    SET_SA_FAMILY (rt->rt_dst,     AF_INET);
-+    SET_SA_FAMILY (rt->rt_gateway, AF_INET);
-+
-     SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16);
-     SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16);
-     SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16);
-@@ -1606,20 +1611,51 @@
- /********************************************************************
-  *
-  * sifdefaultroute - assign a default route through the address given.
-- */
--
--int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway)
--{
--    struct rtentry rt;
--
--    if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) {
--	if (rt.rt_flags & RTF_GATEWAY)
--	    error("not replacing existing default route via %I",
--		  SIN_ADDR(rt.rt_gateway));
--	else
--	    error("not replacing existing default route through %s",
--		  rt.rt_dev);
--	return 0;
-+ *
-+ * If the global default_rt_repl_rest flag is set, then this function
-+ * already replaced the original system defaultroute with some other
-+ * route and it should just replace the current defaultroute with
-+ * another one, without saving the current route. Use: demand mode,
-+ * when pppd sets first a defaultroute it it's temporary ppp0 addresses
-+ * and then changes the temporary addresses to the addresses for the real
-+ * ppp connection when it has come up.
-+ */
-+
-+int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace)
-+{
-+    struct rtentry rt, tmp_rt;
-+    struct rtentry *del_rt = NULL;
-+
-+    if (default_rt_repl_rest) {
-+	/* We have already reclaced the original defaultroute, if we
-+         * are called again, we will delete the current default route
-+         * and set the new default route in this function.  
-+         * - this is normally only the case the doing demand: */
-+	if (defaultroute_exists( &tmp_rt ))
-+		del_rt = &tmp_rt;
-+    } else if ( defaultroute_exists( &old_def_rt                ) &&
-+	                     strcmp(  old_def_rt.rt_dev, ifname ) != 0) {
-+	/* We did not yet replace an existing default route, let's
-+	 * check if we should save and replace a default route:
-+         */
-+	u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway);
-+	if (old_gateway != gateway) {
-+	    if (!replace) {
-+	        error("not replacing default route to %s [%I]",
-+			old_def_rt.rt_dev, old_gateway);
-+		return 0;
-+	    } else {
-+		// we need to copy rt_dev because we need it permanent too:
-+		char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1);
-+		strcpy(tmp_dev, old_def_rt.rt_dev);
-+		old_def_rt.rt_dev = tmp_dev;
-+
-+		notice("replacing old default route to %s [%I]",
-+			old_def_rt.rt_dev, old_gateway);
-+	        default_rt_repl_rest = 1;
-+		del_rt = &old_def_rt;
-+	    }
-+	}
-     }
- 
-     memset (&rt, 0, sizeof (rt));
-@@ -1638,6 +1674,12 @@
- 	    error("default route ioctl(SIOCADDRT): %m");
- 	return 0;
-     }
-+    if (default_rt_repl_rest && del_rt)
-+        if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) {
-+	    if ( ! ok_error ( errno ))
-+	        error("del old default route ioctl(SIOCDELRT): %m(%d)", errno);
-+	    return 0;
-+        }
- 
-     have_default_route = 1;
-     return 1;
-@@ -1673,6 +1715,16 @@
- 	    return 0;
- 	}
-     }
-+    if (default_rt_repl_rest) {
-+	notice("restoring old default route to %s [%I]",
-+			old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway));
-+        if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) {
-+	    if ( ! ok_error ( errno ))
-+	        error("restore default route ioctl(SIOCADDRT): %m(%d)", errno);
-+	    return 0;
-+        }
-+        default_rt_repl_rest = 0;
-+    }
- 
-     return 1;
- }
diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
index c9edb30597..c5a0be86f5 100644
--- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
+++ b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
@@ -3,6 +3,7 @@ ppp: Buffer overflow in radius plugin
 From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450
 
 Upstream-Status: Backport
+CVE: CVE-2015-3310
 
 On systems with more than 65535 processes running, pppd aborts when
 sending a "start" accounting message to the RADIUS server because of a
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
index d59717ebd3..614a474c37 100644
--- a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
+++ b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
@@ -1,3 +1,8 @@
+From 505705d0e1b55ce3fdc10d0e5eab5488f869adb6 Mon Sep 17 00:00:00 2001
+From: Andreas Oberritter <obi@opendreambox.org>
+Date: Thu, 1 Jul 2010 14:34:12 +0800
+Subject: [PATCH] ppp: Upgraded to version 2.4.5
+
 The patch comes from OpenEmbedded.
 Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
 
@@ -6,23 +11,15 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
 
 Upstream-Status: Inappropriate [configuration]
 
-diff -urN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
---- ppp-2.4.5-orig/pppd/Makefile.linux	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/Makefile.linux	2010-06-30 17:08:21.806363042 +0800
-@@ -117,10 +117,10 @@
- #LIBS     += -lshadow $(LIBS)
- endif
- 
--ifneq ($(wildcard /usr/include/crypt.h),)
-+#ifneq ($(wildcard /usr/include/crypt.h),)
- CFLAGS  += -DHAVE_CRYPT_H=1
- LIBS	+= -lcrypt
--endif
-+#endif
- 
- ifdef NEEDDES
- ifndef USE_CRYPT
-@@ -169,10 +169,10 @@
+---
+ pppd/Makefile.linux | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 4e485a1..44c4193 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -188,10 +188,10 @@ LIBS	+= -ldl
  endif
  
  ifdef FILTER
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile.patch b/meta/recipes-connectivity/ppp/ppp/makefile.patch
index 2d09baf5d0..25b8ded441 100644
--- a/meta/recipes-connectivity/ppp/ppp/makefile.patch
+++ b/meta/recipes-connectivity/ppp/ppp/makefile.patch
@@ -1,12 +1,27 @@
+From f7fb1d1abfa6d208fb40fca1602e0c488108f1b5 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard@openedhand.com>
+Date: Wed, 31 Aug 2005 10:45:47 +0000
+Subject: [PATCH] Initial population
+
 The patch comes from OpenEmbedded
 Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
 
 Upstream-Status: Inappropriate [configuration]
 
-diff -ruN ppp-2.4.5-orig/chat/Makefile.linux ppp-2.4.5/chat/Makefile.linux
---- ppp-2.4.5-orig/chat/Makefile.linux	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/chat/Makefile.linux	2010-06-30 15:51:30.450118446 +0800
-@@ -25,7 +25,7 @@
+---
+ chat/Makefile.linux                  |  2 +-
+ pppd/Makefile.linux                  |  4 ++--
+ pppd/plugins/radius/Makefile.linux   | 10 +++++-----
+ pppd/plugins/rp-pppoe/Makefile.linux |  4 ++--
+ pppdump/Makefile.linux               |  2 +-
+ pppstats/Makefile.linux              |  2 +-
+ 6 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/chat/Makefile.linux b/chat/Makefile.linux
+index 0732ec8..f082dab 100644
+--- a/chat/Makefile.linux
++++ b/chat/Makefile.linux
+@@ -25,7 +25,7 @@ chat.o:	chat.c
  
  install: chat
  	mkdir -p $(BINDIR) $(MANDIR)
@@ -15,10 +30,11 @@ diff -ruN ppp-2.4.5-orig/chat/Makefile.linux ppp-2.4.5/chat/Makefile.linux
  	$(INSTALL) -c -m 644 chat.8 $(MANDIR)
  
  clean:
-diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
---- ppp-2.4.5-orig/pppd/Makefile.linux	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/Makefile.linux	2010-06-30 15:52:11.214170607 +0800
-@@ -99,7 +99,7 @@
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 9664f70..4e485a1 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -107,7 +107,7 @@ ifdef USE_SRP
  CFLAGS	+= -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
  LIBS	+= -lsrp -L/usr/local/ssl/lib -lcrypto
  TARGETS	+= srp-entry
@@ -27,7 +43,7 @@ diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
  MANPAGES += srp-entry.8
  EXTRACLEAN += srp-entry.o
  NEEDDES=y
-@@ -200,7 +200,7 @@
+@@ -219,7 +219,7 @@ all: $(TARGETS)
  install: pppd
  	mkdir -p $(BINDIR) $(MANDIR)
  	$(EXTRAINSTALL)
@@ -36,10 +52,11 @@ diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
  	if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
  	  chmod o-rx,u+s $(BINDIR)/pppd; fi
  	$(INSTALL) -c -m 444 pppd.8 $(MANDIR)
-diff -ruN ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.5/pppd/plugins/radius/Makefile.linux
---- ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux	2010-06-30 15:51:12.047676187 +0800
-+++ ppp-2.4.5/pppd/plugins/radius/Makefile.linux	2010-06-30 15:53:47.750182267 +0800
-@@ -36,11 +36,11 @@
+diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
+index e702263..af57ae3 100644
+--- a/pppd/plugins/radius/Makefile.linux
++++ b/pppd/plugins/radius/Makefile.linux
+@@ -36,11 +36,11 @@ all: $(PLUGIN)
  
  install: all
  	$(INSTALL) -d -m 755 $(LIBDIR)
@@ -55,11 +72,12 @@ diff -ruN ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.5/pppd/plugi
 +	$(INSTALL) -m 444 pppd-radattr.8 $(MANDIR)
  
  radius.so: radius.o libradiusclient.a
- 	$(CC) -o radius.so -shared radius.o libradiusclient.a
-diff -ruN ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux
---- ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux	2010-06-30 15:51:12.047676187 +0800
-+++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux	2010-06-30 15:53:15.454486877 +0800
-@@ -43,9 +43,9 @@
+ 	$(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
+diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
+index 749ccc2..2c93f4a 100644
+--- a/pppd/plugins/rp-pppoe/Makefile.linux
++++ b/pppd/plugins/rp-pppoe/Makefile.linux
+@@ -43,9 +43,9 @@ rp-pppoe.so: plugin.o discovery.o if.o common.o
  
  install: all
  	$(INSTALL) -d -m 755 $(LIBDIR)
@@ -71,20 +89,22 @@ diff -ruN ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5/pppd/plu
  
  clean:
  	rm -f *.o *.so pppoe-discovery
-diff -ruN ppp-2.4.5-orig/pppdump/Makefile.linux ppp-2.4.5/pppdump/Makefile.linux
---- ppp-2.4.5-orig/pppdump/Makefile.linux	2010-06-30 15:51:12.058183383 +0800
-+++ ppp-2.4.5/pppdump/Makefile.linux	2010-06-30 15:52:25.762183537 +0800
-@@ -17,5 +17,5 @@
+diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
+index cdf7ac4..0457561 100644
+--- a/pppdump/Makefile.linux
++++ b/pppdump/Makefile.linux
+@@ -17,5 +17,5 @@ clean:
  
  install:
  	mkdir -p $(BINDIR) $(MANDIR)
 -	$(INSTALL) -s -c pppdump $(BINDIR)
 +	$(INSTALL) -c pppdump $(BINDIR)
  	$(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
-diff -ruN ppp-2.4.5-orig/pppstats/Makefile.linux ppp-2.4.5/pppstats/Makefile.linux
---- ppp-2.4.5-orig/pppstats/Makefile.linux	2010-06-30 15:51:12.058183383 +0800
-+++ ppp-2.4.5/pppstats/Makefile.linux	2010-06-30 15:52:42.486341081 +0800
-@@ -22,7 +22,7 @@
+diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
+index 71afbe6..1819370 100644
+--- a/pppstats/Makefile.linux
++++ b/pppstats/Makefile.linux
+@@ -22,7 +22,7 @@ all: pppstats
  
  install: pppstats
  	-mkdir -p $(MANDIR)
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.8.bb
index adc38e10b4..f9c60d6bad 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.8.bb
@@ -4,16 +4,15 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
 SECTION = "console/network"
 HOMEPAGE = "http://samba.org/ppp/"
 BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
-DEPENDS = "libpcap"
+DEPENDS = "libpcap openssl virtual/crypt"
 LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
 LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
                     file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
                     file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
                     file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
 
-SRC_URI = "http://ppp.samba.org/ftp/ppp/ppp-${PV}.tar.gz \
+SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
            file://makefile.patch \
-           file://cifdefroute.patch \
            file://pppd-resolv-varrun.patch \
            file://makefile-remove-hard-usr-reference.patch \
            file://pon \
@@ -27,13 +26,17 @@ SRC_URI = "http://ppp.samba.org/ftp/ppp/ppp-${PV}.tar.gz \
            file://pap \
            file://ppp_on_boot \
            file://provider \
-           file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \
            file://ppp@.service \
            file://fix-CVE-2015-3310.patch \
-"
+           file://0001-ppp-Remove-unneeded-include.patch \
+           file://0001-pppd-Fix-bounds-check-in-EAP-code.patch \
+           "
 
-SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a"
-SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30"
+SRC_URI_append_libc-musl = "\
+           file://0001-Fix-build-with-musl.patch \
+"
+SRC_URI[md5sum] = "2ca8342b9804be15103fd3f687af701c"
+SRC_URI[sha256sum] = "f6bf89beae26b2943dff8f1003533d6a5a4909a0fa6edfbec44fe039bbe61bc6"
 
 inherit autotools-brokensep systemd
 
@@ -44,7 +47,7 @@ EXTRA_OECONF = "--disable-strip"
 # Package Makefile computes CFLAGS, referencing COPTS.
 # Typically hard-coded to '-O2 -g' in the Makefile's.
 #
-EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'
+EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
 
 do_configure () {
 	oe_runconf
@@ -75,10 +78,13 @@ do_install_append () {
 	chmod u+s ${D}${sbindir}/pppd
 }
 
+do_install_append_libc-musl () {
+	install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h
+}
+
 CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
 PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools"
 FILES_${PN}        = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service"
-FILES_${PN}-dbg += "${libdir}/pppd/${PV}/.debug"
 FILES_${PN}-oa       = "${libdir}/pppd/${PV}/pppoatm.so"
 FILES_${PN}-oe       = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so"
 FILES_${PN}-radius   = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so"
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.77.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb
index 916b9f2ae4..f0ffc82241 100644
--- a/meta/recipes-connectivity/resolvconf/resolvconf_1.77.bb
+++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.83.bb
@@ -11,13 +11,18 @@ AUTHOR = "Thomas Hood"
 HOMEPAGE = "http://packages.debian.org/resolvconf"
 RDEPENDS_${PN} = "bash"
 
-SRC_URI = "http://snapshot.debian.org/archive/debian/20150511T214718Z/pool/main/r/${BPN}/${BPN}_${PV}.tar.xz \
+SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https \
            file://fix-path-for-busybox.patch \
            file://99_resolvconf \
           "
 
-SRC_URI[md5sum] = "7362d766e47bfc253500f42b30330d9f"
-SRC_URI[sha256sum] = "5a6e21e8ba6822a5f93075c8c8fe7977e34780ba551af51930d0b31fdd99ab56"
+SRCREV = "d001dd2b7ce4c854eaa29e46b9640ab66c6e70bb"
+
+S = "${WORKDIR}/git"
+
+# the package is taken from snapshots.debian.org; that source is static and goes stale
+# so we check the latest upstream from a directory that does get updated
+UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/r/resolvconf/"
 
 inherit allarch
 
diff --git a/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch b/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
deleted file mode 100644
index aa4db65a79..0000000000
--- a/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c6f0080b55679b6e8b5d332d6e05fdcbda1e4064 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 4 May 2015 00:58:47 -0700
-Subject: [PATCH] Makefile.in: fix for parallel build
-
-Fixed:
-vsnprintf_r.o: file not recognized: File truncated
-collect2: error: ld returned 3 exit status
-Makefile:122: recipe for target 'filan' failed
-
-Let filan depend on vsnprintf_r.o and snprinterr.o to fix the issue.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- Makefile.in |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index f2a6edb..88b784b 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -118,7 +118,7 @@ PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysut
- procan: $(PROCAN_OBJS)
- 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(PROCAN_OBJS) $(CLIBS)
- 
--filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o
-+filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o
- 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o $(CLIBS)
- 
- libxio.a: $(XIOOBJS) $(UTLOBJS)
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.0.bb b/meta/recipes-connectivity/socat/socat_1.7.3.0.bb
deleted file mode 100644
index b58e0a73ea..0000000000
--- a/meta/recipes-connectivity/socat/socat_1.7.3.0.bb
+++ /dev/null
@@ -1,38 +0,0 @@
-SUMMARY = "Multipurpose relay for bidirectional data transfer"
-DESCRIPTION = "Socat is a relay for bidirectional data \
-transfer between two independent data channels."
-HOMEPAGE = "http://www.dest-unreach.org/socat/"
-
-SECTION = "console/network"
-
-DEPENDS = "openssl readline"
-
-LICENSE = "GPL-2.0+-with-OpenSSL-exception"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f"
-
-
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
-           file://Makefile.in-fix-for-parallel-build.patch \
-"
-
-SRC_URI[md5sum] = "b607edb65bc6c57f4a43f06247504274"
-SRC_URI[sha256sum] = "0767e850c0329b9fdf711c6cd468565cbbb28786ba1a8a1cbd5531d4016b3e04"
-
-inherit autotools
-
-EXTRA_AUTORECONF += "--exclude=autoheader"
-
-EXTRA_OECONF += "ac_cv_have_z_modifier=yes sc_cv_sys_crdly_shift=9 \
-        sc_cv_sys_tabdly_shift=11 sc_cv_sys_csize_shift=4 \
-        ac_cv_ispeed_offset=13 \
-        ac_cv_header_bsd_libutil_h=no \
-"
-
-PACKAGECONFIG ??= "tcp-wrappers"
-PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
-
-do_install_prepend () {
-    mkdir -p ${D}${bindir}
-    install -d ${D}${bindir} ${D}${mandir}/man1
-}
diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.4.bb b/meta/recipes-connectivity/socat/socat_1.7.3.4.bb
new file mode 100644
index 0000000000..9b0d4071ac
--- /dev/null
+++ b/meta/recipes-connectivity/socat/socat_1.7.3.4.bb
@@ -0,0 +1,54 @@
+SUMMARY = "Multipurpose relay for bidirectional data transfer"
+DESCRIPTION = "Socat is a relay for bidirectional data \
+transfer between two independent data channels."
+HOMEPAGE = "http://www.dest-unreach.org/socat/"
+
+SECTION = "console/network"
+
+DEPENDS = "openssl"
+
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f"
+
+SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+"
+
+SRC_URI[md5sum] = "3cca4f8cd9d2d1caabd9cc099451bac9"
+SRC_URI[sha256sum] = "972374ca86f65498e23e3259c2ee1b8f9dbeb04d12c2a78c0c9b5d1cb97dfdfc"
+
+inherit autotools
+
+EXTRA_AUTORECONF += "--exclude=autoheader"
+
+EXTRA_OECONF += "ac_cv_have_z_modifier=yes \
+                 ac_cv_header_bsd_libutil_h=no \
+                 sc_cv_termios_ispeed=no \
+                 ${TERMBITS_SHIFTS} \
+"
+
+TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \
+                    sc_cv_sys_tabdly_shift=11 \
+                    sc_cv_sys_csize_shift=4"
+
+TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \
+                           sc_cv_sys_tabdly_shift=10 \
+                           sc_cv_sys_csize_shift=8"
+
+TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \
+                             sc_cv_sys_tabdly_shift=10 \
+                             sc_cv_sys_csize_shift=8"
+
+PACKAGECONFIG_class-target ??= "tcp-wrappers readline"
+PACKAGECONFIG ??= "readline"
+PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline"
+
+CFLAGS += "-fcommon"
+
+do_install_prepend () {
+    mkdir -p ${D}${bindir}
+    install -d ${D}${bindir} ${D}${mandir}/man1
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key
new file mode 100644
index 0000000000..30443c9438
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key
new file mode 100644
index 0000000000..86c2104ec8
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRJR6iZxr/NTqQN9NOwV+WPtu42r2eF
+rJ0xsnlqw5bpmfz6aDR8RQvVHUZjRGQfR/RXPbQ5x+bjjdm176TuXNhHAAAAqAoE27MKBN
+uzAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA30
+07BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2E
+cAAAAgLiHv/IWhxwosz9BiNILOOPlXaueL5hVTBKUJkpOi48sAAAANcm9vdEBxZW11bWlw
+cwECAw==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub
new file mode 100644
index 0000000000..a358aeb88a
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA3007BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2Ec= root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key
new file mode 100644
index 0000000000..00ed9adae2
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbwAAAJChFtV0oRbV
+dAAAAAtzc2gtZWQyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbw
+AAAEA8UiUsygsTbP0HkDi5leXpQaVXihDyCHeitkBCItJGhcdIVMBsnc5N3WvUTwbkmV4K
+awkSlAeZ1Ma0xxirBZtvAAAADXJvb3RAcWVtdW1pcHM=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000000..cc0e2f43ed
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdIVMBsnc5N3WvUTwbkmV4KawkSlAeZ1Ma0xxirBZtv root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key
new file mode 100644
index 0000000000..a8e4406ba3
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA2Q6dzF1xziCQCFq+e+Fv6w0607gNlyKnkhuoRq8G7/HEqXU2eEtC
+i3AMUrAP8k7s9kP5vI5CyfSgFuC9MxDV2YL2bsmvRxBSKgg6KbNxkoTaFBqyqHopuWQca8
+KRahvzt5dh9fsmeqamIwgMWKTSwtDHcsbyt84nmO2Z2ZrNXobgueMIj+HiJVgmWn86FQFL
+EoONAA+qb4SciPsxvmTlaQ/DMAh3llVo/IMLD9oyAyAI2kbHNnZttlYv5TmY7ICd3yCW8z
+PXrxNcEF3Qs1d68gVJxLjLKTlYGzJW2J+RwY+1DJZ0w4lozeQiZXTXVtzcJB0tm2DcvQMz
+kqyARmncSUwcPbEClEW6Y2xQnLeSHjexzlCCndiUbBTeG5iRl4OL6DN40iI9Lw2VROtj2Y
+59n9PCfaoUs08dsgJLaNrDbRHrCRLSdZJ6OQFiC/nAx/t4e4+wdUgNOqLyJqomdNdaLXPq
+tzr9ssrcY5j1DmmwKtzfTI5VM9LRQo+REIiUCNTFAAAFiFh232tYdt9rAAAAB3NzaC1yc2
+EAAAGBANkOncxdcc4gkAhavnvhb+sNOtO4DZcip5IbqEavBu/xxKl1NnhLQotwDFKwD/JO
+7PZD+byOQsn0oBbgvTMQ1dmC9m7Jr0cQUioIOimzcZKE2hQasqh6KblkHGvCkWob87eXYf
+X7JnqmpiMIDFik0sLQx3LG8rfOJ5jtmdmazV6G4LnjCI/h4iVYJlp/OhUBSxKDjQAPqm+E
+nIj7Mb5k5WkPwzAId5ZVaPyDCw/aMgMgCNpGxzZ2bbZWL+U5mOyAnd8glvMz168TXBBd0L
+NXevIFScS4yyk5WBsyVtifkcGPtQyWdMOJaM3kImV011bc3CQdLZtg3L0DM5KsgEZp3ElM
+HD2xApRFumNsUJy3kh43sc5Qgp3YlGwU3huYkZeDi+gzeNIiPS8NlUTrY9mOfZ/Twn2qFL
+NPHbICS2jaw20R6wkS0nWSejkBYgv5wMf7eHuPsHVIDTqi8iaqJnTXWi1z6rc6/bLK3GOY
+9Q5psCrc30yOVTPS0UKPkRCIlAjUxQAAAAMBAAEAAAGAGIj+bUtiwdoMbeVUAszIydkE/U
+mgv6S7LFjT/KlsL1M017LYJWDcdMaFnhMouksRngSxBg9OnWV5cxyURmFwytVy5bMGjRHb
+N8UWTgBqphU+UWdzKngkn0AhtkyYA1aFhgsml5d8EgEkZnFSc/KtoDfZU7AJX519/FtfOK
+m27Shx3pE7Nohh97avHyuidR1gTwdvuMIMke57g0BhrxPYmredaKCMZAHjjCeD6JbRcGj+
+ly3I9u8MF8BGSbLpBlLDUFCwP8G5CdmMua8bPJYhPSRqMLQhclI7hc6FaYk+gZV9B74Iv/
+SAxcCwI97dNbE0IAsbbWoUdoKGpAYQ5gOdhu5ioqZwKWjNjB3Xx48mq8xtmIR9HEnYzEnk
+b/tDWNRWrGkvNK7vpLvnbsSSKBqOAbMzmQdJxogTgjE5doSmu2/krIMR6KUcUox2ZrR8Ot
+JM6bXyNFBviiXmYvw/SZTDrVJu8BPMu5EMS5pBl8jPFBGI/ePk4qg7lWAJeQ89ThtBAAAA
+wQDEU4HjomWwJsn9UWdoodXTV5aPY9B1OPkmYnRPtsjSAcXgtBzUXMEOsmXODOK3aQjsE0
+jQKpWDAUcUf6KKZKRehxUN4MlwujCG9czn65S6B8BsP1YUfZQjpNyub8vDBfeKzlxKBEEM
+lb4iBT+LEGkihK13H5CbqRg1GDAThZzwrV4pj3S40zgyHhn8JjK4x4djEY6NwkWH8E2DgD
+8vYG/FKh5E/VIZtCgtAHa4QNAgGB4VMRn1VpSJzxjCxb1wancAAADBAPT7F34WYEI3Vc52
+p1U5rPa6dZtg5QM14V0+KtMlb3frd0/F+JVj4t6COQ8J9pkOuD0YjOYJuFXIWAAYIjCdWt
+cbTi/sSERawOWxrgSwJo2vjt5izrBQtr3N8tiB6KDGa5sdgJl5XzJ0SsdStfBbyhcJO4RV
+p9lc+X8OsUfFsClmyIs45vlxBRH06DP6/zmYCAmqvlrfZJKqlpKAEWDDObRy/3+mSNhZ0J
+BdmncASiASRlPPIoIHznyA1COUn6+TnwAAAMEA4tH89Dez2JauyPVeCyHAC680vrBKjmMx
+WYdpq2Xzd/LNl2L9oc0IEZzerLTuaCh6qsbbk2wWj1nrYXvefz/xUtDR427tvRXckcsWhP
+2HYohdYBkwTpp9QuscIV76GdwbTImuNEzvABH1hpTG6DSzqeyf/EVmSq07nptJIs5lpU49
+tW2aWraSvswHR9xfts1U79w9f4BNDy1rTmfuLERTRNF/T9CIFsk9tArLUNT64mhHtoEs8F
+9AyGuq6v49bN0bAAAADXJvb3RAcWVtdW1pcHMBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub
new file mode 100644
index 0000000000..9eb8c3838f
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZDp3MXXHOIJAIWr574W/rDTrTuA2XIqeSG6hGrwbv8cSpdTZ4S0KLcAxSsA/yTuz2Q/m8jkLJ9KAW4L0zENXZgvZuya9HEFIqCDops3GShNoUGrKoeim5ZBxrwpFqG/O3l2H1+yZ6pqYjCAxYpNLC0MdyxvK3zieY7ZnZms1ehuC54wiP4eIlWCZafzoVAUsSg40AD6pvhJyI+zG+ZOVpD8MwCHeWVWj8gwsP2jIDIAjaRsc2dm22Vi/lOZjsgJ3fIJbzM9evE1wQXdCzV3ryBUnEuMspOVgbMlbYn5HBj7UMlnTDiWjN5CJldNdW3NwkHS2bYNy9AzOSrIBGadxJTBw9sQKURbpjbFCct5IeN7HOUIKd2JRsFN4bmJGXg4voM3jSIj0vDZVE62PZjn2f08J9qhSzTx2yAkto2sNtEesJEtJ1kno5AWIL+cDH+3h7j7B1SA06ovImqiZ011otc+q3Ov2yytxjmPUOabAq3N9MjlUz0tFCj5EQiJQI1MU= root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
new file mode 100644
index 0000000000..ddd10e6eeb
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
@@ -0,0 +1,19 @@
+SUMMARY = "Pre generated host keys mainly for speeding up our qemu tests"
+
+SRC_URI = "file://dropbear_rsa_host_key \
+           file://openssh"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+do_install () {
+	install -d ${D}${sysconfdir}/dropbear
+	install ${WORKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/
+
+	install -d ${D}${sysconfdir}/ssh
+	install ${WORKDIR}/openssh/* ${D}${sysconfdir}/ssh/
+	chmod 0600 ${D}${sysconfdir}/ssh/*
+	chmod 0644 ${D}${sysconfdir}/ssh/*.pub
+}
\ No newline at end of file
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch
deleted file mode 100644
index f34e243de9..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-wireless_tools: Avoid stripping iwmulticall
-
-Upstream-Status: Inappropriate [other]
-  The removed code was from upstream.
-
-Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-
-diff -ur wireless_tools.29.orig/Makefile wireless_tools.29/Makefile
---- wireless_tools.29.orig/Makefile	2011-06-18 11:35:12.183907453 -0500
-+++ wireless_tools.29/Makefile	2011-06-18 11:38:09.995907985 -0500
-@@ -135,9 +135,8 @@
- 
- macaddr: macaddr.o $(IWLIB)
- 
--# Always do symbol stripping here
- iwmulticall: iwmulticall.o
--	$(CC) $(LDFLAGS) -Wl,-s $(XCFLAGS) -o $@ $^ $(LIBS)
-+	$(CC) $(LDFLAGS) $(STRIPFLAGS) $(XCFLAGS) -o $@ $^ $(LIBS)
- 
- # It's a kind of magic...
- wireless.h:
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch
deleted file mode 100644
index 6c0d8cbd2e..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-wireless-tools: Remove QA warning: No GNU_HASH in the elf binary
-
-Upstream-Status: Inappropriate [other]
-  Useful within bitbake environment only.
-
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
----
- Makefile |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- wireless_tools.29.orig/Makefile
-+++ wireless_tools.29/Makefile
-@@ -144,7 +144,7 @@ wireless.h:
- 
- # Compilation of the dynamic library
- $(DYNAMIC): $(OBJS:.o=.so)
--	$(CC) -shared -o $@ -Wl,-soname,$@ $(STRIPFLAGS) $(LIBS) -lc $^
-+	$(CC) -shared -o $@ -Wl,-soname,$@ $(LDFLAGS) $(STRIPFLAGS) $(LIBS) -lc $^
- 
- # Compilation of the static library
- $(STATIC): $(OBJS:.o=.so)
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch
deleted file mode 100644
index 6a757dae76..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-Index: wireless_tools.30/Makefile
-===================================================================
---- wireless_tools.30.orig/Makefile	2014-02-01 00:21:04.148463382 -0800
-+++ wireless_tools.30/Makefile	2014-02-01 00:23:35.448072279 -0800
-@@ -76,7 +76,7 @@
- INSTALL_DIR= $(PREFIX)/sbin
- INSTALL_LIB= $(PREFIX)/lib
- INSTALL_INC= $(PREFIX)/include
--INSTALL_MAN= $(PREFIX)/man
-+INSTALL_MAN= $(PREFIX)/share/man
- 
- # Various commands
- RM = rm -f
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch
deleted file mode 100644
index 3a22c3f1e7..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache 
-(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call 
-touch */libstdc++.so && /sbin/ldconfig to fix it.
-
-So remove ldconfig call from make install-libs
-
-Upstream-Status: Inappropriate [disable feature]
-
-diff -uNr wireless_tools.29.orig/Makefile wireless_tools.29/Makefile
---- wireless_tools.29.orig/Makefile	2007-09-18 01:56:46.000000000 +0200
-+++ wireless_tools.29/Makefile	2012-02-15 20:46:41.780763514 +0100
-@@ -163,7 +163,6 @@
- 	install -m 755 $(DYNAMIC) $(INSTALL_LIB)
- 	ln -sfn $(DYNAMIC) $(INSTALL_LIB)/$(DYNAMIC_LINK)
- 	@echo "*** Don't forget to add $(INSTALL_LIB) to /etc/ld.so.conf, and run ldconfig as root. ***"
--	@$(LDCONFIG) || echo "*** Could not run ldconfig ! ***"
- 
- # Install the static library
- install-static:: $(STATIC)
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/wireless-tools.if-pre-up b/meta/recipes-connectivity/wireless-tools/wireless-tools/wireless-tools.if-pre-up
deleted file mode 100755
index 2518a5c834..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/wireless-tools.if-pre-up
+++ /dev/null
@@ -1,122 +0,0 @@
-#!/bin/sh
-
-case "$METHOD" in loopback) exit 0 ;; esac
-
-IWCONFIG=/sbin/iwconfig
-IWPRIV=/sbin/iwpriv
-
-if [ ! -x $IWCONFIG ]; then
-  exit 0
-fi
-
-# Detect and do nothing for linux-wlan-ng interfaces;
-# which are configured by thier own if-pre-up script.
-if [ -n "$IF_WIRELESS_TYPE" -a "$IF_WIRELESS_TYPE" = "wlan-ng" ]; then
-  exit 0
-fi
-
-if [ -n "$IF_NEEDS_RESET" ]; then
-  $IWPRIV "$IFACE" reset 1
-  sleep 1
-fi
-
-if [ -n "$IF_NEEDS_FIRMWARE" ]; then
-  $IF_NEEDS_FIRMWARE "$IFACE"
-fi
-
-if [ -n "$IF_WIRELESS_SENS" ]; then
-  $IWCONFIG "$IFACE" sens $IF_WIRELESS_SENS
-fi
-
-if [ -n "$IF_WIRELESS_RATE" ]; then
-  $IWCONFIG "$IFACE" rate $IF_WIRELESS_RATE
-fi
-
-if [ -n "$IF_WIRELESS_RTS" ]; then
-  $IWCONFIG "$IFACE" rts $IF_WIRELESS_RTS
-fi
-
-if [ -n "$IF_WIRELESS_FRAG" ]; then
-  $IWCONFIG "$IFACE" frag $IF_WIRELESS_FRAG
-fi
-
-if [ -n "$IF_WIRELESS_POWER" ]; then
-  $IWCONFIG "$IFACE" power $IF_WIRELESS_POWER
-fi
-
-if [ -n "$IF_WIRELESS_POWERPERIOD" ]; then
-  $IWCONFIG "$IFACE" power period $IF_WIRELESS_POWERPERIOD
-fi
-
-if [ -n "$IF_WIRELESS_POWERTIMEOUT" ]; then
-  $IWCONFIG "$IFACE" power timeout $IF_WIRELESS_POWERTIMEOUT
-fi
-
-if [ -n "$IF_WIRELESS_TXPOWER" ]; then
-  $IWCONFIG "$IFACE" txpower $IF_WIRELESS_TXPOWER
-fi
-
-if [ -n "$IF_WIRELESS_RETRY" ]; then
-  $IWCONFIG "$IFACE" retry $IF_WIRELESS_RETRY
-fi
-
-if [ -n "$IF_WIRELESS_NICK" ]; then
-  $IWCONFIG "$IFACE" nick "$IF_WIRELESS_NICK"
-fi
-
-if [ -n "$IF_WIRELESS_NWID" ]; then
-  $IWCONFIG "$IFACE" nwid "$IF_WIRELESS_NWID"
-fi
-
-if [ -n "$IF_WIRELESS_ENC" ]; then
-  eval $IWCONFIG "$IFACE" enc $IF_WIRELESS_ENC
-fi
-
-if [ -n "$IF_WIRELESS_KEY" ]; then
-  eval $IWCONFIG "$IFACE" key $IF_WIRELESS_KEY
-fi
-
-if [ -n "$IF_WIRELESS_KEY1" ]; then
-  $IWCONFIG "$IFACE" key [1] "$IF_WIRELESS_KEY1"
-fi
-
-if [ -n "$IF_WIRELESS_KEY2" ]; then
-  $IWCONFIG "$IFACE" key [2] "$IF_WIRELESS_KEY2"
-fi
-
-if [ -n "$IF_WIRELESS_KEY3" ]; then
-  $IWCONFIG "$IFACE" key [3] "$IF_WIRELESS_KEY3"
-fi
-
-if [ -n "$IF_WIRELESS_KEY4" ]; then
-  $IWCONFIG "$IFACE" key [4] "$IF_WIRELESS_KEY4"
-fi
-
-if [ -n "$IF_WIRELESS_DEFAULTKEY" ]; then
-  $IWCONFIG "$IFACE" key ["$IF_WIRELESS_DEFAULTKEY"]
-fi
-
-if [ -n "$IF_WIRELESS_KEYMODE" ]; then
-  $IWCONFIG "$IFACE" key "$IF_WIRELESS_KEYMODE"
-fi
-
-if [ -n "$IF_WIRELESS_MODE" ]; then
-  $IWCONFIG "$IFACE" mode $IF_WIRELESS_MODE
-fi
-
-if [ -n "$IF_WIRELESS_FREQ" ]; then
-  $IWCONFIG "$IFACE" freq $IF_WIRELESS_FREQ
-fi
-
-if [ -n "$IF_WIRELESS_CHANNEL" ]; then
-  $IWCONFIG "$IFACE" channel $IF_WIRELESS_CHANNEL
-fi
-
-if [ -n "$IF_WIRELESS_ESSID" ]; then
-  $IWCONFIG "$IFACE" essid "$IF_WIRELESS_ESSID"
-fi
-
-if [ -n "$IF_WIRELESS_COMMIT" ]; then
-  $IWCONFIG "$IFACE" commit
-fi
-
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/zzz-wireless.if-pre-up b/meta/recipes-connectivity/wireless-tools/wireless-tools/zzz-wireless.if-pre-up
deleted file mode 100644
index 4c8e95bf2a..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/zzz-wireless.if-pre-up
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# /etc/network/if-pre-up.d/zzz-wireless
-# by Stefan Tomanek (stefan@pico.ruhr.de)
-
-
-IWCONFIG=/sbin/iwconfig
-IFCONFIG=/sbin/ifconfig
-GREP=/bin/grep
-LOGGER=/usr/bin/logger
-SLEEP=/bin/sleep
-
-# How long do we wait for association?
-RETRIES=15
-SLEEPTIME=1
-
-# Only sleep if we use DHCP (add others methods seperated by spaces)
-ONLY_FOR="static dhcp"
-
-if [ -z "$IF_WIRELESS_TYPE" ] && echo "$ONLY_FOR" | grep -q "$METHOD" ; then
-	$IFCONFIG $IFACE up
-	$LOGGER Checking for WLAN association...
-	while ( [ $RETRIES -gt 0 ] && ($IWCONFIG "$IFACE" | $GREP -q "Access Point: Not-Associated") ); do
-		$LOGGER No association yet, $RETRIES retries until timeout
-		RETRIES=$(($RETRIES-1))
-		$SLEEP $SLEEPTIME
-	done
-	
-	if [ $RETRIES -eq 0 ]; then
-		$LOGGER Timeout waiting for association, continuing anyway...
-	else
-		$LOGGER Found association!
-	fi
-fi
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb b/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb
deleted file mode 100644
index 26ecdf3b40..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb
+++ /dev/null
@@ -1,56 +0,0 @@
-SUMMARY = "Tools for the Linux Standard Wireless Extension Subsystem"
-HOMEPAGE = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html"
-LICENSE = "GPLv2 & (LGPLv2.1 | MPL-1.1 | BSD)"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-			file://iwconfig.c;beginline=1;endline=12;md5=cf710eb1795c376eb10ea4ff04649caf \
-			file://iwevent.c;beginline=59;endline=72;md5=d66a10026d4394f0a5b1c5587bce4537 \
-			file://sample_enc.c;beginline=1;endline=4;md5=838372be07874260b566bae2f6ed33b6"
-SECTION = "base"
-PE = "1"
-
-SRC_URI = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/wireless_tools.${PV}.tar.gz \
-           file://wireless-tools.if-pre-up \
-           file://zzz-wireless.if-pre-up \
-           file://remove.ldconfig.call.patch \
-           file://man.patch \
-           file://avoid_strip.patch \
-           file://ldflags.patch \
-          "
-SRC_URI[md5sum] = "ca91ba7c7eff9bfff6926b1a34a4697d"
-SRC_URI[sha256sum] = "abd9c5c98abf1fdd11892ac2f8a56737544fe101e1be27c6241a564948f34c63"
-
-S = "${WORKDIR}/wireless_tools.30"
-
-CFLAGS =+ "-I${S}"
-EXTRA_OEMAKE = "-e 'BUILD_SHARED=y' \
-		'INSTALL_DIR=${D}${base_sbindir}' \
-		'INSTALL_LIB=${D}${libdir}' \
-		'INSTALL_INC=${D}${includedir}' \
-		'INSTALL_MAN=${D}${mandir}'"
-
-do_compile() {
-	oe_runmake all libiw.a
-}
-
-do_install() {
-	oe_runmake PREFIX=${D} install-iwmulticall install-dynamic install-man install-hdr
-	install -d ${D}${sbindir}
-	install -m 0755 ifrename ${D}${sbindir}/ifrename
-	# Disabled by RP - 20/8/08 - We don't seem to need/use these
-	#install -d ${D}${sysconfdir}/network/if-pre-up.d
-	#install ${WORKDIR}/wireless-tools.if-pre-up ${D}${sysconfdir}/network/if-pre-up.d/wireless-tools
-	#install ${WORKDIR}/zzz-wireless.if-pre-up ${D}${sysconfdir}/network/if-pre-up.d/zzz-wireless
-}
-
-PACKAGES = "libiw-dbg ifrename-dbg ${PN}-dbg \
-libiw libiw-dev libiw-doc ifrename-doc ifrename ${PN} ${PN}-doc"
-
-FILES_libiw-dbg = "${libdir}/.debug/*.so.*"
-FILES_ifrename-dbg = "${sbindir}/.debug/ifrename"
-FILES_libiw = "${libdir}/*.so.*"
-FILES_libiw-dev = "${libdir}/*.a ${libdir}/*.so ${includedir}"
-FILES_libiw-doc = "${mandir}/man7"
-FILES_ifrename = "${sbindir}/ifrename"
-FILES_ifrename-doc = "${mandir}/man8/ifrename.8 ${mandir}/man5/iftab.5"
-FILES_${PN} = "${bindir} ${sbindir}/iw* ${base_sbindir} ${base_bindir} ${sysconfdir}/network"
-FILES_${PN}-doc = "${mandir}"
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
new file mode 100644
index 0000000000..7b0713cf6d
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
@@ -0,0 +1,82 @@
+hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication
+of disconnection in certain situations because source address validation is
+mishandled. This is a denial of service that should have been prevented by PMF
+(aka management frame protection). The attacker must send a crafted 802.11 frame
+from a location that is within the 802.11 communications range.
+
+CVE: CVE-2019-16275
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c    | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
+ 			   "hostapd_notif_assoc: Skip event with no address");
+ 		return -1;
+ 	}
++
++	if (is_multicast_ether_addr(addr) ||
++	    is_zero_ether_addr(addr) ||
++	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++			   " in received indication - ignore this indication silently",
++			   __func__, MAC2STR(addr));
++		return 0;
++	}
++
+ 	random_add_randomness(addr, ETH_ALEN);
+ 
+ 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
+ 	fc = le_to_host16(mgmt->frame_control);
+ 	stype = WLAN_FC_GET_STYPE(fc);
+ 
++	if (is_multicast_ether_addr(mgmt->sa) ||
++	    is_zero_ether_addr(mgmt->sa) ||
++	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++			   " in received frame - ignore this frame silently",
++			   MAC2STR(mgmt->sa));
++		return 0;
++	}
++
+ 	if (stype == WLAN_FC_STYPE_BEACON) {
+ 		handle_beacon(hapd, mgmt, len, fi);
+ 		return 1;
+-- 
+2.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
deleted file mode 100644
index 882674fe5b..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
-
-From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Wed, 29 Apr 2015 02:21:53 +0300
-Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
-
-The length of the WMM Action frame was not properly validated and the
-length of the information elements (int left) could end up being
-negative. This would result in reading significantly past the stack
-buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
-so, resulting in segmentation fault.
-
-This can result in an invalid frame being used for a denial of service
-attack (hostapd process killed) against an AP with a driver that uses
-hostapd for management frame processing (e.g., all mac80211-based
-drivers).
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wmm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/ap/wmm.c b/src/ap/wmm.c
-index 6d4177c..314e244 100644
---- a/src/ap/wmm.c
-+++ b/src/ap/wmm.c
-@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd,
- 		return;
- 	}
- 
-+	if (left < 0)
-+		return; /* not a valid WMM Action frame */
-+
- 	/* extract the tspec info element */
- 	if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
- 		hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
deleted file mode 100644
index a2bafc8c46..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
-
-From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 1 May 2015 16:37:45 +0300
-Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result in a buffer read
-overflow when processing an invalid message.
-
-Fix this by verifying that the payload is of expected length before
-processing it. In addition, enforce correct state transition sequence to
-make sure there is no unexpected behavior if receiving a Commit/Confirm
-message before the previous exchanges have been completed.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 29 +++++++++++++++++++++++++++++
- 1 file changed, 29 insertions(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index f2b0926..a629437 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
- 	BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
- 	u16 offset;
- 	u8 *ptr, *scalar = NULL, *element = NULL;
-+	size_t prime_len, order_len;
-+
-+	if (data->state != PWD_Commit_Req) {
-+		ret->ignore = TRUE;
-+		goto fin;
-+	}
-+
-+	prime_len = BN_num_bytes(data->grp->prime);
-+	order_len = BN_num_bytes(data->grp->order);
-+
-+	if (payload_len != 2 * prime_len + order_len) {
-+		wpa_printf(MSG_INFO,
-+			   "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
-+			   (unsigned int) payload_len,
-+			   (unsigned int) (2 * prime_len + order_len));
-+		goto fin;
-+	}
- 
- 	if (((data->private_value = BN_new()) == NULL) ||
- 	    ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
-@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
- 	u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
- 	int offset;
- 
-+	if (data->state != PWD_Confirm_Req) {
-+		ret->ignore = TRUE;
-+		goto fin;
-+	}
-+
-+	if (payload_len != SHA256_MAC_LEN) {
-+		wpa_printf(MSG_INFO,
-+			   "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
-+			   (unsigned int) payload_len, SHA256_MAC_LEN);
-+		goto fin;
-+	}
-+
- 	/*
- 	 * first build up the ciphersuite which is group | random_function |
- 	 *	prf
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
deleted file mode 100644
index e108a931c0..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 7 Apr 2015 11:32:11 +0300
-Subject: [PATCH] P2P: Validate SSID element length before copying it
- (CVE-2015-1863)
-
-This fixes a possible memcpy overflow for P2P dev->oper_ssid in
-p2p_add_device(). The length provided by the peer device (0..255 bytes)
-was used without proper bounds checking and that could have resulted in
-arbitrary data of up to 223 bytes being written beyond the end of the
-dev->oper_ssid[] array (of which about 150 bytes would be beyond the
-heap allocation) when processing a corrupted management frame for P2P
-peer discovery purposes.
-
-This could result in corrupted state in heap, unexpected program
-behavior due to corrupted P2P peer device information, denial of service
-due to process crash, exposure of memory contents during GO Negotiation,
-and potentially arbitrary code execution.
-
-Thanks to Google security team for reporting this issue and smart
-hardware research group of Alibaba security team for discovering it.
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-
-Upstream-Status: Backport
-
-Signed-off-by: Yue Tao <yue.tao@windriver.com>
-
----
- src/p2p/p2p.c |    1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
-index f584fae..a45fe73 100644
---- a/src/p2p/p2p.c
-+++ b/src/p2p/p2p.c
-@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq,
- 	if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
- 		os_memcpy(dev->interface_addr, addr, ETH_ALEN);
- 	if (msg.ssid &&
-+	    msg.ssid[1] <= sizeof(dev->oper_ssid) &&
- 	    (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
- 	     os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
- 	     != 0)) {
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
deleted file mode 100644
index 2568ea1124..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
-
-From 5acd23f4581da58683f3cf5e36cb71bbe4070bd7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Tue, 28 Apr 2015 17:08:33 +0300
-Subject: [PATCH] WPS: Fix HTTP chunked transfer encoding parser
-
-strtoul() return value may end up overflowing the int h->chunk_size and
-resulting in a negative value to be stored as the chunk_size. This could
-result in the following memcpy operation using a very large length
-argument which would result in a buffer overflow and segmentation fault.
-
-This could have been used to cause a denial service by any device that
-has been authorized for network access (either wireless or wired). This
-would affect both the WPS UPnP functionality in a WPS AP (hostapd with
-upnp_iface parameter set in the configuration) and WPS ER
-(wpa_supplicant with WPS_ER_START control interface command used).
-
-Validate the parsed chunk length value to avoid this. In addition to
-rejecting negative values, we can also reject chunk size that would be
-larger than the maximum configured body length.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/wps/httpread.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/wps/httpread.c b/src/wps/httpread.c
-index 2f08f37..d2855e3 100644
---- a/src/wps/httpread.c
-+++ b/src/wps/httpread.c
-@@ -533,6 +533,13 @@ static void httpread_read_handler(int sd, void *eloop_ctx, void *sock_ctx)
- 					if (!isxdigit(*cbp))
- 						goto bad;
- 					h->chunk_size = strtoul(cbp, NULL, 16);
-+					if (h->chunk_size < 0 ||
-+					    h->chunk_size > h->max_bytes) {
-+						wpa_printf(MSG_DEBUG,
-+							   "httpread: Invalid chunk size %d",
-+							   h->chunk_size);
-+						goto bad;
-+					}
- 					/* throw away chunk header
- 					 * so we have only real data
- 					 */
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
new file mode 100644
index 0000000000..53ad5d028a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
@@ -0,0 +1,151 @@
+From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Wed, 3 Jun 2020 23:17:35 +0300
+Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
+ other networks
+
+The UPnP Device Architecture 2.0 specification errata ("UDA errata
+16-04-2020.docx") addresses a problem with notifications being allowed
+to go out to other domains by disallowing such cases. Do such filtering
+for the notification callback URLs to avoid undesired connections to
+external networks based on subscriptions that any device in the local
+network could request when WPS support for external registrars is
+enabled (the upnp_iface parameter in hostapd configuration).
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #1
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_er.c     |  2 +-
+ src/wps/wps_upnp.c   | 38 ++++++++++++++++++++++++++++++++++++--
+ src/wps/wps_upnp_i.h |  3 ++-
+ 3 files changed, 39 insertions(+), 4 deletions(-)
+
+Index: wpa_supplicant-2.9/src/wps/wps_er.c
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_er.c
++++ wpa_supplicant-2.9/src/wps/wps_er.c
+@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con
+			   "with %s", filter);
+	}
+	if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text,
+-			   er->mac_addr)) {
++			   NULL, er->mac_addr)) {
+		wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+			   "for %s. Does it have IP address?", er->ifname);
+		wps_er_deinit(er, NULL, NULL);
+Index: wpa_supplicant-2.9/src/wps/wps_upnp.c
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c
++++ wpa_supplicant-2.9/src/wps/wps_upnp.c
+@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct
+ }
+
+
++static int local_network_addr(struct upnp_wps_device_sm *sm,
++			      struct sockaddr_in *addr)
++{
++	return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
++		(sm->ip_addr & sm->netmask.s_addr);
++}
++
++
+ /* subscr_addr_add_url -- add address(es) for one url to subscription */
+ static void subscr_addr_add_url(struct subscription *s, const char *url,
+				size_t url_len)
+@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s
+
+	for (rp = result; rp; rp = rp->ai_next) {
+		struct subscr_addr *a;
++		struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
+
+		/* Limit no. of address to avoid denial of service attack */
+		if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
+@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s
+			break;
+		}
+
++		if (!local_network_addr(s->sm, addr)) {
++			wpa_printf(MSG_INFO,
++				   "WPS UPnP: Ignore a delivery URL that points to another network %s",
++				   inet_ntoa(addr->sin_addr));
++			continue;
++		}
++
+		a = os_zalloc(sizeof(*a) + alloc_len);
+		if (a == NULL)
+			break;
+@@ -889,11 +905,12 @@ static int eth_get(const char *device, u
+  * @net_if: Selected network interface name
+  * @ip_addr: Buffer for returning IP address in network byte order
+  * @ip_addr_text: Buffer for returning a pointer to allocated IP address text
++ * @netmask: Buffer for returning netmask or %NULL if not needed
+  * @mac: Buffer for returning MAC address
+  * Returns: 0 on success, -1 on failure
+  */
+ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+-		   u8 mac[ETH_ALEN])
++		   struct in_addr *netmask, u8 mac[ETH_ALEN])
+ {
+	struct ifreq req;
+	int sock = -1;
+@@ -919,6 +936,19 @@ int get_netif_info(const char *net_if, u
+	in_addr.s_addr = *ip_addr;
+	os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
+
++	if (netmask) {
++		os_memset(&req, 0, sizeof(req));
++		os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
++		if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) {
++			wpa_printf(MSG_ERROR,
++				   "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)",
++				   errno, strerror(errno));
++			goto fail;
++		}
++		addr = (struct sockaddr_in *) &req.ifr_netmask;
++		netmask->s_addr = addr->sin_addr.s_addr;
++	}
++
+ #ifdef __linux__
+	os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
+	if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
+@@ -1025,11 +1055,15 @@ static int upnp_wps_device_start(struct
+
+	/* Determine which IP and mac address we're using */
+	if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text,
+-			   sm->mac_addr)) {
++			   &sm->netmask, sm->mac_addr)) {
+		wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+			   "for %s. Does it have IP address?", net_if);
+		goto fail;
+	}
++	wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr "
++		   MACSTR,
++		   sm->ip_addr_text, inet_ntoa(sm->netmask),
++		   MAC2STR(sm->mac_addr));
+
+	/* Listen for incoming TCP connections so that others
+	 * can fetch our "xml files" from us.
+Index: wpa_supplicant-2.9/src/wps/wps_upnp_i.h
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_upnp_i.h
++++ wpa_supplicant-2.9/src/wps/wps_upnp_i.h
+@@ -128,6 +128,7 @@ struct upnp_wps_device_sm {
+	u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */
+	char *ip_addr_text; /* IP address of network i.f. we use */
+	unsigned ip_addr; /* IP address of network i.f. we use (host order) */
++	struct in_addr netmask;
+	int multicast_sd; /* send multicast messages over this socket */
+	int ssdp_sd; /* receive discovery UPD packets on socket */
+	int ssdp_sd_registered; /* nonzero if we must unregister */
+@@ -158,7 +159,7 @@ struct subscription * subscription_find(
+					const u8 uuid[UUID_LEN]);
+ void subscr_addr_delete(struct subscr_addr *a);
+ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+-		   u8 mac[ETH_ALEN]);
++		   struct in_addr *netmask, u8 mac[ETH_ALEN]);
+
+ /* wps_upnp_ssdp.c */
+ void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
new file mode 100644
index 0000000000..a476cf040e
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
@@ -0,0 +1,52 @@
+From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
+From: Joshua DeWeese <jdeweese@hennypenny.com>
+Date: Wed, 30 Jan 2019 16:19:47 -0500
+Subject: [PATCH] replace systemd install Alias with WantedBy
+
+According to the systemd documentation "WantedBy=foo.service in a
+service bar.service is mostly equivalent to
+Alias=foo.service.wants/bar.service in the same file." However,
+this is not really the intended purpose of install Aliases.
+
+Upstream-Status: Submitted [hostap@lists.infradead.org]
+
+Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
+---
+ wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in   | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant.service.arg.in         | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+index 03ac507..da69a87 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+index c8a744d..ca3054b 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+index 7788b38..55d2b9c 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant@%i.service
++WantedBy=multi-user.target
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
deleted file mode 100644
index c477c2f93c..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
-
-From e28a58be26184c2a23f80b410e0997ef1bd5d578 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 1 May 2015 16:40:44 +0300
-Subject: [PATCH 2/5] EAP-pwd server: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result in a buffer read
-overflow when processing an invalid message.
-
-Fix this by verifying that the payload is of expected length before
-processing it. In addition, enforce correct state transition sequence to
-make sure there is no unexpected behavior if receiving a Commit/Confirm
-message before the previous exchanges have been completed.
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index 66bd5d2..3189105 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -656,9 +656,21 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
- 	BIGNUM *x = NULL, *y = NULL, *cofactor = NULL;
- 	EC_POINT *K = NULL, *point = NULL;
- 	int res = 0;
-+	size_t prime_len, order_len;
- 
- 	wpa_printf(MSG_DEBUG, "EAP-pwd: Received commit response");
- 
-+	prime_len = BN_num_bytes(data->grp->prime);
-+	order_len = BN_num_bytes(data->grp->order);
-+
-+	if (payload_len != 2 * prime_len + order_len) {
-+		wpa_printf(MSG_INFO,
-+			   "EAP-pwd: Unexpected Commit payload length %u (expected %u)",
-+			   (unsigned int) payload_len,
-+			   (unsigned int) (2 * prime_len + order_len));
-+		goto fin;
-+	}
-+
- 	if (((data->peer_scalar = BN_new()) == NULL) ||
- 	    ((data->k = BN_new()) == NULL) ||
- 	    ((cofactor = BN_new()) == NULL) ||
-@@ -774,6 +786,13 @@ eap_pwd_process_confirm_resp(struct eap_sm *sm, struct eap_pwd_data *data,
- 	u8 conf[SHA256_MAC_LEN], *cruft = NULL, *ptr;
- 	int offset;
- 
-+	if (payload_len != SHA256_MAC_LEN) {
-+		wpa_printf(MSG_INFO,
-+			   "EAP-pwd: Unexpected Confirm payload length %u (expected %u)",
-+			   (unsigned int) payload_len, SHA256_MAC_LEN);
-+		goto fin;
-+	}
-+
- 	/* build up the ciphersuite: group | random_function | prf */
- 	grp = htons(data->group_num);
- 	ptr = (u8 *) &cs;
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
new file mode 100644
index 0000000000..59640859dd
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
@@ -0,0 +1,62 @@
+From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Wed, 3 Jun 2020 22:41:02 +0300
+Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL
+ path
+
+More than about 700 character URL ended up overflowing the wpabuf used
+for building the event notification and this resulted in the wpabuf
+buffer overflow checks terminating the hostapd process. Fix this by
+allocating the buffer to be large enough to contain the full URL path.
+However, since that around 700 character limit has been the practical
+limit for more than ten years, start explicitly enforcing that as the
+limit or the callback URLs since any longer ones had not worked before
+and there is no need to enable them now either.
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #2
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_upnp.c       | 9 +++++++--
+ src/wps/wps_upnp_event.c | 3 ++-
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
+index 7d4b7439940e..ab685d52ecab 100644
+--- a/src/wps/wps_upnp.c
++++ b/src/wps/wps_upnp.c
+@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
+	int rerr;
+	size_t host_len, path_len;
+
+-	/* url MUST begin with http: */
+-	if (url_len < 7 || os_strncasecmp(url, "http://", 7))
++	/* URL MUST begin with HTTP scheme. In addition, limit the length of
++	 * the URL to 700 characters which is around the limit that was
++	 * implicitly enforced for more than 10 years due to a bug in
++	 * generating the event messages. */
++	if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) {
++		wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL");
+		goto fail;
++	}
+	url += 7;
+	url_len -= 7;
+
+diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
+index d7e6edcc6503..08a23612f338 100644
+--- a/src/wps/wps_upnp_event.c
++++ b/src/wps/wps_upnp_event.c
+@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e)
+	struct wpabuf *buf;
+	char *b;
+
+-	buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
++	buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
++			   wpabuf_len(e->data));
+	if (buf == NULL)
+		return NULL;
+	wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
+--
+2.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
deleted file mode 100644
index e46ce436e1..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
-
-From 477c74395acd0123340457ba6f15ab345d42016e Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:23:04 +0300
-Subject: [PATCH 3/5] EAP-pwd peer: Fix Total-Length parsing for fragment
- reassembly
-
-The remaining number of bytes in the message could be smaller than the
-Total-Length field size, so the length needs to be explicitly checked
-prior to reading the field and decrementing the len variable. This could
-have resulted in the remaining length becoming negative and interpreted
-as a huge positive integer.
-
-In addition, check that there is no already started fragment in progress
-before allocating a new buffer for reassembling fragments. This avoid a
-potential memory leak when processing invalid message.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index a629437..1d2079b 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -866,11 +866,23 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- 	 * if it's the first fragment there'll be a length field
- 	 */
- 	if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
-+		if (len < 2) {
-+			wpa_printf(MSG_DEBUG,
-+				   "EAP-pwd: Frame too short to contain Total-Length field");
-+			ret->ignore = TRUE;
-+			return NULL;
-+		}
- 		tot_len = WPA_GET_BE16(pos);
- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose "
- 			   "total length = %d", tot_len);
- 		if (tot_len > 15000)
- 			return NULL;
-+		if (data->inbuf) {
-+			wpa_printf(MSG_DEBUG,
-+				   "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
-+			ret->ignore = TRUE;
-+			return NULL;
-+		}
- 		data->inbuf = wpabuf_alloc(tot_len);
- 		if (data->inbuf == NULL) {
- 			wpa_printf(MSG_INFO, "Out of memory to buffer "
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
new file mode 100644
index 0000000000..8a014ef28a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
@@ -0,0 +1,50 @@
+From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Thu, 4 Jun 2020 21:24:04 +0300
+Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
+ properly
+
+While it is appropriate to try to retransmit the event to another
+callback URL on a failure to initiate the HTTP client connection, there
+is no point in trying the exact same operation multiple times in a row.
+Replve the event_retry() calls with event_addr_failure() for these cases
+to avoid busy loops trying to repeat the same failing operation.
+
+These potential busy loops would go through eloop callbacks, so the
+process is not completely stuck on handling them, but unnecessary CPU
+would be used to process the continues retries that will keep failing
+for the same reason.
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #2
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_upnp_event.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
+index 08a23612f338..c0d9e41d9a38 100644
+--- a/src/wps/wps_upnp_event.c
++++ b/src/wps/wps_upnp_event.c
+@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
+
+	buf = event_build_message(e);
+	if (buf == NULL) {
+-		event_retry(e, 0);
++		event_addr_failure(e);
+		return -1;
+	}
+
+@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
+					 event_http_cb, e);
+	if (e->http_event == NULL) {
+		wpabuf_free(buf);
+-		event_retry(e, 0);
++		event_addr_failure(e);
+		return -1;
+	}
+
+--
+2.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
deleted file mode 100644
index a4c02b4745..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
-
-From 3035cc2894e08319b905bd6561e8bddc8c2db9fa Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:26:06 +0300
-Subject: [PATCH 4/5] EAP-pwd server: Fix Total-Length parsing for fragment
- reassembly
-
-The remaining number of bytes in the message could be smaller than the
-Total-Length field size, so the length needs to be explicitly checked
-prior to reading the field and decrementing the len variable. This could
-have resulted in the remaining length becoming negative and interpreted
-as a huge positive integer.
-
-In addition, check that there is no already started fragment in progress
-before allocating a new buffer for reassembling fragments. This avoid a
-potential memory leak when processing invalid message.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_server/eap_server_pwd.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
-index 3189105..2bfc3c2 100644
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -942,11 +942,21 @@ static void eap_pwd_process(struct eap_sm *sm, void *priv,
- 	 * the first fragment has a total length
- 	 */
- 	if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) {
-+		if (len < 2) {
-+			wpa_printf(MSG_DEBUG,
-+				   "EAP-pwd: Frame too short to contain Total-Length field");
-+			return;
-+		}
- 		tot_len = WPA_GET_BE16(pos);
- 		wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments, total "
- 			   "length = %d", tot_len);
- 		if (tot_len > 15000)
- 			return;
-+		if (data->inbuf) {
-+			wpa_printf(MSG_DEBUG,
-+				   "EAP-pwd: Unexpected new fragment start when previous fragment is still in use");
-+			return;
-+		}
- 		data->inbuf = wpabuf_alloc(tot_len);
- 		if (data->inbuf == NULL) {
- 			wpa_printf(MSG_INFO, "EAP-pwd: Out of memory to "
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
deleted file mode 100644
index 4073600732..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
-
-From 28a069a545b06b99eb55ad53f63f2c99e65a98f6 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sat, 2 May 2015 19:26:28 +0300
-Subject: [PATCH 5/5] EAP-pwd peer: Fix asymmetric fragmentation behavior
-
-The L (Length) and M (More) flags needs to be cleared before deciding
-whether the locally generated response requires fragmentation. This
-fixes an issue where these flags from the server could have been invalid
-for the following message. In some cases, this could have resulted in
-triggering the wpabuf security check that would terminate the process
-due to invalid buffer allocation.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/eap_peer/eap_pwd.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
-index 1d2079b..e58b13a 100644
---- a/src/eap_peer/eap_pwd.c
-+++ b/src/eap_peer/eap_pwd.c
-@@ -968,6 +968,7 @@ eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret,
- 	/*
- 	 * we have output! Do we need to fragment it?
- 	 */
-+	lm_exch = EAP_PWD_GET_EXCHANGE(lm_exch);
- 	len = wpabuf_len(data->outbuf);
- 	if ((len + EAP_PWD_HDR_SIZE) > data->mtu) {
- 		resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu,
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
index 5c9e5d33a7..35a1aa639e 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
@@ -4,6 +4,7 @@
 WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
 WPA_SUP_PNAME="wpa_supplicant"
 WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
+WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant"
 WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
 
 VERBOSITY=0
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index a124cf21d9..7cc03fef7d 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -1,55 +1,52 @@
 SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
-HOMEPAGE = "http://hostap.epitest.fi/wpa_supplicant/"
-BUGTRACKER = "http://hostap.epitest.fi/bugz/"
+HOMEPAGE = "http://w1.fi/wpa_supplicant/"
+BUGTRACKER = "http://w1.fi/security/"
 SECTION = "network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=36b27801447e0662ee0138d17fe93880 \
-                    file://README;beginline=1;endline=56;md5=7f393579f8b109fe91f3b9765d26c7d3 \
-                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=3430fda79f2ba1dd545f0b3c4d6e4d24 "
-DEPENDS = "dbus libnl libgcrypt"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
+                    file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \
+                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b"
+DEPENDS = "dbus libnl"
 RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
 
 PACKAGECONFIG ??= "gnutls"
-PACKAGECONFIG[gnutls] = ",,gnutls"
+PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
 PACKAGECONFIG[openssl] = ",,openssl"
 
-inherit systemd
+inherit pkgconfig systemd
 
-SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service"
+SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service"
 SYSTEMD_AUTO_ENABLE = "disable"
 
-SRC_URI = "http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \
+SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
            file://defconfig \
            file://wpa-supplicant.sh \
            file://wpa_supplicant.conf \
            file://wpa_supplicant.conf-sane \
            file://99_wpa_supplicant \
-           file://0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch \
-           file://0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch \
-           file://0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch \
-           file://0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch \
-           file://0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch \
-           file://0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch \
-           file://0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch \
-           file://0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch \
+           file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
+           file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
+           file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
+           file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
+           file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
           "
-SRC_URI[md5sum] = "f0037dbe03897dcaf2ad2722e659095d"
-SRC_URI[sha256sum] = "058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122"
+SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
+SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"
+
+CVE_PRODUCT = "wpa_supplicant"
 
 S = "${WORKDIR}/wpa_supplicant-${PV}"
 
 PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
 FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
 FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli"
-FILES_${PN} += "${datadir}/dbus-1/system-services/*"
+FILES_${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*"
 CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
 
 do_configure () {
 	${MAKE} -C wpa_supplicant clean
 	install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
-	echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
-	echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
-	
+
 	if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
         	ssl=openssl
 	elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then