214 files changed, 5007 insertions, 16861 deletions

diff --git a/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb b/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
index ac364618e4..1510a0ef4f 100644
--- a/meta/recipes-connectivity/avahi/avahi-ui_0.6.32.bb
+++ b/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
@@ -1,32 +1,18 @@
-LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
-                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
-                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
-                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
-                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
-
 require avahi.inc
 
-inherit distro_features_check
+inherit features_check
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
-SRC_URI += "file://0001-configure.ac-install-GtkBuilder-interface-files-for-.patch"
-SRC_URI[md5sum] = "22b5e705d3eabb31d26f2e1e7b074013"
-SRC_URI[sha256sum] = "d54991185d514a0aba54ebeb408d7575b60f5818a772e28fa0e18b98bc1db454"
-
 DEPENDS += "avahi"
 
 AVAHI_GTK = "gtk3"
 
 S = "${WORKDIR}/avahi-${PV}"
 
-PACKAGES = "${PN} ${PN}-utils ${PN}-dbg ${PN}-dev ${PN}-staticdev ${PN}-doc avahi-discover"
+PACKAGES += "${PN}-utils avahi-discover"
 
 FILES_${PN} = "${libdir}/libavahi-ui*.so.*"
-FILES_${PN}-dev += "${libdir}/libavahi-ui${SOLIBSDEV}"
-FILES_${PN}-staticdev += "${libdir}/libavahi-ui.a"
-
 FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*"
-
 FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \
                         ${datadir}/avahi/interfaces/avahi-discover.ui \
                         ${bindir}/avahi-discover-standalone \
@@ -34,7 +20,13 @@ FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \
 
 do_install_append () {
 	rm ${D}${sysconfdir} -rf
-	rm ${D}${base_libdir} -rf
+	if ${@bb.utils.contains('DISTRO_FEATURES','usrmerge','true','false',d)}; then
+               if [ "${nonarch_base_libdir}" != "${base_libdir}" ];then
+                   rm ${D}${nonarch_base_libdir} -rf
+               fi
+        else
+		rm ${D}${base_libdir} -rf
+        fi
 	rm ${D}${systemd_unitdir} -rf
 	# The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib,
 	# but not ${base_libdir} here. And the /lib may not exist
@@ -52,7 +44,6 @@ do_install_append () {
 	rm ${D}${libdir}/pkgconfig/avahi-g*
 	rm ${D}${sbindir} -rf
 	rm ${D}${datadir}/avahi/a*
-	rm ${D}${datadir}/avahi/s*
 	rm ${D}${datadir}/locale/ -rf
 	rm ${D}${datadir}/dbus* -rf
 	rm ${D}${mandir}/man1/a*
@@ -61,4 +52,3 @@ do_install_append () {
         rm ${D}${libdir}/girepository-1.0/ -rf
         rm ${D}${datadir}/gir-1.0/ -rf
 }
-
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
index 234646d291..94fe6a16b6 100644
--- a/meta/recipes-connectivity/avahi/avahi.inc
+++ b/meta/recipes-connectivity/avahi/avahi.inc
@@ -13,37 +13,32 @@ SECTION = "network"
 # major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and
 # python scripts are under GPLv2+
 LICENSE = "GPLv2+ & LGPLv2.1+"
-
-DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
+                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
+                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
+                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
 
 SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
-          file://00avahi-autoipd \
-          file://99avahi-autoipd \
-          file://initscript.patch \
-          "
+           file://fix-CVE-2017-6519.patch \
+           "
+
 UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
+SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
+SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804"
+
+DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native"
 
-# For gtk related PACKAGECONFIGs: gtk, gtk3 and pygtk
+# For gtk related PACKAGECONFIGs: gtk, gtk3
 AVAHI_GTK ?= ""
 
 PACKAGECONFIG ??= "dbus ${AVAHI_GTK}"
 PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
 PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+"
 PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3"
-PACKAGECONFIG[pygtk] = "--enable-pygtk,--disable-pygtk,"
-
-USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
-USERADD_PARAM_avahi-daemon = "--system --home /var/run/avahi-daemon \
-                              --no-create-home --shell /bin/false \
-                              --user-group avahi"
-
-USERADD_PARAM_avahi-autoipd = "--system --home /var/run/avahi-autoipd \
-                              --no-create-home --shell /bin/false \
-                              --user-group \
-                              -c \"Avahi autoip daemon\" \
-                              avahi-autoipd"
+PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus"
 
-inherit autotools pkgconfig update-rc.d gettext useradd gobject-introspection
+inherit autotools pkgconfig gettext gobject-introspection
 
 EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
              --disable-stack-protector \
@@ -54,7 +49,7 @@ EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
              --disable-qt4 \
              --disable-python \
              --disable-doxygen-doc \
-             --disable-manpages \
+             --enable-manpages \
              ${EXTRA_OECONF_SYSVINIT} \
              ${EXTRA_OECONF_SYSTEMD} \
            "
@@ -63,10 +58,6 @@ EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
 EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
 EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}"
 
-
-LDFLAGS_append_libc-uclibc = " -lintl"
-LDFLAGS_append_uclinux-uclibc = " -lintl"
-
 do_configure_prepend() {
     sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac
 
@@ -78,88 +69,18 @@ do_compile_prepend() {
     export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
 }
 
-PACKAGES =+ "avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib libavahi-ui avahi-autoipd avahi-utils"
-
-# As avahi doesn't put any files into PN, clear the files list to avoid problems
-# if extra libraries appear.
-FILES_${PN} = ""
-FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \
-                       ${sysconfdir}/avahi/avahi-autoipd.action \
-                       ${sysconfdir}/dhcp/*/avahi-autoipd \
-                       ${sysconfdir}/udhcpc.d/00avahi-autoipd \
-                       ${sysconfdir}/udhcpc.d/99avahi-autoipd"
-FILES_libavahi-common = "${libdir}/libavahi-common.so.*"
-FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib"
-FILES_avahi-daemon = "${sbindir}/avahi-daemon \
-                      ${sysconfdir}/avahi/avahi-daemon.conf \
-                      ${sysconfdir}/avahi/hosts \
-                      ${sysconfdir}/avahi/services \
-                      ${sysconfdir}/dbus-1 \
-                      ${sysconfdir}/init.d/avahi-daemon \
-                      ${datadir}/avahi/introspection/*.introspect \
-                      ${datadir}/avahi/avahi-service.dtd \
-                      ${datadir}/avahi/service-types \
-                      ${datadir}/dbus-1/system-services"
-FILES_libavahi-client = "${libdir}/libavahi-client.so.*"
-FILES_libavahi-ui = "${libdir}/libavahi-ui.so.*"
-FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
-                        ${sysconfdir}/avahi/avahi-dnsconfd.action \
-                        ${sysconfdir}/init.d/avahi-dnsconfd"
-FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*"
-FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.*  ${libdir}/girepository-1.0/Avahi*.typelib"
-FILES_avahi-utils = "${bindir}/avahi-*"
-
-RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV}) libavahi-client (= ${EXTENDPKGV})"
-
-# uclibc has no nss
-RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
 RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns"
 
-RRECOMMENDS_avahi-dev = "expat-dev libcap-dev libdaemon-dev dbus-dev glib-2.0-dev update-rc.d-dev"
-RRECOMMENDS_avahi-dev_append_libc-glibc = " gettext-dev"
-
-RRECOMMENDS_avahi-dev[nodeprrecs] = "1"
-
-CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
-
-INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
-INITSCRIPT_NAME_avahi-daemon = "avahi-daemon"
-INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19"
-INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd"
-INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19"
-
 do_install() {
 	autotools_do_install
-
-	# don't install /var/run when populating rootfs. Do it through volatile
-	# /var/run of current version is empty, so just remove it.
-	# if /var/run become non-empty in the future, need to install it via volatile
-	rm -rf ${D}${localstatedir}/run
-	rmdir --ignore-fail-on-non-empty ${D}${localstatedir}
+	rm -rf ${D}/run
 	rm -rf ${D}${datadir}/dbus-1/interfaces
 	test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
 	rm -rf ${D}${libdir}/avahi
-
-	install -d ${D}${sysconfdir}/udhcpc.d
-	install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
-	install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
 }
 
-# At the time the postinst runs, dbus might not be setup so only restart if running 
-# Don't exit early, because update-rc.d needs to run subsequently.
+PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}"
 
-pkg_postinst_avahi-daemon () {
-if [ -z "$D" ]; then
-	killall -q -HUP dbus-daemon || true
-fi
-}
+FILES_libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*"
 
-pkg_postrm_avahi-daemon () {
-	deluser avahi || true
-	delgroup avahi || true
-}
-
-pkg_postrm_avahi-autoipd () {
-	deluser avahi-autoipd || true
-	delgroup avahi-autoipd || true
-}
+RPROVIDES_libavahi-compat-libdnssd = "libdns-sd"
diff --git a/meta/recipes-connectivity/avahi/avahi_0.6.32.bb b/meta/recipes-connectivity/avahi/avahi_0.6.32.bb
deleted file mode 100644
index bfa63044ea..0000000000
--- a/meta/recipes-connectivity/avahi/avahi_0.6.32.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-require avahi.inc
-
-inherit systemd
-
-SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
-SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service"
-SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
-                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
-                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
-                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
-                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
-
-SRC_URI += "file://avahi-fix-resource-unavaiable.patch"
-
-SRC_URI[md5sum] = "22b5e705d3eabb31d26f2e1e7b074013"
-SRC_URI[sha256sum] = "d54991185d514a0aba54ebeb408d7575b60f5818a772e28fa0e18b98bc1db454"
-
-DEPENDS += "intltool-native"
-
-PACKAGES =+ "libavahi-gobject"
diff --git a/meta/recipes-connectivity/avahi/avahi_0.7.bb b/meta/recipes-connectivity/avahi/avahi_0.7.bb
new file mode 100644
index 0000000000..2e04d304c7
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/avahi_0.7.bb
@@ -0,0 +1,81 @@
+require avahi.inc
+
+SRC_URI += "file://00avahi-autoipd \
+           file://99avahi-autoipd \
+           file://initscript.patch \
+           file://0001-Fix-opening-etc-resolv.conf-error.patch \
+           "
+
+inherit update-rc.d systemd useradd
+
+PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils"
+
+# As avahi doesn't put any files into PN, clear the files list to avoid problems
+# if extra libraries appear.
+FILES_${PN} = ""
+FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \
+                       ${sysconfdir}/avahi/avahi-autoipd.action \
+                       ${sysconfdir}/dhcp/*/avahi-autoipd \
+                       ${sysconfdir}/udhcpc.d/00avahi-autoipd \
+                       ${sysconfdir}/udhcpc.d/99avahi-autoipd"
+FILES_libavahi-common = "${libdir}/libavahi-common.so.*"
+FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib"
+FILES_avahi-daemon = "${sbindir}/avahi-daemon \
+                      ${sysconfdir}/avahi/avahi-daemon.conf \
+                      ${sysconfdir}/avahi/hosts \
+                      ${sysconfdir}/avahi/services \
+                      ${sysconfdir}/dbus-1 \
+                      ${sysconfdir}/init.d/avahi-daemon \
+                      ${datadir}/avahi/introspection/*.introspect \
+                      ${datadir}/avahi/avahi-service.dtd \
+                      ${datadir}/avahi/service-types \
+                      ${datadir}/dbus-1/system-services"
+FILES_libavahi-client = "${libdir}/libavahi-client.so.*"
+FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
+                        ${sysconfdir}/avahi/avahi-dnsconfd.action \
+                        ${sysconfdir}/init.d/avahi-dnsconfd"
+FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*"
+FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.*  ${libdir}/girepository-1.0/Avahi*.typelib"
+FILES_avahi-utils = "${bindir}/avahi-*"
+
+RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})"
+RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}"
+
+RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
+
+CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
+
+USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
+USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \
+                              --no-create-home --shell /bin/false \
+                              --user-group avahi"
+
+USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \
+                              --no-create-home --shell /bin/false \
+                              --user-group \
+                              -c \"Avahi autoip daemon\" \
+                              avahi-autoipd"
+
+INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
+INITSCRIPT_NAME_avahi-daemon = "avahi-daemon"
+INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19"
+INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd"
+INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19"
+
+SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
+SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service"
+SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service"
+
+do_install_append() {
+	install -d ${D}${sysconfdir}/udhcpc.d
+	install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
+	install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
+}
+
+# At the time the postinst runs, dbus might not be setup so only restart if running 
+# Don't exit early, because update-rc.d needs to run subsequently.
+pkg_postinst_avahi-daemon () {
+if [ -z "$D" ]; then
+	killall -q -HUP dbus-daemon || true
+fi
+}
diff --git a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
new file mode 100644
index 0000000000..cb8b83fd23
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
@@ -0,0 +1,45 @@
+From 78967814f5c37ed67f4cf64d70c9f76a03ee89bc Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Wed, 20 Jun 2018 13:57:35 +0800
+Subject: [PATCH] Fix opening /etc/resolv.conf error
+
+Fix to start avahi-daemon after systemd-resolved.service. This is because
+/etc/resolv.conf is a link to /etc/resolv-conf.systemd which in turn is
+a symlink to /run/systemd/resolve/resolv.conf. And /run/systemd/resolve/resolv.conf
+is created by systemd-resolved.service by default in current OE's systemd
+based systems.
+
+This fixes errro like below.
+
+  Failed to open /etc/resolv.conf: Invalid argument
+
+In fact, handling of /etc/resolv.conf is quite distro specific. So this patch
+is marked as OE specific.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+When connman installed to image, /etc/resolv.conf is link to
+/etc/resolv-conf.connman. So launch avahi-daemon after connman too.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ avahi-daemon/avahi-daemon.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/avahi-daemon/avahi-daemon.service.in b/avahi-daemon/avahi-daemon.service.in
+index 548c834..63e28e4 100644
+--- a/avahi-daemon/avahi-daemon.service.in
++++ b/avahi-daemon/avahi-daemon.service.in
+@@ -18,6 +18,7 @@
+ [Unit]
+ Description=Avahi mDNS/DNS-SD Stack
+ Requires=avahi-daemon.socket
++After=systemd-resolved.service connman.service
+ 
+ [Service]
+ Type=dbus
+-- 
+2.11.0
+
diff --git a/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch b/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch
deleted file mode 100644
index 8ccef08dfc..0000000000
--- a/meta/recipes-connectivity/avahi/files/0001-configure.ac-install-GtkBuilder-interface-files-for-.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From a59f13fab31a6e25bb03b2c2bc3aea576f857b6c Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date: Sun, 12 Jun 2016 18:32:49 +0300
-Subject: [PATCH] configure.ac: install GtkBuilder interface files for GTK+3
- too
-
-Upstream-Status: Pending
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index aebb716..48bdf63 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -965,7 +965,7 @@ AC_SUBST(avahi_socket)
- #
- # Avahi interfaces dir
- #
--if test "x$HAVE_PYTHON_DBUS" = "xyes" -o "x$HAVE_GTK" = "xyes"; then
-+if test "x$HAVE_PYTHON_DBUS" = "xyes" -o "x$HAVE_GTK" = "xyes" -o "x$HAVE_GTK3" = "xyes"; then
- 	interfacesdir="${datadir}/${PACKAGE}/interfaces/"
- 	AC_SUBST(interfacesdir)
- fi
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch b/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch
deleted file mode 100644
index 5a2fd75f55..0000000000
--- a/meta/recipes-connectivity/avahi/files/avahi-fix-resource-unavaiable.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Upstream-Status: Backport
-
-Backport from:
-https://github.com/experimental-platform/platform-hostname-avahi/pull/9
-
-It sometimes fails to run avahi with error: "Could not receive return value
-from daemon process". It has same root cause with
-https://github.com/lxc/lxc/issues/25.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
-From 5150983102ad5ad43f0dae203cb332c168eb5a71 Mon Sep 17 00:00:00 2001
-From: Hinnerk Haardt <haardt@information-control.de>
-Date: Thu, 17 Dec 2015 11:52:19 +0100
-Subject: [PATCH] Fix `chroot.c: fork() failed: Resource temporarily
- unavailable` as per https://github.com/lxc/lxc/issues/25.
-
----
- avahi-daemon/avahi-daemon.conf | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/avahi-daemon/avahi-daemon.conf b/avahi-daemon/avahi-daemon.conf
-index 95166f8..3d5b7a6 100644
---- a/avahi-daemon/avahi-daemon.conf
-+++ b/avahi-daemon/avahi-daemon.conf
-@@ -65,4 +65,3 @@ rlimit-data=4194304
- rlimit-fsize=0
- rlimit-nofile=768
- rlimit-stack=4194304
--rlimit-nproc=3
diff --git a/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
new file mode 100644
index 0000000000..7461fe193d
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/fix-CVE-2017-6519.patch
@@ -0,0 +1,48 @@
+Upstream-Status: Backport [https://github.com/lathiat/avahi/commit/e111def]
+
+CVE: CVE-2017-6519
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From e111def44a7df4624a4aa3f85fe98054bffb6b4f Mon Sep 17 00:00:00 2001
+From: Trent Lloyd <trent@lloyd.id.au>
+Date: Sat, 22 Dec 2018 09:06:07 +0800
+Subject: [PATCH] Drop legacy unicast queries from address not on local link
+
+When handling legacy unicast queries, ensure that the source IP is
+inside a subnet on the local link, otherwise drop the packet.
+
+Fixes #145
+Fixes #203
+CVE-2017-6519
+CVE-2018-1000845
+---
+ avahi-core/server.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/avahi-core/server.c b/avahi-core/server.c
+index a2cb19a8..a2580e38 100644
+--- a/avahi-core/server.c
++++ b/avahi-core/server.c
+@@ -930,6 +930,7 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+ 
+     if (avahi_dns_packet_is_query(p)) {
+         int legacy_unicast = 0;
++        char t[AVAHI_ADDRESS_STR_MAX];
+ 
+         /* For queries EDNS0 might allow ARCOUNT != 0. We ignore the
+          * AR section completely here, so far. Until the day we add
+@@ -947,6 +948,13 @@ static void dispatch_packet(AvahiServer *s, AvahiDnsPacket *p, const AvahiAddres
+             legacy_unicast = 1;
+         }
+ 
++        if (!is_mdns_mcast_address(dst_address) &&
++            !avahi_interface_address_on_link(i, src_address)) {
++
++            avahi_log_debug("Received non-local unicast query from host %s on interface '%s.%i'.", avahi_address_snprint(t, sizeof(t), src_address), i->hardware->name, i->protocol);
++            return;
++        }
++
+         if (legacy_unicast)
+             reflect_legacy_unicast_query_packet(s, p, i, src_address, port);
+ 
diff --git a/meta/recipes-connectivity/avahi/files/initscript.patch b/meta/recipes-connectivity/avahi/files/initscript.patch
index 193889eb5c..c856c3df04 100644
--- a/meta/recipes-connectivity/avahi/files/initscript.patch
+++ b/meta/recipes-connectivity/avahi/files/initscript.patch
@@ -1,10 +1,10 @@
 Upstream-Status: Pending
 
-diff --git a/initscript/debian/avahi-daemon.in b/initscript/debian/avahi-daemon.in
-index 30a2c2f..b5848a8 100755
---- a/initscript/debian/avahi-daemon.in
-+++ b/initscript/debian/avahi-daemon.in
-@@ -1,2 +1,14 @@
+Index: avahi-0.7/initscript/debian/avahi-daemon.in
+===================================================================
+--- avahi-0.7.orig/initscript/debian/avahi-daemon.in
++++ avahi-0.7/initscript/debian/avahi-daemon.in
+@@ -1,5 +1,17 @@
  #!/bin/sh
 -
 +### BEGIN INIT INFO
@@ -20,11 +20,14 @@ index 30a2c2f..b5848a8 100755
 +#                    automatically
 +### END INIT INFO
 +#
-diff --git a/initscript/debian/avahi-dnsconfd.in b/initscript/debian/avahi-dnsconfd.in
-index ac34804..f95c340 100755
---- a/initscript/debian/avahi-dnsconfd.in
-+++ b/initscript/debian/avahi-dnsconfd.in
-@@ -1,1 +1,14 @@
+ # This file is part of avahi.
+ #
+ # avahi is free software; you can redistribute it and/or modify it
+Index: avahi-0.7/initscript/debian/avahi-dnsconfd.in
+===================================================================
+--- avahi-0.7.orig/initscript/debian/avahi-dnsconfd.in
++++ avahi-0.7/initscript/debian/avahi-dnsconfd.in
+@@ -1,4 +1,17 @@
  #!/bin/sh
 +### BEGIN INIT INFO
 +# Provides:          avahi-dnsconfd
@@ -39,3 +42,6 @@ index ac34804..f95c340 100755
 +#                    automatically
 +### END INIT INFO
 +#
+ 
+ # This file is part of avahi.
+ #
diff --git a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
new file mode 100644
index 0000000000..8db96ec049
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
@@ -0,0 +1,27 @@
+From 31dde3562f287429eea94b77250d184818b49063 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Mon, 15 Oct 2018 16:55:09 +0800
+Subject: [PATCH] avoid start failure with bind user
+
+Upstream-Status: Pending
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ init.d | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/init.d b/init.d
+index b2eec60..6e03936 100644
+--- a/init.d
++++ b/init.d
+@@ -57,6 +57,7 @@ case "$1" in
+ 	modprobe capability >/dev/null 2>&1 || true
+ 	if [ ! -f /etc/bind/rndc.key ]; then
+ 	    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
++	    chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
+ 	    chmod 0640 /etc/bind/rndc.key
+ 	fi
+ 	if [ -f /var/run/named/named.pid ]; then
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch b/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
deleted file mode 100644
index 805cbb3315..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-build-use-pkg-config-to-find-libxml2.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-xml2-config is disabled, so change the configure script to use pkgconfig to find
-libxml2.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Update context for version 9.10.3-P2.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
- configure.in | 23 +++--------------------
- 1 file changed, 3 insertions(+), 20 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 0db826d..75819eb 100644
---- a/configure.in
-+++ b/configure.in
-@@ -2107,26 +2107,9 @@ case "$use_libxml2" in
- 		DST_LIBXML2_INC=""
- 		;;
- 	auto|yes)
--		case X`(xml2-config --version) 2>/dev/null` in
--		X2.[[6789]].*)
--			libxml2_libs=`xml2-config --libs`
--			libxml2_cflags=`xml2-config --cflags`
--			;;
--		*)
--			if test "$use_libxml2" = "yes" ; then
--				AC_MSG_RESULT(no)
--				AC_MSG_ERROR(required libxml2 version not available)
--			else
--				libxml2_libs=
--				libxml2_cflags=
--			fi
--			;;
--		esac
--		;;
--	*)
--		if test -f "$use_libxml2/bin/xml2-config" ; then
--			libxml2_libs=`$use_libxml2/bin/xml2-config --libs`
--			libxml2_cflags=`$use_libxml2/bin/xml2-config --cflags`
-+		if pkg-config --exists libxml-2.0 ; then
-+			libxml2_libs=`pkg-config libxml-2.0 --libs`
-+			libxml2_cflags=`pkg-config libxml-2.0 --cflags`
- 		fi
- 		;;
- esac
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
new file mode 100644
index 0000000000..9d31b98080
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
@@ -0,0 +1,30 @@
+From 2325a92f1896a2a7f586611686801b41fbc91b50 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Mon, 27 Aug 2018 15:00:51 +0800
+Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib'
+
+Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind recipe,
+the `-L$use_openssl/lib' has a hardcoded suffix, removing it is harmless
+and helpful for clean up host build path in isc-config.sh
+
+Upstream-Status: Inappropriate [oe-core specific]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index e85a5c6..2bbfc58 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1631,7 +1631,7 @@ If you don't want OpenSSL, use --without-openssl])
+ 				fi
+ 				;;
+ 			*)
+-				DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
++				DST_OPENSSL_LIBS="-lcrypto"
+ 				;;
+ 			esac
+ 		fi
diff --git a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
deleted file mode 100644
index 1215093716..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Upstream-Status: Pending
-
-Subject: gen.c: extend DIRNAMESIZE from 256 to 512
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- lib/dns/gen.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/dns/gen.c b/lib/dns/gen.c
-index 7a7dafb..51a0435 100644
---- a/lib/dns/gen.c
-+++ b/lib/dns/gen.c
-@@ -148,7 +148,7 @@ static const char copyright[] =
- #define TYPECLASSBUF (TYPECLASSLEN + 1)
- #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
- #define ATTRIBUTESIZE 256
--#define DIRNAMESIZE 256
-+#define DIRNAMESIZE 512
- 
- static struct cc {
- 	struct cc *next;
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
deleted file mode 100644
index 1ed858cd3f..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Wed, 16 Sep 2015 20:23:47 -0700
-Subject: [PATCH] lib/dns/gen.c: fix too long error
-
-The 512 is a little short when build in deep dir, and cause "too long"
-error, use PATH_MAX if defined.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- lib/dns/gen.c |    4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/lib/dns/gen.c b/lib/dns/gen.c
-index 51a0435..3d7214f 100644
---- a/lib/dns/gen.c
-+++ b/lib/dns/gen.c
-@@ -148,7 +148,11 @@ static const char copyright[] =
- #define TYPECLASSBUF (TYPECLASSLEN + 1)
- #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
- #define ATTRIBUTESIZE 256
-+#ifdef PATH_MAX
-+#define DIRNAMESIZE PATH_MAX
-+#else
- #define DIRNAMESIZE 512
-+#endif
- 
- static struct cc {
- 	struct cc *next;
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
new file mode 100644
index 0000000000..75908aa638
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
@@ -0,0 +1,34 @@
+From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Mon, 27 Aug 2018 21:24:20 +0800
+Subject: [PATCH] `named/lwresd -V' and start log hide build options
+
+The build options expose build path directories, so hide them.
+[snip]
+$ named -V
+|built by make with *** (options are hidden)
+[snip]
+
+Upstream-Status: Inappropriate [oe-core specific]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ bin/named/include/named/globals.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
+index ba3457e..7741da7 100644
+--- a/bin/named/include/named/globals.h
++++ b/bin/named/include/named/globals.h
+@@ -68,7 +68,7 @@ EXTERN const char *		ns_g_version		INIT(VERSION);
+ EXTERN const char *		ns_g_product		INIT(PRODUCT);
+ EXTERN const char *		ns_g_description	INIT(DESCRIPTION);
+ EXTERN const char *		ns_g_srcid		INIT(SRCID);
+-EXTERN const char *		ns_g_configargs		INIT(CONFIGARGS);
++EXTERN const char *		ns_g_configargs		INIT("*** (options are hidden)");
+ EXTERN const char *		ns_g_builder		INIT(BUILDER);
+ EXTERN in_port_t		ns_g_port		INIT(0);
+ EXTERN isc_dscp_t		ns_g_dscp		INIT(-1);
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
deleted file mode 100644
index 2149bd180d..0000000000
--- a/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From 70037e040e587329cec82123e12b9f4f7c945f67 Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Thu, 18 Feb 2016 12:11:27 +1100
-Subject: [PATCH] 4318.   [security]      Malformed control messages can
- trigger assertions                         in named and rndc. (CVE-2016-1285)
- [RT #41666]
-
-(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
-
-CVE: CVE-2016-1285
-Upstream-Status: Backport
-[Removed doc/arm/notes.xml changes from upstream patch]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- CHANGES                 |  3 +++
- bin/named/control.c     |  2 +-
- bin/named/controlconf.c |  2 +-
- bin/rndc/rndc.c         |  8 ++++----
- doc/arm/notes.xml       | 11 +++++++++++
- lib/isccc/cc.c          | 14 +++++++-------
- 6 files changed, 27 insertions(+), 13 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index b9bd9ef..2c727d5 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,6 @@
-+4318.	[security]	Malformed control messages can trigger assertions
-+			in named and rndc. (CVE-2016-1285) [RT #41666]
-+
- 	--- 9.10.3-P3 released ---
- 
- 4288.	[bug]		Fixed a regression in resolver.c:possibly_mark()
-diff --git a/bin/named/control.c b/bin/named/control.c
-index 8554335..81340ca 100644
---- a/bin/named/control.c
-+++ b/bin/named/control.c
-@@ -69,7 +69,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
- #endif
- 
- 	data = isccc_alist_lookup(message, "_data");
--	if (data == NULL) {
-+	if (!isccc_alist_alistp(data)) {
- 		/*
- 		 * No data section.
- 		 */
-diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
-index 765afdd..a39ab8b 100644
---- a/bin/named/controlconf.c
-+++ b/bin/named/controlconf.c
-@@ -402,7 +402,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
- 	 * Limit exposure to replay attacks.
- 	 */
- 	_ctrl = isccc_alist_lookup(request, "_ctrl");
--	if (_ctrl == NULL) {
-+	if (!isccc_alist_alistp(_ctrl)) {
- 		log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- 		goto cleanup_request;
- 	}
-diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
-index cb17050..b6e05c8 100644
---- a/bin/rndc/rndc.c
-+++ b/bin/rndc/rndc.c
-@@ -255,8 +255,8 @@ rndc_recvdone(isc_task_t *task, isc_event_t *event) {
- 	   isccc_cc_fromwire(&source, &response, algorithm, &secret));
- 
- 	data = isccc_alist_lookup(response, "_data");
--	if (data == NULL)
--		fatal("no data section in response");
-+	if (!isccc_alist_alistp(data))
-+		fatal("bad or missing data section in response");
- 	result = isccc_cc_lookupstring(data, "err", &errormsg);
- 	if (result == ISC_R_SUCCESS) {
- 		failed = ISC_TRUE;
-@@ -321,8 +321,8 @@ rndc_recvnonce(isc_task_t *task, isc_event_t *event) {
- 	   isccc_cc_fromwire(&source, &response, algorithm, &secret));
- 
- 	_ctrl = isccc_alist_lookup(response, "_ctrl");
--	if (_ctrl == NULL)
--		fatal("_ctrl section missing");
-+	if (!isccc_alist_alistp(_ctrl))
-+		fatal("bad or missing ctrl section in response");
- 	nonce = 0;
- 	if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
- 		nonce = 0;
-diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
-index 47a3b74..2bb961e 100644
---- a/lib/isccc/cc.c
-+++ b/lib/isccc/cc.c
-@@ -403,13 +403,13 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
- 	 * Extract digest.
- 	 */
- 	_auth = isccc_alist_lookup(alist, "_auth");
--	if (_auth == NULL)
-+	if (!isccc_alist_alistp(_auth))
- 		return (ISC_R_FAILURE);
- 	if (algorithm == ISCCC_ALG_HMACMD5)
- 		hmac = isccc_alist_lookup(_auth, "hmd5");
- 	else
- 		hmac = isccc_alist_lookup(_auth, "hsha");
--	if (hmac == NULL)
-+	if (!isccc_sexpr_binaryp(hmac))
- 		return (ISC_R_FAILURE);
- 	/*
- 	 * Compute digest.
-@@ -728,7 +728,7 @@ isccc_cc_createack(isccc_sexpr_t *message, isc_boolean_t ok,
- 	REQUIRE(ackp != NULL && *ackp == NULL);
- 
- 	_ctrl = isccc_alist_lookup(message, "_ctrl");
--	if (_ctrl == NULL ||
-+	if (!isccc_alist_alistp(_ctrl) ||
- 	    isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
- 	    isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
- 		return (ISC_R_FAILURE);
-@@ -773,7 +773,7 @@ isccc_cc_isack(isccc_sexpr_t *message)
- 	isccc_sexpr_t *_ctrl;
- 
- 	_ctrl = isccc_alist_lookup(message, "_ctrl");
--	if (_ctrl == NULL)
-+	if (!isccc_alist_alistp(_ctrl))
- 		return (ISC_FALSE);
- 	if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
- 		return (ISC_TRUE);
-@@ -786,7 +786,7 @@ isccc_cc_isreply(isccc_sexpr_t *message)
- 	isccc_sexpr_t *_ctrl;
- 
- 	_ctrl = isccc_alist_lookup(message, "_ctrl");
--	if (_ctrl == NULL)
-+	if (!isccc_alist_alistp(_ctrl))
- 		return (ISC_FALSE);
- 	if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
- 		return (ISC_TRUE);
-@@ -806,7 +806,7 @@ isccc_cc_createresponse(isccc_sexpr_t *message, isccc_time_t now,
- 
- 	_ctrl = isccc_alist_lookup(message, "_ctrl");
- 	_data = isccc_alist_lookup(message, "_data");
--	if (_ctrl == NULL || _data == NULL ||
-+	if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
- 	    isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
- 	    isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
- 		return (ISC_R_FAILURE);
-@@ -995,7 +995,7 @@ isccc_cc_checkdup(isccc_symtab_t *symtab, isccc_sexpr_t *message,
- 	isccc_sexpr_t *_ctrl;
- 
- 	_ctrl = isccc_alist_lookup(message, "_ctrl");
--	if (_ctrl == NULL ||
-+	if (!isccc_alist_alistp(_ctrl) ||
- 	    isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
- 	    isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
- 		return (ISC_R_FAILURE);
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
deleted file mode 100644
index ae5cc48d9c..0000000000
--- a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From a3d327bf1ceaaeabb20223d8de85166e940b9f12 Mon Sep 17 00:00:00 2001
-From: Mukund Sivaraman <muks@isc.org>
-Date: Mon, 22 Feb 2016 12:22:43 +0530
-Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
- (CVE-2016-1286) (#41753)
-
-(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
-
-CVE: CVE-2016-1286
-Upstream-Status: Backport
-
-[Removed doc/arm/notes.xml changes from upstream patch.]
-
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
-diff -ruN a/CHANGES b/CHANGES
---- a/CHANGES	2016-04-13 07:28:44.940873629 +0200
-+++ b/CHANGES	2016-04-13 07:38:38.923167851 +0200
-@@ -1,3 +1,7 @@
-+4319.  [security]      Fix resolver assertion failure due to improper
-+                       DNAME handling when parsing fetch reply messages.
-+                       (CVE-2016-1286) [RT #41753]
-+
- 4318.	[security]	Malformed control messages can trigger assertions
- 			in named and rndc. (CVE-2016-1285) [RT #41666]
- 
-diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
---- a/lib/dns/resolver.c	2016-04-13 07:28:43.088953790 +0200
-+++ b/lib/dns/resolver.c	2016-04-13 07:38:20.411968925 +0200
-@@ -6967,21 +6967,26 @@
- 				isc_boolean_t found_dname = ISC_FALSE;
- 				dns_name_t *dname_name;
- 
-+				/*
-+				 * Only pass DNAME or RRSIG(DNAME).
-+				 */
-+				if (rdataset->type != dns_rdatatype_dname &&
-+				    (rdataset->type != dns_rdatatype_rrsig ||
-+				     rdataset->covers != dns_rdatatype_dname))
-+					continue;
-+
-+				/*
-+				 * If we're not chaining, then the DNAME and
-+				 * its signature should not be external.
-+				 */
-+				if (!chaining && external) {
-+					log_formerr(fctx, "external DNAME");
-+					return (DNS_R_FORMERR);
-+				}
-+
- 				found = ISC_FALSE;
- 				aflag = 0;
- 				if (rdataset->type == dns_rdatatype_dname) {
--					/*
--					 * We're looking for something else,
--					 * but we found a DNAME.
--					 *
--					 * If we're not chaining, then the
--					 * DNAME should not be external.
--					 */
--					if (!chaining && external) {
--						log_formerr(fctx,
--							    "external DNAME");
--						return (DNS_R_FORMERR);
--					}
- 					found = ISC_TRUE;
- 					want_chaining = ISC_TRUE;
- 					POST(want_chaining);
-@@ -7010,9 +7015,7 @@
- 							&fctx->domain)) {
- 						return (DNS_R_SERVFAIL);
- 					}
--				} else if (rdataset->type == dns_rdatatype_rrsig
--					   && rdataset->covers ==
--					   dns_rdatatype_dname) {
-+				} else {
- 					/*
- 					 * We've found a signature that
- 					 * covers the DNAME.
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
deleted file mode 100644
index 5f5cb0d340..0000000000
--- a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
+++ /dev/null
@@ -1,317 +0,0 @@
-From 7602be276a73a6eb5431c5acd9718e68a55e8b61 Mon Sep 17 00:00:00 2001
-From: Mark Andrews <marka@isc.org>
-Date: Mon, 29 Feb 2016 07:16:48 +1100
-Subject: [PATCH] Part 2 of: 4319.   [security]      Fix resolver assertion
- failure due to improper                         DNAME handling when parsing
- fetch reply messages.                         (CVE-2016-1286) [RT #41753]
-
-CVE: CVE-2016-1286
-Upstream-Status: Backport
-
-(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
-Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
----
- lib/dns/resolver.c | 192 ++++++++++++++++++++++++++---------------------------
- 1 file changed, 93 insertions(+), 99 deletions(-)
-
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index 70aba87..41e9df4 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -6074,14 +6074,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
- }
- 
- static inline isc_result_t
--dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
--	     dns_name_t *oname, dns_fixedname_t *fixeddname)
-+dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
-+	     unsigned int nlabels, dns_fixedname_t *fixeddname)
- {
- 	isc_result_t result;
- 	dns_rdata_t rdata = DNS_RDATA_INIT;
--	unsigned int nlabels;
--	int order;
--	dns_namereln_t namereln;
- 	dns_rdata_dname_t dname;
- 	dns_fixedname_t prefix;
- 
-@@ -6096,21 +6093,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
- 	if (result != ISC_R_SUCCESS)
- 		return (result);
- 
--	/*
--	 * Get the prefix of qname.
--	 */
--	namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
--	if (namereln != dns_namereln_subdomain) {
--		char qbuf[DNS_NAME_FORMATSIZE];
--		char obuf[DNS_NAME_FORMATSIZE];
--
--		dns_rdata_freestruct(&dname);
--		dns_name_format(qname, qbuf, sizeof(qbuf));
--		dns_name_format(oname, obuf, sizeof(obuf));
--		log_formerr(fctx, "unrelated DNAME in answer: "
--				   "%s is not in %s", qbuf, obuf);
--		return (DNS_R_FORMERR);
--	}
- 	dns_fixedname_init(&prefix);
- 	dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
- 	dns_fixedname_init(fixeddname);
-@@ -6736,13 +6718,13 @@ static isc_result_t
- answer_response(fetchctx_t *fctx) {
- 	isc_result_t result;
- 	dns_message_t *message;
--	dns_name_t *name, *qname, tname, *ns_name;
-+	dns_name_t *name, *dname, *qname, tname, *ns_name;
- 	dns_rdataset_t *rdataset, *ns_rdataset;
- 	isc_boolean_t done, external, chaining, aa, found, want_chaining;
- 	isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
- 	unsigned int aflag;
- 	dns_rdatatype_t type;
--	dns_fixedname_t dname, fqname;
-+	dns_fixedname_t fdname, fqname;
- 	dns_view_t *view;
- 
- 	FCTXTRACE("answer_response");
-@@ -6770,10 +6752,15 @@ answer_response(fetchctx_t *fctx) {
- 	view = fctx->res->view;
- 	result = dns_message_firstname(message, DNS_SECTION_ANSWER);
- 	while (!done && result == ISC_R_SUCCESS) {
-+		dns_namereln_t namereln;
-+		int order;
-+		unsigned int nlabels;
-+
- 		name = NULL;
- 		dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
- 		external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
--		if (dns_name_equal(name, qname)) {
-+		namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
-+		if (namereln == dns_namereln_equal) {
- 			wanted_chaining = ISC_FALSE;
- 			for (rdataset = ISC_LIST_HEAD(name->list);
- 			     rdataset != NULL;
-@@ -6898,10 +6885,11 @@ answer_response(fetchctx_t *fctx) {
- 						 */
- 						INSIST(!external);
- 						if (aflag ==
--						    DNS_RDATASETATTR_ANSWER)
-+						    DNS_RDATASETATTR_ANSWER) {
- 							have_answer = ISC_TRUE;
--						name->attributes |=
--							DNS_NAMEATTR_ANSWER;
-+							name->attributes |=
-+								DNS_NAMEATTR_ANSWER;
-+						}
- 						rdataset->attributes |= aflag;
- 						if (aa)
- 							rdataset->trust =
-@@ -6956,6 +6944,8 @@ answer_response(fetchctx_t *fctx) {
- 			if (wanted_chaining)
- 				chaining = ISC_TRUE;
- 		} else {
-+			dns_rdataset_t *dnameset = NULL;
-+
- 			/*
- 			 * Look for a DNAME (or its SIG).  Anything else is
- 			 * ignored.
-@@ -6963,10 +6953,8 @@ answer_response(fetchctx_t *fctx) {
- 			wanted_chaining = ISC_FALSE;
- 			for (rdataset = ISC_LIST_HEAD(name->list);
- 			     rdataset != NULL;
--			     rdataset = ISC_LIST_NEXT(rdataset, link)) {
--				isc_boolean_t found_dname = ISC_FALSE;
--				dns_name_t *dname_name;
--
-+			     rdataset = ISC_LIST_NEXT(rdataset, link))
-+			{
- 				/*
- 				 * Only pass DNAME or RRSIG(DNAME).
- 				 */
-@@ -6980,20 +6968,41 @@ answer_response(fetchctx_t *fctx) {
- 				 * its signature should not be external.
- 				 */
- 				if (!chaining && external) {
--					log_formerr(fctx, "external DNAME");
-+					char qbuf[DNS_NAME_FORMATSIZE];
-+					char obuf[DNS_NAME_FORMATSIZE];
-+
-+					dns_name_format(name, qbuf,
-+							sizeof(qbuf));
-+					dns_name_format(&fctx->domain, obuf,
-+							sizeof(obuf));
-+					log_formerr(fctx, "external DNAME or "
-+						    "RRSIG covering DNAME "
-+						    "in answer: %s is "
-+						    "not in %s", qbuf, obuf);
-+					return (DNS_R_FORMERR);
-+				}
-+
-+				if (namereln != dns_namereln_subdomain) {
-+					char qbuf[DNS_NAME_FORMATSIZE];
-+					char obuf[DNS_NAME_FORMATSIZE];
-+
-+					dns_name_format(qname, qbuf,
-+							sizeof(qbuf));
-+					dns_name_format(name, obuf,
-+							sizeof(obuf));
-+					log_formerr(fctx, "unrelated DNAME "
-+						    "in answer: %s is "
-+						    "not in %s", qbuf, obuf);
- 					return (DNS_R_FORMERR);
- 				}
- 
--				found = ISC_FALSE;
- 				aflag = 0;
- 				if (rdataset->type == dns_rdatatype_dname) {
--					found = ISC_TRUE;
- 					want_chaining = ISC_TRUE;
- 					POST(want_chaining);
- 					aflag = DNS_RDATASETATTR_ANSWER;
--					result = dname_target(fctx, rdataset,
--							      qname, name,
--							      &dname);
-+					result = dname_target(rdataset, qname,
-+							      nlabels, &fdname);
- 					if (result == ISC_R_NOSPACE) {
- 						/*
- 						 * We can't construct the
-@@ -7005,14 +7014,12 @@ answer_response(fetchctx_t *fctx) {
- 					} else if (result != ISC_R_SUCCESS)
- 						return (result);
- 					else
--						found_dname = ISC_TRUE;
-+						dnameset = rdataset;
- 
--					dname_name = dns_fixedname_name(&dname);
-+					dname = dns_fixedname_name(&fdname);
- 					if (!is_answertarget_allowed(view,
--							qname,
--							rdataset->type,
--							dname_name,
--							&fctx->domain)) {
-+							qname, rdataset->type,
-+							dname, &fctx->domain)) {
- 						return (DNS_R_SERVFAIL);
- 					}
- 				} else {
-@@ -7020,73 +7027,60 @@ answer_response(fetchctx_t *fctx) {
- 					 * We've found a signature that
- 					 * covers the DNAME.
- 					 */
--					found = ISC_TRUE;
- 					aflag = DNS_RDATASETATTR_ANSWERSIG;
- 				}
- 
--				if (found) {
-+				/*
-+				 * We've found an answer to our
-+				 * question.
-+				 */
-+				name->attributes |= DNS_NAMEATTR_CACHE;
-+				rdataset->attributes |= DNS_RDATASETATTR_CACHE;
-+				rdataset->trust = dns_trust_answer;
-+				if (!chaining) {
- 					/*
--					 * We've found an answer to our
--					 * question.
-+					 * This data is "the" answer to
-+					 * our question only if we're
-+					 * not chaining.
- 					 */
--					name->attributes |=
--						DNS_NAMEATTR_CACHE;
--					rdataset->attributes |=
--						DNS_RDATASETATTR_CACHE;
--					rdataset->trust = dns_trust_answer;
--					if (!chaining) {
--						/*
--						 * This data is "the" answer
--						 * to our question only if
--						 * we're not chaining.
--						 */
--						INSIST(!external);
--						if (aflag ==
--						    DNS_RDATASETATTR_ANSWER)
--							have_answer = ISC_TRUE;
-+					INSIST(!external);
-+					if (aflag == DNS_RDATASETATTR_ANSWER) {
-+						have_answer = ISC_TRUE;
- 						name->attributes |=
- 							DNS_NAMEATTR_ANSWER;
--						rdataset->attributes |= aflag;
--						if (aa)
--							rdataset->trust =
--							  dns_trust_authanswer;
--					} else if (external) {
--						rdataset->attributes |=
--						    DNS_RDATASETATTR_EXTERNAL;
--					}
--
--					/*
--					 * DNAME chaining.
--					 */
--					if (found_dname) {
--						/*
--						 * Copy the dname into the
--						 * qname fixed name.
--						 *
--						 * Although we check for
--						 * failure of the copy
--						 * operation, in practice it
--						 * should never fail since
--						 * we already know that the
--						 * result fits in a fixedname.
--						 */
--						dns_fixedname_init(&fqname);
--						result = dns_name_copy(
--						  dns_fixedname_name(&dname),
--						  dns_fixedname_name(&fqname),
--						  NULL);
--						if (result != ISC_R_SUCCESS)
--							return (result);
--						wanted_chaining = ISC_TRUE;
--						name->attributes |=
--							DNS_NAMEATTR_CHAINING;
--						rdataset->attributes |=
--						    DNS_RDATASETATTR_CHAINING;
--						qname = dns_fixedname_name(
--								   &fqname);
- 					}
-+					rdataset->attributes |= aflag;
-+					if (aa)
-+						rdataset->trust =
-+						  dns_trust_authanswer;
-+				} else if (external) {
-+					rdataset->attributes |=
-+					    DNS_RDATASETATTR_EXTERNAL;
- 				}
- 			}
-+
-+			/*
-+			 * DNAME chaining.
-+			 */
-+			if (dnameset != NULL) {
-+				/*
-+				 * Copy the dname into the qname fixed name.
-+				 *
-+				 * Although we check for failure of the copy
-+				 * operation, in practice it should never fail
-+				 * since we already know that the  result fits
-+				 * in a fixedname.
-+				 */
-+				dns_fixedname_init(&fqname);
-+				qname = dns_fixedname_name(&fqname);
-+				result = dns_name_copy(dname, qname, NULL);
-+				if (result != ISC_R_SUCCESS)
-+					return (result);
-+				wanted_chaining = ISC_TRUE;
-+				name->attributes |= DNS_NAMEATTR_CHAINING;
-+				dnameset->attributes |=
-+					    DNS_RDATASETATTR_CHAINING;
-+			}
- 			if (wanted_chaining)
- 				chaining = ISC_TRUE;
- 		}
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch
deleted file mode 100644
index 1b84d46b78..0000000000
--- a/meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch
+++ /dev/null
@@ -1,247 +0,0 @@
-CVE-2016-2088
-
-Backport commit d7ff9a1c41bf0ba9773cb3adb08b48b9fd57c956 from the
-v9_10_3_patch branch.
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2088
-https://kb.isc.org/article/AA-01351
-
-CVE: CVE-2016-2088
-Upstream-Status: Backport
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-
-
-Original commit message from Mark Andrews <marka@isc.org> below:
-
-4322.   [security]      Duplicate EDNS COOKIE options in a response could
-                        trigger an assertion failure. (CVE-2016-2088)
-                        [RT #41809]
-
-(cherry picked from commit 455c0848f80a8acda27aad1466c72987cafaa029)
-(cherry picked from commit 7cd300abd6ee8b8ee8730593daf742ba53f90bc3)
----
- CHANGES            |  4 ++++
- bin/dig/dighost.c  |  9 +++++++++
- bin/named/client.c | 33 +++++++++++++++++++++++----------
- doc/arm/notes.xml  |  7 +++++++
- lib/dns/resolver.c | 14 +++++++++++++-
- 5 files changed, 56 insertions(+), 11 deletions(-)
-
-diff --git a/CHANGES b/CHANGES
-index c5b5d2b..d2e3360 100644
---- a/CHANGES
-+++ b/CHANGES
-@@ -1,3 +1,7 @@
-+4322.  [security]      Duplicate EDNS COOKIE options in a response could
-+                       trigger an assertion failure. (CVE-2016-2088)
-+                       [RT #41809]
-+
- 4319.  [security]      Fix resolver assertion failure due to improper
-                        DNAME handling when parsing fetch reply messages.
-                        (CVE-2016-1286) [RT #41753]
-diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
-index ca82f8e..340904f 100644
---- a/bin/dig/dighost.c
-+++ b/bin/dig/dighost.c
-@@ -3458,6 +3458,7 @@ process_opt(dig_lookup_t *l, dns_message_t *msg) {
- 	isc_buffer_t optbuf;
- 	isc_uint16_t optcode, optlen;
- 	dns_rdataset_t *opt = msg->opt;
-+	isc_boolean_t seen_cookie = ISC_FALSE;
- 
- 	result = dns_rdataset_first(opt);
- 	if (result == ISC_R_SUCCESS) {
-@@ -3470,7 +3471,15 @@ process_opt(dig_lookup_t *l, dns_message_t *msg) {
- 			optlen = isc_buffer_getuint16(&optbuf);
- 			switch (optcode) {
- 			case DNS_OPT_COOKIE:
-+				/*
-+				 * Only process the first cookie option.
-+				 */
-+				if (seen_cookie) {
-+					isc_buffer_forward(&optbuf, optlen);
-+					break;
-+				}
- 				process_sit(l, msg, &optbuf, optlen);
-+				seen_cookie = ISC_TRUE;
- 				break;
- 			default:
- 				isc_buffer_forward(&optbuf, optlen);
-diff --git a/bin/named/client.c b/bin/named/client.c
-index 683305c..0d7331a 100644
---- a/bin/named/client.c
-+++ b/bin/named/client.c
-@@ -120,7 +120,10 @@
-  */
- #endif
- 
--#define SIT_SIZE 24U /* 8 + 4 + 4 + 8 */
-+#define COOKIE_SIZE 24U /* 8 + 4 + 4 + 8 */
-+
-+#define WANTNSID(x) (((x)->attributes & NS_CLIENTATTR_WANTNSID) != 0)
-+#define WANTEXPIRE(x) (((x)->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0)
- 
- /*% nameserver client manager structure */
- struct ns_clientmgr {
-@@ -1395,7 +1398,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
- {
- 	char nsid[BUFSIZ], *nsidp;
- #ifdef ISC_PLATFORM_USESIT
--	unsigned char sit[SIT_SIZE];
-+	unsigned char sit[COOKIE_SIZE];
- #endif
- 	isc_result_t result;
- 	dns_view_t *view;
-@@ -1420,7 +1423,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
- 	flags = client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE;
- 
- 	/* Set EDNS options if applicable */
--	if ((client->attributes & NS_CLIENTATTR_WANTNSID) != 0 &&
-+	if (WANTNSID(client) &&
- 	    (ns_g_server->server_id != NULL ||
- 	     ns_g_server->server_usehostname)) {
- 		if (ns_g_server->server_usehostname) {
-@@ -1453,7 +1456,7 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
- 
- 		INSIST(count < DNS_EDNSOPTIONS);
- 		ednsopts[count].code = DNS_OPT_COOKIE;
--		ednsopts[count].length = SIT_SIZE;
-+		ednsopts[count].length = COOKIE_SIZE;
- 		ednsopts[count].value = sit;
- 		count++;
- 	}
-@@ -1661,19 +1664,26 @@ compute_sit(ns_client_t *client, isc_uint32_t when, isc_uint32_t nonce,
- 
- static void
- process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
--	unsigned char dbuf[SIT_SIZE];
-+	unsigned char dbuf[COOKIE_SIZE];
- 	unsigned char *old;
- 	isc_stdtime_t now;
- 	isc_uint32_t when;
- 	isc_uint32_t nonce;
- 	isc_buffer_t db;
- 
-+	/*
-+	 * If we have already seen a ECS option skip this ECS option.
-+	 */
-+	if ((client->attributes & NS_CLIENTATTR_WANTSIT) != 0) {
-+		isc_buffer_forward(buf, optlen);
-+		return;
-+	}
- 	client->attributes |= NS_CLIENTATTR_WANTSIT;
- 
- 	isc_stats_increment(ns_g_server->nsstats,
- 			    dns_nsstatscounter_sitopt);
- 
--	if (optlen != SIT_SIZE) {
-+	if (optlen != COOKIE_SIZE) {
- 		/*
- 		 * Not our token.
- 		 */
-@@ -1717,14 +1727,13 @@ process_sit(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
- 	isc_buffer_init(&db, dbuf, sizeof(dbuf));
- 	compute_sit(client, when, nonce, &db);
- 
--	if (!isc_safe_memequal(old, dbuf, SIT_SIZE)) {
-+	if (!isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
- 		isc_stats_increment(ns_g_server->nsstats,
- 				    dns_nsstatscounter_sitnomatch);
- 		return;
- 	}
- 	isc_stats_increment(ns_g_server->nsstats,
- 			    dns_nsstatscounter_sitmatch);
--
- 	client->attributes |= NS_CLIENTATTR_HAVESIT;
- }
- #endif
-@@ -1783,7 +1792,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
- 			optlen = isc_buffer_getuint16(&optbuf);
- 			switch (optcode) {
- 			case DNS_OPT_NSID:
--				isc_stats_increment(ns_g_server->nsstats,
-+				if (!WANTNSID(client))
-+					isc_stats_increment(
-+						    ns_g_server->nsstats,
- 						    dns_nsstatscounter_nsidopt);
- 				client->attributes |= NS_CLIENTATTR_WANTNSID;
- 				isc_buffer_forward(&optbuf, optlen);
-@@ -1794,7 +1805,9 @@ process_opt(ns_client_t *client, dns_rdataset_t *opt) {
- 				break;
- #endif
- 			case DNS_OPT_EXPIRE:
--				isc_stats_increment(ns_g_server->nsstats,
-+				if (!WANTEXPIRE(client))
-+					isc_stats_increment(
-+						  ns_g_server->nsstats,
- 						  dns_nsstatscounter_expireopt);
- 				client->attributes |= NS_CLIENTATTR_WANTEXPIRE;
- 				isc_buffer_forward(&optbuf, optlen);
-diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
-index ebf4f55..095eb5b 100644
---- a/doc/arm/notes.xml
-+++ b/doc/arm/notes.xml
-@@ -51,6 +51,13 @@
-     <title>Security Fixes</title>
-     <itemizedlist>
-       <listitem>
-+       <para>
-+         Duplicate EDNS COOKIE options in a response could trigger
-+         an assertion failure. This flaw is disclosed in CVE-2016-2088.
-+         [RT #41809]
-+       </para>
-+      </listitem>
-+      <listitem>
- 	<para>
- 	  Specific APL data could trigger an INSIST.  This flaw
- 	  was discovered by Brian Mitchell and is disclosed in
-diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
-index a797e3f..ba1ae23 100644
---- a/lib/dns/resolver.c
-+++ b/lib/dns/resolver.c
-@@ -7502,7 +7502,9 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) {
- 	unsigned char *sit;
- 	dns_adbaddrinfo_t *addrinfo;
- 	unsigned char cookie[8];
-+	isc_boolean_t seen_cookie = ISC_FALSE;
- #endif
-+	isc_boolean_t seen_nsid = ISC_FALSE;
- 
- 	result = dns_rdataset_first(opt);
- 	if (result == ISC_R_SUCCESS) {
-@@ -7516,14 +7518,23 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) {
- 			INSIST(optlen <= isc_buffer_remaininglength(&optbuf));
- 			switch (optcode) {
- 			case DNS_OPT_NSID:
--				if (query->options & DNS_FETCHOPT_WANTNSID)
-+				if (!seen_nsid &&
-+				    query->options & DNS_FETCHOPT_WANTNSID)
- 					log_nsid(&optbuf, optlen, query,
- 						 ISC_LOG_DEBUG(3),
- 						 query->fctx->res->mctx);
- 				isc_buffer_forward(&optbuf, optlen);
-+				seen_nsid = ISC_TRUE;
- 				break;
- #ifdef ISC_PLATFORM_USESIT
- 			case DNS_OPT_COOKIE:
-+				/*
-+				 * Only process the first cookie option.
-+				 */
-+				if (seen_cookie) {
-+					isc_buffer_forward(&optbuf, optlen);
-+					break;
-+				}
- 				sit = isc_buffer_current(&optbuf);
- 				compute_cc(query, cookie, sizeof(cookie));
- 				INSIST(query->fctx->rmessage->sitbad == 0 &&
-@@ -7541,6 +7552,7 @@ process_opt(resquery_t *query, dns_rdataset_t *opt) {
- 				isc_buffer_forward(&optbuf, optlen);
- 				inc_stats(query->fctx->res,
- 					  dns_resstatscounter_sitin);
-+				seen_cookie = ISC_TRUE;
- 				break;
- #endif
- 			default:
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch b/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
deleted file mode 100644
index 096d5d84fc..0000000000
--- a/meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 9b40619ff6fddfef2758ba797789f8487f412df3 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 16 Feb 2015 00:50:01 -0800
-Subject: [PATCH] confgen: don't build unix.o twice
-
-Fixed:
-unix/os.o: file not recognized: File truncated
-collect2: error: ld returned 1 exit status
-
-This is because os.o was built twice:
-* The implicity rule (depends on unix/os.o)
-* The "make all" in unix subdir (depends on unix/os.o)
-
-Depend on subdirs which is unix only rather than unix/os.o will fix the
-problem.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- bin/confgen/Makefile.in |    4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in
-index 8b3e5aa..4868a24 100644
---- a/bin/confgen/Makefile.in
-+++ b/bin/confgen/Makefile.in
-@@ -74,11 +74,11 @@ rndc-confgen.@O@: rndc-confgen.c
- ddns-confgen.@O@: ddns-confgen.c
- 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
- 
--rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} 
-+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS)
- 	export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
- 	${FINALBUILDCMD}
- 
--ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} 
-+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS} $(SUBDIRS)
- 	export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
- 	${FINALBUILDCMD}
- 
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
index 13df3bb0e9..84559e5f37 100644
--- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ b/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -1,4 +1,4 @@
-From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001
+From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001
 From: Paul Gortmaker <paul.gortmaker@windriver.com>
 Date: Tue, 9 Jun 2015 11:22:00 -0400
 Subject: [PATCH] bind: ensure searching for json headers searches sysroot
@@ -27,15 +27,16 @@ to make use of the combination some day.
 
 Upstream-Status: Inappropriate [OE Specific]
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+
 ---
- configure.in | 2 +-
+ configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/configure.in b/configure.in
-index c9ef3a601343..17a1f613e9ac 100644
---- a/configure.in
-+++ b/configure.in
-@@ -2139,7 +2139,7 @@ case "$use_libjson" in
+diff --git a/configure.ac b/configure.ac
+index 17392fd..e85a5c6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2449,7 +2449,7 @@ case "$use_libjson" in
  		libjson_libs=""
  		;;
  	auto|yes)
@@ -44,6 +45,3 @@ index c9ef3a601343..17a1f613e9ac 100644
  		do
  			if test -f "${d}/include/json/json.h"
  			then
--- 
-2.4.2
-
diff --git a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
deleted file mode 100644
index b02ecb1061..0000000000
--- a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Upstream-Status: Pending
-
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-
-Index: bind-9.9.5/bin/Makefile.in
-===================================================================
---- bind-9.9.5.orig/bin/Makefile.in
-+++ bind-9.9.5/bin/Makefile.in
-@@ -19,7 +19,7 @@ srcdir =	@srcdir@
- VPATH =		@srcdir@
- top_srcdir =	@top_srcdir@
- 
--SUBDIRS =	named rndc dig delv dnssec tools tests nsupdate \
-+SUBDIRS =	named rndc dig delv dnssec tools nsupdate \
- 		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
- TARGETS =
- 
diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
index db201270fa..ef915c0ae5 100644
--- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
@@ -3,5 +3,6 @@
 if [ ! -s /etc/bind/rndc.key ]; then
     echo -n "Generating /etc/bind/rndc.key:"
     /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+    chown root:bind /etc/bind/rndc.key
     chmod 0640 /etc/bind/rndc.key
 fi
diff --git a/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff b/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
deleted file mode 100644
index 2930796b6a..0000000000
--- a/meta/recipes-connectivity/bind/bind/mips1-not-support-opcode.diff
+++ /dev/null
@@ -1,104 +0,0 @@
-bind: port a patch to fix a build failure
-
-mips1 does not support ll and sc instructions, and lead to below error, now
-we port a patch from debian to fix it
-[http://security.debian.org/debian-security/pool/updates/main/b/bind9/bind9_9.8.4.dfsg.P1-6+nmu2+deb7u1.diff.gz]
-
-| {standard input}: Assembler messages:
-| {standard input}:47: Error: Opcode not supported on this processor: mips1 (mips1) `ll $3,0($6)'
-| {standard input}:50: Error: Opcode not supported on this processor: mips1 (mips1) `sc $3,0($6)'
-
-Upstream-Status: Pending
-
-Signed-off-by: Roy Li <rongqing.li@windriver.com>
-
---- bind9-9.8.4.dfsg.P1.orig/lib/isc/mips/include/isc/atomic.h
-+++ bind9-9.8.4.dfsg.P1/lib/isc/mips/include/isc/atomic.h
-@@ -31,18 +31,20 @@
- isc_atomic_xadd(isc_int32_t *p, int val) {
- 	isc_int32_t orig;
- 
--	/* add is a cheat, since MIPS has no mov instruction */
--	__asm__ volatile (
--	    "1:"
--	    "ll $3, %1\n"
--	    "add %0, $0, $3\n"
--	    "add $3, $3, %2\n"
--	    "sc $3, %1\n"
--	    "beq $3, 0, 1b"
--	    : "=&r"(orig)
--	    : "m"(*p), "r"(val)
--	    : "memory", "$3"
--		);
-+	__asm__ __volatile__ (
-+	"	.set	push		\n"
-+	"	.set	mips2		\n"
-+	"	.set	noreorder	\n"
-+	"	.set	noat		\n"
-+	"1:	ll	$1, %1		\n"
-+	"	addu	%0, $1, %2	\n"
-+	"	sc	%0, %1		\n"
-+	"	beqz	%0, 1b		\n"
-+	"	move	%0, $1		\n"
-+	"	.set	pop		\n"
-+	: "=&r" (orig), "+R" (*p)
-+	: "r" (val)
-+	: "memory");
- 
- 	return (orig);
- }
-@@ -52,16 +54,7 @@
-  */
- static inline void
- isc_atomic_store(isc_int32_t *p, isc_int32_t val) {
--	__asm__ volatile (
--	    "1:"
--	    "ll $3, %0\n"
--	    "add $3, $0, %1\n"
--	    "sc $3, %0\n"
--	    "beq $3, 0, 1b"
--	    :
--	    : "m"(*p), "r"(val)
--	    : "memory", "$3"
--		);
-+	*p = val;
- }
- 
- /*
-@@ -72,20 +65,23 @@
- static inline isc_int32_t
- isc_atomic_cmpxchg(isc_int32_t *p, int cmpval, int val) {
- 	isc_int32_t orig;
-+	isc_int32_t tmp;
- 
--	__asm__ volatile(
--	    "1:"
--	    "ll $3, %1\n"
--	    "add %0, $0, $3\n"
--	    "bne $3, %2, 2f\n"
--	    "add $3, $0, %3\n"
--	    "sc $3, %1\n"
--	    "beq $3, 0, 1b\n"
--	    "2:"
--	    : "=&r"(orig)
--	    : "m"(*p), "r"(cmpval), "r"(val)
--	    : "memory", "$3"
--		);
-+	__asm__ __volatile__ (
-+	"	.set	push		\n"
-+	"	.set	mips2		\n"
-+	"	.set	noreorder	\n"
-+	"	.set	noat		\n"
-+	"1:	ll	$1, %1		\n"
-+	"	bne	$1, %3, 2f	\n"
-+	"	move	%2, %4		\n"
-+	"	sc	%2, %1		\n"
-+	"	beqz	%2, 1b		\n"
-+	"2:	move	%0, $1		\n"
-+	"	.set	pop		\n"
-+	: "=&r"(orig), "+R" (*p), "=r" (tmp)
-+	: "r"(cmpval), "r"(val)
-+	: "memory");
- 
- 	return (orig);
- }
diff --git a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb b/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
deleted file mode 100644
index a99f0dd854..0000000000
--- a/meta/recipes-connectivity/bind/bind_9.10.3-P3.bb
+++ /dev/null
@@ -1,109 +0,0 @@
-SUMMARY = "ISC Internet Domain Name Server"
-HOMEPAGE = "http://www.isc.org/sw/bind/"
-SECTION = "console/network"
-
-LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=0a95f52a0ab6c5f52dedc9a45e7abb3f"
-
-DEPENDS = "openssl libcap"
-
-SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
-           file://conf.patch \
-           file://make-etc-initd-bind-stop-work.patch \
-           file://mips1-not-support-opcode.diff \
-           file://dont-test-on-host.patch \
-           file://generate-rndc-key.sh \
-           file://named.service \
-           file://bind9 \
-           file://init.d-add-support-for-read-only-rootfs.patch \
-           file://bind-confgen-build-unix.o-once.patch \
-           file://0001-build-use-pkg-config-to-find-libxml2.patch \
-           file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
-           file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \
-           file://0001-lib-dns-gen.c-fix-too-long-error.patch \
-           file://CVE-2016-1285.patch \
-           file://CVE-2016-1286_1.patch \
-           file://CVE-2016-1286_2.patch \
-           file://CVE-2016-2088.patch \
-           "
-
-SRC_URI[md5sum] = "bcf7e772b616f7259420a3edc5df350a"
-SRC_URI[sha256sum] = "690810d1fbb72afa629e74638d19cd44e28d2b2e5eb63f55c705ad85d1a4cb83"
-
-ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
-EXTRA_OECONF = " ${ENABLE_IPV6} --with-randomdev=/dev/random --disable-threads \
-                 --disable-devpoll --disable-epoll --with-gost=no \
-                 --with-gssapi=no --with-ecdsa=yes \
-                 --sysconfdir=${sysconfdir}/bind \
-                 --with-openssl=${STAGING_LIBDIR}/.. \
-               "
-inherit autotools update-rc.d systemd useradd pkgconfig
-
-# PACKAGECONFIGs readline and libedit should NOT be set at same time
-PACKAGECONFIG ?= "readline"
-PACKAGECONFIG[httpstats] = "--with-libxml2,--without-libxml2,libxml2"
-PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
-PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
-
-USERADD_PACKAGES = "${PN}"
-USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
-                       --user-group bind"
-
-INITSCRIPT_NAME = "bind"
-INITSCRIPT_PARAMS = "defaults"
-
-SYSTEMD_SERVICE_${PN} = "named.service"
-
-PARALLEL_MAKE = ""
-
-RDEPENDS_${PN} = "python3-core"
-RDEPENDS_${PN}-dev = ""
-
-PACKAGE_BEFORE_PN += "${PN}-utils"
-FILES_${PN}-utils = "${bindir}/host ${bindir}/dig"
-FILES_${PN}-dev += "${bindir}/isc-config.h"
-FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
-
-do_install_prepend() {
-	# clean host path in isc-config.sh before the hardlink created
-	# by "make install":
-	#   bind9-config -> isc-config.sh
-	sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh
-}
-
-do_install_append() {
-	rm "${D}${bindir}/nslookup"
-	rm "${D}${mandir}/man1/nslookup.1"
-	rmdir "${D}${localstatedir}/run"
-	rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
-	install -d -o bind "${D}${localstatedir}/cache/bind"
-	install -d "${D}${sysconfdir}/bind"
-	install -d "${D}${sysconfdir}/init.d"
-	install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
-	install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
-	sed -i -e '1s,#!.*python,#! /usr/bin/python3,' ${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds
-
-	# Install systemd related files
-	install -d ${D}${sbindir}
-	install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
-	install -d ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
-	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
-	       -e 's,@SBINDIR@,${sbindir},g' \
-	       ${D}${systemd_unitdir}/system/named.service
-
-	install -d ${D}${sysconfdir}/default
-	install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
-}
-
-CONFFILES_${PN} = " \
-	${sysconfdir}/bind/named.conf \
-	${sysconfdir}/bind/named.conf.local \
-	${sysconfdir}/bind/named.conf.options \
-	${sysconfdir}/bind/db.0 \
-	${sysconfdir}/bind/db.127 \
-	${sysconfdir}/bind/db.empty \
-	${sysconfdir}/bind/db.local \
-	${sysconfdir}/bind/db.root \
-	"
-
diff --git a/meta/recipes-connectivity/bind/bind_9.11.13.bb b/meta/recipes-connectivity/bind/bind_9.11.13.bb
new file mode 100644
index 0000000000..338d6c717a
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind_9.11.13.bb
@@ -0,0 +1,139 @@
+SUMMARY = "ISC Internet Domain Name Server"
+HOMEPAGE = "http://www.isc.org/sw/bind/"
+SECTION = "console/network"
+
+LICENSE = "ISC & BSD"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=8f17f64e47e83b60cd920a1e4b54419e"
+
+DEPENDS = "openssl libcap zlib"
+
+SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
+           file://conf.patch \
+           file://named.service \
+           file://bind9 \
+           file://generate-rndc-key.sh \
+           file://make-etc-initd-bind-stop-work.patch \
+           file://init.d-add-support-for-read-only-rootfs.patch \
+           file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
+           file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
+           file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
+           file://0001-avoid-start-failure-with-bind-user.patch \
+           "
+
+SRC_URI[md5sum] = "17de0d024ab1eac377f1c2854dc25057"
+SRC_URI[sha256sum] = "fd3f3cc9fcfcdaa752db35eb24598afa1fdcc2509d3227fc90a8631b7b400f7d"
+
+UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
+# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
+UPSTREAM_CHECK_REGEX = "(?P<pver>9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/"
+
+# BIND >= 9.11.2 need dhcpd >= 4.4.0,
+# don't report it here since dhcpd is already recent enough.
+CVE_CHECK_WHITELIST += "CVE-2019-6470"
+
+inherit autotools update-rc.d systemd useradd pkgconfig multilib_script
+
+MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh"
+
+# PACKAGECONFIGs readline and libedit should NOT be set at same time
+PACKAGECONFIG ?= "readline"
+PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2"
+PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
+PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
+PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,,"
+PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
+
+ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
+EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \
+                 --disable-devpoll --enable-epoll --with-gost=no \
+                 --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \
+                 --with-lmdb=no \
+                 --sysconfdir=${sysconfdir}/bind \
+                 --with-openssl=${STAGING_DIR_HOST}${prefix} \
+               "
+
+inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)}
+
+# dhcp needs .la so keep them
+REMOVE_LIBTOOL_LA = "0"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
+                       --user-group bind"
+
+INITSCRIPT_NAME = "bind"
+INITSCRIPT_PARAMS = "defaults"
+
+SYSTEMD_SERVICE_${PN} = "named.service"
+
+do_install_prepend() {
+	# clean host path in isc-config.sh before the hardlink created
+	# by "make install":
+	#   bind9-config -> isc-config.sh
+	sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh
+}
+
+do_install_append() {
+
+	rmdir "${D}${localstatedir}/run"
+	rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
+	install -d -o bind "${D}${localstatedir}/cache/bind"
+	install -d "${D}${sysconfdir}/bind"
+	install -d "${D}${sysconfdir}/init.d"
+	install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
+	install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
+        if ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'true', 'false', d)}; then
+		sed -i -e '1s,#!.*python3,#! /usr/bin/python3,' \
+		${D}${sbindir}/dnssec-coverage \
+		${D}${sbindir}/dnssec-checkds \
+		${D}${sbindir}/dnssec-keymgr
+	fi
+
+	# Install systemd related files
+	install -d ${D}${sbindir}
+	install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
+	install -d ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
+	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+	       -e 's,@SBINDIR@,${sbindir},g' \
+	       ${D}${systemd_unitdir}/system/named.service
+
+	install -d ${D}${sysconfdir}/default
+	install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
+
+	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+		install -d ${D}${sysconfdir}/tmpfiles.d
+		echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
+	fi
+}
+
+CONFFILES_${PN} = " \
+	${sysconfdir}/bind/named.conf \
+	${sysconfdir}/bind/named.conf.local \
+	${sysconfdir}/bind/named.conf.options \
+	${sysconfdir}/bind/db.0 \
+	${sysconfdir}/bind/db.127 \
+	${sysconfdir}/bind/db.empty \
+	${sysconfdir}/bind/db.local \
+	${sysconfdir}/bind/db.root \
+	"
+
+ALTERNATIVE_${PN}-utils = "nslookup"
+ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
+ALTERNATIVE_PRIORITY = "100"
+
+PACKAGE_BEFORE_PN += "${PN}-utils"
+FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
+FILES_${PN}-dev += "${bindir}/isc-config.h"
+FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
+
+PACKAGE_BEFORE_PN += "${PN}-libs"
+FILES_${PN}-libs = "${libdir}/*.so*"
+FILES_${PN}-staticdev += "${libdir}/*.la"
+
+PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}"
+FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \
+                ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}"
+
+RDEPENDS_${PN}-dev = ""
+RDEPENDS_python3-bind = "python3-core python3-ply"
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index ecefb7b593..150d909d73 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -6,44 +6,75 @@ LICENSE = "GPLv2+ & LGPLv2.1+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
                     file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
                     file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
-DEPENDS = "udev libusb dbus-glib glib-2.0 libcheck readline"
+DEPENDS = "dbus glib-2.0"
 PROVIDES += "bluez-hcidump"
 RPROVIDES_${PN} += "bluez-hcidump"
 
 RCONFLICTS_${PN} = "bluez4"
 
-PACKAGECONFIG ??= "obex-profiles"
-PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
-PACKAGECONFIG[experimental] = "--enable-experimental,--disable-experimental,"
-
-SRC_URI = "\
-    ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
-    file://out-of-tree.patch \
-    file://init \
-    file://run-ptest \
-    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
-    file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
+PACKAGECONFIG ??= "obex-profiles \
+    readline \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+    a2dp-profiles \
+    avrcp-profiles \
+    network-profiles \
+    hid-profiles \
+    hog-profiles \
+    tools \
+    deprecated \
+    udev \
 "
+PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
+PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline,"
+PACKAGECONFIG[testing] = "--enable-testing,--disable-testing"
+PACKAGECONFIG[midi] = "--enable-midi,--disable-midi,alsa-lib"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd"
+PACKAGECONFIG[cups] = "--enable-cups,--disable-cups,,cups"
+PACKAGECONFIG[nfc] = "--enable-nfc,--disable-nfc"
+PACKAGECONFIG[sap-profiles] = "--enable-sap,--disable-sap"
+PACKAGECONFIG[a2dp-profiles] = "--enable-a2dp,--disable-a2dp"
+PACKAGECONFIG[avrcp-profiles] = "--enable-avrcp,--disable-avrcp"
+PACKAGECONFIG[network-profiles] = "--enable-network,--disable-network"
+PACKAGECONFIG[hid-profiles] = "--enable-hid,--disable-hid"
+PACKAGECONFIG[hog-profiles] = "--enable-hog,--disable-hog"
+PACKAGECONFIG[health-profiles] = "--enable-health,--disable-health"
+PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
+PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
+PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
+PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
+PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
+PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
+PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
+           file://init \
+           file://run-ptest \
+           ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
+           file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
+           file://0001-test-gatt-Fix-hung-issue.patch \
+           "
 S = "${WORKDIR}/bluez-${PV}"
 
-inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest
+CVE_PRODUCT = "bluez"
+
+inherit autotools pkgconfig systemd update-rc.d features_check ptest gobject-introspection-data
 
 EXTRA_OECONF = "\
-  --enable-tools \
-  --disable-cups \
   --enable-test \
   --enable-datafiles \
-  ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--enable-systemd', '--disable-systemd', d)} \
   --enable-library \
+  --without-zsh-completion-dir \
 "
 
 # bluez5 builds a large number of useful utilities but does not
 # install them.  Specify which ones we want put into ${PN}-noinst-tools.
 NOINST_TOOLS_READLINE ??= ""
-NOINST_TOOLS_EXPERIMENTAL ??= ""
+NOINST_TOOLS_TESTING ??= ""
+NOINST_TOOLS_BT ??= ""
 NOINST_TOOLS = " \
-    ${NOINST_TOOLS_READLINE} \
-    ${@bb.utils.contains('PACKAGECONFIG', 'experimental', '${NOINST_TOOLS_EXPERIMENTAL}', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'readline', '${NOINST_TOOLS_READLINE}', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'testing', '${NOINST_TOOLS_TESTING}', '', d)} \
+    ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \
 "
 
 do_install_append() {
@@ -51,43 +82,44 @@ do_install_append() {
 	install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth
 
 	install -d ${D}${sysconfdir}/bluetooth/
-	if [ -f ${S}/profiles/audio/audio.conf ]; then
-	    install -m 0644 ${S}/profiles/audio/audio.conf ${D}/${sysconfdir}/bluetooth/
-	fi
 	if [ -f ${S}/profiles/network/network.conf ]; then
-	    install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
+		install -m 0644 ${S}/profiles/network/network.conf ${D}/${sysconfdir}/bluetooth/
 	fi
 	if [ -f ${S}/profiles/input/input.conf ]; then
-	    install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
+		install -m 0644 ${S}/profiles/input/input.conf ${D}/${sysconfdir}/bluetooth/
 	fi
 
-  if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
-    sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
-  fi
+	if [ -f ${D}/${sysconfdir}/init.d/bluetooth ]; then
+		sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}/${sysconfdir}/init.d/bluetooth
+	fi
 
 	# Install desired tools that upstream leaves in build area
-        for f in ${NOINST_TOOLS} ; do
-	    install -m 755 ${B}/$f ${D}/${bindir}
+	for f in ${NOINST_TOOLS} ; do
+		install -m 755 ${B}/$f ${D}/${bindir}
 	done
 
-        # Patch python tools to use Python 3; they should be source compatible, but
-        # still refer to Python 2 in the shebang
-        sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/*
+	# Patch python tools to use Python 3; they should be source compatible, but
+	# still refer to Python 2 in the shebang
+	sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/bluez/test/*
 }
 
-ALLOW_EMPTY_libasound-module-bluez = "1"
-PACKAGES =+ "libasound-module-bluez ${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
+PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
 
-FILES_libasound-module-bluez = "${libdir}/alsa-lib/lib*.so ${datadir}/alsa"
-FILES_${PN} += "${libdir}/bluetooth/plugins/*.so ${systemd_unitdir}/ ${datadir}/dbus-1"
-FILES_${PN}-dev += "\
-  ${libdir}/bluetooth/plugins/*.la \
-  ${libdir}/alsa-lib/*.la \
+FILES_${PN} += " \
+    ${libdir}/bluetooth/plugins/*.so \
+    ${systemd_unitdir}/ ${datadir}/dbus-1 \
+    ${libdir}/cups \
+"
+FILES_${PN}-dev += " \
+    ${libdir}/bluetooth/plugins/*.la \
 "
 
 FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \
                     ${exec_prefix}/lib/systemd/user/obex.service \
+                    ${systemd_system_unitdir}/obex.service \
+                    ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \
                     ${datadir}/dbus-1/services/org.bluez.obex.service \
+                    ${sysconfdir}/dbus-1/system.d/obexd.conf \
                    "
 SYSTEMD_SERVICE_${PN}-obex = "obex.service"
 
@@ -95,27 +127,28 @@ FILES_${PN}-testtools = "${libdir}/bluez/test/*"
 
 def get_noinst_tools_paths (d, bb, tools):
     s = list()
-    bindir = d.getVar("bindir", True)
+    bindir = d.getVar("bindir")
     for bdp in tools.split():
         f = os.path.basename(bdp)
         s.append("%s/%s" % (bindir, f))
     return "\n".join(s)
 
-FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS', True))}"
+FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}"
 
-RDEPENDS_${PN}-testtools += "python3 python3-dbus python3-pygobject"
+RDEPENDS_${PN}-testtools += "python3-core python3-dbus"
+RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
 
-SYSTEMD_SERVICE_${PN} = "bluetooth.service"
+SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
 INITSCRIPT_PACKAGES = "${PN}"
 INITSCRIPT_NAME_${PN} = "bluetooth"
 
-EXCLUDE_FROM_WORLD = "1"
-
 do_compile_ptest() {
-        oe_runmake buildtests
+	oe_runmake buildtests
 }
 
 do_install_ptest() {
-        cp -r ${B}/unit/ ${D}${PTEST_PATH}
-        rm -f ${D}${PTEST_PATH}/unit/*.o
+	cp -r ${B}/unit/ ${D}${PTEST_PATH}
+	rm -f ${D}${PTEST_PATH}/unit/*.o
 }
+
+RDEPENDS_${PN}-ptest_append_libc-glibc = " glibc-gconv-utf-16"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
index 2fde7bc069..618ed734a9 100644
--- a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
@@ -1,3 +1,4 @@
+From f74eb97c9fb3c0ee2895742e773ac6a3c41c999c Mon Sep 17 00:00:00 2001
 From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org>
 Date: Sat, 12 Oct 2013 17:45:25 +0200
 Subject: [PATCH] Allow using obexd without systemd in the user session
@@ -14,50 +15,42 @@ configuration. See thread:
 http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843
 
 Signed-off-by: Javier Viguera <javier.viguera@digi.com>
+
 ---
- Makefile.obexd                      | 4 ++--
- obexd/src/org.bluez.obex.service    | 4 ----
- obexd/src/org.bluez.obex.service.in | 4 ++++
- 3 files changed, 6 insertions(+), 6 deletions(-)
- delete mode 100644 obexd/src/org.bluez.obex.service
- create mode 100644 obexd/src/org.bluez.obex.service.in
+ Makefile.obexd                                                | 4 ++--
+ .../src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+ rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%)
 
 diff --git a/Makefile.obexd b/Makefile.obexd
-index 2e33cbc72f2b..d5d858c857b4 100644
+index de59d29..73004a3 100644
 --- a/Makefile.obexd
 +++ b/Makefile.obexd
-@@ -2,12 +2,12 @@
+@@ -1,12 +1,12 @@
  if SYSTEMD
- systemduserunitdir = @SYSTEMD_USERUNITDIR@
+ systemduserunitdir = $(SYSTEMD_USERUNITDIR)
  systemduserunit_DATA = obexd/src/obex.service
 +endif
  
- dbussessionbusdir = @DBUS_SESSIONBUSDIR@
+ dbussessionbusdir = $(DBUS_SESSIONBUSDIR)
  dbussessionbus_DATA = obexd/src/org.bluez.obex.service
 -endif
  
 -EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service
 +EXTRA_DIST += obexd/src/obex.service.in obexd/src/org.bluez.obex.service.in
  
- obex_plugindir = $(libdir)/obex/plugins
+ if OBEX
  
-diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service
-deleted file mode 100644
-index a53808884554..000000000000
+diff --git a/obexd/src/org.bluez.obex.service b/obexd/src/org.bluez.obex.service.in
+similarity index 76%
+rename from obexd/src/org.bluez.obex.service
+rename to obexd/src/org.bluez.obex.service.in
+index a538088..9c815f2 100644
 --- a/obexd/src/org.bluez.obex.service
-+++ /dev/null
-@@ -1,4 +0,0 @@
--[D-BUS Service]
--Name=org.bluez.obex
--Exec=/bin/false
--SystemdService=dbus-org.bluez.obex.service
-diff --git a/obexd/src/org.bluez.obex.service.in b/obexd/src/org.bluez.obex.service.in
-new file mode 100644
-index 000000000000..9c815f246b77
---- /dev/null
 +++ b/obexd/src/org.bluez.obex.service.in
-@@ -0,0 +1,4 @@
-+[D-BUS Service]
-+Name=org.bluez.obex
+@@ -1,4 +1,4 @@
+ [D-BUS Service]
+ Name=org.bluez.obex
+-Exec=/bin/false
 +Exec=@libexecdir@/obexd
-+SystemdService=dbus-org.bluez.obex.service
+ SystemdService=dbus-org.bluez.obex.service
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
new file mode 100644
index 0000000000..e90b6a546f
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-test-gatt-Fix-hung-issue.patch
@@ -0,0 +1,43 @@
+From 61e741654cc2eb167bca212a3bb2ba8f3ba280c1 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Fri, 24 Aug 2018 12:04:03 +0800
+Subject: [PATCH] test-gatt: Fix hung issue
+
+The below test hangs infinitely
+$ unit/test-gatt -p  /robustness/unkown-request -d
+/robustness/unkown-request - init
+/robustness/unkown-request - setup
+/robustness/unkown-request - setup complete
+/robustness/unkown-request - run
+  GATT: < 02 17 00                                         ...
+  bt_gatt_server:MTU exchange complete, with MTU: 23
+  GATT: > 03 00 02                                         ...
+  PDU: = 03 00 02                                         ...
+  GATT: < bf 00
+
+Actually, the /robustness/unkown-request test does
+no action.
+
+Upstream-Status: Submitted [https://marc.info/?l=linux-bluetooth&m=153508881804635&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ unit/test-gatt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unit/test-gatt.c b/unit/test-gatt.c
+index c7e28f8..b57373b 100644
+--- a/unit/test-gatt.c
++++ b/unit/test-gatt.c
+@@ -4463,7 +4463,7 @@ int main(int argc, char *argv[])
+ 			test_server, service_db_1, NULL,
+ 			raw_pdu(0x03, 0x00, 0x02),
+ 			raw_pdu(0xbf, 0x00),
+-			raw_pdu(0x01, 0xbf, 0x00, 0x00, 0x06));
++			raw_pdu());
+ 
+ 	define_test_server("/robustness/unkown-command",
+ 			test_server, service_db_1, NULL,
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/bluez5/bluez5/init b/meta/recipes-connectivity/bluez5/bluez5/init
index 489e9b9eba..ca9fa18549 100644
--- a/meta/recipes-connectivity/bluez5/bluez5/init
+++ b/meta/recipes-connectivity/bluez5/bluez5/init
@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# Source function library
+. /etc/init.d/functions
+
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 DESC=bluetooth
 
@@ -21,25 +24,22 @@ set -e
 
 case $1 in
   start)
-	echo "Starting $DESC"
-
+	echo -n "Starting $DESC: "
 	if test "$BLUETOOTH_ENABLED" = 0; then
-		echo "disabled. see /etc/default/bluetooth"
+		echo "disabled (see /etc/default/bluetooth)."
 		exit 0
 	fi
-
 	start-stop-daemon --start --background $SSD_OPTIONS
-	echo "${DAEMON##*/}"
-
+	echo "${DAEMON##*/}."
   ;;
   stop)
-	echo "Stopping $DESC"
+	echo -n "Stopping $DESC: "
 	if test "$BLUETOOTH_ENABLED" = 0; then
-		echo "disabled."
+		echo "disabled (see /etc/default/bluetooth)."
 		exit 0
 	fi
 	start-stop-daemon --stop $SSD_OPTIONS
-	echo "${DAEMON}"
+	echo "${DAEMON##*/}."
   ;;
   restart|force-reload)
 	$0 stop
@@ -47,14 +47,7 @@ case $1 in
 	$0 start
   ;;
   status)
-	 pidof ${DAEMON} >/dev/null
-	 status=$?
-        if [ $status -eq 0 ]; then
-                 echo "bluetooth is running."
-        else
-                echo "bluetooth is not running"
-        fi
-        exit $status
+	status ${DAEMON} || exit $?
    ;;
    *)
 	N=/etc/init.d/bluetooth
diff --git a/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
deleted file mode 100644
index 3ee79d7047..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Fri, 22 Apr 2016 15:40:37 +0100
-Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation
-
-In parallel out-of-tree builds it's possible that obexd/src/builtin.h is
-generated before the target directory has been implicitly created. Solve this by
-creating the directory before writing into it.
-
-Upstream-Status: Submitted
-Signed-off-by: Ross Burton <ross.burton@intel.com>
----
- Makefile.obexd | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Makefile.obexd b/Makefile.obexd
-index 2e33cbc..c8286f0 100644
---- a/Makefile.obexd
-+++ b/Makefile.obexd
-@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h
- obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources)
-+	$(AM_V_at)$(MKDIR_P) $(dir $@)
- 	$(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@
--- 
-2.8.0.rc3
-
diff --git a/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/meta/recipes-connectivity/bluez5/bluez5/run-ptest
index 21df00c327..0335e68e48 100644
--- a/meta/recipes-connectivity/bluez5/bluez5/run-ptest
+++ b/meta/recipes-connectivity/bluez5/bluez5/run-ptest
@@ -6,7 +6,7 @@ failed=0
 all=0
 
 for f in test-*; do
-    "./$f"
+    "./$f" -q
     case "$?" in
         0)
             echo "PASS: $f"
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.41.bb b/meta/recipes-connectivity/bluez5/bluez5_5.52.bb
index 522aab7d57..b86103014b 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.41.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.52.bb
@@ -1,14 +1,12 @@
 require bluez5.inc
 
-REQUIRED_DISTRO_FEATURES = "bluez5"
-
-SRC_URI[md5sum] = "318341b2188698130adb73236ee69244"
-SRC_URI[sha256sum] = "df7dc4462494dad4e60a2943240d584f6e760235dca64f5f10eba46dbab7f5f0"
+SRC_URI[md5sum] = "a33eb9aadf1dd4153420958709d3ce60"
+SRC_URI[sha256sum] = "f7144ce2039202cfac18ccb52426efea11c98e4f6e1bb8041bcb994b8378560a"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
 NOINST_TOOLS_READLINE ?= " \
-    attrib/gatttool \
+    ${@bb.utils.contains('PACKAGECONFIG', 'deprecated', 'attrib/gatttool', '', d)} \
     tools/obex-client-tool \
     tools/obex-server-tool \
     tools/bluetooth-player \
@@ -16,12 +14,13 @@ NOINST_TOOLS_READLINE ?= " \
     tools/btmgmt \
 "
 
-# noinst programs in Makefile.tools that are conditional on EXPERIMENTAL
+# noinst programs in Makefile.tools that are conditional on TESTING
 # support
-NOINST_TOOLS_EXPERIMENTAL ?= " \
+NOINST_TOOLS_TESTING ?= " \
     emulator/btvirt \
     emulator/b1ee \
     emulator/hfp \
+    peripheral/btsensor \
     tools/3dsp \
     tools/mgmt-tester \
     tools/gap-tester \
@@ -30,6 +29,13 @@ NOINST_TOOLS_EXPERIMENTAL ?= " \
     tools/smp-tester \
     tools/hci-tester \
     tools/rfcomm-tester \
+    tools/bnep-tester \
+    tools/userchan-tester \
+"
+
+# noinst programs in Makefile.tools that are conditional on TOOLS
+# support
+NOINST_TOOLS_BT ?= " \
     tools/bdaddr \
     tools/avinfo \
     tools/avtest \
@@ -39,17 +45,24 @@ NOINST_TOOLS_EXPERIMENTAL ?= " \
     tools/hcieventmask \
     tools/hcisecfilter \
     tools/btinfo \
-    tools/btattach \
     tools/btsnoop \
     tools/btproxy \
     tools/btiotest \
+    tools/bneptest \
     tools/mcaptest \
     tools/cltest \
     tools/oobtest \
+    tools/advtest \
     tools/seq2bseq \
+    tools/nokfw \
+    tools/create-image \
+    tools/eddystone \
     tools/ibeacon \
     tools/btgatt-client \
     tools/btgatt-server \
+    tools/test-runner \
+    tools/check-selftest \
     tools/gatt-service \
     profiles/iap/iapd \
+    ${@bb.utils.contains('PACKAGECONFIG', 'btpclient', 'tools/btpclient', '', d)} \
 "
diff --git a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch b/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
index 279ca05d6f..c93e9b4654 100644
--- a/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
+++ b/meta/recipes-connectivity/connman/connman-gnome/0001-Port-to-Gtk3.patch
@@ -1,11 +1,10 @@
-From 092fe0793b39c6feb6464bfbd568b050960d62c0 Mon Sep 17 00:00:00 2001
+From a59b0fac02e74a971ac3f08bf28c17ce361a9526 Mon Sep 17 00:00:00 2001
 From: Jussi Kukkonen <jussi.kukkonen@intel.com>
 Date: Wed, 2 Mar 2016 15:47:49 +0200
 Subject: [PATCH] Port to Gtk3
 
 Some unused (or not useful) code was removed, functionality should stay
-the same, although applet now loads icons based on actual size available
-to it.
+the same.
 
 Code still contains quite a few uses of deprecated API.
 
@@ -13,13 +12,13 @@ Upstream-Status: Submitted
 Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
 ---
  applet/agent.c        |  3 +--
- applet/main.c         | 43 ------------------------------
- applet/status.c       | 74 +++++++++++++++++++++++++++++++++------------------
+ applet/main.c         | 43 -------------------------------------------
+ applet/status.c       |  8 --------
  configure.ac          |  3 +--
- properties/ethernet.c | 14 +++++-----
+ properties/ethernet.c | 14 +++++++-------
  properties/main.c     |  2 +-
- properties/wifi.c     | 12 ++++-----
- 7 files changed, 64 insertions(+), 87 deletions(-)
+ properties/wifi.c     | 12 ++++++------
+ 7 files changed, 16 insertions(+), 69 deletions(-)
 
 diff --git a/applet/agent.c b/applet/agent.c
 index 65bed08..04fe86a 100644
@@ -43,7 +42,7 @@ index 65bed08..04fe86a 100644
  	label = gtk_label_new(_("Please provide some network information:"));
  	gtk_misc_set_alignment(GTK_MISC(label), 0.0, 0.0);
 diff --git a/applet/main.c b/applet/main.c
-index c7b3c7f..f2ce46b 100644
+index f12d371..cd16285 100644
 --- a/applet/main.c
 +++ b/applet/main.c
 @@ -157,46 +157,6 @@ static void name_owner_changed(DBusGProxy *proxy, const char *name,
@@ -104,26 +103,10 @@ index c7b3c7f..f2ce46b 100644
  			"copyright", "Copyright \xc2\xa9 2008 Intel Corporation",
  			"comments", _("A connection manager for the GNOME desktop"),
 diff --git a/applet/status.c b/applet/status.c
-index aed6f1e..6ecbf3a 100644
+index aed6f1e..015ff29 100644
 --- a/applet/status.c
 +++ b/applet/status.c
-@@ -30,13 +30,14 @@
- static gboolean available = FALSE;
- 
- static GtkStatusIcon *statusicon = NULL;
-+static gint icon_size = 0;
- 
- static GdkPixbuf *pixbuf_load(GtkIconTheme *icontheme, const gchar *name)
- {
- 	GdkPixbuf *pixbuf;
- 	GError *error = NULL;
- 
--	pixbuf = gtk_icon_theme_load_icon(icontheme, name, 22, 0, &error);
-+	pixbuf = gtk_icon_theme_load_icon(icontheme, name, icon_size, 0, &error);
- 
- 	if (pixbuf == NULL) {
- 		g_warning("Missing icon %s: %s", name, error->message);
-@@ -102,8 +103,6 @@ static void icon_animation_start(IconAnimation *animation,
+@@ -102,8 +102,6 @@ static void icon_animation_start(IconAnimation *animation,
  {
  	available = TRUE;
  
@@ -132,7 +115,7 @@ index aed6f1e..6ecbf3a 100644
  	animation->start = start;
  	animation->end = (end == 0) ? animation->count - 1 : end;
  
-@@ -120,8 +119,6 @@ static void icon_animation_stop(IconAnimation *animation)
+@@ -120,8 +118,6 @@ static void icon_animation_stop(IconAnimation *animation)
  {
  	available = TRUE;
  
@@ -141,96 +124,7 @@ index aed6f1e..6ecbf3a 100644
  	if (animation->id > 0)
  		g_source_remove(animation->id);
  
-@@ -190,6 +187,42 @@ static GdkPixbuf *pixbuf_none;
- static GdkPixbuf *pixbuf_wired;
- static GdkPixbuf *pixbuf_signal[5];
- 
-+static void
-+load_icons (gint size)
-+{
-+        // educated guess to preload correct size
-+        if (size == 0)
-+                size = 34;
-+
-+        if (icon_size == size)
-+                return;
-+
-+        icon_size = size;
-+
-+        if(pixbuf_none)
-+                status_cleanup();
-+
-+        g_debug ("Loading icons at size %d", icon_size);
-+        animation = icon_animation_load(icontheme, "connman-connecting", 33);
-+        pixbuf_signal[0] = pixbuf_load(icontheme, "connman-signal-01");
-+        pixbuf_signal[1] = pixbuf_load(icontheme, "connman-signal-02");
-+        pixbuf_signal[2] = pixbuf_load(icontheme, "connman-signal-03");
-+        pixbuf_signal[3] = pixbuf_load(icontheme, "connman-signal-04");
-+        pixbuf_signal[4] = pixbuf_load(icontheme, "connman-signal-05");
-+
-+        pixbuf_none = pixbuf_load(icontheme, "connman-type-none");
-+        pixbuf_wired = pixbuf_load(icontheme, "connman-type-wired");
-+        pixbuf_notifier = pixbuf_load(icontheme, "connman-notifier-unavailable");
-+}
-+
-+static gboolean
-+size_changed_cb (GtkStatusIcon *statusicon,
-+                 gint           size,
-+                 gpointer       user_data)
-+{
-+        load_icons (size);
-+}
-+
- int status_init(StatusCallback activate, GtkWidget *popup)
- {
- 	GdkScreen *screen;
-@@ -204,17 +237,9 @@ int status_init(StatusCallback activate, GtkWidget *popup)
- 
- 	gtk_icon_theme_append_search_path(icontheme, ICONDIR);
- 
--	animation = icon_animation_load(icontheme, "connman-connecting", 33);
--
--	pixbuf_signal[0] = pixbuf_load(icontheme, "connman-signal-01");
--	pixbuf_signal[1] = pixbuf_load(icontheme, "connman-signal-02");
--	pixbuf_signal[2] = pixbuf_load(icontheme, "connman-signal-03");
--	pixbuf_signal[3] = pixbuf_load(icontheme, "connman-signal-04");
--	pixbuf_signal[4] = pixbuf_load(icontheme, "connman-signal-05");
--
--	pixbuf_none = pixbuf_load(icontheme, "connman-type-none");
--	pixbuf_wired = pixbuf_load(icontheme, "connman-type-wired");
--	pixbuf_notifier = pixbuf_load(icontheme, "connman-notifier-unavailable");
-+	g_signal_connect (statusicon, "size-changed",
-+			  G_CALLBACK(size_changed_cb), NULL);
-+	load_icons (gtk_status_icon_get_size (statusicon));
- 
- 	if (activate != NULL)
- 		g_signal_connect(statusicon, "activate",
-@@ -231,17 +256,18 @@ void status_cleanup(void)
- 	int i;
- 
- 	icon_animation_free(animation);
-+	animation = NULL;
- 
- 	for (i = 0; i < 5; i++)
--		g_object_unref(pixbuf_signal[i]);
-+		g_clear_object(&pixbuf_signal[i]);
- 
--	g_object_unref(pixbuf_none);
--	g_object_unref(pixbuf_wired);
--	g_object_unref(pixbuf_notifier);
-+	g_clear_object(&pixbuf_none);
-+	g_clear_object(&pixbuf_wired);
-+	g_clear_object(&pixbuf_notifier);
- 
--	g_object_unref(icontheme);
-+	g_clear_object(&icontheme);
- 
--	g_object_unref(statusicon);
-+	g_clear_object(&statusicon);
- }
- 
- void status_unavailable(void)
-@@ -251,8 +277,6 @@ void status_unavailable(void)
+@@ -251,8 +247,6 @@ void status_unavailable(void)
  	available = FALSE;
  
  	gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_notifier);
@@ -239,7 +133,7 @@ index aed6f1e..6ecbf3a 100644
  
  	gtk_status_icon_set_visible(statusicon, TRUE);
  }
-@@ -299,7 +323,6 @@ static void set_ready(gint signal)
+@@ -299,7 +293,6 @@ static void set_ready(gint signal)
  
  	if (signal < 0) {
  		gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_wired);
@@ -247,7 +141,7 @@ index aed6f1e..6ecbf3a 100644
  		return;
  	}
  
-@@ -311,7 +334,6 @@ static void set_ready(gint signal)
+@@ -311,7 +304,6 @@ static void set_ready(gint signal)
  		index = 4;
  
  	gtk_status_icon_set_from_pixbuf(statusicon, pixbuf_signal[index]);
@@ -379,5 +273,5 @@ index bd325ef..a5827e0 100644
  		}
  		break;
 -- 
-2.1.4
+2.8.1
 
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index a56bd3751f..778bf50191 100644
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -20,7 +20,7 @@ SRC_URI = "git://github.com/connectivity/connman-gnome.git \
 
 S = "${WORKDIR}/git"
 
-inherit autotools-brokensep gtk-icon-cache pkgconfig distro_features_check
+inherit autotools-brokensep gtk-icon-cache pkgconfig features_check
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
 RDEPENDS_${PN} = "connman"
diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
index 35a7eed0a9..ff3aff5f1f 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -13,9 +13,9 @@ LICENSE  = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
                     file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
 
-inherit autotools pkgconfig systemd update-rc.d bluetooth
+inherit autotools pkgconfig systemd update-rc.d update-alternatives
 
-DEPENDS  = "dbus glib-2.0 ppp iptables readline"
+DEPENDS  = "dbus glib-2.0 ppp readline"
 
 INC_PR = "r20"
 
@@ -31,10 +31,9 @@ EXTRA_OECONF += "\
 "
 
 PACKAGECONFIG ??= "wispr \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'systemd','systemd', '', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wifi', '', d)} \
+                   ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', '3g','3g', '', d)} \
+                   iptables \
 "
 
 # If you want ConnMan to support VPN, add following statement into
@@ -43,7 +42,7 @@ PACKAGECONFIG ??= "wispr \
 
 PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''"
 PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant"
-PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}, ${BLUEZ}"
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5"
 PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono"
 PACKAGECONFIG[tist] = "--enable-tist,--disable-tist,"
 PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn"
@@ -52,13 +51,16 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t
 PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux"
 # WISPr support for logging into hotspots, requires TLS
 PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls,"
+PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat"
+PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables"
+PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard"
 
 INITSCRIPT_NAME = "connman"
 INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
 
 python __anonymous () {
-    systemd_packages = "${PN}"
-    pkgconfig = d.getVar('PACKAGECONFIG', True)
+    systemd_packages = "${PN} ${PN}-wait-online"
+    pkgconfig = d.getVar('PACKAGECONFIG')
     if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
         systemd_packages += " ${PN}-vpn"
     d.setVar('SYSTEMD_PACKAGES', systemd_packages)
@@ -68,6 +70,11 @@ SYSTEMD_SERVICE_${PN} = "connman.service"
 SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service"
 SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service"
 
+ALTERNATIVE_PRIORITY = "100"
+ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
+ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}"
+ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
+
 do_install_append() {
 	if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
 		install -d ${D}${sysconfdir}/init.d
@@ -88,6 +95,11 @@ do_install_append() {
 	# Automake 1.12 won't install empty directories, but we need the
 	# plugins directory to be present for ownership
 	mkdir -p ${D}${libdir}/connman/plugins
+
+    # For read-only filesystem, do not create links during bootup
+    if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+        ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman
+    fi
 }
 
 # These used to be plugins, but now they are core
@@ -116,20 +128,20 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip):
 
 python populate_packages_prepend() {
     depmap = dict(pppd="ppp")
-    multilib_prefix = (d.getVar("MLPREFIX", True) or "")
+    multilib_prefix = (d.getVar("MLPREFIX") or "")
 
     hook = lambda file,pkg,x,y,z: \
         add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, False)
     plugin_dir = d.expand('${libdir}/connman/plugins/')
     plugin_name = d.expand('${PN}-plugin-%s')
-    do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+    do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
         '${PN} plugin for %s', extra_depends='', hook=hook, prepend=True )
 
     hook = lambda file,pkg,x,y,z: \
         add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, True)
     plugin_dir = d.expand('${libdir}/connman/plugins-vpn/')
     plugin_name = d.expand('${PN}-plugin-vpn-%s')
-    do_split_packages(d, plugin_dir, '^(.*).so$', plugin_name, \
+    do_split_packages(d, plugin_dir, r'^(.*).so$', plugin_name, \
         '${PN} VPN plugin for %s', extra_depends='', hook=hook, prepend=True )
 }
 
@@ -145,7 +157,7 @@ RDEPENDS_${PN}-client ="${PN}"
 
 FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
             ${libdir}/connman/plugins \
-            ${sysconfdir} ${sharedstatedir} ${localstatedir} \
+            ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \
             ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
             ${datadir}/dbus-1/system-services/* \
             ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
diff --git a/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch b/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch
new file mode 100644
index 0000000000..8e2e0bd02d
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/0001-connman.service-stop-systemd-resolved-when-we-use-co.patch
@@ -0,0 +1,29 @@
+From 9f70b94ebf18f52c115634642652830fa77f27a1 Mon Sep 17 00:00:00 2001
+From: "Maxin B. John" <maxin.john@intel.com>
+Date: Mon, 12 Jun 2017 16:52:39 +0300
+Subject: [PATCH] connman.service: stop systemd-resolved when we use connman
+
+Stop systemd-resolved service when we use connman as network manager.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ src/connman.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/connman.service.in b/src/connman.service.in
+index 9f5c10f..dab48bc 100644
+--- a/src/connman.service.in
++++ b/src/connman.service.in
+@@ -6,6 +6,7 @@ RequiresMountsFor=@localstatedir@/lib/connman
+ After=dbus.service network-pre.target systemd-sysusers.service
+ Before=network.target multi-user.target shutdown.target
+ Wants=network.target
++Conflicts=systemd-resolved.service
+ 
+ [Service]
+ Type=dbus
+-- 
+2.4.0
+
diff --git a/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch b/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch
new file mode 100644
index 0000000000..30f1432cd3
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/0001-gweb-fix-segfault-with-musl-v1.1.21.patch
@@ -0,0 +1,34 @@
+From f0a8c69971b30ea7ca255bb885fdd1179fa5d298 Mon Sep 17 00:00:00 2001
+From: Nicola Lunghi <nick83ola@gmail.com>
+Date: Thu, 23 May 2019 07:55:25 +0100
+Subject: [PATCH] gweb: fix segfault with musl v1.1.21
+
+In musl > v1.1.21 freeaddrinfo() implementation changed and
+was causing a segmentation fault on recent Yocto using musl.
+
+See this commit:
+
+ https://git.musl-libc.org/cgit/musl/commit/src/network/freeaddrinfo.c?id=d1395c43c019aec6b855cf3c656bf47c8a719e7f
+
+Upstream-Status: Submitted
+---
+ gweb/gweb.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/gweb/gweb.c b/gweb/gweb.c
+index 393afe0a..12fcb1d8 100644
+--- a/gweb/gweb.c
++++ b/gweb/gweb.c
+@@ -1274,7 +1274,8 @@ static bool is_ip_address(const char *host)
+ 	addr = NULL;
+ 
+ 	result = getaddrinfo(host, NULL, &hints, &addr);
+-	freeaddrinfo(addr);
++	if(!result)
++		freeaddrinfo(addr);
+ 
+ 	return result == 0;
+ }
+-- 
+2.19.1
+
diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
index 0593427710..639ccfa2a2 100644
--- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
+++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
@@ -17,6 +17,14 @@ diff --git a/gweb/gresolv.c b/gweb/gresolv.c
 index 5cf7a9a..3ad8e70 100644
 --- a/gweb/gresolv.c
 +++ b/gweb/gresolv.c
+@@ -36,6 +36,7 @@
+ #include <arpa/inet.h>
+ #include <arpa/nameser.h>
+ #include <net/if.h>
++#include <ctype.h>
+ 
+ #include "gresolv.h"
+ 
 @@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index)
  	resolv->index = index;
  	resolv->nameserver_list = NULL;
diff --git a/meta/recipes-connectivity/connman/connman/includes.patch b/meta/recipes-connectivity/connman/connman/includes.patch
deleted file mode 100644
index 55cb187931..0000000000
--- a/meta/recipes-connectivity/connman/connman/includes.patch
+++ /dev/null
@@ -1,423 +0,0 @@
-Fix various issues which cause problems under musl.
-
-Upstream-Status: Submitted
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 630516bcc0233b047f65665c003201ba6e77453d Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 16:22:36 +0100
-Subject: [PATCH 1/3] Use AC_USE_SYSTEM_EXTENSIONS
-
-Instead of using #define _GNU_SOURCE in some source files which causes problems
-when building with musl as more files need the define, simply use
-AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
----
- configure.ac       | 1 +
- gdhcp/client.c     | 1 -
- plugins/tist.c     | 1 -
- src/backtrace.c    | 1 -
- src/inet.c         | 1 -
- src/log.c          | 1 -
- src/ntp.c          | 1 -
- src/resolver.c     | 1 -
- src/rfkill.c       | 1 -
- src/stats.c        | 1 -
- src/timezone.c     | 1 -
- tools/stats-tool.c | 1 -
- tools/tap-test.c   | 1 -
- tools/wispr.c      | 1 -
- vpn/plugins/vpn.c  | 1 -
- 15 files changed, 1 insertion(+), 14 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 6e66ab3..bacf5ec 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir)
- AC_SUBST(abs_top_builddir)
- 
- AC_LANG_C
-+AC_USE_SYSTEM_EXTENSIONS
- 
- AC_PROG_CC
- AM_PROG_CC_C_O
-diff --git a/gdhcp/client.c b/gdhcp/client.c
-index fbb40ab..3aeb089 100644
---- a/gdhcp/client.c
-+++ b/gdhcp/client.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <unistd.h>
-diff --git a/plugins/tist.c b/plugins/tist.c
-index ad5ef79..cc2800a 100644
---- a/plugins/tist.c
-+++ b/plugins/tist.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <stdbool.h>
- #include <stdlib.h>
-diff --git a/src/backtrace.c b/src/backtrace.c
-index 6a66c0a..4dbdda8 100644
---- a/src/backtrace.c
-+++ b/src/backtrace.c
-@@ -24,7 +24,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <unistd.h>
- #include <stdlib.h>
-diff --git a/src/inet.c b/src/inet.c
-index 69ded19..81d92c2 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -25,7 +25,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <unistd.h>
-diff --git a/src/log.c b/src/log.c
-index 9bae4a3..f7e82e5 100644
---- a/src/log.c
-+++ b/src/log.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <unistd.h>
- #include <stdarg.h>
-diff --git a/src/ntp.c b/src/ntp.c
-index dd246eb..db8ae96 100644
---- a/src/ntp.c
-+++ b/src/ntp.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <errno.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/src/resolver.c b/src/resolver.c
-index fbe4be7..ef61f92 100644
---- a/src/resolver.c
-+++ b/src/resolver.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/src/rfkill.c b/src/rfkill.c
-index 2bfb092..af49d12 100644
---- a/src/rfkill.c
-+++ b/src/rfkill.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/src/stats.c b/src/stats.c
-index 26343b1..cfcdc94 100644
---- a/src/stats.c
-+++ b/src/stats.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <errno.h>
- #include <sys/mman.h>
- #include <sys/types.h>
-diff --git a/src/timezone.c b/src/timezone.c
-index e346b11..8e91267 100644
---- a/src/timezone.c
-+++ b/src/timezone.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <errno.h>
- #include <stdio.h>
- #include <fcntl.h>
-diff --git a/tools/stats-tool.c b/tools/stats-tool.c
-index b076478..428d94b 100644
---- a/tools/stats-tool.c
-+++ b/tools/stats-tool.c
-@@ -22,7 +22,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <sys/mman.h>
- #include <sys/types.h>
- #include <sys/stat.h>
-diff --git a/tools/tap-test.c b/tools/tap-test.c
-index fdc098a..57917f5 100644
---- a/tools/tap-test.c
-+++ b/tools/tap-test.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/tools/wispr.c b/tools/wispr.c
-index d5f9341..e56dfc1 100644
---- a/tools/wispr.c
-+++ b/tools/wispr.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
-index 9a42385..479c3a7 100644
---- a/vpn/plugins/vpn.c
-+++ b/vpn/plugins/vpn.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <string.h>
- #include <fcntl.h>
- #include <unistd.h>
--- 
-2.8.1
-
-
-From b8b7878e6cb2a1ed4fcfa256f7e232511a40e3d9 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 15:37:50 +0100
-Subject: [PATCH 2/3] Check for in6_pktinfo.ipi6_addr explicitly
-
-Instead of assuming that just glibc has this structure, check for it at
-configure as musl also has it.
-
-Based on work by Khem Raj <raj.khem@gmail.com>.
----
- configure.ac   | 2 ++
- gdhcp/common.h | 5 +++--
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index bacf5ec..ad00456 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -186,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
- AC_CHECK_HEADERS([execinfo.h])
- AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
- 
-+AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
-+
- AC_CHECK_FUNC(signalfd, dummy=yes,
- 			AC_MSG_ERROR(signalfd support is required))
- 
-diff --git a/gdhcp/common.h b/gdhcp/common.h
-index 75abc18..6899499 100644
---- a/gdhcp/common.h
-+++ b/gdhcp/common.h
-@@ -19,6 +19,7 @@
-  *
-  */
- 
-+#include <config.h>
- #include <netinet/udp.h>
- #include <netinet/ip.h>
- 
-@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = {
- 	[OPTION_U32]	= 4,
- };
- 
--/* already defined within netinet/in.h if using GNU compiler */
--#ifndef __USE_GNU
-+/* already defined within netinet/in.h if using glibc or musl */
-+#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR
- struct in6_pktinfo {
- 	struct in6_addr ipi6_addr;  /* src/dst IPv6 address */
- 	unsigned int ipi6_ifindex;  /* send/recv interface index */
--- 
-2.8.1
-
-
-From c0726e432fa0274a2b9c70179b03df6720972816 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Tue, 9 Aug 2016 15:19:23 +0100
-Subject: [PATCH 3/3] Rationalise includes
-
-gweb/gresolv.c uses snprintf() and isspace() so it should include stdio.h and
-ctype.h.
-
-tools/dnsproxy-test uses functions from stdio.h.
-
-musl warns when sys/ headers are included when the non-sys form should be used,
-so switch sys/errno.h and so on to errno.h.
-
-musl also causes redefinition errors when pieces of the networking headers are
-included, so remove the redundant includes.
-
-Based on work by Khem Raj <raj.khem@gmail.com>.
----
- gweb/gresolv.c               | 2 ++
- plugins/wifi.c               | 3 +--
- src/ippool.c                 | 1 -
- src/iptables.c               | 2 +-
- src/tethering.c              | 2 --
- tools/dhcp-test.c            | 1 -
- tools/dnsproxy-test.c        | 1 +
- tools/private-network-test.c | 2 +-
- tools/tap-test.c             | 2 +-
- 9 files changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/gweb/gresolv.c b/gweb/gresolv.c
-index 8a51a9f..d55027c 100644
---- a/gweb/gresolv.c
-+++ b/gweb/gresolv.c
-@@ -23,11 +23,13 @@
- #include <config.h>
- #endif
- 
-+#include <ctype.h>
- #include <errno.h>
- #include <unistd.h>
- #include <stdarg.h>
- #include <string.h>
- #include <stdlib.h>
-+#include <stdio.h>
- #include <resolv.h>
- #include <sys/types.h>
- #include <sys/socket.h>
-diff --git a/plugins/wifi.c b/plugins/wifi.c
-index 9d56671..148131d 100644
---- a/plugins/wifi.c
-+++ b/plugins/wifi.c
-@@ -30,9 +30,8 @@
- #include <string.h>
- #include <sys/ioctl.h>
- #include <sys/socket.h>
--#include <linux/if_arp.h>
--#include <linux/wireless.h>
- #include <net/ethernet.h>
-+#include <linux/wireless.h>
- 
- #ifndef IFF_LOWER_UP
- #define IFF_LOWER_UP	0x10000
-diff --git a/src/ippool.c b/src/ippool.c
-index cea1dcc..8a645da 100644
---- a/src/ippool.c
-+++ b/src/ippool.c
-@@ -28,7 +28,6 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
--#include <sys/errno.h>
- #include <sys/socket.h>
- 
- #include "connman.h"
-diff --git a/src/iptables.c b/src/iptables.c
-index 5ef757a..82e3ac4 100644
---- a/src/iptables.c
-+++ b/src/iptables.c
-@@ -28,7 +28,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <sys/socket.h>
- #include <xtables.h>
- #include <inttypes.h>
-diff --git a/src/tethering.c b/src/tethering.c
-index 3153349..ad062d5 100644
---- a/src/tethering.c
-+++ b/src/tethering.c
-@@ -31,10 +31,8 @@
- #include <stdio.h>
- #include <sys/ioctl.h>
- #include <net/if.h>
--#include <linux/sockios.h>
- #include <string.h>
- #include <fcntl.h>
--#include <linux/if_tun.h>
- #include <netinet/in.h>
- #include <linux/if_bridge.h>
- 
-diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c
-index c34e10a..eae66fc 100644
---- a/tools/dhcp-test.c
-+++ b/tools/dhcp-test.c
-@@ -33,7 +33,6 @@
- #include <arpa/inet.h>
- #include <net/route.h>
- #include <net/ethernet.h>
--#include <linux/if_arp.h>
- 
- #include <gdhcp/gdhcp.h>
- 
-diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c
-index 551cae9..371e2e2 100644
---- a/tools/dnsproxy-test.c
-+++ b/tools/dnsproxy-test.c
-@@ -24,6 +24,7 @@
- #endif
- 
- #include <errno.h>
-+#include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-diff --git a/tools/private-network-test.c b/tools/private-network-test.c
-index 3dd115b..2828bb3 100644
---- a/tools/private-network-test.c
-+++ b/tools/private-network-test.c
-@@ -32,7 +32,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <signal.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/signalfd.h>
- #include <unistd.h>
- 
-diff --git a/tools/tap-test.c b/tools/tap-test.c
-index 57917f5..cb3ee62 100644
---- a/tools/tap-test.c
-+++ b/tools/tap-test.c
-@@ -28,7 +28,7 @@
- #include <fcntl.h>
- #include <unistd.h>
- #include <string.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/ioctl.h>
- 
- #include <netinet/in.h>
--- 
-2.8.1
diff --git a/meta/recipes-connectivity/connman/connman_1.33.bb b/meta/recipes-connectivity/connman/connman_1.37.bb
index 6ea1a08dc1..00852bf0d6 100644
--- a/meta/recipes-connectivity/connman/connman_1.33.bb
+++ b/meta/recipes-connectivity/connman/connman_1.37.bb
@@ -2,13 +2,16 @@ require connman.inc
 
 SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
             file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+            file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
+            file://0001-gweb-fix-segfault-with-musl-v1.1.21.patch \
             file://connman \
             file://no-version-scripts.patch \
-            file://includes.patch \
-            "
+"
+
 SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
 
-SRC_URI[md5sum] = "c51903fd3e7a6a371d12ac5d72a1fa01"
-SRC_URI[sha256sum] = "bc8946036fa70124d663136f9f6b6238d897ca482782df907b07a428b09df5a0"
+SRC_URI[md5sum] = "75012084f14fb63a84b116e66c6e94fb"
+SRC_URI[sha256sum] = "6ce29b3eb0bb16a7387bc609c39455fd13064bdcde5a4d185fab3a0c71946e16"
 
 RRECOMMENDS_${PN} = "connman-conf"
+RCONFLICTS_${PN} = "networkmanager"
diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc b/meta/recipes-connectivity/dhcp/dhcp.inc
index aafdd0a13d..c4697beaf1 100644
--- a/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -8,48 +8,57 @@ easier to administer devices."
 HOMEPAGE = "http://www.isc.org/"
 
 LICENSE = "ISC"
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753"
+LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01"
 
 DEPENDS = "openssl bind"
 
-SRC_URI = "ftp://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
-           file://define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \
+SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
            file://init-relay file://default-relay \
            file://init-server file://default-server \
            file://dhclient.conf file://dhcpd.conf \
+           file://dhclient-systemd-wrapper \
+           file://dhclient.service \
            file://dhcpd.service file://dhcrelay.service \
            file://dhcpd6.service \
-           file://search-for-libxml2.patch "
-
-UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/"
+           "
+UPSTREAM_CHECK_URI = "http://ftp.isc.org/isc/dhcp/"
 UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/"
 
-inherit autotools systemd useradd update-rc.d
+inherit autotools-brokensep systemd useradd update-rc.d
 
 USERADD_PACKAGES = "${PN}-server"
-USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${PN} --shell /bin/false --user-group ${PN}"
+USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${BPN} --shell /bin/false --user-group ${BPN}"
 
-SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay"
+SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay ${PN}-client"
 SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service"
 SYSTEMD_AUTO_ENABLE_${PN}-server = "disable"
 
 SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service"
 SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable"
 
+SYSTEMD_SERVICE_${PN}-client = "dhclient.service"
+SYSTEMD_AUTO_ENABLE_${PN}-client = "disable"
+
 INITSCRIPT_PACKAGES = "dhcp-server"
 INITSCRIPT_NAME_dhcp-server = "dhcp-server"
 INITSCRIPT_PARAMS_dhcp-server = "defaults"
 
-TARGET_CFLAGS += "-D_GNU_SOURCE"
+CFLAGS += "-D_GNU_SOURCE"
 EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
                 --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \
                 --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
                 --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
-                --with-libbind=${STAGING_LIBDIR}/ \
-                --enable-paranoia \
+                --enable-paranoia --disable-static \
                 --with-randomdev=/dev/random \
+                --with-libbind=${STAGING_DIR_HOST} \
+		--enable-libtool \
                "
 
+#Enable shared libs per dhcp README
+do_configure_prepend () {
+	cp configure.ac+lt configure.ac
+}
+
 do_install_append () {
 	install -d ${D}${sysconfdir}/init.d
 	install -d ${D}${sysconfdir}/default
@@ -79,14 +88,21 @@ do_install_append () {
 	sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
 	sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
 	sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
-       sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service
+	sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service
+
+	install -d ${D}${base_sbindir}
+	install -m 0755 ${WORKDIR}/dhclient-systemd-wrapper ${D}${base_sbindir}/dhclient-systemd-wrapper
+	install -m 0644 ${WORKDIR}/dhclient.service ${D}${systemd_unitdir}/system
+	sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhclient.service
+	sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/dhclient.service
 }
 
-PACKAGES += "dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
+PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
 
-FILES_${PN} = ""
+PACKAGES_remove = "${PN}"
 RDEPENDS_${PN}-dev = ""
 RDEPENDS_${PN}-staticdev = ""
+FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0* ${libdir}/libdhcp.so.0*"
 
 FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server"
 RRECOMMENDS_${PN}-server = "dhcp-server-config"
@@ -95,7 +111,11 @@ FILES_${PN}-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhc
 
 FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay"
 
-FILES_${PN}-client = "${base_sbindir}/dhclient ${base_sbindir}/dhclient-script ${sysconfdir}/dhcp/dhclient.conf"
+FILES_${PN}-client = "${base_sbindir}/dhclient \
+                      ${base_sbindir}/dhclient-script \
+                      ${sysconfdir}/dhcp/dhclient.conf \
+                      ${base_sbindir}/dhclient-systemd-wrapper \
+                     "
 
 FILES_${PN}-omshell = "${bindir}/omshell"
 
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch
new file mode 100644
index 0000000000..f12a112fcf
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0001-Fix-a-NSUPDATE-compiling-issue.patch
@@ -0,0 +1,68 @@
+From a59cb98a473caa2afd64d7ae368480b6e9f91b3f Mon Sep 17 00:00:00 2001
+From: Ming Liu <liu.ming50@gmail.com>
+Date: Tue, 14 May 2019 11:07:15 +0200
+Subject: [PATCH] Fix a NSUPDATE compiling issue
+
+Upstream-Status: Pending [Patch sent to: https://gitlab.isc.org/isc-projects/dhcp/issues/16]
+
+A following error was observed when NSUPDATE is not defined:
+| omapip/isclib.c: In function 'dns_client_init':
+| omapip/isclib.c:356:18: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient'
+|   if (dhcp_gbl_ctx.dnsclient == NULL) {
+|                   ^
+| omapip/isclib.c:363:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'dnsclient'
+|            &dhcp_gbl_ctx.dnsclient,
+|                         ^
+| omapip/isclib.c:364:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local4'
+|            (dhcp_gbl_ctx.use_local4 ?
+|                         ^
+| omapip/isclib.c:365:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local4_sockaddr'
+|             &dhcp_gbl_ctx.local4_sockaddr
+|                          ^
+| omapip/isclib.c:367:24: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'use_local6'
+|            (dhcp_gbl_ctx.use_local6 ?
+|                         ^
+| omapip/isclib.c:368:25: error: 'dhcp_context_t {aka struct dhcp_context}' has no member named 'local6_sockaddr'
+|             &dhcp_gbl_ctx.local6_sockaddr
+
+Fix it by adding NSUPDATE conditional checking.
+
+Signed-off-by: Ming Liu <liu.ming50@gmail.com>
+---
+ includes/omapip/isclib.h | 2 ++
+ omapip/isclib.c          | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index 538b927..6c20584 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -141,6 +141,8 @@ void isclib_cleanup(void);
+ void dhcp_signal_handler(int signal);
+ extern int shutdown_signal;
+ 
++#if defined (NSUPDATE)
+ isc_result_t dns_client_init();
++#endif
+ 
+ #endif /* ISCLIB_H */
+diff --git a/omapip/isclib.c b/omapip/isclib.c
+index db3b895..ce4b4a1 100644
+--- a/omapip/isclib.c
++++ b/omapip/isclib.c
+@@ -351,6 +351,7 @@ void dhcp_signal_handler(int signal) {
+ 	}
+ }
+ 
++#if defined (NSUPDATE)
+ isc_result_t dns_client_init() {
+ 	isc_result_t result;
+ 	if (dhcp_gbl_ctx.dnsclient == NULL) {
+@@ -387,3 +388,4 @@ isc_result_t dns_client_init() {
+ 
+ 	return ISC_R_SUCCESS;
+ }
++#endif
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
index 32bdaf08e7..d1b57f0bb4 100644
--- a/meta/recipes-connectivity/dhcp/dhcp/define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
+++ b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
@@ -1,17 +1,21 @@
-define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
+From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 16:14:22 +0800
+Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
 
 Upstream-Status: Inappropriate [OE specific]
 
+Rebase to 4.3.6
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
  includes/site.h | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-diff --git a/includes/site.h b/includes/site.h
-index d87b309..17bc40d 100644
---- a/includes/site.h
-+++ b/includes/site.h
-@@ -139,7 +139,8 @@
+Index: dhcp-4.4.1/includes/site.h
+===================================================================
+--- dhcp-4.4.1.orig/includes/site.h
++++ dhcp-4.4.1/includes/site.h
+@@ -148,7 +148,8 @@
  /* Define this if you want the dhcpd.conf file to go somewhere other than
     the default location.   By default, it goes in /etc/dhcpd.conf. */
  
@@ -21,6 +25,3 @@ index d87b309..17bc40d 100644
  
  /* Network API definitions.   You do not need to choose one of these - if
     you don't choose, one will be chosen for you in your system's config
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
new file mode 100644
index 0000000000..1bc1422475
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch
@@ -0,0 +1,79 @@
+From 8194daabfd590f17825f0c61e9534bee5c99cc86 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Fri, 14 Sep 2018 13:41:41 -0400
+Subject: [master] Added includes of new BIND9 compatibility headers
+
+    Merges in rt48072.
+
+Upstream-Status: Backport
+Signed-off-by: Adrian Bunk <bunk@stusta.de>
+
+diff --git a/includes/omapip/isclib.h b/includes/omapip/isclib.h
+index 75a87ff6..538b927f 100644
+--- a/includes/omapip/isclib.h
++++ b/includes/omapip/isclib.h
+@@ -48,6 +48,9 @@
+ #include <string.h>
+ #include <netdb.h>
+ 
++#include <isc/boolean.h>
++#include <isc/int.h>
++
+ #include <isc/buffer.h>
+ #include <isc/lex.h>
+ #include <isc/lib.h>
+diff --git a/includes/omapip/result.h b/includes/omapip/result.h
+index 91243e1b..860298f6 100644
+--- a/includes/omapip/result.h
++++ b/includes/omapip/result.h
+@@ -26,6 +26,7 @@
+ #ifndef DHCP_RESULT_H
+ #define DHCP_RESULT_H 1
+ 
++#include <isc/boolean.h>
+ #include <isc/lang.h>
+ #include <isc/resultclass.h>
+ #include <isc/types.h>
+diff --git a/server/dhcpv6.c b/server/dhcpv6.c
+index a7110f98..cde4f617 100644
+--- a/server/dhcpv6.c
++++ b/server/dhcpv6.c
+@@ -1034,7 +1034,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ 				  shared_name,
+ 				  inet_ntop(AF_INET6, &lease->addr,
+ 					    tmp_addr, sizeof(tmp_addr)),
+-				  used, count);
++				  (long long unsigned)(used),
++				  (long long unsigned)(count));
+ 		}
+ 		return;
+ 	}
+@@ -1066,7 +1067,8 @@ void check_pool6_threshold(struct reply_state *reply,
+ 		  "address: %s; high threshold %d%% %llu/%llu.",
+ 		  shared_name,
+ 		  inet_ntop(AF_INET6, &lease->addr, tmp_addr, sizeof(tmp_addr)),
+-		  poolhigh, used, count);
++		  poolhigh, (long long unsigned)(used),
++		  (long long unsigned)(count));
+ 
+ 	/* handle the low threshold now, if we don't
+ 	 * have one we default to 0. */
+@@ -1436,12 +1438,15 @@ pick_v6_address(struct reply_state *reply)
+ 		log_debug("Unable to pick client address: "
+ 			  "no addresses available  - shared network %s: "
+ 			  " 2^64-1 < total, %llu active,  %llu abandoned",
+-			  shared_name, active - abandoned, abandoned);
++			  shared_name, (long long unsigned)(active - abandoned),
++			  (long long unsigned)(abandoned));
+ 	} else {
+ 		log_debug("Unable to pick client address: "
+ 			  "no addresses available  - shared network %s: "
+ 			  "%llu total, %llu active,  %llu abandoned",
+-			  shared_name, total, active - abandoned, abandoned);
++			  shared_name, (long long unsigned)(total),
++			  (long long unsigned)(active - abandoned),
++		          (long long unsigned)(abandoned));
+ 	}
+ 
+ 	return ISC_R_NORESOURCES;
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch
deleted file mode 100644
index 47443a50ef..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0001-site.h-enable-gentle-shutdown.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-Subject: [PATCH] site.h: enable gentle shutdown
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- includes/site.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/includes/site.h b/includes/site.h
-index 1dd1251..abb66e4 100644
---- a/includes/site.h
-+++ b/includes/site.h
-@@ -289,7 +289,7 @@
-    situations.  We plan to revisit this feature and may
-    make non-backwards compatible changes including the
-    removal of this define.  Use at your own risk.  */
--/* #define ENABLE_GENTLE_SHUTDOWN */
-+#define ENABLE_GENTLE_SHUTDOWN
- 
- /* Include old error codes.  This is provided in case you
-    are building an external program similar to omshell for
--- 
-2.8.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
new file mode 100644
index 0000000000..2359381b93
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0001-workaround-busybox-limitation-in-linux-dhclient-script.patch
@@ -0,0 +1,65 @@
+From eec0503cfc36f63d777f5cb3f2719cecedcb8468 Mon Sep 17 00:00:00 2001
+From: Haris Okanovic <haris.okanovic@ni.com>
+Date: Mon, 7 Jan 2019 13:22:09 -0600
+Subject: [PATCH] Workaround busybox limitation in Linux dhclient-script
+
+Busybox is a lightweight implementation of coreutils commonly used on
+space-constrained embedded Linux distributions. It's implementation of
+chown and chmod doesn't provide a "--reference" option added to
+client/scripts/linux as of commit 9261cb14. This change works around
+that limitation by using stat to read ownership and permissions flags
+and simple chown/chmod calls supported in both coreutils and busybox.
+
+    modified:   client/scripts/linux
+
+Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
+Upstream-Status: Pending [ISC-Bugs #48771]
+---
+ client/scripts/linux | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 0c429697..2435a44b 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -32,6 +32,17 @@
+ # if your system holds ip tool in a non-standard location.
+ ip=/sbin/ip
+ 
++chown_chmod_by_reference() {
++    local reference_file="$1"
++    local target_file="$2"
++
++    local owner=$(stat -c "%u:%g" "$reference_file")
++    local perm=$(stat -c "%a" "$reference_file")
++
++    chown "$owner" "$target_file"
++    chmod "$perm" "$target_file"
++}
++
+ # update /etc/resolv.conf based on received values
+ # This updated version mostly follows Debian script by Andrew Pollock et al.
+ make_resolv_conf() {
+@@ -74,8 +85,7 @@ make_resolv_conf() {
+         fi
+ 
+ 	if [ -f /etc/resolv.conf ]; then
+-	    chown --reference=/etc/resolv.conf $new_resolv_conf
+-	    chmod --reference=/etc/resolv.conf $new_resolv_conf
++	    chown_chmod_by_reference /etc/resolv.conf $new_resolv_conf
+ 	fi
+         mv -f $new_resolv_conf /etc/resolv.conf
+     # DHCPv6
+@@ -101,8 +111,7 @@ make_resolv_conf() {
+         fi
+ 
+ 	if [ -f /etc/resolv.conf ]; then
+-            chown --reference=/etc/resolv.conf $new_resolv_conf
+-            chmod --reference=/etc/resolv.conf $new_resolv_conf
++	    chown_chmod_by_reference /etc/resolv.conf $new_resolv_conf
+ 	fi
+         mv -f $new_resolv_conf /etc/resolv.conf
+     fi
+-- 
+2.20.0
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
new file mode 100644
index 0000000000..101c33f677
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
@@ -0,0 +1,117 @@
+From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 14:56:56 +0800
+Subject: [PATCH 02/11] dhclient dbus
+
+Upstream-Status: Inappropriate [distribution]
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/bsdos   | 5 +++++
+ client/scripts/freebsd | 5 +++++
+ client/scripts/linux   | 5 +++++
+ client/scripts/netbsd  | 5 +++++
+ client/scripts/openbsd | 5 +++++
+ client/scripts/solaris | 5 +++++
+ 6 files changed, 30 insertions(+)
+
+diff --git a/client/scripts/bsdos b/client/scripts/bsdos
+index d69d0d8..095b143 100755
+--- a/client/scripts/bsdos
++++ b/client/scripts/bsdos
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+     . /etc/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
++  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++    dbus-send --system --dest=com.redhat.dhcp \
++      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++  fi
+   exit $exit_status
+ }
+ 
+diff --git a/client/scripts/freebsd b/client/scripts/freebsd
+index 8f3e2a2..ad7fb44 100755
+--- a/client/scripts/freebsd
++++ b/client/scripts/freebsd
+@@ -89,6 +89,11 @@ exit_with_hooks() {
+     . /etc/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
++  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++    dbus-send --system --dest=com.redhat.dhcp \
++      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++  fi
+   exit $exit_status
+ }
+ 
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 5fb1612..3d447b6 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -174,6 +174,11 @@ exit_with_hooks() {
+         exit_status=$?
+     fi
+ 
++    if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++        dbus-send --system --dest=com.redhat.dhcp \
++           --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++           'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++    fi
+     exit $exit_status
+ }
+ 
+diff --git a/client/scripts/netbsd b/client/scripts/netbsd
+index 07383b7..aaba8e8 100755
+--- a/client/scripts/netbsd
++++ b/client/scripts/netbsd
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+     . /etc/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
++  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++    dbus-send --system --dest=com.redhat.dhcp \
++      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++  fi
+   exit $exit_status
+ }
+ 
+diff --git a/client/scripts/openbsd b/client/scripts/openbsd
+index e7f4746..56b980c 100644
+--- a/client/scripts/openbsd
++++ b/client/scripts/openbsd
+@@ -45,6 +45,11 @@ exit_with_hooks() {
+     . /etc/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
++  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++    dbus-send --system --dest=com.redhat.dhcp \
++      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++  fi
+   exit $exit_status
+ }
+ 
+diff --git a/client/scripts/solaris b/client/scripts/solaris
+index af553b9..4a2aa69 100755
+--- a/client/scripts/solaris
++++ b/client/scripts/solaris
+@@ -26,6 +26,11 @@ exit_with_hooks() {
+     . /etc/dhclient-exit-hooks
+   fi
+ # probably should do something with exit status of the local script
++  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
++    dbus-send --system --dest=com.redhat.dhcp \
++      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
++      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
++  fi
+   exit $exit_status
+ }
+ 
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch b/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
index 0d0e0dd08e..5b35933a54 100644
--- a/meta/recipes-connectivity/dhcp/dhcp/link-with-lcrypto.patch
+++ b/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
@@ -1,24 +1,28 @@
-Author: Andrei Gherzan <andrei@gherzan.ro>
-Date:   Thu Feb 2 23:59:11 2012 +0200
+From d80bd792323dbd56269309f85b4506eb6b1b60e9 Mon Sep 17 00:00:00 2001
+From: Andrei Gherzan <andrei@gherzan.ro>
+Date: Tue, 15 Aug 2017 15:05:47 +0800
+Subject: [PATCH 03/11] link with lcrypto
 
-From 4.2.0 final release, -lcrypto check was removed and we compile static libraries
-from bind that are linked to libcrypto. This is why i added a patch in order to add
+From 4.2.0 final release, -lcrypto check was removed and we compile
+static libraries
+from bind that are linked to libcrypto. This is why i added a patch in
+order to add
 -lcrypto to LIBS.
 
 Upstream-Status: Pending
 Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
 
-Rebase to 4.3.4
+Rebase to 4.3.6
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
  configure.ac | 4 ++++
  1 file changed, 4 insertions(+)
 
-diff --git a/configure.ac b/configure.ac
-index 097b0c3..726c88e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -584,6 +584,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void foo() __attribute__((noreturn));
+Index: dhcp-4.4.1/configure.ac
+===================================================================
+--- dhcp-4.4.1.orig/configure.ac
++++ dhcp-4.4.1/configure.ac
+@@ -612,6 +612,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
  # Look for optional headers.
  AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
  
@@ -29,6 +33,3 @@ index 097b0c3..726c88e 100644
  # Solaris needs some libraries for functions
  AC_SEARCH_LIBS(socket, [socket])
  AC_SEARCH_LIBS(inet_ntoa, [nsl])
--- 
-2.8.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
new file mode 100644
index 0000000000..b71c93dd6d
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
@@ -0,0 +1,93 @@
+From cccec0344d68dac4100b6f260ee24e7c2da9dfda Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 15:08:22 +0800
+Subject: [PATCH 04/11] Fix out of tree builds
+
+Upstream-Status: Pending
+
+RP 2013/03/21
+
+Rebase to 4.3.6
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/Makefile.am  | 4 ++--
+ common/Makefile.am  | 3 ++-
+ dhcpctl/Makefile.am | 2 ++
+ omapip/Makefile.am  | 1 +
+ relay/Makefile.am   | 2 +-
+ server/Makefile.am  | 2 +-
+ 6 files changed, 9 insertions(+), 5 deletions(-)
+
+Index: dhcp-4.4.1/common/Makefile.am
+===================================================================
+--- dhcp-4.4.1.orig/common/Makefile.am
++++ dhcp-4.4.1/common/Makefile.am
+@@ -1,4 +1,5 @@
+-AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
++AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
++
+ AM_CFLAGS = $(LDAP_CFLAGS)
+ 
+ lib_LIBRARIES = libdhcp.a
+Index: dhcp-4.4.1/dhcpctl/Makefile.am
+===================================================================
+--- dhcp-4.4.1.orig/dhcpctl/Makefile.am
++++ dhcp-4.4.1/dhcpctl/Makefile.am
+@@ -3,6 +3,8 @@ BINDLIBDNSDIR=@BINDLIBDNSDIR@
+ BINDLIBISCCFGDIR=@BINDLIBISCCFGDIR@
+ BINDLIBISCDIR=@BINDLIBISCDIR@
+ 
++AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
++
+ bin_PROGRAMS = omshell
+ lib_LIBRARIES = libdhcpctl.a
+ noinst_PROGRAMS = cltest
+Index: dhcp-4.4.1/server/Makefile.am
+===================================================================
+--- dhcp-4.4.1.orig/server/Makefile.am
++++ dhcp-4.4.1/server/Makefile.am
+@@ -4,7 +4,7 @@
+ # production code. Sadly, we are not there yet.
+ SUBDIRS = . tests
+ 
+-AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
++AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+ 
+ dist_sysconf_DATA = dhcpd.conf.example
+ sbin_PROGRAMS = dhcpd
+Index: dhcp-4.4.1/client/Makefile.am
+===================================================================
+--- dhcp-4.4.1.orig/client/Makefile.am
++++ dhcp-4.4.1/client/Makefile.am
+@@ -5,7 +5,7 @@
+ SUBDIRS = . tests
+ 
+ AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"'
+-AM_CPPFLAGS += -DLOCALSTATEDIR='"$(localstatedir)"'
++AM_CPPFLAGS += -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
+ 
+ dist_sysconf_DATA = dhclient.conf.example
+ sbin_PROGRAMS = dhclient
+Index: dhcp-4.4.1/omapip/Makefile.am
+===================================================================
+--- dhcp-4.4.1.orig/omapip/Makefile.am
++++ dhcp-4.4.1/omapip/Makefile.am
+@@ -2,6 +2,7 @@ BINDLIBIRSDIR=@BINDLIBIRSDIR@
+ BINDLIBDNSDIR=@BINDLIBDNSDIR@
+ BINDLIBISCCFGDIR=@BINDLIBISCCFGDIR@
+ BINDLIBISCDIR=@BINDLIBISCDIR@
++AM_CPPFLAGS = -I$(top_srcdir)/includes
+ 
+ lib_LIBRARIES = libomapi.a
+ noinst_PROGRAMS = svtest
+Index: dhcp-4.4.1/relay/Makefile.am
+===================================================================
+--- dhcp-4.4.1.orig/relay/Makefile.am
++++ dhcp-4.4.1/relay/Makefile.am
+@@ -1,4 +1,4 @@
+-AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
++AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
+ 
+ sbin_PROGRAMS = dhcrelay
+ dhcrelay_SOURCES = dhcrelay.c
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch b/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
new file mode 100644
index 0000000000..dd56381b1d
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
@@ -0,0 +1,36 @@
+From 2e8ff0e4f6d39e346ea86b8c514ab4ccc78fa359 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 15 Aug 2017 15:24:14 +0800
+Subject: [PATCH 05/11] dhcp-client: fix invoke dhclient-script failed on
+ Read-only file system
+
+In read-only file system, '/etc' is on the readonly partition,
+and '/etc/resolv.conf' is symlinked to a separate writable
+partition.
+
+In this situation, we create temp files 'resolv.conf.dhclient-new'
+in /tmp dir.
+
+Upstream-Status: Pending
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 3d447b6..3122a75 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -40,7 +40,7 @@ make_resolv_conf() {
+     # DHCPv4
+     if [ -n "$new_domain_search" ] || [ -n "$new_domain_name" ] ||
+        [ -n "$new_domain_name_servers" ]; then
+-        new_resolv_conf=/etc/resolv.conf.dhclient-new
++        new_resolv_conf=/tmp/resolv.conf.dhclient-new
+         rm -f $new_resolv_conf
+ 
+         if [ -n "$new_domain_name" ]; then
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch b/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
new file mode 100644
index 0000000000..feb0754fff
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
@@ -0,0 +1,62 @@
+From 7107511fd209f08f9a96f8938041ae48f3295895 Mon Sep 17 00:00:00 2001
+From: Christopher Larson <chris_larson@mentor.com>
+Date: Tue, 15 Aug 2017 16:17:49 +0800
+Subject: [PATCH 07/11] Add configure argument to make the libxml2 dependency
+ explicit and determinisitic.
+
+Upstream-Status: Pending
+
+Signed-off-by: Christopher Larson <chris_larson@mentor.com>
+
+Rebase to 4.3.6
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ configure.ac | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+Index: dhcp-4.4.1/configure.ac
+===================================================================
+--- dhcp-4.4.1.orig/configure.ac
++++ dhcp-4.4.1/configure.ac
+@@ -642,6 +642,17 @@ if test "$have_nanosleep" = "rt"; then
+ 	LIBS="-lrt $LIBS"
+ fi
+ 
++AC_ARG_WITH(libxml2,
++	AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
++	with_libxml2="$withval", with_libxml2="no")
++
++if test x$with_libxml2 != xno; then
++	AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
++		[if test x$with_libxml2 != xauto; then
++			AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
++		fi])
++fi
++
+ # check for /dev/random (declares HAVE_DEV_RANDOM)
+ AC_MSG_CHECKING(for random device)
+ AC_ARG_WITH(randomdev,
+Index: dhcp-4.4.1/configure.ac+lt
+===================================================================
+--- dhcp-4.4.1.orig/configure.ac+lt
++++ dhcp-4.4.1/configure.ac+lt
+@@ -909,6 +909,18 @@ elif test "$want_libtool" = "yes" -a "$u
+ fi
+ AM_CONDITIONAL(INSTALL_BIND, test "$want_install_bind" = "yes")
+ 
++AC_ARG_WITH(libxml2,
++	AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
++	with_libxml2="$withval", with_libxml2="no")
++
++if test x$with_libxml2 != xno; then
++	AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],,
++		[if test x$with_libxml2 != xauto; then
++			AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
++		fi])
++fi
++
++
+ # OpenLDAP support.
+ AC_ARG_WITH(ldap,
+     AS_HELP_STRING([--with-ldap],[enable OpenLDAP support in dhcpd (default is no)]),
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch b/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
new file mode 100644
index 0000000000..912b6d6312
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
@@ -0,0 +1,28 @@
+From f3f8b7726e50e24ef3edf5fa5a17e31d39118d7e Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <armccurdy@gmail.com>
+Date: Tue, 15 Aug 2017 15:49:31 +0800
+Subject: [PATCH 09/11] remove dhclient-script bash dependency
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+
+Rebase to 4.3.6
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ client/scripts/linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/client/scripts/linux b/client/scripts/linux
+index 3122a75..1712d7d 100755
+--- a/client/scripts/linux
++++ b/client/scripts/linux
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ # dhclient-script for Linux. Dan Halbert, March, 1997.
+ # Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
+ # No guarantees about this. I'm a novice at the details of Linux
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch b/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
new file mode 100644
index 0000000000..39ba65fbc4
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
@@ -0,0 +1,34 @@
+From 501543b3ef715488a142e3d301ff2733aa33eec7 Mon Sep 17 00:00:00 2001
+From: Awais Belal <awais_belal@mentor.com>
+Date: Wed, 25 Oct 2017 21:00:05 +0500
+Subject: [PATCH] dhcp: correct the intention for xml2 lib search
+
+A missing case breaks the build when libxml2 is
+required and found appropriately. The third argument
+to the function AC_SEARCH_LIB is action-if-found which
+was mistakenly been used for the case where the library
+is not found and hence breaks the configure phase
+where it shoud actually pass.
+We now pass on silently when action-if-found is
+executed.
+
+Upstream-Status: Pending
+
+Signed-off-by: Awais Belal <awais_belal@mentor.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: dhcp-4.4.1/configure.ac
+===================================================================
+--- dhcp-4.4.1.orig/configure.ac
++++ dhcp-4.4.1/configure.ac
+@@ -647,7 +647,7 @@ AC_ARG_WITH(libxml2,
+ 	with_libxml2="$withval", with_libxml2="no")
+ 
+ if test x$with_libxml2 != xno; then
+-	AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
++	AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],,
+ 		[if test x$with_libxml2 != xauto; then
+ 			AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
+ 		fi])
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch b/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
new file mode 100644
index 0000000000..fcec010bd0
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
@@ -0,0 +1,64 @@
+lib and include path is hardcoded for use_libbind 
+
+use libdir and includedir vars
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: dhcp-4.4.1/configure.ac+lt
+===================================================================
+--- dhcp-4.4.1.orig/configure.ac+lt
++++ dhcp-4.4.1/configure.ac+lt
+@@ -801,22 +801,22 @@ no)
+ 	if test ! -d "$use_libbind"; then
+ 		AC_MSG_ERROR([Cannot find bind directory at $use_libbind])
+ 	fi
+-	if test ! -d "$use_libbind/include" -o \
+-	        ! -f "$use_libbind/include/isc/buffer.h"
++	if test ! -d "$use_libbind/$includedir" -o \
++	        ! -f "$use_libbind/$includedir/isc/buffer.h"
+ 	then
+-		AC_MSG_ERROR([Cannot find bind includes at $use_libbind/include])
++		AC_MSG_ERROR([Cannot find bind includes at $use_libbind/$includedir])
+ 	fi
+-	if test	! -d "$use_libbind/lib" -o \
+-	        \( ! -f "$use_libbind/lib/libisc.a" -a \
+-		   ! -f	"$use_libbind/lib/libisc.la" \)
++	if test	! -d "$use_libbind/$libdir" -o \
++	        \( ! -f "$use_libbind/$libdir/libisc.a" -a \
++		   ! -f	"$use_libbind/$libdir/libisc.la" \)
+ 	then
+-		AC_MSG_ERROR([Cannot find bind libraries at $use_libbind/lib])
++		AC_MSG_ERROR([Cannot find bind libraries at $use_libbind/$libdir])
+ 	fi
+ 	BINDDIR="$use_libbind"
+-	BINDLIBIRSDIR="$BINDDIR/lib"
+-	BINDLIBDNSDIR="$BINDDIR/lib"
+-	BINDLIBISCCFGDIR="$BINDDIR/lib"
+-	BINDLIBISCDIR="$BINDDIR/lib"	
++	BINDLIBIRSDIR="$BINDDIR/$libdir"
++	BINDLIBDNSDIR="$BINDDIR/$libdir"
++	BINDLIBISCCFGDIR="$BINDDIR/$libdir"
++	BINDLIBISCDIR="$BINDDIR/$libdir"
+ 	DISTCHECK_LIBBIND_CONFIGURE_FLAG="--with-libbind=$use_libbind"
+ 	;;
+ esac
+@@ -856,14 +856,14 @@ AC_ARG_ENABLE(libtool,
+ 
+ if test "$use_libbind" != "no"; then
+ 	if test "$want_libtool" = "yes" -a \
+-	        ! -f "$use_libbind/lib/libisc.la"
++	        ! -f "$use_libbind/$libdir/libisc.la"
+ 	then
+-		AC_MSG_ERROR([Cannot find dynamic libraries at $use_libbind/lib])
++		AC_MSG_ERROR([Cannot find dynamic libraries at $use_libbind/$libdir])
+ 	fi
+ 	if test "$want_libtool" = "no" -a \
+-	        ! -f "$use_libbind/lib/libisc.a"
++	        ! -f "$use_libbind/$libdir/libisc.a"
+ 	then
+-		AC_MSG_ERROR([Cannot find static libraries at $use_libbind/lib])
++		AC_MSG_ERROR([Cannot find static libraries at $use_libbind/$libdir])
+ 	fi
+ fi
+ 
diff --git a/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch b/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
deleted file mode 100644
index 96095a5e08..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/dhclient-script-drop-resolv.conf.dhclient.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-dhcp-client: fix invoke dhclient-script failed on Read-only file system
-
-In read-only file system, '/etc' is on the readonly partition,
-and '/etc/resolv.conf' is symlinked to a separate writable
-partition.
-
-In this situation, we should use shell variable to instead of
-temp files '/etc/resolv.conf.dhclient' and '/etc/resolv.conf.dhclient6'.
-
-Upstream-Status: Pending
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/scripts/linux | 20 +++++++++-----------
- 1 file changed, 9 insertions(+), 11 deletions(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -27,27 +27,25 @@ ip=/sbin/ip
- 
- make_resolv_conf() {
-   if [ x"$new_domain_name_servers" != x ]; then
--    cat /dev/null > /etc/resolv.conf.dhclient
--    chmod 644 /etc/resolv.conf.dhclient
-+    resolv_conf=""
-     if [ x"$new_domain_search" != x ]; then
--      echo search $new_domain_search >> /etc/resolv.conf.dhclient
-+      resolv_conf="search ${new_domain_search}\n"
-     elif [ x"$new_domain_name" != x ]; then
-       # Note that the DHCP 'Domain Name Option' is really just a domain
-       # name, and that this practice of using the domain name option as
-       # a search path is both nonstandard and deprecated.
--      echo search $new_domain_name >> /etc/resolv.conf.dhclient
-+      resolv_conf="search ${new_domain_name}\n"
-     fi
-     for nameserver in $new_domain_name_servers; do
--      echo nameserver $nameserver >>/etc/resolv.conf.dhclient
-+      resolv_conf="${resolv_conf}nameserver ${nameserver}\n"
-     done
- 
--    mv /etc/resolv.conf.dhclient /etc/resolv.conf
-+    echo -e "${resolv_conf}" > /etc/resolv.conf
-   elif [ "x${new_dhcp6_name_servers}" != x ] ; then
--    cat /dev/null > /etc/resolv.conf.dhclient6
--    chmod 644 /etc/resolv.conf.dhclient6
-+    resolv_conf=""
- 
-     if [ "x${new_dhcp6_domain_search}" != x ] ; then
--      echo search ${new_dhcp6_domain_search} >> /etc/resolv.conf.dhclient6
-+      resolv_conf="search ${new_dhcp6_domain_search}\n"
-     fi
-     shopt -s nocasematch 
-     for nameserver in ${new_dhcp6_name_servers} ; do
-@@ -59,11 +57,11 @@ make_resolv_conf() {
-       else
- 	zone_id=
-       fi
--      echo nameserver ${nameserver}$zone_id >> /etc/resolv.conf.dhclient6
-+      resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n"
-     done
-     shopt -u nocasematch 
- 
--    mv /etc/resolv.conf.dhclient6 /etc/resolv.conf
-+    echo -e "${resolv_conf}" > /etc/resolv.conf
-   fi
- }
- 
--- 
-2.8.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch b/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch
deleted file mode 100644
index b4a666d106..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/dhcp-3.0.3-dhclient-dbus.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Upstream-Status: Inappropriate [distribution]
-
---- client/scripts/bsdos
-+++ client/scripts/bsdos
-@@ -47,6 +47,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/freebsd
-+++ client/scripts/freebsd
-@@ -57,6 +57,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/linux
-+++ client/scripts/linux
-@@ -69,6 +69,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/netbsd
-+++ client/scripts/netbsd
-@@ -47,6 +47,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/openbsd
-+++ client/scripts/openbsd
-@@ -47,6 +47,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
---- client/scripts/solaris
-+++ client/scripts/solaris
-@@ -47,6 +47,11 @@
-     . /etc/dhcp/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
diff --git a/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch b/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
deleted file mode 100644
index 2f44147ad6..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/fixsepbuild.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-Fix out of tree builds
-
-Upstream-Status: Pending
-
-RP 2013/03/21
-
-Rebase to 4.3.4
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/Makefile.am  | 4 ++--
- common/Makefile.am  | 3 ++-
- dhcpctl/Makefile.am | 2 ++
- omapip/Makefile.am  | 1 +
- relay/Makefile.am   | 2 +-
- server/Makefile.am  | 2 +-
- 6 files changed, 9 insertions(+), 5 deletions(-)
-
-diff --git a/client/Makefile.am b/client/Makefile.am
-index 2cb83d8..4730bb3 100644
---- a/client/Makefile.am
-+++ b/client/Makefile.am
-@@ -7,11 +7,11 @@ SUBDIRS = . tests
- BINDLIBDIR = @BINDDIR@/lib
- 
- AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
--	      -DLOCALSTATEDIR='"$(localstatedir)"'
-+	      -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
- 
- dist_sysconf_DATA = dhclient.conf.example
- sbin_PROGRAMS = dhclient
--dhclient_SOURCES = clparse.c dhclient.c dhc6.c \
-+dhclient_SOURCES = $(srcdir)/clparse.c $(srcdir)/dhclient.c $(srcdir)/dhc6.c \
- 		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
- 		   scripts/netbsd scripts/nextstep scripts/openbsd \
- 		   scripts/solaris scripts/openwrt
-diff --git a/common/Makefile.am b/common/Makefile.am
-index 113aee8..0f24fbb 100644
---- a/common/Makefile.am
-+++ b/common/Makefile.am
-@@ -1,4 +1,5 @@
--AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
-+
- AM_CFLAGS = $(LDAP_CFLAGS)
- 
- noinst_LIBRARIES = libdhcp.a
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index ceb0de1..ba8dd8b 100644
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
-@@ -1,5 +1,7 @@
- BINDLIBDIR = @BINDDIR@/lib
- 
-+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
-+
- bin_PROGRAMS = omshell
- lib_LIBRARIES = libdhcpctl.a
- noinst_PROGRAMS = cltest
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index 446a594..dd1afa0 100644
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
-@@ -1,4 +1,5 @@
- BINDLIBDIR = @BINDDIR@/lib
-+AM_CPPFLAGS = -I$(top_srcdir)/includes
- 
- lib_LIBRARIES = libomapi.a
- noinst_PROGRAMS = svtest
-diff --git a/relay/Makefile.am b/relay/Makefile.am
-index 3060eca..6d652f6 100644
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
-@@ -1,6 +1,6 @@
- BINDLIBDIR = @BINDDIR@/lib
- 
--AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
- sbin_PROGRAMS = dhcrelay
- dhcrelay_SOURCES = dhcrelay.c
-diff --git a/server/Makefile.am b/server/Makefile.am
-index 54feedf..3990b9c 100644
---- a/server/Makefile.am
-+++ b/server/Makefile.am
-@@ -6,7 +6,7 @@ SUBDIRS = . tests
- 
- BINDLIBDIR = @BINDDIR@/lib
- 
--AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
- dist_sysconf_DATA = dhcpd.conf.example
- sbin_PROGRAMS = dhcpd
--- 
-2.8.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch b/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch
deleted file mode 100644
index 14356621c0..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/libxml2-configure-argument.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Add configure argument to make the libxml2 dependency explicit and
-determinisitic.
-
-Upstream-Status: Pending
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-
-Rebase to 4.3.4
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- configure.ac | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 726c88e..1684df1 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -718,7 +718,16 @@ AC_SUBST(BINDSRCDIR)
- 
- # We need to find libxml2 if bind was built with support enabled
- # otherwise we'll fail to build omapip/test.c
--AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],)
-+AC_ARG_WITH(libxml2,
-+	AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
-+	with_libxml2="$withval", with_libxml2="no")
-+
-+if test x$with_libxml2 != xno; then
-+    AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
-+                   [if test x$with_libxml2 != xauto; then
-+                        AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
-+                    fi])
-+fi
- 
- # OpenLDAP support.
- AC_ARG_WITH(ldap,
--- 
-2.8.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch b/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch
deleted file mode 100644
index 997b9f6ba9..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/remove-dhclient-script-bash-dependency.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 8aed2a9ff09cb0d584ad0a7340fe3a596879d9b1 Mon Sep 17 00:00:00 2001
-From: Andre McCurdy <armccurdy@gmail.com>
-Date: Thu, 21 Jul 2016 19:07:02 -0700
-Subject: [PATCH] remove dhclient-script bash dependency
-
-Take the dash compatible IPv6 link-local address test from the Debian
-version of dhclient-script.
-
-Note that although "echo -e" in the OE version of dhclient-script is
-technically bash specific too, it is supported by Busybox echo when
-Busybox is configured with CONFIG_FEATURE_FANCY_ECHO enabled (which
-is the default in the OE Busybox defconfig) therefore leave as-is.
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
----
- client/scripts/linux | 7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
-index 232a0aa..1383f46 100755
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
- # dhclient-script for Linux. Dan Halbert, March, 1997.
- # Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
- # No guarantees about this. I'm a novice at the details of Linux
-@@ -47,11 +47,11 @@ make_resolv_conf() {
-     if [ "x${new_dhcp6_domain_search}" != x ] ; then
-       resolv_conf="search ${new_dhcp6_domain_search}\n"
-     fi
--    shopt -s nocasematch 
-     for nameserver in ${new_dhcp6_name_servers} ; do
-       # If the nameserver has a link-local address
-       # add a <zone_id> (interface name) to it.
--      if  [[ "$nameserver" =~ ^fe80:: ]]
-+      if [ "${nameserver##fe80::}" != "$nameserver" ] ||
-+         [ "${nameserver##FE80::}" != "$nameserver" ]
-       then
- 	zone_id="%$interface"
-       else
-@@ -59,7 +59,6 @@ make_resolv_conf() {
-       fi
-       resolv_conf="${resolv_conf}nameserver ${nameserver}$zone_id\n"
-     done
--    shopt -u nocasematch 
- 
-     echo -e "${resolv_conf}" > /etc/resolv.conf
-   fi
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch b/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
deleted file mode 100644
index d84df5cd34..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/replace-ifconfig-route.patch
+++ /dev/null
@@ -1,188 +0,0 @@
-Found this patch here:
-https://lists.isc.org/pipermail/dhcp-users/2011-January/012910.html
-
-and made some adjustments/updates to make it work with this version.
-Wasn't able to find that why this patch was not accepted by ISC DHCP developers.
-
-Upstream-Status: Pending
-
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
-Rebase to 4.3.4
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/scripts/linux | 82 ++++++++++++++++++++++++++++------------------------
- 1 file changed, 45 insertions(+), 37 deletions(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
-index a02cfd9..232a0aa 100755
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -101,17 +101,11 @@ fi
- if [ x$old_broadcast_address != x ]; then
-   old_broadcast_arg="broadcast $old_broadcast_address"
- fi
--if [ x$new_subnet_mask != x ]; then
--  new_subnet_arg="netmask $new_subnet_mask"
-+if [ -n "$new_subnet_mask" ]; then
-+    new_mask="/$new_subnet_mask"
- fi
--if [ x$old_subnet_mask != x ]; then
--  old_subnet_arg="netmask $old_subnet_mask"
--fi
--if [ x$alias_subnet_mask != x ]; then
--  alias_subnet_arg="netmask $alias_subnet_mask"
--fi
--if [ x$new_interface_mtu != x ]; then
--  mtu_arg="mtu $new_interface_mtu"
-+if [ -n "$alias_subnet_mask" ]; then
-+    alias_mask="/$alias_subnet_mask"
- fi
- if [ x$IF_METRIC != x ]; then
-   metric_arg="metric $IF_METRIC"
-@@ -125,9 +119,9 @@ fi
- if [ x$reason = xPREINIT ]; then
-   if [ x$alias_ip_address != x ]; then
-     # Bring down alias interface. Its routes will disappear too.
--    ifconfig $interface:0- inet 0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-   fi
--  ifconfig $interface 0 up
-+  ${ip} link set dev ${interface} up
- 
-   # We need to give the kernel some time to get the interface up.
-   sleep 1
-@@ -154,25 +148,30 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
-   if [ x$old_ip_address != x ] && [ x$alias_ip_address != x ] && \
- 		[ x$alias_ip_address != x$old_ip_address ]; then
-     # Possible new alias. Remove old alias.
--    ifconfig $interface:0- inet 0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-   fi
-   if [ x$old_ip_address != x ] && [ x$old_ip_address != x$new_ip_address ]; then
-     # IP address changed. Bringing down the interface will delete all routes,
-     # and clear the ARP cache.
--    ifconfig $interface inet 0 down
-+    ${ip} -4 addr flush dev ${interface} label ${interface}
- 
-   fi
-   if [ x$old_ip_address = x ] || [ x$old_ip_address != x$new_ip_address ] || \
-      [ x$reason = xBOUND ] || [ x$reason = xREBOOT ]; then
- 
--    ifconfig $interface inet $new_ip_address $new_subnet_arg \
--					$new_broadcast_arg $mtu_arg
-+    ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \
-+                dev ${interface} label ${interface}
-+    if [ -n "$new_interface_mtu" ]; then
-+      # set MTU
-+      ${ip} link set dev ${interface} mtu ${new_interface_mtu}
-+    fi
-     # Add a network route to the computed network address.
-     for router in $new_routers; do
-       if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
--	route add -host $router dev $interface
-+        ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
-       fi
--      route add default gw $router $metric_arg dev $interface
-+      ${ip} -4 route add default via ${router} dev ${interface} \
-+        ${metric_arg} >/dev/null 2>&1
-     done
-   else
-     # we haven't changed the address, have we changed other options           
-@@ -180,21 +179,23 @@ if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
-     if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ] ; then
-       # if we've changed routers delete the old and add the new.
-       for router in $old_routers; do
--        route del default gw $router
-+        ${ip} -4 route delete default via ${router}
-       done
-       for router in $new_routers; do
-         if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
--	  route add -host $router dev $interface
--	fi
--	route add default gw $router $metric_arg dev $interface
-+	      ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
-+	    fi
-+        ${ip} -4 route add default via ${router} dev ${interface} \
-+          ${metric_arg} >/dev/null 2>&1
-       done
-     fi
-   fi
-   if [ x$new_ip_address != x$alias_ip_address ] && [ x$alias_ip_address != x ];
-    then
--    ifconfig $interface:0- inet 0
--    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--    route add -host $alias_ip_address $interface:0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-+    ${ip} -4 addr add ${alias_ip_address}${alias_mask} \
-+        dev ${interface} label ${interface}:0
-+    ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
-   fi
-   make_resolv_conf
-   exit_with_hooks 0
-@@ -204,42 +205,49 @@ if [ x$reason = xEXPIRE ] || [ x$reason = xFAIL ] || [ x$reason = xRELEASE ] \
-    || [ x$reason = xSTOP ]; then
-   if [ x$alias_ip_address != x ]; then
-     # Turn off alias interface.
--    ifconfig $interface:0- inet 0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-   fi
-   if [ x$old_ip_address != x ]; then
-     # Shut down interface, which will delete routes and clear arp cache.
--    ifconfig $interface inet 0 down
-+    ${ip} -4 addr flush dev ${interface} label ${interface}
-   fi
-   if [ x$alias_ip_address != x ]; then
--    ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--    route add -host $alias_ip_address $interface:0
-+    ${ip} -4 addr add ${alias_ip_address}${alias_network_arg} \
-+        dev ${interface} label ${interface}:0
-+    ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
-   fi
-   exit_with_hooks 0
- fi
- 
- if [ x$reason = xTIMEOUT ]; then
-   if [ x$alias_ip_address != x ]; then
--    ifconfig $interface:0- inet 0
-+    ${ip} -4 addr flush dev ${interface} label ${interface}:0
-+  fi
-+  ${ip} -4 addr add ${new_ip_address}${new_mask} ${new_broadcast_arg} \
-+            dev ${interface} label ${interface}
-+  if [ -n "$new_interface_mtu" ]; then
-+    # set MTU
-+    ip link set dev ${interface} mtu ${new_interface_mtu}
-   fi
--  ifconfig $interface inet $new_ip_address $new_subnet_arg \
--					$new_broadcast_arg $mtu_arg
-   set $new_routers
-   if ping -q -c 1 $1; then
-     if [ x$new_ip_address != x$alias_ip_address ] && \
- 			[ x$alias_ip_address != x ]; then
--      ifconfig $interface:0 inet $alias_ip_address $alias_subnet_arg
--      route add -host $alias_ip_address dev $interface:0
-+      ${ip} -4 addr add ${alias_ip_address}${alias_mask} \
-+            dev ${interface} label ${interface}:0
-+      ${ip} -4 route add ${alias_ip_address} dev ${interface} >/dev/null 2>&1
-     fi
-     for router in $new_routers; do
-       if [ "x$new_subnet_mask" = "x255.255.255.255" ] ; then
--	route add -host $router dev $interface
-+	    ${ip} -4 route add ${router} dev $interface >/dev/null 2>&1
-       fi
--      route add default gw $router $metric_arg dev $interface
-+      ${ip} -4 route add default via ${router} dev ${interface} \
-+        ${metric_arg} >/dev/null 2>&1
-     done
-     make_resolv_conf
-     exit_with_hooks 0
-   fi
--  ifconfig $interface inet 0 down
-+  ${ip} -4 addr flush dev ${interface}
-   exit_with_hooks 1
- fi
- 
--- 
-2.8.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch b/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch
deleted file mode 100644
index a08a5b725f..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/search-for-libxml2.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-libdns requires libxml2 if bind was built with libxml2 support
-enabled. Compilation will fail for omapip/test.c in case
-lxml2 isn't used during the build. So, we add losely coupled
-search path which will pick up the lib if it is present.
-
-Signed-off-by: Awais Belal <awais_belal@mentor.com>
-Upstream-Status: Pending
-
-diff --git a/configure.ac b/configure.ac
-index c9dc8b5..85f59be 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -602,6 +602,10 @@ no)
- esac
- AC_SUBST([libbind])
- 
-+# We need to find libxml2 if bind was built with support enabled
-+# otherwise we'll fail to build omapip/test.c
-+AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],)
-+
- # OpenLDAP support.
- AC_ARG_WITH(ldap,
-     AS_HELP_STRING([--with-ldap],[enable OpenLDAP support in dhcpd (default is no)]),
diff --git a/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch b/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch
deleted file mode 100644
index 03c6abb799..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/tweak-to-support-external-bind.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From ad7bb401f47714fc30c408853b796ce0f1c7e65f Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 11 Jun 2016 22:51:44 -0400
-Subject: [PATCH] tweak to support external bind
-
-Tweak the external bind to oe-core's sysroot rather than
-external bind source build.
-
-Upstream-Status: Inappropriate <oe-core specific>
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/Makefile.am       | 2 +-
- client/tests/Makefile.am | 2 +-
- common/tests/Makefile.am | 2 +-
- dhcpctl/Makefile.am      | 2 +-
- omapip/Makefile.am       | 2 +-
- relay/Makefile.am        | 2 +-
- server/Makefile.am       | 2 +-
- server/tests/Makefile.am | 2 +-
- 8 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/client/Makefile.am b/client/Makefile.am
-index 4730bb3..84d8131 100644
---- a/client/Makefile.am
-+++ b/client/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"' \
- 	      -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
-diff --git a/client/tests/Makefile.am b/client/tests/Makefile.am
-index da69ea9..fe35e57 100644
---- a/client/tests/Makefile.am
-+++ b/client/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
- AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
-diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am
-index f8d6b0e..05cd9c1 100644
---- a/common/tests/Makefile.am
-+++ b/common/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = $(ATF_CFLAGS) -I$(top_srcdir)/includes
- 
-diff --git a/dhcpctl/Makefile.am b/dhcpctl/Makefile.am
-index ba8dd8b..9b2486e 100644
---- a/dhcpctl/Makefile.am
-+++ b/dhcpctl/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
- 
-diff --git a/omapip/Makefile.am b/omapip/Makefile.am
-index dd1afa0..e4a8599 100644
---- a/omapip/Makefile.am
-+++ b/omapip/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- AM_CPPFLAGS = -I$(top_srcdir)/includes
- 
- lib_LIBRARIES = libomapi.a
-diff --git a/relay/Makefile.am b/relay/Makefile.am
-index 6d652f6..b3bf578 100644
---- a/relay/Makefile.am
-+++ b/relay/Makefile.am
-@@ -1,4 +1,4 @@
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
-diff --git a/server/Makefile.am b/server/Makefile.am
-index 3990b9c..b5d8c2d 100644
---- a/server/Makefile.am
-+++ b/server/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
-diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
-index 65a9f74..2892309 100644
---- a/server/tests/Makefile.am
-+++ b/server/tests/Makefile.am
-@@ -1,6 +1,6 @@
- SUBDIRS = .
- 
--BINDLIBDIR = @BINDDIR@/lib
-+BINDLIBDIR = @BINDDIR@
- 
- AM_CPPFLAGS = $(ATF_CFLAGS) -DUNIT_TEST -I$(top_srcdir)/includes
- AM_CPPFLAGS += -I@BINDDIR@/include -I$(top_srcdir)
--- 
-2.8.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.4.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.4.bb
deleted file mode 100644
index 4151eb1836..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.4.bb
+++ /dev/null
@@ -1,18 +0,0 @@
-require dhcp.inc
-
-SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
-            file://link-with-lcrypto.patch \
-            file://fixsepbuild.patch \
-            file://dhclient-script-drop-resolv.conf.dhclient.patch \
-            file://replace-ifconfig-route.patch \
-            file://0001-site.h-enable-gentle-shutdown.patch \
-            file://libxml2-configure-argument.patch \
-            file://tweak-to-support-external-bind.patch \
-            file://remove-dhclient-script-bash-dependency.patch \
-           "
-
-SRC_URI[md5sum] = "0138319fe2b788cf4bdf34fbeaf9ff54"
-SRC_URI[sha256sum] = "f5115aee3dd3e6925de4ba47b80ab732ba48b481c8364b6ebade2d43698d607e"
-
-PACKAGECONFIG ?= ""
-PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2"
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
new file mode 100644
index 0000000000..020777b8f2
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
@@ -0,0 +1,23 @@
+require dhcp.inc
+
+SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \
+            file://0002-dhclient-dbus.patch \
+            file://0003-link-with-lcrypto.patch \
+            file://0004-Fix-out-of-tree-builds.patch \
+            file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \
+            file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \
+            file://0009-remove-dhclient-script-bash-dependency.patch \
+            file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
+            file://0013-fixup_use_libbind.patch \
+            file://0001-master-Added-includes-of-new-BIND9-compatibility-hea.patch \
+            file://0001-Fix-a-NSUPDATE-compiling-issue.patch \
+            file://0001-workaround-busybox-limitation-in-linux-dhclient-script.patch \
+"
+
+SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"
+SRC_URI[sha256sum] = "2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608"
+
+LDFLAGS_append = " -pthread"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2"
diff --git a/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper b/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
new file mode 100644
index 0000000000..7d0e224a1d
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+# In case the interface is used for nfs, skip it.
+nfsroot=0
+interfaces=""
+exec 9<&0 < /proc/mounts
+while read dev mtpt fstype rest; do
+    if test $mtpt = "/" ; then
+        case $fstype in
+            nfs | nfs4)
+                nfsroot=1
+                nfs_addr=`echo $rest | sed -e 's/^.*addr=\([0-9.]*\).*$/\1/'`
+                break
+                ;;
+            *)
+                ;;
+        esac
+    fi
+done
+exec 0<&9 9<&-
+
+if [ $nfsroot -eq 0 ]; then
+    interfaces="$INTERFACES"
+else
+    if [ -x /bin/ip -o -x /sbin/ip ] ; then
+	nfs_iface=`ip route get $nfs_addr | grep dev | sed -e 's/^.*dev \([-a-z0-9.]*\).*$/\1/'`
+    fi
+    for i in $INTERFACES; do
+	if test "x$i" = "x$nfs_iface"; then
+            echo "dhclient skipping nfsroot interface $i"
+	else
+	    interfaces="$interfaces $i"
+	fi
+    done
+fi
+
+if test "x$interfaces" != "x"; then
+    /sbin/dhclient -d -cf /etc/dhcp/dhclient.conf -q -lf /var/lib/dhcp/dhclient.leases $interfaces
+fi
diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.service b/meta/recipes-connectivity/dhcp/files/dhclient.service
new file mode 100644
index 0000000000..9ddb4d1dfe
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/files/dhclient.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Dynamic Host Configuration Protocol (DHCP)
+Wants=network.target
+Before=network.target
+After=systemd-udevd.service
+
+[Service]
+EnvironmentFile=-@SYSCONFDIR@/default/dhcp-client
+ExecStart=@BASE_SBINDIR@/dhclient-systemd-wrapper
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd6.service b/meta/recipes-connectivity/dhcp/files/dhcpd6.service
index ca96abb838..52a6224dc2 100644
--- a/meta/recipes-connectivity/dhcp/files/dhcpd6.service
+++ b/meta/recipes-connectivity/dhcp/files/dhcpd6.service
@@ -9,7 +9,7 @@ PIDFile=@localstatedir@/run/dhcpd6.pid
 EnvironmentFile=@SYSCONFDIR@/default/dhcp-server
 EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcpd6
 ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd6.leases
-ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES
+ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd6.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
new file mode 100644
index 0000000000..d4764f5867
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-rcp-fix-to-work-with-large-files.patch
@@ -0,0 +1,31 @@
+Upstream-Status: Pending
+
+Subject: rcp: fix to work with large files
+
+When we copy file by rcp command, if the file > 2GB, it will fail.
+The cause is that it used incorrect data type on file size in sink() of rcp.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ src/rcp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/rcp.c b/src/rcp.c
+index 21f55b6..bafa35f 100644
+--- a/src/rcp.c
++++ b/src/rcp.c
+@@ -876,9 +876,9 @@ sink (int argc, char *argv[])
+   enum
+   { YES, NO, DISPLAYED } wrerr;
+   BUF *bp;
+-  off_t i, j;
++  off_t i, j, size;
+   int amt, count, exists, first, mask, mode, ofd, omode;
+-  int setimes, size, targisdir, wrerrno;
++  int setimes, targisdir, wrerrno;
+   char ch, *cp, *np, *targ, *vect[1], buf[BUFSIZ];
+   const char *why;
+ 
+-- 
+1.9.1
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
new file mode 100644
index 0000000000..a91913cb51
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
@@ -0,0 +1,25 @@
+tftpd: Fix abort on error path
+
+When trying to fetch a non existent file, the app crashes with:
+
+*** buffer overflow detected ***: 
+Aborted
+
+
+Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205]
+Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
+diff --git a/src/tftpd.c b/src/tftpd.c
+index 56002a0..144012f 100644
+--- a/src/tftpd.c
++++ b/src/tftpd.c
+@@ -864,9 +864,8 @@ nak (int error)
+       pe->e_msg = strerror (error - 100);
+       tp->th_code = EUNDEF;	/* set 'undef' errorcode */
+     }
+-  strcpy (tp->th_msg, pe->e_msg);
+   length = strlen (pe->e_msg);
+-  tp->th_msg[length] = '\0';
++  memcpy(tp->th_msg, pe->e_msg, length + 1);
+   length += 5;
+   if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length)
+     syslog (LOG_ERR, "nak: %m\n");
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
new file mode 100644
index 0000000000..24c134fcac
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
@@ -0,0 +1,83 @@
+Upstream: http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ ping/ping_common.h | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/ping/ping_common.h b/ping/ping_common.h
+index 1dfd1b5..3bfbd12 100644
+--- a/ping/ping_common.h
++++ b/ping/ping_common.h
+@@ -17,10 +17,14 @@
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see `http://www.gnu.org/licenses/'. */
+ 
++#include <config.h>
++
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>
+ #include <netinet/ip.h>
++#ifdef HAVE_IPV6
+ #include <netinet/icmp6.h>
++#endif
+ #include <icmp.h>
+ #include <error.h>
+ #include <progname.h>
+@@ -62,7 +66,12 @@ struct ping_stat
+    want to follow the traditional behaviour of ping.  */
+ #define DEFAULT_PING_COUNT 0
+ 
++#ifdef HAVE_IPV6
+ #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
++#else
++#define PING_HEADER_LEN (ICMP_MINLEN)
++#endif
++
+ #define PING_TIMING(s)  ((s) >= sizeof (struct timeval))
+ #define PING_DATALEN    (64 - PING_HEADER_LEN)  /* default data length */
+ 
+@@ -74,13 +83,20 @@ struct ping_stat
+   (t).tv_usec = ((i)%PING_PRECISION)*(1000000/PING_PRECISION) ;\
+ } while (0)
+ 
++#ifdef HAVE_IPV6
+ /* FIXME: Adjust IPv6 case for options and their consumption.  */
+ #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
+ 				   (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
+ 
++#else
++#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
++#endif
++
++#ifdef HAVE_IPV6
+ typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
+ 			  struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
+ 			  int datalen);
++#endif
+ 
+ typedef int (*ping_efp) (int code,
+ 			 void *closure,
+@@ -89,13 +105,17 @@ typedef int (*ping_efp) (int code,
+ 			 struct ip * ip, icmphdr_t * icmp, int datalen);
+ 
+ union event {
++#ifdef HAVE_IPV6
+   ping_efp6 handler6;
++#endif
+   ping_efp handler;
+ };
+ 
+ union ping_address {
+   struct sockaddr_in ping_sockaddr;
++#ifdef HAVE_IPV6
+   struct sockaddr_in6 ping_sockaddr6;
++#endif
+ };
+ 
+ typedef struct ping_data PING;
+-- 
+2.8.3
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
new file mode 100644
index 0000000000..3da4e9f55a
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
@@ -0,0 +1,29 @@
+From 552a7d64ad4a7188a9b7cd89933ae7caf7ebfe90 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier at gentoo.org>
+Date: Thu, 18 Nov 2010 16:59:14 -0500
+Subject: [PATCH gnulib] printf-parse: pull in features.h for __GLIBC__
+
+Upstream-Status: Pending
+
+Signed-off-by: Mike Frysinger <vapier at gentoo.org>
+---
+ lib/printf-parse.h |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/lib/printf-parse.h b/lib/printf-parse.h
+index 67a4a2a..3bd6152 100644
+--- a/lib/printf-parse.h
++++ b/lib/printf-parse.h
+@@ -25,6 +25,9 @@
+ 
+ #include "printf-args.h"
+ 
++#ifdef HAVE_FEATURES_H
++# include <features.h>	/* for __GLIBC__ */
++#endif
+ 
+ /* Flags */
+ #define FLAG_GROUP       1      /* ' flag */
+-- 
+1.7.3.2
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
new file mode 100644
index 0000000000..b13bb9229f
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
@@ -0,0 +1,14 @@
+Upstream-Status: Pending
+
+--- inetutils-1.8/lib/wchar.in.h
++++ inetutils-1.8/lib/wchar.in.h
+@@ -70,6 +70,9 @@
+ /* The include_next requires a split double-inclusion guard.  */
+ #if @HAVE_WCHAR_H@
+ # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
++#else
++# include <stddef.h>
++# define MB_CUR_MAX 1
+ #endif
+ 
+ #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
new file mode 100644
index 0000000000..2592989a90
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
@@ -0,0 +1,26 @@
+inetutils: define PATH_PROCNET_DEV if not already defined
+
+this prevents the following compilation error :
+system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
+
+this patch comes from :
+ http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
+
+Upstream-Status: Inappropriate [not author]
+
+Signed-of-by: Eric Bénard <eric@eukrea.com>
+---
+diff -Naur inetutils-1.9.orig/ifconfig/system/linux.c inetutils-1.9/ifconfig/system/linux.c
+--- inetutils-1.9.orig/ifconfig/system/linux.c	2012-01-04 16:31:36.000000000 -0500
++++ inetutils-1.9/ifconfig/system/linux.c	2012-01-04 16:40:53.000000000 -0500
+@@ -49,6 +49,10 @@
+ #include "../ifconfig.h"
+ 
+ 
++#ifndef PATH_PROCNET_DEV
++  #define PATH_PROCNET_DEV "/proc/net/dev"
++#endif
++
+ /* ARPHRD stuff.  */
+ 
+ static void
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
new file mode 100644
index 0000000000..ff3abd86aa
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
@@ -0,0 +1,40 @@
+Only check security/pam_appl.h which is provided by package libpam when pam is
+enabled.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+diff --git a/configure.ac b/configure.ac
+index b35e672..e78a751 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -195,6 +195,19 @@ fi
+ 
+ # See if we have libpam.a.  Investigate PAM versus Linux-PAM.
+ if test "$with_pam" = yes ; then
++  AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
++#include <sys/types.h>
++#ifdef HAVE_NETINET_IN_SYSTM_H
++# include <netinet/in_systm.h>
++#endif
++#include <netinet/in.h>
++#ifdef HAVE_NETINET_IP_H
++# include <netinet/ip.h>
++#endif
++#ifdef HAVE_SYS_PARAM_H
++# include <sys/param.h>
++#endif
++])
+   AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
+   AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
+   if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
+@@ -587,7 +600,7 @@ AC_HEADER_DIRENT
+ AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \
+ 		  glob.h memory.h netinet/ether.h netinet/in_systm.h \
+ 		  netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
+-		  security/pam_appl.h shadow.h \
++		  shadow.h \
+ 		  stdarg.h stdlib.h string.h stropts.h sys/tty.h \
+ 		  sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
+ 		  sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
new file mode 100644
index 0000000000..30e81ef450
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
@@ -0,0 +1,20 @@
+# default: off
+# description:
+# Rexecd is the server for the rexec program. The server provides remote 
+# execution facilities with authentication based on user names and 
+# passwords.
+#
+service exec
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rexecd
+	disable		= yes
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
new file mode 100644
index 0000000000..21b55da9a9
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
@@ -0,0 +1,23 @@
+# default: off
+# description:
+# Rlogind is a server for the rlogin program. The server provides remote 
+# execution with authentication based on privileged port numbers from trusted
+# host
+#
+service login
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rlogind -a
+	disable		= yes
+}
+							
+							
+							
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
new file mode 100644
index 0000000000..2b894a74bd
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
@@ -0,0 +1,21 @@
+# default: off
+# description:
+# The rshd server is a server for the rcmd(3) routine and, 
+# consequently, for the rsh(1) program. The server provides 
+# remote execution facilities with authentication based on 
+# privileged port numbers from trusted hosts.
+#
+service shell
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rshd -aL
+	disable		= yes
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
new file mode 100644
index 0000000000..2d9a0408c0
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
@@ -0,0 +1,13 @@
+# default: on
+# description: The telnet server serves telnet sessions; it uses \
+#       unencrypted username/password pairs for authentication.
+service telnet
+{
+	disable		= no
+	flags		= REUSE
+	socket_type	= stream
+	wait		= no
+	user		= root
+	server		= @SBINDIR@/in.telnetd
+	log_on_failure	+= USERID
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
new file mode 100644
index 0000000000..67b44c43e8
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
@@ -0,0 +1,19 @@
+# default: off
+# description:
+# Tftpd is a server which supports the Internet Trivial File Transfer
+# Pro-tocol (RFC 783). The TFTP server operates at the port indicated
+# in the tftp service description; see services(5).
+#
+service tftp
+{
+        disable         = yes
+        socket_type     = dgram
+        protocol        = udp
+        flags           = IPv6
+        wait            = yes
+        user            = root
+        group           = root
+        server          = @SBINDIR@/in.tftpd
+        server_args     = /tftpboot
+}
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/version.patch b/meta/recipes-connectivity/inetutils/inetutils/version.patch
new file mode 100644
index 0000000000..532a0e5c08
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/version.patch
@@ -0,0 +1,17 @@
+Upstream-Status: Pending
+
+remove m4_esyscmd function
+
+Signed-off-by: Chunrong Guo <b40290@freescale.com>
+--- inetutils-1.9.1/configure.ac	2012-01-06 22:05:05.000000000 +0800
++++ inetutils-1.9.1/configure.ac	2012-11-12 14:01:11.732957019 +0800
+@@ -20,8 +20,7 @@
+ 
+ AC_PREREQ(2.59)
+ 
+-AC_INIT([GNU inetutils],
+- m4_esyscmd([build-aux/git-version-gen .tarball-version 's/inetutils-/v/;s/_/./g']),
++AC_INIT([GNU inetutils],[1.9.4],
+  [bug-inetutils@gnu.org])
+ 
+ AC_CONFIG_SRCDIR([src/inetd.c])
diff --git a/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
new file mode 100644
index 0000000000..684fbe09e1
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils_1.9.4.bb
@@ -0,0 +1,210 @@
+DESCRIPTION = "The GNU inetutils are a collection of common \
+networking utilities and servers including ftp, ftpd, rcp, \
+rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \
+talkd, telnet, telnetd, tftp, tftpd, and uucpd."
+HOMEPAGE = "http://www.gnu.org/software/inetutils"
+SECTION = "net"
+DEPENDS = "ncurses netbase readline virtual/crypt"
+
+LICENSE = "GPLv3"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
+
+SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.gz \
+           file://version.patch \
+           file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
+           file://inetutils-1.8-0003-wchar.patch \
+           file://rexec.xinetd.inetutils  \
+           file://rlogin.xinetd.inetutils \
+           file://rsh.xinetd.inetutils \
+           file://telnet.xinetd.inetutils \
+           file://tftpd.xinetd.inetutils \
+           file://inetutils-1.9-PATH_PROCNET_DEV.patch \
+           file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+           file://0001-rcp-fix-to-work-with-large-files.patch \
+           file://fix-buffer-fortify-tfpt.patch \
+"
+
+SRC_URI[md5sum] = "04852c26c47cc8c6b825f2b74f191f52"
+SRC_URI[sha256sum] = "be8f75eff936b8e41b112462db51adf689715658a1b09e0d6b05d11ec92cc616"
+
+inherit autotools gettext update-alternatives texinfo
+
+acpaths = "-I ./m4"
+
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
+
+PACKAGECONFIG ??= "ftp uucpd \
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
+                  "
+PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline"
+PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline"
+PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
+PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
+
+EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
+        inetutils_cv_path_login=${base_bindir}/login \
+        --with-libreadline-prefix=${STAGING_LIBDIR} \
+        --enable-rpath=no \
+"
+
+# These are horrible for security, disable them
+EXTRA_OECONF_append = " --disable-rsh --disable-rshd --disable-rcp \
+        --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
+
+do_configure_prepend () {
+    export HELP2MAN='true'
+    cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
+    install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
+    install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
+    rm -f ${S}/glob/configure*
+}
+
+do_install_append () {
+    install -m 0755 -d ${D}${base_sbindir}
+    install -m 0755 -d ${D}${sbindir}
+    install -m 0755 -d ${D}${sysconfdir}/xinetd.d
+    if [ "${base_bindir}" != "${bindir}" ] ; then
+         install -m 0755 -d ${D}${base_bindir}
+         mv ${D}${bindir}/ping* ${D}${base_bindir}/
+         mv ${D}${bindir}/hostname ${D}${base_bindir}/
+    fi
+    mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/
+    mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/
+    mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd
+    mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd
+    if [ -e ${D}${libexecdir}/rexecd ]; then
+        mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd
+        cp ${WORKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec
+    fi
+    if [ -e ${D}${libexecdir}/rlogind ]; then
+        mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind
+        cp ${WORKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin
+    fi
+    if [ -e ${D}${libexecdir}/rshd ]; then
+        mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd
+        cp ${WORKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh
+    fi
+    if [ -e ${D}${libexecdir}/talkd ]; then
+        mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd
+    fi
+    mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd
+    mv ${D}${libexecdir}/* ${D}${bindir}/
+    cp ${WORKDIR}/telnet.xinetd.inetutils  ${D}/${sysconfdir}/xinetd.d/telnet
+    cp ${WORKDIR}/tftpd.xinetd.inetutils  ${D}/${sysconfdir}/xinetd.d/tftpd
+
+    sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/*
+    if [ -e ${D}${libdir}/charset.alias ]; then
+        rm -rf ${D}${libdir}/charset.alias
+    fi
+    rm -rf ${D}${libexecdir}/
+    # remove usr/lib if empty
+    rmdir ${D}${libdir} || true
+}
+
+PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \
+${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \
+${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \
+${PN}-rsh ${PN}-rshd"
+
+# The packages tftpd, telnetd and rshd conflict with the ones
+# provided by netkit, so add the corresponding -dbg packages
+# for them to avoid the confliction between the dbg package
+# of inetutils and netkit.
+PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg"
+NOAUTOPACKAGEDEBUG = "1"
+
+ALTERNATIVE_PRIORITY = "79"
+ALTERNATIVE_${PN} = "whois"
+ALTERNATIVE_LINK_NAME[uucpd]  = "${sbindir}/in.uucpd"
+
+ALTERNATIVE_PRIORITY_${PN}-logger = "60"
+ALTERNATIVE_${PN}-logger = "logger"
+ALTERNATIVE_${PN}-syslogd = "syslogd"
+ALTERNATIVE_LINK_NAME[syslogd]  = "${base_sbindir}/syslogd"
+
+ALTERNATIVE_${PN}-ftp = "ftp"
+ALTERNATIVE_${PN}-ftpd = "ftpd"
+ALTERNATIVE_${PN}-tftp = "tftp"
+ALTERNATIVE_${PN}-tftpd = "tftpd"
+ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd"
+ALTERNATIVE_TARGET[tftpd]  = "${sbindir}/in.tftpd"
+
+ALTERNATIVE_${PN}-telnet = "telnet"
+ALTERNATIVE_${PN}-telnetd = "telnetd"
+ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd"
+ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd"
+
+ALTERNATIVE_${PN}-inetd= "inetd"
+ALTERNATIVE_${PN}-traceroute = "traceroute"
+
+ALTERNATIVE_${PN}-hostname = "hostname"
+ALTERNATIVE_LINK_NAME[hostname]  = "${base_bindir}/hostname"
+
+ALTERNATIVE_${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8"
+ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
+ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
+ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
+ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
+
+ALTERNATIVE_${PN}-ifconfig = "ifconfig"
+ALTERNATIVE_LINK_NAME[ifconfig]  = "${base_sbindir}/ifconfig"
+
+ALTERNATIVE_${PN}-ping = "ping"
+ALTERNATIVE_LINK_NAME[ping]   = "${base_bindir}/ping"
+
+ALTERNATIVE_${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}"
+ALTERNATIVE_LINK_NAME[ping6]  = "${base_bindir}/ping6"
+
+
+FILES_${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug"
+FILES_${PN}-ping = "${base_bindir}/ping.${BPN}"
+FILES_${PN}-ping6 = "${base_bindir}/ping6.${BPN}"
+FILES_${PN}-hostname = "${base_bindir}/hostname.${BPN}"
+FILES_${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}"
+FILES_${PN}-traceroute = "${bindir}/traceroute.${BPN}"
+FILES_${PN}-logger = "${bindir}/logger.${BPN}"
+
+FILES_${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}"
+RCONFLICTS_${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng"
+
+FILES_${PN}-ftp = "${bindir}/ftp.${BPN}"
+
+FILES_${PN}-tftp = "${bindir}/tftp.${BPN}"
+FILES_${PN}-telnet = "${bindir}/telnet.${BPN}"
+
+# We make us of RCONFLICTS / RPROVIDES here rather than using the normal
+# alternatives method as this leads to packaging QA issues when using
+# musl as that library does not provide what these applications need to
+# build.
+FILES_${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp"
+RCONFLICTS_${PN}-rsh += "netkit-rsh-client"
+RPROVIDES_${PN}-rsh = "rsh"
+
+FILES_${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \
+                    ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec"
+FILES_${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd"
+RDEPENDS_${PN}-rshd += "xinetd tcp-wrappers"
+RCONFLICTS_${PN}-rshd += "netkit-rshd-server"
+RPROVIDES_${PN}-rshd = "rshd"
+
+FILES_${PN}-ftpd = "${bindir}/ftpd.${BPN}"
+FILES_${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}"
+RDEPENDS_${PN}-ftpd += "xinetd"
+
+FILES_${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd"
+FILES_${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd"
+RCONFLICTS_${PN}-tftpd += "netkit-tftpd"
+RDEPENDS_${PN}-tftpd += "xinetd"
+
+FILES_${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet"
+FILES_${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd"
+RCONFLICTS_${PN}-telnetd += "netkit-telnet"
+RPROVIDES_${PN}-telnetd = "telnetd"
+RDEPENDS_${PN}-telnetd += "xinetd"
+
+FILES_${PN}-inetd = "${bindir}/inetd.${BPN}"
+
+RDEPENDS_${PN} = "xinetd"
diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2.inc
index 63e7ca9e83..fc31b8444e 100644
--- a/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -9,16 +9,23 @@ LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                     file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817"
 
-DEPENDS = "flex-native bison-native iptables elfutils"
+DEPENDS = "flex-native bison-native iptables libcap"
 
-inherit update-alternatives bash-completion
+inherit update-alternatives bash-completion pkgconfig
 
-EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
+CLEANBROKEN = "1"
+
+PACKAGECONFIG ??= "tipc elf"
+PACKAGECONFIG[tipc] = ",,libmnl,"
+PACKAGECONFIG[elf] = ",,elfutils,"
+
+EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl \
+                ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
 
 do_configure_append () {
     sh configure ${STAGING_INCDIR}
     # Explicitly disable ATM support
-    sed -i -e '/TC_CONFIG_ATM/d' Config
+    sed -i -e '/TC_CONFIG_ATM/d' config.mk
 }
 
 do_install () {
@@ -32,17 +39,31 @@ do_install () {
 # The .so files in iproute2-tc are modules, not traditional libraries
 INSANE_SKIP_${PN}-tc = "dev-so"
 
-PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss"
+PACKAGES =+ "${PN}-tc \
+             ${PN}-lnstat \
+             ${PN}-ifstat \
+             ${PN}-genl \
+             ${PN}-rtacct \
+             ${PN}-nstat \
+             ${PN}-ss \
+             ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}"
 FILES_${PN}-tc = "${base_sbindir}/tc* \
                   ${libdir}/tc/*.so"
-FILES_${PN}-lnstat = "${base_sbindir}/lnstat ${base_sbindir}/ctstat ${base_sbindir}/rtstat"
+FILES_${PN}-lnstat = "${base_sbindir}/lnstat \
+                      ${base_sbindir}/ctstat \
+                      ${base_sbindir}/rtstat"
 FILES_${PN}-ifstat = "${base_sbindir}/ifstat"
 FILES_${PN}-genl = "${base_sbindir}/genl"
 FILES_${PN}-rtacct = "${base_sbindir}/rtacct"
 FILES_${PN}-nstat = "${base_sbindir}/nstat"
 FILES_${PN}-ss = "${base_sbindir}/ss"
+FILES_${PN}-tipc = "${base_sbindir}/tipc"
 
 ALTERNATIVE_${PN} = "ip"
 ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
 ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
 ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE_${PN}-tc = "tc"
+ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc"
+ALTERNATIVE_PRIORITY_${PN}-tc = "100"
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch
deleted file mode 100644
index 39c7d40319..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2/0001-iproute2-de-bash-scripts.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Subject: [PATCH] iproute2: de-bash scripts
-
-de-bash these two scripts to make iproute2 not depend on bash.
-
-Upstream-Status: Pending
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
----
- ip/ifcfg |   15 ++++++++-------
- ip/rtpr  |    2 +-
- 2 files changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/ip/ifcfg b/ip/ifcfg
-index 083d9df..60bcf1f 100644
---- a/ip/ifcfg
-+++ b/ip/ifcfg
-@@ -1,12 +1,13 @@
--#! /bin/bash
-+#! /bin/sh
- 
- CheckForwarding () {
--  local sbase fwd
-+  local sbase fwd forwarding
-   sbase=/proc/sys/net/ipv4/conf
-   fwd=0
-   if [ -d $sbase ]; then
-     for dir in $sbase/*/forwarding; do
--      fwd=$[$fwd + `cat $dir`]
-+      forwarding=`cat $dir`
-+      fwd=$(($fwd+$forwarding))
-     done
-   else
-     fwd=2
-@@ -127,12 +128,12 @@ fi
- arping -q -A -c 1 -I $dev $ipaddr
- noarp=$?
- ( sleep 2 ;
--  arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null &
-+  arping -q -U -c 1 -I $dev $ipaddr ) > /dev/null 2>&1 </dev/null &
- 
--ip route add unreachable 224.0.0.0/24 >& /dev/null
--ip route add unreachable 255.255.255.255 >& /dev/null
-+ip route add unreachable 224.0.0.0/24 > /dev/null 2>&1
-+ip route add unreachable 255.255.255.255 > /dev/null 2>&1
- if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
--  ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
-+  ip route add 224.0.0.0/4 dev $dev scope global > /dev/null 2>&1
- fi
- 
- if [ $fwd -eq 0 ]; then
-diff --git a/ip/rtpr b/ip/rtpr
-index c3629fd..674198d 100644
---- a/ip/rtpr
-+++ b/ip/rtpr
-@@ -1,4 +1,4 @@
--#! /bin/bash
-+#! /bin/sh
- 
- exec tr "[\\\\]" "[
- ]"
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
new file mode 100644
index 0000000000..50c4bfb0f2
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
@@ -0,0 +1,41 @@
+From b7d96340c55afb7023ded0041107c63dbd886196 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Thu, 22 Dec 2016 15:26:30 +0200
+Subject: [PATCH] libc-compat.h: add musl workaround
+
+The libc-compat.h kernel header uses glibc specific macros (__GLIBC__ and
+__USE_MISC) to solve conflicts with libc provided headers. This patch makes
+libc-compat.h work for musl libc as well.
+
+Upstream-Status: Pending
+
+Taken From:
+https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-workaround-to-the-libc-compat.h-copy.patch
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Maxin B. John <maxin.john@intel.com>
+---
+ include/uapi/linux/libc-compat.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h
+index f38571d..30f0b67 100644
+--- a/include/uapi/linux/libc-compat.h
++++ b/include/uapi/linux/libc-compat.h
+@@ -49,10 +49,12 @@
+ #define _LIBC_COMPAT_H
+ 
+ /* We have included glibc headers... */
+-#if defined(__GLIBC__)
++#if 1
++#define __USE_MISC
+ 
+ /* Coordinate with glibc net/if.h header. */
+ #if defined(_NET_IF_H) && defined(__USE_MISC)
++#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0
+ 
+ /* GLIBC headers included first so don't define anything
+  * that would already be defined. */
+-- 
+2.4.0
+
diff --git a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch b/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
deleted file mode 100644
index 866609ca99..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 85b0589b4843c03e8e6fd9416d71ea449a73c5c0 Mon Sep 17 00:00:00 2001
-From: Koen Kooi <koen@dominion.thruhere.net>
-Date: Thu, 3 Nov 2011 10:46:16 +0100
-Subject: [PATCH] make configure cross compile safe
-
-According to Kevin Tian:
-Upstream-Status: Pending
-
-Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
-Signed-off-by: Shane Wang <shane.wang@intel.com>
-
-Index: iproute2-3.7.0/configure
-===================================================================
---- iproute2-3.7.0.orig/configure
-+++ iproute2-3.7.0/configure
-@@ -2,6 +2,7 @@
- # This is not an autconf generated configure
- #
- INCLUDE=${1:-"$PWD/include"}
-+SYSROOT=$1
- 
- # Make a temp directory in build tree.
- TMPDIR=$(mktemp -d config.XXXXXX)
-@@ -158,7 +159,7 @@ check_ipt_lib_dir()
- 		return
- 	fi
- 
--	for dir in /lib /usr/lib /usr/local/lib
-+	for dir in $SYSROOT/lib $SYSROOT/usr/lib $SYSROOT/usr/local/lib
- 	do
- 		for file in $dir/{xtables,iptables}/lib*t_*so ; do
- 			if [ -f $file ]; then
diff --git a/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch b/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch
deleted file mode 100644
index 8c078f69d0..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2/iproute2-4.3.0-musl.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-Subject: [PATCH] Avoid in6_addr redefinition
-
-Due to both <netinet/in.h> and <linux/in6.h> being included, the
-in6_addr is being redefined: once from the C library headers and once
-from the kernel headers. This causes some build failures with for
-example the musl C library.
-
-In order to fix this, use just the C library header <netinet/in.h>.
-Original patch taken from
-http://git.alpinelinux.org/cgit/aports/tree/main/iproute2/musl-fixes.patch.
-
-(Refreshed the patch for 4.6 release)
-
-Upstream-Status: Pending
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
-----
-diff -Naur iproute2-4.6.0-orig/include/libiptc/ipt_kernel_headers.h iproute2-4.6.0/include/libiptc/ipt_kernel_headers.h
---- iproute2-4.6.0-orig/include/libiptc/ipt_kernel_headers.h	2016-05-23 12:03:23.821826910 +0300
-+++ iproute2-4.6.0/include/libiptc/ipt_kernel_headers.h	2016-05-23 12:04:23.714078154 +0300
-@@ -6,7 +6,6 @@
- #include <limits.h>
- 
- #include <netinet/ip.h>
--#include <netinet/in.h>
- #include <netinet/ip_icmp.h>
- #include <netinet/tcp.h>
- #include <netinet/udp.h>
-diff -Naur iproute2-4.6.0-orig/include/linux/if_bridge.h iproute2-4.6.0/include/linux/if_bridge.h
---- iproute2-4.6.0-orig/include/linux/if_bridge.h	2016-05-23 12:03:23.821826910 +0300
-+++ iproute2-4.6.0/include/linux/if_bridge.h	2016-05-23 12:04:23.716078129 +0300
-@@ -15,7 +15,6 @@
- 
- #include <linux/types.h>
- #include <linux/if_ether.h>
--#include <linux/in6.h>
- 
- #define SYSFS_BRIDGE_ATTR	"bridge"
- #define SYSFS_BRIDGE_FDB	"brforward"
-diff -Naur iproute2-4.6.0-orig/include/linux/netfilter.h iproute2-4.6.0/include/linux/netfilter.h
---- iproute2-4.6.0-orig/include/linux/netfilter.h	2016-05-23 12:03:23.821826910 +0300
-+++ iproute2-4.6.0/include/linux/netfilter.h	2016-05-23 12:04:23.717078117 +0300
-@@ -4,8 +4,6 @@
- #include <linux/types.h>
- 
- #include <linux/sysctl.h>
--#include <linux/in.h>
--#include <linux/in6.h>
- 
- /* Responses from hook functions. */
- #define NF_DROP 0
-diff -Naur iproute2-4.6.0-orig/include/linux/netfilter_ipv4/ip_tables.h iproute2-4.6.0/include/linux/netfilter_ipv4/ip_tables.h
---- iproute2-4.6.0-orig/include/linux/netfilter_ipv4/ip_tables.h	2016-05-18 21:56:02.000000000 +0300
-+++ iproute2-4.6.0/include/linux/netfilter_ipv4/ip_tables.h	2016-05-23 12:09:22.888337961 +0300
-@@ -17,7 +17,6 @@
- 
- #include <linux/types.h>
- 
--#include <linux/if.h>
- #include <linux/netfilter_ipv4.h>
- 
- #include <linux/netfilter/x_tables.h>
-diff -Naur iproute2-4.6.0-orig/include/linux/xfrm.h iproute2-4.6.0/include/linux/xfrm.h
---- iproute2-4.6.0-orig/include/linux/xfrm.h	2016-05-23 12:03:23.821826910 +0300
-+++ iproute2-4.6.0/include/linux/xfrm.h	2016-05-23 12:04:23.718078104 +0300
-@@ -1,7 +1,6 @@
- #ifndef _LINUX_XFRM_H
- #define _LINUX_XFRM_H
- 
--#include <linux/in6.h>
- #include <linux/types.h>
- 
- /* All of the structures in this file may not change size as they are
-diff -Naur iproute2-4.6.0-orig/include/utils.h iproute2-4.6.0/include/utils.h
---- iproute2-4.6.0-orig/include/utils.h	2016-05-23 12:03:23.821826910 +0300
-+++ iproute2-4.6.0/include/utils.h	2016-05-23 12:04:23.718078104 +0300
-@@ -1,6 +1,7 @@
- #ifndef __UTILS_H__
- #define __UTILS_H__ 1
- 
-+#include <sys/param.h>  /* MAXPATHLEN */
- #include <sys/types.h>
- #include <asm/types.h>
- #include <resolv.h>
diff --git a/meta/recipes-connectivity/iproute2/iproute2_4.7.0.bb b/meta/recipes-connectivity/iproute2/iproute2_4.7.0.bb
deleted file mode 100644
index 426f989160..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2_4.7.0.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require iproute2.inc
-
-SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
-           file://configure-cross.patch \
-           file://0001-iproute2-de-bash-scripts.patch \
-           file://iproute2-4.3.0-musl.patch \
-          "
-SRC_URI[md5sum] = "d4b205830cdc2702f8a0cbd6232129cd"
-SRC_URI[sha256sum] = "8f60dbcfb33a79daae0638f53bdcaa4310c0aa59ae39af8a234020dc69bb7b92"
-
-# CFLAGS are computed in Makefile and reference CCOPTS
-#
-EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb b/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb
new file mode 100644
index 0000000000..8a86cbf78c
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2_5.3.0.bb
@@ -0,0 +1,12 @@
+require iproute2.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
+           file://0001-libc-compat.h-add-musl-workaround.patch \
+          "
+
+SRC_URI[md5sum] = "227404413c8d6db649d6188ead1e5a6e"
+SRC_URI[sha256sum] = "cb1c1e45993a3bd2438543fd4332d70f1726a6e6ff97dc613a8258c993117b3f"
+
+# CFLAGS are computed in Makefile and reference CCOPTS
+#
+EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
deleted file mode 100755
index 6f29e9c6ed..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
+++ /dev/null
@@ -1,78 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides:          irda
-# Required-Start:    $network $remote_fs
-# Required-Stop:     $network $remote_fs
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: Infrared port support
-### END INIT INFO
-
-NAME="irattach"
-test -x "$IRDA_DAEMON" || IRDA_DAEMON=/usr/sbin/irattach
-test -z "$IRATTACH_PID" && IRATTACH_PID=/var/run/irattach.pid
-
-# Source function library.
-. /etc/init.d/functions
-
-module_id() {
-        awk 'BEGIN { FS=": " } /Hardware/ { print $2 } ' </proc/cpuinfo
-}
-
-if [ ! -f /etc/sysconfig/irda ]; then
-    case `module_id` in
-	"HP iPAQ H2200" | "HP iPAQ HX4700" | "HTC Universal")
-	    IRDA=yes
-	    DEVICE=/dev/ttyS2
-	    DONGLE=
-	    DISCOVERY=
-	    ;;
-	*)
-	    IRDA=yes
-	    DEVICE=/dev/ttyS1
-	    DONGLE=
-	    DISCOVERY=
-	    ;;
-    esac
-else
-    . /etc/sysconfig/irda
-fi
-
-# Check that irda is up.
-[ ${IRDA} = "no" ] && exit 0
-
-[ -f /usr/sbin/irattach ] || exit 0
-
-ARGS=
-if [ $DONGLE ]; then
-	ARGS="$ARGS -d $DONGLE"
-fi
-if [ "$DISCOVERY" = "yes" ];then
-	ARGS="$ARGS -s"
-fi
-
-case "$1" in
-  start)
-	echo -n "Starting IrDA: $NAME"
-	start-stop-daemon --start --quiet --exec "$IRDA_DAEMON" ${DEVICE} ${ARGS} --pidfile "$IRATTACH_PID"
-	sleep 1
-	[ -f /var/run/irattach.pid ] && echo " done" || echo " fail"
-	;;
-  stop)
-	echo "Stopping IrDA: $NAME"
-	start-stop-daemon --stop --quiet --exec "$IRDA_DAEMON" --pidfile "$IRATTACH_PID"
-	;;
-  restart|force-reload)
-	$0 stop
-	$0 start
-	;;
-  status)
-	status irattach
-	exit $?
-	;;
-  *)
-	N=/etc/init.d/$NAME
-	echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
-	exit 1
-	;;
-esac
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
deleted file mode 100644
index e95fe35f8f..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-Obey LDFLAGS
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Upstream-Status: Pending
-
---- irda-utils-0.9.18.orig/findchip/Makefile
-+++ irda-utils-0.9.18/findchip/Makefile
-@@ -65,5 +65,5 @@ install: findchip
-
- gfindchip: gfindchip.c
-	$(prn_cc)
--	$(ECMD))$(CC) $(CFLAGS) `gtk-config --cflags`  $< -o $@ `gtk-config --libs`
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `gtk-config --cflags`  $< -o $@ `gtk-config --libs`
-
---- irda-utils-0.9.18.orig/irattach/Makefile
-+++ irda-utils-0.9.18/irattach/Makefile
-@@ -49,13 +49,13 @@ all: $(TARGETS)
-
- irattach: irattach.o util.o
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) irattach.o util.o -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) irattach.o util.o -o $@
-
-
-
- dongle_attach: dongle_attach.o
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) dongle_attach.o -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) dongle_attach.o -o $@
-
-
- install: $(TARGETS)
---- irda-utils-0.9.18.orig/irdadump/Makefile
-+++ irda-utils-0.9.18/irdadump/Makefile
-@@ -40,7 +40,7 @@ lib_irdadump.a: $(LIBIRDADUMP_OBJS)
-
- irdadump: $(IRDADUMP_OBJS) $(LIBIRDADUMP_TARGET)
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) `pkg-config --libs glib-2.0` -o  $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `pkg-config --libs glib-2.0` -o  $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
-
-
- .c.o:
---- irda-utils-0.9.18.orig/irdaping/Makefile
-+++ irda-utils-0.9.18/irdaping/Makefile
-@@ -56,7 +56,7 @@ all: $(TARGETS)
-
- irdaping: $(OBJS)
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
-
-
- .c.o:
---- irda-utils-0.9.18.orig/irnetd/Makefile
-+++ irda-utils-0.9.18/irnetd/Makefile
-@@ -50,7 +50,7 @@ all: $(TARGETS)
-
- irnetd: $(OBJS)
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
-
-
- install: irnetd
---- irda-utils-0.9.18.orig/psion/Makefile
-+++ irda-utils-0.9.18/psion/Makefile
-@@ -25,4 +25,4 @@ install: $(PSION_TARGETS)
- CFLAGS += -g -I../include -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS)
- irpsion5:
-	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(PSION_SRC) -o $@
-\ No newline at end of file
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(PSION_SRC) -o $@
-\ No newline at end of file
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch
deleted file mode 100644
index 97eb975023..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Replace use of <net/if_packet.h> with <linux/if_packet.h>.
-
-kernel headers <linux/if_packet.h> already provides the
-needed definitions, moreover not all libc implementations
-provide if_packet.h e.g. musl
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Pending
-
-Index: irda-utils-0.9.18/irdaping/irdaping.c
-===================================================================
---- irda-utils-0.9.18.orig/irdaping/irdaping.c
-+++ irda-utils-0.9.18/irdaping/irdaping.c
-@@ -33,7 +33,6 @@
- #include <sys/socket.h>
- #include <sys/ioctl.h>
- #include <net/if.h>		/* For struct ifreq */
--#include <net/if_packet.h>	/* For struct sockaddr_pkt */
- #include <net/if_arp.h>		/* For ARPHRD_IRDA */
- #include <netinet/if_ether.h>	/* For ETH_P_ALL */
- #include <netinet/in.h>		/* For htons */
-@@ -46,6 +45,7 @@
- #include <asm/byteorder.h>	/* __cpu_to_le32 and co. */
- 
- #include <linux/types.h>	/* For __u8 and co. */
-+#include <linux/if_packet.h>	/* For struct sockaddr_pkt */
- #include <irda.h>
- 
- #ifndef AF_IRDA
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb b/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
deleted file mode 100644
index 11b2ee9117..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
+++ /dev/null
@@ -1,51 +0,0 @@
-SUMMARY = "Common files for IrDA"
-DESCRIPTION = "Provides common files needed to use IrDA. \
-IrDA allows communication over Infrared with other devices \
-such as phones and laptops."
-HOMEPAGE = "http://irda.sourceforge.net/"
-BUGTRACKER = "http://sourceforge.net/p/irda/bugs/"
-SECTION = "base"
-LICENSE = "GPLv2+"
-LIC_FILES_CHKSUM = "file://irdadump/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-                    file://smcinit/COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
-                    file://man/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-                    file://irdadump/irdadump.c;beginline=1;endline=24;md5=d78b9dce3cd78c2220250c9c7a2be178"
-
-SRC_URI = "${SOURCEFORGE_MIRROR}/irda/irda-utils-${PV}.tar.gz \
-           file://ldflags.patch \
-           file://musl.patch \
-           file://init"
-
-SRC_URI[md5sum] = "84dc12aa4c3f61fccb8d8919bf4079bb"
-SRC_URI[sha256sum] = "61980551e46b2eaa9e17ad31cbc1a638074611fc33bff34163d10c7a67a9fdc6"
-
-inherit update-rc.d
-
-EXTRA_OEMAKE = "\
-    'CC=${CC}' \
-    'LD=${LD}' \
-    'CFLAGS=${CFLAGS}' \
-    'LDFLAGS=${LDFLAGS}' \
-    'SYS_INCLUDES=' \
-    'V=1' \
-"
-
-INITSCRIPT_NAME = "irattach"
-INITSCRIPT_PARAMS = "defaults 20"
-
-TARGETS ??= "irattach irdaping"
-do_compile () {
-	for t in ${TARGETS}; do
-		oe_runmake -C $t
-	done
-}
-
-do_install () {
-	install -d ${D}${sbindir}
-	for t in ${TARGETS}; do
-		oe_runmake -C $t ROOT="${D}" install
-	done
-
-	install -d ${D}${sysconfdir}/init.d
-	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
-}
diff --git a/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/meta/recipes-connectivity/iw/iw/separate-objdir.patch
index 0ea6a52789..eb01a5a14e 100644
--- a/meta/recipes-connectivity/iw/iw/separate-objdir.patch
+++ b/meta/recipes-connectivity/iw/iw/separate-objdir.patch
@@ -7,29 +7,36 @@ Upstream-Status: Pending
 Signed-off-by: Christopher Larson <chris_larson@mentor.com>
 Signed-off-by: Maxin B. John <maxin.john@intel.com>
 ---
-diff -Naur iw-4.3-origin/Makefile iw-4.3/Makefile
---- iw-4.3-origin/Makefile	2015-11-20 16:37:58.752077287 +0200
-+++ iw-4.3/Makefile	2015-11-20 16:57:15.510615815 +0200
-@@ -1,5 +1,7 @@
+ Makefile | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 33aaf6a..9030796 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,5 +1,9 @@
  MAKEFLAGS += --no-print-directory
--
+
 +SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
 +OBJDIR ?= $(PWD)
 +VPATH = $(SRCDIR)
++
  PREFIX ?= /usr
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR ?= $(PREFIX)/share/man
-@@ -95,11 +97,11 @@
+@@ -103,11 +107,11 @@ VERSION_OBJS := $(filter-out version.o, $(OBJS))
  version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \
  		$(wildcard .git/index .git/refs/tags)
  	@$(NQ) ' GEN ' $@
 -	$(Q)./version.sh $@
 +	$(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@
- 
+
  %.o: %.c iw.h nl80211.h
  	@$(NQ) ' CC  ' $@
--	$(Q)$(CC) $(CFLAGS) -c -o $@ $<
-+	$(Q)$(CC) -I$(SRCDIR) $(CFLAGS) -c -o $@ $<
- 
+-	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
++	$(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
+
  ifeq ($(IW_ANDROID_BUILD),)
  iw:	$(OBJS)
+--
+2.20.1 (Apple Git-117)
diff --git a/meta/recipes-connectivity/iw/iw_4.7.bb b/meta/recipes-connectivity/iw/iw_5.3.bb
index e9f414129c..f7f13f5a30 100644
--- a/meta/recipes-connectivity/iw/iw_4.7.bb
+++ b/meta/recipes-connectivity/iw/iw_5.3.bb
@@ -4,7 +4,7 @@ wireless devices. It supports almost all new drivers that have been added \
 to the kernel recently. "
 HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw"
 SECTION = "base"
-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774"
 
 DEPENDS = "libnl"
@@ -14,8 +14,8 @@ SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
            file://separate-objdir.patch \
 "
 
-SRC_URI[md5sum] = "19d1edd276b2ac0c6cccfc7ae8d2b732"
-SRC_URI[sha256sum] = "758092229f13d691968060a0ad41364ba8eb8da4503626c20233a5b1eb33b4d9"
+SRC_URI[md5sum] = "6d4d1c0ee34f3a7bda0e6aafcd7aaf31"
+SRC_URI[sha256sum] = "175abbfce86348c0b70e778c13a94c0bfc9abc7a506d2bd608261583aeedf64a"
 
 inherit pkgconfig
 
@@ -26,7 +26,6 @@ EXTRA_OEMAKE = "\
     'SBINDIR=${sbindir}' \
     'MANDIR=${mandir}' \
 "
-B = "${WORKDIR}/build"
 
 do_install() {
     oe_runmake 'DESTDIR=${D}' install
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch b/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch
deleted file mode 100644
index f63eb90cdc..0000000000
--- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From bdf01a581d58eb5340e9238d143dbcac9db5b11c Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 30 Jan 2016 19:29:45 +0000
-Subject: [PATCH] check for nss.h
-
-nss.h may not available on all libc implementations, e.g. musl does not
-have this header, this patch detects nss.h presence and defines the data
-types that are required if nss.h is missing on platform
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- configure.ac |  2 +-
- src/nss.c    | 11 +++++++++++
- 2 files changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index aa66bc6..ce19b07 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -71,7 +71,7 @@ AC_PROG_LIBTOOL
- 
- # Checks for header files.
- AC_HEADER_STDC
--AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h])
-+AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h nss.h])
- 
- # Checks for typedefs, structures, and compiler characteristics.
- AC_C_CONST
-diff --git a/src/nss.c b/src/nss.c
-index e48e315..406733b 100644
---- a/src/nss.c
-+++ b/src/nss.c
-@@ -29,7 +29,18 @@
- #include <assert.h>
- #include <netdb.h>
- #include <sys/socket.h>
-+#ifdef HAVE_NSS_H
- #include <nss.h>
-+#else
-+enum nss_status {
-+    NSS_STATUS_TRYAGAIN = -2,
-+    NSS_STATUS_UNAVAIL,
-+    NSS_STATUS_NOTFOUND,
-+    NSS_STATUS_SUCCESS,
-+    NSS_STATUS_RETURN
-+};
-+#endif
-+
- #include <stdio.h>
- #include <stdlib.h>
- 
--- 
-2.7.0
-
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
index 8d2feec769..953505971a 100644
--- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
+++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
@@ -9,7 +9,6 @@ DEPENDS = "avahi"
 PR = "r7"
 
 SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \
-           file://0001-check-for-nss.h.patch \
            "
 
 SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7"
@@ -17,8 +16,12 @@ SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d81
 
 S = "${WORKDIR}/nss-mdns-${PV}"
 
+localstatedir = "/"
+
 inherit autotools
 
+COMPATIBLE_HOST_libc-musl = 'null'
+
 EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi"
 
 # suppress warning, but don't bother with autonamer
@@ -28,13 +31,16 @@ DEBIANNAME_${PN} = "libnss-mdns"
 RDEPENDS_${PN} = "avahi-daemon"
 
 pkg_postinst_${PN} () {
-	sed -e '/^hosts:/s/\s*\<mdns\>//' \
-		-e 's/\(^hosts:.*\)\(\<files\>\)\(.*\)\(\<dns\>\)\(.*\)/\1\2 mdns4_minimal [NOTFOUND=return]\3\4 mdns\5/' \
-		-i $D${sysconfdir}/nsswitch.conf
+	sed '
+		/^hosts:/ !b
+		/\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b
+		s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g
+		' -i $D${sysconfdir}/nsswitch.conf
 }
 
 pkg_prerm_${PN} () {
-	sed -e '/^hosts:/s/\s*\<mdns\>//' \
-		-e '/^hosts:/s/\s*mdns4_minimal\s\+\[NOTFOUND=return\]//' \
-		-i $D${sysconfdir}/nsswitch.conf
+	sed '
+		/^hosts:/ !b
+		s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g
+		' -i $D${sysconfdir}/nsswitch.conf
 }
diff --git a/meta/recipes-connectivity/libpcap/libpcap.inc b/meta/recipes-connectivity/libpcap/libpcap.inc
deleted file mode 100644
index 7b29a52dcd..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap.inc
+++ /dev/null
@@ -1,43 +0,0 @@
-SUMMARY = "Interface for user-level network packet capture"
-DESCRIPTION = "Libpcap provides a portable framework for low-level network \
-monitoring.  Libpcap can provide network statistics collection, \
-security monitoring and network debugging."
-HOMEPAGE = "http://www.tcpdump.org/"
-BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
-SECTION = "libs/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
-                    file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
-DEPENDS = "flex-native bison-native"
-
-INC_PR = "r5"
-
-SRC_URI = "http://www.tcpdump.org/release/${BP}.tar.gz"
-
-BINCONFIG = "${bindir}/pcap-config"
-
-inherit autotools binconfig-disabled pkgconfig bluetooth
-
-EXTRA_OECONF = "--with-pcap=linux"
-
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
-                   ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
-"
-PACKAGECONFIG[bluez4] = "--enable-bluetooth,--disable-bluetooth,bluez4"
-# Add a dummy PACKAGECONFIG for bluez5 since it is not supported by libpcap.
-PACKAGECONFIG[bluez5] = ",,"
-PACKAGECONFIG[canusb] = "--enable-canusb,--enable-canusb=no,libusb"
-PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
-PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
-PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
-
-CPPFLAGS_prepend = "-I${S} "
-CFLAGS_prepend = "-I${S} "
-CXXFLAGS_prepend = "-I${S} "
-
-do_configure_prepend () {
-    if [ ! -e ${S}/acinclude.m4 ]; then
-        cat ${S}/aclocal.m4 > ${S}/acinclude.m4
-    fi
-    sed -i -e's,^V_RPATH_OPT=.*$,V_RPATH_OPT=,' ${S}/pcap-config.in
-}
diff --git a/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch b/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch
deleted file mode 100644
index 21519825c3..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/aclocal.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-diff -ruN libpcap-1.1.1-orig/aclocal.m4 libpcap-1.1.1/aclocal.m4
---- libpcap-1.1.1-orig/aclocal.m4	2010-06-29 10:46:32.815117569 +0800
-+++ libpcap-1.1.1/aclocal.m4	2010-06-29 10:49:17.150149949 +0800
-@@ -37,7 +37,7 @@
- dnl AC_LBL_C_INIT.  Now, we run AC_LBL_C_INIT_BEFORE_CC, AC_PROG_CC,
- dnl and AC_LBL_C_INIT at the top level.
- dnl
--AC_DEFUN(AC_LBL_C_INIT_BEFORE_CC,
-+AC_DEFUN([AC_LBL_C_INIT_BEFORE_CC],
- [
-     AC_BEFORE([$0], [AC_LBL_C_INIT])
-     AC_BEFORE([$0], [AC_PROG_CC])
-@@ -90,7 +90,7 @@
- dnl     LDFLAGS
- dnl     LBL_CFLAGS
- dnl
--AC_DEFUN(AC_LBL_C_INIT,
-+AC_DEFUN([AC_LBL_C_INIT],
- [
-     AC_BEFORE([$0], [AC_LBL_FIXINCLUDES])
-     AC_BEFORE([$0], [AC_LBL_DEVEL])
-@@ -217,7 +217,7 @@
- dnl	V_SONAME_OPT
- dnl	V_RPATH_OPT
- dnl
--AC_DEFUN(AC_LBL_SHLIBS_INIT,
-+AC_DEFUN([AC_LBL_SHLIBS_INIT],
-     [AC_PREREQ(2.50)
-     if test "$GCC" = yes ; then
- 	    #
-@@ -361,7 +361,7 @@
- # Make sure we use the V_CCOPT flags, because some of those might
- # disable inlining.
- #
--AC_DEFUN(AC_LBL_C_INLINE,
-+AC_DEFUN([AC_LBL_C_INLINE],
-     [AC_MSG_CHECKING(for inline)
-     save_CFLAGS="$CFLAGS"
-     CFLAGS="$V_CCOPT"
-@@ -407,7 +407,7 @@
- dnl
- dnl	AC_LBL_FIXINCLUDES
- dnl
--AC_DEFUN(AC_LBL_FIXINCLUDES,
-+AC_DEFUN([AC_LBL_FIXINCLUDES],
-     [if test "$GCC" = yes ; then
- 	    AC_MSG_CHECKING(for ANSI ioctl definitions)
- 	    AC_CACHE_VAL(ac_cv_lbl_gcc_fixincludes,
-@@ -453,7 +453,7 @@
- dnl	$2 (yacc appended)
- dnl	$3 (optional flex and bison -P prefix)
- dnl
--AC_DEFUN(AC_LBL_LEX_AND_YACC,
-+AC_DEFUN([AC_LBL_LEX_AND_YACC],
-     [AC_ARG_WITH(flex, [  --without-flex          don't use flex])
-     AC_ARG_WITH(bison, [  --without-bison         don't use bison])
-     if test "$with_flex" = no ; then
-@@ -506,7 +506,7 @@
- dnl
- dnl	DECLWAITSTATUS (defined)
- dnl
--AC_DEFUN(AC_LBL_UNION_WAIT,
-+AC_DEFUN([AC_LBL_UNION_WAIT],
-     [AC_MSG_CHECKING(if union wait is used)
-     AC_CACHE_VAL(ac_cv_lbl_union_wait,
- 	AC_TRY_COMPILE([
-@@ -535,7 +535,7 @@
- dnl
- dnl	HAVE_SOCKADDR_SA_LEN (defined)
- dnl
--AC_DEFUN(AC_LBL_SOCKADDR_SA_LEN,
-+AC_DEFUN([AC_LBL_SOCKADDR_SA_LEN],
-     [AC_MSG_CHECKING(if sockaddr struct has the sa_len member)
-     AC_CACHE_VAL(ac_cv_lbl_sockaddr_has_sa_len,
- 	AC_TRY_COMPILE([
-@@ -560,7 +560,7 @@
- dnl
- dnl	HAVE_SOCKADDR_STORAGE (defined)
- dnl
--AC_DEFUN(AC_LBL_SOCKADDR_STORAGE,
-+AC_DEFUN([AC_LBL_SOCKADDR_STORAGE],
-     [AC_MSG_CHECKING(if sockaddr_storage struct exists)
-     AC_CACHE_VAL(ac_cv_lbl_has_sockaddr_storage,
- 	AC_TRY_COMPILE([
-@@ -593,7 +593,7 @@
- dnl won't be using code that would use that member, or we wouldn't
- dnl compile in any case).
- dnl
--AC_DEFUN(AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1,
-+AC_DEFUN([AC_LBL_HP_PPA_INFO_T_DL_MODULE_ID_1],
-     [AC_MSG_CHECKING(if dl_hp_ppa_info_t struct has dl_module_id_1 member)
-     AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
- 	AC_TRY_COMPILE([
-@@ -619,7 +619,7 @@
- dnl
- dnl	ac_cv_lbl_have_run_path (yes or no)
- dnl
--AC_DEFUN(AC_LBL_HAVE_RUN_PATH,
-+AC_DEFUN([AC_LBL_HAVE_RUN_PATH],
-     [AC_MSG_CHECKING(for ${CC-cc} -R)
-     AC_CACHE_VAL(ac_cv_lbl_have_run_path,
- 	[echo 'main(){}' > conftest.c
-@@ -644,7 +644,7 @@
- dnl
- dnl	LBL_ALIGN (DEFINED)
- dnl
--AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
-+AC_DEFUN([AC_LBL_UNALIGNED_ACCESS],
-     [AC_MSG_CHECKING(if unaligned accesses fail)
-     AC_CACHE_VAL(ac_cv_lbl_unaligned_fail,
- 	[case "$host_cpu" in
-@@ -749,7 +749,7 @@
- dnl	HAVE_OS_PROTO_H (defined)
- dnl	os-proto.h (symlinked)
- dnl
--AC_DEFUN(AC_LBL_DEVEL,
-+AC_DEFUN([AC_LBL_DEVEL],
-     [rm -f os-proto.h
-     if test "${LBL_CFLAGS+set}" = set; then
- 	    $1="$$1 ${LBL_CFLAGS}"
-@@ -886,7 +886,7 @@
- dnl statically and happen to have a libresolv.a lying around (and no
- dnl libnsl.a).
- dnl
--AC_DEFUN(AC_LBL_LIBRARY_NET, [
-+AC_DEFUN([AC_LBL_LIBRARY_NET], [
-     # Most operating systems have gethostbyname() in the default searched
-     # libraries (i.e. libc):
-     # Some OSes (eg. Solaris) place it in libnsl
-@@ -909,7 +909,7 @@
- dnl Test for __attribute__
- dnl
- 
--AC_DEFUN(AC_C___ATTRIBUTE__, [
-+AC_DEFUN([AC_C___ATTRIBUTE__], [
- AC_MSG_CHECKING(for __attribute__)
- AC_CACHE_VAL(ac_cv___attribute__, [
- AC_COMPILE_IFELSE(
-@@ -947,7 +947,7 @@
- dnl
- dnl -Scott Barron
- dnl
--AC_DEFUN(AC_LBL_TPACKET_STATS,
-+AC_DEFUN([AC_LBL_TPACKET_STATS],
-    [AC_MSG_CHECKING(if if_packet.h has tpacket_stats defined)
-    AC_CACHE_VAL(ac_cv_lbl_tpacket_stats,
-    AC_TRY_COMPILE([
-@@ -976,7 +976,7 @@
- dnl doesn't have that member (which is OK, as either we won't be using
- dnl code that would use that member, or we wouldn't compile in any case).
- dnl
--AC_DEFUN(AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI,
-+AC_DEFUN([AC_LBL_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI],
-     [AC_MSG_CHECKING(if tpacket_auxdata struct has tp_vlan_tci member)
-     AC_CACHE_VAL(ac_cv_lbl_dl_hp_ppa_info_t_has_dl_module_id_1,
- 	AC_TRY_COMPILE([
-@@ -1003,7 +1003,7 @@
- dnl 
- dnl 	HAVE_DLPI_PASSIVE (defined)
- dnl
--AC_DEFUN(AC_LBL_DL_PASSIVE_REQ_T,
-+AC_DEFUN([AC_LBL_DL_PASSIVE_REQ_T],
-         [AC_MSG_CHECKING(if dl_passive_req_t struct exists)
-        AC_CACHE_VAL(ac_cv_lbl_has_dl_passive_req_t,
-                 AC_TRY_COMPILE([
diff --git a/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch b/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
deleted file mode 100644
index b8615135b0..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/libpcap-pkgconfig-support.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 8887132e85892a72a84ca3878e60f254ad2ce939 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Tue, 24 Feb 2015 15:56:06 -0500
-Subject: [PATCH] libpcap: pkgconfig support
-
-Adding basic structure to support pkg-config.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
----
- Makefile.in   |  5 +++++
- configure.in  |  1 +
- libpcap.pc.in | 10 ++++++++++
- 3 files changed, 16 insertions(+)
- create mode 100644 libpcap.pc.in
-
-diff --git a/Makefile.in b/Makefile.in
-index 1c2d745..1f25faf 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -60,6 +60,10 @@ V_RPATH_OPT = @V_RPATH_OPT@
- DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@
- PROG=libpcap
- 
-+# pkgconfig support
-+pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfig_DATA = libpcap.pc
-+
- # Standard CFLAGS
- FULL_CFLAGS = $(CCOPT) $(INCLS) $(DEFS) $(CFLAGS)
- 
-@@ -275,6 +279,7 @@ EXTRA_DIST = \
- 	lbl/os-solaris2.h \
- 	lbl/os-sunos4.h \
- 	lbl/os-ultrix4.h \
-+	libpcap.pc \
- 	missing/snprintf.c \
- 	mkdep \
- 	msdos/bin2c.c \
-diff --git a/configure.in b/configure.in
-index 8f5c86b..fb51b35 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1700,6 +1700,7 @@ esac
- AC_PROG_INSTALL
- 
- AC_CONFIG_HEADER(config.h)
-+AC_CONFIG_FILES([libpcap.pc])
- 
- AC_OUTPUT_COMMANDS([if test -f .devel; then
- 	echo timestamp > stamp-h
-diff --git a/libpcap.pc.in b/libpcap.pc.in
-new file mode 100644
-index 0000000..4f78ad8
---- /dev/null
-+++ b/libpcap.pc.in
-@@ -0,0 +1,10 @@
-+prefix=@prefix@
-+exec_prefix=@exec_prefix@
-+libdir=@libdir@
-+includedir=@includedir@
-+
-+Name: libpcap
-+Description: System-independent interface for user-level packet capture.
-+Version: @VERSION@
-+Libs: -L${libdir} -lpcap
-+Cflags: -I${includedir}
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.7.4.bb b/meta/recipes-connectivity/libpcap/libpcap_1.7.4.bb
deleted file mode 100644
index 8d12b25213..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap_1.7.4.bb
+++ /dev/null
@@ -1,26 +0,0 @@
-require libpcap.inc
-
-SRC_URI += "file://aclocal.patch \
-            file://libpcap-pkgconfig-support.patch \
-           "
-SRC_URI[md5sum] = "b2e13142bbaba857ab1c6894aedaf547"
-SRC_URI[sha256sum] = "7ad3112187e88328b85e46dce7a9b949632af18ee74d97ffc3f2b41fe7f448b0"
-
-#
-# make install doesn't cover the shared lib
-# make install-shared is just broken (no symlinks)
-#
-
-do_configure_prepend () {
-    #remove hardcoded references to /usr/include
-    sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.in
-}
-
-do_install_prepend () {
-    install -d ${D}${libdir}
-    install -d ${D}${bindir}
-    oe_runmake install-shared DESTDIR=${D}
-    oe_libinstall -a -so libpcap ${D}${libdir}
-    sed "s|@VERSION@|${PV}|" -i ${B}/libpcap.pc
-    install -D -m 0644 libpcap.pc ${D}${libdir}/pkgconfig/libpcap.pc
-}
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
new file mode 100644
index 0000000000..35bb5650b3
--- /dev/null
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.9.1.bb
@@ -0,0 +1,44 @@
+SUMMARY = "Interface for user-level network packet capture"
+DESCRIPTION = "Libpcap provides a portable framework for low-level network \
+monitoring.  Libpcap can provide network statistics collection, \
+security monitoring and network debugging."
+HOMEPAGE = "http://www.tcpdump.org/"
+BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
+SECTION = "libs/network"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
+                    file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
+DEPENDS = "flex-native bison-native"
+
+SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
+           "
+SRC_URI[md5sum] = "21af603d9a591c7d96a6457021d84e6c"
+SRC_URI[sha256sum] = "635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094"
+
+inherit autotools binconfig-disabled pkgconfig
+
+BINCONFIG = "${bindir}/pcap-config"
+
+# Explicitly disable dag support. We don't have recipe for it and if enabled here,
+# configure script poisons the include dirs with /usr/local/include even when the
+# support hasn't been detected.
+EXTRA_OECONF = " \
+                 --with-pcap=linux \
+                 --without-dag \
+                 "
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5"
+PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
+
+do_configure_prepend () {
+    #remove hardcoded references to /usr/include
+    sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
+}
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index bd488eb089..0b0bbab168 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -1,12 +1,15 @@
 SUMMARY = "Mobile Broadband Service Provider Database"
+HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders"
 SECTION = "network"
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "519465766fabc85b9fdea5f2b5ee3d08c2b1f70d"
-PV = "20151214"
+SRCREV = "22b49d86fb7aded2c195a9d49e5924da696b3228"
+PV = "20190618"
 PE = "1"
 
-SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https"
 S = "${WORKDIR}/git"
 
 inherit autotools
+
+DEPENDS += "libxslt-native"
diff --git a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
new file mode 100644
index 0000000000..d8e8a5e5da
--- /dev/null
+++ b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
@@ -0,0 +1,35 @@
+From affaa2021a54c30353e4e1fee09c13a4de2196be Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date: Fri, 17 Mar 2017 14:24:29 +0200
+Subject: [PATCH] Add header dependency to nciattach.o
+
+This can happen when compiling nciattach.o:
+
+| In file included from ../neard-0.16/tools/nciattach.c:47:0:
+| ../neard-0.16/src/near.h:30:27: fatal error: near/nfc_copy.h: No such
+file or directory
+|  #include <near/nfc_copy.h>
+
+Add the missing dependency to local headers.
+
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Upstream-Status: Submitted [mailinglist]
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index fa552ee..acef6ba 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -253,6 +253,7 @@ se/builtin.h: src/genbuiltin $(builtin_se_sources)
+ 
+ $(src_neard_OBJECTS) \
+ $(tools_nfctool_nfctool_OBJECTS) \
++$(tools_nciattach_OBJECTS) \
+ $(plugin_objects) \
+ $(se_seeld_OBJECTS) \
+ $(unit_test_ndef_parse_OBJECTS) \
+-- 
+2.11.0
+
diff --git a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
index 466067693d..6e864079a9 100644
--- a/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
+++ b/meta/recipes-connectivity/neard/neard/Makefile.am-fix-parallel-issue.patch
@@ -16,18 +16,15 @@ Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
  Makefile.am |    1 +
  1 file changed, 1 insertion(+)
 
-diff --git a/Makefile.am b/Makefile.am
-index 3241311..a43eaa2 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -164,6 +164,7 @@ MAINTAINERCLEANFILES = Makefile.in \
+Index: neard-0.16/Makefile.am
+===================================================================
+--- neard-0.16.orig/Makefile.am
++++ neard-0.16/Makefile.am
+@@ -244,6 +244,7 @@ SED_PROCESS = $(AM_V_GEN)$(MKDIR_P) $(di
  src/plugin.$(OBJEXT): src/builtin.h
  
  src/builtin.h: src/genbuiltin $(builtin_sources)
 +	$(AM_V_at)$(MKDIR_P) src
  	$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
  
- $(src_neard_OBJECTS) \
--- 
-1.7.9.5
-
+ se/plugin.$(OBJEXT): se/builtin.h
diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.16.bb
index 5433dc3c3e..7c124a3c0b 100644
--- a/meta/recipes-connectivity/neard/neard_0.16.bb
+++ b/meta/recipes-connectivity/neard/neard_0.16.bb
@@ -9,6 +9,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \
            file://neard.in \
            file://Makefile.am-fix-parallel-issue.patch \
            file://Makefile.am-do-not-ship-version.h.patch \
+           file://0001-Add-header-dependency-to-nciattach.o.patch \
           "
 SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41"
 SRC_URI[sha256sum] = "eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36"
@@ -17,9 +18,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
  file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
  "
 
-inherit autotools pkgconfig systemd update-rc.d bluetooth
+inherit autotools pkgconfig systemd update-rc.d
 
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 
 PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd"
 
@@ -39,7 +40,7 @@ RDEPENDS_${PN} = "dbus"
 
 # Bluez & Wifi are not mandatory except for handover
 RRECOMMENDS_${PN} = "\
-                     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+                     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
                      ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \
                     "
 
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch
deleted file mode 100644
index 4ac5290440..0000000000
--- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/0001-include-sys-types.h-for-getting-u_-typedefs.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From a5e95a42e7bceddc9ecad06694c1a0588f4bafc8 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 14 Apr 2015 07:22:47 -0700
-Subject: [PATCH] include sys/types.h for getting u_* typedefs
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- cfg.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/cfg.h b/cfg.h
-index d4d4cab..fe49e8f 100644
---- a/cfg.h
-+++ b/cfg.h
-@@ -33,6 +33,7 @@
- #ifndef _CONF_H_
- #define _CONF_H_
- 
-+#include <sys/types.h>
- #include "queue.h"
- 
- struct conf_list_node {
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch
deleted file mode 100644
index 4633da919e..0000000000
--- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/Set_nobody_user_group.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Set nobody user and group
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Roy.Li <rongqing.li@windriver.com>
---- a/idmapd.conf
-+++ b/idmapd.conf
-@@ -17,8 +17,8 @@
- 
- [Mapping]
- 
--#Nobody-User = nobody
--#Nobody-Group = nobody
-+Nobody-User = nobody
-+Nobody-Group = nogroup
- 
- [Translation]
- 
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch b/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch
deleted file mode 100644
index d81c7c5f32..0000000000
--- a/meta/recipes-connectivity/nfs-utils/libnfsidmap/fix-ac-prereq.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
---- a/configure.in
-+++ b/configure.in
-@@ -1,7 +1,7 @@
- #                                               -*- Autoconf -*-
- # Process this file with autoconf to produce a configure script.
- 
--AC_PREREQ([2.68])
-+AC_PREREQ([2.65])
- AC_INIT([libnfsidmap],[0.25],[linux-nfs@vger.kernel.org])
- AC_CONFIG_SRCDIR([nfsidmap.h])
- AC_CONFIG_MACRO_DIR([m4])
diff --git a/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb b/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb
deleted file mode 100644
index 2565771006..0000000000
--- a/meta/recipes-connectivity/nfs-utils/libnfsidmap_0.25.bb
+++ /dev/null
@@ -1,27 +0,0 @@
-SUMMARY = "NFS id mapping library"
-HOMEPAGE = "http://www.citi.umich.edu/projects/nfsv4/linux/"
-SECTION = "libs"
-
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d9c6a2a0ca6017fda7cd905ed2739b37"
-
-SRC_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/${BPN}-${PV}.tar.gz \
-           file://fix-ac-prereq.patch \
-           file://Set_nobody_user_group.patch \
-           file://0001-include-sys-types.h-for-getting-u_-typedefs.patch \
-          "
-
-SRC_URI[md5sum] = "2ac4893c92716add1a1447ae01df77ab"
-SRC_URI[sha256sum] = "656d245d84400e1030f8f40a5a27da76370690c4a932baf249110f047fe7efcf"
-
-UPSTREAM_CHECK_URI = "http://www.citi.umich.edu/projects/nfsv4/linux/libnfsidmap/"
-
-inherit autotools
-
-EXTRA_OECONF = "--disable-ldap"
-
-do_install_append () {
-	install -d ${D}${sysconfdir}/
-	install -m 0644 ${WORKDIR}/${BPN}-${PV}/idmapd.conf ${D}${sysconfdir}/idmapd.conf
-}
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch
new file mode 100644
index 0000000000..23bc3eaf72
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Don-t-build-tools-with-CC_FOR_BUILD.patch
@@ -0,0 +1,40 @@
+From 79019d976584c598f8d0a9d8de43c989946f974b Mon Sep 17 00:00:00 2001
+From: Pascal Bach <pascal.bach@siemens.com>
+Date: Wed, 13 Feb 2019 09:28:07 +0100
+Subject: [PATCH] Don't build tools with CC_FOR_BUILD
+
+The tools are intended for the target not for the host.
+
+Upstream-Status: Pending
+
+Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
+---
+ tools/locktest/Makefile.am | 1 -
+ tools/rpcgen/Makefile.am   | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
+index 3156815..87d0bac 100644
+--- a/tools/locktest/Makefile.am
++++ b/tools/locktest/Makefile.am
+@@ -1,6 +1,5 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+-CC=$(CC_FOR_BUILD)
+ LIBTOOL = @LIBTOOL@ --tag=CC
+ 
+ noinst_PROGRAMS = testlk
+diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
+index 8a9ec89..3e092c9 100644
+--- a/tools/rpcgen/Makefile.am
++++ b/tools/rpcgen/Makefile.am
+@@ -1,6 +1,5 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+-CC=$(CC_FOR_BUILD)
+ LIBTOOL = @LIBTOOL@ --tag=CC
+ 
+ noinst_PROGRAMS = rpcgen
+-- 
+2.11.0
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch
new file mode 100644
index 0000000000..7b0f93535f
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Fix-include-order-between-config.h-and-stat.h.patch
@@ -0,0 +1,156 @@
+From 2fbc62e2a13fc22b6ae4910e295a2c10fb790486 Mon Sep 17 00:00:00 2001
+From: Zoltan Karcagi <zkr7432@gmail.com>
+Date: Mon, 12 Aug 2019 13:27:16 -0400
+Subject: [PATCH] Fix include order between config.h and stat.h
+
+At least on Arch linux ARM, the definition of struct stat in stat.h depends
+on __USE_FILE_OFFSET64. This symbol comes from config.h when defined,
+therefore config.h must always be included before stat.h. Fix all
+occurrences where the order is wrong by moving config.h to the top.
+
+This fixes the client side error "Stale file handle" when mounting from
+a server running Arch Linux ARM.
+
+Signed-off-by: Zoltan Karcagi <zkr7432@gmail.com>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+
+Upstream-Status: Backport
+[http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=2fbc62e2a13fc22b6ae4910e295a2c10fb790486]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ support/misc/nfsd_path.c         | 5 ++++-
+ support/misc/xstat.c             | 5 ++++-
+ support/nfs/conffile.c           | 8 +++++++-
+ utils/blkmapd/device-discovery.c | 8 ++++----
+ utils/idmapd/idmapd.c            | 8 ++++----
+ 5 files changed, 23 insertions(+), 11 deletions(-)
+
+diff --git a/support/misc/nfsd_path.c b/support/misc/nfsd_path.c
+index 84e4802..f078a66 100644
+--- a/support/misc/nfsd_path.c
++++ b/support/misc/nfsd_path.c
+@@ -1,3 +1,7 @@
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
+ #include <errno.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+@@ -5,7 +9,6 @@
+ #include <stdlib.h>
+ #include <unistd.h>
+ 
+-#include "config.h"
+ #include "conffile.h"
+ #include "xmalloc.h"
+ #include "xlog.h"
+diff --git a/support/misc/xstat.c b/support/misc/xstat.c
+index fa04788..4c997ee 100644
+--- a/support/misc/xstat.c
++++ b/support/misc/xstat.c
+@@ -1,3 +1,7 @@
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
+ #include <errno.h>
+ #include <sys/types.h>
+ #include <fcntl.h>
+@@ -5,7 +9,6 @@
+ #include <sys/sysmacros.h>
+ #include <unistd.h>
+ 
+-#include "config.h"
+ #include "xstat.h"
+ 
+ #ifdef HAVE_FSTATAT
+diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c
+index b6400be..6ba8a35 100644
+--- a/support/nfs/conffile.c
++++ b/support/nfs/conffile.c
+@@ -500,7 +500,7 @@ conf_readfile(const char *path)
+ 
+ 	if ((stat (path, &sb) == 0) || (errno != ENOENT)) {
+ 		char *new_conf_addr = NULL;
+-		size_t sz = sb.st_size;
++		off_t sz;
+ 		int fd = open (path, O_RDONLY, 0);
+ 
+ 		if (fd == -1) {
+@@ -517,6 +517,11 @@ conf_readfile(const char *path)
+ 
+ 		/* only after we have the lock, check the file size ready to read it */
+ 		sz = lseek(fd, 0, SEEK_END);
++		if (sz < 0) {
++			xlog_warn("conf_readfile: unable to determine file size: %s",
++				  strerror(errno));
++			goto fail;
++		}
+ 		lseek(fd, 0, SEEK_SET);
+ 
+ 		new_conf_addr = malloc(sz+1);
+@@ -2162,6 +2167,7 @@ conf_write(const char *filename, const char *section, const char *arg,
+ 	ret = 0;
+ 
+ cleanup:
++	flush_outqueue(&inqueue, NULL);
+ 	flush_outqueue(&outqueue, NULL);
+ 
+ 	if (buff)
+diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c
+index e811703..f5f9b10 100644
+--- a/utils/blkmapd/device-discovery.c
++++ b/utils/blkmapd/device-discovery.c
+@@ -26,6 +26,10 @@
+  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+ 
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif /* HAVE_CONFIG_H */
++
+ #include <sys/sysmacros.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+@@ -51,10 +55,6 @@
+ #include <errno.h>
+ #include <libdevmapper.h>
+ 
+-#ifdef HAVE_CONFIG_H
+-#include "config.h"
+-#endif /* HAVE_CONFIG_H */
+-
+ #include "device-discovery.h"
+ #include "xcommon.h"
+ #include "nfslib.h"
+diff --git a/utils/idmapd/idmapd.c b/utils/idmapd/idmapd.c
+index 62e37b8..267acea 100644
+--- a/utils/idmapd/idmapd.c
++++ b/utils/idmapd/idmapd.c
+@@ -34,6 +34,10 @@
+  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+ 
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif /* HAVE_CONFIG_H */
++
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <sys/inotify.h>
+@@ -62,10 +66,6 @@
+ #include <libgen.h>
+ #include <nfsidmap.h>
+ 
+-#ifdef HAVE_CONFIG_H
+-#include "config.h"
+-#endif /* HAVE_CONFIG_H */
+-
+ #include "xlog.h"
+ #include "conffile.h"
+ #include "queue.h"
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
new file mode 100644
index 0000000000..fcb0e99b33
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
@@ -0,0 +1,295 @@
+From 690a90a5b7786e40b5447ad7c5f19a7657d27405 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Fri, 14 Dec 2018 17:44:32 +0800
+Subject: [PATCH] Makefile.am: fix undefined function for libnsm.a
+
+The source file of libnsm.a uses some function
+in ../support/misc/file.c, add ../support/misc/file.c
+to libnsm_a_SOURCES to fix build error when run
+"make -C tests statdb_dump":
+| ../support/nsm/libnsm.a(file.o): In function `nsm_make_pathname':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:175: undefined reference to `generic_make_pathname'
+| ../support/nsm/libnsm.a(file.o): In function `nsm_setup_pathnames':
+| /usr/src/debug/nfs-utils/2.3.3-r0/nfs-utils-2.3.3/support/nsm/file.c:280: undefined reference to `generic_setup_basedir'
+| collect2: error: ld returned 1 exit status
+
+As there is already one source file named file.c
+as support/nsm/file.c in support/nsm/Makefile.am,
+so rename ../support/misc/file.c to ../support/misc/misc.c.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+
+Rebase it.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+---
+ support/misc/Makefile.am |   2 +-
+ support/misc/file.c      | 111 ---------------------------------------------------------------------------------------------------------------
+ support/misc/misc.c      | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ support/nsm/Makefile.am  |   2 +-
+ 4 files changed, 113 insertions(+), 113 deletions(-)
+
+diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am
+index f9993e3..8b0e9db 100644
+--- a/support/misc/Makefile.am
++++ b/support/misc/Makefile.am
+@@ -1,7 +1,7 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+ noinst_LIBRARIES = libmisc.a
+-libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c \
++libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c \
+ 		    nfsd_path.c workqueue.c xstat.c
+ 
+ MAINTAINERCLEANFILES = Makefile.in
+diff --git a/support/misc/file.c b/support/misc/file.c
+deleted file mode 100644
+index e7c3819..0000000
+--- a/support/misc/file.c
++++ /dev/null
+@@ -1,111 +0,0 @@
+-/*
+- * Copyright 2009 Oracle.  All rights reserved.
+- * Copyright 2017 Red Hat, Inc.  All rights reserved.
+- *
+- * This file is part of nfs-utils.
+- *
+- * nfs-utils is free software; you can redistribute it and/or modify
+- * it under the terms of the GNU General Public License as published by
+- * the Free Software Foundation; either version 2 of the License, or
+- * (at your option) any later version.
+- *
+- * nfs-utils is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+- * GNU General Public License for more details.
+- *
+- * You should have received a copy of the GNU General Public License
+- * along with nfs-utils.  If not, see <http://www.gnu.org/licenses/>.
+- */
+-
+-#include <sys/stat.h>
+-
+-#include <string.h>
+-#include <libgen.h>
+-#include <stdio.h>
+-#include <errno.h>
+-#include <dirent.h>
+-#include <stdlib.h>
+-#include <stdbool.h>
+-#include <limits.h>
+-
+-#include "xlog.h"
+-#include "misc.h"
+-
+-/*
+- * Returns a dynamically allocated, '\0'-terminated buffer
+- * containing an appropriate pathname, or NULL if an error
+- * occurs.  Caller must free the returned result with free(3).
+- */
+-__attribute__((__malloc__))
+-char *
+-generic_make_pathname(const char *base, const char *leaf)
+-{
+-	size_t size;
+-	char *path;
+-	int len;
+-
+-	size = strlen(base) + strlen(leaf) + 2;
+-	if (size > PATH_MAX)
+-		return NULL;
+-
+-	path = malloc(size);
+-	if (path == NULL)
+-		return NULL;
+-
+-	len = snprintf(path, size, "%s/%s", base, leaf);
+-	if ((len < 0) || ((size_t)len >= size)) {
+-		free(path);
+-		return NULL;
+-	}
+-
+-	return path;
+-}
+-
+-
+-/**
+- * generic_setup_basedir - set up basedir
+- * @progname: C string containing name of program, for error messages
+- * @parentdir: C string containing pathname to on-disk state, or NULL
+- * @base: character buffer to contain the basedir that is set up
+- * @baselen: size of @base in bytes
+- *
+- * This runs before logging is set up, so error messages are directed
+- * to stderr.
+- *
+- * Returns true and sets up our basedir, if @parentdir was valid
+- * and usable; otherwise false is returned.
+- */
+-_Bool
+-generic_setup_basedir(const char *progname, const char *parentdir, char *base,
+-		      const size_t baselen)
+-{
+-	static char buf[PATH_MAX];
+-	struct stat st;
+-	char *path;
+-
+-	/* First: test length of name and whether it exists */
+-	if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
+-		(void)fprintf(stderr, "%s: Directory name too long: %s",
+-				progname, parentdir);
+-		return false;
+-	}
+-	if (lstat(parentdir, &st) == -1) {
+-		(void)fprintf(stderr, "%s: Failed to stat %s: %s",
+-				progname, parentdir, strerror(errno));
+-		return false;
+-	}
+-
+-	/* Ensure we have a clean directory pathname */
+-	strncpy(buf, parentdir, sizeof(buf)-1);
+-	path = dirname(buf);
+-	if (*path == '.') {
+-		(void)fprintf(stderr, "%s: Unusable directory %s",
+-				progname, parentdir);
+-		return false;
+-	}
+-
+-	xlog(D_CALL, "Using %s as the state directory", parentdir);
+-	strcpy(base, parentdir);
+-	return true;
+-}
+diff --git a/support/misc/misc.c b/support/misc/misc.c
+new file mode 100644
+index 0000000..e7c3819
+--- /dev/null
++++ b/support/misc/misc.c
+@@ -0,0 +1,111 @@
++/*
++ * Copyright 2009 Oracle.  All rights reserved.
++ * Copyright 2017 Red Hat, Inc.  All rights reserved.
++ *
++ * This file is part of nfs-utils.
++ *
++ * nfs-utils is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * nfs-utils is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with nfs-utils.  If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <sys/stat.h>
++
++#include <string.h>
++#include <libgen.h>
++#include <stdio.h>
++#include <errno.h>
++#include <dirent.h>
++#include <stdlib.h>
++#include <stdbool.h>
++#include <limits.h>
++
++#include "xlog.h"
++#include "misc.h"
++
++/*
++ * Returns a dynamically allocated, '\0'-terminated buffer
++ * containing an appropriate pathname, or NULL if an error
++ * occurs.  Caller must free the returned result with free(3).
++ */
++__attribute__((__malloc__))
++char *
++generic_make_pathname(const char *base, const char *leaf)
++{
++	size_t size;
++	char *path;
++	int len;
++
++	size = strlen(base) + strlen(leaf) + 2;
++	if (size > PATH_MAX)
++		return NULL;
++
++	path = malloc(size);
++	if (path == NULL)
++		return NULL;
++
++	len = snprintf(path, size, "%s/%s", base, leaf);
++	if ((len < 0) || ((size_t)len >= size)) {
++		free(path);
++		return NULL;
++	}
++
++	return path;
++}
++
++
++/**
++ * generic_setup_basedir - set up basedir
++ * @progname: C string containing name of program, for error messages
++ * @parentdir: C string containing pathname to on-disk state, or NULL
++ * @base: character buffer to contain the basedir that is set up
++ * @baselen: size of @base in bytes
++ *
++ * This runs before logging is set up, so error messages are directed
++ * to stderr.
++ *
++ * Returns true and sets up our basedir, if @parentdir was valid
++ * and usable; otherwise false is returned.
++ */
++_Bool
++generic_setup_basedir(const char *progname, const char *parentdir, char *base,
++		      const size_t baselen)
++{
++	static char buf[PATH_MAX];
++	struct stat st;
++	char *path;
++
++	/* First: test length of name and whether it exists */
++	if ((strlen(parentdir) >= baselen) || (strlen(parentdir) >= PATH_MAX)) {
++		(void)fprintf(stderr, "%s: Directory name too long: %s",
++				progname, parentdir);
++		return false;
++	}
++	if (lstat(parentdir, &st) == -1) {
++		(void)fprintf(stderr, "%s: Failed to stat %s: %s",
++				progname, parentdir, strerror(errno));
++		return false;
++	}
++
++	/* Ensure we have a clean directory pathname */
++	strncpy(buf, parentdir, sizeof(buf)-1);
++	path = dirname(buf);
++	if (*path == '.') {
++		(void)fprintf(stderr, "%s: Unusable directory %s",
++				progname, parentdir);
++		return false;
++	}
++
++	xlog(D_CALL, "Using %s as the state directory", parentdir);
++	strcpy(base, parentdir);
++	return true;
++}
+diff --git a/support/nsm/Makefile.am b/support/nsm/Makefile.am
+index 8f5874e..68f1a46 100644
+--- a/support/nsm/Makefile.am
++++ b/support/nsm/Makefile.am
+@@ -10,7 +10,7 @@ GENFILES	= $(GENFILES_CLNT) $(GENFILES_SVC) $(GENFILES_XDR) $(GENFILES_H)
+ EXTRA_DIST	= sm_inter.x
+ 
+ noinst_LIBRARIES = libnsm.a
+-libnsm_a_SOURCES = $(GENFILES) file.c rpc.c
++libnsm_a_SOURCES = $(GENFILES) ../misc/misc.c file.c rpc.c
+ 
+ BUILT_SOURCES = $(GENFILES)
+ 
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
new file mode 100644
index 0000000000..bafff5b9c0
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
@@ -0,0 +1,38 @@
+From ac32b813f5d6f9a2de944015cf9bb98d68e0203a Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 1 Dec 2018 10:02:12 -0800
+Subject: [PATCH] cacheio: use intmax_t for formatted IO
+
+time_t is not same size on x32 ABI (ILP32)
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ support/nfs/cacheio.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c
+index 9dc4cf1..2086a95 100644
+--- a/support/nfs/cacheio.c
++++ b/support/nfs/cacheio.c
+@@ -17,6 +17,7 @@
+ 
+ #include <nfslib.h>
+ #include <stdio.h>
++#include <inttypes.h>
+ #include <stdio_ext.h>
+ #include <string.h>
+ #include <ctype.h>
+@@ -234,7 +235,7 @@ cache_flush(int force)
+ 	    stb.st_mtime > now)
+ 		stb.st_mtime = time(0);
+ 	
+-	sprintf(stime, "%ld\n", stb.st_mtime);
++	sprintf(stime, "%jd\n", (intmax_t)stb.st_mtime);
+ 	for (c=0; cachelist[c]; c++) {
+ 		int fd;
+ 		sprintf(path, "/proc/net/rpc/%s/flush", cachelist[c]);
+-- 
+2.19.2
+
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch
deleted file mode 100644
index 7025fb555c..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure-Allow-to-explicitly-disable-nfsidmap.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 9b84cff305866abd150cf1a4c6e7e5ebf8a7eb3a Mon Sep 17 00:00:00 2001
-From: Martin Jansa <Martin.Jansa@gmail.com>
-Date: Fri, 15 Nov 2013 23:21:35 +0100
-Subject: [PATCH] configure: Allow to explicitly disable nfsidmap
-
-* keyutils availability is autodetected and builds aren't reproducible
-
-Upstream-Status: Pending
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
----
- configure.ac | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index bf433d6..28a8f62 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -69,6 +69,12 @@ AC_ARG_ENABLE(nfsv4,
- 	AC_SUBST(enable_nfsv4)
- 	AM_CONDITIONAL(CONFIG_NFSV4, [test "$enable_nfsv4" = "yes"])
- 
-+AC_ARG_ENABLE(nfsidmap,
-+        [AC_HELP_STRING([--enable-nfsidmap],
-+                        [enable support for NFSv4 idmapper @<:@default=yes@:>@])],
-+        enable_nfsidmap=$enableval,
-+        enable_nfsidmap=yes)
-+
- AC_ARG_ENABLE(nfsv41,
- 	[AC_HELP_STRING([--enable-nfsv41],
-                         [enable support for NFSv41 @<:@default=yes@:>@])],
-@@ -296,7 +302,7 @@ fi
- 
- dnl enable nfsidmap when its support by libnfsidmap
- AM_CONDITIONAL(CONFIG_NFSDCLTRACK, [test "$enable_nfsdcltrack" = "yes" ])
--AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyes"])
-+AM_CONDITIONAL(CONFIG_NFSIDMAP, [test "$enable_nfsidmap$ac_cv_header_keyutils_h$ac_cv_lib_nfsidmap_nfs4_owner_to_uid" = "yesyesyes"])
- 
- 
- if test "$knfsd_cv_glibc2" = no; then
--- 
-1.8.4.3
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch
new file mode 100644
index 0000000000..d14f0789ff
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch
@@ -0,0 +1,40 @@
+From 66471fbf7106917da7a1536b18a0a77d07479779 Mon Sep 17 00:00:00 2001
+From: Mingli Yu <Mingli.Yu@windriver.com>
+Date: Mon, 17 Dec 2018 15:29:47 +0800
+Subject: [PATCH] configure.ac: Do not fatalize -Wmissing-prototypes
+
+There comes below error when run "make -C tests/nsm_client nsm_client"
+| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes]
+
+It is because rpcgen doesn't generate -Wmissing-prototypes
+free code for nlm_sm_inter_svc.c with below logic
+in tests/nsm_client/Makefile.am
+[snip]
+GENFILES_SVC    = nlm_sm_inter_svc.c
+[snip]
+$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN)
+        test -f $@ && rm -rf $@ || true
+        $(RPCGEN) -m -o $@ $<
+
+So add the logic not to fatalize -Wmissing-prototypes.
+
+Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154503260323936&w=2]
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 50002b4..aebff01 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -582,7 +582,7 @@ my_am_cflags="\
+  -Wall \
+  -Wextra \
+  $rpcgen_cflags \
+- -Werror=missing-prototypes \
++ -Wmissing-prototypes \
+  -Werror=missing-declarations \
+  -Werror=format=2 \
+  -Werror=undef \
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch
deleted file mode 100644
index de0b045c8c..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-Upstream-Status: Pending
-
-Subject: nfs-utils/statd: fix a segfault caused by improper usage of RPC interface
-
-There is a hack which uses the bottom-level RPC improperly as below
-in the current statd implementation:
-insert a socket in the svc_fdset without a corresponding transport handle
-and passes the socket to the svc_getreqset subroutine, this usage causes
-a segfault of statd on a huge amount of sm-notifications.
-
-Fix the issue by separating the non-RPC-server sock from RPC dispatcher.
-
-Signed-off-by: Shan Hai <shan.hai@windriver.com>
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- utils/statd/rmtcall.c | 1 -
- utils/statd/statd.c   | 5 +++--
- utils/statd/statd.h   | 2 +-
- utils/statd/svc_run.c | 8 ++++++--
- 4 files changed, 10 insertions(+), 6 deletions(-)
-
-diff --git a/utils/statd/rmtcall.c b/utils/statd/rmtcall.c
-index fd576d9..cde091b 100644
---- a/utils/statd/rmtcall.c
-+++ b/utils/statd/rmtcall.c
-@@ -104,7 +104,6 @@ statd_get_socket(void)
- 	if (sockfd < 0)
- 		return -1;
- 
--	FD_SET(sockfd, &SVC_FDSET);
- 	return sockfd;
- }
- 
-diff --git a/utils/statd/statd.c b/utils/statd/statd.c
-index 51a016e..e21a259 100644
---- a/utils/statd/statd.c
-+++ b/utils/statd/statd.c
-@@ -247,6 +247,7 @@ int main (int argc, char **argv)
- 	int port = 0, out_port = 0;
- 	int nlm_udp = 0, nlm_tcp = 0;
- 	struct rlimit rlim;
-+	int notify_sockfd;
- 
- 	int pipefds[2] = { -1, -1};
- 	char status;
-@@ -473,7 +474,7 @@ int main (int argc, char **argv)
- 		}
- 
- 	/* Make sure we have a privilege port for calling into the kernel */
--	if (statd_get_socket() < 0)
-+	if ((notify_sockfd = statd_get_socket()) < 0)
- 		exit(1);
- 
- 	/* If sm-notify didn't take all the state files, load
-@@ -528,7 +529,7 @@ int main (int argc, char **argv)
- 		 * Handle incoming requests:  SM_NOTIFY socket requests, as
- 		 * well as callbacks from lockd.
- 		 */
--		my_svc_run();	/* I rolled my own, Olaf made it better... */
-+		my_svc_run(notify_sockfd);	/* I rolled my own, Olaf made it better... */
- 
- 		/* Only get here when simulating a crash so we should probably
- 		 * start sm-notify running again.  As we have already dropped
-diff --git a/utils/statd/statd.h b/utils/statd/statd.h
-index a1d8035..231ac7e 100644
---- a/utils/statd/statd.h
-+++ b/utils/statd/statd.h
-@@ -28,7 +28,7 @@ extern _Bool	statd_present_address(const struct sockaddr *sap, char *buf,
- __attribute__((__malloc__))
- extern char *	statd_canonical_name(const char *hostname);
- 
--extern void	my_svc_run(void);
-+extern void	my_svc_run(int);
- extern void	notify_hosts(void);
- extern void	shuffle_dirs(void);
- extern int	statd_get_socket(void);
-diff --git a/utils/statd/svc_run.c b/utils/statd/svc_run.c
-index d98ecee..28c1ad6 100644
---- a/utils/statd/svc_run.c
-+++ b/utils/statd/svc_run.c
-@@ -78,7 +78,7 @@ my_svc_exit(void)
-  * The heart of the server.  A crib from libc for the most part...
-  */
- void
--my_svc_run(void)
-+my_svc_run(int sockfd)
- {
- 	FD_SET_TYPE	readfds;
- 	int             selret;
-@@ -96,6 +96,8 @@ my_svc_run(void)
- 		}
- 
- 		readfds = SVC_FDSET;
-+		/* Set notify sockfd for waiting for reply */
-+		FD_SET(sockfd, &readfds);
- 		if (notify) {
- 			struct timeval	tv;
- 
-@@ -125,8 +127,10 @@ my_svc_run(void)
- 
- 		default:
- 			selret -= process_reply(&readfds);
--			if (selret)
-+			if (selret) {
-+				FD_CLR(sockfd, &readfds);
- 				svc_getreqset(&readfds);
-+			}
- 		}
- 	}
- }
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
index 14bd4036af..f13d7b380c 100644
--- a/meta/recipes-connectivity/nfs-utils/files/bugfix-adjust-statd-service-name.patch
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
@@ -12,23 +12,28 @@ instead but forgot to update the mount.nfs helper 'start-statd' accordingly.
 Upstream-Status: Inappropriate [other]
 
 Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
+
+Rebase it.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
 ---
- utils/statd/start-statd | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ utils/statd/start-statd | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/utils/statd/start-statd b/utils/statd/start-statd
-index 8211a90..3c2aa6f 100755
+index af5c950..df9b9be 100755
 --- a/utils/statd/start-statd
 +++ b/utils/statd/start-statd
-@@ -16,7 +16,7 @@ fi
+@@ -28,10 +28,10 @@ fi
  # First try systemd if it's installed.
  if [ -d /run/systemd/system ]; then
      # Quit only if the call worked.
--    systemctl start rpc-statd.service && exit
-+    systemctl start nfs-statd.service && exit
+-    if systemctl start rpc-statd.service; then
++    if systemctl start nfs-statd.service; then
+         # Ensure systemd knows not to stop rpc.statd or its dependencies
+         # on 'systemctl isolate ..'
+-        systemctl add-wants --runtime remote-fs.target rpc-statd.service
++        systemctl add-wants --runtime remote-fs.target nfs-statd.service
+         exit 0
+     fi
  fi
- 
- # Fall back to launching it ourselves.
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch
new file mode 100644
index 0000000000..1d693e4142
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch
@@ -0,0 +1,183 @@
+Clang comes up with more printf format warnings
+Correcting “format string is not a string literal” warning
+requires us to declare that parameter is a printf style 
+format using the attribute flag
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: nfs-utils-2.3.3/support/include/xcommon.h
+===================================================================
+--- nfs-utils-2.3.3.orig/support/include/xcommon.h
++++ nfs-utils-2.3.3/support/include/xcommon.h
+@@ -27,7 +27,7 @@
+ 
+ /* Functions in sundries.c that are used in mount.c and umount.c  */ 
+ char *canonicalize (const char *path);
+-void nfs_error (const char *fmt, ...);
++void nfs_error (const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
+ void *xmalloc (size_t size);
+ void *xrealloc(void *p, size_t size);
+ void xfree(void *);
+@@ -36,9 +36,9 @@ char *xstrndup (const char *s, int n);
+ char *xstrconcat2 (const char *, const char *);
+ char *xstrconcat3 (const char *, const char *, const char *);
+ char *xstrconcat4 (const char *, const char *, const char *, const char *);
+-void die (int errcode, const char *fmt, ...);
++void die (int errcode, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
+ 
+-extern void die(int err, const char *fmt, ...);
++extern void die(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
+ extern void (*at_die)(void);
+ 
+ /* exit status - bits below are ORed */
+Index: nfs-utils-2.3.3/support/include/xlog.h
+===================================================================
+--- nfs-utils-2.3.3.orig/support/include/xlog.h
++++ nfs-utils-2.3.3/support/include/xlog.h
+@@ -43,10 +43,10 @@ void			xlog_config(int fac, int on);
+ void			xlog_sconfig(char *, int on);
+ void			xlog_from_conffile(char *);
+ int			xlog_enabled(int fac);
+-void			xlog(int fac, const char *fmt, ...);
+-void			xlog_warn(const char *fmt, ...);
+-void			xlog_err(const char *fmt, ...);
+-void			xlog_errno(int err, const char *fmt, ...);
+-void			xlog_backend(int fac, const char *fmt, va_list args);
++void			xlog(int fac, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
++void			xlog_warn(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
++void			xlog_err(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
++void			xlog_errno(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
++void			xlog_backend(int fac, const char *fmt, va_list args) __attribute__((__format__ (__printf__, 2, 0)));
+ 
+ #endif /* XLOG_H */
+Index: nfs-utils-2.3.3/support/nfs/xcommon.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nfs/xcommon.c
++++ nfs-utils-2.3.3/support/nfs/xcommon.c
+@@ -93,7 +93,10 @@ nfs_error (const char *fmt, ...) {
+ 
+      fmt2 = xstrconcat2 (fmt, "\n");
+      va_start (args, fmt);
++#pragma clang diagnostic push
++#pragma clang diagnostic ignored "-Wformat-nonliteral"
+      vfprintf (stderr, fmt2, args);
++#pragma clang diagnostic pop
+      va_end (args);
+      free (fmt2);
+ }
+Index: nfs-utils-2.3.3/utils/exportfs/exportfs.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/exportfs/exportfs.c
++++ nfs-utils-2.3.3/utils/exportfs/exportfs.c
+@@ -644,6 +644,7 @@ out:
+ 	return result;
+ }
+ 
++__attribute__((__format__ (__printf__, 2, 3)))
+ static char
+ dumpopt(char c, char *fmt, ...)
+ {
+Index: nfs-utils-2.3.3/utils/statd/statd.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/statd.c
++++ nfs-utils-2.3.3/utils/statd/statd.c
+@@ -136,7 +136,7 @@ static void log_modes(void)
+ 	strcat(buf, "TI-RPC ");
+ #endif
+ 
+-	xlog_warn(buf);
++	xlog_warn("%s", buf);
+ }
+ 
+ /*
+Index: nfs-utils-2.3.3/support/nfs/svc_create.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nfs/svc_create.c
++++ nfs-utils-2.3.3/support/nfs/svc_create.c
+@@ -184,7 +184,7 @@ svc_create_sock(const struct sockaddr *s
+ 		type = SOCK_STREAM;
+ 		break;
+ 	default:
+-		xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u",
++		xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %lu",
+ 			__func__, nconf->nc_semantics);
+ 		return -1;
+ 	}
+Index: nfs-utils-2.3.3/support/nsm/rpc.c
+===================================================================
+--- nfs-utils-2.3.3.orig/support/nsm/rpc.c
++++ nfs-utils-2.3.3/support/nsm/rpc.c
+@@ -182,7 +182,7 @@ nsm_xmit_getport(const int sock, const s
+ 	uint32_t xid;
+ 	XDR xdr;
+ 
+-	xlog(D_CALL, "Sending PMAP_GETPORT for %u, %u, udp", program, version);
++	xlog(D_CALL, "Sending PMAP_GETPORT for %lu, %lu, udp", program, version);
+ 
+ 	nsm_init_xdrmem(msgbuf, NSM_MAXMSGSIZE, &xdr);
+ 	xid = nsm_init_rpc_header(PMAPPROG, PMAPVERS,
+Index: nfs-utils-2.3.3/utils/mountd/cache.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/mountd/cache.c
++++ nfs-utils-2.3.3/utils/mountd/cache.c
+@@ -968,8 +968,7 @@ lookup_export(char *dom, char *path, str
+ 			} else if (found_type == i && found->m_warned == 0) {
+ 				xlog(L_WARNING, "%s exported to both %s and %s, "
+ 				     "arbitrarily choosing options from first",
+-				     path, found->m_client->m_hostname, exp->m_client->m_hostname,
+-				     dom);
++				     path, found->m_client->m_hostname, exp->m_client->m_hostname);
+ 				found->m_warned = 1;
+ 			}
+ 		}
+Index: nfs-utils-2.3.3/utils/mountd/mountd.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/mountd/mountd.c
++++ nfs-utils-2.3.3/utils/mountd/mountd.c
+@@ -213,7 +213,7 @@ static void
+ sig_hup (int sig)
+ {
+ 	/* don't exit on SIGHUP */
+-	xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig);
++	xlog (L_NOTICE, "Received SIGHUP(%d)... Ignoring.\n", sig);
+ 	return;
+ }
+ 
+Index: nfs-utils-2.3.3/utils/statd/rmtcall.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/rmtcall.c
++++ nfs-utils-2.3.3/utils/statd/rmtcall.c
+@@ -247,7 +247,7 @@ process_reply(FD_SET_TYPE *rfds)
+ 		xlog_warn("%s: service %d not registered on localhost",
+ 			__func__, NL_MY_PROG(lp));
+ 	} else {
+-		xlog(D_GENERAL, "%s: Callback to %s (for %d) succeeded",
++		xlog(D_GENERAL, "%s: Callback to %s (for %s) succeeded",
+ 			__func__, NL_MY_NAME(lp), NL_MON_NAME(lp));
+ 	}
+ 	nlist_free(&notify, lp);
+Index: nfs-utils-2.3.3/utils/statd/svc_run.c
+===================================================================
+--- nfs-utils-2.3.3.orig/utils/statd/svc_run.c
++++ nfs-utils-2.3.3/utils/statd/svc_run.c
+@@ -53,6 +53,7 @@
+ 
+ #include <errno.h>
+ #include <time.h>
++#include <inttypes.h>
+ #include "statd.h"
+ #include "notlist.h"
+ 
+@@ -104,8 +105,8 @@ my_svc_run(int sockfd)
+ 
+ 			tv.tv_sec  = NL_WHEN(notify) - now;
+ 			tv.tv_usec = 0;
+-			xlog(D_GENERAL, "Waiting for reply... (timeo %d)",
+-							tv.tv_sec);
++			xlog(D_GENERAL, "Waiting for reply... (timeo %jd)",
++							(intmax_t)tv.tv_sec);
+ 			selret = select(FD_SETSIZE, &readfds,
+ 				(void *) 0, (void *) 0, &tv);
+ 		} else {
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
index 613ddc003a..c01415de84 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
@@ -1,11 +1,17 @@
 [Unit]
 Description=NFS Mount Daemon
-After=rpcbind.service nfs-server.service
-Requires=rpcbind.service nfs-server.service
+DefaultDependencies=no
+After=rpcbind.socket
+Requires=proc-fs-nfsd.mount
+After=proc-fs-nfsd.mount
+After=network.target local-fs.target
+BindsTo=nfs-server.service
+ConditionPathExists=@SYSCONFDIR@/exports
 
 [Service]
 EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS
+LimitNOFILE=@HIGH_RLIMIT_NOFILE@
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
index 147d7a7b5f..6481377d80 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
@@ -1,7 +1,12 @@
 [Unit]
-Description=NFS Server
-Requires=rpcbind.service nfs-mountd.service
-After=rpcbind.service
+Description=NFS server and services
+DefaultDependencies=no
+Requires=network.target proc-fs-nfsd.mount
+Requires=nfs-mountd.service
+Wants=rpcbind.service
+After=local-fs.target
+After=network.target proc-fs-nfsd.mount rpcbind.service nfs-mountd.service
+ConditionPathExists=@SYSCONFDIR@/exports
 
 [Service]
 Type=oneshot
@@ -9,6 +14,7 @@ EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStartPre=@SBINDIR@/exportfs -r
 ExecStart=@SBINDIR@/rpc.nfsd $NFSD_OPTS $NFSD_COUNT
 ExecStop=@SBINDIR@/rpc.nfsd 0
+ExecStopPost=@SBINDIR@/exportfs -au
 ExecStopPost=@SBINDIR@/exportfs -f
 ExecReload=@SBINDIR@/exportfs -r
 StandardError=syslog
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
index 746dacf056..4fa64e1998 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
@@ -1,12 +1,14 @@
 [Unit]
-Description=NFS file locking service
-After=rpcbind.service
-Requires=rpcbind.service
-Before=remote-fs-pre.target
+Description=NFS status monitor for NFSv2/3 locking.
+DefaultDependencies=no
+Conflicts=umount.target
+Requires=nss-lookup.target rpcbind.service
+After=network.target nss-lookup.target rpcbind.service
 
 [Service]
 EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS
+LimitNOFILE=@HIGH_RLIMIT_NOFILE@
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch
deleted file mode 100644
index d8f8181670..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-1.2.3-sm-notify-res_init.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fixes errors like
-sm-notify[1070]: DNS resolution of a.b.c.d..com failed; retrying later
-This error will occur anytime sm-notify is run before the network if fully up,
-which is happening more and more with parallel startup systems.
-The res_init() call is simple, safe, quick, and a patch to use it should be
-able to go upstream.  Presumably the whole reason sm-notify tries several
-times is to wait for possible changes to the network configuration, but without
-calling res_init() it will never be aware of those changes
-
-Backported drom Fedora
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-
-diff -up nfs-utils-1.2.3/utils/statd/sm-notify.c.orig nfs-utils-1.2.3/utils/statd/sm-notify.c
---- nfs-utils-1.2.3/utils/statd/sm-notify.c.orig	2010-09-28 08:24:16.000000000 -0400
-+++ nfs-utils-1.2.3/utils/statd/sm-notify.c	2010-10-15 16:44:43.487119601 -0400
-@@ -28,6 +28,9 @@
- #include <netdb.h>
- #include <errno.h>
- #include <grp.h>
-+#include <netinet/in.h>
-+#include <arpa/nameser.h>
-+#include <resolv.h>
- 
- #include "sockaddr.h"
- #include "xlog.h"
-@@ -84,6 +87,7 @@ smn_lookup(const char *name)
- 	};
- 	int error;
- 
-+	res_init();
- 	error = getaddrinfo(name, NULL, &hint, &ai);
- 	if (error != 0) {
- 		xlog(D_GENERAL, "getaddrinfo(3): %s", gai_strerror(error));
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
deleted file mode 100644
index 993f1e5ea5..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-nfs-utils: Do not pass CFLAGS to gcc while building
-
-Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has
-been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD).
-
-Upstream-Status: Pending
-
-Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
----
- tools/locktest/Makefile.am |    2 ++
- tools/rpcgen/Makefile.am   |    2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
-index 3156815..1729fd1 100644
---- a/tools/locktest/Makefile.am
-+++ b/tools/locktest/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
- 
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
- 
- noinst_PROGRAMS = testlk
-diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
-index 8a9ec89..8bacdaa 100644
---- a/tools/rpcgen/Makefile.am
-+++ b/tools/rpcgen/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
- 
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
- 
- noinst_PROGRAMS = rpcgen
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-debianize-start-statd.patch
index 85002290f0..ede0dcefc4 100644
--- a/meta/recipes-connectivity/nfs-utils/files/nfs-utils-debianize-start-statd.patch
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-debianize-start-statd.patch
@@ -9,17 +9,18 @@ Signed-off-by: Li Wang <li.wang@windriver.com>
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
- utils/statd/start-statd | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
+ utils/statd/start-statd | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
 
 diff --git a/utils/statd/start-statd b/utils/statd/start-statd
-index ec9383b..3969b8c 100755
+index 2fd6039..f591b34 100755
 --- a/utils/statd/start-statd
 +++ b/utils/statd/start-statd
-@@ -6,6 +6,13 @@
- # site.
- PATH="/sbin:/usr/sbin:/bin:/usr/bin"
- 
+@@ -17,6 +17,14 @@ then
+     # statd already running - must have been slow to respond.
+     exit 0
+ fi
++
 +# Read config
 +DEFAULTFILE=/etc/default/nfs-common
 +NEED_IDMAPD=
@@ -28,14 +29,14 @@ index ec9383b..3969b8c 100755
 +fi
 +
  # First try systemd if it's installed.
- if systemctl --help >/dev/null 2>&1; then
+ if [ -d /run/systemd/system ]; then
      # Quit only if the call worked.
-@@ -13,4 +20,4 @@ if systemctl --help >/dev/null 2>&1; then
- fi
+@@ -25,4 +33,4 @@ fi
  
+ cd /
  # Fall back to launching it ourselves.
 -exec rpc.statd --no-notify
 +exec rpc.statd --no-notify $STATDOPTS
 -- 
-1.9.1
+2.6.6
 
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
new file mode 100644
index 0000000000..921f5edc82
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
@@ -0,0 +1,46 @@
+From caa19231196d73541445728e6813c8fa70345acb Mon Sep 17 00:00:00 2001
+From: Robert Yang <liezhi.yang@windriver.com>
+Date: Tue, 26 Jun 2018 15:59:00 +0800
+Subject: [PATCH] nfs-utils: 2.1.1 -> 2.3.1
+
+Fixed:
+configure: error: res_querydomain needed
+
+Upstream-Status: Pending [https://github.com/alpinelinux/aports/blob/master/main/nfs-utils/musl-configure_ac.patch]
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+
+---
+ configure.ac | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 50002b4..dcadb23 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -582,10 +582,10 @@ my_am_cflags="\
+  -Wall \
+  -Wextra \
+  $rpcgen_cflags \
+- -Werror=missing-prototypes \
+- -Werror=missing-declarations \
++ -Wmissing-prototypes \
++ -Wmissing-declarations \
+  -Werror=format=2 \
+- -Werror=undef \
++ -Wundef \
+  -Werror=missing-include-dirs \
+  -Werror=strict-aliasing=2 \
+  -Werror=init-self \
+@@ -614,10 +614,9 @@ AC_DEFUN([CHECK_CCSUPPORT], [
+ 
+ CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1])
+ CHECK_CCSUPPORT([-Werror=int-conversion], [flg2])
+-CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3])
+ CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4])
+ 
+-AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"])
++AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg4"])
+ 
+ # Make sure that $ACLOCAL_FLAGS are used during a rebuild
+ AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"])
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
index 7ed93a59d4..0f5747cc6d 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
@@ -40,7 +40,7 @@ test "$NFS_SERVERS" != "" && test "$NFS_SERVERS" -gt 0 && test "$NFS_SERVERS" -l
 #mountd
 start_mountd(){
 	echo -n 'starting mountd: '
-	start-stop-daemon --start --exec "$NFS_MOUNTD" -- "-f /etc/exports $@"
+	start-stop-daemon --start --exec "$NFS_MOUNTD" -- "$@"
 	echo done
 }
 stop_mountd(){
@@ -107,7 +107,7 @@ stop_nfsd(){
 #FIXME: need to create the /var/lib/nfs/... directories
 case "$1" in
   start)
-	exportfs -r
+	test -r /etc/exports && exportfs -r
 	start_nfsd "$NFS_SERVERS"
 	start_mountd
 	test -r /etc/exports && exportfs -a;;
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
index 8540503df9..eb32bccb57 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_1.3.3.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb
@@ -8,9 +8,8 @@ LICENSE = "MIT & GPLv2+ & BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
 
 # util-linux for libblkid
-DEPENDS = "libcap libnfsidmap libevent util-linux sqlite3 libtirpc"
-RDEPENDS_${PN}-client = "rpcbind bash"
-RDEPENDS_${PN} = "${PN}-client bash"
+DEPENDS = "libcap libevent util-linux sqlite3 libtirpc"
+RDEPENDS_${PN} = "${PN}-client"
 RRECOMMENDS_${PN} = "kernel-module-nfsd"
 
 inherit useradd
@@ -20,8 +19,6 @@ USERADD_PARAM_${PN}-client = "--system  --home-dir /var/lib/nfs \
 			      --shell /bin/false --user-group rpcuser"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \
-           file://0001-configure-Allow-to-explicitly-disable-nfsidmap.patch \
-           file://nfs-utils-1.2.3-sm-notify-res_init.patch \
            file://nfsserver \
            file://nfscommon \
            file://nfs-utils.conf \
@@ -29,14 +26,19 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
            file://nfs-mountd.service \
            file://nfs-statd.service \
            file://proc-fs-nfsd.mount \
-           file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
            file://nfs-utils-debianize-start-statd.patch \
-           file://0001-nfs-utils-statd-fix-a-segfault-caused-by-improper-us.patch \
            file://bugfix-adjust-statd-service-name.patch \
+           file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \
+           file://clang-format-string.patch \
+           file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
+           file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \
+           file://0001-Fix-include-order-between-config.h-and-stat.h.patch \
 "
+SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch"
+SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"
 
-SRC_URI[md5sum] = "cd6b568c2e9301cc3bfac09d87fbbc0b"
-SRC_URI[sha256sum] = "700d689c5622c87953c34102e5befafc4d3c811e676852238f0dd79c9c0c084d"
+SRC_URI[md5sum] = "161efe469ec1b06f1c750bd87f8ba6dd"
+SRC_URI[sha256sum] = "85274ada94479b1beba9f8eeffd19f477c53a6710b9998d1192c807854087736"
 
 # Only kernel-module-nfsd is required here (but can be built-in)  - the nfsd module will
 # pull in the remainder of the dependencies.
@@ -49,32 +51,34 @@ INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21"
 
 inherit autotools-brokensep update-rc.d systemd pkgconfig
 
+SYSTEMD_PACKAGES = "${PN} ${PN}-client"
 SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service"
 SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service"
-SYSTEMD_AUTO_ENABLE = "disable"
 
 # --enable-uuid is need for cross-compiling
 EXTRA_OECONF = "--with-statduser=rpcuser \
                 --enable-mountconfig \
                 --enable-libmount-mount \
-                --disable-nfsv41 \
                 --enable-uuid \
                 --disable-gss \
                 --disable-nfsdcltrack \
                 --with-statdpath=/var/lib/nfs/statd \
                "
 
+CFLAGS += "-Wno-error=format-overflow"
+
 PACKAGECONFIG ??= "tcp-wrappers \
-    ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
 PACKAGECONFIG_remove_libc-musl = "tcp-wrappers"
 PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
-PACKAGECONFIG[nfsidmap] = "--enable-nfsidmap,--disable-nfsidmap,keyutils"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+# libdevmapper is available in meta-oe
+PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper"
+# keyutils is available in meta-security
+PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils"
 
-INHIBIT_AUTO_STAGE = "1"
-
-PACKAGES =+ "${PN}-client ${PN}-stats"
+PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats"
 
 CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \
 			   ${localstatedir}/lib/nfs/rmtab \
@@ -82,7 +86,7 @@ CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \
 			   ${localstatedir}/lib/nfs/statd/state \
 			   ${sysconfdir}/nfsmount.conf"
 
-FILES_${PN}-client = "${base_sbindir}/*mount.nfs* ${sbindir}/*statd \
+FILES_${PN}-client = "${sbindir}/*statd \
 		      ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \
 		      ${sbindir}/showmount ${sbindir}/nfsstat \
 		      ${localstatedir}/lib/nfs \
@@ -90,6 +94,10 @@ FILES_${PN}-client = "${base_sbindir}/*mount.nfs* ${sbindir}/*statd \
 		      ${sysconfdir}/nfsmount.conf \
 		      ${sysconfdir}/init.d/nfscommon \
 		      ${systemd_unitdir}/system/nfs-statd.service"
+RDEPENDS_${PN}-client = "${PN}-mount rpcbind"
+
+FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*"
+
 FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat"
 RDEPENDS_${PN}-stats = "python3-core"
 
@@ -98,9 +106,6 @@ FILES_${PN} += "${systemd_unitdir}"
 do_configure_prepend() {
         sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
             ${S}/utils/mount/Makefile.am
-
-        sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
-            ${S}/utils/osd_login/Makefile.am
 }
 
 # Make clean needed because the package comes with
@@ -109,6 +114,9 @@ do_compile_prepend() {
 	make clean
 }
 
+# Works on systemd only
+HIGH_RLIMIT_NOFILE ??= "4096"
+
 do_install_append () {
 	install -d ${D}${sysconfdir}/init.d
 	install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver
@@ -123,10 +131,9 @@ do_install_append () {
 	install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/
 	sed -i -e 's,@SBINDIR@,${sbindir},g' \
 		-e 's,@SYSCONFDIR@,${sysconfdir},g' \
+		-e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \
 		${D}${systemd_unitdir}/system/*.service
 	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-	    install -d ${D}${sysconfdir}/modules-load.d
-	    echo "nfsd" > ${D}${sysconfdir}/modules-load.d/nfsd.conf
 	    install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/
 	    install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/
 	    ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount
@@ -139,11 +146,6 @@ do_install_append () {
 	chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
 	chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
 
-	# the following are built by CC_FOR_BUILD
-	rm -f ${D}${sbindir}/rpcdebug
-	rm -f ${D}${sbindir}/rpcgen
-	rm -f ${D}${sbindir}/locktest
-
         # Make python tools use python 3
         sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
 
diff --git a/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
new file mode 100644
index 0000000000..8a5a300adc
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
@@ -0,0 +1,36 @@
+From 22b52db4842611ac31a356f023fc09595384e2ad Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 23 May 2019 18:11:22 -0700
+Subject: [PATCH] mbim: add an optional TEMP_FAILURE_RETRY macro copy
+
+Fixes build on musl which does not provide this macro
+
+Upstream-Status: Submitted [https://lists.ofono.org/pipermail/ofono/2019-May/019370.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ drivers/mbimmodem/mbim-private.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
+index e159235..51693ea 100644
+--- a/drivers/mbimmodem/mbim-private.h
++++ b/drivers/mbimmodem/mbim-private.h
+@@ -21,6 +21,15 @@
+ 
+ #define align_len(len, boundary) (((len)+(boundary)-1) & ~((boundary)-1))
+ 
++#ifndef TEMP_FAILURE_RETRY
++#define TEMP_FAILURE_RETRY(expression) ({     \
++  __typeof(expression) __result;              \
++  do {                                        \
++    __result = (expression);                  \
++  } while (__result == -1 && errno == EINTR); \
++  __result; })
++#endif
++
+ enum mbim_control_message {
+ 	MBIM_OPEN_MSG = 0x1,
+ 	MBIM_CLOSE_MSG = 0x2,
+-- 
+2.21.0
+
diff --git a/meta/recipes-connectivity/ofono/ofono_1.18.bb b/meta/recipes-connectivity/ofono/ofono_1.18.bb
deleted file mode 100644
index b0707311ad..0000000000
--- a/meta/recipes-connectivity/ofono/ofono_1.18.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-require ofono.inc
-
-SRC_URI  = "\
-  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-  file://ofono \
-"
-SRC_URI[md5sum] = "0a6b37c8ace891cb2a7ca5d121043a0a"
-SRC_URI[sha256sum] = "53cdbf342913f46bce4827241c60e24255a3d43a94945edf77482ae5b312d51f"
-
-CFLAGS_append_libc-uclibc = " -D_GNU_SOURCE"
diff --git a/meta/recipes-connectivity/ofono/ofono.inc b/meta/recipes-connectivity/ofono/ofono_1.31.bb
index 9c47c6fde5..7d0976ad7f 100644
--- a/meta/recipes-connectivity/ofono/ofono.inc
+++ b/meta/recipes-connectivity/ofono/ofono_1.31.bb
@@ -1,42 +1,50 @@
-HOMEPAGE = "http://www.ofono.org"
-SUMMARY  = "open source telephony"
+SUMMARY = "open source telephony"
 DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
-LICENSE  = "GPLv2"
+HOMEPAGE = "http://www.ofono.org"
+BUGTRACKER = "https://01.org/jira/browse/OF"
+LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                     file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
+DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
 
-inherit autotools pkgconfig update-rc.d systemd bluetooth
+SRC_URI = "\
+    ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+    file://ofono \
+    file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
+"
+SRC_URI[md5sum] = "1c26340e3c6ed132cc812595081bb3dc"
+SRC_URI[sha256sum] = "a15c5d28096c10eb30e47a68b6dc2e7c4a5a99d7f4cfedf0b69624f33d859e9b"
 
-DEPENDS  = "dbus glib-2.0 udev mobile-broadband-provider-info"
+inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
 
 INITSCRIPT_NAME = "ofono"
 INITSCRIPT_PARAMS = "defaults 22"
+SYSTEMD_SERVICE_${PN} = "ofono.service"
 
 PACKAGECONFIG ??= "\
-    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)} \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
-    "
+"
 PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir="
-PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}"
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5"
 
-EXTRA_OECONF += "--enable-test"
-
-SYSTEMD_SERVICE_${PN} = "ofono.service"
+EXTRA_OECONF += "--enable-test --enable-external-ell"
 
 do_install_append() {
   install -d ${D}${sysconfdir}/init.d/
   install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
-
-  # Ofono still has one test tool that refers to Python 2 in the shebang
-  sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${libdir}/ofono/test/set-ddr
-
 }
 
 PACKAGES =+ "${PN}-tests"
 
-RDEPENDS_${PN} += "dbus"
-RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
-
 FILES_${PN} += "${systemd_unitdir}"
 FILES_${PN}-tests = "${libdir}/${BPN}/test"
-RDEPENDS_${PN}-tests = "python3 python3-pygobject python3-dbus"
+
+RDEPENDS_${PN} += "dbus"
+RDEPENDS_${PN}-tests = "\
+    python3-core \
+    python3-dbus \
+    ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \
+"
+
+RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
diff --git a/meta/recipes-connectivity/ofono/ofono_git.bb b/meta/recipes-connectivity/ofono/ofono_git.bb
deleted file mode 100644
index beafb775c2..0000000000
--- a/meta/recipes-connectivity/ofono/ofono_git.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require ofono.inc
-
-S	 = "${WORKDIR}/git"
-SRCREV = "14544d5996836f628613c2ce544380ee6fc8f514"
-PV	 = "0.12-git${SRCPV}"
-PR = "r5"
-
-SRC_URI  = "git://git.kernel.org/pub/scm/network/ofono/ofono.git \
-	    file://ofono"
-
-do_configure_prepend () {
-  ${S}/bootstrap
-}
-
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
index adc25c668f..b8402a4dee 100644
--- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
+++ b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
@@ -6,64 +6,42 @@ Adjust test cases to work with busybox.
 Signed-off-by: Maxin B. John <maxin.john@enea.com>
 Upstream-Status: Pending
 
-Index: openssh-6.8p1/regress/cipher-speed.sh
+Index: openssh-7.6p1/regress/cipher-speed.sh
 ===================================================================
---- openssh-6.8p1.orig/regress/cipher-speed.sh
-+++ openssh-6.8p1/regress/cipher-speed.sh
+--- openssh-7.6p1.orig/regress/cipher-speed.sh
++++ openssh-7.6p1/regress/cipher-speed.sh
 @@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for
  		printf "%-60s" "$c/$m:"
  		( ${SSH} -o 'compression no' \
- 			-F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
+ 			-F $OBJ/ssh_proxy -m $m -c $c somehost \
 -			exec sh -c \'"dd of=/dev/null obs=32k"\' \
 +			exec sh -c \'"dd of=/dev/null bs=32k"\' \
  		< ${DATA} ) 2>&1 | getbytes
  
  		if [ $? -ne 0 ]; then
-@@ -42,7 +42,7 @@ for c in $ciphers; do
- 		printf "%-60s" "$c:"
- 		( ${SSH} -o 'compression no' \
- 			-F $OBJ/ssh_proxy -1 -c $c somehost \
--			exec sh -c \'"dd of=/dev/null obs=32k"\' \
-+			exec sh -c \'"dd of=/dev/null bs=32k"\' \
- 		< ${DATA} ) 2>&1 | getbytes
- 		if [ $? -ne 0 ]; then
- 			fail "ssh -1 failed with cipher $c"
-Index: openssh-6.8p1/regress/transfer.sh
-===================================================================
---- openssh-6.8p1.orig/regress/transfer.sh
-+++ openssh-6.8p1/regress/transfer.sh
-@@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do
- 	for s in 10 100 1k 32k 64k 128k 256k; do
- 		trace "proto $p dd-size ${s}"
- 		rm -f ${COPY}
--		dd if=$DATA obs=${s} 2> /dev/null | \
-+		dd if=$DATA bs=${s} 2> /dev/null | \
- 			${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
- 		if [ $? -ne 0 ]; then
- 			fail "ssh cat $DATA failed"
-Index: openssh-6.8p1/regress/yes-head.sh
+Index: openssh-7.6p1/regress/transfer.sh
 ===================================================================
---- openssh-6.8p1.orig/regress/yes-head.sh
-+++ openssh-6.8p1/regress/yes-head.sh
-@@ -4,7 +4,7 @@
- tid="yes pipe head"
- 
- for p in ${SSH_PROTOCOLS}; do
--	lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
-+	lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)`
+--- openssh-7.6p1.orig/regress/transfer.sh
++++ openssh-7.6p1/regress/transfer.sh
+@@ -13,7 +13,7 @@ cmp ${DATA} ${COPY}		|| fail "corrupted
+ for s in 10 100 1k 32k 64k 128k 256k; do
+ 	trace "dd-size ${s}"
+ 	rm -f ${COPY}
+-	dd if=$DATA obs=${s} 2> /dev/null | \
++	dd if=$DATA bs=${s} 2> /dev/null | \
+ 		${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
  	if [ $? -ne 0 ]; then
- 		fail "yes|head test failed"
- 		lines = 0;
-Index: openssh-6.8p1/regress/key-options.sh
+ 		fail "ssh cat $DATA failed"
+Index: openssh-7.6p1/regress/key-options.sh
 ===================================================================
---- openssh-6.8p1.orig/regress/key-options.sh
-+++ openssh-6.8p1/regress/key-options.sh
-@@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do
+--- openssh-7.6p1.orig/regress/key-options.sh
++++ openssh-7.6p1/regress/key-options.sh
+@@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
  	fi
  
  	sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
 -	from=`head -1 $authkeys | cut -f1 -d ' '`
 +	from=`head -n 1 $authkeys | cut -f1 -d ' '`
- 	verbose "key option proto $p $from"
- 	r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
+ 	verbose "key option $from"
+ 	r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
  	if [ "$r" = "true" ]; then
diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
index df64a140d3..20036da931 100644
--- a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
+++ b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -8,17 +8,20 @@ type, so that 's - src' in strlcpy and others may trigger signed overflow.
 In case of compilation by gcc or clang with -ftrapv option, the overflow
 would lead to program abort.
 
-Upstream-status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
+Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
 
 Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+
+Complete the fix
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
- openbsd-compat/strlcat.c | 8 ++++++--
- openbsd-compat/strlcpy.c | 8 ++++++--
- openbsd-compat/strnlen.c | 8 ++++++--
- 3 files changed, 18 insertions(+), 6 deletions(-)
+ openbsd-compat/strlcat.c | 10 +++++++---
+ openbsd-compat/strlcpy.c |  8 ++++++--
+ openbsd-compat/strnlen.c |  8 ++++++--
+ 3 files changed, 19 insertions(+), 7 deletions(-)
 
 diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
-index bcc1b61..e758ebf 100644
+index bcc1b61..124e1e3 100644
 --- a/openbsd-compat/strlcat.c
 +++ b/openbsd-compat/strlcat.c
 @@ -23,6 +23,7 @@
@@ -29,6 +32,15 @@ index bcc1b61..e758ebf 100644
  
  /*
   * Appends src to string dst of size siz (unlike strncat, siz is the
+@@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz)
+ 	/* Find the end of dst and adjust bytes left but don't go past end */
+ 	while (n-- != 0 && *d != '\0')
+ 		d++;
+-	dlen = d - dst;
++	dlen = (uintptr_t)d - (uintptr_t)dst;
+ 	n = siz - dlen;
+ 
+ 	if (n == 0)
 @@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
  		s++;
  	}
@@ -70,7 +82,7 @@ index b4b1b60..b06f374 100644
  
  #endif /* !HAVE_STRLCPY */
 diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
-index 93d5155..9b8de5d 100644
+index 7ad3573..7040f1f 100644
 --- a/openbsd-compat/strnlen.c
 +++ b/openbsd-compat/strnlen.c
 @@ -23,6 +23,7 @@
@@ -95,5 +107,5 @@ index 93d5155..9b8de5d 100644
  }
  #endif
 -- 
-1.9.1
+2.17.1
 
diff --git a/meta/recipes-connectivity/openssh/openssh/init b/meta/recipes-connectivity/openssh/openssh/init
index 1f63725cc0..8887e3af13 100644
--- a/meta/recipes-connectivity/openssh/openssh/init
+++ b/meta/recipes-connectivity/openssh/openssh/init
@@ -19,11 +19,6 @@ fi
 [ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
 mkdir -p $SYSCONFDIR
 
-HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
-HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
-HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$SYSCONFDIR/ssh_host_ed25519_key
-
 check_for_no_start() {
     # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
     if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
@@ -41,27 +36,7 @@ check_privsep_dir() {
 }
 
 check_config() {
-	/usr/sbin/sshd -t $SSHD_OPTS || exit 1
-}
-
-check_keys() {
-	# create keys if necessary
-	if [ ! -f $HOST_KEY_RSA ]; then
-		echo "  generating ssh RSA key..."
-		ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
-	fi
-	if [ ! -f $HOST_KEY_ECDSA ]; then
-		echo "  generating ssh ECDSA key..."
-		ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
-	fi
-	if [ ! -f $HOST_KEY_DSA ]; then
-		echo "  generating ssh DSA key..."
-		ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
-	fi
-	if [ ! -f $HOST_KEY_ED25519 ]; then
-		echo "  generating ssh ED25519 key..."
-		ssh-keygen -q -f $HOST_KEY_ED25519 -N '' -t ed25519
-	fi
+    /usr/sbin/sshd $SSHD_OPTS -t || exit 1
 }
 
 export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
@@ -70,30 +45,30 @@ case "$1" in
   start)
 	check_for_no_start
 	echo "Starting OpenBSD Secure Shell server: sshd"
-	check_keys
+	@LIBEXECDIR@/sshd_check_keys
 	check_privsep_dir
 	start-stop-daemon -S -p $PIDFILE -x /usr/sbin/sshd -- $SSHD_OPTS
-        echo "done."
+	echo "done."
 	;;
   stop)
-        echo -n "Stopping OpenBSD Secure Shell server: sshd"
+	echo -n "Stopping OpenBSD Secure Shell server: sshd"
 	start-stop-daemon -K -p $PIDFILE -x /usr/sbin/sshd
-        echo "."
+	echo "."
 	;;
 
   reload|force-reload)
 	check_for_no_start
-	check_keys
+	@LIBEXECDIR@/sshd_check_keys
 	check_config
-        echo -n "Reloading OpenBSD Secure Shell server's configuration"
+	echo -n "Reloading OpenBSD Secure Shell server's configuration"
 	start-stop-daemon -K -p $PIDFILE -s 1 -x /usr/sbin/sshd
 	echo "."
 	;;
 
   restart)
-  	check_keys
+	@LIBEXECDIR@/sshd_check_keys
 	check_config
-        echo -n "Restarting OpenBSD Secure Shell server: sshd"
+	echo -n "Restarting OpenBSD Secure Shell server: sshd"
 	start-stop-daemon -K -p $PIDFILE --oknodo -x /usr/sbin/sshd
 	check_for_no_start
 	check_privsep_dir
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
deleted file mode 100644
index 2773c14e5a..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From d7eb26785ad4f25fb09fae46726ab8ca3fe16921 Mon Sep 17 00:00:00 2001
-From: Haiqing Bai <Haiqing.Bai@windriver.com>
-Date: Mon, 22 Aug 2016 14:11:16 +0300
-Subject: [PATCH] Remove des in cipher.
-
-Upstream-Status: Pending
-
-Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
----
- cipher.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/cipher.c b/cipher.c
-index 031bda9..6cd667a 100644
---- a/cipher.c
-+++ b/cipher.c
-@@ -53,8 +53,10 @@
- 
- #ifdef WITH_SSH1
- extern const EVP_CIPHER *evp_ssh1_bf(void);
-+#ifndef OPENSSL_NO_DES
- extern const EVP_CIPHER *evp_ssh1_3des(void);
- extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
-+#endif /* OPENSSL_NO_DES */
- #endif
- 
- struct sshcipher {
-@@ -79,15 +81,19 @@ struct sshcipher {
- 
- static const struct sshcipher ciphers[] = {
- #ifdef WITH_SSH1
-+#ifndef OPENSSL_NO_DES
- 	{ "des",	SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
- 	{ "3des",	SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
-+#endif /* OPENSSL_NO_DES */
- # ifndef OPENSSL_NO_BF
- 	{ "blowfish",	SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
- # endif /* OPENSSL_NO_BF */
- #endif /* WITH_SSH1 */
- #ifdef WITH_OPENSSL
- 	{ "none",	SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
-+#ifndef OPENSSL_NO_DES
- 	{ "3des-cbc",	SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
-+#endif /* OPENSSL_NO_DES */
- # ifndef OPENSSL_NO_BF
- 	{ "blowfish-cbc",
- 			SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
-@@ -171,8 +177,10 @@ cipher_keylen(const struct sshcipher *c)
- u_int
- cipher_seclen(const struct sshcipher *c)
- {
-+#ifndef OPENSSL_NO_DES
- 	if (strcmp("3des-cbc", c->name) == 0)
- 		return 14;
-+#endif /* OPENSSL_NO_DES */
- 	return cipher_keylen(c);
- }
- 
-@@ -209,11 +217,13 @@ u_int
- cipher_mask_ssh1(int client)
- {
- 	u_int mask = 0;
-+#ifndef OPENSSL_NO_DES
- 	mask |= 1 << SSH_CIPHER_3DES;		/* Mandatory */
- 	mask |= 1 << SSH_CIPHER_BLOWFISH;
- 	if (client) {
- 		mask |= 1 << SSH_CIPHER_DES;
- 	}
-+#endif /*OPENSSL_NO_DES*/
- 	return mask;
- }
- 
-@@ -553,7 +563,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
- 	switch (c->number) {
- #ifdef WITH_OPENSSL
- 	case SSH_CIPHER_SSH2:
-+#ifndef OPENSSL_NO_DES
- 	case SSH_CIPHER_DES:
-+#endif /* OPENSSL_NO_DES */
- 	case SSH_CIPHER_BLOWFISH:
- 		evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
- 		if (evplen == 0)
-@@ -576,8 +588,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
- 		break;
- #endif
- #ifdef WITH_SSH1
-+#ifndef OPENSSL_NO_DES
- 	case SSH_CIPHER_3DES:
- 		return ssh1_3des_iv(&cc->evp, 0, iv, 24);
-+#endif /* OPENSSL_NO_DES */
- #endif
- 	default:
- 		return SSH_ERR_INVALID_ARGUMENT;
-@@ -601,7 +615,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
- 	switch (c->number) {
- #ifdef WITH_OPENSSL
- 	case SSH_CIPHER_SSH2:
-+#ifndef OPENSSL_NO_DES
- 	case SSH_CIPHER_DES:
-+#endif /* OPENSSL_NO_DES */
- 	case SSH_CIPHER_BLOWFISH:
- 		evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
- 		if (evplen <= 0)
-@@ -616,8 +632,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
- 		break;
- #endif
- #ifdef WITH_SSH1
-+#ifndef OPENSSL_NO_DES
- 	case SSH_CIPHER_3DES:
- 		return ssh1_3des_iv(&cc->evp, 1, (u_char *)iv, 24);
-+#endif /* OPENSSL_NO_DES */
- #endif
- 	default:
- 		return SSH_ERR_INVALID_ARGUMENT;
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
deleted file mode 100644
index 815af422ff..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 04cfd84423f693d879dc3ffebb0f6fe2680c254f Mon Sep 17 00:00:00 2001
-From: Haiqing Bai <Haiqing.Bai@windriver.com>
-Date: Fri, 18 Mar 2016 15:59:21 +0800
-Subject: [PATCH 3/3] remove des in pkcs11.
-
-Upstream-Status: Pending
-
-Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
-
----
- pkcs11.h | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/pkcs11.h b/pkcs11.h
-index b01d58f..98b36e6 100644
---- a/pkcs11.h
-+++ b/pkcs11.h
-@@ -342,9 +342,11 @@ typedef unsigned long ck_key_type_t;
- #define CKK_GENERIC_SECRET	(0x10)
- #define CKK_RC2			(0x11)
- #define CKK_RC4			(0x12)
-+#ifndef OPENSSL_NO_DES
- #define CKK_DES			(0x13)
- #define CKK_DES2		(0x14)
- #define CKK_DES3		(0x15)
-+#endif /* OPENSSL_NO_DES */
- #define CKK_CAST		(0x16)
- #define CKK_CAST3		(0x17)
- #define CKK_CAST128		(0x18)
-@@ -512,6 +514,7 @@ typedef unsigned long ck_mechanism_type_t;
- #define CKM_RC2_CBC_PAD			(0x105)
- #define CKM_RC4_KEY_GEN			(0x110)
- #define CKM_RC4				(0x111)
-+#ifndef OPENSSL_NO_DES
- #define CKM_DES_KEY_GEN			(0x120)
- #define CKM_DES_ECB			(0x121)
- #define CKM_DES_CBC			(0x122)
-@@ -525,6 +528,7 @@ typedef unsigned long ck_mechanism_type_t;
- #define CKM_DES3_MAC			(0x134)
- #define CKM_DES3_MAC_GENERAL		(0x135)
- #define CKM_DES3_CBC_PAD		(0x136)
-+#endif /* OPENSSL_NO_DES */
- #define CKM_CDMF_KEY_GEN		(0x140)
- #define CKM_CDMF_ECB			(0x141)
- #define CKM_CDMF_CBC			(0x142)
-@@ -610,8 +614,10 @@ typedef unsigned long ck_mechanism_type_t;
- #define CKM_MD5_KEY_DERIVATION		(0x390)
- #define CKM_MD2_KEY_DERIVATION		(0x391)
- #define CKM_SHA1_KEY_DERIVATION		(0x392)
-+#ifndef OPENSSL_NO_DES
- #define CKM_PBE_MD2_DES_CBC		(0x3a0)
- #define CKM_PBE_MD5_DES_CBC		(0x3a1)
-+#endif /* OPENSSL_NO_DES */
- #define CKM_PBE_MD5_CAST_CBC		(0x3a2)
- #define CKM_PBE_MD5_CAST3_CBC		(0x3a3)
- #define CKM_PBE_MD5_CAST5_CBC		(0x3a4)
-@@ -620,8 +626,10 @@ typedef unsigned long ck_mechanism_type_t;
- #define CKM_PBE_SHA1_CAST128_CBC	(0x3a5)
- #define CKM_PBE_SHA1_RC4_128		(0x3a6)
- #define CKM_PBE_SHA1_RC4_40		(0x3a7)
-+#ifndef OPENSSL_NO_DES
- #define CKM_PBE_SHA1_DES3_EDE_CBC	(0x3a8)
- #define CKM_PBE_SHA1_DES2_EDE_CBC	(0x3a9)
-+#endif /* OPENSSL_NO_DES */
- #define CKM_PBE_SHA1_RC2_128_CBC	(0x3aa)
- #define CKM_PBE_SHA1_RC2_40_CBC		(0x3ab)
- #define CKM_PKCS5_PBKD2			(0x3b0)
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest
index 36a3d2a7b7..daf62cca5b 100755
--- a/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ b/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -5,7 +5,7 @@ export TEST_SHELL=sh
 cd regress
 sed -i "/\t\tagent-ptrace /d" Makefile
 make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \
-        | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
+        | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
 
 SSHAGENT=`which ssh-agent`
 GDB=`which gdb`
diff --git a/meta/recipes-connectivity/openssh/openssh/ssh_config b/meta/recipes-connectivity/openssh/openssh/ssh_config
index 9e919156d3..e0d023803e 100644
--- a/meta/recipes-connectivity/openssh/openssh/ssh_config
+++ b/meta/recipes-connectivity/openssh/openssh/ssh_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
+#	$OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -31,14 +31,14 @@ Host *
 #   AddressFamily any
 #   ConnectTimeout 0
 #   StrictHostKeyChecking ask
-#   IdentityFile ~/.ssh/identity
 #   IdentityFile ~/.ssh/id_rsa
 #   IdentityFile ~/.ssh/id_dsa
+#   IdentityFile ~/.ssh/id_ecdsa
+#   IdentityFile ~/.ssh/id_ed25519
 #   Port 22
-#   Protocol 2,1
-#   Cipher 3des
-#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
-#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   Protocol 2
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
 #   EscapeChar ~
 #   Tunnel no
 #   TunnelDevice any:any
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
new file mode 100644
index 0000000000..1931dc7153
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -0,0 +1,78 @@
+#! /bin/sh
+
+generate_key() {
+    local FILE=$1
+    local TYPE=$2
+    local DIR="$(dirname "$FILE")"
+
+    mkdir -p "$DIR"
+    ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
+
+    # Atomically rename file public key
+    mv -f "${FILE}.tmp.pub" "${FILE}.pub"
+
+    # This sync does double duty: Ensuring that the data in the temporary
+    # private key file is on disk before the rename, and ensuring that the
+    # public key rename is completed before the private key rename, since we
+    # switch on the existence of the private key to trigger key generation.
+    # This does mean it is possible for the public key to exist, but be garbage
+    # but this is OK because in that case the private key won't exist and the
+    # keys will be regenerated.
+    #
+    # In the event that sync understands arguments that limit what it tries to
+    # fsync(), we provided them. If it does not, it will simply call sync()
+    # which is just as well
+    sync "${FILE}.pub" "$DIR" "${FILE}.tmp"
+
+    mv "${FILE}.tmp" "$FILE"
+
+    # sync to ensure the atomic rename is committed
+    sync "$DIR"
+}
+
+# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
+if test -f /etc/default/ssh; then
+    . /etc/default/ssh
+fi
+
+[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
+mkdir -p $SYSCONFDIR
+
+# parse sshd options
+set -- ${SSHD_OPTS} --
+sshd_config=/etc/ssh/sshd_config
+while true ; do
+    case "$1" in
+    -f*) if [ "$1" = "-f" ] ; then
+            sshd_config="$2"
+            shift
+        else
+            sshd_config="${1#-f}"
+        fi
+        shift
+        ;;
+    --) shift; break;;
+    *) shift;;
+    esac
+done
+
+HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}")
+[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key"
+
+for key in ${HOST_KEYS} ; do
+    [ -f $key ] && continue
+    case $key in
+    *_rsa_key)
+        echo "  generating ssh RSA host key..."
+        generate_key $key rsa
+        ;;
+    *_ecdsa_key)
+        echo "  generating ssh ECDSA host key..."
+        generate_key $key ecdsa
+        ;;
+    *_ed25519_key)
+        echo "  generating ssh ED25519 host key..."
+        generate_key $key ed25519
+        ;;
+    esac
+done
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_config b/meta/recipes-connectivity/openssh/openssh/sshd_config
index d48bd2b98d..15f061b570 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_config
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+#	$OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -7,7 +7,7 @@
 
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
-# possible, but leave them commented.  Uncommented options change a
+# possible, but leave them commented.  Uncommented options override the
 # default value.
 
 #Port 22
@@ -15,43 +15,30 @@
 #ListenAddress 0.0.0.0
 #ListenAddress ::
 
-# The default requires explicit activation of protocol 1
-Protocol 2
-
-# HostKey for protocol version 1
-#HostKey /etc/ssh/ssh_host_key
-# HostKeys for protocol version 2
 #HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
 
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-#ServerKeyBits 1024
-
 # Ciphers and keying
 #RekeyLimit default none
 
 # Logging
-# obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH
 #LogLevel INFO
 
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin yes
+#PermitRootLogin prohibit-password
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
 
-#RSAAuthentication yes
 #PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
 
 #AuthorizedPrincipalsFile none
 
@@ -59,11 +46,9 @@ AuthorizedKeysFile .ssh/authorized_keys
 #AuthorizedKeysCommandUser nobody
 
 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
 #HostbasedAuthentication no
 # Change to yes if you don't trust ~/.ssh/known_hosts for
-# RhostsRSAAuthentication and HostbasedAuthentication
+# HostbasedAuthentication
 #IgnoreUserKnownHosts no
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
@@ -72,7 +57,8 @@ AuthorizedKeysFile .ssh/authorized_keys
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 
-# Change to no to disable s/key passwords
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
 ChallengeResponseAuthentication no
 
 # Kerberos options
@@ -107,12 +93,11 @@ ChallengeResponseAuthentication no
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-UsePrivilegeSeparation sandbox # Default for new installations.
 #PermitUserEnvironment no
 Compression no
 ClientAliveInterval 15
 ClientAliveCountMax 4
-#UseDNS yes
+#UseDNS no
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index 148e6ad63a..603c33787f 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -1,22 +1,8 @@
 [Unit]
 Description=OpenSSH Key Generation
 RequiresMountsFor=/var /run
-ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key
-ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key
-ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key
-ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key
-ConditionPathExists=!/etc/ssh/ssh_host_rsa_key
-ConditionPathExists=!/etc/ssh/ssh_host_dsa_key
-ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key
-ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key
 
 [Service]
-Environment="SYSCONFDIR=/etc/ssh"
-EnvironmentFile=-/etc/default/ssh
-ExecStart=@BASE_BINDIR@/mkdir -p $SYSCONFDIR
-ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' -t rsa
-ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' -t dsa
-ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' -t ecdsa
-ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ed25519_key -N '' -t ed25519
+ExecStart=@LIBEXECDIR@/sshd_check_keys
 Type=oneshot
 RemainAfterExit=yes
diff --git a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb b/meta/recipes-connectivity/openssh/openssh_8.1p1.bb
index 039b0ffdde..024ebca402 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.1p1.bb
@@ -5,10 +5,10 @@ Ssh (Secure Shell) is a program for logging into a remote machine \
 and for executing commands on a remote machine."
 HOMEPAGE = "http://www.openssh.com/"
 SECTION = "console/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
+LICENSE = "BSD & ISC & MIT"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3"
 
-DEPENDS = "zlib openssl"
+DEPENDS = "zlib openssl virtual/crypt"
 DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
@@ -20,19 +20,17 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://sshd@.service \
            file://sshdgenkeys.service \
            file://volatiles.99_sshd \
-           file://add-test-support-for-busybox.patch \
            file://run-ptest \
-           file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
-           file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
            file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
+           file://sshd_check_keys \
+           file://add-test-support-for-busybox.patch \
            "
+SRC_URI[md5sum] = "513694343631a99841e815306806edf0"
+SRC_URI[sha256sum] = "02f5dbef3835d0753556f973cd57b4c19b6b1f6cd24c03445e23ac77ca1b93ff"
 
 PAM_SRC_URI = "file://sshd"
 
-SRC_URI[md5sum] = "dfadd9f035d38ce5d58a3bf130b86d08"
-SRC_URI[sha256sum] = "3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc"
-
-inherit useradd update-rc.d update-alternatives systemd
+inherit manpages useradd update-rc.d update-alternatives systemd
 
 USERADD_PACKAGES = "${PN}-sshd"
 USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
@@ -45,19 +43,27 @@ SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
 
 inherit autotools-brokensep ptest
 
-# LFS support:
-CFLAGS += "-D__FILE_OFFSET_BITS=64"
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
+PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
+PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
+PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
+
+EXTRA_AUTORECONF += "--exclude=aclocal"
 
 # login path is hardcoded in sshd
 EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
                 ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
                 --without-zlib-version-check \
-                --with-privsep-path=/var/run/sshd \
+                --with-privsep-path=${localstatedir}/run/sshd \
                 --sysconfdir=${sysconfdir}/ssh \
-                --with-xauth=/usr/bin/xauth \
+                --with-xauth=${bindir}/xauth \
                 --disable-strip \
                 "
 
+# musl doesn't implement wtmp/utmp
+EXTRA_OECONF_append_libc-musl = " --disable-wtmp"
+
 # Since we do not depend on libbsd, we do not want configure to use it
 # just because it finds libutil.h.  But, specifying --disable-libutil
 # causes compile errors, so...
@@ -69,34 +75,26 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
 # We don't want to depend on libblockfile
 CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
 
-# This is a workaround for uclibc because including stdio.h
-# pulls in pthreads.h and causes conflicts in function prototypes.
-# This results in compilation failure, so unless this is fixed,
-# disable pam for uclibc.
-EXTRA_OECONF_append_libc-uclibc=" --without-pam"
-
 do_configure_prepend () {
 	export LD="${CC}"
 	install -m 0644 ${WORKDIR}/sshd_config ${B}/
 	install -m 0644 ${WORKDIR}/ssh_config ${B}/
-	if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
-		cp aclocal.m4 acinclude.m4
-	fi
 }
 
 do_compile_ptest() {
         # skip regress/unittests/ binaries: this will silently skip
         # unittests in run-ptests which is good because they are so slow.
-        oe_runmake regress/modpipe regress/setuid-allowed regress/netcat
+        oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \
+                   regress/check-perm regress/mkdtemp
 }
 
 do_install_append () {
-	if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
+	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
 		install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
 		sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
 	fi
 
-	if [ "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}" = "x11" ]; then
+	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
 		sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
 	fi
 
@@ -113,7 +111,6 @@ do_install_append () {
 	install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
 	sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
-	echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 
@@ -124,7 +121,13 @@ do_install_append () {
 	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
 		-e 's,@SBINDIR@,${sbindir},g' \
 		-e 's,@BINDIR@,${bindir},g' \
+		-e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
 		${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
+
+	sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+		${D}${sysconfdir}/init.d/sshd
+
+	install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
 }
 
 do_install_ptest () {
@@ -139,6 +142,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}"
 FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
 FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
 FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
 FILES_${PN}-sftp = "${bindir}/sftp"
 FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
 FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
@@ -146,14 +150,15 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
 
 RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
 RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
+RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools"
+# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
+RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"
 
 RPROVIDES_${PN}-ssh = "ssh"
 RPROVIDES_${PN}-sshd = "sshd"
 
 RCONFLICTS_${PN} = "dropbear"
 RCONFLICTS_${PN}-sshd = "dropbear"
-RCONFLICTS_${PN}-keygen = "ssh-keygen"
 
 CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
 CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
@@ -162,3 +167,4 @@ ALTERNATIVE_PRIORITY = "90"
 ALTERNATIVE_${PN}-scp = "scp"
 ALTERNATIVE_${PN}-ssh = "ssh"
 
+BBCLASSEXTEND += "nativesdk"
diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
new file mode 100644
index 0000000000..b9cc24a7ac
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh
@@ -0,0 +1 @@
+export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf"
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
deleted file mode 100644
index f3a2c5abd7..0000000000
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ /dev/null
@@ -1,242 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-
-# "openssl | SSLeay" dual license
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8"
-
-DEPENDS = "makedepend-native hostperl-runtime-native"
-DEPENDS_append_class-target = " openssl-native"
-
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
-          "
-S = "${WORKDIR}/openssl-${PV}"
-
-PACKAGECONFIG[perl] = ",,,"
-
-AR_append = " r"
-TERMIO_libc-musl = "-DTERMIOS"
-TERMIO ?= "-DTERMIO"
-# Avoid binaries being marked as requiring an executable stack since it 
-# doesn't(which causes and this causes issues with SELinux
-CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
-	 ${TERMIO} ${CFLAGS} -Wall -Wa,--noexecstack"
-
-export DIRS = "crypto ssl apps"
-export EX_LIBS = "-lgcc -ldl"
-export AS = "${CC} -c"
-EXTRA_OEMAKE = "-e MAKEFLAGS="
-
-inherit pkgconfig siteinfo multilib_header ptest
-
-PACKAGES =+ "libcrypto libssl ${PN}-misc openssl-conf"
-FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl${SOLIBS}"
-FILES_${PN} =+ " ${libdir}/ssl/*"
-FILES_${PN}-misc = "${libdir}/ssl/misc"
-RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}"
-
-# Add the openssl.cnf file to the openssl-conf package.  Make the libcrypto
-# package RRECOMMENDS on this package.  This will enable the configuration
-# file to be installed for both the base openssl package and the libcrypto
-# package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
-
-# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
-# vulnerability
-EXTRA_OECONF = " -no-ssl3"
-
-do_configure_prepend_darwin () {
-	sed -i -e '/version-script=openssl\.ld/d' Configure
-}
-
-do_configure () {
-	cd util
-	perl perlpath.pl ${STAGING_BINDIR_NATIVE}
-	cd ..
-	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
-
-	os=${HOST_OS}
-	case $os in
-	linux-uclibc |\
-	linux-uclibceabi |\
-	linux-gnueabi |\
-	linux-uclibcspe |\
-	linux-gnuspe |\
-	linux-musl*)
-		os=linux
-		;;
-		*)
-		;;
-	esac
-	target="$os-${HOST_ARCH}"
-	case $target in
-	linux-arm)
-		target=linux-armv4
-		;;
-	linux-armeb)
-		target=linux-elf-armeb
-		;;
-	linux-aarch64*)
-		target=linux-generic64
-		;;
-	linux-sh3)
-		target=debian-sh3
-		;;
-	linux-sh4)
-		target=debian-sh4
-		;;
-	linux-i486)
-		target=debian-i386-i486
-		;;
-	linux-i586 | linux-viac3)
-		target=debian-i386-i586
-		;;
-	linux-i686)
-		target=debian-i386-i686/cmov
-		;;
-	linux-gnux32-x86_64)
-		target=linux-x32
-		;;
-	linux-gnu64-x86_64)
-		target=linux-x86_64
-		;;
-	linux-mips)
-		target=debian-mips
-		;;
-	linux-mipsel)
-		target=debian-mipsel
-		;;
-        linux-*-mips64 | linux-mips64)
-               target=debian-mips64
-                ;;
-        linux-*-mips64el | linux-mips64el)
-               target=debian-mips64el
-                ;;
-	linux-microblaze*|linux-nios2*)
-		target=linux-generic32
-		;;
-	linux-powerpc)
-		target=linux-ppc
-		;;
-	linux-powerpc64)
-		target=linux-ppc64
-		;;
-	linux-supersparc)
-		target=linux-sparcv8
-		;;
-	linux-sparc)
-		target=linux-sparcv8
-		;;
-	darwin-i386)
-		target=darwin-i386-cc
-		;;
-	esac
-	# inject machine-specific flags
-	sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
-        useprefix=${prefix}
-        if [ "x$useprefix" = "x" ]; then
-                useprefix=/
-        fi        
-	perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
-}
-
-do_compile_prepend_class-target () {
-    sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
-}
-
-do_compile () {
-	oe_runmake depend
-	oe_runmake
-}
-
-do_compile_ptest () {
-	# build dependencies for test directory too
-	export DIRS="$DIRS test"
-	oe_runmake depend
-	oe_runmake buildtest
-}
-
-do_install () {
-	# Create ${D}/${prefix} to fix parallel issues
-	mkdir -p ${D}/${prefix}/
-
-	oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
-
-	oe_libinstall -so libcrypto ${D}${libdir}
-	oe_libinstall -so libssl ${D}${libdir}
-
-	install -d ${D}${includedir}
-	cp --dereference -R include/openssl ${D}${includedir}
-
-	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
-	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
-
-	oe_multilib_header openssl/opensslconf.h
-	if [ "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', d)}" = "perl" ]; then
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
-	else
-		rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
-	fi
-
-	# Create SSL structure
-	install -d ${D}${sysconfdir}/ssl/
-	mv ${D}${libdir}/ssl/openssl.cnf \
-	   ${D}${libdir}/ssl/certs \
-	   ${D}${libdir}/ssl/private \
-	   \
-	   ${D}${sysconfdir}/ssl/
-	ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
-	ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
-	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
-}
-
-do_install_ptest () {
-	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
-	cp Configure config e_os.h ${D}${PTEST_PATH}
-	cp -r -L include ${D}${PTEST_PATH}
-	ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
-	ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
-	mkdir -p ${D}${PTEST_PATH}/crypto
-	cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
-	cp -r certs ${D}${PTEST_PATH}
-	mkdir -p ${D}${PTEST_PATH}/apps
-	ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
-	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
-	ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
-	cp apps/server.pem              ${D}${PTEST_PATH}/apps
-	cp apps/server2.pem             ${D}${PTEST_PATH}/apps
-	mkdir -p ${D}${PTEST_PATH}/util
-	install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
-	install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
-	# Time stamps are relevant for "make alltests", otherwise
-	# make may try to recompile binaries. Not only must the
-	# binary files be newer than the sources, they also must
-	# be more recent than the header files in /usr/include.
-	#
-	# Using "cp -a" is not sufficient, because do_install
-	# does not preserve the original time stamps.
-	#
-	# So instead of using the original file stamps, we set
-	# the current time for all files. Binaries will get
-	# modified again later when stripping them, but that's okay.
-	touch ${D}${PTEST_PATH}
-	find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
-}
-
-do_install_append_class-native() {
-	create_wrapper ${D}${bindir}/openssl \
-	    OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
-	    SSL_CERT_DIR=${libdir}/ssl/certs \
-	    SSL_CERT_FILE=${libdir}/ssl/cert.pem \
-	    OPENSSL_ENGINES=${libdir}/ssl/engines
-}
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
new file mode 100644
index 0000000000..949c788344
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -0,0 +1,76 @@
+From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
+Date: Tue, 6 Nov 2018 14:50:47 +0100
+Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
+ info
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The openssl build system generates buildinf.h containing the full
+compiler command line used to compile objects. This breaks
+reproducibility, as the compile command is baked into libcrypto, where
+it is used when running `openssl version -f`.
+
+Add stripped build variables for the compiler and cflags lines, and use
+those when generating buildinfo.h.
+
+This is based on a similar patch for older openssl versions:
+https://patchwork.openembedded.org/patch/147229/
+
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Martin Hundebøll <martin@geanix.com>
+
+
+Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+---
+ Configurations/unix-Makefile.tmpl | 10 +++++++++-
+ crypto/build.info                 |  2 +-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 16af4d2087..54c162784c 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -317,13 +317,22 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+                          '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
+ BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
+ 
+-# CPPFLAGS_Q is used for one thing only: to build up buildinf.h
++# *_Q variables are used for one thing only: to build up buildinf.h
+ CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g;
+               $cppflags2 =~ s|([\\"])|\\$1|g;
+               $lib_cppflags =~ s|([\\"])|\\$1|g;
+               join(' ', $lib_cppflags || (), $cppflags2 || (),
+                         $cppflags1 || ()) -}
+ 
++CFLAGS_Q={- for (@{$config{CFLAGS}}) {
++              s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
++              s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
++            }
++            join(' ', @{$config{CFLAGS}}) -}
++
++CC_Q={- $config{CC} =~ s|--sysroot=[^ ]+|--sysroot=recipe-sysroot|g;
++        join(' ', $config{CC}) -}
++
+ PERLASM_SCHEME= {- $target{perlasm_scheme} -}
+ 
+ # For x86 assembler: Set PROCESSOR to 386 if you want to support
+diff --git a/crypto/build.info b/crypto/build.info
+index b515b7318e..8c9cee2a09 100644
+--- a/crypto/build.info
++++ b/crypto/build.info
+@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
+         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+ 
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
++GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
+ DEPEND[buildinf.h]=../configdata.pm
+ 
+ GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
+-- 
+2.19.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
new file mode 100644
index 0000000000..d8d9651b64
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
@@ -0,0 +1,46 @@
+From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 2 Oct 2018 23:58:24 +0800
+Subject: [PATCH] skip test_symbol_presence
+
+We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared'
+as INSTALL told us the shared libraries will not be built.
+
+[INSTALL snip]
+ Notes on shared libraries
+ -------------------------
+
+ For most systems the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl. On these systems
+ the shared libraries will be created by default. This can be suppressed and
+ only static libraries created by using the "no-shared" option. On systems
+ where OpenSSL does not know how to build shared libraries the "no-shared"
+ option will be forced and only static libraries will be created.
+[INSTALL snip]
+
+Hence directly modification the case to skip it.
+
+Upstream-Status: Inappropriate [OE Specific]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ test/recipes/01-test_symbol_presence.t | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index 7f2a2d7..0b93745 100644
+--- a/test/recipes/01-test_symbol_presence.t
++++ b/test/recipes/01-test_symbol_presence.t
+@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils;
+ 
+ setup("test_symbol_presence");
+ 
+-plan skip_all => "Only useful when building shared libraries"
+-    if disabled("shared");
++plan skip_all => "The case needs debug symbols then we just disable it";
+ 
+ my @libnames = ("crypto", "ssl");
+ my $testcount = scalar @libnames;
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
new file mode 100644
index 0000000000..0cc19cb5f4
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1551.patch
@@ -0,0 +1,758 @@
+From 419102400a2811582a7a3d4a4e317d72e5ce0a8f Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Wed, 4 Dec 2019 12:48:21 +0100
+Subject: [PATCH] Fix an overflow bug in rsaz_512_sqr
+
+There is an overflow bug in the x64_64 Montgomery squaring procedure used in
+exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis
+suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a
+result of this defect would be very difficult to perform and are not believed
+likely. Attacks against DH512 are considered just feasible. However, for an
+attack the target would have to re-use the DH512 private key, which is not
+recommended anyway. Also applications directly using the low level API
+BN_mod_exp may be affected if they use BN_FLG_CONSTTIME.
+
+CVE-2019-1551
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+(Merged from https://github.com/openssl/openssl/pull/10575)
+
+CVE: CVE-2019-1551
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ crypto/bn/asm/rsaz-x86_64.pl | 381 ++++++++++++++++++-----------------
+ 1 file changed, 197 insertions(+), 184 deletions(-)
+
+diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl
+index b1797b649f0..7534d5cd03e 100755
+--- a/crypto/bn/asm/rsaz-x86_64.pl
++++ b/crypto/bn/asm/rsaz-x86_64.pl
+@@ -116,7 +116,7 @@
+ 	subq	\$128+24, %rsp
+ .cfi_adjust_cfa_offset	128+24
+ .Lsqr_body:
+-	movq	$mod, %rbp		# common argument
++	movq	$mod, %xmm1		# common off-load
+ 	movq	($inp), %rdx
+ 	movq	8($inp), %rax
+ 	movq	$n0, 128(%rsp)
+@@ -134,7 +134,8 @@
+ .Loop_sqr:
+ 	movl	$times,128+8(%rsp)
+ #first iteration
+-	movq	%rdx, %rbx
++	movq	%rdx, %rbx		# 0($inp)
++	mov	%rax, %rbp		# 8($inp)
+ 	mulq	%rdx
+ 	movq	%rax, %r8
+ 	movq	16($inp), %rax
+@@ -173,31 +174,29 @@
+ 	mulq	%rbx
+ 	addq	%rax, %r14
+ 	movq	%rbx, %rax
+-	movq	%rdx, %r15
+-	adcq	\$0, %r15
++	adcq	\$0, %rdx
+ 
+-	addq	%r8, %r8		#shlq	\$1, %r8
+-	movq	%r9, %rcx
+-	adcq	%r9, %r9		#shld	\$1, %r8, %r9
++	xorq	%rcx,%rcx		# rcx:r8 = r8 << 1
++	addq	%r8, %r8
++	 movq	%rdx, %r15
++	adcq	\$0, %rcx
+ 
+ 	mulq	%rax
+-	movq	%rax, (%rsp)
+-	addq	%rdx, %r8
+-	adcq	\$0, %r9
++	addq	%r8, %rdx
++	adcq	\$0, %rcx
+ 
+-	movq	%r8, 8(%rsp)
+-	shrq	\$63, %rcx
++	movq	%rax, (%rsp)
++	movq	%rdx, 8(%rsp)
+ 
+ #second iteration
+-	movq	8($inp), %r8
+ 	movq	16($inp), %rax
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r10
+ 	movq	24($inp), %rax
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r11
+ 	movq	32($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -205,7 +204,7 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r12
+ 	movq	40($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -213,7 +212,7 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r13
+ 	movq	48($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -221,7 +220,7 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r14
+ 	movq	56($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -229,39 +228,39 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+-	mulq	%r8
++	mulq	%rbp
+ 	addq	%rax, %r15
+-	movq	%r8, %rax
++	movq	%rbp, %rax
+ 	adcq	\$0, %rdx
+ 	addq	%rbx, %r15
+-	movq	%rdx, %r8
+-	movq	%r10, %rdx
+-	adcq	\$0, %r8
++	adcq	\$0, %rdx
+ 
+-	add	%rdx, %rdx
+-	lea	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
+-	movq	%r11, %rbx
+-	adcq	%r11, %r11		#shld	\$1, %r10, %r11
++	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
++	addq	%r9, %r9
++	 movq	%rdx, %r8
++	adcq	%r10, %r10
++	adcq	\$0, %rbx
+ 
+ 	mulq	%rax
++	addq	%rcx, %rax
++	 movq	16($inp), %rbp
++	adcq	\$0, %rdx
+ 	addq	%rax, %r9
++	 movq	24($inp), %rax
+ 	adcq	%rdx, %r10
+-	adcq	\$0, %r11
++	adcq	\$0, %rbx
+ 
+ 	movq	%r9, 16(%rsp)
+ 	movq	%r10, 24(%rsp)
+-	shrq	\$63, %rbx
+ 
+ #third iteration
+-	movq	16($inp), %r9
+-	movq	24($inp), %rax
+-	mulq	%r9
++	mulq	%rbp
+ 	addq	%rax, %r12
+ 	movq	32($inp), %rax
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+-	mulq	%r9
++	mulq	%rbp
+ 	addq	%rax, %r13
+ 	movq	40($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -269,7 +268,7 @@
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+-	mulq	%r9
++	mulq	%rbp
+ 	addq	%rax, %r14
+ 	movq	48($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -277,9 +276,7 @@
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+-	mulq	%r9
+-	 movq	%r12, %r10
+-	 lea	(%rbx,%r12,2), %r12	#shld	\$1, %rbx, %r12
++	mulq	%rbp
+ 	addq	%rax, %r15
+ 	movq	56($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -287,36 +284,40 @@
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+-	mulq	%r9
+-	 shrq	\$63, %r10
++	mulq	%rbp
+ 	addq	%rax, %r8
+-	movq	%r9, %rax
++	movq	%rbp, %rax
+ 	adcq	\$0, %rdx
+ 	addq	%rcx, %r8
+-	movq	%rdx, %r9
+-	adcq	\$0, %r9
++	adcq	\$0, %rdx
+ 
+-	movq	%r13, %rcx
+-	leaq	(%r10,%r13,2), %r13	#shld	\$1, %r12, %r13
++	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
++	addq	%r11, %r11
++	 movq	%rdx, %r9
++	adcq	%r12, %r12
++	adcq	\$0, %rcx
+ 
+ 	mulq	%rax
++	addq	%rbx, %rax
++	 movq	24($inp), %r10
++	adcq	\$0, %rdx
+ 	addq	%rax, %r11
++	 movq	32($inp), %rax
+ 	adcq	%rdx, %r12
+-	adcq	\$0, %r13
++	adcq	\$0, %rcx
+ 
+ 	movq	%r11, 32(%rsp)
+ 	movq	%r12, 40(%rsp)
+-	shrq	\$63, %rcx
+ 
+ #fourth iteration
+-	movq	24($inp), %r10
+-	movq	32($inp), %rax
++	mov	%rax, %r11		# 32($inp)
+ 	mulq	%r10
+ 	addq	%rax, %r14
+ 	movq	40($inp), %rax
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
++	mov	%rax, %r12		# 40($inp)
+ 	mulq	%r10
+ 	addq	%rax, %r15
+ 	movq	48($inp), %rax
+@@ -325,9 +326,8 @@
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
++	mov	%rax, %rbp		# 48($inp)
+ 	mulq	%r10
+-	 movq	%r14, %r12
+-	 leaq	(%rcx,%r14,2), %r14	#shld	\$1, %rcx, %r14
+ 	addq	%rax, %r8
+ 	movq	56($inp), %rax
+ 	adcq	\$0, %rdx
+@@ -336,32 +336,33 @@
+ 	adcq	\$0, %rbx
+ 
+ 	mulq	%r10
+-	 shrq	\$63, %r12
+ 	addq	%rax, %r9
+ 	movq	%r10, %rax
+ 	adcq	\$0, %rdx
+ 	addq	%rbx, %r9
+-	movq	%rdx, %r10
+-	adcq	\$0, %r10
++	adcq	\$0, %rdx
+ 
+-	movq	%r15, %rbx
+-	leaq	(%r12,%r15,2),%r15	#shld	\$1, %r14, %r15
++	xorq	%rbx, %rbx		# rbx:r13:r14 = r13:r14 << 1
++	addq	%r13, %r13
++	 movq	%rdx, %r10
++	adcq	%r14, %r14
++	adcq	\$0, %rbx
+ 
+ 	mulq	%rax
++	addq	%rcx, %rax
++	adcq	\$0, %rdx
+ 	addq	%rax, %r13
++	 movq	%r12, %rax		# 40($inp)
+ 	adcq	%rdx, %r14
+-	adcq	\$0, %r15
++	adcq	\$0, %rbx
+ 
+ 	movq	%r13, 48(%rsp)
+ 	movq	%r14, 56(%rsp)
+-	shrq	\$63, %rbx
+ 
+ #fifth iteration
+-	movq	32($inp), %r11
+-	movq	40($inp), %rax
+ 	mulq	%r11
+ 	addq	%rax, %r8
+-	movq	48($inp), %rax
++	movq	%rbp, %rax		# 48($inp)
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
+@@ -369,97 +370,99 @@
+ 	addq	%rax, %r9
+ 	movq	56($inp), %rax
+ 	adcq	\$0, %rdx
+-	 movq	%r8, %r12
+-	 leaq	(%rbx,%r8,2), %r8	#shld	\$1, %rbx, %r8
+ 	addq	%rcx, %r9
+ 	movq	%rdx, %rcx
+ 	adcq	\$0, %rcx
+ 
++	mov	%rax, %r14		# 56($inp)
+ 	mulq	%r11
+-	 shrq	\$63, %r12
+ 	addq	%rax, %r10
+ 	movq	%r11, %rax
+ 	adcq	\$0, %rdx
+ 	addq	%rcx, %r10
+-	movq	%rdx, %r11
+-	adcq	\$0, %r11
++	adcq	\$0, %rdx
+ 
+-	movq	%r9, %rcx
+-	leaq	(%r12,%r9,2), %r9	#shld	\$1, %r8, %r9
++	xorq	%rcx, %rcx		# rcx:r8:r15 = r8:r15 << 1
++	addq	%r15, %r15
++	 movq	%rdx, %r11
++	adcq	%r8, %r8
++	adcq	\$0, %rcx
+ 
+ 	mulq	%rax
++	addq	%rbx, %rax
++	adcq	\$0, %rdx
+ 	addq	%rax, %r15
++	 movq	%rbp, %rax		# 48($inp)
+ 	adcq	%rdx, %r8
+-	adcq	\$0, %r9
++	adcq	\$0, %rcx
+ 
+ 	movq	%r15, 64(%rsp)
+ 	movq	%r8, 72(%rsp)
+-	shrq	\$63, %rcx
+ 
+ #sixth iteration
+-	movq	40($inp), %r12
+-	movq	48($inp), %rax
+ 	mulq	%r12
+ 	addq	%rax, %r10
+-	movq	56($inp), %rax
++	movq	%r14, %rax		# 56($inp)
+ 	movq	%rdx, %rbx
+ 	adcq	\$0, %rbx
+ 
+ 	mulq	%r12
+ 	addq	%rax, %r11
+ 	movq	%r12, %rax
+-	 movq	%r10, %r15
+-	 leaq	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
+ 	adcq	\$0, %rdx
+-	 shrq	\$63, %r15
+ 	addq	%rbx, %r11
+-	movq	%rdx, %r12
+-	adcq	\$0, %r12
++	adcq	\$0, %rdx
+ 
+-	movq	%r11, %rbx
+-	leaq	(%r15,%r11,2), %r11	#shld	\$1, %r10, %r11
++	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
++	addq	%r9, %r9
++	 movq	%rdx, %r12
++	adcq	%r10, %r10
++	adcq	\$0, %rbx
+ 
+ 	mulq	%rax
++	addq	%rcx, %rax
++	adcq	\$0, %rdx
+ 	addq	%rax, %r9
++	 movq	%r14, %rax		# 56($inp)
+ 	adcq	%rdx, %r10
+-	adcq	\$0, %r11
++	adcq	\$0, %rbx
+ 
+ 	movq	%r9, 80(%rsp)
+ 	movq	%r10, 88(%rsp)
+ 
+ #seventh iteration
+-	movq	48($inp), %r13
+-	movq	56($inp), %rax
+-	mulq	%r13
++	mulq	%rbp
+ 	addq	%rax, %r12
+-	movq	%r13, %rax
+-	movq	%rdx, %r13
+-	adcq	\$0, %r13
++	movq	%rbp, %rax
++	adcq	\$0, %rdx
+ 
+-	xorq	%r14, %r14
+-	shlq	\$1, %rbx
+-	adcq	%r12, %r12		#shld	\$1, %rbx, %r12
+-	adcq	%r13, %r13		#shld	\$1, %r12, %r13
+-	adcq	%r14, %r14		#shld	\$1, %r13, %r14
++	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
++	addq	%r11, %r11
++	 movq	%rdx, %r13
++	adcq	%r12, %r12
++	adcq	\$0, %rcx
+ 
+ 	mulq	%rax
++	addq	%rbx, %rax
++	adcq	\$0, %rdx
+ 	addq	%rax, %r11
++	 movq	%r14, %rax		# 56($inp)
+ 	adcq	%rdx, %r12
+-	adcq	\$0, %r13
++	adcq	\$0, %rcx
+ 
+ 	movq	%r11, 96(%rsp)
+ 	movq	%r12, 104(%rsp)
+ 
+ #eighth iteration
+-	movq	56($inp), %rax
++	xorq	%rbx, %rbx		# rbx:r13 = r13 << 1
++	addq	%r13, %r13
++	adcq	\$0, %rbx
++
+ 	mulq	%rax
+-	addq	%rax, %r13
++	addq	%rcx, %rax
+ 	adcq	\$0, %rdx
+-
+-	addq	%rdx, %r14
+-
+-	movq	%r13, 112(%rsp)
+-	movq	%r14, 120(%rsp)
++	addq	%r13, %rax
++	adcq	%rbx, %rdx
+ 
+ 	movq	(%rsp), %r8
+ 	movq	8(%rsp), %r9
+@@ -469,6 +472,10 @@
+ 	movq	40(%rsp), %r13
+ 	movq	48(%rsp), %r14
+ 	movq	56(%rsp), %r15
++	movq	%xmm1, %rbp
++
++	movq	%rax, 112(%rsp)
++	movq	%rdx, 120(%rsp)
+ 
+ 	call	__rsaz_512_reduce
+ 
+@@ -500,9 +507,9 @@
+ .Loop_sqrx:
+ 	movl	$times,128+8(%rsp)
+ 	movq	$out, %xmm0		# off-load
+-	movq	%rbp, %xmm1		# off-load
+ #first iteration
+ 	mulx	%rax, %r8, %r9
++	mov	%rax, %rbx
+ 
+ 	mulx	16($inp), %rcx, %r10
+ 	xor	%rbp, %rbp		# cf=0, of=0
+@@ -510,40 +517,39 @@
+ 	mulx	24($inp), %rax, %r11
+ 	adcx	%rcx, %r9
+ 
+-	mulx	32($inp), %rcx, %r12
++	.byte	0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00	# mulx	32($inp), %rcx, %r12
+ 	adcx	%rax, %r10
+ 
+-	mulx	40($inp), %rax, %r13
++	.byte	0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00	# mulx	40($inp), %rax, %r13
+ 	adcx	%rcx, %r11
+ 
+-	.byte	0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($inp), %rcx, %r14
++	mulx	48($inp), %rcx, %r14
+ 	adcx	%rax, %r12
+ 	adcx	%rcx, %r13
+ 
+-	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r15
++	mulx	56($inp), %rax, %r15
+ 	adcx	%rax, %r14
+ 	adcx	%rbp, %r15		# %rbp is 0
+ 
+-	mov	%r9, %rcx
+-	shld	\$1, %r8, %r9
+-	shl	\$1, %r8
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
+-	adcx	%rdx, %r8
+-	 mov	8($inp), %rdx
+-	adcx	%rbp, %r9
++	mulx	%rdx, %rax, $out
++	 mov	%rbx, %rdx		# 8($inp)
++	xor	%rcx, %rcx
++	adox	%r8, %r8
++	adcx	$out, %r8
++	adox	%rbp, %rcx
++	adcx	%rbp, %rcx
+ 
+ 	mov	%rax, (%rsp)
+ 	mov	%r8, 8(%rsp)
+ 
+ #second iteration
+-	mulx	16($inp), %rax, %rbx
++	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00	# mulx	16($inp), %rax, %rbx
+ 	adox	%rax, %r10
+ 	adcx	%rbx, %r11
+ 
+-	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r8
++	mulx	24($inp), $out, %r8
+ 	adox	$out, %r11
++	.byte	0x66
+ 	adcx	%r8, %r12
+ 
+ 	mulx	32($inp), %rax, %rbx
+@@ -561,24 +567,25 @@
+ 	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r8
+ 	adox	$out, %r15
+ 	adcx	%rbp, %r8
++	 mulx	%rdx, %rax, $out
+ 	adox	%rbp, %r8
++	 .byte	0x48,0x8b,0x96,0x10,0x00,0x00,0x00		# mov	16($inp), %rdx
+ 
+-	mov	%r11, %rbx
+-	shld	\$1, %r10, %r11
+-	shld	\$1, %rcx, %r10
+-
+-	xor	%ebp,%ebp
+-	mulx	%rdx, %rax, %rcx
+-	 mov	16($inp), %rdx
++	xor	%rbx, %rbx
++	adcx	%rcx, %rax
++	adox	%r9, %r9
++	adcx	%rbp, $out
++	adox	%r10, %r10
+ 	adcx	%rax, %r9
+-	adcx	%rcx, %r10
+-	adcx	%rbp, %r11
++	adox	%rbp, %rbx
++	adcx	$out, %r10
++	adcx	%rbp, %rbx
+ 
+ 	mov	%r9, 16(%rsp)
+ 	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
+ 
+ #third iteration
+-	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
++	mulx	24($inp), $out, %r9
+ 	adox	$out, %r12
+ 	adcx	%r9, %r13
+ 
+@@ -586,7 +593,7 @@
+ 	adox	%rax, %r13
+ 	adcx	%rcx, %r14
+ 
+-	mulx	40($inp), $out, %r9
++	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r9
+ 	adox	$out, %r14
+ 	adcx	%r9, %r15
+ 
+@@ -594,27 +601,28 @@
+ 	adox	%rax, %r15
+ 	adcx	%rcx, %r8
+ 
+-	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r9
++	mulx	56($inp), $out, %r9
+ 	adox	$out, %r8
+ 	adcx	%rbp, %r9
++	 mulx	%rdx, %rax, $out
+ 	adox	%rbp, %r9
++	 mov	24($inp), %rdx
+ 
+-	mov	%r13, %rcx
+-	shld	\$1, %r12, %r13
+-	shld	\$1, %rbx, %r12
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
++	xor	%rcx, %rcx
++	adcx	%rbx, %rax
++	adox	%r11, %r11
++	adcx	%rbp, $out
++	adox	%r12, %r12
+ 	adcx	%rax, %r11
+-	adcx	%rdx, %r12
+-	 mov	24($inp), %rdx
+-	adcx	%rbp, %r13
++	adox	%rbp, %rcx
++	adcx	$out, %r12
++	adcx	%rbp, %rcx
+ 
+ 	mov	%r11, 32(%rsp)
+-	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
++	mov	%r12, 40(%rsp)
+ 
+ #fourth iteration
+-	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
++	mulx	32($inp), %rax, %rbx
+ 	adox	%rax, %r14
+ 	adcx	%rbx, %r15
+ 
+@@ -629,25 +637,25 @@
+ 	mulx	56($inp), $out, %r10
+ 	adox	$out, %r9
+ 	adcx	%rbp, %r10
++	 mulx	%rdx, %rax, $out
+ 	adox	%rbp, %r10
++	 mov	32($inp), %rdx
+ 
+-	.byte	0x66
+-	mov	%r15, %rbx
+-	shld	\$1, %r14, %r15
+-	shld	\$1, %rcx, %r14
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
++	xor	%rbx, %rbx
++	adcx	%rcx, %rax
++	adox	%r13, %r13
++	adcx	%rbp, $out
++	adox	%r14, %r14
+ 	adcx	%rax, %r13
+-	adcx	%rdx, %r14
+-	 mov	32($inp), %rdx
+-	adcx	%rbp, %r15
++	adox	%rbp, %rbx
++	adcx	$out, %r14
++	adcx	%rbp, %rbx
+ 
+ 	mov	%r13, 48(%rsp)
+ 	mov	%r14, 56(%rsp)
+ 
+ #fifth iteration
+-	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
++	mulx	40($inp), $out, %r11
+ 	adox	$out, %r8
+ 	adcx	%r11, %r9
+ 
+@@ -658,18 +666,19 @@
+ 	mulx	56($inp), $out, %r11
+ 	adox	$out, %r10
+ 	adcx	%rbp, %r11
++	 mulx	%rdx, %rax, $out
++	 mov	40($inp), %rdx
+ 	adox	%rbp, %r11
+ 
+-	mov	%r9, %rcx
+-	shld	\$1, %r8, %r9
+-	shld	\$1, %rbx, %r8
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
++	xor	%rcx, %rcx
++	adcx	%rbx, %rax
++	adox	%r15, %r15
++	adcx	%rbp, $out
++	adox	%r8, %r8
+ 	adcx	%rax, %r15
+-	adcx	%rdx, %r8
+-	 mov	40($inp), %rdx
+-	adcx	%rbp, %r9
++	adox	%rbp, %rcx
++	adcx	$out, %r8
++	adcx	%rbp, %rcx
+ 
+ 	mov	%r15, 64(%rsp)
+ 	mov	%r8, 72(%rsp)
+@@ -682,18 +691,19 @@
+ 	.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r12
+ 	adox	$out, %r11
+ 	adcx	%rbp, %r12
++	 mulx	%rdx, %rax, $out
+ 	adox	%rbp, %r12
++	 mov	48($inp), %rdx
+ 
+-	mov	%r11, %rbx
+-	shld	\$1, %r10, %r11
+-	shld	\$1, %rcx, %r10
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
++	xor	%rbx, %rbx
++	adcx	%rcx, %rax
++	adox	%r9, %r9
++	adcx	%rbp, $out
++	adox	%r10, %r10
+ 	adcx	%rax, %r9
+-	adcx	%rdx, %r10
+-	 mov	48($inp), %rdx
+-	adcx	%rbp, %r11
++	adcx	$out, %r10
++	adox	%rbp, %rbx
++	adcx	%rbp, %rbx
+ 
+ 	mov	%r9, 80(%rsp)
+ 	mov	%r10, 88(%rsp)
+@@ -703,31 +713,31 @@
+ 	adox	%rax, %r12
+ 	adox	%rbp, %r13
+ 
+-	xor	%r14, %r14
+-	shld	\$1, %r13, %r14
+-	shld	\$1, %r12, %r13
+-	shld	\$1, %rbx, %r12
+-
+-	xor	%ebp, %ebp
+-	mulx	%rdx, %rax, %rdx
+-	adcx	%rax, %r11
+-	adcx	%rdx, %r12
++	mulx	%rdx, %rax, $out
++	xor	%rcx, %rcx
+ 	 mov	56($inp), %rdx
+-	adcx	%rbp, %r13
++	adcx	%rbx, %rax
++	adox	%r11, %r11
++	adcx	%rbp, $out
++	adox	%r12, %r12
++	adcx	%rax, %r11
++	adox	%rbp, %rcx
++	adcx	$out, %r12
++	adcx	%rbp, %rcx
+ 
+ 	.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00		# mov	%r11, 96(%rsp)
+ 	.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00		# mov	%r12, 104(%rsp)
+ 
+ #eighth iteration
+ 	mulx	%rdx, %rax, %rdx
+-	adox	%rax, %r13
+-	adox	%rbp, %rdx
++	xor	%rbx, %rbx
++	adcx	%rcx, %rax
++	adox	%r13, %r13
++	adcx	%rbp, %rdx
++	adox	%rbp, %rbx
++	adcx	%r13, %rax
++	adcx	%rdx, %rbx
+ 
+-	.byte	0x66
+-	add	%rdx, %r14
+-
+-	movq	%r13, 112(%rsp)
+-	movq	%r14, 120(%rsp)
+ 	movq	%xmm0, $out
+ 	movq	%xmm1, %rbp
+ 
+@@ -741,6 +751,9 @@
+ 	movq	48(%rsp), %r14
+ 	movq	56(%rsp), %r15
+ 
++	movq	%rax, 112(%rsp)
++	movq	%rbx, 120(%rsp)
++
+ 	call	__rsaz_512_reducex
+ 
+ 	addq	64(%rsp), %r8
diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
deleted file mode 100644
index 249446a5bd..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
-cross-compiled.
-
-Signed-off-by: Anders Roxell <anders.roxell@enea.com>
-Signed-off-by: Maxin B. John <maxin.john@enea.com>
-Upstream-Status: Pending
----
-Index: openssl-1.0.2/Makefile.org
-===================================================================
---- openssl-1.0.2.orig/Makefile.org
-+++ openssl-1.0.2/Makefile.org
-@@ -451,8 +451,16 @@ rehash.time: certs apps
- test:   tests
- 
- tests: rehash
-+	$(MAKE) buildtest
-+	$(MAKE) runtest
-+
-+buildtest:
-+	@(cd test && \
-+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
-+
-+runtest:
- 	@(cd test && echo "testing..." && \
--	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
- 	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
- 
- report:
-Index: openssl-1.0.2/test/Makefile
-===================================================================
---- openssl-1.0.2.orig/test/Makefile
-+++ openssl-1.0.2/test/Makefile
-@@ -137,7 +137,7 @@ tests:	exe apps $(TESTS)
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
- 
--alltests: \
-+all-tests= \
- 	test_des test_idea test_sha test_md4 test_md5 test_hmac \
- 	test_md2 test_mdc2 test_wp \
- 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
-@@ -148,6 +148,11 @@ alltests: \
- 	test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
- 	test_constant_time
- 
-+alltests:
-+	@(for i in $(all-tests); do \
-+	( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
-+	done)
-+
- test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
- 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
- 
-@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
- 	echo test second x509v3 certificate
- 	sh ./tx509 v3-cert2.pem 2>/dev/null
- 
--test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
-+test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
- 	@sh ./trsa 2>/dev/null
- 	../util/shlib_wrap.sh ./$(RSATEST)
- 
-@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
- 	  sh ./testtsa; \
- 	fi
- 
--test_ige: $(IGETEST)$(EXE_EXT)
-+test_ige:
- 	@echo "Test IGE mode"
- 	../util/shlib_wrap.sh ./$(IGETEST)
- 
--test_jpake: $(JPAKETEST)$(EXE_EXT)
-+test_jpake:
- 	@echo "Test JPAKE"
- 	../util/shlib_wrap.sh ./$(JPAKETEST)
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
new file mode 100644
index 0000000000..b7c0e9697f
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -0,0 +1,31 @@
+Don't refuse to build afalgeng if cross-compiling or the host kernel is too old.
+
+Upstream-Status: Submitted [hhttps://github.com/openssl/openssl/pull/7688]
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/Configure b/Configure
+index 3baa8ce..9ef52ed 100755
+--- a/Configure
++++ b/Configure
+@@ -1550,20 +1550,7 @@ unless ($disabled{"crypto-mdebug-backtrace"})
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+     if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+-        my $minver = 4*10000 + 1*100 + 0;
+-        if ($config{CROSS_COMPILE} eq "") {
+-            my $verstr = `uname -r`;
+-            my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+-            ($mi2) = $mi2 =~ /(\d+)/;
+-            my $ver = $ma*10000 + $mi1*100 + $mi2;
+-            if ($ver < $minver) {
+-                disable('too-old-kernel', 'afalgeng');
+-            } else {
+-                push @{$config{engdirs}}, "afalg";
+-            }
+-        } else {
+-            disable('cross-compiling', 'afalgeng');
+-        }
++        push @{$config{engdirs}}, "afalg";
+     } else {
+         disable('not-linux', 'afalgeng');
+     }
diff --git a/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch b/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch
deleted file mode 100644
index 613dc7b71c..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/configure-musl-target.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Add musl triplet support
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: openssl-1.0.2a/Configure
-===================================================================
---- openssl-1.0.2a.orig/Configure
-+++ openssl-1.0.2a/Configure
-@@ -431,7 +431,7 @@ my %table=(
- #
- #       ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
- #
--"linux-armv4",	"gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- # Configure script adds minimally required -march for assembly support,
- # if no -march was specified at command line. mips32 and mips64 below
-@@ -504,6 +504,8 @@ my %table=(
- "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- 
- "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
deleted file mode 100644
index 691e74afbd..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/configure-targets.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Upstream-Status: Inappropriate [embedded specific]
-
-The number of colons are important :)
-
-
----
- Configure |   16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-Index: openssl-1.0.2a/Configure
-===================================================================
---- openssl-1.0.2a.orig/Configure
-+++ openssl-1.0.2a/Configure
-@@ -443,6 +443,23 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- 
-+ 
-+# Linux on ARM
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-uclibceabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
-+"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
-+
-+#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Android: linux-* but without pointers to headers and libs.
- "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
deleted file mode 100644
index 68e54d561e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
-From: Ludwig Nussel <ludwig.nussel@suse.de>
-Date: Wed, 21 Apr 2010 15:52:10 +0200
-Subject: [PATCH] also create old hash for compatibility
-
-Upstream-Status: Backport [debian]
-
-diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index b086ff9..b777d79 100644
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
-@@ -8,8 +8,6 @@ my $prefix;
- 
- my $openssl = $ENV{OPENSSL} || "openssl";
- my $pwd;
--my $x509hash = "-subject_hash";
--my $crlhash = "-hash";
- my $verbose = 0;
- my $symlink_exists=eval {symlink("",""); 1};
- my $removelinks = 1;
-@@ -18,10 +16,7 @@ my $removelinks = 1;
- while ( $ARGV[0] =~ /^-/ ) {
-     my $flag = shift @ARGV;
-     last if ( $flag eq '--');
--    if ( $flag eq '-old') {
--	    $x509hash = "-subject_hash_old";
--	    $crlhash = "-hash_old";
--    } elsif ( $flag eq '-h') {
-+    if ( $flag eq '-h') {
- 	    help();
-     } elsif ( $flag eq '-n' ) {
- 	    $removelinks = 0;
-@@ -113,7 +108,9 @@ sub hash_dir {
- 			next;
- 		}
- 		link_hash_cert($fname) if($cert);
-+		link_hash_cert_old($fname) if($cert);
- 		link_hash_crl($fname) if($crl);
-+		link_hash_crl_old($fname) if($crl);
- 	}
- }
- 
-@@ -146,6 +143,7 @@ sub check_file {
- 
- sub link_hash_cert {
- 		my $fname = $_[0];
-+		my $x509hash = $_[1] || '-subject_hash';
- 		$fname =~ s/'/'\\''/g;
- 		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
- 		chomp $hash;
-@@ -176,11 +174,21 @@ sub link_hash_cert {
- 		$hashlist{$hash} = $fprint;
- }
- 
-+sub link_hash_cert_old {
-+		link_hash_cert($_[0], '-subject_hash_old');
-+}
-+
-+sub link_hash_crl_old {
-+		link_hash_crl($_[0], '-hash_old');
-+}
-+
-+
- # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
- 
- sub link_hash_crl {
- 		my $fname = $_[0];
-+		my $crlhash = $_[1] || "-hash";
- 		$fname =~ s/'/'\\''/g;
- 		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
- 		chomp $hash;
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
deleted file mode 100644
index fb745e4394..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-0.9.8m/apps/CA.pl.in
-===================================================================
---- openssl-0.9.8m.orig/apps/CA.pl.in	2006-04-28 00:28:51.000000000 +0000
-+++ openssl-0.9.8m/apps/CA.pl.in	2010-02-27 00:36:51.000000000 +0000
-@@ -65,6 +65,7 @@
- foreach (@ARGV) {
- 	if ( /^(-\?|-h|-help)$/ ) {
- 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
-+	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- 	    exit 0;
- 	} elsif (/^-newcert$/) {
- 	    # create a certificate
-@@ -165,6 +166,7 @@
- 	} else {
- 	    print STDERR "Unknown arg $_\n";
- 	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+	    print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- 	    exit 1;
- 	}
- }
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
deleted file mode 100644
index 39d4328184..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.2/Configure
-===================================================================
---- openssl-1.0.2.orig/Configure
-+++ openssl-1.0.2/Configure
-@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
- 
- my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
- 
-+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
-+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
-+$debian_cflags =~ s/\n/ /g;
-+
- my $strict_warnings = 0;
- 
- my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -343,6 +347,55 @@ my %table=(
- "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
- "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
- 
-+# Debian GNU/* (various architectures)
-+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32",   "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32el",   "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64",   "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64el",   "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-i386",	"gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-m68k",	"gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-sparc",	"gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
-+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
-+
- ####
- #### Variety of LINUX:-)
- ####
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
deleted file mode 100644
index 4085e3b1d7..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/man-dir.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.org
-===================================================================
---- openssl-1.0.0c.orig/Makefile.org	2010-12-12 16:11:27.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org	2010-12-12 16:11:37.000000000 +0100
-@@ -131,7 +131,7 @@
- 
- MAKEFILE= Makefile
- 
--MANDIR=$(OPENSSLDIR)/man
-+MANDIR=/usr/share/man
- MAN1=1
- MAN3=3
- MANSUFFIX=
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
deleted file mode 100644
index 21c1d1a4eb..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/man-section.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.org
-===================================================================
---- openssl-1.0.0c.orig/Makefile.org	2010-12-12 16:11:37.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org	2010-12-12 16:13:28.000000000 +0100
-@@ -160,7 +160,8 @@
- MANDIR=/usr/share/man
- MAN1=1
- MAN3=3
--MANSUFFIX=
-+MANSUFFIX=ssl
-+MANSECTION=SSL
- HTMLSUFFIX=html
- HTMLDIR=$(OPENSSLDIR)/html
- SHELL=/bin/sh
-@@ -651,7 +652,7 @@
- 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- 		(cd `$(PERL) util/dirname.pl $$i`; \
- 		sh -c "$$pod2man \
--			--section=$$sec --center=OpenSSL \
-+			--section=$${sec}$(MANSECTION) --center=OpenSSL \
- 			--release=$(VERSION) `basename $$i`") \
- 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- 		$(PERL) util/extract-names.pl < $$i | \
-@@ -668,7 +669,7 @@
- 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- 		(cd `$(PERL) util/dirname.pl $$i`; \
- 		sh -c "$$pod2man \
--			--section=$$sec --center=OpenSSL \
-+			--section=$${sec}$(MANSECTION) --center=OpenSSL \
- 			--release=$(VERSION) `basename $$i`") \
- 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- 		$(PERL) util/extract-names.pl < $$i | \
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
deleted file mode 100644
index 1ccb3b86ee..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/no-rpath.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.shared
-===================================================================
---- openssl-1.0.0c.orig/Makefile.shared	2010-08-21 13:36:49.000000000 +0200
-+++ openssl-1.0.0c/Makefile.shared	2010-12-12 16:13:36.000000000 +0100
-@@ -153,7 +153,7 @@
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
- #This is rather special.  It's a special target with which one can link
- #applications without bothering with any features that have anything to
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
deleted file mode 100644
index cc4408ab7d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/no-symbolic.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.shared
-===================================================================
---- openssl-1.0.0c.orig/Makefile.shared	2010-12-12 16:13:36.000000000 +0100
-+++ openssl-1.0.0c/Makefile.shared	2010-12-12 16:13:44.000000000 +0100
-@@ -151,7 +151,7 @@
- 	SHLIB_SUFFIX=; \
- 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
--	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
- DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
deleted file mode 100644
index bfda3888bf..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/pic.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl	2001-10-24 23:20:56.000000000 +0200
-+++ openssl-1.0.1c/crypto/des/asm/desboth.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -16,6 +16,11 @@
- 
- 	&push("edi");
- 
-+	&call   (&label("pic_point0"));
-+	&set_label("pic_point0");
-+	&blindpop("ebp");
-+	&add    ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+
- 	&comment("");
- 	&comment("Load the data words");
- 	&mov($L,&DWP(0,"ebx","",0));
-@@ -47,15 +52,21 @@
- 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
- 	&mov(&swtmp(1),	"eax");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
- 	&mov(&swtmp(1),	"edi");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
- 	&mov(&swtmp(1),	"esi");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 
- 	&stack_pop(3);
- 	&mov($L,&DWP(0,"ebx","",0));
-Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl	2011-07-13 08:22:46.000000000 +0200
-+++ openssl-1.0.1c/crypto/perlasm/cbc.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -122,7 +122,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($enc_func);
-+	&call	(&label("pic_point0"));
-+	&set_label("pic_point0");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+	&call("$enc_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));
-@@ -185,7 +189,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($enc_func);
-+	&call	(&label("pic_point1"));
-+	&set_label("pic_point1");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
-+	&call("$enc_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));
-@@ -218,7 +226,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($dec_func);
-+	&call	(&label("pic_point2"));
-+	&set_label("pic_point2");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
-+	&call("$dec_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
-@@ -261,7 +273,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($dec_func);
-+	&call	(&label("pic_point3"));
-+	&set_label("pic_point3");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
-+	&call("$dec_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
-Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl	2011-12-09 20:16:35.000000000 +0100
-+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -161,6 +161,7 @@
- 	if ($::macosx)	{ push (@out,"$tmp,2\n"); }
- 	elsif ($::elf)	{ push (@out,"$tmp,4\n"); }
- 	else		{ push (@out,"$tmp\n"); }
-+	if ($::elf)	{ push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
-     }
-     push(@out,$initseg) if ($initseg);
- }
-@@ -218,8 +219,23 @@
-     elsif ($::elf)
-     {	$initseg.=<<___;
- .section	.init
-+___
-+        if ($::pic)
-+	{   $initseg.=<<___;
-+	pushl	%ebx
-+	call	.pic_point0
-+.pic_point0:
-+	popl	%ebx
-+	addl	\$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
-+	call	$f\@PLT
-+	popl	%ebx
-+___
-+	}
-+	else
-+	{   $initseg.=<<___;
- 	call	$f
- ___
-+	}
-     }
-     elsif ($::coff)
-     {   $initseg.=<<___;	# applies to both Cygwin and Mingw
-Index: openssl-1.0.1c/crypto/x86cpuid.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/x86cpuid.pl	2012-02-28 15:20:34.000000000 +0100
-+++ openssl-1.0.1c/crypto/x86cpuid.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -8,6 +8,8 @@
- 
- for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- 
-+push(@out, ".hidden OPENSSL_ia32cap_P\n");
-+
- &function_begin("OPENSSL_ia32_cpuid");
- 	&xor	("edx","edx");
- 	&pushf	();
-@@ -139,9 +141,7 @@
- &set_label("nocpuid");
- &function_end("OPENSSL_ia32_cpuid");
- 
--&external_label("OPENSSL_ia32cap_P");
--
--&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_rdtsc");
- 	&xor	("eax","eax");
- 	&xor	("edx","edx");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -155,7 +155,7 @@
- # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
- # but it's safe to call it on any [supported] 32-bit platform...
- # Just check for [non-]zero return value...
--&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_instrument_halt");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
- 	&bt	(&DWP(0,"ecx"),4);
- 	&jnc	(&label("nohalt"));	# no TSC
-@@ -222,7 +222,7 @@
- 	&ret	();
- &function_end_B("OPENSSL_far_spin");
- 
--&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_wipe_cpu");
- 	&xor	("eax","eax");
- 	&xor	("edx","edx");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
deleted file mode 100644
index a24918000a..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
+++ /dev/null
@@ -1,4663 +0,0 @@
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
-===================================================================
---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure	2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure	2014-02-24 21:02:30.000000000 +0100
-@@ -1651,6 +1651,8 @@
- 		}
- 	}
- 
-+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
-+
- open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
- unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
- open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4615 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		BIO_f_ssl;
-+		BIO_new_buffer_ssl_connect;
-+		BIO_new_ssl;
-+		BIO_new_ssl_connect;
-+		BIO_proxy_ssl_copy_session_id;
-+		BIO_ssl_copy_session_id;
-+		BIO_ssl_shutdown;
-+		d2i_SSL_SESSION;
-+		DTLSv1_client_method;
-+		DTLSv1_method;
-+		DTLSv1_server_method;
-+		ERR_load_SSL_strings;
-+		i2d_SSL_SESSION;
-+		kssl_build_principal_2;
-+		kssl_cget_tkt;
-+		kssl_check_authent;
-+		kssl_ctx_free;
-+		kssl_ctx_new;
-+		kssl_ctx_setkey;
-+		kssl_ctx_setprinc;
-+		kssl_ctx_setstring;
-+		kssl_ctx_show;
-+		kssl_err_set;
-+		kssl_krb5_free_data_contents;
-+		kssl_sget_tkt;
-+		kssl_skip_confound;
-+		kssl_validate_times;
-+		PEM_read_bio_SSL_SESSION;
-+		PEM_read_SSL_SESSION;
-+		PEM_write_bio_SSL_SESSION;
-+		PEM_write_SSL_SESSION;
-+		SSL_accept;
-+		SSL_add_client_CA;
-+		SSL_add_dir_cert_subjects_to_stack;
-+		SSL_add_dir_cert_subjs_to_stk;
-+		SSL_add_file_cert_subjects_to_stack;
-+		SSL_add_file_cert_subjs_to_stk;
-+		SSL_alert_desc_string;
-+		SSL_alert_desc_string_long;
-+		SSL_alert_type_string;
-+		SSL_alert_type_string_long;
-+		SSL_callback_ctrl;
-+		SSL_check_private_key;
-+		SSL_CIPHER_description;
-+		SSL_CIPHER_get_bits;
-+		SSL_CIPHER_get_name;
-+		SSL_CIPHER_get_version;
-+		SSL_clear;
-+		SSL_COMP_add_compression_method;
-+		SSL_COMP_get_compression_methods;
-+		SSL_COMP_get_compress_methods;
-+		SSL_COMP_get_name;
-+		SSL_connect;
-+		SSL_copy_session_id;
-+		SSL_ctrl;
-+		SSL_CTX_add_client_CA;
-+		SSL_CTX_add_session;
-+		SSL_CTX_callback_ctrl;
-+		SSL_CTX_check_private_key;
-+		SSL_CTX_ctrl;
-+		SSL_CTX_flush_sessions;
-+		SSL_CTX_free;
-+		SSL_CTX_get_cert_store;
-+		SSL_CTX_get_client_CA_list;
-+		SSL_CTX_get_client_cert_cb;
-+		SSL_CTX_get_ex_data;
-+		SSL_CTX_get_ex_new_index;
-+		SSL_CTX_get_info_callback;
-+		SSL_CTX_get_quiet_shutdown;
-+		SSL_CTX_get_timeout;
-+		SSL_CTX_get_verify_callback;
-+		SSL_CTX_get_verify_depth;
-+		SSL_CTX_get_verify_mode;
-+		SSL_CTX_load_verify_locations;
-+		SSL_CTX_new;
-+		SSL_CTX_remove_session;
-+		SSL_CTX_sess_get_get_cb;
-+		SSL_CTX_sess_get_new_cb;
-+		SSL_CTX_sess_get_remove_cb;
-+		SSL_CTX_sessions;
-+		SSL_CTX_sess_set_get_cb;
-+		SSL_CTX_sess_set_new_cb;
-+		SSL_CTX_sess_set_remove_cb;
-+		SSL_CTX_set1_param;
-+		SSL_CTX_set_cert_store;
-+		SSL_CTX_set_cert_verify_callback;
-+		SSL_CTX_set_cert_verify_cb;
-+		SSL_CTX_set_cipher_list;
-+		SSL_CTX_set_client_CA_list;
-+		SSL_CTX_set_client_cert_cb;
-+		SSL_CTX_set_client_cert_engine;
-+		SSL_CTX_set_cookie_generate_cb;
-+		SSL_CTX_set_cookie_verify_cb;
-+		SSL_CTX_set_default_passwd_cb;
-+		SSL_CTX_set_default_passwd_cb_userdata;
-+		SSL_CTX_set_default_verify_paths;
-+		SSL_CTX_set_def_passwd_cb_ud;
-+		SSL_CTX_set_def_verify_paths;
-+		SSL_CTX_set_ex_data;
-+		SSL_CTX_set_generate_session_id;
-+		SSL_CTX_set_info_callback;
-+		SSL_CTX_set_msg_callback;
-+		SSL_CTX_set_psk_client_callback;
-+		SSL_CTX_set_psk_server_callback;
-+		SSL_CTX_set_purpose;
-+		SSL_CTX_set_quiet_shutdown;
-+		SSL_CTX_set_session_id_context;
-+		SSL_CTX_set_ssl_version;
-+		SSL_CTX_set_timeout;
-+		SSL_CTX_set_tmp_dh_callback;
-+		SSL_CTX_set_tmp_ecdh_callback;
-+		SSL_CTX_set_tmp_rsa_callback;
-+		SSL_CTX_set_trust;
-+		SSL_CTX_set_verify;
-+		SSL_CTX_set_verify_depth;
-+		SSL_CTX_use_cert_chain_file;
-+		SSL_CTX_use_certificate;
-+		SSL_CTX_use_certificate_ASN1;
-+		SSL_CTX_use_certificate_chain_file;
-+		SSL_CTX_use_certificate_file;
-+		SSL_CTX_use_PrivateKey;
-+		SSL_CTX_use_PrivateKey_ASN1;
-+		SSL_CTX_use_PrivateKey_file;
-+		SSL_CTX_use_psk_identity_hint;
-+		SSL_CTX_use_RSAPrivateKey;
-+		SSL_CTX_use_RSAPrivateKey_ASN1;
-+		SSL_CTX_use_RSAPrivateKey_file;
-+		SSL_do_handshake;
-+		SSL_dup;
-+		SSL_dup_CA_list;
-+		SSLeay_add_ssl_algorithms;
-+		SSL_free;
-+		SSL_get1_session;
-+		SSL_get_certificate;
-+		SSL_get_cipher_list;
-+		SSL_get_ciphers;
-+		SSL_get_client_CA_list;
-+		SSL_get_current_cipher;
-+		SSL_get_current_compression;
-+		SSL_get_current_expansion;
-+		SSL_get_default_timeout;
-+		SSL_get_error;
-+		SSL_get_ex_data;
-+		SSL_get_ex_data_X509_STORE_CTX_idx;
-+		SSL_get_ex_d_X509_STORE_CTX_idx;
-+		SSL_get_ex_new_index;
-+		SSL_get_fd;
-+		SSL_get_finished;
-+		SSL_get_info_callback;
-+		SSL_get_peer_cert_chain;
-+		SSL_get_peer_certificate;
-+		SSL_get_peer_finished;
-+		SSL_get_privatekey;
-+		SSL_get_psk_identity;
-+		SSL_get_psk_identity_hint;
-+		SSL_get_quiet_shutdown;
-+		SSL_get_rbio;
-+		SSL_get_read_ahead;
-+		SSL_get_rfd;
-+		SSL_get_servername;
-+		SSL_get_servername_type;
-+		SSL_get_session;
-+		SSL_get_shared_ciphers;
-+		SSL_get_shutdown;
-+		SSL_get_SSL_CTX;
-+		SSL_get_ssl_method;
-+		SSL_get_verify_callback;
-+		SSL_get_verify_depth;
-+		SSL_get_verify_mode;
-+		SSL_get_verify_result;
-+		SSL_get_version;
-+		SSL_get_wbio;
-+		SSL_get_wfd;
-+		SSL_has_matching_session_id;
-+		SSL_library_init;
-+		SSL_load_client_CA_file;
-+		SSL_load_error_strings;
-+		SSL_new;
-+		SSL_peek;
-+		SSL_pending;
-+		SSL_read;
-+		SSL_renegotiate;
-+		SSL_renegotiate_pending;
-+		SSL_rstate_string;
-+		SSL_rstate_string_long;
-+		SSL_SESSION_cmp;
-+		SSL_SESSION_free;
-+		SSL_SESSION_get_ex_data;
-+		SSL_SESSION_get_ex_new_index;
-+		SSL_SESSION_get_id;
-+		SSL_SESSION_get_time;
-+		SSL_SESSION_get_timeout;
-+		SSL_SESSION_hash;
-+		SSL_SESSION_new;
-+		SSL_SESSION_print;
-+		SSL_SESSION_print_fp;
-+		SSL_SESSION_set_ex_data;
-+		SSL_SESSION_set_time;
-+		SSL_SESSION_set_timeout;
-+		SSL_set1_param;
-+		SSL_set_accept_state;
-+		SSL_set_bio;
-+		SSL_set_cipher_list;
-+		SSL_set_client_CA_list;
-+		SSL_set_connect_state;
-+		SSL_set_ex_data;
-+		SSL_set_fd;
-+		SSL_set_generate_session_id;
-+		SSL_set_info_callback;
-+		SSL_set_msg_callback;
-+		SSL_set_psk_client_callback;
-+		SSL_set_psk_server_callback;
-+		SSL_set_purpose;
-+		SSL_set_quiet_shutdown;
-+		SSL_set_read_ahead;
-+		SSL_set_rfd;
-+		SSL_set_session;
-+		SSL_set_session_id_context;
-+		SSL_set_session_secret_cb;
-+		SSL_set_session_ticket_ext;
-+		SSL_set_session_ticket_ext_cb;
-+		SSL_set_shutdown;
-+		SSL_set_SSL_CTX;
-+		SSL_set_ssl_method;
-+		SSL_set_tmp_dh_callback;
-+		SSL_set_tmp_ecdh_callback;
-+		SSL_set_tmp_rsa_callback;
-+		SSL_set_trust;
-+		SSL_set_verify;
-+		SSL_set_verify_depth;
-+		SSL_set_verify_result;
-+		SSL_set_wfd;
-+		SSL_shutdown;
-+		SSL_state;
-+		SSL_state_string;
-+		SSL_state_string_long;
-+		SSL_use_certificate;
-+		SSL_use_certificate_ASN1;
-+		SSL_use_certificate_file;
-+		SSL_use_PrivateKey;
-+		SSL_use_PrivateKey_ASN1;
-+		SSL_use_PrivateKey_file;
-+		SSL_use_psk_identity_hint;
-+		SSL_use_RSAPrivateKey;
-+		SSL_use_RSAPrivateKey_ASN1;
-+		SSL_use_RSAPrivateKey_file;
-+		SSLv23_client_method;
-+		SSLv23_method;
-+		SSLv23_server_method;
-+		SSLv2_client_method;
-+		SSLv2_method;
-+		SSLv2_server_method;
-+		SSLv3_client_method;
-+		SSLv3_method;
-+		SSLv3_server_method;
-+		SSL_version;
-+		SSL_want;
-+		SSL_write;
-+		TLSv1_client_method;
-+		TLSv1_method;
-+		TLSv1_server_method;
-+
-+
-+		SSLeay;
-+		SSLeay_version;
-+		ASN1_BIT_STRING_asn1_meth;
-+		ASN1_HEADER_free;
-+		ASN1_HEADER_new;
-+		ASN1_IA5STRING_asn1_meth;
-+		ASN1_INTEGER_get;
-+		ASN1_INTEGER_set;
-+		ASN1_INTEGER_to_BN;
-+		ASN1_OBJECT_create;
-+		ASN1_OBJECT_free;
-+		ASN1_OBJECT_new;
-+		ASN1_PRINTABLE_type;
-+		ASN1_STRING_cmp;
-+		ASN1_STRING_dup;
-+		ASN1_STRING_free;
-+		ASN1_STRING_new;
-+		ASN1_STRING_print;
-+		ASN1_STRING_set;
-+		ASN1_STRING_type_new;
-+		ASN1_TYPE_free;
-+		ASN1_TYPE_new;
-+		ASN1_UNIVERSALSTRING_to_string;
-+		ASN1_UTCTIME_check;
-+		ASN1_UTCTIME_print;
-+		ASN1_UTCTIME_set;
-+		ASN1_check_infinite_end;
-+		ASN1_d2i_bio;
-+		ASN1_d2i_fp;
-+		ASN1_digest;
-+		ASN1_dup;
-+		ASN1_get_object;
-+		ASN1_i2d_bio;
-+		ASN1_i2d_fp;
-+		ASN1_object_size;
-+		ASN1_parse;
-+		ASN1_put_object;
-+		ASN1_sign;
-+		ASN1_verify;
-+		BF_cbc_encrypt;
-+		BF_cfb64_encrypt;
-+		BF_ecb_encrypt;
-+		BF_encrypt;
-+		BF_ofb64_encrypt;
-+		BF_options;
-+		BF_set_key;
-+		BIO_CONNECT_free;
-+		BIO_CONNECT_new;
-+		BIO_accept;
-+		BIO_ctrl;
-+		BIO_int_ctrl;
-+		BIO_debug_callback;
-+		BIO_dump;
-+		BIO_dup_chain;
-+		BIO_f_base64;
-+		BIO_f_buffer;
-+		BIO_f_cipher;
-+		BIO_f_md;
-+		BIO_f_null;
-+		BIO_f_proxy_server;
-+		BIO_fd_non_fatal_error;
-+		BIO_fd_should_retry;
-+		BIO_find_type;
-+		BIO_free;
-+		BIO_free_all;
-+		BIO_get_accept_socket;
-+		BIO_get_filter_bio;
-+		BIO_get_host_ip;
-+		BIO_get_port;
-+		BIO_get_retry_BIO;
-+		BIO_get_retry_reason;
-+		BIO_gethostbyname;
-+		BIO_gets;
-+		BIO_new;
-+		BIO_new_accept;
-+		BIO_new_connect;
-+		BIO_new_fd;
-+		BIO_new_file;
-+		BIO_new_fp;
-+		BIO_new_socket;
-+		BIO_pop;
-+		BIO_printf;
-+		BIO_push;
-+		BIO_puts;
-+		BIO_read;
-+		BIO_s_accept;
-+		BIO_s_connect;
-+		BIO_s_fd;
-+		BIO_s_file;
-+		BIO_s_mem;
-+		BIO_s_null;
-+		BIO_s_proxy_client;
-+		BIO_s_socket;
-+		BIO_set;
-+		BIO_set_cipher;
-+		BIO_set_tcp_ndelay;
-+		BIO_sock_cleanup;
-+		BIO_sock_error;
-+		BIO_sock_init;
-+		BIO_sock_non_fatal_error;
-+		BIO_sock_should_retry;
-+		BIO_socket_ioctl;
-+		BIO_write;
-+		BN_CTX_free;
-+		BN_CTX_new;
-+		BN_MONT_CTX_free;
-+		BN_MONT_CTX_new;
-+		BN_MONT_CTX_set;
-+		BN_add;
-+		BN_add_word;
-+		BN_hex2bn;
-+		BN_bin2bn;
-+		BN_bn2hex;
-+		BN_bn2bin;
-+		BN_clear;
-+		BN_clear_bit;
-+		BN_clear_free;
-+		BN_cmp;
-+		BN_copy;
-+		BN_div;
-+		BN_div_word;
-+		BN_dup;
-+		BN_free;
-+		BN_from_montgomery;
-+		BN_gcd;
-+		BN_generate_prime;
-+		BN_get_word;
-+		BN_is_bit_set;
-+		BN_is_prime;
-+		BN_lshift;
-+		BN_lshift1;
-+		BN_mask_bits;
-+		BN_mod;
-+		BN_mod_exp;
-+		BN_mod_exp_mont;
-+		BN_mod_exp_simple;
-+		BN_mod_inverse;
-+		BN_mod_mul;
-+		BN_mod_mul_montgomery;
-+		BN_mod_word;
-+		BN_mul;
-+		BN_new;
-+		BN_num_bits;
-+		BN_num_bits_word;
-+		BN_options;
-+		BN_print;
-+		BN_print_fp;
-+		BN_rand;
-+		BN_reciprocal;
-+		BN_rshift;
-+		BN_rshift1;
-+		BN_set_bit;
-+		BN_set_word;
-+		BN_sqr;
-+		BN_sub;
-+		BN_to_ASN1_INTEGER;
-+		BN_ucmp;
-+		BN_value_one;
-+		BUF_MEM_free;
-+		BUF_MEM_grow;
-+		BUF_MEM_new;
-+		BUF_strdup;
-+		CONF_free;
-+		CONF_get_number;
-+		CONF_get_section;
-+		CONF_get_string;
-+		CONF_load;
-+		CRYPTO_add_lock;
-+		CRYPTO_dbg_free;
-+		CRYPTO_dbg_malloc;
-+		CRYPTO_dbg_realloc;
-+		CRYPTO_dbg_remalloc;
-+		CRYPTO_free;
-+		CRYPTO_get_add_lock_callback;
-+		CRYPTO_get_id_callback;
-+		CRYPTO_get_lock_name;
-+		CRYPTO_get_locking_callback;
-+		CRYPTO_get_mem_functions;
-+		CRYPTO_lock;
-+		CRYPTO_malloc;
-+		CRYPTO_mem_ctrl;
-+		CRYPTO_mem_leaks;
-+		CRYPTO_mem_leaks_cb;
-+		CRYPTO_mem_leaks_fp;
-+		CRYPTO_realloc;
-+		CRYPTO_remalloc;
-+		CRYPTO_set_add_lock_callback;
-+		CRYPTO_set_id_callback;
-+		CRYPTO_set_locking_callback;
-+		CRYPTO_set_mem_functions;
-+		CRYPTO_thread_id;
-+		DH_check;
-+		DH_compute_key;
-+		DH_free;
-+		DH_generate_key;
-+		DH_generate_parameters;
-+		DH_new;
-+		DH_size;
-+		DHparams_print;
-+		DHparams_print_fp;
-+		DSA_free;
-+		DSA_generate_key;
-+		DSA_generate_parameters;
-+		DSA_is_prime;
-+		DSA_new;
-+		DSA_print;
-+		DSA_print_fp;
-+		DSA_sign;
-+		DSA_sign_setup;
-+		DSA_size;
-+		DSA_verify;
-+		DSAparams_print;
-+		DSAparams_print_fp;
-+		ERR_clear_error;
-+		ERR_error_string;
-+		ERR_free_strings;
-+		ERR_func_error_string;
-+		ERR_get_err_state_table;
-+		ERR_get_error;
-+		ERR_get_error_line;
-+		ERR_get_state;
-+		ERR_get_string_table;
-+		ERR_lib_error_string;
-+		ERR_load_ASN1_strings;
-+		ERR_load_BIO_strings;
-+		ERR_load_BN_strings;
-+		ERR_load_BUF_strings;
-+		ERR_load_CONF_strings;
-+		ERR_load_DH_strings;
-+		ERR_load_DSA_strings;
-+		ERR_load_ERR_strings;
-+		ERR_load_EVP_strings;
-+		ERR_load_OBJ_strings;
-+		ERR_load_PEM_strings;
-+		ERR_load_PROXY_strings;
-+		ERR_load_RSA_strings;
-+		ERR_load_X509_strings;
-+		ERR_load_crypto_strings;
-+		ERR_load_strings;
-+		ERR_peek_error;
-+		ERR_peek_error_line;
-+		ERR_print_errors;
-+		ERR_print_errors_fp;
-+		ERR_put_error;
-+		ERR_reason_error_string;
-+		ERR_remove_state;
-+		EVP_BytesToKey;
-+		EVP_CIPHER_CTX_cleanup;
-+		EVP_CipherFinal;
-+		EVP_CipherInit;
-+		EVP_CipherUpdate;
-+		EVP_DecodeBlock;
-+		EVP_DecodeFinal;
-+		EVP_DecodeInit;
-+		EVP_DecodeUpdate;
-+		EVP_DecryptFinal;
-+		EVP_DecryptInit;
-+		EVP_DecryptUpdate;
-+		EVP_DigestFinal;
-+		EVP_DigestInit;
-+		EVP_DigestUpdate;
-+		EVP_EncodeBlock;
-+		EVP_EncodeFinal;
-+		EVP_EncodeInit;
-+		EVP_EncodeUpdate;
-+		EVP_EncryptFinal;
-+		EVP_EncryptInit;
-+		EVP_EncryptUpdate;
-+		EVP_OpenFinal;
-+		EVP_OpenInit;
-+		EVP_PKEY_assign;
-+		EVP_PKEY_copy_parameters;
-+		EVP_PKEY_free;
-+		EVP_PKEY_missing_parameters;
-+		EVP_PKEY_new;
-+		EVP_PKEY_save_parameters;
-+		EVP_PKEY_size;
-+		EVP_PKEY_type;
-+		EVP_SealFinal;
-+		EVP_SealInit;
-+		EVP_SignFinal;
-+		EVP_VerifyFinal;
-+		EVP_add_alias;
-+		EVP_add_cipher;
-+		EVP_add_digest;
-+		EVP_bf_cbc;
-+		EVP_bf_cfb64;
-+		EVP_bf_ecb;
-+		EVP_bf_ofb;
-+		EVP_cleanup;
-+		EVP_des_cbc;
-+		EVP_des_cfb64;
-+		EVP_des_ecb;
-+		EVP_des_ede;
-+		EVP_des_ede3;
-+		EVP_des_ede3_cbc;
-+		EVP_des_ede3_cfb64;
-+		EVP_des_ede3_ofb;
-+		EVP_des_ede_cbc;
-+		EVP_des_ede_cfb64;
-+		EVP_des_ede_ofb;
-+		EVP_des_ofb;
-+		EVP_desx_cbc;
-+		EVP_dss;
-+		EVP_dss1;
-+		EVP_enc_null;
-+		EVP_get_cipherbyname;
-+		EVP_get_digestbyname;
-+		EVP_get_pw_prompt;
-+		EVP_idea_cbc;
-+		EVP_idea_cfb64;
-+		EVP_idea_ecb;
-+		EVP_idea_ofb;
-+		EVP_md2;
-+		EVP_md5;
-+		EVP_md_null;
-+		EVP_rc2_cbc;
-+		EVP_rc2_cfb64;
-+		EVP_rc2_ecb;
-+		EVP_rc2_ofb;
-+		EVP_rc4;
-+		EVP_read_pw_string;
-+		EVP_set_pw_prompt;
-+		EVP_sha;
-+		EVP_sha1;
-+		MD2;
-+		MD2_Final;
-+		MD2_Init;
-+		MD2_Update;
-+		MD2_options;
-+		MD5;
-+		MD5_Final;
-+		MD5_Init;
-+		MD5_Update;
-+		MDC2;
-+		MDC2_Final;
-+		MDC2_Init;
-+		MDC2_Update;
-+		NETSCAPE_SPKAC_free;
-+		NETSCAPE_SPKAC_new;
-+		NETSCAPE_SPKI_free;
-+		NETSCAPE_SPKI_new;
-+		NETSCAPE_SPKI_sign;
-+		NETSCAPE_SPKI_verify;
-+		OBJ_add_object;
-+		OBJ_bsearch;
-+		OBJ_cleanup;
-+		OBJ_cmp;
-+		OBJ_create;
-+		OBJ_dup;
-+		OBJ_ln2nid;
-+		OBJ_new_nid;
-+		OBJ_nid2ln;
-+		OBJ_nid2obj;
-+		OBJ_nid2sn;
-+		OBJ_obj2nid;
-+		OBJ_sn2nid;
-+		OBJ_txt2nid;
-+		PEM_ASN1_read;
-+		PEM_ASN1_read_bio;
-+		PEM_ASN1_write;
-+		PEM_ASN1_write_bio;
-+		PEM_SealFinal;
-+		PEM_SealInit;
-+		PEM_SealUpdate;
-+		PEM_SignFinal;
-+		PEM_SignInit;
-+		PEM_SignUpdate;
-+		PEM_X509_INFO_read;
-+		PEM_X509_INFO_read_bio;
-+		PEM_X509_INFO_write_bio;
-+		PEM_dek_info;
-+		PEM_do_header;
-+		PEM_get_EVP_CIPHER_INFO;
-+		PEM_proc_type;
-+		PEM_read;
-+		PEM_read_DHparams;
-+		PEM_read_DSAPrivateKey;
-+		PEM_read_DSAparams;
-+		PEM_read_PKCS7;
-+		PEM_read_PrivateKey;
-+		PEM_read_RSAPrivateKey;
-+		PEM_read_X509;
-+		PEM_read_X509_CRL;
-+		PEM_read_X509_REQ;
-+		PEM_read_bio;
-+		PEM_read_bio_DHparams;
-+		PEM_read_bio_DSAPrivateKey;
-+		PEM_read_bio_DSAparams;
-+		PEM_read_bio_PKCS7;
-+		PEM_read_bio_PrivateKey;
-+		PEM_read_bio_RSAPrivateKey;
-+		PEM_read_bio_X509;
-+		PEM_read_bio_X509_CRL;
-+		PEM_read_bio_X509_REQ;
-+		PEM_write;
-+		PEM_write_DHparams;
-+		PEM_write_DSAPrivateKey;
-+		PEM_write_DSAparams;
-+		PEM_write_PKCS7;
-+		PEM_write_PrivateKey;
-+		PEM_write_RSAPrivateKey;
-+		PEM_write_X509;
-+		PEM_write_X509_CRL;
-+		PEM_write_X509_REQ;
-+		PEM_write_bio;
-+		PEM_write_bio_DHparams;
-+		PEM_write_bio_DSAPrivateKey;
-+		PEM_write_bio_DSAparams;
-+		PEM_write_bio_PKCS7;
-+		PEM_write_bio_PrivateKey;
-+		PEM_write_bio_RSAPrivateKey;
-+		PEM_write_bio_X509;
-+		PEM_write_bio_X509_CRL;
-+		PEM_write_bio_X509_REQ;
-+		PKCS7_DIGEST_free;
-+		PKCS7_DIGEST_new;
-+		PKCS7_ENCRYPT_free;
-+		PKCS7_ENCRYPT_new;
-+		PKCS7_ENC_CONTENT_free;
-+		PKCS7_ENC_CONTENT_new;
-+		PKCS7_ENVELOPE_free;
-+		PKCS7_ENVELOPE_new;
-+		PKCS7_ISSUER_AND_SERIAL_digest;
-+		PKCS7_ISSUER_AND_SERIAL_free;
-+		PKCS7_ISSUER_AND_SERIAL_new;
-+		PKCS7_RECIP_INFO_free;
-+		PKCS7_RECIP_INFO_new;
-+		PKCS7_SIGNED_free;
-+		PKCS7_SIGNED_new;
-+		PKCS7_SIGNER_INFO_free;
-+		PKCS7_SIGNER_INFO_new;
-+		PKCS7_SIGN_ENVELOPE_free;
-+		PKCS7_SIGN_ENVELOPE_new;
-+		PKCS7_dup;
-+		PKCS7_free;
-+		PKCS7_new;
-+		PROXY_ENTRY_add_noproxy;
-+		PROXY_ENTRY_clear_noproxy;
-+		PROXY_ENTRY_free;
-+		PROXY_ENTRY_get_noproxy;
-+		PROXY_ENTRY_new;
-+		PROXY_ENTRY_set_server;
-+		PROXY_add_noproxy;
-+		PROXY_add_server;
-+		PROXY_check_by_host;
-+		PROXY_check_url;
-+		PROXY_clear_noproxy;
-+		PROXY_free;
-+		PROXY_get_noproxy;
-+		PROXY_get_proxies;
-+		PROXY_get_proxy_entry;
-+		PROXY_load_conf;
-+		PROXY_new;
-+		PROXY_print;
-+		RAND_bytes;
-+		RAND_cleanup;
-+		RAND_file_name;
-+		RAND_load_file;
-+		RAND_screen;
-+		RAND_seed;
-+		RAND_write_file;
-+		RC2_cbc_encrypt;
-+		RC2_cfb64_encrypt;
-+		RC2_ecb_encrypt;
-+		RC2_encrypt;
-+		RC2_ofb64_encrypt;
-+		RC2_set_key;
-+		RC4;
-+		RC4_options;
-+		RC4_set_key;
-+		RSAPrivateKey_asn1_meth;
-+		RSAPrivateKey_dup;
-+		RSAPublicKey_dup;
-+		RSA_PKCS1_SSLeay;
-+		RSA_free;
-+		RSA_generate_key;
-+		RSA_new;
-+		RSA_new_method;
-+		RSA_print;
-+		RSA_print_fp;
-+		RSA_private_decrypt;
-+		RSA_private_encrypt;
-+		RSA_public_decrypt;
-+		RSA_public_encrypt;
-+		RSA_set_default_method;
-+		RSA_sign;
-+		RSA_sign_ASN1_OCTET_STRING;
-+		RSA_size;
-+		RSA_verify;
-+		RSA_verify_ASN1_OCTET_STRING;
-+		SHA;
-+		SHA1;
-+		SHA1_Final;
-+		SHA1_Init;
-+		SHA1_Update;
-+		SHA_Final;
-+		SHA_Init;
-+		SHA_Update;
-+		OpenSSL_add_all_algorithms;
-+		OpenSSL_add_all_ciphers;
-+		OpenSSL_add_all_digests;
-+		TXT_DB_create_index;
-+		TXT_DB_free;
-+		TXT_DB_get_by_index;
-+		TXT_DB_insert;
-+		TXT_DB_read;
-+		TXT_DB_write;
-+		X509_ALGOR_free;
-+		X509_ALGOR_new;
-+		X509_ATTRIBUTE_free;
-+		X509_ATTRIBUTE_new;
-+		X509_CINF_free;
-+		X509_CINF_new;
-+		X509_CRL_INFO_free;
-+		X509_CRL_INFO_new;
-+		X509_CRL_add_ext;
-+		X509_CRL_cmp;
-+		X509_CRL_delete_ext;
-+		X509_CRL_dup;
-+		X509_CRL_free;
-+		X509_CRL_get_ext;
-+		X509_CRL_get_ext_by_NID;
-+		X509_CRL_get_ext_by_OBJ;
-+		X509_CRL_get_ext_by_critical;
-+		X509_CRL_get_ext_count;
-+		X509_CRL_new;
-+		X509_CRL_sign;
-+		X509_CRL_verify;
-+		X509_EXTENSION_create_by_NID;
-+		X509_EXTENSION_create_by_OBJ;
-+		X509_EXTENSION_dup;
-+		X509_EXTENSION_free;
-+		X509_EXTENSION_get_critical;
-+		X509_EXTENSION_get_data;
-+		X509_EXTENSION_get_object;
-+		X509_EXTENSION_new;
-+		X509_EXTENSION_set_critical;
-+		X509_EXTENSION_set_data;
-+		X509_EXTENSION_set_object;
-+		X509_INFO_free;
-+		X509_INFO_new;
-+		X509_LOOKUP_by_alias;
-+		X509_LOOKUP_by_fingerprint;
-+		X509_LOOKUP_by_issuer_serial;
-+		X509_LOOKUP_by_subject;
-+		X509_LOOKUP_ctrl;
-+		X509_LOOKUP_file;
-+		X509_LOOKUP_free;
-+		X509_LOOKUP_hash_dir;
-+		X509_LOOKUP_init;
-+		X509_LOOKUP_new;
-+		X509_LOOKUP_shutdown;
-+		X509_NAME_ENTRY_create_by_NID;
-+		X509_NAME_ENTRY_create_by_OBJ;
-+		X509_NAME_ENTRY_dup;
-+		X509_NAME_ENTRY_free;
-+		X509_NAME_ENTRY_get_data;
-+		X509_NAME_ENTRY_get_object;
-+		X509_NAME_ENTRY_new;
-+		X509_NAME_ENTRY_set_data;
-+		X509_NAME_ENTRY_set_object;
-+		X509_NAME_add_entry;
-+		X509_NAME_cmp;
-+		X509_NAME_delete_entry;
-+		X509_NAME_digest;
-+		X509_NAME_dup;
-+		X509_NAME_entry_count;
-+		X509_NAME_free;
-+		X509_NAME_get_entry;
-+		X509_NAME_get_index_by_NID;
-+		X509_NAME_get_index_by_OBJ;
-+		X509_NAME_get_text_by_NID;
-+		X509_NAME_get_text_by_OBJ;
-+		X509_NAME_hash;
-+		X509_NAME_new;
-+		X509_NAME_oneline;
-+		X509_NAME_print;
-+		X509_NAME_set;
-+		X509_OBJECT_free_contents;
-+		X509_OBJECT_retrieve_by_subject;
-+		X509_OBJECT_up_ref_count;
-+		X509_PKEY_free;
-+		X509_PKEY_new;
-+		X509_PUBKEY_free;
-+		X509_PUBKEY_get;
-+		X509_PUBKEY_new;
-+		X509_PUBKEY_set;
-+		X509_REQ_INFO_free;
-+		X509_REQ_INFO_new;
-+		X509_REQ_dup;
-+		X509_REQ_free;
-+		X509_REQ_get_pubkey;
-+		X509_REQ_new;
-+		X509_REQ_print;
-+		X509_REQ_print_fp;
-+		X509_REQ_set_pubkey;
-+		X509_REQ_set_subject_name;
-+		X509_REQ_set_version;
-+		X509_REQ_sign;
-+		X509_REQ_to_X509;
-+		X509_REQ_verify;
-+		X509_REVOKED_add_ext;
-+		X509_REVOKED_delete_ext;
-+		X509_REVOKED_free;
-+		X509_REVOKED_get_ext;
-+		X509_REVOKED_get_ext_by_NID;
-+		X509_REVOKED_get_ext_by_OBJ;
-+		X509_REVOKED_get_ext_by_critical;
-+		X509_REVOKED_get_ext_by_critic;
-+		X509_REVOKED_get_ext_count;
-+		X509_REVOKED_new;
-+		X509_SIG_free;
-+		X509_SIG_new;
-+		X509_STORE_CTX_cleanup;
-+		X509_STORE_CTX_init;
-+		X509_STORE_add_cert;
-+		X509_STORE_add_lookup;
-+		X509_STORE_free;
-+		X509_STORE_get_by_subject;
-+		X509_STORE_load_locations;
-+		X509_STORE_new;
-+		X509_STORE_set_default_paths;
-+		X509_VAL_free;
-+		X509_VAL_new;
-+		X509_add_ext;
-+		X509_asn1_meth;
-+		X509_certificate_type;
-+		X509_check_private_key;
-+		X509_cmp_current_time;
-+		X509_delete_ext;
-+		X509_digest;
-+		X509_dup;
-+		X509_free;
-+		X509_get_default_cert_area;
-+		X509_get_default_cert_dir;
-+		X509_get_default_cert_dir_env;
-+		X509_get_default_cert_file;
-+		X509_get_default_cert_file_env;
-+		X509_get_default_private_dir;
-+		X509_get_ext;
-+		X509_get_ext_by_NID;
-+		X509_get_ext_by_OBJ;
-+		X509_get_ext_by_critical;
-+		X509_get_ext_count;
-+		X509_get_issuer_name;
-+		X509_get_pubkey;
-+		X509_get_pubkey_parameters;
-+		X509_get_serialNumber;
-+		X509_get_subject_name;
-+		X509_gmtime_adj;
-+		X509_issuer_and_serial_cmp;
-+		X509_issuer_and_serial_hash;
-+		X509_issuer_name_cmp;
-+		X509_issuer_name_hash;
-+		X509_load_cert_file;
-+		X509_new;
-+		X509_print;
-+		X509_print_fp;
-+		X509_set_issuer_name;
-+		X509_set_notAfter;
-+		X509_set_notBefore;
-+		X509_set_pubkey;
-+		X509_set_serialNumber;
-+		X509_set_subject_name;
-+		X509_set_version;
-+		X509_sign;
-+		X509_subject_name_cmp;
-+		X509_subject_name_hash;
-+		X509_to_X509_REQ;
-+		X509_verify;
-+		X509_verify_cert;
-+		X509_verify_cert_error_string;
-+		X509v3_add_ext;
-+		X509v3_add_extension;
-+		X509v3_add_netscape_extensions;
-+		X509v3_add_standard_extensions;
-+		X509v3_cleanup_extensions;
-+		X509v3_data_type_by_NID;
-+		X509v3_data_type_by_OBJ;
-+		X509v3_delete_ext;
-+		X509v3_get_ext;
-+		X509v3_get_ext_by_NID;
-+		X509v3_get_ext_by_OBJ;
-+		X509v3_get_ext_by_critical;
-+		X509v3_get_ext_count;
-+		X509v3_pack_string;
-+		X509v3_pack_type_by_NID;
-+		X509v3_pack_type_by_OBJ;
-+		X509v3_unpack_string;
-+		_des_crypt;
-+		a2d_ASN1_OBJECT;
-+		a2i_ASN1_INTEGER;
-+		a2i_ASN1_STRING;
-+		asn1_Finish;
-+		asn1_GetSequence;
-+		bn_div_words;
-+		bn_expand2;
-+		bn_mul_add_words;
-+		bn_mul_words;
-+		BN_uadd;
-+		BN_usub;
-+		bn_sqr_words;
-+		_ossl_old_crypt;
-+		d2i_ASN1_BIT_STRING;
-+		d2i_ASN1_BOOLEAN;
-+		d2i_ASN1_HEADER;
-+		d2i_ASN1_IA5STRING;
-+		d2i_ASN1_INTEGER;
-+		d2i_ASN1_OBJECT;
-+		d2i_ASN1_OCTET_STRING;
-+		d2i_ASN1_PRINTABLE;
-+		d2i_ASN1_PRINTABLESTRING;
-+		d2i_ASN1_SET;
-+		d2i_ASN1_T61STRING;
-+		d2i_ASN1_TYPE;
-+		d2i_ASN1_UTCTIME;
-+		d2i_ASN1_bytes;
-+		d2i_ASN1_type_bytes;
-+		d2i_DHparams;
-+		d2i_DSAPrivateKey;
-+		d2i_DSAPrivateKey_bio;
-+		d2i_DSAPrivateKey_fp;
-+		d2i_DSAPublicKey;
-+		d2i_DSAparams;
-+		d2i_NETSCAPE_SPKAC;
-+		d2i_NETSCAPE_SPKI;
-+		d2i_Netscape_RSA;
-+		d2i_PKCS7;
-+		d2i_PKCS7_DIGEST;
-+		d2i_PKCS7_ENCRYPT;
-+		d2i_PKCS7_ENC_CONTENT;
-+		d2i_PKCS7_ENVELOPE;
-+		d2i_PKCS7_ISSUER_AND_SERIAL;
-+		d2i_PKCS7_RECIP_INFO;
-+		d2i_PKCS7_SIGNED;
-+		d2i_PKCS7_SIGNER_INFO;
-+		d2i_PKCS7_SIGN_ENVELOPE;
-+		d2i_PKCS7_bio;
-+		d2i_PKCS7_fp;
-+		d2i_PrivateKey;
-+		d2i_PublicKey;
-+		d2i_RSAPrivateKey;
-+		d2i_RSAPrivateKey_bio;
-+		d2i_RSAPrivateKey_fp;
-+		d2i_RSAPublicKey;
-+		d2i_X509;
-+		d2i_X509_ALGOR;
-+		d2i_X509_ATTRIBUTE;
-+		d2i_X509_CINF;
-+		d2i_X509_CRL;
-+		d2i_X509_CRL_INFO;
-+		d2i_X509_CRL_bio;
-+		d2i_X509_CRL_fp;
-+		d2i_X509_EXTENSION;
-+		d2i_X509_NAME;
-+		d2i_X509_NAME_ENTRY;
-+		d2i_X509_PKEY;
-+		d2i_X509_PUBKEY;
-+		d2i_X509_REQ;
-+		d2i_X509_REQ_INFO;
-+		d2i_X509_REQ_bio;
-+		d2i_X509_REQ_fp;
-+		d2i_X509_REVOKED;
-+		d2i_X509_SIG;
-+		d2i_X509_VAL;
-+		d2i_X509_bio;
-+		d2i_X509_fp;
-+		DES_cbc_cksum;
-+		DES_cbc_encrypt;
-+		DES_cblock_print_file;
-+		DES_cfb64_encrypt;
-+		DES_cfb_encrypt;
-+		DES_decrypt3;
-+		DES_ecb3_encrypt;
-+		DES_ecb_encrypt;
-+		DES_ede3_cbc_encrypt;
-+		DES_ede3_cfb64_encrypt;
-+		DES_ede3_ofb64_encrypt;
-+		DES_enc_read;
-+		DES_enc_write;
-+		DES_encrypt1;
-+		DES_encrypt2;
-+		DES_encrypt3;
-+		DES_fcrypt;
-+		DES_is_weak_key;
-+		DES_key_sched;
-+		DES_ncbc_encrypt;
-+		DES_ofb64_encrypt;
-+		DES_ofb_encrypt;
-+		DES_options;
-+		DES_pcbc_encrypt;
-+		DES_quad_cksum;
-+		DES_random_key;
-+		_ossl_old_des_random_seed;
-+		_ossl_old_des_read_2passwords;
-+		_ossl_old_des_read_password;
-+		_ossl_old_des_read_pw;
-+		_ossl_old_des_read_pw_string;
-+		DES_set_key;
-+		DES_set_odd_parity;
-+		DES_string_to_2keys;
-+		DES_string_to_key;
-+		DES_xcbc_encrypt;
-+		DES_xwhite_in2out;
-+		fcrypt_body;
-+		i2a_ASN1_INTEGER;
-+		i2a_ASN1_OBJECT;
-+		i2a_ASN1_STRING;
-+		i2d_ASN1_BIT_STRING;
-+		i2d_ASN1_BOOLEAN;
-+		i2d_ASN1_HEADER;
-+		i2d_ASN1_IA5STRING;
-+		i2d_ASN1_INTEGER;
-+		i2d_ASN1_OBJECT;
-+		i2d_ASN1_OCTET_STRING;
-+		i2d_ASN1_PRINTABLE;
-+		i2d_ASN1_SET;
-+		i2d_ASN1_TYPE;
-+		i2d_ASN1_UTCTIME;
-+		i2d_ASN1_bytes;
-+		i2d_DHparams;
-+		i2d_DSAPrivateKey;
-+		i2d_DSAPrivateKey_bio;
-+		i2d_DSAPrivateKey_fp;
-+		i2d_DSAPublicKey;
-+		i2d_DSAparams;
-+		i2d_NETSCAPE_SPKAC;
-+		i2d_NETSCAPE_SPKI;
-+		i2d_Netscape_RSA;
-+		i2d_PKCS7;
-+		i2d_PKCS7_DIGEST;
-+		i2d_PKCS7_ENCRYPT;
-+		i2d_PKCS7_ENC_CONTENT;
-+		i2d_PKCS7_ENVELOPE;
-+		i2d_PKCS7_ISSUER_AND_SERIAL;
-+		i2d_PKCS7_RECIP_INFO;
-+		i2d_PKCS7_SIGNED;
-+		i2d_PKCS7_SIGNER_INFO;
-+		i2d_PKCS7_SIGN_ENVELOPE;
-+		i2d_PKCS7_bio;
-+		i2d_PKCS7_fp;
-+		i2d_PrivateKey;
-+		i2d_PublicKey;
-+		i2d_RSAPrivateKey;
-+		i2d_RSAPrivateKey_bio;
-+		i2d_RSAPrivateKey_fp;
-+		i2d_RSAPublicKey;
-+		i2d_X509;
-+		i2d_X509_ALGOR;
-+		i2d_X509_ATTRIBUTE;
-+		i2d_X509_CINF;
-+		i2d_X509_CRL;
-+		i2d_X509_CRL_INFO;
-+		i2d_X509_CRL_bio;
-+		i2d_X509_CRL_fp;
-+		i2d_X509_EXTENSION;
-+		i2d_X509_NAME;
-+		i2d_X509_NAME_ENTRY;
-+		i2d_X509_PKEY;
-+		i2d_X509_PUBKEY;
-+		i2d_X509_REQ;
-+		i2d_X509_REQ_INFO;
-+		i2d_X509_REQ_bio;
-+		i2d_X509_REQ_fp;
-+		i2d_X509_REVOKED;
-+		i2d_X509_SIG;
-+		i2d_X509_VAL;
-+		i2d_X509_bio;
-+		i2d_X509_fp;
-+		idea_cbc_encrypt;
-+		idea_cfb64_encrypt;
-+		idea_ecb_encrypt;
-+		idea_encrypt;
-+		idea_ofb64_encrypt;
-+		idea_options;
-+		idea_set_decrypt_key;
-+		idea_set_encrypt_key;
-+		lh_delete;
-+		lh_doall;
-+		lh_doall_arg;
-+		lh_free;
-+		lh_insert;
-+		lh_new;
-+		lh_node_stats;
-+		lh_node_stats_bio;
-+		lh_node_usage_stats;
-+		lh_node_usage_stats_bio;
-+		lh_retrieve;
-+		lh_stats;
-+		lh_stats_bio;
-+		lh_strhash;
-+		sk_delete;
-+		sk_delete_ptr;
-+		sk_dup;
-+		sk_find;
-+		sk_free;
-+		sk_insert;
-+		sk_new;
-+		sk_pop;
-+		sk_pop_free;
-+		sk_push;
-+		sk_set_cmp_func;
-+		sk_shift;
-+		sk_unshift;
-+		sk_zero;
-+		BIO_f_nbio_test;
-+		ASN1_TYPE_get;
-+		ASN1_TYPE_set;
-+		PKCS7_content_free;
-+		ERR_load_PKCS7_strings;
-+		X509_find_by_issuer_and_serial;
-+		X509_find_by_subject;
-+		PKCS7_ctrl;
-+		PKCS7_set_type;
-+		PKCS7_set_content;
-+		PKCS7_SIGNER_INFO_set;
-+		PKCS7_add_signer;
-+		PKCS7_add_certificate;
-+		PKCS7_add_crl;
-+		PKCS7_content_new;
-+		PKCS7_dataSign;
-+		PKCS7_dataVerify;
-+		PKCS7_dataInit;
-+		PKCS7_add_signature;
-+		PKCS7_cert_from_signer_info;
-+		PKCS7_get_signer_info;
-+		EVP_delete_alias;
-+		EVP_mdc2;
-+		PEM_read_bio_RSAPublicKey;
-+		PEM_write_bio_RSAPublicKey;
-+		d2i_RSAPublicKey_bio;
-+		i2d_RSAPublicKey_bio;
-+		PEM_read_RSAPublicKey;
-+		PEM_write_RSAPublicKey;
-+		d2i_RSAPublicKey_fp;
-+		i2d_RSAPublicKey_fp;
-+		BIO_copy_next_retry;
-+		RSA_flags;
-+		X509_STORE_add_crl;
-+		X509_load_crl_file;
-+		EVP_rc2_40_cbc;
-+		EVP_rc4_40;
-+		EVP_CIPHER_CTX_init;
-+		HMAC;
-+		HMAC_Init;
-+		HMAC_Update;
-+		HMAC_Final;
-+		ERR_get_next_error_library;
-+		EVP_PKEY_cmp_parameters;
-+		HMAC_cleanup;
-+		BIO_ptr_ctrl;
-+		BIO_new_file_internal;
-+		BIO_new_fp_internal;
-+		BIO_s_file_internal;
-+		BN_BLINDING_convert;
-+		BN_BLINDING_invert;
-+		BN_BLINDING_update;
-+		RSA_blinding_on;
-+		RSA_blinding_off;
-+		i2t_ASN1_OBJECT;
-+		BN_BLINDING_new;
-+		BN_BLINDING_free;
-+		EVP_cast5_cbc;
-+		EVP_cast5_cfb64;
-+		EVP_cast5_ecb;
-+		EVP_cast5_ofb;
-+		BF_decrypt;
-+		CAST_set_key;
-+		CAST_encrypt;
-+		CAST_decrypt;
-+		CAST_ecb_encrypt;
-+		CAST_cbc_encrypt;
-+		CAST_cfb64_encrypt;
-+		CAST_ofb64_encrypt;
-+		RC2_decrypt;
-+		OBJ_create_objects;
-+		BN_exp;
-+		BN_mul_word;
-+		BN_sub_word;
-+		BN_dec2bn;
-+		BN_bn2dec;
-+		BIO_ghbn_ctrl;
-+		CRYPTO_free_ex_data;
-+		CRYPTO_get_ex_data;
-+		CRYPTO_set_ex_data;
-+		ERR_load_CRYPTO_strings;
-+		ERR_load_CRYPTOlib_strings;
-+		EVP_PKEY_bits;
-+		MD5_Transform;
-+		SHA1_Transform;
-+		SHA_Transform;
-+		X509_STORE_CTX_get_chain;
-+		X509_STORE_CTX_get_current_cert;
-+		X509_STORE_CTX_get_error;
-+		X509_STORE_CTX_get_error_depth;
-+		X509_STORE_CTX_get_ex_data;
-+		X509_STORE_CTX_set_cert;
-+		X509_STORE_CTX_set_chain;
-+		X509_STORE_CTX_set_error;
-+		X509_STORE_CTX_set_ex_data;
-+		CRYPTO_dup_ex_data;
-+		CRYPTO_get_new_lockid;
-+		CRYPTO_new_ex_data;
-+		RSA_set_ex_data;
-+		RSA_get_ex_data;
-+		RSA_get_ex_new_index;
-+		RSA_padding_add_PKCS1_type_1;
-+		RSA_padding_add_PKCS1_type_2;
-+		RSA_padding_add_SSLv23;
-+		RSA_padding_add_none;
-+		RSA_padding_check_PKCS1_type_1;
-+		RSA_padding_check_PKCS1_type_2;
-+		RSA_padding_check_SSLv23;
-+		RSA_padding_check_none;
-+		bn_add_words;
-+		d2i_Netscape_RSA_2;
-+		CRYPTO_get_ex_new_index;
-+		RIPEMD160_Init;
-+		RIPEMD160_Update;
-+		RIPEMD160_Final;
-+		RIPEMD160;
-+		RIPEMD160_Transform;
-+		RC5_32_set_key;
-+		RC5_32_ecb_encrypt;
-+		RC5_32_encrypt;
-+		RC5_32_decrypt;
-+		RC5_32_cbc_encrypt;
-+		RC5_32_cfb64_encrypt;
-+		RC5_32_ofb64_encrypt;
-+		BN_bn2mpi;
-+		BN_mpi2bn;
-+		ASN1_BIT_STRING_get_bit;
-+		ASN1_BIT_STRING_set_bit;
-+		BIO_get_ex_data;
-+		BIO_get_ex_new_index;
-+		BIO_set_ex_data;
-+		X509v3_get_key_usage;
-+		X509v3_set_key_usage;
-+		a2i_X509v3_key_usage;
-+		i2a_X509v3_key_usage;
-+		EVP_PKEY_decrypt;
-+		EVP_PKEY_encrypt;
-+		PKCS7_RECIP_INFO_set;
-+		PKCS7_add_recipient;
-+		PKCS7_add_recipient_info;
-+		PKCS7_set_cipher;
-+		ASN1_TYPE_get_int_octetstring;
-+		ASN1_TYPE_get_octetstring;
-+		ASN1_TYPE_set_int_octetstring;
-+		ASN1_TYPE_set_octetstring;
-+		ASN1_UTCTIME_set_string;
-+		ERR_add_error_data;
-+		ERR_set_error_data;
-+		EVP_CIPHER_asn1_to_param;
-+		EVP_CIPHER_param_to_asn1;
-+		EVP_CIPHER_get_asn1_iv;
-+		EVP_CIPHER_set_asn1_iv;
-+		EVP_rc5_32_12_16_cbc;
-+		EVP_rc5_32_12_16_cfb64;
-+		EVP_rc5_32_12_16_ecb;
-+		EVP_rc5_32_12_16_ofb;
-+		asn1_add_error;
-+		d2i_ASN1_BMPSTRING;
-+		i2d_ASN1_BMPSTRING;
-+		BIO_f_ber;
-+		BN_init;
-+		COMP_CTX_new;
-+		COMP_CTX_free;
-+		COMP_CTX_compress_block;
-+		COMP_CTX_expand_block;
-+		X509_STORE_CTX_get_ex_new_index;
-+		OBJ_NAME_add;
-+		BIO_socket_nbio;
-+		EVP_rc2_64_cbc;
-+		OBJ_NAME_cleanup;
-+		OBJ_NAME_get;
-+		OBJ_NAME_init;
-+		OBJ_NAME_new_index;
-+		OBJ_NAME_remove;
-+		BN_MONT_CTX_copy;
-+		BIO_new_socks4a_connect;
-+		BIO_s_socks4a_connect;
-+		PROXY_set_connect_mode;
-+		RAND_SSLeay;
-+		RAND_set_rand_method;
-+		RSA_memory_lock;
-+		bn_sub_words;
-+		bn_mul_normal;
-+		bn_mul_comba8;
-+		bn_mul_comba4;
-+		bn_sqr_normal;
-+		bn_sqr_comba8;
-+		bn_sqr_comba4;
-+		bn_cmp_words;
-+		bn_mul_recursive;
-+		bn_mul_part_recursive;
-+		bn_sqr_recursive;
-+		bn_mul_low_normal;
-+		BN_RECP_CTX_init;
-+		BN_RECP_CTX_new;
-+		BN_RECP_CTX_free;
-+		BN_RECP_CTX_set;
-+		BN_mod_mul_reciprocal;
-+		BN_mod_exp_recp;
-+		BN_div_recp;
-+		BN_CTX_init;
-+		BN_MONT_CTX_init;
-+		RAND_get_rand_method;
-+		PKCS7_add_attribute;
-+		PKCS7_add_signed_attribute;
-+		PKCS7_digest_from_attributes;
-+		PKCS7_get_attribute;
-+		PKCS7_get_issuer_and_serial;
-+		PKCS7_get_signed_attribute;
-+		COMP_compress_block;
-+		COMP_expand_block;
-+		COMP_rle;
-+		COMP_zlib;
-+		ms_time_diff;
-+		ms_time_new;
-+		ms_time_free;
-+		ms_time_cmp;
-+		ms_time_get;
-+		PKCS7_set_attributes;
-+		PKCS7_set_signed_attributes;
-+		X509_ATTRIBUTE_create;
-+		X509_ATTRIBUTE_dup;
-+		ASN1_GENERALIZEDTIME_check;
-+		ASN1_GENERALIZEDTIME_print;
-+		ASN1_GENERALIZEDTIME_set;
-+		ASN1_GENERALIZEDTIME_set_string;
-+		ASN1_TIME_print;
-+		BASIC_CONSTRAINTS_free;
-+		BASIC_CONSTRAINTS_new;
-+		ERR_load_X509V3_strings;
-+		NETSCAPE_CERT_SEQUENCE_free;
-+		NETSCAPE_CERT_SEQUENCE_new;
-+		OBJ_txt2obj;
-+		PEM_read_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_NS_CERT_SEQ;
-+		PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_bio_NS_CERT_SEQ;
-+		PEM_write_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_NS_CERT_SEQ;
-+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_bio_NS_CERT_SEQ;
-+		X509V3_EXT_add;
-+		X509V3_EXT_add_alias;
-+		X509V3_EXT_add_conf;
-+		X509V3_EXT_cleanup;
-+		X509V3_EXT_conf;
-+		X509V3_EXT_conf_nid;
-+		X509V3_EXT_get;
-+		X509V3_EXT_get_nid;
-+		X509V3_EXT_print;
-+		X509V3_EXT_print_fp;
-+		X509V3_add_standard_extensions;
-+		X509V3_add_value;
-+		X509V3_add_value_bool;
-+		X509V3_add_value_int;
-+		X509V3_conf_free;
-+		X509V3_get_value_bool;
-+		X509V3_get_value_int;
-+		X509V3_parse_list;
-+		d2i_ASN1_GENERALIZEDTIME;
-+		d2i_ASN1_TIME;
-+		d2i_BASIC_CONSTRAINTS;
-+		d2i_NETSCAPE_CERT_SEQUENCE;
-+		d2i_ext_ku;
-+		ext_ku_free;
-+		ext_ku_new;
-+		i2d_ASN1_GENERALIZEDTIME;
-+		i2d_ASN1_TIME;
-+		i2d_BASIC_CONSTRAINTS;
-+		i2d_NETSCAPE_CERT_SEQUENCE;
-+		i2d_ext_ku;
-+		EVP_MD_CTX_copy;
-+		i2d_ASN1_ENUMERATED;
-+		d2i_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_set;
-+		ASN1_ENUMERATED_get;
-+		BN_to_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_to_BN;
-+		i2a_ASN1_ENUMERATED;
-+		a2i_ASN1_ENUMERATED;
-+		i2d_GENERAL_NAME;
-+		d2i_GENERAL_NAME;
-+		GENERAL_NAME_new;
-+		GENERAL_NAME_free;
-+		GENERAL_NAMES_new;
-+		GENERAL_NAMES_free;
-+		d2i_GENERAL_NAMES;
-+		i2d_GENERAL_NAMES;
-+		i2v_GENERAL_NAMES;
-+		i2s_ASN1_OCTET_STRING;
-+		s2i_ASN1_OCTET_STRING;
-+		X509V3_EXT_check_conf;
-+		hex_to_string;
-+		string_to_hex;
-+		DES_ede3_cbcm_encrypt;
-+		RSA_padding_add_PKCS1_OAEP;
-+		RSA_padding_check_PKCS1_OAEP;
-+		X509_CRL_print_fp;
-+		X509_CRL_print;
-+		i2v_GENERAL_NAME;
-+		v2i_GENERAL_NAME;
-+		i2d_PKEY_USAGE_PERIOD;
-+		d2i_PKEY_USAGE_PERIOD;
-+		PKEY_USAGE_PERIOD_new;
-+		PKEY_USAGE_PERIOD_free;
-+		v2i_GENERAL_NAMES;
-+		i2s_ASN1_INTEGER;
-+		X509V3_EXT_d2i;
-+		name_cmp;
-+		str_dup;
-+		i2s_ASN1_ENUMERATED;
-+		i2s_ASN1_ENUMERATED_TABLE;
-+		BIO_s_log;
-+		BIO_f_reliable;
-+		PKCS7_dataFinal;
-+		PKCS7_dataDecode;
-+		X509V3_EXT_CRL_add_conf;
-+		BN_set_params;
-+		BN_get_params;
-+		BIO_get_ex_num;
-+		BIO_set_ex_free_func;
-+		EVP_ripemd160;
-+		ASN1_TIME_set;
-+		i2d_AUTHORITY_KEYID;
-+		d2i_AUTHORITY_KEYID;
-+		AUTHORITY_KEYID_new;
-+		AUTHORITY_KEYID_free;
-+		ASN1_seq_unpack;
-+		ASN1_seq_pack;
-+		ASN1_unpack_string;
-+		ASN1_pack_string;
-+		PKCS12_pack_safebag;
-+		PKCS12_MAKE_KEYBAG;
-+		PKCS8_encrypt;
-+		PKCS12_MAKE_SHKEYBAG;
-+		PKCS12_pack_p7data;
-+		PKCS12_pack_p7encdata;
-+		PKCS12_add_localkeyid;
-+		PKCS12_add_friendlyname_asc;
-+		PKCS12_add_friendlyname_uni;
-+		PKCS12_get_friendlyname;
-+		PKCS12_pbe_crypt;
-+		PKCS12_decrypt_d2i;
-+		PKCS12_i2d_encrypt;
-+		PKCS12_init;
-+		PKCS12_key_gen_asc;
-+		PKCS12_key_gen_uni;
-+		PKCS12_gen_mac;
-+		PKCS12_verify_mac;
-+		PKCS12_set_mac;
-+		PKCS12_setup_mac;
-+		OPENSSL_asc2uni;
-+		OPENSSL_uni2asc;
-+		i2d_PKCS12_BAGS;
-+		PKCS12_BAGS_new;
-+		d2i_PKCS12_BAGS;
-+		PKCS12_BAGS_free;
-+		i2d_PKCS12;
-+		d2i_PKCS12;
-+		PKCS12_new;
-+		PKCS12_free;
-+		i2d_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_new;
-+		d2i_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_free;
-+		i2d_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_new;
-+		d2i_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_free;
-+		ERR_load_PKCS12_strings;
-+		PKCS12_PBE_add;
-+		PKCS8_add_keyusage;
-+		PKCS12_get_attr_gen;
-+		PKCS12_parse;
-+		PKCS12_create;
-+		i2d_PKCS12_bio;
-+		i2d_PKCS12_fp;
-+		d2i_PKCS12_bio;
-+		d2i_PKCS12_fp;
-+		i2d_PBEPARAM;
-+		PBEPARAM_new;
-+		d2i_PBEPARAM;
-+		PBEPARAM_free;
-+		i2d_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_new;
-+		d2i_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_free;
-+		EVP_PKCS82PKEY;
-+		EVP_PKEY2PKCS8;
-+		PKCS8_set_broken;
-+		EVP_PBE_ALGOR_CipherInit;
-+		EVP_PBE_alg_add;
-+		PKCS5_pbe_set;
-+		EVP_PBE_cleanup;
-+		i2d_SXNET;
-+		d2i_SXNET;
-+		SXNET_new;
-+		SXNET_free;
-+		i2d_SXNETID;
-+		d2i_SXNETID;
-+		SXNETID_new;
-+		SXNETID_free;
-+		DSA_SIG_new;
-+		DSA_SIG_free;
-+		DSA_do_sign;
-+		DSA_do_verify;
-+		d2i_DSA_SIG;
-+		i2d_DSA_SIG;
-+		i2d_ASN1_VISIBLESTRING;
-+		d2i_ASN1_VISIBLESTRING;
-+		i2d_ASN1_UTF8STRING;
-+		d2i_ASN1_UTF8STRING;
-+		i2d_DIRECTORYSTRING;
-+		d2i_DIRECTORYSTRING;
-+		i2d_DISPLAYTEXT;
-+		d2i_DISPLAYTEXT;
-+		d2i_ASN1_SET_OF_X509;
-+		i2d_ASN1_SET_OF_X509;
-+		i2d_PBKDF2PARAM;
-+		PBKDF2PARAM_new;
-+		d2i_PBKDF2PARAM;
-+		PBKDF2PARAM_free;
-+		i2d_PBE2PARAM;
-+		PBE2PARAM_new;
-+		d2i_PBE2PARAM;
-+		PBE2PARAM_free;
-+		d2i_ASN1_SET_OF_GENERAL_NAME;
-+		i2d_ASN1_SET_OF_GENERAL_NAME;
-+		d2i_ASN1_SET_OF_SXNETID;
-+		i2d_ASN1_SET_OF_SXNETID;
-+		d2i_ASN1_SET_OF_POLICYQUALINFO;
-+		i2d_ASN1_SET_OF_POLICYQUALINFO;
-+		d2i_ASN1_SET_OF_POLICYINFO;
-+		i2d_ASN1_SET_OF_POLICYINFO;
-+		SXNET_add_id_asc;
-+		SXNET_add_id_ulong;
-+		SXNET_add_id_INTEGER;
-+		SXNET_get_id_asc;
-+		SXNET_get_id_ulong;
-+		SXNET_get_id_INTEGER;
-+		X509V3_set_conf_lhash;
-+		i2d_CERTIFICATEPOLICIES;
-+		CERTIFICATEPOLICIES_new;
-+		CERTIFICATEPOLICIES_free;
-+		d2i_CERTIFICATEPOLICIES;
-+		i2d_POLICYINFO;
-+		POLICYINFO_new;
-+		d2i_POLICYINFO;
-+		POLICYINFO_free;
-+		i2d_POLICYQUALINFO;
-+		POLICYQUALINFO_new;
-+		d2i_POLICYQUALINFO;
-+		POLICYQUALINFO_free;
-+		i2d_USERNOTICE;
-+		USERNOTICE_new;
-+		d2i_USERNOTICE;
-+		USERNOTICE_free;
-+		i2d_NOTICEREF;
-+		NOTICEREF_new;
-+		d2i_NOTICEREF;
-+		NOTICEREF_free;
-+		X509V3_get_string;
-+		X509V3_get_section;
-+		X509V3_string_free;
-+		X509V3_section_free;
-+		X509V3_set_ctx;
-+		s2i_ASN1_INTEGER;
-+		CRYPTO_set_locked_mem_functions;
-+		CRYPTO_get_locked_mem_functions;
-+		CRYPTO_malloc_locked;
-+		CRYPTO_free_locked;
-+		BN_mod_exp2_mont;
-+		ERR_get_error_line_data;
-+		ERR_peek_error_line_data;
-+		PKCS12_PBE_keyivgen;
-+		X509_ALGOR_dup;
-+		d2i_ASN1_SET_OF_DIST_POINT;
-+		i2d_ASN1_SET_OF_DIST_POINT;
-+		i2d_CRL_DIST_POINTS;
-+		CRL_DIST_POINTS_new;
-+		CRL_DIST_POINTS_free;
-+		d2i_CRL_DIST_POINTS;
-+		i2d_DIST_POINT;
-+		DIST_POINT_new;
-+		d2i_DIST_POINT;
-+		DIST_POINT_free;
-+		i2d_DIST_POINT_NAME;
-+		DIST_POINT_NAME_new;
-+		DIST_POINT_NAME_free;
-+		d2i_DIST_POINT_NAME;
-+		X509V3_add_value_uchar;
-+		d2i_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_ASN1_TYPE;
-+		d2i_ASN1_SET_OF_X509_EXTENSION;
-+		d2i_ASN1_SET_OF_X509_NAME_ENTRY;
-+		d2i_ASN1_SET_OF_ASN1_TYPE;
-+		i2d_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_X509_EXTENSION;
-+		i2d_ASN1_SET_OF_X509_NAME_ENTRY;
-+		X509V3_EXT_i2d;
-+		X509V3_EXT_val_prn;
-+		X509V3_EXT_add_list;
-+		EVP_CIPHER_type;
-+		EVP_PBE_CipherInit;
-+		X509V3_add_value_bool_nf;
-+		d2i_ASN1_UINTEGER;
-+		sk_value;
-+		sk_num;
-+		sk_set;
-+		i2d_ASN1_SET_OF_X509_REVOKED;
-+		sk_sort;
-+		d2i_ASN1_SET_OF_X509_REVOKED;
-+		i2d_ASN1_SET_OF_X509_ALGOR;
-+		i2d_ASN1_SET_OF_X509_CRL;
-+		d2i_ASN1_SET_OF_X509_ALGOR;
-+		d2i_ASN1_SET_OF_X509_CRL;
-+		i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		PKCS5_PBE_add;
-+		PEM_write_bio_PKCS8;
-+		i2d_PKCS8_fp;
-+		PEM_read_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_bio_P8_PRIV_KEY_INFO;
-+		d2i_PKCS8_bio;
-+		d2i_PKCS8_PRIV_KEY_INFO_fp;
-+		PEM_write_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_bio_P8_PRIV_KEY_INFO;
-+		PEM_read_PKCS8;
-+		d2i_PKCS8_PRIV_KEY_INFO_bio;
-+		d2i_PKCS8_fp;
-+		PEM_write_PKCS8;
-+		PEM_read_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_P8_PRIV_KEY_INFO;
-+		PEM_read_bio_PKCS8;
-+		PEM_write_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_P8_PRIV_KEY_INFO;
-+		PKCS5_PBE_keyivgen;
-+		i2d_PKCS8_bio;
-+		i2d_PKCS8_PRIV_KEY_INFO_fp;
-+		i2d_PKCS8_PRIV_KEY_INFO_bio;
-+		BIO_s_bio;
-+		PKCS5_pbe2_set;
-+		PKCS5_PBKDF2_HMAC_SHA1;
-+		PKCS5_v2_PBE_keyivgen;
-+		PEM_write_bio_PKCS8PrivateKey;
-+		PEM_write_PKCS8PrivateKey;
-+		BIO_ctrl_get_read_request;
-+		BIO_ctrl_pending;
-+		BIO_ctrl_wpending;
-+		BIO_new_bio_pair;
-+		BIO_ctrl_get_write_guarantee;
-+		CRYPTO_num_locks;
-+		CONF_load_bio;
-+		CONF_load_fp;
-+		i2d_ASN1_SET_OF_ASN1_OBJECT;
-+		d2i_ASN1_SET_OF_ASN1_OBJECT;
-+		PKCS7_signatureVerify;
-+		RSA_set_method;
-+		RSA_get_method;
-+		RSA_get_default_method;
-+		RSA_check_key;
-+		OBJ_obj2txt;
-+		DSA_dup_DH;
-+		X509_REQ_get_extensions;
-+		X509_REQ_set_extension_nids;
-+		BIO_nwrite;
-+		X509_REQ_extension_nid;
-+		BIO_nread;
-+		X509_REQ_get_extension_nids;
-+		BIO_nwrite0;
-+		X509_REQ_add_extensions_nid;
-+		BIO_nread0;
-+		X509_REQ_add_extensions;
-+		BIO_new_mem_buf;
-+		DH_set_ex_data;
-+		DH_set_method;
-+		DSA_OpenSSL;
-+		DH_get_ex_data;
-+		DH_get_ex_new_index;
-+		DSA_new_method;
-+		DH_new_method;
-+		DH_OpenSSL;
-+		DSA_get_ex_new_index;
-+		DH_get_default_method;
-+		DSA_set_ex_data;
-+		DH_set_default_method;
-+		DSA_get_ex_data;
-+		X509V3_EXT_REQ_add_conf;
-+		NETSCAPE_SPKI_print;
-+		NETSCAPE_SPKI_set_pubkey;
-+		NETSCAPE_SPKI_b64_encode;
-+		NETSCAPE_SPKI_get_pubkey;
-+		NETSCAPE_SPKI_b64_decode;
-+		UTF8_putc;
-+		UTF8_getc;
-+		RSA_null_method;
-+		ASN1_tag2str;
-+		BIO_ctrl_reset_read_request;
-+		DISPLAYTEXT_new;
-+		ASN1_GENERALIZEDTIME_free;
-+		X509_REVOKED_get_ext_d2i;
-+		X509_set_ex_data;
-+		X509_reject_set_bit_asc;
-+		X509_NAME_add_entry_by_txt;
-+		X509_NAME_add_entry_by_NID;
-+		X509_PURPOSE_get0;
-+		PEM_read_X509_AUX;
-+		d2i_AUTHORITY_INFO_ACCESS;
-+		PEM_write_PUBKEY;
-+		ACCESS_DESCRIPTION_new;
-+		X509_CERT_AUX_free;
-+		d2i_ACCESS_DESCRIPTION;
-+		X509_trust_clear;
-+		X509_TRUST_add;
-+		ASN1_VISIBLESTRING_new;
-+		X509_alias_set1;
-+		ASN1_PRINTABLESTRING_free;
-+		EVP_PKEY_get1_DSA;
-+		ASN1_BMPSTRING_new;
-+		ASN1_mbstring_copy;
-+		ASN1_UTF8STRING_new;
-+		DSA_get_default_method;
-+		i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_T61STRING_free;
-+		DSA_set_method;
-+		X509_get_ex_data;
-+		ASN1_STRING_type;
-+		X509_PURPOSE_get_by_sname;
-+		ASN1_TIME_free;
-+		ASN1_OCTET_STRING_cmp;
-+		ASN1_BIT_STRING_new;
-+		X509_get_ext_d2i;
-+		PEM_read_bio_X509_AUX;
-+		ASN1_STRING_set_default_mask_asc;
-+		ASN1_STRING_set_def_mask_asc;
-+		PEM_write_bio_RSA_PUBKEY;
-+		ASN1_INTEGER_cmp;
-+		d2i_RSA_PUBKEY_fp;
-+		X509_trust_set_bit_asc;
-+		PEM_write_bio_DSA_PUBKEY;
-+		X509_STORE_CTX_free;
-+		EVP_PKEY_set1_DSA;
-+		i2d_DSA_PUBKEY_fp;
-+		X509_load_cert_crl_file;
-+		ASN1_TIME_new;
-+		i2d_RSA_PUBKEY;
-+		X509_STORE_CTX_purpose_inherit;
-+		PEM_read_RSA_PUBKEY;
-+		d2i_X509_AUX;
-+		i2d_DSA_PUBKEY;
-+		X509_CERT_AUX_print;
-+		PEM_read_DSA_PUBKEY;
-+		i2d_RSA_PUBKEY_bio;
-+		ASN1_BIT_STRING_num_asc;
-+		i2d_PUBKEY;
-+		ASN1_UTCTIME_free;
-+		DSA_set_default_method;
-+		X509_PURPOSE_get_by_id;
-+		ACCESS_DESCRIPTION_free;
-+		PEM_read_bio_PUBKEY;
-+		ASN1_STRING_set_by_NID;
-+		X509_PURPOSE_get_id;
-+		DISPLAYTEXT_free;
-+		OTHERNAME_new;
-+		X509_CERT_AUX_new;
-+		X509_TRUST_cleanup;
-+		X509_NAME_add_entry_by_OBJ;
-+		X509_CRL_get_ext_d2i;
-+		X509_PURPOSE_get0_name;
-+		PEM_read_PUBKEY;
-+		i2d_DSA_PUBKEY_bio;
-+		i2d_OTHERNAME;
-+		ASN1_OCTET_STRING_free;
-+		ASN1_BIT_STRING_set_asc;
-+		X509_get_ex_new_index;
-+		ASN1_STRING_TABLE_cleanup;
-+		X509_TRUST_get_by_id;
-+		X509_PURPOSE_get_trust;
-+		ASN1_STRING_length;
-+		d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_PRINTABLESTRING_new;
-+		X509V3_get_d2i;
-+		ASN1_ENUMERATED_free;
-+		i2d_X509_CERT_AUX;
-+		X509_STORE_CTX_set_trust;
-+		ASN1_STRING_set_default_mask;
-+		X509_STORE_CTX_new;
-+		EVP_PKEY_get1_RSA;
-+		DIRECTORYSTRING_free;
-+		PEM_write_X509_AUX;
-+		ASN1_OCTET_STRING_set;
-+		d2i_DSA_PUBKEY_fp;
-+		d2i_RSA_PUBKEY;
-+		X509_TRUST_get0_name;
-+		X509_TRUST_get0;
-+		AUTHORITY_INFO_ACCESS_free;
-+		ASN1_IA5STRING_new;
-+		d2i_DSA_PUBKEY;
-+		X509_check_purpose;
-+		ASN1_ENUMERATED_new;
-+		d2i_RSA_PUBKEY_bio;
-+		d2i_PUBKEY;
-+		X509_TRUST_get_trust;
-+		X509_TRUST_get_flags;
-+		ASN1_BMPSTRING_free;
-+		ASN1_T61STRING_new;
-+		ASN1_UTCTIME_new;
-+		i2d_AUTHORITY_INFO_ACCESS;
-+		EVP_PKEY_set1_RSA;
-+		X509_STORE_CTX_set_purpose;
-+		ASN1_IA5STRING_free;
-+		PEM_write_bio_X509_AUX;
-+		X509_PURPOSE_get_count;
-+		CRYPTO_add_info;
-+		X509_NAME_ENTRY_create_by_txt;
-+		ASN1_STRING_get_default_mask;
-+		X509_alias_get0;
-+		ASN1_STRING_data;
-+		i2d_ACCESS_DESCRIPTION;
-+		X509_trust_set_bit;
-+		ASN1_BIT_STRING_free;
-+		PEM_read_bio_RSA_PUBKEY;
-+		X509_add1_reject_object;
-+		X509_check_trust;
-+		PEM_read_bio_DSA_PUBKEY;
-+		X509_PURPOSE_add;
-+		ASN1_STRING_TABLE_get;
-+		ASN1_UTF8STRING_free;
-+		d2i_DSA_PUBKEY_bio;
-+		PEM_write_RSA_PUBKEY;
-+		d2i_OTHERNAME;
-+		X509_reject_set_bit;
-+		PEM_write_DSA_PUBKEY;
-+		X509_PURPOSE_get0_sname;
-+		EVP_PKEY_set1_DH;
-+		ASN1_OCTET_STRING_dup;
-+		ASN1_BIT_STRING_set;
-+		X509_TRUST_get_count;
-+		ASN1_INTEGER_free;
-+		OTHERNAME_free;
-+		i2d_RSA_PUBKEY_fp;
-+		ASN1_INTEGER_dup;
-+		d2i_X509_CERT_AUX;
-+		PEM_write_bio_PUBKEY;
-+		ASN1_VISIBLESTRING_free;
-+		X509_PURPOSE_cleanup;
-+		ASN1_mbstring_ncopy;
-+		ASN1_GENERALIZEDTIME_new;
-+		EVP_PKEY_get1_DH;
-+		ASN1_OCTET_STRING_new;
-+		ASN1_INTEGER_new;
-+		i2d_X509_AUX;
-+		ASN1_BIT_STRING_name_print;
-+		X509_cmp;
-+		ASN1_STRING_length_set;
-+		DIRECTORYSTRING_new;
-+		X509_add1_trust_object;
-+		PKCS12_newpass;
-+		SMIME_write_PKCS7;
-+		SMIME_read_PKCS7;
-+		DES_set_key_checked;
-+		PKCS7_verify;
-+		PKCS7_encrypt;
-+		DES_set_key_unchecked;
-+		SMIME_crlf_copy;
-+		i2d_ASN1_PRINTABLESTRING;
-+		PKCS7_get0_signers;
-+		PKCS7_decrypt;
-+		SMIME_text;
-+		PKCS7_simple_smimecap;
-+		PKCS7_get_smimecap;
-+		PKCS7_sign;
-+		PKCS7_add_attrib_smimecap;
-+		CRYPTO_dbg_set_options;
-+		CRYPTO_remove_all_info;
-+		CRYPTO_get_mem_debug_functions;
-+		CRYPTO_is_mem_check_on;
-+		CRYPTO_set_mem_debug_functions;
-+		CRYPTO_pop_info;
-+		CRYPTO_push_info_;
-+		CRYPTO_set_mem_debug_options;
-+		PEM_write_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivKey_nid;
-+		d2i_PKCS8PrivateKey_bio;
-+		ASN1_NULL_free;
-+		d2i_ASN1_NULL;
-+		ASN1_NULL_new;
-+		i2d_PKCS8PrivateKey_bio;
-+		i2d_PKCS8PrivateKey_fp;
-+		i2d_ASN1_NULL;
-+		i2d_PKCS8PrivateKey_nid_fp;
-+		d2i_PKCS8PrivateKey_fp;
-+		i2d_PKCS8PrivateKey_nid_bio;
-+		i2d_PKCS8PrivateKeyInfo_fp;
-+		i2d_PKCS8PrivateKeyInfo_bio;
-+		PEM_cb;
-+		i2d_PrivateKey_fp;
-+		d2i_PrivateKey_bio;
-+		d2i_PrivateKey_fp;
-+		i2d_PrivateKey_bio;
-+		X509_reject_clear;
-+		X509_TRUST_set_default;
-+		d2i_AutoPrivateKey;
-+		X509_ATTRIBUTE_get0_type;
-+		X509_ATTRIBUTE_set1_data;
-+		X509at_get_attr;
-+		X509at_get_attr_count;
-+		X509_ATTRIBUTE_create_by_NID;
-+		X509_ATTRIBUTE_set1_object;
-+		X509_ATTRIBUTE_count;
-+		X509_ATTRIBUTE_create_by_OBJ;
-+		X509_ATTRIBUTE_get0_object;
-+		X509at_get_attr_by_NID;
-+		X509at_add1_attr;
-+		X509_ATTRIBUTE_get0_data;
-+		X509at_delete_attr;
-+		X509at_get_attr_by_OBJ;
-+		RAND_add;
-+		BIO_number_written;
-+		BIO_number_read;
-+		X509_STORE_CTX_get1_chain;
-+		ERR_load_RAND_strings;
-+		RAND_pseudo_bytes;
-+		X509_REQ_get_attr_by_NID;
-+		X509_REQ_get_attr;
-+		X509_REQ_add1_attr_by_NID;
-+		X509_REQ_get_attr_by_OBJ;
-+		X509at_add1_attr_by_NID;
-+		X509_REQ_add1_attr_by_OBJ;
-+		X509_REQ_get_attr_count;
-+		X509_REQ_add1_attr;
-+		X509_REQ_delete_attr;
-+		X509at_add1_attr_by_OBJ;
-+		X509_REQ_add1_attr_by_txt;
-+		X509_ATTRIBUTE_create_by_txt;
-+		X509at_add1_attr_by_txt;
-+		BN_pseudo_rand;
-+		BN_is_prime_fasttest;
-+		BN_CTX_end;
-+		BN_CTX_start;
-+		BN_CTX_get;
-+		EVP_PKEY2PKCS8_broken;
-+		ASN1_STRING_TABLE_add;
-+		CRYPTO_dbg_get_options;
-+		AUTHORITY_INFO_ACCESS_new;
-+		CRYPTO_get_mem_debug_options;
-+		DES_crypt;
-+		PEM_write_bio_X509_REQ_NEW;
-+		PEM_write_X509_REQ_NEW;
-+		BIO_callback_ctrl;
-+		RAND_egd;
-+		RAND_status;
-+		bn_dump1;
-+		DES_check_key_parity;
-+		lh_num_items;
-+		RAND_event;
-+		DSO_new;
-+		DSO_new_method;
-+		DSO_free;
-+		DSO_flags;
-+		DSO_up;
-+		DSO_set_default_method;
-+		DSO_get_default_method;
-+		DSO_get_method;
-+		DSO_set_method;
-+		DSO_load;
-+		DSO_bind_var;
-+		DSO_METHOD_null;
-+		DSO_METHOD_openssl;
-+		DSO_METHOD_dlfcn;
-+		DSO_METHOD_win32;
-+		ERR_load_DSO_strings;
-+		DSO_METHOD_dl;
-+		NCONF_load;
-+		NCONF_load_fp;
-+		NCONF_new;
-+		NCONF_get_string;
-+		NCONF_free;
-+		NCONF_get_number;
-+		CONF_dump_fp;
-+		NCONF_load_bio;
-+		NCONF_dump_fp;
-+		NCONF_get_section;
-+		NCONF_dump_bio;
-+		CONF_dump_bio;
-+		NCONF_free_data;
-+		CONF_set_default_method;
-+		ERR_error_string_n;
-+		BIO_snprintf;
-+		DSO_ctrl;
-+		i2d_ASN1_SET_OF_ASN1_INTEGER;
-+		i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		i2d_ASN1_SET_OF_PKCS7;
-+		BIO_vfree;
-+		d2i_ASN1_SET_OF_ASN1_INTEGER;
-+		d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		ASN1_UTCTIME_get;
-+		X509_REQ_digest;
-+		X509_CRL_digest;
-+		d2i_ASN1_SET_OF_PKCS7;
-+		EVP_CIPHER_CTX_set_key_length;
-+		EVP_CIPHER_CTX_ctrl;
-+		BN_mod_exp_mont_word;
-+		RAND_egd_bytes;
-+		X509_REQ_get1_email;
-+		X509_get1_email;
-+		X509_email_free;
-+		i2d_RSA_NET;
-+		d2i_RSA_NET_2;
-+		d2i_RSA_NET;
-+		DSO_bind_func;
-+		CRYPTO_get_new_dynlockid;
-+		sk_new_null;
-+		CRYPTO_set_dynlock_destroy_callback;
-+		CRYPTO_set_dynlock_destroy_cb;
-+		CRYPTO_destroy_dynlockid;
-+		CRYPTO_set_dynlock_size;
-+		CRYPTO_set_dynlock_create_callback;
-+		CRYPTO_set_dynlock_create_cb;
-+		CRYPTO_set_dynlock_lock_callback;
-+		CRYPTO_set_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_lock_callback;
-+		CRYPTO_get_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_destroy_callback;
-+		CRYPTO_get_dynlock_destroy_cb;
-+		CRYPTO_get_dynlock_value;
-+		CRYPTO_get_dynlock_create_callback;
-+		CRYPTO_get_dynlock_create_cb;
-+		c2i_ASN1_BIT_STRING;
-+		i2c_ASN1_BIT_STRING;
-+		RAND_poll;
-+		c2i_ASN1_INTEGER;
-+		i2c_ASN1_INTEGER;
-+		BIO_dump_indent;
-+		ASN1_parse_dump;
-+		c2i_ASN1_OBJECT;
-+		X509_NAME_print_ex_fp;
-+		ASN1_STRING_print_ex_fp;
-+		X509_NAME_print_ex;
-+		ASN1_STRING_print_ex;
-+		MD4;
-+		MD4_Transform;
-+		MD4_Final;
-+		MD4_Update;
-+		MD4_Init;
-+		EVP_md4;
-+		i2d_PUBKEY_bio;
-+		i2d_PUBKEY_fp;
-+		d2i_PUBKEY_bio;
-+		ASN1_STRING_to_UTF8;
-+		BIO_vprintf;
-+		BIO_vsnprintf;
-+		d2i_PUBKEY_fp;
-+		X509_cmp_time;
-+		X509_STORE_CTX_set_time;
-+		X509_STORE_CTX_get1_issuer;
-+		X509_OBJECT_retrieve_match;
-+		X509_OBJECT_idx_by_subject;
-+		X509_STORE_CTX_set_flags;
-+		X509_STORE_CTX_trusted_stack;
-+		X509_time_adj;
-+		X509_check_issued;
-+		ASN1_UTCTIME_cmp_time_t;
-+		DES_set_weak_key_flag;
-+		DES_check_key;
-+		DES_rw_mode;
-+		RSA_PKCS1_RSAref;
-+		X509_keyid_set1;
-+		BIO_next;
-+		DSO_METHOD_vms;
-+		BIO_f_linebuffer;
-+		BN_bntest_rand;
-+		OPENSSL_issetugid;
-+		BN_rand_range;
-+		ERR_load_ENGINE_strings;
-+		ENGINE_set_DSA;
-+		ENGINE_get_finish_function;
-+		ENGINE_get_default_RSA;
-+		ENGINE_get_BN_mod_exp;
-+		DSA_get_default_openssl_method;
-+		ENGINE_set_DH;
-+		ENGINE_set_def_BN_mod_exp_crt;
-+		ENGINE_set_default_BN_mod_exp_crt;
-+		ENGINE_init;
-+		DH_get_default_openssl_method;
-+		RSA_set_default_openssl_method;
-+		ENGINE_finish;
-+		ENGINE_load_public_key;
-+		ENGINE_get_DH;
-+		ENGINE_ctrl;
-+		ENGINE_get_init_function;
-+		ENGINE_set_init_function;
-+		ENGINE_set_default_DSA;
-+		ENGINE_get_name;
-+		ENGINE_get_last;
-+		ENGINE_get_prev;
-+		ENGINE_get_default_DH;
-+		ENGINE_get_RSA;
-+		ENGINE_set_default;
-+		ENGINE_get_RAND;
-+		ENGINE_get_first;
-+		ENGINE_by_id;
-+		ENGINE_set_finish_function;
-+		ENGINE_get_def_BN_mod_exp_crt;
-+		ENGINE_get_default_BN_mod_exp_crt;
-+		RSA_get_default_openssl_method;
-+		ENGINE_set_RSA;
-+		ENGINE_load_private_key;
-+		ENGINE_set_default_RAND;
-+		ENGINE_set_BN_mod_exp;
-+		ENGINE_remove;
-+		ENGINE_free;
-+		ENGINE_get_BN_mod_exp_crt;
-+		ENGINE_get_next;
-+		ENGINE_set_name;
-+		ENGINE_get_default_DSA;
-+		ENGINE_set_default_BN_mod_exp;
-+		ENGINE_set_default_RSA;
-+		ENGINE_get_default_RAND;
-+		ENGINE_get_default_BN_mod_exp;
-+		ENGINE_set_RAND;
-+		ENGINE_set_id;
-+		ENGINE_set_BN_mod_exp_crt;
-+		ENGINE_set_default_DH;
-+		ENGINE_new;
-+		ENGINE_get_id;
-+		DSA_set_default_openssl_method;
-+		ENGINE_add;
-+		DH_set_default_openssl_method;
-+		ENGINE_get_DSA;
-+		ENGINE_get_ctrl_function;
-+		ENGINE_set_ctrl_function;
-+		BN_pseudo_rand_range;
-+		X509_STORE_CTX_set_verify_cb;
-+		ERR_load_COMP_strings;
-+		PKCS12_item_decrypt_d2i;
-+		ASN1_UTF8STRING_it;
-+		ENGINE_unregister_ciphers;
-+		ENGINE_get_ciphers;
-+		d2i_OCSP_BASICRESP;
-+		KRB5_CHECKSUM_it;
-+		EC_POINT_add;
-+		ASN1_item_ex_i2d;
-+		OCSP_CERTID_it;
-+		d2i_OCSP_RESPBYTES;
-+		X509V3_add1_i2d;
-+		PKCS7_ENVELOPE_it;
-+		UI_add_input_boolean;
-+		ENGINE_unregister_RSA;
-+		X509V3_EXT_nconf;
-+		ASN1_GENERALSTRING_free;
-+		d2i_OCSP_CERTSTATUS;
-+		X509_REVOKED_set_serialNumber;
-+		X509_print_ex;
-+		OCSP_ONEREQ_get1_ext_d2i;
-+		ENGINE_register_all_RAND;
-+		ENGINE_load_dynamic;
-+		PBKDF2PARAM_it;
-+		EXTENDED_KEY_USAGE_new;
-+		EC_GROUP_clear_free;
-+		OCSP_sendreq_bio;
-+		ASN1_item_digest;
-+		OCSP_BASICRESP_delete_ext;
-+		OCSP_SIGNATURE_it;
-+		X509_CRL_it;
-+		OCSP_BASICRESP_add_ext;
-+		KRB5_ENCKEY_it;
-+		UI_method_set_closer;
-+		X509_STORE_set_purpose;
-+		i2d_ASN1_GENERALSTRING;
-+		OCSP_response_status;
-+		i2d_OCSP_SERVICELOC;
-+		ENGINE_get_digest_engine;
-+		EC_GROUP_set_curve_GFp;
-+		OCSP_REQUEST_get_ext_by_OBJ;
-+		_ossl_old_des_random_key;
-+		ASN1_T61STRING_it;
-+		EC_GROUP_method_of;
-+		i2d_KRB5_APREQ;
-+		_ossl_old_des_encrypt;
-+		ASN1_PRINTABLE_new;
-+		HMAC_Init_ex;
-+		d2i_KRB5_AUTHENT;
-+		OCSP_archive_cutoff_new;
-+		EC_POINT_set_Jprojective_coordinates_GFp;
-+		EC_POINT_set_Jproj_coords_GFp;
-+		_ossl_old_des_is_weak_key;
-+		OCSP_BASICRESP_get_ext_by_OBJ;
-+		EC_POINT_oct2point;
-+		OCSP_SINGLERESP_get_ext_count;
-+		UI_ctrl;
-+		_shadow_DES_rw_mode;
-+		asn1_do_adb;
-+		ASN1_template_i2d;
-+		ENGINE_register_DH;
-+		UI_construct_prompt;
-+		X509_STORE_set_trust;
-+		UI_dup_input_string;
-+		d2i_KRB5_APREQ;
-+		EVP_MD_CTX_copy_ex;
-+		OCSP_request_is_signed;
-+		i2d_OCSP_REQINFO;
-+		KRB5_ENCKEY_free;
-+		OCSP_resp_get0;
-+		GENERAL_NAME_it;
-+		ASN1_GENERALIZEDTIME_it;
-+		X509_STORE_set_flags;
-+		EC_POINT_set_compressed_coordinates_GFp;
-+		EC_POINT_set_compr_coords_GFp;
-+		OCSP_response_status_str;
-+		d2i_OCSP_REVOKEDINFO;
-+		OCSP_basic_add1_cert;
-+		ERR_get_implementation;
-+		EVP_CipherFinal_ex;
-+		OCSP_CERTSTATUS_new;
-+		CRYPTO_cleanup_all_ex_data;
-+		OCSP_resp_find;
-+		BN_nnmod;
-+		X509_CRL_sort;
-+		X509_REVOKED_set_revocationDate;
-+		ENGINE_register_RAND;
-+		OCSP_SERVICELOC_new;
-+		EC_POINT_set_affine_coordinates_GFp;
-+		EC_POINT_set_affine_coords_GFp;
-+		_ossl_old_des_options;
-+		SXNET_it;
-+		UI_dup_input_boolean;
-+		PKCS12_add_CSPName_asc;
-+		EC_POINT_is_at_infinity;
-+		ENGINE_load_cryptodev;
-+		DSO_convert_filename;
-+		POLICYQUALINFO_it;
-+		ENGINE_register_ciphers;
-+		BN_mod_lshift_quick;
-+		DSO_set_filename;
-+		ASN1_item_free;
-+		KRB5_TKTBODY_free;
-+		AUTHORITY_KEYID_it;
-+		KRB5_APREQBODY_new;
-+		X509V3_EXT_REQ_add_nconf;
-+		ENGINE_ctrl_cmd_string;
-+		i2d_OCSP_RESPDATA;
-+		EVP_MD_CTX_init;
-+		EXTENDED_KEY_USAGE_free;
-+		PKCS7_ATTR_SIGN_it;
-+		UI_add_error_string;
-+		KRB5_CHECKSUM_free;
-+		OCSP_REQUEST_get_ext;
-+		ENGINE_load_ubsec;
-+		ENGINE_register_all_digests;
-+		PKEY_USAGE_PERIOD_it;
-+		PKCS12_unpack_authsafes;
-+		ASN1_item_unpack;
-+		NETSCAPE_SPKAC_it;
-+		X509_REVOKED_it;
-+		ASN1_STRING_encode;
-+		EVP_aes_128_ecb;
-+		KRB5_AUTHENT_free;
-+		OCSP_BASICRESP_get_ext_by_critical;
-+		OCSP_BASICRESP_get_ext_by_crit;
-+		OCSP_cert_status_str;
-+		d2i_OCSP_REQUEST;
-+		UI_dup_info_string;
-+		_ossl_old_des_xwhite_in2out;
-+		PKCS12_it;
-+		OCSP_SINGLERESP_get_ext_by_critical;
-+		OCSP_SINGLERESP_get_ext_by_crit;
-+		OCSP_CERTSTATUS_free;
-+		_ossl_old_des_crypt;
-+		ASN1_item_i2d;
-+		EVP_DecryptFinal_ex;
-+		ENGINE_load_openssl;
-+		ENGINE_get_cmd_defns;
-+		ENGINE_set_load_privkey_function;
-+		ENGINE_set_load_privkey_fn;
-+		EVP_EncryptFinal_ex;
-+		ENGINE_set_default_digests;
-+		X509_get0_pubkey_bitstr;
-+		asn1_ex_i2c;
-+		ENGINE_register_RSA;
-+		ENGINE_unregister_DSA;
-+		_ossl_old_des_key_sched;
-+		X509_EXTENSION_it;
-+		i2d_KRB5_AUTHENT;
-+		SXNETID_it;
-+		d2i_OCSP_SINGLERESP;
-+		EDIPARTYNAME_new;
-+		PKCS12_certbag2x509;
-+		_ossl_old_des_ofb64_encrypt;
-+		d2i_EXTENDED_KEY_USAGE;
-+		ERR_print_errors_cb;
-+		ENGINE_set_ciphers;
-+		d2i_KRB5_APREQBODY;
-+		UI_method_get_flusher;
-+		X509_PUBKEY_it;
-+		_ossl_old_des_enc_read;
-+		PKCS7_ENCRYPT_it;
-+		i2d_OCSP_RESPONSE;
-+		EC_GROUP_get_cofactor;
-+		PKCS12_unpack_p7data;
-+		d2i_KRB5_AUTHDATA;
-+		OCSP_copy_nonce;
-+		KRB5_AUTHDATA_new;
-+		OCSP_RESPDATA_new;
-+		EC_GFp_mont_method;
-+		OCSP_REVOKEDINFO_free;
-+		UI_get_ex_data;
-+		KRB5_APREQBODY_free;
-+		EC_GROUP_get0_generator;
-+		UI_get_default_method;
-+		X509V3_set_nconf;
-+		PKCS12_item_i2d_encrypt;
-+		X509_add1_ext_i2d;
-+		PKCS7_SIGNER_INFO_it;
-+		KRB5_PRINCNAME_new;
-+		PKCS12_SAFEBAG_it;
-+		EC_GROUP_get_order;
-+		d2i_OCSP_RESPID;
-+		OCSP_request_verify;
-+		NCONF_get_number_e;
-+		_ossl_old_des_decrypt3;
-+		X509_signature_print;
-+		OCSP_SINGLERESP_free;
-+		ENGINE_load_builtin_engines;
-+		i2d_OCSP_ONEREQ;
-+		OCSP_REQUEST_add_ext;
-+		OCSP_RESPBYTES_new;
-+		EVP_MD_CTX_create;
-+		OCSP_resp_find_status;
-+		X509_ALGOR_it;
-+		ASN1_TIME_it;
-+		OCSP_request_set1_name;
-+		OCSP_ONEREQ_get_ext_count;
-+		UI_get0_result;
-+		PKCS12_AUTHSAFES_it;
-+		EVP_aes_256_ecb;
-+		PKCS12_pack_authsafes;
-+		ASN1_IA5STRING_it;
-+		UI_get_input_flags;
-+		EC_GROUP_set_generator;
-+		_ossl_old_des_string_to_2keys;
-+		OCSP_CERTID_free;
-+		X509_CERT_AUX_it;
-+		CERTIFICATEPOLICIES_it;
-+		_ossl_old_des_ede3_cbc_encrypt;
-+		RAND_set_rand_engine;
-+		DSO_get_loaded_filename;
-+		X509_ATTRIBUTE_it;
-+		OCSP_ONEREQ_get_ext_by_NID;
-+		PKCS12_decrypt_skey;
-+		KRB5_AUTHENT_it;
-+		UI_dup_error_string;
-+		RSAPublicKey_it;
-+		i2d_OCSP_REQUEST;
-+		PKCS12_x509crl2certbag;
-+		OCSP_SERVICELOC_it;
-+		ASN1_item_sign;
-+		X509_CRL_set_issuer_name;
-+		OBJ_NAME_do_all_sorted;
-+		i2d_OCSP_BASICRESP;
-+		i2d_OCSP_RESPBYTES;
-+		PKCS12_unpack_p7encdata;
-+		HMAC_CTX_init;
-+		ENGINE_get_digest;
-+		OCSP_RESPONSE_print;
-+		KRB5_TKTBODY_it;
-+		ACCESS_DESCRIPTION_it;
-+		PKCS7_ISSUER_AND_SERIAL_it;
-+		PBE2PARAM_it;
-+		PKCS12_certbag2x509crl;
-+		PKCS7_SIGNED_it;
-+		ENGINE_get_cipher;
-+		i2d_OCSP_CRLID;
-+		OCSP_SINGLERESP_new;
-+		ENGINE_cmd_is_executable;
-+		RSA_up_ref;
-+		ASN1_GENERALSTRING_it;
-+		ENGINE_register_DSA;
-+		X509V3_EXT_add_nconf_sk;
-+		ENGINE_set_load_pubkey_function;
-+		PKCS8_decrypt;
-+		PEM_bytes_read_bio;
-+		DIRECTORYSTRING_it;
-+		d2i_OCSP_CRLID;
-+		EC_POINT_is_on_curve;
-+		CRYPTO_set_locked_mem_ex_functions;
-+		CRYPTO_set_locked_mem_ex_funcs;
-+		d2i_KRB5_CHECKSUM;
-+		ASN1_item_dup;
-+		X509_it;
-+		BN_mod_add;
-+		KRB5_AUTHDATA_free;
-+		_ossl_old_des_cbc_cksum;
-+		ASN1_item_verify;
-+		CRYPTO_set_mem_ex_functions;
-+		EC_POINT_get_Jprojective_coordinates_GFp;
-+		EC_POINT_get_Jproj_coords_GFp;
-+		ZLONG_it;
-+		CRYPTO_get_locked_mem_ex_functions;
-+		CRYPTO_get_locked_mem_ex_funcs;
-+		ASN1_TIME_check;
-+		UI_get0_user_data;
-+		HMAC_CTX_cleanup;
-+		DSA_up_ref;
-+		_ossl_old_des_ede3_cfb64_encrypt;
-+		_ossl_odes_ede3_cfb64_encrypt;
-+		ASN1_BMPSTRING_it;
-+		ASN1_tag2bit;
-+		UI_method_set_flusher;
-+		X509_ocspid_print;
-+		KRB5_ENCDATA_it;
-+		ENGINE_get_load_pubkey_function;
-+		UI_add_user_data;
-+		OCSP_REQUEST_delete_ext;
-+		UI_get_method;
-+		OCSP_ONEREQ_free;
-+		ASN1_PRINTABLESTRING_it;
-+		X509_CRL_set_nextUpdate;
-+		OCSP_REQUEST_it;
-+		OCSP_BASICRESP_it;
-+		AES_ecb_encrypt;
-+		BN_mod_sqr;
-+		NETSCAPE_CERT_SEQUENCE_it;
-+		GENERAL_NAMES_it;
-+		AUTHORITY_INFO_ACCESS_it;
-+		ASN1_FBOOLEAN_it;
-+		UI_set_ex_data;
-+		_ossl_old_des_string_to_key;
-+		ENGINE_register_all_RSA;
-+		d2i_KRB5_PRINCNAME;
-+		OCSP_RESPBYTES_it;
-+		X509_CINF_it;
-+		ENGINE_unregister_digests;
-+		d2i_EDIPARTYNAME;
-+		d2i_OCSP_SERVICELOC;
-+		ENGINE_get_digests;
-+		_ossl_old_des_set_odd_parity;
-+		OCSP_RESPDATA_free;
-+		d2i_KRB5_TICKET;
-+		OTHERNAME_it;
-+		EVP_MD_CTX_cleanup;
-+		d2i_ASN1_GENERALSTRING;
-+		X509_CRL_set_version;
-+		BN_mod_sub;
-+		OCSP_SINGLERESP_get_ext_by_NID;
-+		ENGINE_get_ex_new_index;
-+		OCSP_REQUEST_free;
-+		OCSP_REQUEST_add1_ext_i2d;
-+		X509_VAL_it;
-+		EC_POINTs_make_affine;
-+		EC_POINT_mul;
-+		X509V3_EXT_add_nconf;
-+		X509_TRUST_set;
-+		X509_CRL_add1_ext_i2d;
-+		_ossl_old_des_fcrypt;
-+		DISPLAYTEXT_it;
-+		X509_CRL_set_lastUpdate;
-+		OCSP_BASICRESP_free;
-+		OCSP_BASICRESP_add1_ext_i2d;
-+		d2i_KRB5_AUTHENTBODY;
-+		CRYPTO_set_ex_data_implementation;
-+		CRYPTO_set_ex_data_impl;
-+		KRB5_ENCDATA_new;
-+		DSO_up_ref;
-+		OCSP_crl_reason_str;
-+		UI_get0_result_string;
-+		ASN1_GENERALSTRING_new;
-+		X509_SIG_it;
-+		ERR_set_implementation;
-+		ERR_load_EC_strings;
-+		UI_get0_action_string;
-+		OCSP_ONEREQ_get_ext;
-+		EC_POINT_method_of;
-+		i2d_KRB5_APREQBODY;
-+		_ossl_old_des_ecb3_encrypt;
-+		CRYPTO_get_mem_ex_functions;
-+		ENGINE_get_ex_data;
-+		UI_destroy_method;
-+		ASN1_item_i2d_bio;
-+		OCSP_ONEREQ_get_ext_by_OBJ;
-+		ASN1_primitive_new;
-+		ASN1_PRINTABLE_it;
-+		EVP_aes_192_ecb;
-+		OCSP_SIGNATURE_new;
-+		LONG_it;
-+		ASN1_VISIBLESTRING_it;
-+		OCSP_SINGLERESP_add1_ext_i2d;
-+		d2i_OCSP_CERTID;
-+		ASN1_item_d2i_fp;
-+		CRL_DIST_POINTS_it;
-+		GENERAL_NAME_print;
-+		OCSP_SINGLERESP_delete_ext;
-+		PKCS12_SAFEBAGS_it;
-+		d2i_OCSP_SIGNATURE;
-+		OCSP_request_add1_nonce;
-+		ENGINE_set_cmd_defns;
-+		OCSP_SERVICELOC_free;
-+		EC_GROUP_free;
-+		ASN1_BIT_STRING_it;
-+		X509_REQ_it;
-+		_ossl_old_des_cbc_encrypt;
-+		ERR_unload_strings;
-+		PKCS7_SIGN_ENVELOPE_it;
-+		EDIPARTYNAME_free;
-+		OCSP_REQINFO_free;
-+		EC_GROUP_new_curve_GFp;
-+		OCSP_REQUEST_get1_ext_d2i;
-+		PKCS12_item_pack_safebag;
-+		asn1_ex_c2i;
-+		ENGINE_register_digests;
-+		i2d_OCSP_REVOKEDINFO;
-+		asn1_enc_restore;
-+		UI_free;
-+		UI_new_method;
-+		EVP_EncryptInit_ex;
-+		X509_pubkey_digest;
-+		EC_POINT_invert;
-+		OCSP_basic_sign;
-+		i2d_OCSP_RESPID;
-+		OCSP_check_nonce;
-+		ENGINE_ctrl_cmd;
-+		d2i_KRB5_ENCKEY;
-+		OCSP_parse_url;
-+		OCSP_SINGLERESP_get_ext;
-+		OCSP_CRLID_free;
-+		OCSP_BASICRESP_get1_ext_d2i;
-+		RSAPrivateKey_it;
-+		ENGINE_register_all_DH;
-+		i2d_EDIPARTYNAME;
-+		EC_POINT_get_affine_coordinates_GFp;
-+		EC_POINT_get_affine_coords_GFp;
-+		OCSP_CRLID_new;
-+		ENGINE_get_flags;
-+		OCSP_ONEREQ_it;
-+		UI_process;
-+		ASN1_INTEGER_it;
-+		EVP_CipherInit_ex;
-+		UI_get_string_type;
-+		ENGINE_unregister_DH;
-+		ENGINE_register_all_DSA;
-+		OCSP_ONEREQ_get_ext_by_critical;
-+		bn_dup_expand;
-+		OCSP_cert_id_new;
-+		BASIC_CONSTRAINTS_it;
-+		BN_mod_add_quick;
-+		EC_POINT_new;
-+		EVP_MD_CTX_destroy;
-+		OCSP_RESPBYTES_free;
-+		EVP_aes_128_cbc;
-+		OCSP_SINGLERESP_get1_ext_d2i;
-+		EC_POINT_free;
-+		DH_up_ref;
-+		X509_NAME_ENTRY_it;
-+		UI_get_ex_new_index;
-+		BN_mod_sub_quick;
-+		OCSP_ONEREQ_add_ext;
-+		OCSP_request_sign;
-+		EVP_DigestFinal_ex;
-+		ENGINE_set_digests;
-+		OCSP_id_issuer_cmp;
-+		OBJ_NAME_do_all;
-+		EC_POINTs_mul;
-+		ENGINE_register_complete;
-+		X509V3_EXT_nconf_nid;
-+		ASN1_SEQUENCE_it;
-+		UI_set_default_method;
-+		RAND_query_egd_bytes;
-+		UI_method_get_writer;
-+		UI_OpenSSL;
-+		PEM_def_callback;
-+		ENGINE_cleanup;
-+		DIST_POINT_it;
-+		OCSP_SINGLERESP_it;
-+		d2i_KRB5_TKTBODY;
-+		EC_POINT_cmp;
-+		OCSP_REVOKEDINFO_new;
-+		i2d_OCSP_CERTSTATUS;
-+		OCSP_basic_add1_nonce;
-+		ASN1_item_ex_d2i;
-+		BN_mod_lshift1_quick;
-+		UI_set_method;
-+		OCSP_id_get0_info;
-+		BN_mod_sqrt;
-+		EC_GROUP_copy;
-+		KRB5_ENCDATA_free;
-+		_ossl_old_des_cfb_encrypt;
-+		OCSP_SINGLERESP_get_ext_by_OBJ;
-+		OCSP_cert_to_id;
-+		OCSP_RESPID_new;
-+		OCSP_RESPDATA_it;
-+		d2i_OCSP_RESPDATA;
-+		ENGINE_register_all_complete;
-+		OCSP_check_validity;
-+		PKCS12_BAGS_it;
-+		OCSP_url_svcloc_new;
-+		ASN1_template_free;
-+		OCSP_SINGLERESP_add_ext;
-+		KRB5_AUTHENTBODY_it;
-+		X509_supported_extension;
-+		i2d_KRB5_AUTHDATA;
-+		UI_method_get_opener;
-+		ENGINE_set_ex_data;
-+		OCSP_REQUEST_print;
-+		CBIGNUM_it;
-+		KRB5_TICKET_new;
-+		KRB5_APREQ_new;
-+		EC_GROUP_get_curve_GFp;
-+		KRB5_ENCKEY_new;
-+		ASN1_template_d2i;
-+		_ossl_old_des_quad_cksum;
-+		OCSP_single_get0_status;
-+		BN_swap;
-+		POLICYINFO_it;
-+		ENGINE_set_destroy_function;
-+		asn1_enc_free;
-+		OCSP_RESPID_it;
-+		EC_GROUP_new;
-+		EVP_aes_256_cbc;
-+		i2d_KRB5_PRINCNAME;
-+		_ossl_old_des_encrypt2;
-+		_ossl_old_des_encrypt3;
-+		PKCS8_PRIV_KEY_INFO_it;
-+		OCSP_REQINFO_it;
-+		PBEPARAM_it;
-+		KRB5_AUTHENTBODY_new;
-+		X509_CRL_add0_revoked;
-+		EDIPARTYNAME_it;
-+		NETSCAPE_SPKI_it;
-+		UI_get0_test_string;
-+		ENGINE_get_cipher_engine;
-+		ENGINE_register_all_ciphers;
-+		EC_POINT_copy;
-+		BN_kronecker;
-+		_ossl_old_des_ede3_ofb64_encrypt;
-+		_ossl_odes_ede3_ofb64_encrypt;
-+		UI_method_get_reader;
-+		OCSP_BASICRESP_get_ext_count;
-+		ASN1_ENUMERATED_it;
-+		UI_set_result;
-+		i2d_KRB5_TICKET;
-+		X509_print_ex_fp;
-+		EVP_CIPHER_CTX_set_padding;
-+		d2i_OCSP_RESPONSE;
-+		ASN1_UTCTIME_it;
-+		_ossl_old_des_enc_write;
-+		OCSP_RESPONSE_new;
-+		AES_set_encrypt_key;
-+		OCSP_resp_count;
-+		KRB5_CHECKSUM_new;
-+		ENGINE_load_cswift;
-+		OCSP_onereq_get0_id;
-+		ENGINE_set_default_ciphers;
-+		NOTICEREF_it;
-+		X509V3_EXT_CRL_add_nconf;
-+		OCSP_REVOKEDINFO_it;
-+		AES_encrypt;
-+		OCSP_REQUEST_new;
-+		ASN1_ANY_it;
-+		CRYPTO_ex_data_new_class;
-+		_ossl_old_des_ncbc_encrypt;
-+		i2d_KRB5_TKTBODY;
-+		EC_POINT_clear_free;
-+		AES_decrypt;
-+		asn1_enc_init;
-+		UI_get_result_maxsize;
-+		OCSP_CERTID_new;
-+		ENGINE_unregister_RAND;
-+		UI_method_get_closer;
-+		d2i_KRB5_ENCDATA;
-+		OCSP_request_onereq_count;
-+		OCSP_basic_verify;
-+		KRB5_AUTHENTBODY_free;
-+		ASN1_item_d2i;
-+		ASN1_primitive_free;
-+		i2d_EXTENDED_KEY_USAGE;
-+		i2d_OCSP_SIGNATURE;
-+		asn1_enc_save;
-+		ENGINE_load_nuron;
-+		_ossl_old_des_pcbc_encrypt;
-+		PKCS12_MAC_DATA_it;
-+		OCSP_accept_responses_new;
-+		asn1_do_lock;
-+		PKCS7_ATTR_VERIFY_it;
-+		KRB5_APREQBODY_it;
-+		i2d_OCSP_SINGLERESP;
-+		ASN1_item_ex_new;
-+		UI_add_verify_string;
-+		_ossl_old_des_set_key;
-+		KRB5_PRINCNAME_it;
-+		EVP_DecryptInit_ex;
-+		i2d_OCSP_CERTID;
-+		ASN1_item_d2i_bio;
-+		EC_POINT_dbl;
-+		asn1_get_choice_selector;
-+		i2d_KRB5_CHECKSUM;
-+		ENGINE_set_table_flags;
-+		AES_options;
-+		ENGINE_load_chil;
-+		OCSP_id_cmp;
-+		OCSP_BASICRESP_new;
-+		OCSP_REQUEST_get_ext_by_NID;
-+		KRB5_APREQ_it;
-+		ENGINE_get_destroy_function;
-+		CONF_set_nconf;
-+		ASN1_PRINTABLE_free;
-+		OCSP_BASICRESP_get_ext_by_NID;
-+		DIST_POINT_NAME_it;
-+		X509V3_extensions_print;
-+		_ossl_old_des_cfb64_encrypt;
-+		X509_REVOKED_add1_ext_i2d;
-+		_ossl_old_des_ofb_encrypt;
-+		KRB5_TKTBODY_new;
-+		ASN1_OCTET_STRING_it;
-+		ERR_load_UI_strings;
-+		i2d_KRB5_ENCKEY;
-+		ASN1_template_new;
-+		OCSP_SIGNATURE_free;
-+		ASN1_item_i2d_fp;
-+		KRB5_PRINCNAME_free;
-+		PKCS7_RECIP_INFO_it;
-+		EXTENDED_KEY_USAGE_it;
-+		EC_GFp_simple_method;
-+		EC_GROUP_precompute_mult;
-+		OCSP_request_onereq_get0;
-+		UI_method_set_writer;
-+		KRB5_AUTHENT_new;
-+		X509_CRL_INFO_it;
-+		DSO_set_name_converter;
-+		AES_set_decrypt_key;
-+		PKCS7_DIGEST_it;
-+		PKCS12_x5092certbag;
-+		EVP_DigestInit_ex;
-+		i2a_ACCESS_DESCRIPTION;
-+		OCSP_RESPONSE_it;
-+		PKCS7_ENC_CONTENT_it;
-+		OCSP_request_add0_id;
-+		EC_POINT_make_affine;
-+		DSO_get_filename;
-+		OCSP_CERTSTATUS_it;
-+		OCSP_request_add1_cert;
-+		UI_get0_output_string;
-+		UI_dup_verify_string;
-+		BN_mod_lshift;
-+		KRB5_AUTHDATA_it;
-+		asn1_set_choice_selector;
-+		OCSP_basic_add1_status;
-+		OCSP_RESPID_free;
-+		asn1_get_field_ptr;
-+		UI_add_input_string;
-+		OCSP_CRLID_it;
-+		i2d_KRB5_AUTHENTBODY;
-+		OCSP_REQUEST_get_ext_count;
-+		ENGINE_load_atalla;
-+		X509_NAME_it;
-+		USERNOTICE_it;
-+		OCSP_REQINFO_new;
-+		OCSP_BASICRESP_get_ext;
-+		CRYPTO_get_ex_data_implementation;
-+		CRYPTO_get_ex_data_impl;
-+		ASN1_item_pack;
-+		i2d_KRB5_ENCDATA;
-+		X509_PURPOSE_set;
-+		X509_REQ_INFO_it;
-+		UI_method_set_opener;
-+		ASN1_item_ex_free;
-+		ASN1_BOOLEAN_it;
-+		ENGINE_get_table_flags;
-+		UI_create_method;
-+		OCSP_ONEREQ_add1_ext_i2d;
-+		_shadow_DES_check_key;
-+		d2i_OCSP_REQINFO;
-+		UI_add_info_string;
-+		UI_get_result_minsize;
-+		ASN1_NULL_it;
-+		BN_mod_lshift1;
-+		d2i_OCSP_ONEREQ;
-+		OCSP_ONEREQ_new;
-+		KRB5_TICKET_it;
-+		EVP_aes_192_cbc;
-+		KRB5_TICKET_free;
-+		UI_new;
-+		OCSP_response_create;
-+		_ossl_old_des_xcbc_encrypt;
-+		PKCS7_it;
-+		OCSP_REQUEST_get_ext_by_critical;
-+		OCSP_REQUEST_get_ext_by_crit;
-+		ENGINE_set_flags;
-+		_ossl_old_des_ecb_encrypt;
-+		OCSP_response_get1_basic;
-+		EVP_Digest;
-+		OCSP_ONEREQ_delete_ext;
-+		ASN1_TBOOLEAN_it;
-+		ASN1_item_new;
-+		ASN1_TIME_to_generalizedtime;
-+		BIGNUM_it;
-+		AES_cbc_encrypt;
-+		ENGINE_get_load_privkey_function;
-+		ENGINE_get_load_privkey_fn;
-+		OCSP_RESPONSE_free;
-+		UI_method_set_reader;
-+		i2d_ASN1_T61STRING;
-+		EC_POINT_set_to_infinity;
-+		ERR_load_OCSP_strings;
-+		EC_POINT_point2oct;
-+		KRB5_APREQ_free;
-+		ASN1_OBJECT_it;
-+		OCSP_crlID_new;
-+		OCSP_crlID2_new;
-+		CONF_modules_load_file;
-+		CONF_imodule_set_usr_data;
-+		ENGINE_set_default_string;
-+		CONF_module_get_usr_data;
-+		ASN1_add_oid_module;
-+		CONF_modules_finish;
-+		OPENSSL_config;
-+		CONF_modules_unload;
-+		CONF_imodule_get_value;
-+		CONF_module_set_usr_data;
-+		CONF_parse_list;
-+		CONF_module_add;
-+		CONF_get1_default_config_file;
-+		CONF_imodule_get_flags;
-+		CONF_imodule_get_module;
-+		CONF_modules_load;
-+		CONF_imodule_get_name;
-+		ERR_peek_top_error;
-+		CONF_imodule_get_usr_data;
-+		CONF_imodule_set_flags;
-+		ENGINE_add_conf_module;
-+		ERR_peek_last_error_line;
-+		ERR_peek_last_error_line_data;
-+		ERR_peek_last_error;
-+		DES_read_2passwords;
-+		DES_read_password;
-+		UI_UTIL_read_pw;
-+		UI_UTIL_read_pw_string;
-+		ENGINE_load_aep;
-+		ENGINE_load_sureware;
-+		OPENSSL_add_all_algorithms_noconf;
-+		OPENSSL_add_all_algo_noconf;
-+		OPENSSL_add_all_algorithms_conf;
-+		OPENSSL_add_all_algo_conf;
-+		OPENSSL_load_builtin_modules;
-+		AES_ofb128_encrypt;
-+		AES_ctr128_encrypt;
-+		AES_cfb128_encrypt;
-+		ENGINE_load_4758cca;
-+		_ossl_096_des_random_seed;
-+		EVP_aes_256_ofb;
-+		EVP_aes_192_ofb;
-+		EVP_aes_128_cfb128;
-+		EVP_aes_256_cfb128;
-+		EVP_aes_128_ofb;
-+		EVP_aes_192_cfb128;
-+		CONF_modules_free;
-+		NCONF_default;
-+		OPENSSL_no_config;
-+		NCONF_WIN32;
-+		ASN1_UNIVERSALSTRING_new;
-+		EVP_des_ede_ecb;
-+		i2d_ASN1_UNIVERSALSTRING;
-+		ASN1_UNIVERSALSTRING_free;
-+		ASN1_UNIVERSALSTRING_it;
-+		d2i_ASN1_UNIVERSALSTRING;
-+		EVP_des_ede3_ecb;
-+		X509_REQ_print_ex;
-+		ENGINE_up_ref;
-+		BUF_MEM_grow_clean;
-+		CRYPTO_realloc_clean;
-+		BUF_strlcat;
-+		BIO_indent;
-+		BUF_strlcpy;
-+		OpenSSLDie;
-+		OPENSSL_cleanse;
-+		ENGINE_setup_bsd_cryptodev;
-+		ERR_release_err_state_table;
-+		EVP_aes_128_cfb8;
-+		FIPS_corrupt_rsa;
-+		FIPS_selftest_des;
-+		EVP_aes_128_cfb1;
-+		EVP_aes_192_cfb8;
-+		FIPS_mode_set;
-+		FIPS_selftest_dsa;
-+		EVP_aes_256_cfb8;
-+		FIPS_allow_md5;
-+		DES_ede3_cfb_encrypt;
-+		EVP_des_ede3_cfb8;
-+		FIPS_rand_seeded;
-+		AES_cfbr_encrypt_block;
-+		AES_cfb8_encrypt;
-+		FIPS_rand_seed;
-+		FIPS_corrupt_des;
-+		EVP_aes_192_cfb1;
-+		FIPS_selftest_aes;
-+		FIPS_set_prng_key;
-+		EVP_des_cfb8;
-+		FIPS_corrupt_dsa;
-+		FIPS_test_mode;
-+		FIPS_rand_method;
-+		EVP_aes_256_cfb1;
-+		ERR_load_FIPS_strings;
-+		FIPS_corrupt_aes;
-+		FIPS_selftest_sha1;
-+		FIPS_selftest_rsa;
-+		FIPS_corrupt_sha1;
-+		EVP_des_cfb1;
-+		FIPS_dsa_check;
-+		AES_cfb1_encrypt;
-+		EVP_des_ede3_cfb1;
-+		FIPS_rand_check;
-+		FIPS_md5_allowed;
-+		FIPS_mode;
-+		FIPS_selftest_failed;
-+		sk_is_sorted;
-+		X509_check_ca;
-+		HMAC_CTX_set_flags;
-+		d2i_PROXY_CERT_INFO_EXTENSION;
-+		PROXY_POLICY_it;
-+		i2d_PROXY_POLICY;
-+		i2d_PROXY_CERT_INFO_EXTENSION;
-+		d2i_PROXY_POLICY;
-+		PROXY_CERT_INFO_EXTENSION_new;
-+		PROXY_CERT_INFO_EXTENSION_free;
-+		PROXY_CERT_INFO_EXTENSION_it;
-+		PROXY_POLICY_free;
-+		PROXY_POLICY_new;
-+		BN_MONT_CTX_set_locked;
-+		FIPS_selftest_rng;
-+		EVP_sha384;
-+		EVP_sha512;
-+		EVP_sha224;
-+		EVP_sha256;
-+		FIPS_selftest_hmac;
-+		FIPS_corrupt_rng;
-+		BN_mod_exp_mont_consttime;
-+		RSA_X931_hash_id;
-+		RSA_padding_check_X931;
-+		RSA_verify_PKCS1_PSS;
-+		RSA_padding_add_X931;
-+		RSA_padding_add_PKCS1_PSS;
-+		PKCS1_MGF1;
-+		BN_X931_generate_Xpq;
-+		RSA_X931_generate_key;
-+		BN_X931_derive_prime;
-+		BN_X931_generate_prime;
-+		RSA_X931_derive;
-+		BIO_new_dgram;
-+		BN_get0_nist_prime_384;
-+		ERR_set_mark;
-+		X509_STORE_CTX_set0_crls;
-+		ENGINE_set_STORE;
-+		ENGINE_register_ECDSA;
-+		STORE_meth_set_list_start_fn;
-+		STORE_method_set_list_start_function;
-+		BN_BLINDING_invert_ex;
-+		NAME_CONSTRAINTS_free;
-+		STORE_ATTR_INFO_set_number;
-+		BN_BLINDING_get_thread_id;
-+		X509_STORE_CTX_set0_param;
-+		POLICY_MAPPING_it;
-+		STORE_parse_attrs_start;
-+		POLICY_CONSTRAINTS_free;
-+		EVP_PKEY_add1_attr_by_NID;
-+		BN_nist_mod_192;
-+		EC_GROUP_get_trinomial_basis;
-+		STORE_set_method;
-+		GENERAL_SUBTREE_free;
-+		NAME_CONSTRAINTS_it;
-+		ECDH_get_default_method;
-+		PKCS12_add_safe;
-+		EC_KEY_new_by_curve_name;
-+		STORE_meth_get_update_store_fn;
-+		STORE_method_get_update_store_function;
-+		ENGINE_register_ECDH;
-+		SHA512_Update;
-+		i2d_ECPrivateKey;
-+		BN_get0_nist_prime_192;
-+		STORE_modify_certificate;
-+		EC_POINT_set_affine_coordinates_GF2m;
-+		EC_POINT_set_affine_coords_GF2m;
-+		BN_GF2m_mod_exp_arr;
-+		STORE_ATTR_INFO_modify_number;
-+		X509_keyid_get0;
-+		ENGINE_load_gmp;
-+		pitem_new;
-+		BN_GF2m_mod_mul_arr;
-+		STORE_list_public_key_endp;
-+		o2i_ECPublicKey;
-+		EC_KEY_copy;
-+		BIO_dump_fp;
-+		X509_policy_node_get0_parent;
-+		EC_GROUP_check_discriminant;
-+		i2o_ECPublicKey;
-+		EC_KEY_precompute_mult;
-+		a2i_IPADDRESS;
-+		STORE_meth_set_initialise_fn;
-+		STORE_method_set_initialise_function;
-+		X509_STORE_CTX_set_depth;
-+		X509_VERIFY_PARAM_inherit;
-+		EC_POINT_point2bn;
-+		STORE_ATTR_INFO_set_dn;
-+		X509_policy_tree_get0_policies;
-+		EC_GROUP_new_curve_GF2m;
-+		STORE_destroy_method;
-+		ENGINE_unregister_STORE;
-+		EVP_PKEY_get1_EC_KEY;
-+		STORE_ATTR_INFO_get0_number;
-+		ENGINE_get_default_ECDH;
-+		EC_KEY_get_conv_form;
-+		ASN1_OCTET_STRING_NDEF_it;
-+		STORE_delete_public_key;
-+		STORE_get_public_key;
-+		STORE_modify_arbitrary;
-+		ENGINE_get_static_state;
-+		pqueue_iterator;
-+		ECDSA_SIG_new;
-+		OPENSSL_DIR_end;
-+		BN_GF2m_mod_sqr;
-+		EC_POINT_bn2point;
-+		X509_VERIFY_PARAM_set_depth;
-+		EC_KEY_set_asn1_flag;
-+		STORE_get_method;
-+		EC_KEY_get_key_method_data;
-+		ECDSA_sign_ex;
-+		STORE_parse_attrs_end;
-+		EC_GROUP_get_point_conversion_form;
-+		EC_GROUP_get_point_conv_form;
-+		STORE_method_set_store_function;
-+		STORE_ATTR_INFO_in;
-+		PEM_read_bio_ECPKParameters;
-+		EC_GROUP_get_pentanomial_basis;
-+		EVP_PKEY_add1_attr_by_txt;
-+		BN_BLINDING_set_flags;
-+		X509_VERIFY_PARAM_set1_policies;
-+		X509_VERIFY_PARAM_set1_name;
-+		X509_VERIFY_PARAM_set_purpose;
-+		STORE_get_number;
-+		ECDSA_sign_setup;
-+		BN_GF2m_mod_solve_quad_arr;
-+		EC_KEY_up_ref;
-+		POLICY_MAPPING_free;
-+		BN_GF2m_mod_div;
-+		X509_VERIFY_PARAM_set_flags;
-+		EC_KEY_free;
-+		STORE_meth_set_list_next_fn;
-+		STORE_method_set_list_next_function;
-+		PEM_write_bio_ECPrivateKey;
-+		d2i_EC_PUBKEY;
-+		STORE_meth_get_generate_fn;
-+		STORE_method_get_generate_function;
-+		STORE_meth_set_list_end_fn;
-+		STORE_method_set_list_end_function;
-+		pqueue_print;
-+		EC_GROUP_have_precompute_mult;
-+		EC_KEY_print_fp;
-+		BN_GF2m_mod_arr;
-+		PEM_write_bio_X509_CERT_PAIR;
-+		EVP_PKEY_cmp;
-+		X509_policy_level_node_count;
-+		STORE_new_engine;
-+		STORE_list_public_key_start;
-+		X509_VERIFY_PARAM_new;
-+		ECDH_get_ex_data;
-+		EVP_PKEY_get_attr;
-+		ECDSA_do_sign;
-+		ENGINE_unregister_ECDH;
-+		ECDH_OpenSSL;
-+		EC_KEY_set_conv_form;
-+		EC_POINT_dup;
-+		GENERAL_SUBTREE_new;
-+		STORE_list_crl_endp;
-+		EC_get_builtin_curves;
-+		X509_policy_node_get0_qualifiers;
-+		X509_pcy_node_get0_qualifiers;
-+		STORE_list_crl_end;
-+		EVP_PKEY_set1_EC_KEY;
-+		BN_GF2m_mod_sqrt_arr;
-+		i2d_ECPrivateKey_bio;
-+		ECPKParameters_print_fp;
-+		pqueue_find;
-+		ECDSA_SIG_free;
-+		PEM_write_bio_ECPKParameters;
-+		STORE_method_set_ctrl_function;
-+		STORE_list_public_key_end;
-+		EC_KEY_set_private_key;
-+		pqueue_peek;
-+		STORE_get_arbitrary;
-+		STORE_store_crl;
-+		X509_policy_node_get0_policy;
-+		PKCS12_add_safes;
-+		BN_BLINDING_convert_ex;
-+		X509_policy_tree_free;
-+		OPENSSL_ia32cap_loc;
-+		BN_GF2m_poly2arr;
-+		STORE_ctrl;
-+		STORE_ATTR_INFO_compare;
-+		BN_get0_nist_prime_224;
-+		i2d_ECParameters;
-+		i2d_ECPKParameters;
-+		BN_GENCB_call;
-+		d2i_ECPKParameters;
-+		STORE_meth_set_generate_fn;
-+		STORE_method_set_generate_function;
-+		ENGINE_set_ECDH;
-+		NAME_CONSTRAINTS_new;
-+		SHA256_Init;
-+		EC_KEY_get0_public_key;
-+		PEM_write_bio_EC_PUBKEY;
-+		STORE_ATTR_INFO_set_cstr;
-+		STORE_list_crl_next;
-+		STORE_ATTR_INFO_in_range;
-+		ECParameters_print;
-+		STORE_meth_set_delete_fn;
-+		STORE_method_set_delete_function;
-+		STORE_list_certificate_next;
-+		ASN1_generate_nconf;
-+		BUF_memdup;
-+		BN_GF2m_mod_mul;
-+		STORE_meth_get_list_next_fn;
-+		STORE_method_get_list_next_function;
-+		STORE_ATTR_INFO_get0_dn;
-+		STORE_list_private_key_next;
-+		EC_GROUP_set_seed;
-+		X509_VERIFY_PARAM_set_trust;
-+		STORE_ATTR_INFO_free;
-+		STORE_get_private_key;
-+		EVP_PKEY_get_attr_count;
-+		STORE_ATTR_INFO_new;
-+		EC_GROUP_get_curve_GF2m;
-+		STORE_meth_set_revoke_fn;
-+		STORE_method_set_revoke_function;
-+		STORE_store_number;
-+		BN_is_prime_ex;
-+		STORE_revoke_public_key;
-+		X509_STORE_CTX_get0_param;
-+		STORE_delete_arbitrary;
-+		PEM_read_X509_CERT_PAIR;
-+		X509_STORE_set_depth;
-+		ECDSA_get_ex_data;
-+		SHA224;
-+		BIO_dump_indent_fp;
-+		EC_KEY_set_group;
-+		BUF_strndup;
-+		STORE_list_certificate_start;
-+		BN_GF2m_mod;
-+		X509_REQ_check_private_key;
-+		EC_GROUP_get_seed_len;
-+		ERR_load_STORE_strings;
-+		PEM_read_bio_EC_PUBKEY;
-+		STORE_list_private_key_end;
-+		i2d_EC_PUBKEY;
-+		ECDSA_get_default_method;
-+		ASN1_put_eoc;
-+		X509_STORE_CTX_get_explicit_policy;
-+		X509_STORE_CTX_get_expl_policy;
-+		X509_VERIFY_PARAM_table_cleanup;
-+		STORE_modify_private_key;
-+		X509_VERIFY_PARAM_free;
-+		EC_METHOD_get_field_type;
-+		EC_GFp_nist_method;
-+		STORE_meth_set_modify_fn;
-+		STORE_method_set_modify_function;
-+		STORE_parse_attrs_next;
-+		ENGINE_load_padlock;
-+		EC_GROUP_set_curve_name;
-+		X509_CERT_PAIR_it;
-+		STORE_meth_get_revoke_fn;
-+		STORE_method_get_revoke_function;
-+		STORE_method_set_get_function;
-+		STORE_modify_number;
-+		STORE_method_get_store_function;
-+		STORE_store_private_key;
-+		BN_GF2m_mod_sqr_arr;
-+		RSA_setup_blinding;
-+		BIO_s_datagram;
-+		STORE_Memory;
-+		sk_find_ex;
-+		EC_GROUP_set_curve_GF2m;
-+		ENGINE_set_default_ECDSA;
-+		POLICY_CONSTRAINTS_new;
-+		BN_GF2m_mod_sqrt;
-+		ECDH_set_default_method;
-+		EC_KEY_generate_key;
-+		SHA384_Update;
-+		BN_GF2m_arr2poly;
-+		STORE_method_get_get_function;
-+		STORE_meth_set_cleanup_fn;
-+		STORE_method_set_cleanup_function;
-+		EC_GROUP_check;
-+		d2i_ECPrivateKey_bio;
-+		EC_KEY_insert_key_method_data;
-+		STORE_meth_get_lock_store_fn;
-+		STORE_method_get_lock_store_function;
-+		X509_VERIFY_PARAM_get_depth;
-+		SHA224_Final;
-+		STORE_meth_set_update_store_fn;
-+		STORE_method_set_update_store_function;
-+		SHA224_Update;
-+		d2i_ECPrivateKey;
-+		ASN1_item_ndef_i2d;
-+		STORE_delete_private_key;
-+		ERR_pop_to_mark;
-+		ENGINE_register_all_STORE;
-+		X509_policy_level_get0_node;
-+		i2d_PKCS7_NDEF;
-+		EC_GROUP_get_degree;
-+		ASN1_generate_v3;
-+		STORE_ATTR_INFO_modify_cstr;
-+		X509_policy_tree_level_count;
-+		BN_GF2m_add;
-+		EC_KEY_get0_group;
-+		STORE_generate_crl;
-+		STORE_store_public_key;
-+		X509_CERT_PAIR_free;
-+		STORE_revoke_private_key;
-+		BN_nist_mod_224;
-+		SHA512_Final;
-+		STORE_ATTR_INFO_modify_dn;
-+		STORE_meth_get_initialise_fn;
-+		STORE_method_get_initialise_function;
-+		STORE_delete_number;
-+		i2d_EC_PUBKEY_bio;
-+		BIO_dgram_non_fatal_error;
-+		EC_GROUP_get_asn1_flag;
-+		STORE_ATTR_INFO_in_ex;
-+		STORE_list_crl_start;
-+		ECDH_get_ex_new_index;
-+		STORE_meth_get_modify_fn;
-+		STORE_method_get_modify_function;
-+		v2i_ASN1_BIT_STRING;
-+		STORE_store_certificate;
-+		OBJ_bsearch_ex;
-+		X509_STORE_CTX_set_default;
-+		STORE_ATTR_INFO_set_sha1str;
-+		BN_GF2m_mod_inv;
-+		BN_GF2m_mod_exp;
-+		STORE_modify_public_key;
-+		STORE_meth_get_list_start_fn;
-+		STORE_method_get_list_start_function;
-+		EC_GROUP_get0_seed;
-+		STORE_store_arbitrary;
-+		STORE_meth_set_unlock_store_fn;
-+		STORE_method_set_unlock_store_function;
-+		BN_GF2m_mod_div_arr;
-+		ENGINE_set_ECDSA;
-+		STORE_create_method;
-+		ECPKParameters_print;
-+		EC_KEY_get0_private_key;
-+		PEM_write_EC_PUBKEY;
-+		X509_VERIFY_PARAM_set1;
-+		ECDH_set_method;
-+		v2i_GENERAL_NAME_ex;
-+		ECDH_set_ex_data;
-+		STORE_generate_key;
-+		BN_nist_mod_521;
-+		X509_policy_tree_get0_level;
-+		EC_GROUP_set_point_conversion_form;
-+		EC_GROUP_set_point_conv_form;
-+		PEM_read_EC_PUBKEY;
-+		i2d_ECDSA_SIG;
-+		ECDSA_OpenSSL;
-+		STORE_delete_crl;
-+		EC_KEY_get_enc_flags;
-+		ASN1_const_check_infinite_end;
-+		EVP_PKEY_delete_attr;
-+		ECDSA_set_default_method;
-+		EC_POINT_set_compressed_coordinates_GF2m;
-+		EC_POINT_set_compr_coords_GF2m;
-+		EC_GROUP_cmp;
-+		STORE_revoke_certificate;
-+		BN_get0_nist_prime_256;
-+		STORE_meth_get_delete_fn;
-+		STORE_method_get_delete_function;
-+		SHA224_Init;
-+		PEM_read_ECPrivateKey;
-+		SHA512_Init;
-+		STORE_parse_attrs_endp;
-+		BN_set_negative;
-+		ERR_load_ECDSA_strings;
-+		EC_GROUP_get_basis_type;
-+		STORE_list_public_key_next;
-+		i2v_ASN1_BIT_STRING;
-+		STORE_OBJECT_free;
-+		BN_nist_mod_384;
-+		i2d_X509_CERT_PAIR;
-+		PEM_write_ECPKParameters;
-+		ECDH_compute_key;
-+		STORE_ATTR_INFO_get0_sha1str;
-+		ENGINE_register_all_ECDH;
-+		pqueue_pop;
-+		STORE_ATTR_INFO_get0_cstr;
-+		POLICY_CONSTRAINTS_it;
-+		STORE_get_ex_new_index;
-+		EVP_PKEY_get_attr_by_OBJ;
-+		X509_VERIFY_PARAM_add0_policy;
-+		BN_GF2m_mod_solve_quad;
-+		SHA256;
-+		i2d_ECPrivateKey_fp;
-+		X509_policy_tree_get0_user_policies;
-+		X509_pcy_tree_get0_usr_policies;
-+		OPENSSL_DIR_read;
-+		ENGINE_register_all_ECDSA;
-+		X509_VERIFY_PARAM_lookup;
-+		EC_POINT_get_affine_coordinates_GF2m;
-+		EC_POINT_get_affine_coords_GF2m;
-+		EC_GROUP_dup;
-+		ENGINE_get_default_ECDSA;
-+		EC_KEY_new;
-+		SHA256_Transform;
-+		EC_KEY_set_enc_flags;
-+		ECDSA_verify;
-+		EC_POINT_point2hex;
-+		ENGINE_get_STORE;
-+		SHA512;
-+		STORE_get_certificate;
-+		ECDSA_do_sign_ex;
-+		ECDSA_do_verify;
-+		d2i_ECPrivateKey_fp;
-+		STORE_delete_certificate;
-+		SHA512_Transform;
-+		X509_STORE_set1_param;
-+		STORE_method_get_ctrl_function;
-+		STORE_free;
-+		PEM_write_ECPrivateKey;
-+		STORE_meth_get_unlock_store_fn;
-+		STORE_method_get_unlock_store_function;
-+		STORE_get_ex_data;
-+		EC_KEY_set_public_key;
-+		PEM_read_ECPKParameters;
-+		X509_CERT_PAIR_new;
-+		ENGINE_register_STORE;
-+		RSA_generate_key_ex;
-+		DSA_generate_parameters_ex;
-+		ECParameters_print_fp;
-+		X509V3_NAME_from_section;
-+		EVP_PKEY_add1_attr;
-+		STORE_modify_crl;
-+		STORE_list_private_key_start;
-+		POLICY_MAPPINGS_it;
-+		GENERAL_SUBTREE_it;
-+		EC_GROUP_get_curve_name;
-+		PEM_write_X509_CERT_PAIR;
-+		BIO_dump_indent_cb;
-+		d2i_X509_CERT_PAIR;
-+		STORE_list_private_key_endp;
-+		asn1_const_Finish;
-+		i2d_EC_PUBKEY_fp;
-+		BN_nist_mod_256;
-+		X509_VERIFY_PARAM_add0_table;
-+		pqueue_free;
-+		BN_BLINDING_create_param;
-+		ECDSA_size;
-+		d2i_EC_PUBKEY_bio;
-+		BN_get0_nist_prime_521;
-+		STORE_ATTR_INFO_modify_sha1str;
-+		BN_generate_prime_ex;
-+		EC_GROUP_new_by_curve_name;
-+		SHA256_Final;
-+		DH_generate_parameters_ex;
-+		PEM_read_bio_ECPrivateKey;
-+		STORE_meth_get_cleanup_fn;
-+		STORE_method_get_cleanup_function;
-+		ENGINE_get_ECDH;
-+		d2i_ECDSA_SIG;
-+		BN_is_prime_fasttest_ex;
-+		ECDSA_sign;
-+		X509_policy_check;
-+		EVP_PKEY_get_attr_by_NID;
-+		STORE_set_ex_data;
-+		ENGINE_get_ECDSA;
-+		EVP_ecdsa;
-+		BN_BLINDING_get_flags;
-+		PKCS12_add_cert;
-+		STORE_OBJECT_new;
-+		ERR_load_ECDH_strings;
-+		EC_KEY_dup;
-+		EVP_CIPHER_CTX_rand_key;
-+		ECDSA_set_method;
-+		a2i_IPADDRESS_NC;
-+		d2i_ECParameters;
-+		STORE_list_certificate_end;
-+		STORE_get_crl;
-+		X509_POLICY_NODE_print;
-+		SHA384_Init;
-+		EC_GF2m_simple_method;
-+		ECDSA_set_ex_data;
-+		SHA384_Final;
-+		PKCS7_set_digest;
-+		EC_KEY_print;
-+		STORE_meth_set_lock_store_fn;
-+		STORE_method_set_lock_store_function;
-+		ECDSA_get_ex_new_index;
-+		SHA384;
-+		POLICY_MAPPING_new;
-+		STORE_list_certificate_endp;
-+		X509_STORE_CTX_get0_policy_tree;
-+		EC_GROUP_set_asn1_flag;
-+		EC_KEY_check_key;
-+		d2i_EC_PUBKEY_fp;
-+		PKCS7_set0_type_other;
-+		PEM_read_bio_X509_CERT_PAIR;
-+		pqueue_next;
-+		STORE_meth_get_list_end_fn;
-+		STORE_method_get_list_end_function;
-+		EVP_PKEY_add1_attr_by_OBJ;
-+		X509_VERIFY_PARAM_set_time;
-+		pqueue_new;
-+		ENGINE_set_default_ECDH;
-+		STORE_new_method;
-+		PKCS12_add_key;
-+		DSO_merge;
-+		EC_POINT_hex2point;
-+		BIO_dump_cb;
-+		SHA256_Update;
-+		pqueue_insert;
-+		pitem_free;
-+		BN_GF2m_mod_inv_arr;
-+		ENGINE_unregister_ECDSA;
-+		BN_BLINDING_set_thread_id;
-+		get_rfc3526_prime_8192;
-+		X509_VERIFY_PARAM_clear_flags;
-+		get_rfc2409_prime_1024;
-+		DH_check_pub_key;
-+		get_rfc3526_prime_2048;
-+		get_rfc3526_prime_6144;
-+		get_rfc3526_prime_1536;
-+		get_rfc3526_prime_3072;
-+		get_rfc3526_prime_4096;
-+		get_rfc2409_prime_768;
-+		X509_VERIFY_PARAM_get_flags;
-+		EVP_CIPHER_CTX_new;
-+		EVP_CIPHER_CTX_free;
-+		Camellia_cbc_encrypt;
-+		Camellia_cfb128_encrypt;
-+		Camellia_cfb1_encrypt;
-+		Camellia_cfb8_encrypt;
-+		Camellia_ctr128_encrypt;
-+		Camellia_cfbr_encrypt_block;
-+		Camellia_decrypt;
-+		Camellia_ecb_encrypt;
-+		Camellia_encrypt;
-+		Camellia_ofb128_encrypt;
-+		Camellia_set_key;
-+		EVP_camellia_128_cbc;
-+		EVP_camellia_128_cfb128;
-+		EVP_camellia_128_cfb1;
-+		EVP_camellia_128_cfb8;
-+		EVP_camellia_128_ecb;
-+		EVP_camellia_128_ofb;
-+		EVP_camellia_192_cbc;
-+		EVP_camellia_192_cfb128;
-+		EVP_camellia_192_cfb1;
-+		EVP_camellia_192_cfb8;
-+		EVP_camellia_192_ecb;
-+		EVP_camellia_192_ofb;
-+		EVP_camellia_256_cbc;
-+		EVP_camellia_256_cfb128;
-+		EVP_camellia_256_cfb1;
-+		EVP_camellia_256_cfb8;
-+		EVP_camellia_256_ecb;
-+		EVP_camellia_256_ofb;
-+		a2i_ipadd;
-+		ASIdentifiers_free;
-+		i2d_ASIdOrRange;
-+		EVP_CIPHER_block_size;
-+		v3_asid_is_canonical;
-+		IPAddressChoice_free;
-+		EVP_CIPHER_CTX_set_app_data;
-+		BIO_set_callback_arg;
-+		v3_addr_add_prefix;
-+		IPAddressOrRange_it;
-+		BIO_set_flags;
-+		ASIdentifiers_it;
-+		v3_addr_get_range;
-+		BIO_method_type;
-+		v3_addr_inherits;
-+		IPAddressChoice_it;
-+		AES_ige_encrypt;
-+		v3_addr_add_range;
-+		EVP_CIPHER_CTX_nid;
-+		d2i_ASRange;
-+		v3_addr_add_inherit;
-+		v3_asid_add_id_or_range;
-+		v3_addr_validate_resource_set;
-+		EVP_CIPHER_iv_length;
-+		EVP_MD_type;
-+		v3_asid_canonize;
-+		IPAddressRange_free;
-+		v3_asid_add_inherit;
-+		EVP_CIPHER_CTX_key_length;
-+		IPAddressRange_new;
-+		ASIdOrRange_new;
-+		EVP_MD_size;
-+		EVP_MD_CTX_test_flags;
-+		BIO_clear_flags;
-+		i2d_ASRange;
-+		IPAddressRange_it;
-+		IPAddressChoice_new;
-+		ASIdentifierChoice_new;
-+		ASRange_free;
-+		EVP_MD_pkey_type;
-+		EVP_MD_CTX_clear_flags;
-+		IPAddressFamily_free;
-+		i2d_IPAddressFamily;
-+		IPAddressOrRange_new;
-+		EVP_CIPHER_flags;
-+		v3_asid_validate_resource_set;
-+		d2i_IPAddressRange;
-+		AES_bi_ige_encrypt;
-+		BIO_get_callback;
-+		IPAddressOrRange_free;
-+		v3_addr_subset;
-+		d2i_IPAddressFamily;
-+		v3_asid_subset;
-+		BIO_test_flags;
-+		i2d_ASIdentifierChoice;
-+		ASRange_it;
-+		d2i_ASIdentifiers;
-+		ASRange_new;
-+		d2i_IPAddressChoice;
-+		v3_addr_get_afi;
-+		EVP_CIPHER_key_length;
-+		EVP_Cipher;
-+		i2d_IPAddressOrRange;
-+		ASIdOrRange_it;
-+		EVP_CIPHER_nid;
-+		i2d_IPAddressChoice;
-+		EVP_CIPHER_CTX_block_size;
-+		ASIdentifiers_new;
-+		v3_addr_validate_path;
-+		IPAddressFamily_new;
-+		EVP_MD_CTX_set_flags;
-+		v3_addr_is_canonical;
-+		i2d_IPAddressRange;
-+		IPAddressFamily_it;
-+		v3_asid_inherits;
-+		EVP_CIPHER_CTX_cipher;
-+		EVP_CIPHER_CTX_get_app_data;
-+		EVP_MD_block_size;
-+		EVP_CIPHER_CTX_flags;
-+		v3_asid_validate_path;
-+		d2i_IPAddressOrRange;
-+		v3_addr_canonize;
-+		ASIdentifierChoice_it;
-+		EVP_MD_CTX_md;
-+		d2i_ASIdentifierChoice;
-+		BIO_method_name;
-+		EVP_CIPHER_CTX_iv_length;
-+		ASIdOrRange_free;
-+		ASIdentifierChoice_free;
-+		BIO_get_callback_arg;
-+		BIO_set_callback;
-+		d2i_ASIdOrRange;
-+		i2d_ASIdentifiers;
-+		SEED_decrypt;
-+		SEED_encrypt;
-+		SEED_cbc_encrypt;
-+		EVP_seed_ofb;
-+		SEED_cfb128_encrypt;
-+		SEED_ofb128_encrypt;
-+		EVP_seed_cbc;
-+		SEED_ecb_encrypt;
-+		EVP_seed_ecb;
-+		SEED_set_key;
-+		EVP_seed_cfb128;
-+		X509_EXTENSIONS_it;
-+		X509_get1_ocsp;
-+		OCSP_REQ_CTX_free;
-+		i2d_X509_EXTENSIONS;
-+		OCSP_sendreq_nbio;
-+		OCSP_sendreq_new;
-+		d2i_X509_EXTENSIONS;
-+		X509_ALGORS_it;
-+		X509_ALGOR_get0;
-+		X509_ALGOR_set0;
-+		AES_unwrap_key;
-+		AES_wrap_key;
-+		X509at_get0_data_by_OBJ;
-+		ASN1_TYPE_set1;
-+		ASN1_STRING_set0;
-+		i2d_X509_ALGORS;
-+		BIO_f_zlib;
-+		COMP_zlib_cleanup;
-+		d2i_X509_ALGORS;
-+		CMS_ReceiptRequest_free;
-+		PEM_write_CMS;
-+		CMS_add0_CertificateChoices;
-+		CMS_unsigned_add1_attr_by_OBJ;
-+		ERR_load_CMS_strings;
-+		CMS_sign_receipt;
-+		i2d_CMS_ContentInfo;
-+		CMS_signed_delete_attr;
-+		d2i_CMS_bio;
-+		CMS_unsigned_get_attr_by_NID;
-+		CMS_verify;
-+		SMIME_read_CMS;
-+		CMS_decrypt_set1_key;
-+		CMS_SignerInfo_get0_algs;
-+		CMS_add1_cert;
-+		CMS_set_detached;
-+		CMS_encrypt;
-+		CMS_EnvelopedData_create;
-+		CMS_uncompress;
-+		CMS_add0_crl;
-+		CMS_SignerInfo_verify_content;
-+		CMS_unsigned_get0_data_by_OBJ;
-+		PEM_write_bio_CMS;
-+		CMS_unsigned_get_attr;
-+		CMS_RecipientInfo_ktri_cert_cmp;
-+		CMS_RecipientInfo_ktri_get0_algs;
-+		CMS_RecipInfo_ktri_get0_algs;
-+		CMS_ContentInfo_free;
-+		CMS_final;
-+		CMS_add_simple_smimecap;
-+		CMS_SignerInfo_verify;
-+		CMS_data;
-+		CMS_ContentInfo_it;
-+		d2i_CMS_ReceiptRequest;
-+		CMS_compress;
-+		CMS_digest_create;
-+		CMS_SignerInfo_cert_cmp;
-+		CMS_SignerInfo_sign;
-+		CMS_data_create;
-+		i2d_CMS_bio;
-+		CMS_EncryptedData_set1_key;
-+		CMS_decrypt;
-+		int_smime_write_ASN1;
-+		CMS_unsigned_delete_attr;
-+		CMS_unsigned_get_attr_count;
-+		CMS_add_smimecap;
-+		PEM_read_CMS;
-+		CMS_signed_get_attr_by_OBJ;
-+		d2i_CMS_ContentInfo;
-+		CMS_add_standard_smimecap;
-+		CMS_ContentInfo_new;
-+		CMS_RecipientInfo_type;
-+		CMS_get0_type;
-+		CMS_is_detached;
-+		CMS_sign;
-+		CMS_signed_add1_attr;
-+		CMS_unsigned_get_attr_by_OBJ;
-+		SMIME_write_CMS;
-+		CMS_EncryptedData_decrypt;
-+		CMS_get0_RecipientInfos;
-+		CMS_add0_RevocationInfoChoice;
-+		CMS_decrypt_set1_pkey;
-+		CMS_SignerInfo_set1_signer_cert;
-+		CMS_get0_signers;
-+		CMS_ReceiptRequest_get0_values;
-+		CMS_signed_get0_data_by_OBJ;
-+		CMS_get0_SignerInfos;
-+		CMS_add0_cert;
-+		CMS_EncryptedData_encrypt;
-+		CMS_digest_verify;
-+		CMS_set1_signers_certs;
-+		CMS_signed_get_attr;
-+		CMS_RecipientInfo_set0_key;
-+		CMS_SignedData_init;
-+		CMS_RecipientInfo_kekri_get0_id;
-+		CMS_verify_receipt;
-+		CMS_ReceiptRequest_it;
-+		PEM_read_bio_CMS;
-+		CMS_get1_crls;
-+		CMS_add0_recipient_key;
-+		SMIME_read_ASN1;
-+		CMS_ReceiptRequest_new;
-+		CMS_get0_content;
-+		CMS_get1_ReceiptRequest;
-+		CMS_signed_add1_attr_by_OBJ;
-+		CMS_RecipientInfo_kekri_id_cmp;
-+		CMS_add1_ReceiptRequest;
-+		CMS_SignerInfo_get0_signer_id;
-+		CMS_unsigned_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr;
-+		CMS_signed_get_attr_by_NID;
-+		CMS_get1_certs;
-+		CMS_signed_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr_by_txt;
-+		CMS_dataFinal;
-+		CMS_RecipientInfo_ktri_get0_signer_id;
-+		CMS_RecipInfo_ktri_get0_sigr_id;
-+		i2d_CMS_ReceiptRequest;
-+		CMS_add1_recipient_cert;
-+		CMS_dataInit;
-+		CMS_signed_add1_attr_by_txt;
-+		CMS_RecipientInfo_decrypt;
-+		CMS_signed_get_attr_count;
-+		CMS_get0_eContentType;
-+		CMS_set1_eContentType;
-+		CMS_ReceiptRequest_create0;
-+		CMS_add1_signer;
-+		CMS_RecipientInfo_set0_pkey;
-+		ENGINE_set_load_ssl_client_cert_function;
-+		ENGINE_set_ld_ssl_clnt_cert_fn;
-+		ENGINE_get_ssl_client_cert_function;
-+		ENGINE_get_ssl_client_cert_fn;
-+		ENGINE_load_ssl_client_cert;
-+		ENGINE_load_capi;
-+		OPENSSL_isservice;
-+		FIPS_dsa_sig_decode;
-+		EVP_CIPHER_CTX_clear_flags;
-+		FIPS_rand_status;
-+		FIPS_rand_set_key;
-+		CRYPTO_set_mem_info_functions;
-+		RSA_X931_generate_key_ex;
-+		int_ERR_set_state_func;
-+		int_EVP_MD_set_engine_callbacks;
-+		int_CRYPTO_set_do_dynlock_callback;
-+		FIPS_rng_stick;
-+		EVP_CIPHER_CTX_set_flags;
-+		BN_X931_generate_prime_ex;
-+		FIPS_selftest_check;
-+		FIPS_rand_set_dt;
-+		CRYPTO_dbg_pop_info;
-+		FIPS_dsa_free;
-+		RSA_X931_derive_ex;
-+		FIPS_rsa_new;
-+		FIPS_rand_bytes;
-+		fips_cipher_test;
-+		EVP_CIPHER_CTX_test_flags;
-+		CRYPTO_malloc_debug_init;
-+		CRYPTO_dbg_push_info;
-+		FIPS_corrupt_rsa_keygen;
-+		FIPS_dh_new;
-+		FIPS_corrupt_dsa_keygen;
-+		FIPS_dh_free;
-+		fips_pkey_signature_test;
-+		EVP_add_alg_module;
-+		int_RAND_init_engine_callbacks;
-+		int_EVP_CIPHER_set_engine_callbacks;
-+		int_EVP_MD_init_engine_callbacks;
-+		FIPS_rand_test_mode;
-+		FIPS_rand_reset;
-+		FIPS_dsa_new;
-+		int_RAND_set_callbacks;
-+		BN_X931_derive_prime_ex;
-+		int_ERR_lib_init;
-+		int_EVP_CIPHER_init_engine_callbacks;
-+		FIPS_rsa_free;
-+		FIPS_dsa_sig_encode;
-+		CRYPTO_dbg_remove_all_info;
-+		OPENSSL_init;
-+		CRYPTO_strdup;
-+		JPAKE_STEP3A_process;
-+		JPAKE_STEP1_release;
-+		JPAKE_get_shared_key;
-+		JPAKE_STEP3B_init;
-+		JPAKE_STEP1_generate;
-+		JPAKE_STEP1_init;
-+		JPAKE_STEP3B_process;
-+		JPAKE_STEP2_generate;
-+		JPAKE_CTX_new;
-+		JPAKE_CTX_free;
-+		JPAKE_STEP3B_release;
-+		JPAKE_STEP3A_release;
-+		JPAKE_STEP2_process;
-+		JPAKE_STEP3B_generate;
-+		JPAKE_STEP1_process;
-+		JPAKE_STEP3A_generate;
-+		JPAKE_STEP2_release;
-+		JPAKE_STEP3A_init;
-+		ERR_load_JPAKE_strings;
-+		JPAKE_STEP2_init;
-+		pqueue_size;
-+		i2d_TS_ACCURACY;
-+		i2d_TS_MSG_IMPRINT_fp;
-+		i2d_TS_MSG_IMPRINT;
-+		EVP_PKEY_print_public;
-+		EVP_PKEY_CTX_new;
-+		i2d_TS_TST_INFO;
-+		EVP_PKEY_asn1_find;
-+		DSO_METHOD_beos;
-+		TS_CONF_load_cert;
-+		TS_REQ_get_ext;
-+		EVP_PKEY_sign_init;
-+		ASN1_item_print;
-+		TS_TST_INFO_set_nonce;
-+		TS_RESP_dup;
-+		ENGINE_register_pkey_meths;
-+		EVP_PKEY_asn1_add0;
-+		PKCS7_add0_attrib_signing_time;
-+		i2d_TS_TST_INFO_fp;
-+		BIO_asn1_get_prefix;
-+		TS_TST_INFO_set_time;
-+		EVP_PKEY_meth_set_decrypt;
-+		EVP_PKEY_set_type_str;
-+		EVP_PKEY_CTX_get_keygen_info;
-+		TS_REQ_set_policy_id;
-+		d2i_TS_RESP_fp;
-+		ENGINE_get_pkey_asn1_meth_engine;
-+		ENGINE_get_pkey_asn1_meth_eng;
-+		WHIRLPOOL_Init;
-+		TS_RESP_set_status_info;
-+		EVP_PKEY_keygen;
-+		EVP_DigestSignInit;
-+		TS_ACCURACY_set_millis;
-+		TS_REQ_dup;
-+		GENERAL_NAME_dup;
-+		ASN1_SEQUENCE_ANY_it;
-+		WHIRLPOOL;
-+		X509_STORE_get1_crls;
-+		ENGINE_get_pkey_asn1_meth;
-+		EVP_PKEY_asn1_new;
-+		BIO_new_NDEF;
-+		ENGINE_get_pkey_meth;
-+		TS_MSG_IMPRINT_set_algo;
-+		i2d_TS_TST_INFO_bio;
-+		TS_TST_INFO_set_ordering;
-+		TS_TST_INFO_get_ext_by_OBJ;
-+		CRYPTO_THREADID_set_pointer;
-+		TS_CONF_get_tsa_section;
-+		SMIME_write_ASN1;
-+		TS_RESP_CTX_set_signer_key;
-+		EVP_PKEY_encrypt_old;
-+		EVP_PKEY_encrypt_init;
-+		CRYPTO_THREADID_cpy;
-+		ASN1_PCTX_get_cert_flags;
-+		i2d_ESS_SIGNING_CERT;
-+		TS_CONF_load_key;
-+		i2d_ASN1_SEQUENCE_ANY;
-+		d2i_TS_MSG_IMPRINT_bio;
-+		EVP_PKEY_asn1_set_public;
-+		b2i_PublicKey_bio;
-+		BIO_asn1_set_prefix;
-+		EVP_PKEY_new_mac_key;
-+		BIO_new_CMS;
-+		CRYPTO_THREADID_cmp;
-+		TS_REQ_ext_free;
-+		EVP_PKEY_asn1_set_free;
-+		EVP_PKEY_get0_asn1;
-+		d2i_NETSCAPE_X509;
-+		EVP_PKEY_verify_recover_init;
-+		EVP_PKEY_CTX_set_data;
-+		EVP_PKEY_keygen_init;
-+		TS_RESP_CTX_set_status_info;
-+		TS_MSG_IMPRINT_get_algo;
-+		TS_REQ_print_bio;
-+		EVP_PKEY_CTX_ctrl_str;
-+		EVP_PKEY_get_default_digest_nid;
-+		PEM_write_bio_PKCS7_stream;
-+		TS_MSG_IMPRINT_print_bio;
-+		BN_asc2bn;
-+		TS_REQ_get_policy_id;
-+		ENGINE_set_default_pkey_asn1_meths;
-+		ENGINE_set_def_pkey_asn1_meths;
-+		d2i_TS_ACCURACY;
-+		DSO_global_lookup;
-+		TS_CONF_set_tsa_name;
-+		i2d_ASN1_SET_ANY;
-+		ENGINE_load_gost;
-+		WHIRLPOOL_BitUpdate;
-+		ASN1_PCTX_get_flags;
-+		TS_TST_INFO_get_ext_by_NID;
-+		TS_RESP_new;
-+		ESS_CERT_ID_dup;
-+		TS_STATUS_INFO_dup;
-+		TS_REQ_delete_ext;
-+		EVP_DigestVerifyFinal;
-+		EVP_PKEY_print_params;
-+		i2d_CMS_bio_stream;
-+		TS_REQ_get_msg_imprint;
-+		OBJ_find_sigid_by_algs;
-+		TS_TST_INFO_get_serial;
-+		TS_REQ_get_nonce;
-+		X509_PUBKEY_set0_param;
-+		EVP_PKEY_CTX_set0_keygen_info;
-+		DIST_POINT_set_dpname;
-+		i2d_ISSUING_DIST_POINT;
-+		ASN1_SET_ANY_it;
-+		EVP_PKEY_CTX_get_data;
-+		TS_STATUS_INFO_print_bio;
-+		EVP_PKEY_derive_init;
-+		d2i_TS_TST_INFO;
-+		EVP_PKEY_asn1_add_alias;
-+		d2i_TS_RESP_bio;
-+		OTHERNAME_cmp;
-+		GENERAL_NAME_set0_value;
-+		PKCS7_RECIP_INFO_get0_alg;
-+		TS_RESP_CTX_new;
-+		TS_RESP_set_tst_info;
-+		PKCS7_final;
-+		EVP_PKEY_base_id;
-+		TS_RESP_CTX_set_signer_cert;
-+		TS_REQ_set_msg_imprint;
-+		EVP_PKEY_CTX_ctrl;
-+		TS_CONF_set_digests;
-+		d2i_TS_MSG_IMPRINT;
-+		EVP_PKEY_meth_set_ctrl;
-+		TS_REQ_get_ext_by_NID;
-+		PKCS5_pbe_set0_algor;
-+		BN_BLINDING_thread_id;
-+		TS_ACCURACY_new;
-+		X509_CRL_METHOD_free;
-+		ASN1_PCTX_get_nm_flags;
-+		EVP_PKEY_meth_set_sign;
-+		CRYPTO_THREADID_current;
-+		EVP_PKEY_decrypt_init;
-+		NETSCAPE_X509_free;
-+		i2b_PVK_bio;
-+		EVP_PKEY_print_private;
-+		GENERAL_NAME_get0_value;
-+		b2i_PVK_bio;
-+		ASN1_UTCTIME_adj;
-+		TS_TST_INFO_new;
-+		EVP_MD_do_all_sorted;
-+		TS_CONF_set_default_engine;
-+		TS_ACCURACY_set_seconds;
-+		TS_TST_INFO_get_time;
-+		PKCS8_pkey_get0;
-+		EVP_PKEY_asn1_get0;
-+		OBJ_add_sigid;
-+		PKCS7_SIGNER_INFO_sign;
-+		EVP_PKEY_paramgen_init;
-+		EVP_PKEY_sign;
-+		OBJ_sigid_free;
-+		EVP_PKEY_meth_set_init;
-+		d2i_ESS_ISSUER_SERIAL;
-+		ISSUING_DIST_POINT_new;
-+		ASN1_TIME_adj;
-+		TS_OBJ_print_bio;
-+		EVP_PKEY_meth_set_verify_recover;
-+		EVP_PKEY_meth_set_vrfy_recover;
-+		TS_RESP_get_status_info;
-+		CMS_stream;
-+		EVP_PKEY_CTX_set_cb;
-+		PKCS7_to_TS_TST_INFO;
-+		ASN1_PCTX_get_oid_flags;
-+		TS_TST_INFO_add_ext;
-+		EVP_PKEY_meth_set_derive;
-+		i2d_TS_RESP_fp;
-+		i2d_TS_MSG_IMPRINT_bio;
-+		TS_RESP_CTX_set_accuracy;
-+		TS_REQ_set_nonce;
-+		ESS_CERT_ID_new;
-+		ENGINE_pkey_asn1_find_str;
-+		TS_REQ_get_ext_count;
-+		BUF_reverse;
-+		TS_TST_INFO_print_bio;
-+		d2i_ISSUING_DIST_POINT;
-+		ENGINE_get_pkey_meths;
-+		i2b_PrivateKey_bio;
-+		i2d_TS_RESP;
-+		b2i_PublicKey;
-+		TS_VERIFY_CTX_cleanup;
-+		TS_STATUS_INFO_free;
-+		TS_RESP_verify_token;
-+		OBJ_bsearch_ex_;
-+		ASN1_bn_print;
-+		EVP_PKEY_asn1_get_count;
-+		ENGINE_register_pkey_asn1_meths;
-+		ASN1_PCTX_set_nm_flags;
-+		EVP_DigestVerifyInit;
-+		ENGINE_set_default_pkey_meths;
-+		TS_TST_INFO_get_policy_id;
-+		TS_REQ_get_cert_req;
-+		X509_CRL_set_meth_data;
-+		PKCS8_pkey_set0;
-+		ASN1_STRING_copy;
-+		d2i_TS_TST_INFO_fp;
-+		X509_CRL_match;
-+		EVP_PKEY_asn1_set_private;
-+		TS_TST_INFO_get_ext_d2i;
-+		TS_RESP_CTX_add_policy;
-+		d2i_TS_RESP;
-+		TS_CONF_load_certs;
-+		TS_TST_INFO_get_msg_imprint;
-+		ERR_load_TS_strings;
-+		TS_TST_INFO_get_version;
-+		EVP_PKEY_CTX_dup;
-+		EVP_PKEY_meth_set_verify;
-+		i2b_PublicKey_bio;
-+		TS_CONF_set_certs;
-+		EVP_PKEY_asn1_get0_info;
-+		TS_VERIFY_CTX_free;
-+		TS_REQ_get_ext_by_critical;
-+		TS_RESP_CTX_set_serial_cb;
-+		X509_CRL_get_meth_data;
-+		TS_RESP_CTX_set_time_cb;
-+		TS_MSG_IMPRINT_get_msg;
-+		TS_TST_INFO_ext_free;
-+		TS_REQ_get_version;
-+		TS_REQ_add_ext;
-+		EVP_PKEY_CTX_set_app_data;
-+		OBJ_bsearch_;
-+		EVP_PKEY_meth_set_verifyctx;
-+		i2d_PKCS7_bio_stream;
-+		CRYPTO_THREADID_set_numeric;
-+		PKCS7_sign_add_signer;
-+		d2i_TS_TST_INFO_bio;
-+		TS_TST_INFO_get_ordering;
-+		TS_RESP_print_bio;
-+		TS_TST_INFO_get_exts;
-+		HMAC_CTX_copy;
-+		PKCS5_pbe2_set_iv;
-+		ENGINE_get_pkey_asn1_meths;
-+		b2i_PrivateKey;
-+		EVP_PKEY_CTX_get_app_data;
-+		TS_REQ_set_cert_req;
-+		CRYPTO_THREADID_set_callback;
-+		TS_CONF_set_serial;
-+		TS_TST_INFO_free;
-+		d2i_TS_REQ_fp;
-+		TS_RESP_verify_response;
-+		i2d_ESS_ISSUER_SERIAL;
-+		TS_ACCURACY_get_seconds;
-+		EVP_CIPHER_do_all;
-+		b2i_PrivateKey_bio;
-+		OCSP_CERTID_dup;
-+		X509_PUBKEY_get0_param;
-+		TS_MSG_IMPRINT_dup;
-+		PKCS7_print_ctx;
-+		i2d_TS_REQ_bio;
-+		EVP_whirlpool;
-+		EVP_PKEY_asn1_set_param;
-+		EVP_PKEY_meth_set_encrypt;
-+		ASN1_PCTX_set_flags;
-+		i2d_ESS_CERT_ID;
-+		TS_VERIFY_CTX_new;
-+		TS_RESP_CTX_set_extension_cb;
-+		ENGINE_register_all_pkey_meths;
-+		TS_RESP_CTX_set_status_info_cond;
-+		TS_RESP_CTX_set_stat_info_cond;
-+		EVP_PKEY_verify;
-+		WHIRLPOOL_Final;
-+		X509_CRL_METHOD_new;
-+		EVP_DigestSignFinal;
-+		TS_RESP_CTX_set_def_policy;
-+		NETSCAPE_X509_it;
-+		TS_RESP_create_response;
-+		PKCS7_SIGNER_INFO_get0_algs;
-+		TS_TST_INFO_get_nonce;
-+		EVP_PKEY_decrypt_old;
-+		TS_TST_INFO_set_policy_id;
-+		TS_CONF_set_ess_cert_id_chain;
-+		EVP_PKEY_CTX_get0_pkey;
-+		d2i_TS_REQ;
-+		EVP_PKEY_asn1_find_str;
-+		BIO_f_asn1;
-+		ESS_SIGNING_CERT_new;
-+		EVP_PBE_find;
-+		X509_CRL_get0_by_cert;
-+		EVP_PKEY_derive;
-+		i2d_TS_REQ;
-+		TS_TST_INFO_delete_ext;
-+		ESS_ISSUER_SERIAL_free;
-+		ASN1_PCTX_set_str_flags;
-+		ENGINE_get_pkey_asn1_meth_str;
-+		TS_CONF_set_signer_key;
-+		TS_ACCURACY_get_millis;
-+		TS_RESP_get_token;
-+		TS_ACCURACY_dup;
-+		ENGINE_register_all_pkey_asn1_meths;
-+		ENGINE_reg_all_pkey_asn1_meths;
-+		X509_CRL_set_default_method;
-+		CRYPTO_THREADID_hash;
-+		CMS_ContentInfo_print_ctx;
-+		TS_RESP_free;
-+		ISSUING_DIST_POINT_free;
-+		ESS_ISSUER_SERIAL_new;
-+		CMS_add1_crl;
-+		PKCS7_add1_attrib_digest;
-+		TS_RESP_CTX_add_md;
-+		TS_TST_INFO_dup;
-+		ENGINE_set_pkey_asn1_meths;
-+		PEM_write_bio_Parameters;
-+		TS_TST_INFO_get_accuracy;
-+		X509_CRL_get0_by_serial;
-+		TS_TST_INFO_set_version;
-+		TS_RESP_CTX_get_tst_info;
-+		TS_RESP_verify_signature;
-+		CRYPTO_THREADID_get_callback;
-+		TS_TST_INFO_get_tsa;
-+		TS_STATUS_INFO_new;
-+		EVP_PKEY_CTX_get_cb;
-+		TS_REQ_get_ext_d2i;
-+		GENERAL_NAME_set0_othername;
-+		TS_TST_INFO_get_ext_count;
-+		TS_RESP_CTX_get_request;
-+		i2d_NETSCAPE_X509;
-+		ENGINE_get_pkey_meth_engine;
-+		EVP_PKEY_meth_set_signctx;
-+		EVP_PKEY_asn1_copy;
-+		ASN1_TYPE_cmp;
-+		EVP_CIPHER_do_all_sorted;
-+		EVP_PKEY_CTX_free;
-+		ISSUING_DIST_POINT_it;
-+		d2i_TS_MSG_IMPRINT_fp;
-+		X509_STORE_get1_certs;
-+		EVP_PKEY_CTX_get_operation;
-+		d2i_ESS_SIGNING_CERT;
-+		TS_CONF_set_ordering;
-+		EVP_PBE_alg_add_type;
-+		TS_REQ_set_version;
-+		EVP_PKEY_get0;
-+		BIO_asn1_set_suffix;
-+		i2d_TS_STATUS_INFO;
-+		EVP_MD_do_all;
-+		TS_TST_INFO_set_accuracy;
-+		PKCS7_add_attrib_content_type;
-+		ERR_remove_thread_state;
-+		EVP_PKEY_meth_add0;
-+		TS_TST_INFO_set_tsa;
-+		EVP_PKEY_meth_new;
-+		WHIRLPOOL_Update;
-+		TS_CONF_set_accuracy;
-+		ASN1_PCTX_set_oid_flags;
-+		ESS_SIGNING_CERT_dup;
-+		d2i_TS_REQ_bio;
-+		X509_time_adj_ex;
-+		TS_RESP_CTX_add_flags;
-+		d2i_TS_STATUS_INFO;
-+		TS_MSG_IMPRINT_set_msg;
-+		BIO_asn1_get_suffix;
-+		TS_REQ_free;
-+		EVP_PKEY_meth_free;
-+		TS_REQ_get_exts;
-+		TS_RESP_CTX_set_clock_precision_digits;
-+		TS_RESP_CTX_set_clk_prec_digits;
-+		TS_RESP_CTX_add_failure_info;
-+		i2d_TS_RESP_bio;
-+		EVP_PKEY_CTX_get0_peerkey;
-+		PEM_write_bio_CMS_stream;
-+		TS_REQ_new;
-+		TS_MSG_IMPRINT_new;
-+		EVP_PKEY_meth_find;
-+		EVP_PKEY_id;
-+		TS_TST_INFO_set_serial;
-+		a2i_GENERAL_NAME;
-+		TS_CONF_set_crypto_device;
-+		EVP_PKEY_verify_init;
-+		TS_CONF_set_policies;
-+		ASN1_PCTX_new;
-+		ESS_CERT_ID_free;
-+		ENGINE_unregister_pkey_meths;
-+		TS_MSG_IMPRINT_free;
-+		TS_VERIFY_CTX_init;
-+		PKCS7_stream;
-+		TS_RESP_CTX_set_certs;
-+		TS_CONF_set_def_policy;
-+		ASN1_GENERALIZEDTIME_adj;
-+		NETSCAPE_X509_new;
-+		TS_ACCURACY_free;
-+		TS_RESP_get_tst_info;
-+		EVP_PKEY_derive_set_peer;
-+		PEM_read_bio_Parameters;
-+		TS_CONF_set_clock_precision_digits;
-+		TS_CONF_set_clk_prec_digits;
-+		ESS_ISSUER_SERIAL_dup;
-+		TS_ACCURACY_get_micros;
-+		ASN1_PCTX_get_str_flags;
-+		NAME_CONSTRAINTS_check;
-+		ASN1_BIT_STRING_check;
-+		X509_check_akid;
-+		ENGINE_unregister_pkey_asn1_meths;
-+		ENGINE_unreg_pkey_asn1_meths;
-+		ASN1_PCTX_free;
-+		PEM_write_bio_ASN1_stream;
-+		i2d_ASN1_bio_stream;
-+		TS_X509_ALGOR_print_bio;
-+		EVP_PKEY_meth_set_cleanup;
-+		EVP_PKEY_asn1_free;
-+		ESS_SIGNING_CERT_free;
-+		TS_TST_INFO_set_msg_imprint;
-+		GENERAL_NAME_cmp;
-+		d2i_ASN1_SET_ANY;
-+		ENGINE_set_pkey_meths;
-+		i2d_TS_REQ_fp;
-+		d2i_ASN1_SEQUENCE_ANY;
-+		GENERAL_NAME_get0_otherName;
-+		d2i_ESS_CERT_ID;
-+		OBJ_find_sigid_algs;
-+		EVP_PKEY_meth_set_keygen;
-+		PKCS5_PBKDF2_HMAC;
-+		EVP_PKEY_paramgen;
-+		EVP_PKEY_meth_set_paramgen;
-+		BIO_new_PKCS7;
-+		EVP_PKEY_verify_recover;
-+		TS_ext_print_bio;
-+		TS_ASN1_INTEGER_print_bio;
-+		check_defer;
-+		DSO_pathbyaddr;
-+		EVP_PKEY_set_type;
-+		TS_ACCURACY_set_micros;
-+		TS_REQ_to_TS_VERIFY_CTX;
-+		EVP_PKEY_meth_set_copy;
-+		ASN1_PCTX_set_cert_flags;
-+		TS_TST_INFO_get_ext;
-+		EVP_PKEY_asn1_set_ctrl;
-+		TS_TST_INFO_get_ext_by_critical;
-+		EVP_PKEY_CTX_new_id;
-+		TS_REQ_get_ext_by_OBJ;
-+		TS_CONF_set_signer_cert;
-+		X509_NAME_hash_old;
-+		ASN1_TIME_set_string;
-+		EVP_MD_flags;
-+		TS_RESP_CTX_free;
-+		DSAparams_dup;
-+		DHparams_dup;
-+		OCSP_REQ_CTX_add1_header;
-+		OCSP_REQ_CTX_set1_req;
-+		X509_STORE_set_verify_cb;
-+		X509_STORE_CTX_get0_current_crl;
-+		X509_STORE_CTX_get0_parent_ctx;
-+		X509_STORE_CTX_get0_current_issuer;
-+		X509_STORE_CTX_get0_cur_issuer;
-+		X509_issuer_name_hash_old;
-+		X509_subject_name_hash_old;
-+		EVP_CIPHER_CTX_copy;
-+		UI_method_get_prompt_constructor;
-+		UI_method_get_prompt_constructr;
-+		UI_method_set_prompt_constructor;
-+		UI_method_set_prompt_constructr;
-+		EVP_read_pw_string_min;
-+		CRYPTO_cts128_encrypt;
-+		CRYPTO_cts128_decrypt_block;
-+		CRYPTO_cfb128_1_encrypt;
-+		CRYPTO_cbc128_encrypt;
-+		CRYPTO_ctr128_encrypt;
-+		CRYPTO_ofb128_encrypt;
-+		CRYPTO_cts128_decrypt;
-+		CRYPTO_cts128_encrypt_block;
-+		CRYPTO_cbc128_decrypt;
-+		CRYPTO_cfb128_encrypt;
-+		CRYPTO_cfb128_8_encrypt;
-+
-+	local:
-+		*;
-+};
-+
-+
-+OPENSSL_1.0.1 {
-+	global:
-+		SSL_renegotiate_abbreviated;
-+		TLSv1_1_method;
-+		TLSv1_1_client_method;
-+		TLSv1_1_server_method;
-+		SSL_CTX_set_srp_client_pwd_callback;
-+		SSL_CTX_set_srp_client_pwd_cb;
-+		SSL_get_srp_g;
-+		SSL_CTX_set_srp_username_callback;
-+		SSL_CTX_set_srp_un_cb;
-+		SSL_get_srp_userinfo;
-+		SSL_set_srp_server_param;
-+		SSL_set_srp_server_param_pw;
-+		SSL_get_srp_N;
-+		SSL_get_srp_username;
-+		SSL_CTX_set_srp_password;
-+		SSL_CTX_set_srp_strength;
-+		SSL_CTX_set_srp_verify_param_callback;
-+		SSL_CTX_set_srp_vfy_param_cb;
-+		SSL_CTX_set_srp_cb_arg;
-+		SSL_CTX_set_srp_username;
-+		SSL_CTX_SRP_CTX_init;
-+		SSL_SRP_CTX_init;
-+		SRP_Calc_A_param;
-+		SRP_generate_server_master_secret;
-+		SRP_gen_server_master_secret;
-+		SSL_CTX_SRP_CTX_free;
-+		SRP_generate_client_master_secret;
-+		SRP_gen_client_master_secret;
-+		SSL_srp_server_param_with_username;
-+		SSL_srp_server_param_with_un;
-+		SSL_SRP_CTX_free;
-+		SSL_set_debug;
-+		SSL_SESSION_get0_peer;
-+		TLSv1_2_client_method;
-+		SSL_SESSION_set1_id_context;
-+		TLSv1_2_server_method;
-+		SSL_cache_hit;
-+		SSL_get0_kssl_ctx;
-+		SSL_set0_kssl_ctx;
-+		SSL_set_state;
-+		SSL_CIPHER_get_id;
-+		TLSv1_2_method;
-+		kssl_ctx_get0_client_princ;
-+		SSL_export_keying_material;
-+		SSL_set_tlsext_use_srtp;
-+		SSL_CTX_set_next_protos_advertised_cb;
-+		SSL_CTX_set_next_protos_adv_cb;
-+		SSL_get0_next_proto_negotiated;
-+		SSL_get_selected_srtp_profile;
-+		SSL_CTX_set_tlsext_use_srtp;
-+		SSL_select_next_proto;
-+		SSL_get_srtp_profiles;
-+		SSL_CTX_set_next_proto_select_cb;
-+		SSL_CTX_set_next_proto_sel_cb;
-+		SSL_SESSION_get_compress_id;
-+
-+		SRP_VBASE_get_by_user;
-+		SRP_Calc_server_key;
-+		SRP_create_verifier;
-+		SRP_create_verifier_BN;
-+		SRP_Calc_u;
-+		SRP_VBASE_free;
-+		SRP_Calc_client_key;
-+		SRP_get_default_gN;
-+		SRP_Calc_x;
-+		SRP_Calc_B;
-+		SRP_VBASE_new;
-+		SRP_check_known_gN_param;
-+		SRP_Calc_A;
-+		SRP_Verify_A_mod_N;
-+		SRP_VBASE_init;
-+		SRP_Verify_B_mod_N;
-+		EC_KEY_set_public_key_affine_coordinates;
-+		EC_KEY_set_pub_key_aff_coords;
-+		EVP_aes_192_ctr;
-+		EVP_PKEY_meth_get0_info;
-+		EVP_PKEY_meth_copy;
-+		ERR_add_error_vdata;
-+		EVP_aes_128_ctr;
-+		EVP_aes_256_ctr;
-+		EC_GFp_nistp224_method;
-+		EC_KEY_get_flags;
-+		RSA_padding_add_PKCS1_PSS_mgf1;
-+		EVP_aes_128_xts;
-+		EVP_aes_256_xts;
-+		EVP_aes_128_gcm;
-+		EC_KEY_clear_flags;
-+		EC_KEY_set_flags;
-+		EVP_aes_256_ccm;
-+		RSA_verify_PKCS1_PSS_mgf1;
-+		EVP_aes_128_ccm;
-+		EVP_aes_192_gcm;
-+		X509_ALGOR_set_md;
-+		RAND_init_fips;
-+		EVP_aes_256_gcm;
-+		EVP_aes_192_ccm;
-+		CMAC_CTX_copy;
-+		CMAC_CTX_free;
-+		CMAC_CTX_get0_cipher_ctx;
-+		CMAC_CTX_cleanup;
-+		CMAC_Init;
-+		CMAC_Update;
-+		CMAC_resume;
-+		CMAC_CTX_new;
-+		CMAC_Final;
-+		CRYPTO_ctr128_encrypt_ctr32;
-+		CRYPTO_gcm128_release;
-+		CRYPTO_ccm128_decrypt_ccm64;
-+		CRYPTO_ccm128_encrypt;
-+		CRYPTO_gcm128_encrypt;
-+		CRYPTO_xts128_encrypt;
-+		EVP_rc4_hmac_md5;
-+		CRYPTO_nistcts128_decrypt_block;
-+		CRYPTO_gcm128_setiv;
-+		CRYPTO_nistcts128_encrypt;
-+		EVP_aes_128_cbc_hmac_sha1;
-+		CRYPTO_gcm128_tag;
-+		CRYPTO_ccm128_encrypt_ccm64;
-+		ENGINE_load_rdrand;
-+		CRYPTO_ccm128_setiv;
-+		CRYPTO_nistcts128_encrypt_block;
-+		CRYPTO_gcm128_aad;
-+		CRYPTO_ccm128_init;
-+		CRYPTO_nistcts128_decrypt;
-+		CRYPTO_gcm128_new;
-+		CRYPTO_ccm128_tag;
-+		CRYPTO_ccm128_decrypt;
-+		CRYPTO_ccm128_aad;
-+		CRYPTO_gcm128_init;
-+		CRYPTO_gcm128_decrypt;
-+		ENGINE_load_rsax;
-+		CRYPTO_gcm128_decrypt_ctr32;
-+		CRYPTO_gcm128_encrypt_ctr32;
-+		CRYPTO_gcm128_finish;
-+		EVP_aes_256_cbc_hmac_sha1;
-+		PKCS5_pbkdf2_set;
-+		CMS_add0_recipient_password;
-+		CMS_decrypt_set1_password;
-+		CMS_RecipientInfo_set0_password;
-+		RAND_set_fips_drbg_type;
-+		X509_REQ_sign_ctx;
-+		RSA_PSS_PARAMS_new;
-+		X509_CRL_sign_ctx;
-+		X509_signature_dump;
-+		d2i_RSA_PSS_PARAMS;
-+		RSA_PSS_PARAMS_it;
-+		RSA_PSS_PARAMS_free;
-+		X509_sign_ctx;
-+		i2d_RSA_PSS_PARAMS;
-+		ASN1_item_sign_ctx;
-+		EC_GFp_nistp521_method;
-+		EC_GFp_nistp256_method;
-+		OPENSSL_stderr;
-+		OPENSSL_cpuid_setup;
-+		OPENSSL_showfatal;
-+		BIO_new_dgram_sctp;
-+		BIO_dgram_sctp_msg_waiting;
-+		BIO_dgram_sctp_wait_for_dry;
-+		BIO_s_datagram_sctp;
-+		BIO_dgram_is_sctp;
-+		BIO_dgram_sctp_notification_cb;
-+} OPENSSL_1.0.0;
-+
-+OPENSSL_1.0.1d {
-+	global:
-+		CRYPTO_memcmp;
-+} OPENSSL_1.0.1;
-+
-+OPENSSL_1.0.2 {
-+	global:
-+		SSL_CTX_set_alpn_protos;
-+		SSL_set_alpn_protos;
-+		SSL_CTX_set_alpn_select_cb;
-+		SSL_get0_alpn_selected;
-+		SSL_CTX_set_custom_cli_ext;
-+		SSL_CTX_set_custom_srv_ext;
-+		SSL_CTX_set_srv_supp_data;
-+		SSL_CTX_set_cli_supp_data;
-+		SSL_set_cert_cb;
-+		SSL_CTX_use_serverinfo;
-+		SSL_CTX_use_serverinfo_file;
-+		SSL_CTX_set_cert_cb;
-+		SSL_CTX_get0_param;
-+		SSL_get0_param;
-+		SSL_certs_clear;
-+		DTLSv1_2_method;
-+		DTLSv1_2_server_method;
-+		DTLSv1_2_client_method;
-+		DTLS_method;
-+		DTLS_server_method;
-+		DTLS_client_method;
-+		SSL_CTX_get_ssl_method;
-+		SSL_CTX_get0_certificate;
-+		SSL_CTX_get0_privatekey;
-+		SSL_COMP_set0_compression_methods;
-+		SSL_COMP_free_compression_methods;
-+		SSL_CIPHER_find;
-+		SSL_is_server;
-+		SSL_CONF_CTX_new;
-+		SSL_CONF_CTX_finish;
-+		SSL_CONF_CTX_free;
-+		SSL_CONF_CTX_set_flags;
-+		SSL_CONF_CTX_clear_flags;
-+		SSL_CONF_CTX_set1_prefix;
-+		SSL_CONF_CTX_set_ssl;
-+		SSL_CONF_CTX_set_ssl_ctx;
-+		SSL_CONF_cmd;
-+		SSL_CONF_cmd_argv;
-+		SSL_CONF_cmd_value_type;
-+		SSL_trace;
-+		SSL_CIPHER_standard_name;
-+		SSL_get_tlsa_record_byname;
-+		ASN1_TIME_diff;
-+		BIO_hex_string;
-+		CMS_RecipientInfo_get0_pkey_ctx;
-+		CMS_RecipientInfo_encrypt;
-+		CMS_SignerInfo_get0_pkey_ctx;
-+		CMS_SignerInfo_get0_md_ctx;
-+		CMS_SignerInfo_get0_signature;
-+		CMS_RecipientInfo_kari_get0_alg;
-+		CMS_RecipientInfo_kari_get0_reks;
-+		CMS_RecipientInfo_kari_get0_orig_id;
-+		CMS_RecipientInfo_kari_orig_id_cmp;
-+		CMS_RecipientEncryptedKey_get0_id;
-+		CMS_RecipientEncryptedKey_cert_cmp;
-+		CMS_RecipientInfo_kari_set0_pkey;
-+		CMS_RecipientInfo_kari_get0_ctx;
-+		CMS_RecipientInfo_kari_decrypt;
-+		CMS_SharedInfo_encode;
-+		DH_compute_key_padded;
-+		d2i_DHxparams;
-+		i2d_DHxparams;
-+		DH_get_1024_160;
-+		DH_get_2048_224;
-+		DH_get_2048_256;
-+		DH_KDF_X9_42;
-+		ECDH_KDF_X9_62;
-+		ECDSA_METHOD_new;
-+		ECDSA_METHOD_free;
-+		ECDSA_METHOD_set_app_data;
-+		ECDSA_METHOD_get_app_data;
-+		ECDSA_METHOD_set_sign;
-+		ECDSA_METHOD_set_sign_setup;
-+		ECDSA_METHOD_set_verify;
-+		ECDSA_METHOD_set_flags;
-+		ECDSA_METHOD_set_name;
-+		EVP_des_ede3_wrap;
-+		EVP_aes_128_wrap;
-+		EVP_aes_192_wrap;
-+		EVP_aes_256_wrap;
-+		EVP_aes_128_cbc_hmac_sha256;
-+		EVP_aes_256_cbc_hmac_sha256;
-+		CRYPTO_128_wrap;
-+		CRYPTO_128_unwrap;
-+		OCSP_REQ_CTX_nbio;
-+		OCSP_REQ_CTX_new;
-+		OCSP_set_max_response_length;
-+		OCSP_REQ_CTX_i2d;
-+		OCSP_REQ_CTX_nbio_d2i;
-+		OCSP_REQ_CTX_get0_mem_bio;
-+		OCSP_REQ_CTX_http;
-+		RSA_padding_add_PKCS1_OAEP_mgf1;
-+		RSA_padding_check_PKCS1_OAEP_mgf1;
-+		RSA_OAEP_PARAMS_free;
-+		RSA_OAEP_PARAMS_it;
-+		RSA_OAEP_PARAMS_new;
-+		SSL_get_sigalgs;
-+		SSL_get_shared_sigalgs;
-+		SSL_check_chain;
-+		X509_chain_up_ref;
-+		X509_http_nbio;
-+		X509_CRL_http_nbio;
-+		X509_REVOKED_dup;
-+		i2d_re_X509_tbs;
-+		X509_get0_signature;
-+		X509_get_signature_nid;
-+		X509_CRL_diff;
-+		X509_chain_check_suiteb;
-+		X509_CRL_check_suiteb;
-+		X509_check_host;
-+		X509_check_email;
-+		X509_check_ip;
-+		X509_check_ip_asc;
-+		X509_STORE_set_lookup_crls_cb;
-+		X509_STORE_CTX_get0_store;
-+		X509_VERIFY_PARAM_set1_host;
-+		X509_VERIFY_PARAM_add1_host;
-+		X509_VERIFY_PARAM_set_hostflags;
-+		X509_VERIFY_PARAM_get0_peername;
-+		X509_VERIFY_PARAM_set1_email;
-+		X509_VERIFY_PARAM_set1_ip;
-+		X509_VERIFY_PARAM_set1_ip_asc;
-+		X509_VERIFY_PARAM_get0_name;
-+		X509_VERIFY_PARAM_get_count;
-+		X509_VERIFY_PARAM_get0;
-+		X509V3_EXT_free;
-+		EC_GROUP_get_mont_data;
-+		EC_curve_nid2nist;
-+		EC_curve_nist2nid;
-+		PEM_write_bio_DHxparams;
-+		PEM_write_DHxparams;
-+		SSL_CTX_add_client_custom_ext;
-+		SSL_CTX_add_server_custom_ext;
-+		SSL_extension_supported;
-+		BUF_strnlen;
-+		sk_deep_copy;
-+		SSL_test_functions;
-+} OPENSSL_1.0.1d;
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
deleted file mode 100644
index c43bcd1c77..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-11-05
-
-Upstream-Status: Backport [debian]
-
-
-Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c	2014-02-25 00:16:12.488028844 +0100
-+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c	2014-02-25 00:16:12.484028929 +0100
-@@ -964,10 +964,11 @@
- 	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
- 		{
- 		x = sk_X509_value(ctx->chain, i);
--		/* Mark DigiNotar certificates as revoked, no matter
--		 * where in the chain they are.
-+		/* Mark certificates containing the following names as
-+		 * revoked, no matter where in the chain they are.
- 		 */
--		if (x->name && strstr(x->name, "DigiNotar"))
-+		if (x->name && (strstr(x->name, "DigiNotar") ||
-+			strstr(x->name, "Digicert Sdn. Bhd.")))
- 			{
- 			ctx->error = X509_V_ERR_CERT_REVOKED;
- 			ctx->error_depth = i;
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
deleted file mode 100644
index d81e22cd8d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "DigiNotar" is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-09-08
-Bug: http://bugs.debian.org/639744
-Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
-
-This is not meant as final patch.  
-
-Upstream-Status: Backport [debian]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
-+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
-@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
- static int check_revocation(X509_STORE_CTX *ctx);
- static int check_cert(X509_STORE_CTX *ctx);
- static int check_policy(X509_STORE_CTX *ctx);
-+static int check_ca_blacklist(X509_STORE_CTX *ctx);
- 
- static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
-                          unsigned int *preasons, X509_CRL *crl, X509 *x);
-@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
-     if (!ok)
-         goto err;
- 
-+	ok = check_ca_blacklist(ctx);
-+	if(!ok) goto err;
-+
- #ifndef OPENSSL_NO_RFC3779
-     /* RFC 3779 path validation, now that CRL check has been done */
-     ok = v3_asid_validate_path(ctx);
-@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
-     return 1;
- }
- 
-+static int check_ca_blacklist(X509_STORE_CTX *ctx)
-+	{
-+	X509 *x;
-+	int i;
-+	/* Check all certificates against the blacklist */
-+	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
-+		{
-+		x = sk_X509_value(ctx->chain, i);
-+		/* Mark DigiNotar certificates as revoked, no matter
-+		 * where in the chain they are.
-+		 */
-+		if (x->name && strstr(x->name, "DigiNotar"))
-+			{
-+			ctx->error = X509_V_ERR_CERT_REVOKED;
-+			ctx->error_depth = i;
-+			ctx->current_cert = x;
-+			if (!ctx->verify_cb(0,ctx))
-+				return 0;
-+			}
-+		}
-+	return 1;
-+	}
-+
- static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
-                       X509 **pissuer, int *pscore, unsigned int *preasons,
-                       STACK_OF(X509_CRL) *crls)
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
deleted file mode 100644
index 29f11a288e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
+++ /dev/null
@@ -1,4656 +0,0 @@
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
-===================================================================
---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure	2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure	2014-02-24 21:02:30.000000000 +0100
-@@ -1651,6 +1651,8 @@
- 		}
- 	}
- 
-+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
-+
- open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
- unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
- open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4608 @@
-+OPENSSL_1.0.2d {
-+	global:
-+		BIO_f_ssl;
-+		BIO_new_buffer_ssl_connect;
-+		BIO_new_ssl;
-+		BIO_new_ssl_connect;
-+		BIO_proxy_ssl_copy_session_id;
-+		BIO_ssl_copy_session_id;
-+		BIO_ssl_shutdown;
-+		d2i_SSL_SESSION;
-+		DTLSv1_client_method;
-+		DTLSv1_method;
-+		DTLSv1_server_method;
-+		ERR_load_SSL_strings;
-+		i2d_SSL_SESSION;
-+		kssl_build_principal_2;
-+		kssl_cget_tkt;
-+		kssl_check_authent;
-+		kssl_ctx_free;
-+		kssl_ctx_new;
-+		kssl_ctx_setkey;
-+		kssl_ctx_setprinc;
-+		kssl_ctx_setstring;
-+		kssl_ctx_show;
-+		kssl_err_set;
-+		kssl_krb5_free_data_contents;
-+		kssl_sget_tkt;
-+		kssl_skip_confound;
-+		kssl_validate_times;
-+		PEM_read_bio_SSL_SESSION;
-+		PEM_read_SSL_SESSION;
-+		PEM_write_bio_SSL_SESSION;
-+		PEM_write_SSL_SESSION;
-+		SSL_accept;
-+		SSL_add_client_CA;
-+		SSL_add_dir_cert_subjects_to_stack;
-+		SSL_add_dir_cert_subjs_to_stk;
-+		SSL_add_file_cert_subjects_to_stack;
-+		SSL_add_file_cert_subjs_to_stk;
-+		SSL_alert_desc_string;
-+		SSL_alert_desc_string_long;
-+		SSL_alert_type_string;
-+		SSL_alert_type_string_long;
-+		SSL_callback_ctrl;
-+		SSL_check_private_key;
-+		SSL_CIPHER_description;
-+		SSL_CIPHER_get_bits;
-+		SSL_CIPHER_get_name;
-+		SSL_CIPHER_get_version;
-+		SSL_clear;
-+		SSL_COMP_add_compression_method;
-+		SSL_COMP_get_compression_methods;
-+		SSL_COMP_get_compress_methods;
-+		SSL_COMP_get_name;
-+		SSL_connect;
-+		SSL_copy_session_id;
-+		SSL_ctrl;
-+		SSL_CTX_add_client_CA;
-+		SSL_CTX_add_session;
-+		SSL_CTX_callback_ctrl;
-+		SSL_CTX_check_private_key;
-+		SSL_CTX_ctrl;
-+		SSL_CTX_flush_sessions;
-+		SSL_CTX_free;
-+		SSL_CTX_get_cert_store;
-+		SSL_CTX_get_client_CA_list;
-+		SSL_CTX_get_client_cert_cb;
-+		SSL_CTX_get_ex_data;
-+		SSL_CTX_get_ex_new_index;
-+		SSL_CTX_get_info_callback;
-+		SSL_CTX_get_quiet_shutdown;
-+		SSL_CTX_get_timeout;
-+		SSL_CTX_get_verify_callback;
-+		SSL_CTX_get_verify_depth;
-+		SSL_CTX_get_verify_mode;
-+		SSL_CTX_load_verify_locations;
-+		SSL_CTX_new;
-+		SSL_CTX_remove_session;
-+		SSL_CTX_sess_get_get_cb;
-+		SSL_CTX_sess_get_new_cb;
-+		SSL_CTX_sess_get_remove_cb;
-+		SSL_CTX_sessions;
-+		SSL_CTX_sess_set_get_cb;
-+		SSL_CTX_sess_set_new_cb;
-+		SSL_CTX_sess_set_remove_cb;
-+		SSL_CTX_set1_param;
-+		SSL_CTX_set_cert_store;
-+		SSL_CTX_set_cert_verify_callback;
-+		SSL_CTX_set_cert_verify_cb;
-+		SSL_CTX_set_cipher_list;
-+		SSL_CTX_set_client_CA_list;
-+		SSL_CTX_set_client_cert_cb;
-+		SSL_CTX_set_client_cert_engine;
-+		SSL_CTX_set_cookie_generate_cb;
-+		SSL_CTX_set_cookie_verify_cb;
-+		SSL_CTX_set_default_passwd_cb;
-+		SSL_CTX_set_default_passwd_cb_userdata;
-+		SSL_CTX_set_default_verify_paths;
-+		SSL_CTX_set_def_passwd_cb_ud;
-+		SSL_CTX_set_def_verify_paths;
-+		SSL_CTX_set_ex_data;
-+		SSL_CTX_set_generate_session_id;
-+		SSL_CTX_set_info_callback;
-+		SSL_CTX_set_msg_callback;
-+		SSL_CTX_set_psk_client_callback;
-+		SSL_CTX_set_psk_server_callback;
-+		SSL_CTX_set_purpose;
-+		SSL_CTX_set_quiet_shutdown;
-+		SSL_CTX_set_session_id_context;
-+		SSL_CTX_set_ssl_version;
-+		SSL_CTX_set_timeout;
-+		SSL_CTX_set_tmp_dh_callback;
-+		SSL_CTX_set_tmp_ecdh_callback;
-+		SSL_CTX_set_tmp_rsa_callback;
-+		SSL_CTX_set_trust;
-+		SSL_CTX_set_verify;
-+		SSL_CTX_set_verify_depth;
-+		SSL_CTX_use_cert_chain_file;
-+		SSL_CTX_use_certificate;
-+		SSL_CTX_use_certificate_ASN1;
-+		SSL_CTX_use_certificate_chain_file;
-+		SSL_CTX_use_certificate_file;
-+		SSL_CTX_use_PrivateKey;
-+		SSL_CTX_use_PrivateKey_ASN1;
-+		SSL_CTX_use_PrivateKey_file;
-+		SSL_CTX_use_psk_identity_hint;
-+		SSL_CTX_use_RSAPrivateKey;
-+		SSL_CTX_use_RSAPrivateKey_ASN1;
-+		SSL_CTX_use_RSAPrivateKey_file;
-+		SSL_do_handshake;
-+		SSL_dup;
-+		SSL_dup_CA_list;
-+		SSLeay_add_ssl_algorithms;
-+		SSL_free;
-+		SSL_get1_session;
-+		SSL_get_certificate;
-+		SSL_get_cipher_list;
-+		SSL_get_ciphers;
-+		SSL_get_client_CA_list;
-+		SSL_get_current_cipher;
-+		SSL_get_current_compression;
-+		SSL_get_current_expansion;
-+		SSL_get_default_timeout;
-+		SSL_get_error;
-+		SSL_get_ex_data;
-+		SSL_get_ex_data_X509_STORE_CTX_idx;
-+		SSL_get_ex_d_X509_STORE_CTX_idx;
-+		SSL_get_ex_new_index;
-+		SSL_get_fd;
-+		SSL_get_finished;
-+		SSL_get_info_callback;
-+		SSL_get_peer_cert_chain;
-+		SSL_get_peer_certificate;
-+		SSL_get_peer_finished;
-+		SSL_get_privatekey;
-+		SSL_get_psk_identity;
-+		SSL_get_psk_identity_hint;
-+		SSL_get_quiet_shutdown;
-+		SSL_get_rbio;
-+		SSL_get_read_ahead;
-+		SSL_get_rfd;
-+		SSL_get_servername;
-+		SSL_get_servername_type;
-+		SSL_get_session;
-+		SSL_get_shared_ciphers;
-+		SSL_get_shutdown;
-+		SSL_get_SSL_CTX;
-+		SSL_get_ssl_method;
-+		SSL_get_verify_callback;
-+		SSL_get_verify_depth;
-+		SSL_get_verify_mode;
-+		SSL_get_verify_result;
-+		SSL_get_version;
-+		SSL_get_wbio;
-+		SSL_get_wfd;
-+		SSL_has_matching_session_id;
-+		SSL_library_init;
-+		SSL_load_client_CA_file;
-+		SSL_load_error_strings;
-+		SSL_new;
-+		SSL_peek;
-+		SSL_pending;
-+		SSL_read;
-+		SSL_renegotiate;
-+		SSL_renegotiate_pending;
-+		SSL_rstate_string;
-+		SSL_rstate_string_long;
-+		SSL_SESSION_cmp;
-+		SSL_SESSION_free;
-+		SSL_SESSION_get_ex_data;
-+		SSL_SESSION_get_ex_new_index;
-+		SSL_SESSION_get_id;
-+		SSL_SESSION_get_time;
-+		SSL_SESSION_get_timeout;
-+		SSL_SESSION_hash;
-+		SSL_SESSION_new;
-+		SSL_SESSION_print;
-+		SSL_SESSION_print_fp;
-+		SSL_SESSION_set_ex_data;
-+		SSL_SESSION_set_time;
-+		SSL_SESSION_set_timeout;
-+		SSL_set1_param;
-+		SSL_set_accept_state;
-+		SSL_set_bio;
-+		SSL_set_cipher_list;
-+		SSL_set_client_CA_list;
-+		SSL_set_connect_state;
-+		SSL_set_ex_data;
-+		SSL_set_fd;
-+		SSL_set_generate_session_id;
-+		SSL_set_info_callback;
-+		SSL_set_msg_callback;
-+		SSL_set_psk_client_callback;
-+		SSL_set_psk_server_callback;
-+		SSL_set_purpose;
-+		SSL_set_quiet_shutdown;
-+		SSL_set_read_ahead;
-+		SSL_set_rfd;
-+		SSL_set_session;
-+		SSL_set_session_id_context;
-+		SSL_set_session_secret_cb;
-+		SSL_set_session_ticket_ext;
-+		SSL_set_session_ticket_ext_cb;
-+		SSL_set_shutdown;
-+		SSL_set_SSL_CTX;
-+		SSL_set_ssl_method;
-+		SSL_set_tmp_dh_callback;
-+		SSL_set_tmp_ecdh_callback;
-+		SSL_set_tmp_rsa_callback;
-+		SSL_set_trust;
-+		SSL_set_verify;
-+		SSL_set_verify_depth;
-+		SSL_set_verify_result;
-+		SSL_set_wfd;
-+		SSL_shutdown;
-+		SSL_state;
-+		SSL_state_string;
-+		SSL_state_string_long;
-+		SSL_use_certificate;
-+		SSL_use_certificate_ASN1;
-+		SSL_use_certificate_file;
-+		SSL_use_PrivateKey;
-+		SSL_use_PrivateKey_ASN1;
-+		SSL_use_PrivateKey_file;
-+		SSL_use_psk_identity_hint;
-+		SSL_use_RSAPrivateKey;
-+		SSL_use_RSAPrivateKey_ASN1;
-+		SSL_use_RSAPrivateKey_file;
-+		SSLv23_client_method;
-+		SSLv23_method;
-+		SSLv23_server_method;
-+		SSLv2_client_method;
-+		SSLv2_method;
-+		SSLv2_server_method;
-+		SSLv3_client_method;
-+		SSLv3_method;
-+		SSLv3_server_method;
-+		SSL_version;
-+		SSL_want;
-+		SSL_write;
-+		TLSv1_client_method;
-+		TLSv1_method;
-+		TLSv1_server_method;
-+
-+
-+		SSLeay;
-+		SSLeay_version;
-+		ASN1_BIT_STRING_asn1_meth;
-+		ASN1_HEADER_free;
-+		ASN1_HEADER_new;
-+		ASN1_IA5STRING_asn1_meth;
-+		ASN1_INTEGER_get;
-+		ASN1_INTEGER_set;
-+		ASN1_INTEGER_to_BN;
-+		ASN1_OBJECT_create;
-+		ASN1_OBJECT_free;
-+		ASN1_OBJECT_new;
-+		ASN1_PRINTABLE_type;
-+		ASN1_STRING_cmp;
-+		ASN1_STRING_dup;
-+		ASN1_STRING_free;
-+		ASN1_STRING_new;
-+		ASN1_STRING_print;
-+		ASN1_STRING_set;
-+		ASN1_STRING_type_new;
-+		ASN1_TYPE_free;
-+		ASN1_TYPE_new;
-+		ASN1_UNIVERSALSTRING_to_string;
-+		ASN1_UTCTIME_check;
-+		ASN1_UTCTIME_print;
-+		ASN1_UTCTIME_set;
-+		ASN1_check_infinite_end;
-+		ASN1_d2i_bio;
-+		ASN1_d2i_fp;
-+		ASN1_digest;
-+		ASN1_dup;
-+		ASN1_get_object;
-+		ASN1_i2d_bio;
-+		ASN1_i2d_fp;
-+		ASN1_object_size;
-+		ASN1_parse;
-+		ASN1_put_object;
-+		ASN1_sign;
-+		ASN1_verify;
-+		BF_cbc_encrypt;
-+		BF_cfb64_encrypt;
-+		BF_ecb_encrypt;
-+		BF_encrypt;
-+		BF_ofb64_encrypt;
-+		BF_options;
-+		BF_set_key;
-+		BIO_CONNECT_free;
-+		BIO_CONNECT_new;
-+		BIO_accept;
-+		BIO_ctrl;
-+		BIO_int_ctrl;
-+		BIO_debug_callback;
-+		BIO_dump;
-+		BIO_dup_chain;
-+		BIO_f_base64;
-+		BIO_f_buffer;
-+		BIO_f_cipher;
-+		BIO_f_md;
-+		BIO_f_null;
-+		BIO_f_proxy_server;
-+		BIO_fd_non_fatal_error;
-+		BIO_fd_should_retry;
-+		BIO_find_type;
-+		BIO_free;
-+		BIO_free_all;
-+		BIO_get_accept_socket;
-+		BIO_get_filter_bio;
-+		BIO_get_host_ip;
-+		BIO_get_port;
-+		BIO_get_retry_BIO;
-+		BIO_get_retry_reason;
-+		BIO_gethostbyname;
-+		BIO_gets;
-+		BIO_new;
-+		BIO_new_accept;
-+		BIO_new_connect;
-+		BIO_new_fd;
-+		BIO_new_file;
-+		BIO_new_fp;
-+		BIO_new_socket;
-+		BIO_pop;
-+		BIO_printf;
-+		BIO_push;
-+		BIO_puts;
-+		BIO_read;
-+		BIO_s_accept;
-+		BIO_s_connect;
-+		BIO_s_fd;
-+		BIO_s_file;
-+		BIO_s_mem;
-+		BIO_s_null;
-+		BIO_s_proxy_client;
-+		BIO_s_socket;
-+		BIO_set;
-+		BIO_set_cipher;
-+		BIO_set_tcp_ndelay;
-+		BIO_sock_cleanup;
-+		BIO_sock_error;
-+		BIO_sock_init;
-+		BIO_sock_non_fatal_error;
-+		BIO_sock_should_retry;
-+		BIO_socket_ioctl;
-+		BIO_write;
-+		BN_CTX_free;
-+		BN_CTX_new;
-+		BN_MONT_CTX_free;
-+		BN_MONT_CTX_new;
-+		BN_MONT_CTX_set;
-+		BN_add;
-+		BN_add_word;
-+		BN_hex2bn;
-+		BN_bin2bn;
-+		BN_bn2hex;
-+		BN_bn2bin;
-+		BN_clear;
-+		BN_clear_bit;
-+		BN_clear_free;
-+		BN_cmp;
-+		BN_copy;
-+		BN_div;
-+		BN_div_word;
-+		BN_dup;
-+		BN_free;
-+		BN_from_montgomery;
-+		BN_gcd;
-+		BN_generate_prime;
-+		BN_get_word;
-+		BN_is_bit_set;
-+		BN_is_prime;
-+		BN_lshift;
-+		BN_lshift1;
-+		BN_mask_bits;
-+		BN_mod;
-+		BN_mod_exp;
-+		BN_mod_exp_mont;
-+		BN_mod_exp_simple;
-+		BN_mod_inverse;
-+		BN_mod_mul;
-+		BN_mod_mul_montgomery;
-+		BN_mod_word;
-+		BN_mul;
-+		BN_new;
-+		BN_num_bits;
-+		BN_num_bits_word;
-+		BN_options;
-+		BN_print;
-+		BN_print_fp;
-+		BN_rand;
-+		BN_reciprocal;
-+		BN_rshift;
-+		BN_rshift1;
-+		BN_set_bit;
-+		BN_set_word;
-+		BN_sqr;
-+		BN_sub;
-+		BN_to_ASN1_INTEGER;
-+		BN_ucmp;
-+		BN_value_one;
-+		BUF_MEM_free;
-+		BUF_MEM_grow;
-+		BUF_MEM_new;
-+		BUF_strdup;
-+		CONF_free;
-+		CONF_get_number;
-+		CONF_get_section;
-+		CONF_get_string;
-+		CONF_load;
-+		CRYPTO_add_lock;
-+		CRYPTO_dbg_free;
-+		CRYPTO_dbg_malloc;
-+		CRYPTO_dbg_realloc;
-+		CRYPTO_dbg_remalloc;
-+		CRYPTO_free;
-+		CRYPTO_get_add_lock_callback;
-+		CRYPTO_get_id_callback;
-+		CRYPTO_get_lock_name;
-+		CRYPTO_get_locking_callback;
-+		CRYPTO_get_mem_functions;
-+		CRYPTO_lock;
-+		CRYPTO_malloc;
-+		CRYPTO_mem_ctrl;
-+		CRYPTO_mem_leaks;
-+		CRYPTO_mem_leaks_cb;
-+		CRYPTO_mem_leaks_fp;
-+		CRYPTO_realloc;
-+		CRYPTO_remalloc;
-+		CRYPTO_set_add_lock_callback;
-+		CRYPTO_set_id_callback;
-+		CRYPTO_set_locking_callback;
-+		CRYPTO_set_mem_functions;
-+		CRYPTO_thread_id;
-+		DH_check;
-+		DH_compute_key;
-+		DH_free;
-+		DH_generate_key;
-+		DH_generate_parameters;
-+		DH_new;
-+		DH_size;
-+		DHparams_print;
-+		DHparams_print_fp;
-+		DSA_free;
-+		DSA_generate_key;
-+		DSA_generate_parameters;
-+		DSA_is_prime;
-+		DSA_new;
-+		DSA_print;
-+		DSA_print_fp;
-+		DSA_sign;
-+		DSA_sign_setup;
-+		DSA_size;
-+		DSA_verify;
-+		DSAparams_print;
-+		DSAparams_print_fp;
-+		ERR_clear_error;
-+		ERR_error_string;
-+		ERR_free_strings;
-+		ERR_func_error_string;
-+		ERR_get_err_state_table;
-+		ERR_get_error;
-+		ERR_get_error_line;
-+		ERR_get_state;
-+		ERR_get_string_table;
-+		ERR_lib_error_string;
-+		ERR_load_ASN1_strings;
-+		ERR_load_BIO_strings;
-+		ERR_load_BN_strings;
-+		ERR_load_BUF_strings;
-+		ERR_load_CONF_strings;
-+		ERR_load_DH_strings;
-+		ERR_load_DSA_strings;
-+		ERR_load_ERR_strings;
-+		ERR_load_EVP_strings;
-+		ERR_load_OBJ_strings;
-+		ERR_load_PEM_strings;
-+		ERR_load_PROXY_strings;
-+		ERR_load_RSA_strings;
-+		ERR_load_X509_strings;
-+		ERR_load_crypto_strings;
-+		ERR_load_strings;
-+		ERR_peek_error;
-+		ERR_peek_error_line;
-+		ERR_print_errors;
-+		ERR_print_errors_fp;
-+		ERR_put_error;
-+		ERR_reason_error_string;
-+		ERR_remove_state;
-+		EVP_BytesToKey;
-+		EVP_CIPHER_CTX_cleanup;
-+		EVP_CipherFinal;
-+		EVP_CipherInit;
-+		EVP_CipherUpdate;
-+		EVP_DecodeBlock;
-+		EVP_DecodeFinal;
-+		EVP_DecodeInit;
-+		EVP_DecodeUpdate;
-+		EVP_DecryptFinal;
-+		EVP_DecryptInit;
-+		EVP_DecryptUpdate;
-+		EVP_DigestFinal;
-+		EVP_DigestInit;
-+		EVP_DigestUpdate;
-+		EVP_EncodeBlock;
-+		EVP_EncodeFinal;
-+		EVP_EncodeInit;
-+		EVP_EncodeUpdate;
-+		EVP_EncryptFinal;
-+		EVP_EncryptInit;
-+		EVP_EncryptUpdate;
-+		EVP_OpenFinal;
-+		EVP_OpenInit;
-+		EVP_PKEY_assign;
-+		EVP_PKEY_copy_parameters;
-+		EVP_PKEY_free;
-+		EVP_PKEY_missing_parameters;
-+		EVP_PKEY_new;
-+		EVP_PKEY_save_parameters;
-+		EVP_PKEY_size;
-+		EVP_PKEY_type;
-+		EVP_SealFinal;
-+		EVP_SealInit;
-+		EVP_SignFinal;
-+		EVP_VerifyFinal;
-+		EVP_add_alias;
-+		EVP_add_cipher;
-+		EVP_add_digest;
-+		EVP_bf_cbc;
-+		EVP_bf_cfb64;
-+		EVP_bf_ecb;
-+		EVP_bf_ofb;
-+		EVP_cleanup;
-+		EVP_des_cbc;
-+		EVP_des_cfb64;
-+		EVP_des_ecb;
-+		EVP_des_ede;
-+		EVP_des_ede3;
-+		EVP_des_ede3_cbc;
-+		EVP_des_ede3_cfb64;
-+		EVP_des_ede3_ofb;
-+		EVP_des_ede_cbc;
-+		EVP_des_ede_cfb64;
-+		EVP_des_ede_ofb;
-+		EVP_des_ofb;
-+		EVP_desx_cbc;
-+		EVP_dss;
-+		EVP_dss1;
-+		EVP_enc_null;
-+		EVP_get_cipherbyname;
-+		EVP_get_digestbyname;
-+		EVP_get_pw_prompt;
-+		EVP_idea_cbc;
-+		EVP_idea_cfb64;
-+		EVP_idea_ecb;
-+		EVP_idea_ofb;
-+		EVP_md2;
-+		EVP_md5;
-+		EVP_md_null;
-+		EVP_rc2_cbc;
-+		EVP_rc2_cfb64;
-+		EVP_rc2_ecb;
-+		EVP_rc2_ofb;
-+		EVP_rc4;
-+		EVP_read_pw_string;
-+		EVP_set_pw_prompt;
-+		EVP_sha;
-+		EVP_sha1;
-+		MD2;
-+		MD2_Final;
-+		MD2_Init;
-+		MD2_Update;
-+		MD2_options;
-+		MD5;
-+		MD5_Final;
-+		MD5_Init;
-+		MD5_Update;
-+		MDC2;
-+		MDC2_Final;
-+		MDC2_Init;
-+		MDC2_Update;
-+		NETSCAPE_SPKAC_free;
-+		NETSCAPE_SPKAC_new;
-+		NETSCAPE_SPKI_free;
-+		NETSCAPE_SPKI_new;
-+		NETSCAPE_SPKI_sign;
-+		NETSCAPE_SPKI_verify;
-+		OBJ_add_object;
-+		OBJ_bsearch;
-+		OBJ_cleanup;
-+		OBJ_cmp;
-+		OBJ_create;
-+		OBJ_dup;
-+		OBJ_ln2nid;
-+		OBJ_new_nid;
-+		OBJ_nid2ln;
-+		OBJ_nid2obj;
-+		OBJ_nid2sn;
-+		OBJ_obj2nid;
-+		OBJ_sn2nid;
-+		OBJ_txt2nid;
-+		PEM_ASN1_read;
-+		PEM_ASN1_read_bio;
-+		PEM_ASN1_write;
-+		PEM_ASN1_write_bio;
-+		PEM_SealFinal;
-+		PEM_SealInit;
-+		PEM_SealUpdate;
-+		PEM_SignFinal;
-+		PEM_SignInit;
-+		PEM_SignUpdate;
-+		PEM_X509_INFO_read;
-+		PEM_X509_INFO_read_bio;
-+		PEM_X509_INFO_write_bio;
-+		PEM_dek_info;
-+		PEM_do_header;
-+		PEM_get_EVP_CIPHER_INFO;
-+		PEM_proc_type;
-+		PEM_read;
-+		PEM_read_DHparams;
-+		PEM_read_DSAPrivateKey;
-+		PEM_read_DSAparams;
-+		PEM_read_PKCS7;
-+		PEM_read_PrivateKey;
-+		PEM_read_RSAPrivateKey;
-+		PEM_read_X509;
-+		PEM_read_X509_CRL;
-+		PEM_read_X509_REQ;
-+		PEM_read_bio;
-+		PEM_read_bio_DHparams;
-+		PEM_read_bio_DSAPrivateKey;
-+		PEM_read_bio_DSAparams;
-+		PEM_read_bio_PKCS7;
-+		PEM_read_bio_PrivateKey;
-+		PEM_read_bio_RSAPrivateKey;
-+		PEM_read_bio_X509;
-+		PEM_read_bio_X509_CRL;
-+		PEM_read_bio_X509_REQ;
-+		PEM_write;
-+		PEM_write_DHparams;
-+		PEM_write_DSAPrivateKey;
-+		PEM_write_DSAparams;
-+		PEM_write_PKCS7;
-+		PEM_write_PrivateKey;
-+		PEM_write_RSAPrivateKey;
-+		PEM_write_X509;
-+		PEM_write_X509_CRL;
-+		PEM_write_X509_REQ;
-+		PEM_write_bio;
-+		PEM_write_bio_DHparams;
-+		PEM_write_bio_DSAPrivateKey;
-+		PEM_write_bio_DSAparams;
-+		PEM_write_bio_PKCS7;
-+		PEM_write_bio_PrivateKey;
-+		PEM_write_bio_RSAPrivateKey;
-+		PEM_write_bio_X509;
-+		PEM_write_bio_X509_CRL;
-+		PEM_write_bio_X509_REQ;
-+		PKCS7_DIGEST_free;
-+		PKCS7_DIGEST_new;
-+		PKCS7_ENCRYPT_free;
-+		PKCS7_ENCRYPT_new;
-+		PKCS7_ENC_CONTENT_free;
-+		PKCS7_ENC_CONTENT_new;
-+		PKCS7_ENVELOPE_free;
-+		PKCS7_ENVELOPE_new;
-+		PKCS7_ISSUER_AND_SERIAL_digest;
-+		PKCS7_ISSUER_AND_SERIAL_free;
-+		PKCS7_ISSUER_AND_SERIAL_new;
-+		PKCS7_RECIP_INFO_free;
-+		PKCS7_RECIP_INFO_new;
-+		PKCS7_SIGNED_free;
-+		PKCS7_SIGNED_new;
-+		PKCS7_SIGNER_INFO_free;
-+		PKCS7_SIGNER_INFO_new;
-+		PKCS7_SIGN_ENVELOPE_free;
-+		PKCS7_SIGN_ENVELOPE_new;
-+		PKCS7_dup;
-+		PKCS7_free;
-+		PKCS7_new;
-+		PROXY_ENTRY_add_noproxy;
-+		PROXY_ENTRY_clear_noproxy;
-+		PROXY_ENTRY_free;
-+		PROXY_ENTRY_get_noproxy;
-+		PROXY_ENTRY_new;
-+		PROXY_ENTRY_set_server;
-+		PROXY_add_noproxy;
-+		PROXY_add_server;
-+		PROXY_check_by_host;
-+		PROXY_check_url;
-+		PROXY_clear_noproxy;
-+		PROXY_free;
-+		PROXY_get_noproxy;
-+		PROXY_get_proxies;
-+		PROXY_get_proxy_entry;
-+		PROXY_load_conf;
-+		PROXY_new;
-+		PROXY_print;
-+		RAND_bytes;
-+		RAND_cleanup;
-+		RAND_file_name;
-+		RAND_load_file;
-+		RAND_screen;
-+		RAND_seed;
-+		RAND_write_file;
-+		RC2_cbc_encrypt;
-+		RC2_cfb64_encrypt;
-+		RC2_ecb_encrypt;
-+		RC2_encrypt;
-+		RC2_ofb64_encrypt;
-+		RC2_set_key;
-+		RC4;
-+		RC4_options;
-+		RC4_set_key;
-+		RSAPrivateKey_asn1_meth;
-+		RSAPrivateKey_dup;
-+		RSAPublicKey_dup;
-+		RSA_PKCS1_SSLeay;
-+		RSA_free;
-+		RSA_generate_key;
-+		RSA_new;
-+		RSA_new_method;
-+		RSA_print;
-+		RSA_print_fp;
-+		RSA_private_decrypt;
-+		RSA_private_encrypt;
-+		RSA_public_decrypt;
-+		RSA_public_encrypt;
-+		RSA_set_default_method;
-+		RSA_sign;
-+		RSA_sign_ASN1_OCTET_STRING;
-+		RSA_size;
-+		RSA_verify;
-+		RSA_verify_ASN1_OCTET_STRING;
-+		SHA;
-+		SHA1;
-+		SHA1_Final;
-+		SHA1_Init;
-+		SHA1_Update;
-+		SHA_Final;
-+		SHA_Init;
-+		SHA_Update;
-+		OpenSSL_add_all_algorithms;
-+		OpenSSL_add_all_ciphers;
-+		OpenSSL_add_all_digests;
-+		TXT_DB_create_index;
-+		TXT_DB_free;
-+		TXT_DB_get_by_index;
-+		TXT_DB_insert;
-+		TXT_DB_read;
-+		TXT_DB_write;
-+		X509_ALGOR_free;
-+		X509_ALGOR_new;
-+		X509_ATTRIBUTE_free;
-+		X509_ATTRIBUTE_new;
-+		X509_CINF_free;
-+		X509_CINF_new;
-+		X509_CRL_INFO_free;
-+		X509_CRL_INFO_new;
-+		X509_CRL_add_ext;
-+		X509_CRL_cmp;
-+		X509_CRL_delete_ext;
-+		X509_CRL_dup;
-+		X509_CRL_free;
-+		X509_CRL_get_ext;
-+		X509_CRL_get_ext_by_NID;
-+		X509_CRL_get_ext_by_OBJ;
-+		X509_CRL_get_ext_by_critical;
-+		X509_CRL_get_ext_count;
-+		X509_CRL_new;
-+		X509_CRL_sign;
-+		X509_CRL_verify;
-+		X509_EXTENSION_create_by_NID;
-+		X509_EXTENSION_create_by_OBJ;
-+		X509_EXTENSION_dup;
-+		X509_EXTENSION_free;
-+		X509_EXTENSION_get_critical;
-+		X509_EXTENSION_get_data;
-+		X509_EXTENSION_get_object;
-+		X509_EXTENSION_new;
-+		X509_EXTENSION_set_critical;
-+		X509_EXTENSION_set_data;
-+		X509_EXTENSION_set_object;
-+		X509_INFO_free;
-+		X509_INFO_new;
-+		X509_LOOKUP_by_alias;
-+		X509_LOOKUP_by_fingerprint;
-+		X509_LOOKUP_by_issuer_serial;
-+		X509_LOOKUP_by_subject;
-+		X509_LOOKUP_ctrl;
-+		X509_LOOKUP_file;
-+		X509_LOOKUP_free;
-+		X509_LOOKUP_hash_dir;
-+		X509_LOOKUP_init;
-+		X509_LOOKUP_new;
-+		X509_LOOKUP_shutdown;
-+		X509_NAME_ENTRY_create_by_NID;
-+		X509_NAME_ENTRY_create_by_OBJ;
-+		X509_NAME_ENTRY_dup;
-+		X509_NAME_ENTRY_free;
-+		X509_NAME_ENTRY_get_data;
-+		X509_NAME_ENTRY_get_object;
-+		X509_NAME_ENTRY_new;
-+		X509_NAME_ENTRY_set_data;
-+		X509_NAME_ENTRY_set_object;
-+		X509_NAME_add_entry;
-+		X509_NAME_cmp;
-+		X509_NAME_delete_entry;
-+		X509_NAME_digest;
-+		X509_NAME_dup;
-+		X509_NAME_entry_count;
-+		X509_NAME_free;
-+		X509_NAME_get_entry;
-+		X509_NAME_get_index_by_NID;
-+		X509_NAME_get_index_by_OBJ;
-+		X509_NAME_get_text_by_NID;
-+		X509_NAME_get_text_by_OBJ;
-+		X509_NAME_hash;
-+		X509_NAME_new;
-+		X509_NAME_oneline;
-+		X509_NAME_print;
-+		X509_NAME_set;
-+		X509_OBJECT_free_contents;
-+		X509_OBJECT_retrieve_by_subject;
-+		X509_OBJECT_up_ref_count;
-+		X509_PKEY_free;
-+		X509_PKEY_new;
-+		X509_PUBKEY_free;
-+		X509_PUBKEY_get;
-+		X509_PUBKEY_new;
-+		X509_PUBKEY_set;
-+		X509_REQ_INFO_free;
-+		X509_REQ_INFO_new;
-+		X509_REQ_dup;
-+		X509_REQ_free;
-+		X509_REQ_get_pubkey;
-+		X509_REQ_new;
-+		X509_REQ_print;
-+		X509_REQ_print_fp;
-+		X509_REQ_set_pubkey;
-+		X509_REQ_set_subject_name;
-+		X509_REQ_set_version;
-+		X509_REQ_sign;
-+		X509_REQ_to_X509;
-+		X509_REQ_verify;
-+		X509_REVOKED_add_ext;
-+		X509_REVOKED_delete_ext;
-+		X509_REVOKED_free;
-+		X509_REVOKED_get_ext;
-+		X509_REVOKED_get_ext_by_NID;
-+		X509_REVOKED_get_ext_by_OBJ;
-+		X509_REVOKED_get_ext_by_critical;
-+		X509_REVOKED_get_ext_by_critic;
-+		X509_REVOKED_get_ext_count;
-+		X509_REVOKED_new;
-+		X509_SIG_free;
-+		X509_SIG_new;
-+		X509_STORE_CTX_cleanup;
-+		X509_STORE_CTX_init;
-+		X509_STORE_add_cert;
-+		X509_STORE_add_lookup;
-+		X509_STORE_free;
-+		X509_STORE_get_by_subject;
-+		X509_STORE_load_locations;
-+		X509_STORE_new;
-+		X509_STORE_set_default_paths;
-+		X509_VAL_free;
-+		X509_VAL_new;
-+		X509_add_ext;
-+		X509_asn1_meth;
-+		X509_certificate_type;
-+		X509_check_private_key;
-+		X509_cmp_current_time;
-+		X509_delete_ext;
-+		X509_digest;
-+		X509_dup;
-+		X509_free;
-+		X509_get_default_cert_area;
-+		X509_get_default_cert_dir;
-+		X509_get_default_cert_dir_env;
-+		X509_get_default_cert_file;
-+		X509_get_default_cert_file_env;
-+		X509_get_default_private_dir;
-+		X509_get_ext;
-+		X509_get_ext_by_NID;
-+		X509_get_ext_by_OBJ;
-+		X509_get_ext_by_critical;
-+		X509_get_ext_count;
-+		X509_get_issuer_name;
-+		X509_get_pubkey;
-+		X509_get_pubkey_parameters;
-+		X509_get_serialNumber;
-+		X509_get_subject_name;
-+		X509_gmtime_adj;
-+		X509_issuer_and_serial_cmp;
-+		X509_issuer_and_serial_hash;
-+		X509_issuer_name_cmp;
-+		X509_issuer_name_hash;
-+		X509_load_cert_file;
-+		X509_new;
-+		X509_print;
-+		X509_print_fp;
-+		X509_set_issuer_name;
-+		X509_set_notAfter;
-+		X509_set_notBefore;
-+		X509_set_pubkey;
-+		X509_set_serialNumber;
-+		X509_set_subject_name;
-+		X509_set_version;
-+		X509_sign;
-+		X509_subject_name_cmp;
-+		X509_subject_name_hash;
-+		X509_to_X509_REQ;
-+		X509_verify;
-+		X509_verify_cert;
-+		X509_verify_cert_error_string;
-+		X509v3_add_ext;
-+		X509v3_add_extension;
-+		X509v3_add_netscape_extensions;
-+		X509v3_add_standard_extensions;
-+		X509v3_cleanup_extensions;
-+		X509v3_data_type_by_NID;
-+		X509v3_data_type_by_OBJ;
-+		X509v3_delete_ext;
-+		X509v3_get_ext;
-+		X509v3_get_ext_by_NID;
-+		X509v3_get_ext_by_OBJ;
-+		X509v3_get_ext_by_critical;
-+		X509v3_get_ext_count;
-+		X509v3_pack_string;
-+		X509v3_pack_type_by_NID;
-+		X509v3_pack_type_by_OBJ;
-+		X509v3_unpack_string;
-+		_des_crypt;
-+		a2d_ASN1_OBJECT;
-+		a2i_ASN1_INTEGER;
-+		a2i_ASN1_STRING;
-+		asn1_Finish;
-+		asn1_GetSequence;
-+		bn_div_words;
-+		bn_expand2;
-+		bn_mul_add_words;
-+		bn_mul_words;
-+		BN_uadd;
-+		BN_usub;
-+		bn_sqr_words;
-+		_ossl_old_crypt;
-+		d2i_ASN1_BIT_STRING;
-+		d2i_ASN1_BOOLEAN;
-+		d2i_ASN1_HEADER;
-+		d2i_ASN1_IA5STRING;
-+		d2i_ASN1_INTEGER;
-+		d2i_ASN1_OBJECT;
-+		d2i_ASN1_OCTET_STRING;
-+		d2i_ASN1_PRINTABLE;
-+		d2i_ASN1_PRINTABLESTRING;
-+		d2i_ASN1_SET;
-+		d2i_ASN1_T61STRING;
-+		d2i_ASN1_TYPE;
-+		d2i_ASN1_UTCTIME;
-+		d2i_ASN1_bytes;
-+		d2i_ASN1_type_bytes;
-+		d2i_DHparams;
-+		d2i_DSAPrivateKey;
-+		d2i_DSAPrivateKey_bio;
-+		d2i_DSAPrivateKey_fp;
-+		d2i_DSAPublicKey;
-+		d2i_DSAparams;
-+		d2i_NETSCAPE_SPKAC;
-+		d2i_NETSCAPE_SPKI;
-+		d2i_Netscape_RSA;
-+		d2i_PKCS7;
-+		d2i_PKCS7_DIGEST;
-+		d2i_PKCS7_ENCRYPT;
-+		d2i_PKCS7_ENC_CONTENT;
-+		d2i_PKCS7_ENVELOPE;
-+		d2i_PKCS7_ISSUER_AND_SERIAL;
-+		d2i_PKCS7_RECIP_INFO;
-+		d2i_PKCS7_SIGNED;
-+		d2i_PKCS7_SIGNER_INFO;
-+		d2i_PKCS7_SIGN_ENVELOPE;
-+		d2i_PKCS7_bio;
-+		d2i_PKCS7_fp;
-+		d2i_PrivateKey;
-+		d2i_PublicKey;
-+		d2i_RSAPrivateKey;
-+		d2i_RSAPrivateKey_bio;
-+		d2i_RSAPrivateKey_fp;
-+		d2i_RSAPublicKey;
-+		d2i_X509;
-+		d2i_X509_ALGOR;
-+		d2i_X509_ATTRIBUTE;
-+		d2i_X509_CINF;
-+		d2i_X509_CRL;
-+		d2i_X509_CRL_INFO;
-+		d2i_X509_CRL_bio;
-+		d2i_X509_CRL_fp;
-+		d2i_X509_EXTENSION;
-+		d2i_X509_NAME;
-+		d2i_X509_NAME_ENTRY;
-+		d2i_X509_PKEY;
-+		d2i_X509_PUBKEY;
-+		d2i_X509_REQ;
-+		d2i_X509_REQ_INFO;
-+		d2i_X509_REQ_bio;
-+		d2i_X509_REQ_fp;
-+		d2i_X509_REVOKED;
-+		d2i_X509_SIG;
-+		d2i_X509_VAL;
-+		d2i_X509_bio;
-+		d2i_X509_fp;
-+		DES_cbc_cksum;
-+		DES_cbc_encrypt;
-+		DES_cblock_print_file;
-+		DES_cfb64_encrypt;
-+		DES_cfb_encrypt;
-+		DES_decrypt3;
-+		DES_ecb3_encrypt;
-+		DES_ecb_encrypt;
-+		DES_ede3_cbc_encrypt;
-+		DES_ede3_cfb64_encrypt;
-+		DES_ede3_ofb64_encrypt;
-+		DES_enc_read;
-+		DES_enc_write;
-+		DES_encrypt1;
-+		DES_encrypt2;
-+		DES_encrypt3;
-+		DES_fcrypt;
-+		DES_is_weak_key;
-+		DES_key_sched;
-+		DES_ncbc_encrypt;
-+		DES_ofb64_encrypt;
-+		DES_ofb_encrypt;
-+		DES_options;
-+		DES_pcbc_encrypt;
-+		DES_quad_cksum;
-+		DES_random_key;
-+		_ossl_old_des_random_seed;
-+		_ossl_old_des_read_2passwords;
-+		_ossl_old_des_read_password;
-+		_ossl_old_des_read_pw;
-+		_ossl_old_des_read_pw_string;
-+		DES_set_key;
-+		DES_set_odd_parity;
-+		DES_string_to_2keys;
-+		DES_string_to_key;
-+		DES_xcbc_encrypt;
-+		DES_xwhite_in2out;
-+		fcrypt_body;
-+		i2a_ASN1_INTEGER;
-+		i2a_ASN1_OBJECT;
-+		i2a_ASN1_STRING;
-+		i2d_ASN1_BIT_STRING;
-+		i2d_ASN1_BOOLEAN;
-+		i2d_ASN1_HEADER;
-+		i2d_ASN1_IA5STRING;
-+		i2d_ASN1_INTEGER;
-+		i2d_ASN1_OBJECT;
-+		i2d_ASN1_OCTET_STRING;
-+		i2d_ASN1_PRINTABLE;
-+		i2d_ASN1_SET;
-+		i2d_ASN1_TYPE;
-+		i2d_ASN1_UTCTIME;
-+		i2d_ASN1_bytes;
-+		i2d_DHparams;
-+		i2d_DSAPrivateKey;
-+		i2d_DSAPrivateKey_bio;
-+		i2d_DSAPrivateKey_fp;
-+		i2d_DSAPublicKey;
-+		i2d_DSAparams;
-+		i2d_NETSCAPE_SPKAC;
-+		i2d_NETSCAPE_SPKI;
-+		i2d_Netscape_RSA;
-+		i2d_PKCS7;
-+		i2d_PKCS7_DIGEST;
-+		i2d_PKCS7_ENCRYPT;
-+		i2d_PKCS7_ENC_CONTENT;
-+		i2d_PKCS7_ENVELOPE;
-+		i2d_PKCS7_ISSUER_AND_SERIAL;
-+		i2d_PKCS7_RECIP_INFO;
-+		i2d_PKCS7_SIGNED;
-+		i2d_PKCS7_SIGNER_INFO;
-+		i2d_PKCS7_SIGN_ENVELOPE;
-+		i2d_PKCS7_bio;
-+		i2d_PKCS7_fp;
-+		i2d_PrivateKey;
-+		i2d_PublicKey;
-+		i2d_RSAPrivateKey;
-+		i2d_RSAPrivateKey_bio;
-+		i2d_RSAPrivateKey_fp;
-+		i2d_RSAPublicKey;
-+		i2d_X509;
-+		i2d_X509_ALGOR;
-+		i2d_X509_ATTRIBUTE;
-+		i2d_X509_CINF;
-+		i2d_X509_CRL;
-+		i2d_X509_CRL_INFO;
-+		i2d_X509_CRL_bio;
-+		i2d_X509_CRL_fp;
-+		i2d_X509_EXTENSION;
-+		i2d_X509_NAME;
-+		i2d_X509_NAME_ENTRY;
-+		i2d_X509_PKEY;
-+		i2d_X509_PUBKEY;
-+		i2d_X509_REQ;
-+		i2d_X509_REQ_INFO;
-+		i2d_X509_REQ_bio;
-+		i2d_X509_REQ_fp;
-+		i2d_X509_REVOKED;
-+		i2d_X509_SIG;
-+		i2d_X509_VAL;
-+		i2d_X509_bio;
-+		i2d_X509_fp;
-+		idea_cbc_encrypt;
-+		idea_cfb64_encrypt;
-+		idea_ecb_encrypt;
-+		idea_encrypt;
-+		idea_ofb64_encrypt;
-+		idea_options;
-+		idea_set_decrypt_key;
-+		idea_set_encrypt_key;
-+		lh_delete;
-+		lh_doall;
-+		lh_doall_arg;
-+		lh_free;
-+		lh_insert;
-+		lh_new;
-+		lh_node_stats;
-+		lh_node_stats_bio;
-+		lh_node_usage_stats;
-+		lh_node_usage_stats_bio;
-+		lh_retrieve;
-+		lh_stats;
-+		lh_stats_bio;
-+		lh_strhash;
-+		sk_delete;
-+		sk_delete_ptr;
-+		sk_dup;
-+		sk_find;
-+		sk_free;
-+		sk_insert;
-+		sk_new;
-+		sk_pop;
-+		sk_pop_free;
-+		sk_push;
-+		sk_set_cmp_func;
-+		sk_shift;
-+		sk_unshift;
-+		sk_zero;
-+		BIO_f_nbio_test;
-+		ASN1_TYPE_get;
-+		ASN1_TYPE_set;
-+		PKCS7_content_free;
-+		ERR_load_PKCS7_strings;
-+		X509_find_by_issuer_and_serial;
-+		X509_find_by_subject;
-+		PKCS7_ctrl;
-+		PKCS7_set_type;
-+		PKCS7_set_content;
-+		PKCS7_SIGNER_INFO_set;
-+		PKCS7_add_signer;
-+		PKCS7_add_certificate;
-+		PKCS7_add_crl;
-+		PKCS7_content_new;
-+		PKCS7_dataSign;
-+		PKCS7_dataVerify;
-+		PKCS7_dataInit;
-+		PKCS7_add_signature;
-+		PKCS7_cert_from_signer_info;
-+		PKCS7_get_signer_info;
-+		EVP_delete_alias;
-+		EVP_mdc2;
-+		PEM_read_bio_RSAPublicKey;
-+		PEM_write_bio_RSAPublicKey;
-+		d2i_RSAPublicKey_bio;
-+		i2d_RSAPublicKey_bio;
-+		PEM_read_RSAPublicKey;
-+		PEM_write_RSAPublicKey;
-+		d2i_RSAPublicKey_fp;
-+		i2d_RSAPublicKey_fp;
-+		BIO_copy_next_retry;
-+		RSA_flags;
-+		X509_STORE_add_crl;
-+		X509_load_crl_file;
-+		EVP_rc2_40_cbc;
-+		EVP_rc4_40;
-+		EVP_CIPHER_CTX_init;
-+		HMAC;
-+		HMAC_Init;
-+		HMAC_Update;
-+		HMAC_Final;
-+		ERR_get_next_error_library;
-+		EVP_PKEY_cmp_parameters;
-+		HMAC_cleanup;
-+		BIO_ptr_ctrl;
-+		BIO_new_file_internal;
-+		BIO_new_fp_internal;
-+		BIO_s_file_internal;
-+		BN_BLINDING_convert;
-+		BN_BLINDING_invert;
-+		BN_BLINDING_update;
-+		RSA_blinding_on;
-+		RSA_blinding_off;
-+		i2t_ASN1_OBJECT;
-+		BN_BLINDING_new;
-+		BN_BLINDING_free;
-+		EVP_cast5_cbc;
-+		EVP_cast5_cfb64;
-+		EVP_cast5_ecb;
-+		EVP_cast5_ofb;
-+		BF_decrypt;
-+		CAST_set_key;
-+		CAST_encrypt;
-+		CAST_decrypt;
-+		CAST_ecb_encrypt;
-+		CAST_cbc_encrypt;
-+		CAST_cfb64_encrypt;
-+		CAST_ofb64_encrypt;
-+		RC2_decrypt;
-+		OBJ_create_objects;
-+		BN_exp;
-+		BN_mul_word;
-+		BN_sub_word;
-+		BN_dec2bn;
-+		BN_bn2dec;
-+		BIO_ghbn_ctrl;
-+		CRYPTO_free_ex_data;
-+		CRYPTO_get_ex_data;
-+		CRYPTO_set_ex_data;
-+		ERR_load_CRYPTO_strings;
-+		ERR_load_CRYPTOlib_strings;
-+		EVP_PKEY_bits;
-+		MD5_Transform;
-+		SHA1_Transform;
-+		SHA_Transform;
-+		X509_STORE_CTX_get_chain;
-+		X509_STORE_CTX_get_current_cert;
-+		X509_STORE_CTX_get_error;
-+		X509_STORE_CTX_get_error_depth;
-+		X509_STORE_CTX_get_ex_data;
-+		X509_STORE_CTX_set_cert;
-+		X509_STORE_CTX_set_chain;
-+		X509_STORE_CTX_set_error;
-+		X509_STORE_CTX_set_ex_data;
-+		CRYPTO_dup_ex_data;
-+		CRYPTO_get_new_lockid;
-+		CRYPTO_new_ex_data;
-+		RSA_set_ex_data;
-+		RSA_get_ex_data;
-+		RSA_get_ex_new_index;
-+		RSA_padding_add_PKCS1_type_1;
-+		RSA_padding_add_PKCS1_type_2;
-+		RSA_padding_add_SSLv23;
-+		RSA_padding_add_none;
-+		RSA_padding_check_PKCS1_type_1;
-+		RSA_padding_check_PKCS1_type_2;
-+		RSA_padding_check_SSLv23;
-+		RSA_padding_check_none;
-+		bn_add_words;
-+		d2i_Netscape_RSA_2;
-+		CRYPTO_get_ex_new_index;
-+		RIPEMD160_Init;
-+		RIPEMD160_Update;
-+		RIPEMD160_Final;
-+		RIPEMD160;
-+		RIPEMD160_Transform;
-+		RC5_32_set_key;
-+		RC5_32_ecb_encrypt;
-+		RC5_32_encrypt;
-+		RC5_32_decrypt;
-+		RC5_32_cbc_encrypt;
-+		RC5_32_cfb64_encrypt;
-+		RC5_32_ofb64_encrypt;
-+		BN_bn2mpi;
-+		BN_mpi2bn;
-+		ASN1_BIT_STRING_get_bit;
-+		ASN1_BIT_STRING_set_bit;
-+		BIO_get_ex_data;
-+		BIO_get_ex_new_index;
-+		BIO_set_ex_data;
-+		X509v3_get_key_usage;
-+		X509v3_set_key_usage;
-+		a2i_X509v3_key_usage;
-+		i2a_X509v3_key_usage;
-+		EVP_PKEY_decrypt;
-+		EVP_PKEY_encrypt;
-+		PKCS7_RECIP_INFO_set;
-+		PKCS7_add_recipient;
-+		PKCS7_add_recipient_info;
-+		PKCS7_set_cipher;
-+		ASN1_TYPE_get_int_octetstring;
-+		ASN1_TYPE_get_octetstring;
-+		ASN1_TYPE_set_int_octetstring;
-+		ASN1_TYPE_set_octetstring;
-+		ASN1_UTCTIME_set_string;
-+		ERR_add_error_data;
-+		ERR_set_error_data;
-+		EVP_CIPHER_asn1_to_param;
-+		EVP_CIPHER_param_to_asn1;
-+		EVP_CIPHER_get_asn1_iv;
-+		EVP_CIPHER_set_asn1_iv;
-+		EVP_rc5_32_12_16_cbc;
-+		EVP_rc5_32_12_16_cfb64;
-+		EVP_rc5_32_12_16_ecb;
-+		EVP_rc5_32_12_16_ofb;
-+		asn1_add_error;
-+		d2i_ASN1_BMPSTRING;
-+		i2d_ASN1_BMPSTRING;
-+		BIO_f_ber;
-+		BN_init;
-+		COMP_CTX_new;
-+		COMP_CTX_free;
-+		COMP_CTX_compress_block;
-+		COMP_CTX_expand_block;
-+		X509_STORE_CTX_get_ex_new_index;
-+		OBJ_NAME_add;
-+		BIO_socket_nbio;
-+		EVP_rc2_64_cbc;
-+		OBJ_NAME_cleanup;
-+		OBJ_NAME_get;
-+		OBJ_NAME_init;
-+		OBJ_NAME_new_index;
-+		OBJ_NAME_remove;
-+		BN_MONT_CTX_copy;
-+		BIO_new_socks4a_connect;
-+		BIO_s_socks4a_connect;
-+		PROXY_set_connect_mode;
-+		RAND_SSLeay;
-+		RAND_set_rand_method;
-+		RSA_memory_lock;
-+		bn_sub_words;
-+		bn_mul_normal;
-+		bn_mul_comba8;
-+		bn_mul_comba4;
-+		bn_sqr_normal;
-+		bn_sqr_comba8;
-+		bn_sqr_comba4;
-+		bn_cmp_words;
-+		bn_mul_recursive;
-+		bn_mul_part_recursive;
-+		bn_sqr_recursive;
-+		bn_mul_low_normal;
-+		BN_RECP_CTX_init;
-+		BN_RECP_CTX_new;
-+		BN_RECP_CTX_free;
-+		BN_RECP_CTX_set;
-+		BN_mod_mul_reciprocal;
-+		BN_mod_exp_recp;
-+		BN_div_recp;
-+		BN_CTX_init;
-+		BN_MONT_CTX_init;
-+		RAND_get_rand_method;
-+		PKCS7_add_attribute;
-+		PKCS7_add_signed_attribute;
-+		PKCS7_digest_from_attributes;
-+		PKCS7_get_attribute;
-+		PKCS7_get_issuer_and_serial;
-+		PKCS7_get_signed_attribute;
-+		COMP_compress_block;
-+		COMP_expand_block;
-+		COMP_rle;
-+		COMP_zlib;
-+		ms_time_diff;
-+		ms_time_new;
-+		ms_time_free;
-+		ms_time_cmp;
-+		ms_time_get;
-+		PKCS7_set_attributes;
-+		PKCS7_set_signed_attributes;
-+		X509_ATTRIBUTE_create;
-+		X509_ATTRIBUTE_dup;
-+		ASN1_GENERALIZEDTIME_check;
-+		ASN1_GENERALIZEDTIME_print;
-+		ASN1_GENERALIZEDTIME_set;
-+		ASN1_GENERALIZEDTIME_set_string;
-+		ASN1_TIME_print;
-+		BASIC_CONSTRAINTS_free;
-+		BASIC_CONSTRAINTS_new;
-+		ERR_load_X509V3_strings;
-+		NETSCAPE_CERT_SEQUENCE_free;
-+		NETSCAPE_CERT_SEQUENCE_new;
-+		OBJ_txt2obj;
-+		PEM_read_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_NS_CERT_SEQ;
-+		PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_bio_NS_CERT_SEQ;
-+		PEM_write_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_NS_CERT_SEQ;
-+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_bio_NS_CERT_SEQ;
-+		X509V3_EXT_add;
-+		X509V3_EXT_add_alias;
-+		X509V3_EXT_add_conf;
-+		X509V3_EXT_cleanup;
-+		X509V3_EXT_conf;
-+		X509V3_EXT_conf_nid;
-+		X509V3_EXT_get;
-+		X509V3_EXT_get_nid;
-+		X509V3_EXT_print;
-+		X509V3_EXT_print_fp;
-+		X509V3_add_standard_extensions;
-+		X509V3_add_value;
-+		X509V3_add_value_bool;
-+		X509V3_add_value_int;
-+		X509V3_conf_free;
-+		X509V3_get_value_bool;
-+		X509V3_get_value_int;
-+		X509V3_parse_list;
-+		d2i_ASN1_GENERALIZEDTIME;
-+		d2i_ASN1_TIME;
-+		d2i_BASIC_CONSTRAINTS;
-+		d2i_NETSCAPE_CERT_SEQUENCE;
-+		d2i_ext_ku;
-+		ext_ku_free;
-+		ext_ku_new;
-+		i2d_ASN1_GENERALIZEDTIME;
-+		i2d_ASN1_TIME;
-+		i2d_BASIC_CONSTRAINTS;
-+		i2d_NETSCAPE_CERT_SEQUENCE;
-+		i2d_ext_ku;
-+		EVP_MD_CTX_copy;
-+		i2d_ASN1_ENUMERATED;
-+		d2i_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_set;
-+		ASN1_ENUMERATED_get;
-+		BN_to_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_to_BN;
-+		i2a_ASN1_ENUMERATED;
-+		a2i_ASN1_ENUMERATED;
-+		i2d_GENERAL_NAME;
-+		d2i_GENERAL_NAME;
-+		GENERAL_NAME_new;
-+		GENERAL_NAME_free;
-+		GENERAL_NAMES_new;
-+		GENERAL_NAMES_free;
-+		d2i_GENERAL_NAMES;
-+		i2d_GENERAL_NAMES;
-+		i2v_GENERAL_NAMES;
-+		i2s_ASN1_OCTET_STRING;
-+		s2i_ASN1_OCTET_STRING;
-+		X509V3_EXT_check_conf;
-+		hex_to_string;
-+		string_to_hex;
-+		DES_ede3_cbcm_encrypt;
-+		RSA_padding_add_PKCS1_OAEP;
-+		RSA_padding_check_PKCS1_OAEP;
-+		X509_CRL_print_fp;
-+		X509_CRL_print;
-+		i2v_GENERAL_NAME;
-+		v2i_GENERAL_NAME;
-+		i2d_PKEY_USAGE_PERIOD;
-+		d2i_PKEY_USAGE_PERIOD;
-+		PKEY_USAGE_PERIOD_new;
-+		PKEY_USAGE_PERIOD_free;
-+		v2i_GENERAL_NAMES;
-+		i2s_ASN1_INTEGER;
-+		X509V3_EXT_d2i;
-+		name_cmp;
-+		str_dup;
-+		i2s_ASN1_ENUMERATED;
-+		i2s_ASN1_ENUMERATED_TABLE;
-+		BIO_s_log;
-+		BIO_f_reliable;
-+		PKCS7_dataFinal;
-+		PKCS7_dataDecode;
-+		X509V3_EXT_CRL_add_conf;
-+		BN_set_params;
-+		BN_get_params;
-+		BIO_get_ex_num;
-+		BIO_set_ex_free_func;
-+		EVP_ripemd160;
-+		ASN1_TIME_set;
-+		i2d_AUTHORITY_KEYID;
-+		d2i_AUTHORITY_KEYID;
-+		AUTHORITY_KEYID_new;
-+		AUTHORITY_KEYID_free;
-+		ASN1_seq_unpack;
-+		ASN1_seq_pack;
-+		ASN1_unpack_string;
-+		ASN1_pack_string;
-+		PKCS12_pack_safebag;
-+		PKCS12_MAKE_KEYBAG;
-+		PKCS8_encrypt;
-+		PKCS12_MAKE_SHKEYBAG;
-+		PKCS12_pack_p7data;
-+		PKCS12_pack_p7encdata;
-+		PKCS12_add_localkeyid;
-+		PKCS12_add_friendlyname_asc;
-+		PKCS12_add_friendlyname_uni;
-+		PKCS12_get_friendlyname;
-+		PKCS12_pbe_crypt;
-+		PKCS12_decrypt_d2i;
-+		PKCS12_i2d_encrypt;
-+		PKCS12_init;
-+		PKCS12_key_gen_asc;
-+		PKCS12_key_gen_uni;
-+		PKCS12_gen_mac;
-+		PKCS12_verify_mac;
-+		PKCS12_set_mac;
-+		PKCS12_setup_mac;
-+		OPENSSL_asc2uni;
-+		OPENSSL_uni2asc;
-+		i2d_PKCS12_BAGS;
-+		PKCS12_BAGS_new;
-+		d2i_PKCS12_BAGS;
-+		PKCS12_BAGS_free;
-+		i2d_PKCS12;
-+		d2i_PKCS12;
-+		PKCS12_new;
-+		PKCS12_free;
-+		i2d_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_new;
-+		d2i_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_free;
-+		i2d_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_new;
-+		d2i_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_free;
-+		ERR_load_PKCS12_strings;
-+		PKCS12_PBE_add;
-+		PKCS8_add_keyusage;
-+		PKCS12_get_attr_gen;
-+		PKCS12_parse;
-+		PKCS12_create;
-+		i2d_PKCS12_bio;
-+		i2d_PKCS12_fp;
-+		d2i_PKCS12_bio;
-+		d2i_PKCS12_fp;
-+		i2d_PBEPARAM;
-+		PBEPARAM_new;
-+		d2i_PBEPARAM;
-+		PBEPARAM_free;
-+		i2d_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_new;
-+		d2i_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_free;
-+		EVP_PKCS82PKEY;
-+		EVP_PKEY2PKCS8;
-+		PKCS8_set_broken;
-+		EVP_PBE_ALGOR_CipherInit;
-+		EVP_PBE_alg_add;
-+		PKCS5_pbe_set;
-+		EVP_PBE_cleanup;
-+		i2d_SXNET;
-+		d2i_SXNET;
-+		SXNET_new;
-+		SXNET_free;
-+		i2d_SXNETID;
-+		d2i_SXNETID;
-+		SXNETID_new;
-+		SXNETID_free;
-+		DSA_SIG_new;
-+		DSA_SIG_free;
-+		DSA_do_sign;
-+		DSA_do_verify;
-+		d2i_DSA_SIG;
-+		i2d_DSA_SIG;
-+		i2d_ASN1_VISIBLESTRING;
-+		d2i_ASN1_VISIBLESTRING;
-+		i2d_ASN1_UTF8STRING;
-+		d2i_ASN1_UTF8STRING;
-+		i2d_DIRECTORYSTRING;
-+		d2i_DIRECTORYSTRING;
-+		i2d_DISPLAYTEXT;
-+		d2i_DISPLAYTEXT;
-+		d2i_ASN1_SET_OF_X509;
-+		i2d_ASN1_SET_OF_X509;
-+		i2d_PBKDF2PARAM;
-+		PBKDF2PARAM_new;
-+		d2i_PBKDF2PARAM;
-+		PBKDF2PARAM_free;
-+		i2d_PBE2PARAM;
-+		PBE2PARAM_new;
-+		d2i_PBE2PARAM;
-+		PBE2PARAM_free;
-+		d2i_ASN1_SET_OF_GENERAL_NAME;
-+		i2d_ASN1_SET_OF_GENERAL_NAME;
-+		d2i_ASN1_SET_OF_SXNETID;
-+		i2d_ASN1_SET_OF_SXNETID;
-+		d2i_ASN1_SET_OF_POLICYQUALINFO;
-+		i2d_ASN1_SET_OF_POLICYQUALINFO;
-+		d2i_ASN1_SET_OF_POLICYINFO;
-+		i2d_ASN1_SET_OF_POLICYINFO;
-+		SXNET_add_id_asc;
-+		SXNET_add_id_ulong;
-+		SXNET_add_id_INTEGER;
-+		SXNET_get_id_asc;
-+		SXNET_get_id_ulong;
-+		SXNET_get_id_INTEGER;
-+		X509V3_set_conf_lhash;
-+		i2d_CERTIFICATEPOLICIES;
-+		CERTIFICATEPOLICIES_new;
-+		CERTIFICATEPOLICIES_free;
-+		d2i_CERTIFICATEPOLICIES;
-+		i2d_POLICYINFO;
-+		POLICYINFO_new;
-+		d2i_POLICYINFO;
-+		POLICYINFO_free;
-+		i2d_POLICYQUALINFO;
-+		POLICYQUALINFO_new;
-+		d2i_POLICYQUALINFO;
-+		POLICYQUALINFO_free;
-+		i2d_USERNOTICE;
-+		USERNOTICE_new;
-+		d2i_USERNOTICE;
-+		USERNOTICE_free;
-+		i2d_NOTICEREF;
-+		NOTICEREF_new;
-+		d2i_NOTICEREF;
-+		NOTICEREF_free;
-+		X509V3_get_string;
-+		X509V3_get_section;
-+		X509V3_string_free;
-+		X509V3_section_free;
-+		X509V3_set_ctx;
-+		s2i_ASN1_INTEGER;
-+		CRYPTO_set_locked_mem_functions;
-+		CRYPTO_get_locked_mem_functions;
-+		CRYPTO_malloc_locked;
-+		CRYPTO_free_locked;
-+		BN_mod_exp2_mont;
-+		ERR_get_error_line_data;
-+		ERR_peek_error_line_data;
-+		PKCS12_PBE_keyivgen;
-+		X509_ALGOR_dup;
-+		d2i_ASN1_SET_OF_DIST_POINT;
-+		i2d_ASN1_SET_OF_DIST_POINT;
-+		i2d_CRL_DIST_POINTS;
-+		CRL_DIST_POINTS_new;
-+		CRL_DIST_POINTS_free;
-+		d2i_CRL_DIST_POINTS;
-+		i2d_DIST_POINT;
-+		DIST_POINT_new;
-+		d2i_DIST_POINT;
-+		DIST_POINT_free;
-+		i2d_DIST_POINT_NAME;
-+		DIST_POINT_NAME_new;
-+		DIST_POINT_NAME_free;
-+		d2i_DIST_POINT_NAME;
-+		X509V3_add_value_uchar;
-+		d2i_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_ASN1_TYPE;
-+		d2i_ASN1_SET_OF_X509_EXTENSION;
-+		d2i_ASN1_SET_OF_X509_NAME_ENTRY;
-+		d2i_ASN1_SET_OF_ASN1_TYPE;
-+		i2d_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_X509_EXTENSION;
-+		i2d_ASN1_SET_OF_X509_NAME_ENTRY;
-+		X509V3_EXT_i2d;
-+		X509V3_EXT_val_prn;
-+		X509V3_EXT_add_list;
-+		EVP_CIPHER_type;
-+		EVP_PBE_CipherInit;
-+		X509V3_add_value_bool_nf;
-+		d2i_ASN1_UINTEGER;
-+		sk_value;
-+		sk_num;
-+		sk_set;
-+		i2d_ASN1_SET_OF_X509_REVOKED;
-+		sk_sort;
-+		d2i_ASN1_SET_OF_X509_REVOKED;
-+		i2d_ASN1_SET_OF_X509_ALGOR;
-+		i2d_ASN1_SET_OF_X509_CRL;
-+		d2i_ASN1_SET_OF_X509_ALGOR;
-+		d2i_ASN1_SET_OF_X509_CRL;
-+		i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		PKCS5_PBE_add;
-+		PEM_write_bio_PKCS8;
-+		i2d_PKCS8_fp;
-+		PEM_read_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_bio_P8_PRIV_KEY_INFO;
-+		d2i_PKCS8_bio;
-+		d2i_PKCS8_PRIV_KEY_INFO_fp;
-+		PEM_write_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_bio_P8_PRIV_KEY_INFO;
-+		PEM_read_PKCS8;
-+		d2i_PKCS8_PRIV_KEY_INFO_bio;
-+		d2i_PKCS8_fp;
-+		PEM_write_PKCS8;
-+		PEM_read_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_P8_PRIV_KEY_INFO;
-+		PEM_read_bio_PKCS8;
-+		PEM_write_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_P8_PRIV_KEY_INFO;
-+		PKCS5_PBE_keyivgen;
-+		i2d_PKCS8_bio;
-+		i2d_PKCS8_PRIV_KEY_INFO_fp;
-+		i2d_PKCS8_PRIV_KEY_INFO_bio;
-+		BIO_s_bio;
-+		PKCS5_pbe2_set;
-+		PKCS5_PBKDF2_HMAC_SHA1;
-+		PKCS5_v2_PBE_keyivgen;
-+		PEM_write_bio_PKCS8PrivateKey;
-+		PEM_write_PKCS8PrivateKey;
-+		BIO_ctrl_get_read_request;
-+		BIO_ctrl_pending;
-+		BIO_ctrl_wpending;
-+		BIO_new_bio_pair;
-+		BIO_ctrl_get_write_guarantee;
-+		CRYPTO_num_locks;
-+		CONF_load_bio;
-+		CONF_load_fp;
-+		i2d_ASN1_SET_OF_ASN1_OBJECT;
-+		d2i_ASN1_SET_OF_ASN1_OBJECT;
-+		PKCS7_signatureVerify;
-+		RSA_set_method;
-+		RSA_get_method;
-+		RSA_get_default_method;
-+		RSA_check_key;
-+		OBJ_obj2txt;
-+		DSA_dup_DH;
-+		X509_REQ_get_extensions;
-+		X509_REQ_set_extension_nids;
-+		BIO_nwrite;
-+		X509_REQ_extension_nid;
-+		BIO_nread;
-+		X509_REQ_get_extension_nids;
-+		BIO_nwrite0;
-+		X509_REQ_add_extensions_nid;
-+		BIO_nread0;
-+		X509_REQ_add_extensions;
-+		BIO_new_mem_buf;
-+		DH_set_ex_data;
-+		DH_set_method;
-+		DSA_OpenSSL;
-+		DH_get_ex_data;
-+		DH_get_ex_new_index;
-+		DSA_new_method;
-+		DH_new_method;
-+		DH_OpenSSL;
-+		DSA_get_ex_new_index;
-+		DH_get_default_method;
-+		DSA_set_ex_data;
-+		DH_set_default_method;
-+		DSA_get_ex_data;
-+		X509V3_EXT_REQ_add_conf;
-+		NETSCAPE_SPKI_print;
-+		NETSCAPE_SPKI_set_pubkey;
-+		NETSCAPE_SPKI_b64_encode;
-+		NETSCAPE_SPKI_get_pubkey;
-+		NETSCAPE_SPKI_b64_decode;
-+		UTF8_putc;
-+		UTF8_getc;
-+		RSA_null_method;
-+		ASN1_tag2str;
-+		BIO_ctrl_reset_read_request;
-+		DISPLAYTEXT_new;
-+		ASN1_GENERALIZEDTIME_free;
-+		X509_REVOKED_get_ext_d2i;
-+		X509_set_ex_data;
-+		X509_reject_set_bit_asc;
-+		X509_NAME_add_entry_by_txt;
-+		X509_NAME_add_entry_by_NID;
-+		X509_PURPOSE_get0;
-+		PEM_read_X509_AUX;
-+		d2i_AUTHORITY_INFO_ACCESS;
-+		PEM_write_PUBKEY;
-+		ACCESS_DESCRIPTION_new;
-+		X509_CERT_AUX_free;
-+		d2i_ACCESS_DESCRIPTION;
-+		X509_trust_clear;
-+		X509_TRUST_add;
-+		ASN1_VISIBLESTRING_new;
-+		X509_alias_set1;
-+		ASN1_PRINTABLESTRING_free;
-+		EVP_PKEY_get1_DSA;
-+		ASN1_BMPSTRING_new;
-+		ASN1_mbstring_copy;
-+		ASN1_UTF8STRING_new;
-+		DSA_get_default_method;
-+		i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_T61STRING_free;
-+		DSA_set_method;
-+		X509_get_ex_data;
-+		ASN1_STRING_type;
-+		X509_PURPOSE_get_by_sname;
-+		ASN1_TIME_free;
-+		ASN1_OCTET_STRING_cmp;
-+		ASN1_BIT_STRING_new;
-+		X509_get_ext_d2i;
-+		PEM_read_bio_X509_AUX;
-+		ASN1_STRING_set_default_mask_asc;
-+		ASN1_STRING_set_def_mask_asc;
-+		PEM_write_bio_RSA_PUBKEY;
-+		ASN1_INTEGER_cmp;
-+		d2i_RSA_PUBKEY_fp;
-+		X509_trust_set_bit_asc;
-+		PEM_write_bio_DSA_PUBKEY;
-+		X509_STORE_CTX_free;
-+		EVP_PKEY_set1_DSA;
-+		i2d_DSA_PUBKEY_fp;
-+		X509_load_cert_crl_file;
-+		ASN1_TIME_new;
-+		i2d_RSA_PUBKEY;
-+		X509_STORE_CTX_purpose_inherit;
-+		PEM_read_RSA_PUBKEY;
-+		d2i_X509_AUX;
-+		i2d_DSA_PUBKEY;
-+		X509_CERT_AUX_print;
-+		PEM_read_DSA_PUBKEY;
-+		i2d_RSA_PUBKEY_bio;
-+		ASN1_BIT_STRING_num_asc;
-+		i2d_PUBKEY;
-+		ASN1_UTCTIME_free;
-+		DSA_set_default_method;
-+		X509_PURPOSE_get_by_id;
-+		ACCESS_DESCRIPTION_free;
-+		PEM_read_bio_PUBKEY;
-+		ASN1_STRING_set_by_NID;
-+		X509_PURPOSE_get_id;
-+		DISPLAYTEXT_free;
-+		OTHERNAME_new;
-+		X509_CERT_AUX_new;
-+		X509_TRUST_cleanup;
-+		X509_NAME_add_entry_by_OBJ;
-+		X509_CRL_get_ext_d2i;
-+		X509_PURPOSE_get0_name;
-+		PEM_read_PUBKEY;
-+		i2d_DSA_PUBKEY_bio;
-+		i2d_OTHERNAME;
-+		ASN1_OCTET_STRING_free;
-+		ASN1_BIT_STRING_set_asc;
-+		X509_get_ex_new_index;
-+		ASN1_STRING_TABLE_cleanup;
-+		X509_TRUST_get_by_id;
-+		X509_PURPOSE_get_trust;
-+		ASN1_STRING_length;
-+		d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_PRINTABLESTRING_new;
-+		X509V3_get_d2i;
-+		ASN1_ENUMERATED_free;
-+		i2d_X509_CERT_AUX;
-+		X509_STORE_CTX_set_trust;
-+		ASN1_STRING_set_default_mask;
-+		X509_STORE_CTX_new;
-+		EVP_PKEY_get1_RSA;
-+		DIRECTORYSTRING_free;
-+		PEM_write_X509_AUX;
-+		ASN1_OCTET_STRING_set;
-+		d2i_DSA_PUBKEY_fp;
-+		d2i_RSA_PUBKEY;
-+		X509_TRUST_get0_name;
-+		X509_TRUST_get0;
-+		AUTHORITY_INFO_ACCESS_free;
-+		ASN1_IA5STRING_new;
-+		d2i_DSA_PUBKEY;
-+		X509_check_purpose;
-+		ASN1_ENUMERATED_new;
-+		d2i_RSA_PUBKEY_bio;
-+		d2i_PUBKEY;
-+		X509_TRUST_get_trust;
-+		X509_TRUST_get_flags;
-+		ASN1_BMPSTRING_free;
-+		ASN1_T61STRING_new;
-+		ASN1_UTCTIME_new;
-+		i2d_AUTHORITY_INFO_ACCESS;
-+		EVP_PKEY_set1_RSA;
-+		X509_STORE_CTX_set_purpose;
-+		ASN1_IA5STRING_free;
-+		PEM_write_bio_X509_AUX;
-+		X509_PURPOSE_get_count;
-+		CRYPTO_add_info;
-+		X509_NAME_ENTRY_create_by_txt;
-+		ASN1_STRING_get_default_mask;
-+		X509_alias_get0;
-+		ASN1_STRING_data;
-+		i2d_ACCESS_DESCRIPTION;
-+		X509_trust_set_bit;
-+		ASN1_BIT_STRING_free;
-+		PEM_read_bio_RSA_PUBKEY;
-+		X509_add1_reject_object;
-+		X509_check_trust;
-+		PEM_read_bio_DSA_PUBKEY;
-+		X509_PURPOSE_add;
-+		ASN1_STRING_TABLE_get;
-+		ASN1_UTF8STRING_free;
-+		d2i_DSA_PUBKEY_bio;
-+		PEM_write_RSA_PUBKEY;
-+		d2i_OTHERNAME;
-+		X509_reject_set_bit;
-+		PEM_write_DSA_PUBKEY;
-+		X509_PURPOSE_get0_sname;
-+		EVP_PKEY_set1_DH;
-+		ASN1_OCTET_STRING_dup;
-+		ASN1_BIT_STRING_set;
-+		X509_TRUST_get_count;
-+		ASN1_INTEGER_free;
-+		OTHERNAME_free;
-+		i2d_RSA_PUBKEY_fp;
-+		ASN1_INTEGER_dup;
-+		d2i_X509_CERT_AUX;
-+		PEM_write_bio_PUBKEY;
-+		ASN1_VISIBLESTRING_free;
-+		X509_PURPOSE_cleanup;
-+		ASN1_mbstring_ncopy;
-+		ASN1_GENERALIZEDTIME_new;
-+		EVP_PKEY_get1_DH;
-+		ASN1_OCTET_STRING_new;
-+		ASN1_INTEGER_new;
-+		i2d_X509_AUX;
-+		ASN1_BIT_STRING_name_print;
-+		X509_cmp;
-+		ASN1_STRING_length_set;
-+		DIRECTORYSTRING_new;
-+		X509_add1_trust_object;
-+		PKCS12_newpass;
-+		SMIME_write_PKCS7;
-+		SMIME_read_PKCS7;
-+		DES_set_key_checked;
-+		PKCS7_verify;
-+		PKCS7_encrypt;
-+		DES_set_key_unchecked;
-+		SMIME_crlf_copy;
-+		i2d_ASN1_PRINTABLESTRING;
-+		PKCS7_get0_signers;
-+		PKCS7_decrypt;
-+		SMIME_text;
-+		PKCS7_simple_smimecap;
-+		PKCS7_get_smimecap;
-+		PKCS7_sign;
-+		PKCS7_add_attrib_smimecap;
-+		CRYPTO_dbg_set_options;
-+		CRYPTO_remove_all_info;
-+		CRYPTO_get_mem_debug_functions;
-+		CRYPTO_is_mem_check_on;
-+		CRYPTO_set_mem_debug_functions;
-+		CRYPTO_pop_info;
-+		CRYPTO_push_info_;
-+		CRYPTO_set_mem_debug_options;
-+		PEM_write_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivKey_nid;
-+		d2i_PKCS8PrivateKey_bio;
-+		ASN1_NULL_free;
-+		d2i_ASN1_NULL;
-+		ASN1_NULL_new;
-+		i2d_PKCS8PrivateKey_bio;
-+		i2d_PKCS8PrivateKey_fp;
-+		i2d_ASN1_NULL;
-+		i2d_PKCS8PrivateKey_nid_fp;
-+		d2i_PKCS8PrivateKey_fp;
-+		i2d_PKCS8PrivateKey_nid_bio;
-+		i2d_PKCS8PrivateKeyInfo_fp;
-+		i2d_PKCS8PrivateKeyInfo_bio;
-+		PEM_cb;
-+		i2d_PrivateKey_fp;
-+		d2i_PrivateKey_bio;
-+		d2i_PrivateKey_fp;
-+		i2d_PrivateKey_bio;
-+		X509_reject_clear;
-+		X509_TRUST_set_default;
-+		d2i_AutoPrivateKey;
-+		X509_ATTRIBUTE_get0_type;
-+		X509_ATTRIBUTE_set1_data;
-+		X509at_get_attr;
-+		X509at_get_attr_count;
-+		X509_ATTRIBUTE_create_by_NID;
-+		X509_ATTRIBUTE_set1_object;
-+		X509_ATTRIBUTE_count;
-+		X509_ATTRIBUTE_create_by_OBJ;
-+		X509_ATTRIBUTE_get0_object;
-+		X509at_get_attr_by_NID;
-+		X509at_add1_attr;
-+		X509_ATTRIBUTE_get0_data;
-+		X509at_delete_attr;
-+		X509at_get_attr_by_OBJ;
-+		RAND_add;
-+		BIO_number_written;
-+		BIO_number_read;
-+		X509_STORE_CTX_get1_chain;
-+		ERR_load_RAND_strings;
-+		RAND_pseudo_bytes;
-+		X509_REQ_get_attr_by_NID;
-+		X509_REQ_get_attr;
-+		X509_REQ_add1_attr_by_NID;
-+		X509_REQ_get_attr_by_OBJ;
-+		X509at_add1_attr_by_NID;
-+		X509_REQ_add1_attr_by_OBJ;
-+		X509_REQ_get_attr_count;
-+		X509_REQ_add1_attr;
-+		X509_REQ_delete_attr;
-+		X509at_add1_attr_by_OBJ;
-+		X509_REQ_add1_attr_by_txt;
-+		X509_ATTRIBUTE_create_by_txt;
-+		X509at_add1_attr_by_txt;
-+		BN_pseudo_rand;
-+		BN_is_prime_fasttest;
-+		BN_CTX_end;
-+		BN_CTX_start;
-+		BN_CTX_get;
-+		EVP_PKEY2PKCS8_broken;
-+		ASN1_STRING_TABLE_add;
-+		CRYPTO_dbg_get_options;
-+		AUTHORITY_INFO_ACCESS_new;
-+		CRYPTO_get_mem_debug_options;
-+		DES_crypt;
-+		PEM_write_bio_X509_REQ_NEW;
-+		PEM_write_X509_REQ_NEW;
-+		BIO_callback_ctrl;
-+		RAND_egd;
-+		RAND_status;
-+		bn_dump1;
-+		DES_check_key_parity;
-+		lh_num_items;
-+		RAND_event;
-+		DSO_new;
-+		DSO_new_method;
-+		DSO_free;
-+		DSO_flags;
-+		DSO_up;
-+		DSO_set_default_method;
-+		DSO_get_default_method;
-+		DSO_get_method;
-+		DSO_set_method;
-+		DSO_load;
-+		DSO_bind_var;
-+		DSO_METHOD_null;
-+		DSO_METHOD_openssl;
-+		DSO_METHOD_dlfcn;
-+		DSO_METHOD_win32;
-+		ERR_load_DSO_strings;
-+		DSO_METHOD_dl;
-+		NCONF_load;
-+		NCONF_load_fp;
-+		NCONF_new;
-+		NCONF_get_string;
-+		NCONF_free;
-+		NCONF_get_number;
-+		CONF_dump_fp;
-+		NCONF_load_bio;
-+		NCONF_dump_fp;
-+		NCONF_get_section;
-+		NCONF_dump_bio;
-+		CONF_dump_bio;
-+		NCONF_free_data;
-+		CONF_set_default_method;
-+		ERR_error_string_n;
-+		BIO_snprintf;
-+		DSO_ctrl;
-+		i2d_ASN1_SET_OF_ASN1_INTEGER;
-+		i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		i2d_ASN1_SET_OF_PKCS7;
-+		BIO_vfree;
-+		d2i_ASN1_SET_OF_ASN1_INTEGER;
-+		d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		ASN1_UTCTIME_get;
-+		X509_REQ_digest;
-+		X509_CRL_digest;
-+		d2i_ASN1_SET_OF_PKCS7;
-+		EVP_CIPHER_CTX_set_key_length;
-+		EVP_CIPHER_CTX_ctrl;
-+		BN_mod_exp_mont_word;
-+		RAND_egd_bytes;
-+		X509_REQ_get1_email;
-+		X509_get1_email;
-+		X509_email_free;
-+		i2d_RSA_NET;
-+		d2i_RSA_NET_2;
-+		d2i_RSA_NET;
-+		DSO_bind_func;
-+		CRYPTO_get_new_dynlockid;
-+		sk_new_null;
-+		CRYPTO_set_dynlock_destroy_callback;
-+		CRYPTO_set_dynlock_destroy_cb;
-+		CRYPTO_destroy_dynlockid;
-+		CRYPTO_set_dynlock_size;
-+		CRYPTO_set_dynlock_create_callback;
-+		CRYPTO_set_dynlock_create_cb;
-+		CRYPTO_set_dynlock_lock_callback;
-+		CRYPTO_set_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_lock_callback;
-+		CRYPTO_get_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_destroy_callback;
-+		CRYPTO_get_dynlock_destroy_cb;
-+		CRYPTO_get_dynlock_value;
-+		CRYPTO_get_dynlock_create_callback;
-+		CRYPTO_get_dynlock_create_cb;
-+		c2i_ASN1_BIT_STRING;
-+		i2c_ASN1_BIT_STRING;
-+		RAND_poll;
-+		c2i_ASN1_INTEGER;
-+		i2c_ASN1_INTEGER;
-+		BIO_dump_indent;
-+		ASN1_parse_dump;
-+		c2i_ASN1_OBJECT;
-+		X509_NAME_print_ex_fp;
-+		ASN1_STRING_print_ex_fp;
-+		X509_NAME_print_ex;
-+		ASN1_STRING_print_ex;
-+		MD4;
-+		MD4_Transform;
-+		MD4_Final;
-+		MD4_Update;
-+		MD4_Init;
-+		EVP_md4;
-+		i2d_PUBKEY_bio;
-+		i2d_PUBKEY_fp;
-+		d2i_PUBKEY_bio;
-+		ASN1_STRING_to_UTF8;
-+		BIO_vprintf;
-+		BIO_vsnprintf;
-+		d2i_PUBKEY_fp;
-+		X509_cmp_time;
-+		X509_STORE_CTX_set_time;
-+		X509_STORE_CTX_get1_issuer;
-+		X509_OBJECT_retrieve_match;
-+		X509_OBJECT_idx_by_subject;
-+		X509_STORE_CTX_set_flags;
-+		X509_STORE_CTX_trusted_stack;
-+		X509_time_adj;
-+		X509_check_issued;
-+		ASN1_UTCTIME_cmp_time_t;
-+		DES_set_weak_key_flag;
-+		DES_check_key;
-+		DES_rw_mode;
-+		RSA_PKCS1_RSAref;
-+		X509_keyid_set1;
-+		BIO_next;
-+		DSO_METHOD_vms;
-+		BIO_f_linebuffer;
-+		BN_bntest_rand;
-+		OPENSSL_issetugid;
-+		BN_rand_range;
-+		ERR_load_ENGINE_strings;
-+		ENGINE_set_DSA;
-+		ENGINE_get_finish_function;
-+		ENGINE_get_default_RSA;
-+		ENGINE_get_BN_mod_exp;
-+		DSA_get_default_openssl_method;
-+		ENGINE_set_DH;
-+		ENGINE_set_def_BN_mod_exp_crt;
-+		ENGINE_set_default_BN_mod_exp_crt;
-+		ENGINE_init;
-+		DH_get_default_openssl_method;
-+		RSA_set_default_openssl_method;
-+		ENGINE_finish;
-+		ENGINE_load_public_key;
-+		ENGINE_get_DH;
-+		ENGINE_ctrl;
-+		ENGINE_get_init_function;
-+		ENGINE_set_init_function;
-+		ENGINE_set_default_DSA;
-+		ENGINE_get_name;
-+		ENGINE_get_last;
-+		ENGINE_get_prev;
-+		ENGINE_get_default_DH;
-+		ENGINE_get_RSA;
-+		ENGINE_set_default;
-+		ENGINE_get_RAND;
-+		ENGINE_get_first;
-+		ENGINE_by_id;
-+		ENGINE_set_finish_function;
-+		ENGINE_get_def_BN_mod_exp_crt;
-+		ENGINE_get_default_BN_mod_exp_crt;
-+		RSA_get_default_openssl_method;
-+		ENGINE_set_RSA;
-+		ENGINE_load_private_key;
-+		ENGINE_set_default_RAND;
-+		ENGINE_set_BN_mod_exp;
-+		ENGINE_remove;
-+		ENGINE_free;
-+		ENGINE_get_BN_mod_exp_crt;
-+		ENGINE_get_next;
-+		ENGINE_set_name;
-+		ENGINE_get_default_DSA;
-+		ENGINE_set_default_BN_mod_exp;
-+		ENGINE_set_default_RSA;
-+		ENGINE_get_default_RAND;
-+		ENGINE_get_default_BN_mod_exp;
-+		ENGINE_set_RAND;
-+		ENGINE_set_id;
-+		ENGINE_set_BN_mod_exp_crt;
-+		ENGINE_set_default_DH;
-+		ENGINE_new;
-+		ENGINE_get_id;
-+		DSA_set_default_openssl_method;
-+		ENGINE_add;
-+		DH_set_default_openssl_method;
-+		ENGINE_get_DSA;
-+		ENGINE_get_ctrl_function;
-+		ENGINE_set_ctrl_function;
-+		BN_pseudo_rand_range;
-+		X509_STORE_CTX_set_verify_cb;
-+		ERR_load_COMP_strings;
-+		PKCS12_item_decrypt_d2i;
-+		ASN1_UTF8STRING_it;
-+		ENGINE_unregister_ciphers;
-+		ENGINE_get_ciphers;
-+		d2i_OCSP_BASICRESP;
-+		KRB5_CHECKSUM_it;
-+		EC_POINT_add;
-+		ASN1_item_ex_i2d;
-+		OCSP_CERTID_it;
-+		d2i_OCSP_RESPBYTES;
-+		X509V3_add1_i2d;
-+		PKCS7_ENVELOPE_it;
-+		UI_add_input_boolean;
-+		ENGINE_unregister_RSA;
-+		X509V3_EXT_nconf;
-+		ASN1_GENERALSTRING_free;
-+		d2i_OCSP_CERTSTATUS;
-+		X509_REVOKED_set_serialNumber;
-+		X509_print_ex;
-+		OCSP_ONEREQ_get1_ext_d2i;
-+		ENGINE_register_all_RAND;
-+		ENGINE_load_dynamic;
-+		PBKDF2PARAM_it;
-+		EXTENDED_KEY_USAGE_new;
-+		EC_GROUP_clear_free;
-+		OCSP_sendreq_bio;
-+		ASN1_item_digest;
-+		OCSP_BASICRESP_delete_ext;
-+		OCSP_SIGNATURE_it;
-+		X509_CRL_it;
-+		OCSP_BASICRESP_add_ext;
-+		KRB5_ENCKEY_it;
-+		UI_method_set_closer;
-+		X509_STORE_set_purpose;
-+		i2d_ASN1_GENERALSTRING;
-+		OCSP_response_status;
-+		i2d_OCSP_SERVICELOC;
-+		ENGINE_get_digest_engine;
-+		EC_GROUP_set_curve_GFp;
-+		OCSP_REQUEST_get_ext_by_OBJ;
-+		_ossl_old_des_random_key;
-+		ASN1_T61STRING_it;
-+		EC_GROUP_method_of;
-+		i2d_KRB5_APREQ;
-+		_ossl_old_des_encrypt;
-+		ASN1_PRINTABLE_new;
-+		HMAC_Init_ex;
-+		d2i_KRB5_AUTHENT;
-+		OCSP_archive_cutoff_new;
-+		EC_POINT_set_Jprojective_coordinates_GFp;
-+		EC_POINT_set_Jproj_coords_GFp;
-+		_ossl_old_des_is_weak_key;
-+		OCSP_BASICRESP_get_ext_by_OBJ;
-+		EC_POINT_oct2point;
-+		OCSP_SINGLERESP_get_ext_count;
-+		UI_ctrl;
-+		_shadow_DES_rw_mode;
-+		asn1_do_adb;
-+		ASN1_template_i2d;
-+		ENGINE_register_DH;
-+		UI_construct_prompt;
-+		X509_STORE_set_trust;
-+		UI_dup_input_string;
-+		d2i_KRB5_APREQ;
-+		EVP_MD_CTX_copy_ex;
-+		OCSP_request_is_signed;
-+		i2d_OCSP_REQINFO;
-+		KRB5_ENCKEY_free;
-+		OCSP_resp_get0;
-+		GENERAL_NAME_it;
-+		ASN1_GENERALIZEDTIME_it;
-+		X509_STORE_set_flags;
-+		EC_POINT_set_compressed_coordinates_GFp;
-+		EC_POINT_set_compr_coords_GFp;
-+		OCSP_response_status_str;
-+		d2i_OCSP_REVOKEDINFO;
-+		OCSP_basic_add1_cert;
-+		ERR_get_implementation;
-+		EVP_CipherFinal_ex;
-+		OCSP_CERTSTATUS_new;
-+		CRYPTO_cleanup_all_ex_data;
-+		OCSP_resp_find;
-+		BN_nnmod;
-+		X509_CRL_sort;
-+		X509_REVOKED_set_revocationDate;
-+		ENGINE_register_RAND;
-+		OCSP_SERVICELOC_new;
-+		EC_POINT_set_affine_coordinates_GFp;
-+		EC_POINT_set_affine_coords_GFp;
-+		_ossl_old_des_options;
-+		SXNET_it;
-+		UI_dup_input_boolean;
-+		PKCS12_add_CSPName_asc;
-+		EC_POINT_is_at_infinity;
-+		ENGINE_load_cryptodev;
-+		DSO_convert_filename;
-+		POLICYQUALINFO_it;
-+		ENGINE_register_ciphers;
-+		BN_mod_lshift_quick;
-+		DSO_set_filename;
-+		ASN1_item_free;
-+		KRB5_TKTBODY_free;
-+		AUTHORITY_KEYID_it;
-+		KRB5_APREQBODY_new;
-+		X509V3_EXT_REQ_add_nconf;
-+		ENGINE_ctrl_cmd_string;
-+		i2d_OCSP_RESPDATA;
-+		EVP_MD_CTX_init;
-+		EXTENDED_KEY_USAGE_free;
-+		PKCS7_ATTR_SIGN_it;
-+		UI_add_error_string;
-+		KRB5_CHECKSUM_free;
-+		OCSP_REQUEST_get_ext;
-+		ENGINE_load_ubsec;
-+		ENGINE_register_all_digests;
-+		PKEY_USAGE_PERIOD_it;
-+		PKCS12_unpack_authsafes;
-+		ASN1_item_unpack;
-+		NETSCAPE_SPKAC_it;
-+		X509_REVOKED_it;
-+		ASN1_STRING_encode;
-+		EVP_aes_128_ecb;
-+		KRB5_AUTHENT_free;
-+		OCSP_BASICRESP_get_ext_by_critical;
-+		OCSP_BASICRESP_get_ext_by_crit;
-+		OCSP_cert_status_str;
-+		d2i_OCSP_REQUEST;
-+		UI_dup_info_string;
-+		_ossl_old_des_xwhite_in2out;
-+		PKCS12_it;
-+		OCSP_SINGLERESP_get_ext_by_critical;
-+		OCSP_SINGLERESP_get_ext_by_crit;
-+		OCSP_CERTSTATUS_free;
-+		_ossl_old_des_crypt;
-+		ASN1_item_i2d;
-+		EVP_DecryptFinal_ex;
-+		ENGINE_load_openssl;
-+		ENGINE_get_cmd_defns;
-+		ENGINE_set_load_privkey_function;
-+		ENGINE_set_load_privkey_fn;
-+		EVP_EncryptFinal_ex;
-+		ENGINE_set_default_digests;
-+		X509_get0_pubkey_bitstr;
-+		asn1_ex_i2c;
-+		ENGINE_register_RSA;
-+		ENGINE_unregister_DSA;
-+		_ossl_old_des_key_sched;
-+		X509_EXTENSION_it;
-+		i2d_KRB5_AUTHENT;
-+		SXNETID_it;
-+		d2i_OCSP_SINGLERESP;
-+		EDIPARTYNAME_new;
-+		PKCS12_certbag2x509;
-+		_ossl_old_des_ofb64_encrypt;
-+		d2i_EXTENDED_KEY_USAGE;
-+		ERR_print_errors_cb;
-+		ENGINE_set_ciphers;
-+		d2i_KRB5_APREQBODY;
-+		UI_method_get_flusher;
-+		X509_PUBKEY_it;
-+		_ossl_old_des_enc_read;
-+		PKCS7_ENCRYPT_it;
-+		i2d_OCSP_RESPONSE;
-+		EC_GROUP_get_cofactor;
-+		PKCS12_unpack_p7data;
-+		d2i_KRB5_AUTHDATA;
-+		OCSP_copy_nonce;
-+		KRB5_AUTHDATA_new;
-+		OCSP_RESPDATA_new;
-+		EC_GFp_mont_method;
-+		OCSP_REVOKEDINFO_free;
-+		UI_get_ex_data;
-+		KRB5_APREQBODY_free;
-+		EC_GROUP_get0_generator;
-+		UI_get_default_method;
-+		X509V3_set_nconf;
-+		PKCS12_item_i2d_encrypt;
-+		X509_add1_ext_i2d;
-+		PKCS7_SIGNER_INFO_it;
-+		KRB5_PRINCNAME_new;
-+		PKCS12_SAFEBAG_it;
-+		EC_GROUP_get_order;
-+		d2i_OCSP_RESPID;
-+		OCSP_request_verify;
-+		NCONF_get_number_e;
-+		_ossl_old_des_decrypt3;
-+		X509_signature_print;
-+		OCSP_SINGLERESP_free;
-+		ENGINE_load_builtin_engines;
-+		i2d_OCSP_ONEREQ;
-+		OCSP_REQUEST_add_ext;
-+		OCSP_RESPBYTES_new;
-+		EVP_MD_CTX_create;
-+		OCSP_resp_find_status;
-+		X509_ALGOR_it;
-+		ASN1_TIME_it;
-+		OCSP_request_set1_name;
-+		OCSP_ONEREQ_get_ext_count;
-+		UI_get0_result;
-+		PKCS12_AUTHSAFES_it;
-+		EVP_aes_256_ecb;
-+		PKCS12_pack_authsafes;
-+		ASN1_IA5STRING_it;
-+		UI_get_input_flags;
-+		EC_GROUP_set_generator;
-+		_ossl_old_des_string_to_2keys;
-+		OCSP_CERTID_free;
-+		X509_CERT_AUX_it;
-+		CERTIFICATEPOLICIES_it;
-+		_ossl_old_des_ede3_cbc_encrypt;
-+		RAND_set_rand_engine;
-+		DSO_get_loaded_filename;
-+		X509_ATTRIBUTE_it;
-+		OCSP_ONEREQ_get_ext_by_NID;
-+		PKCS12_decrypt_skey;
-+		KRB5_AUTHENT_it;
-+		UI_dup_error_string;
-+		RSAPublicKey_it;
-+		i2d_OCSP_REQUEST;
-+		PKCS12_x509crl2certbag;
-+		OCSP_SERVICELOC_it;
-+		ASN1_item_sign;
-+		X509_CRL_set_issuer_name;
-+		OBJ_NAME_do_all_sorted;
-+		i2d_OCSP_BASICRESP;
-+		i2d_OCSP_RESPBYTES;
-+		PKCS12_unpack_p7encdata;
-+		HMAC_CTX_init;
-+		ENGINE_get_digest;
-+		OCSP_RESPONSE_print;
-+		KRB5_TKTBODY_it;
-+		ACCESS_DESCRIPTION_it;
-+		PKCS7_ISSUER_AND_SERIAL_it;
-+		PBE2PARAM_it;
-+		PKCS12_certbag2x509crl;
-+		PKCS7_SIGNED_it;
-+		ENGINE_get_cipher;
-+		i2d_OCSP_CRLID;
-+		OCSP_SINGLERESP_new;
-+		ENGINE_cmd_is_executable;
-+		RSA_up_ref;
-+		ASN1_GENERALSTRING_it;
-+		ENGINE_register_DSA;
-+		X509V3_EXT_add_nconf_sk;
-+		ENGINE_set_load_pubkey_function;
-+		PKCS8_decrypt;
-+		PEM_bytes_read_bio;
-+		DIRECTORYSTRING_it;
-+		d2i_OCSP_CRLID;
-+		EC_POINT_is_on_curve;
-+		CRYPTO_set_locked_mem_ex_functions;
-+		CRYPTO_set_locked_mem_ex_funcs;
-+		d2i_KRB5_CHECKSUM;
-+		ASN1_item_dup;
-+		X509_it;
-+		BN_mod_add;
-+		KRB5_AUTHDATA_free;
-+		_ossl_old_des_cbc_cksum;
-+		ASN1_item_verify;
-+		CRYPTO_set_mem_ex_functions;
-+		EC_POINT_get_Jprojective_coordinates_GFp;
-+		EC_POINT_get_Jproj_coords_GFp;
-+		ZLONG_it;
-+		CRYPTO_get_locked_mem_ex_functions;
-+		CRYPTO_get_locked_mem_ex_funcs;
-+		ASN1_TIME_check;
-+		UI_get0_user_data;
-+		HMAC_CTX_cleanup;
-+		DSA_up_ref;
-+		_ossl_old_des_ede3_cfb64_encrypt;
-+		_ossl_odes_ede3_cfb64_encrypt;
-+		ASN1_BMPSTRING_it;
-+		ASN1_tag2bit;
-+		UI_method_set_flusher;
-+		X509_ocspid_print;
-+		KRB5_ENCDATA_it;
-+		ENGINE_get_load_pubkey_function;
-+		UI_add_user_data;
-+		OCSP_REQUEST_delete_ext;
-+		UI_get_method;
-+		OCSP_ONEREQ_free;
-+		ASN1_PRINTABLESTRING_it;
-+		X509_CRL_set_nextUpdate;
-+		OCSP_REQUEST_it;
-+		OCSP_BASICRESP_it;
-+		AES_ecb_encrypt;
-+		BN_mod_sqr;
-+		NETSCAPE_CERT_SEQUENCE_it;
-+		GENERAL_NAMES_it;
-+		AUTHORITY_INFO_ACCESS_it;
-+		ASN1_FBOOLEAN_it;
-+		UI_set_ex_data;
-+		_ossl_old_des_string_to_key;
-+		ENGINE_register_all_RSA;
-+		d2i_KRB5_PRINCNAME;
-+		OCSP_RESPBYTES_it;
-+		X509_CINF_it;
-+		ENGINE_unregister_digests;
-+		d2i_EDIPARTYNAME;
-+		d2i_OCSP_SERVICELOC;
-+		ENGINE_get_digests;
-+		_ossl_old_des_set_odd_parity;
-+		OCSP_RESPDATA_free;
-+		d2i_KRB5_TICKET;
-+		OTHERNAME_it;
-+		EVP_MD_CTX_cleanup;
-+		d2i_ASN1_GENERALSTRING;
-+		X509_CRL_set_version;
-+		BN_mod_sub;
-+		OCSP_SINGLERESP_get_ext_by_NID;
-+		ENGINE_get_ex_new_index;
-+		OCSP_REQUEST_free;
-+		OCSP_REQUEST_add1_ext_i2d;
-+		X509_VAL_it;
-+		EC_POINTs_make_affine;
-+		EC_POINT_mul;
-+		X509V3_EXT_add_nconf;
-+		X509_TRUST_set;
-+		X509_CRL_add1_ext_i2d;
-+		_ossl_old_des_fcrypt;
-+		DISPLAYTEXT_it;
-+		X509_CRL_set_lastUpdate;
-+		OCSP_BASICRESP_free;
-+		OCSP_BASICRESP_add1_ext_i2d;
-+		d2i_KRB5_AUTHENTBODY;
-+		CRYPTO_set_ex_data_implementation;
-+		CRYPTO_set_ex_data_impl;
-+		KRB5_ENCDATA_new;
-+		DSO_up_ref;
-+		OCSP_crl_reason_str;
-+		UI_get0_result_string;
-+		ASN1_GENERALSTRING_new;
-+		X509_SIG_it;
-+		ERR_set_implementation;
-+		ERR_load_EC_strings;
-+		UI_get0_action_string;
-+		OCSP_ONEREQ_get_ext;
-+		EC_POINT_method_of;
-+		i2d_KRB5_APREQBODY;
-+		_ossl_old_des_ecb3_encrypt;
-+		CRYPTO_get_mem_ex_functions;
-+		ENGINE_get_ex_data;
-+		UI_destroy_method;
-+		ASN1_item_i2d_bio;
-+		OCSP_ONEREQ_get_ext_by_OBJ;
-+		ASN1_primitive_new;
-+		ASN1_PRINTABLE_it;
-+		EVP_aes_192_ecb;
-+		OCSP_SIGNATURE_new;
-+		LONG_it;
-+		ASN1_VISIBLESTRING_it;
-+		OCSP_SINGLERESP_add1_ext_i2d;
-+		d2i_OCSP_CERTID;
-+		ASN1_item_d2i_fp;
-+		CRL_DIST_POINTS_it;
-+		GENERAL_NAME_print;
-+		OCSP_SINGLERESP_delete_ext;
-+		PKCS12_SAFEBAGS_it;
-+		d2i_OCSP_SIGNATURE;
-+		OCSP_request_add1_nonce;
-+		ENGINE_set_cmd_defns;
-+		OCSP_SERVICELOC_free;
-+		EC_GROUP_free;
-+		ASN1_BIT_STRING_it;
-+		X509_REQ_it;
-+		_ossl_old_des_cbc_encrypt;
-+		ERR_unload_strings;
-+		PKCS7_SIGN_ENVELOPE_it;
-+		EDIPARTYNAME_free;
-+		OCSP_REQINFO_free;
-+		EC_GROUP_new_curve_GFp;
-+		OCSP_REQUEST_get1_ext_d2i;
-+		PKCS12_item_pack_safebag;
-+		asn1_ex_c2i;
-+		ENGINE_register_digests;
-+		i2d_OCSP_REVOKEDINFO;
-+		asn1_enc_restore;
-+		UI_free;
-+		UI_new_method;
-+		EVP_EncryptInit_ex;
-+		X509_pubkey_digest;
-+		EC_POINT_invert;
-+		OCSP_basic_sign;
-+		i2d_OCSP_RESPID;
-+		OCSP_check_nonce;
-+		ENGINE_ctrl_cmd;
-+		d2i_KRB5_ENCKEY;
-+		OCSP_parse_url;
-+		OCSP_SINGLERESP_get_ext;
-+		OCSP_CRLID_free;
-+		OCSP_BASICRESP_get1_ext_d2i;
-+		RSAPrivateKey_it;
-+		ENGINE_register_all_DH;
-+		i2d_EDIPARTYNAME;
-+		EC_POINT_get_affine_coordinates_GFp;
-+		EC_POINT_get_affine_coords_GFp;
-+		OCSP_CRLID_new;
-+		ENGINE_get_flags;
-+		OCSP_ONEREQ_it;
-+		UI_process;
-+		ASN1_INTEGER_it;
-+		EVP_CipherInit_ex;
-+		UI_get_string_type;
-+		ENGINE_unregister_DH;
-+		ENGINE_register_all_DSA;
-+		OCSP_ONEREQ_get_ext_by_critical;
-+		bn_dup_expand;
-+		OCSP_cert_id_new;
-+		BASIC_CONSTRAINTS_it;
-+		BN_mod_add_quick;
-+		EC_POINT_new;
-+		EVP_MD_CTX_destroy;
-+		OCSP_RESPBYTES_free;
-+		EVP_aes_128_cbc;
-+		OCSP_SINGLERESP_get1_ext_d2i;
-+		EC_POINT_free;
-+		DH_up_ref;
-+		X509_NAME_ENTRY_it;
-+		UI_get_ex_new_index;
-+		BN_mod_sub_quick;
-+		OCSP_ONEREQ_add_ext;
-+		OCSP_request_sign;
-+		EVP_DigestFinal_ex;
-+		ENGINE_set_digests;
-+		OCSP_id_issuer_cmp;
-+		OBJ_NAME_do_all;
-+		EC_POINTs_mul;
-+		ENGINE_register_complete;
-+		X509V3_EXT_nconf_nid;
-+		ASN1_SEQUENCE_it;
-+		UI_set_default_method;
-+		RAND_query_egd_bytes;
-+		UI_method_get_writer;
-+		UI_OpenSSL;
-+		PEM_def_callback;
-+		ENGINE_cleanup;
-+		DIST_POINT_it;
-+		OCSP_SINGLERESP_it;
-+		d2i_KRB5_TKTBODY;
-+		EC_POINT_cmp;
-+		OCSP_REVOKEDINFO_new;
-+		i2d_OCSP_CERTSTATUS;
-+		OCSP_basic_add1_nonce;
-+		ASN1_item_ex_d2i;
-+		BN_mod_lshift1_quick;
-+		UI_set_method;
-+		OCSP_id_get0_info;
-+		BN_mod_sqrt;
-+		EC_GROUP_copy;
-+		KRB5_ENCDATA_free;
-+		_ossl_old_des_cfb_encrypt;
-+		OCSP_SINGLERESP_get_ext_by_OBJ;
-+		OCSP_cert_to_id;
-+		OCSP_RESPID_new;
-+		OCSP_RESPDATA_it;
-+		d2i_OCSP_RESPDATA;
-+		ENGINE_register_all_complete;
-+		OCSP_check_validity;
-+		PKCS12_BAGS_it;
-+		OCSP_url_svcloc_new;
-+		ASN1_template_free;
-+		OCSP_SINGLERESP_add_ext;
-+		KRB5_AUTHENTBODY_it;
-+		X509_supported_extension;
-+		i2d_KRB5_AUTHDATA;
-+		UI_method_get_opener;
-+		ENGINE_set_ex_data;
-+		OCSP_REQUEST_print;
-+		CBIGNUM_it;
-+		KRB5_TICKET_new;
-+		KRB5_APREQ_new;
-+		EC_GROUP_get_curve_GFp;
-+		KRB5_ENCKEY_new;
-+		ASN1_template_d2i;
-+		_ossl_old_des_quad_cksum;
-+		OCSP_single_get0_status;
-+		BN_swap;
-+		POLICYINFO_it;
-+		ENGINE_set_destroy_function;
-+		asn1_enc_free;
-+		OCSP_RESPID_it;
-+		EC_GROUP_new;
-+		EVP_aes_256_cbc;
-+		i2d_KRB5_PRINCNAME;
-+		_ossl_old_des_encrypt2;
-+		_ossl_old_des_encrypt3;
-+		PKCS8_PRIV_KEY_INFO_it;
-+		OCSP_REQINFO_it;
-+		PBEPARAM_it;
-+		KRB5_AUTHENTBODY_new;
-+		X509_CRL_add0_revoked;
-+		EDIPARTYNAME_it;
-+		NETSCAPE_SPKI_it;
-+		UI_get0_test_string;
-+		ENGINE_get_cipher_engine;
-+		ENGINE_register_all_ciphers;
-+		EC_POINT_copy;
-+		BN_kronecker;
-+		_ossl_old_des_ede3_ofb64_encrypt;
-+		_ossl_odes_ede3_ofb64_encrypt;
-+		UI_method_get_reader;
-+		OCSP_BASICRESP_get_ext_count;
-+		ASN1_ENUMERATED_it;
-+		UI_set_result;
-+		i2d_KRB5_TICKET;
-+		X509_print_ex_fp;
-+		EVP_CIPHER_CTX_set_padding;
-+		d2i_OCSP_RESPONSE;
-+		ASN1_UTCTIME_it;
-+		_ossl_old_des_enc_write;
-+		OCSP_RESPONSE_new;
-+		AES_set_encrypt_key;
-+		OCSP_resp_count;
-+		KRB5_CHECKSUM_new;
-+		ENGINE_load_cswift;
-+		OCSP_onereq_get0_id;
-+		ENGINE_set_default_ciphers;
-+		NOTICEREF_it;
-+		X509V3_EXT_CRL_add_nconf;
-+		OCSP_REVOKEDINFO_it;
-+		AES_encrypt;
-+		OCSP_REQUEST_new;
-+		ASN1_ANY_it;
-+		CRYPTO_ex_data_new_class;
-+		_ossl_old_des_ncbc_encrypt;
-+		i2d_KRB5_TKTBODY;
-+		EC_POINT_clear_free;
-+		AES_decrypt;
-+		asn1_enc_init;
-+		UI_get_result_maxsize;
-+		OCSP_CERTID_new;
-+		ENGINE_unregister_RAND;
-+		UI_method_get_closer;
-+		d2i_KRB5_ENCDATA;
-+		OCSP_request_onereq_count;
-+		OCSP_basic_verify;
-+		KRB5_AUTHENTBODY_free;
-+		ASN1_item_d2i;
-+		ASN1_primitive_free;
-+		i2d_EXTENDED_KEY_USAGE;
-+		i2d_OCSP_SIGNATURE;
-+		asn1_enc_save;
-+		ENGINE_load_nuron;
-+		_ossl_old_des_pcbc_encrypt;
-+		PKCS12_MAC_DATA_it;
-+		OCSP_accept_responses_new;
-+		asn1_do_lock;
-+		PKCS7_ATTR_VERIFY_it;
-+		KRB5_APREQBODY_it;
-+		i2d_OCSP_SINGLERESP;
-+		ASN1_item_ex_new;
-+		UI_add_verify_string;
-+		_ossl_old_des_set_key;
-+		KRB5_PRINCNAME_it;
-+		EVP_DecryptInit_ex;
-+		i2d_OCSP_CERTID;
-+		ASN1_item_d2i_bio;
-+		EC_POINT_dbl;
-+		asn1_get_choice_selector;
-+		i2d_KRB5_CHECKSUM;
-+		ENGINE_set_table_flags;
-+		AES_options;
-+		ENGINE_load_chil;
-+		OCSP_id_cmp;
-+		OCSP_BASICRESP_new;
-+		OCSP_REQUEST_get_ext_by_NID;
-+		KRB5_APREQ_it;
-+		ENGINE_get_destroy_function;
-+		CONF_set_nconf;
-+		ASN1_PRINTABLE_free;
-+		OCSP_BASICRESP_get_ext_by_NID;
-+		DIST_POINT_NAME_it;
-+		X509V3_extensions_print;
-+		_ossl_old_des_cfb64_encrypt;
-+		X509_REVOKED_add1_ext_i2d;
-+		_ossl_old_des_ofb_encrypt;
-+		KRB5_TKTBODY_new;
-+		ASN1_OCTET_STRING_it;
-+		ERR_load_UI_strings;
-+		i2d_KRB5_ENCKEY;
-+		ASN1_template_new;
-+		OCSP_SIGNATURE_free;
-+		ASN1_item_i2d_fp;
-+		KRB5_PRINCNAME_free;
-+		PKCS7_RECIP_INFO_it;
-+		EXTENDED_KEY_USAGE_it;
-+		EC_GFp_simple_method;
-+		EC_GROUP_precompute_mult;
-+		OCSP_request_onereq_get0;
-+		UI_method_set_writer;
-+		KRB5_AUTHENT_new;
-+		X509_CRL_INFO_it;
-+		DSO_set_name_converter;
-+		AES_set_decrypt_key;
-+		PKCS7_DIGEST_it;
-+		PKCS12_x5092certbag;
-+		EVP_DigestInit_ex;
-+		i2a_ACCESS_DESCRIPTION;
-+		OCSP_RESPONSE_it;
-+		PKCS7_ENC_CONTENT_it;
-+		OCSP_request_add0_id;
-+		EC_POINT_make_affine;
-+		DSO_get_filename;
-+		OCSP_CERTSTATUS_it;
-+		OCSP_request_add1_cert;
-+		UI_get0_output_string;
-+		UI_dup_verify_string;
-+		BN_mod_lshift;
-+		KRB5_AUTHDATA_it;
-+		asn1_set_choice_selector;
-+		OCSP_basic_add1_status;
-+		OCSP_RESPID_free;
-+		asn1_get_field_ptr;
-+		UI_add_input_string;
-+		OCSP_CRLID_it;
-+		i2d_KRB5_AUTHENTBODY;
-+		OCSP_REQUEST_get_ext_count;
-+		ENGINE_load_atalla;
-+		X509_NAME_it;
-+		USERNOTICE_it;
-+		OCSP_REQINFO_new;
-+		OCSP_BASICRESP_get_ext;
-+		CRYPTO_get_ex_data_implementation;
-+		CRYPTO_get_ex_data_impl;
-+		ASN1_item_pack;
-+		i2d_KRB5_ENCDATA;
-+		X509_PURPOSE_set;
-+		X509_REQ_INFO_it;
-+		UI_method_set_opener;
-+		ASN1_item_ex_free;
-+		ASN1_BOOLEAN_it;
-+		ENGINE_get_table_flags;
-+		UI_create_method;
-+		OCSP_ONEREQ_add1_ext_i2d;
-+		_shadow_DES_check_key;
-+		d2i_OCSP_REQINFO;
-+		UI_add_info_string;
-+		UI_get_result_minsize;
-+		ASN1_NULL_it;
-+		BN_mod_lshift1;
-+		d2i_OCSP_ONEREQ;
-+		OCSP_ONEREQ_new;
-+		KRB5_TICKET_it;
-+		EVP_aes_192_cbc;
-+		KRB5_TICKET_free;
-+		UI_new;
-+		OCSP_response_create;
-+		_ossl_old_des_xcbc_encrypt;
-+		PKCS7_it;
-+		OCSP_REQUEST_get_ext_by_critical;
-+		OCSP_REQUEST_get_ext_by_crit;
-+		ENGINE_set_flags;
-+		_ossl_old_des_ecb_encrypt;
-+		OCSP_response_get1_basic;
-+		EVP_Digest;
-+		OCSP_ONEREQ_delete_ext;
-+		ASN1_TBOOLEAN_it;
-+		ASN1_item_new;
-+		ASN1_TIME_to_generalizedtime;
-+		BIGNUM_it;
-+		AES_cbc_encrypt;
-+		ENGINE_get_load_privkey_function;
-+		ENGINE_get_load_privkey_fn;
-+		OCSP_RESPONSE_free;
-+		UI_method_set_reader;
-+		i2d_ASN1_T61STRING;
-+		EC_POINT_set_to_infinity;
-+		ERR_load_OCSP_strings;
-+		EC_POINT_point2oct;
-+		KRB5_APREQ_free;
-+		ASN1_OBJECT_it;
-+		OCSP_crlID_new;
-+		OCSP_crlID2_new;
-+		CONF_modules_load_file;
-+		CONF_imodule_set_usr_data;
-+		ENGINE_set_default_string;
-+		CONF_module_get_usr_data;
-+		ASN1_add_oid_module;
-+		CONF_modules_finish;
-+		OPENSSL_config;
-+		CONF_modules_unload;
-+		CONF_imodule_get_value;
-+		CONF_module_set_usr_data;
-+		CONF_parse_list;
-+		CONF_module_add;
-+		CONF_get1_default_config_file;
-+		CONF_imodule_get_flags;
-+		CONF_imodule_get_module;
-+		CONF_modules_load;
-+		CONF_imodule_get_name;
-+		ERR_peek_top_error;
-+		CONF_imodule_get_usr_data;
-+		CONF_imodule_set_flags;
-+		ENGINE_add_conf_module;
-+		ERR_peek_last_error_line;
-+		ERR_peek_last_error_line_data;
-+		ERR_peek_last_error;
-+		DES_read_2passwords;
-+		DES_read_password;
-+		UI_UTIL_read_pw;
-+		UI_UTIL_read_pw_string;
-+		ENGINE_load_aep;
-+		ENGINE_load_sureware;
-+		OPENSSL_add_all_algorithms_noconf;
-+		OPENSSL_add_all_algo_noconf;
-+		OPENSSL_add_all_algorithms_conf;
-+		OPENSSL_add_all_algo_conf;
-+		OPENSSL_load_builtin_modules;
-+		AES_ofb128_encrypt;
-+		AES_ctr128_encrypt;
-+		AES_cfb128_encrypt;
-+		ENGINE_load_4758cca;
-+		_ossl_096_des_random_seed;
-+		EVP_aes_256_ofb;
-+		EVP_aes_192_ofb;
-+		EVP_aes_128_cfb128;
-+		EVP_aes_256_cfb128;
-+		EVP_aes_128_ofb;
-+		EVP_aes_192_cfb128;
-+		CONF_modules_free;
-+		NCONF_default;
-+		OPENSSL_no_config;
-+		NCONF_WIN32;
-+		ASN1_UNIVERSALSTRING_new;
-+		EVP_des_ede_ecb;
-+		i2d_ASN1_UNIVERSALSTRING;
-+		ASN1_UNIVERSALSTRING_free;
-+		ASN1_UNIVERSALSTRING_it;
-+		d2i_ASN1_UNIVERSALSTRING;
-+		EVP_des_ede3_ecb;
-+		X509_REQ_print_ex;
-+		ENGINE_up_ref;
-+		BUF_MEM_grow_clean;
-+		CRYPTO_realloc_clean;
-+		BUF_strlcat;
-+		BIO_indent;
-+		BUF_strlcpy;
-+		OpenSSLDie;
-+		OPENSSL_cleanse;
-+		ENGINE_setup_bsd_cryptodev;
-+		ERR_release_err_state_table;
-+		EVP_aes_128_cfb8;
-+		FIPS_corrupt_rsa;
-+		FIPS_selftest_des;
-+		EVP_aes_128_cfb1;
-+		EVP_aes_192_cfb8;
-+		FIPS_mode_set;
-+		FIPS_selftest_dsa;
-+		EVP_aes_256_cfb8;
-+		FIPS_allow_md5;
-+		DES_ede3_cfb_encrypt;
-+		EVP_des_ede3_cfb8;
-+		FIPS_rand_seeded;
-+		AES_cfbr_encrypt_block;
-+		AES_cfb8_encrypt;
-+		FIPS_rand_seed;
-+		FIPS_corrupt_des;
-+		EVP_aes_192_cfb1;
-+		FIPS_selftest_aes;
-+		FIPS_set_prng_key;
-+		EVP_des_cfb8;
-+		FIPS_corrupt_dsa;
-+		FIPS_test_mode;
-+		FIPS_rand_method;
-+		EVP_aes_256_cfb1;
-+		ERR_load_FIPS_strings;
-+		FIPS_corrupt_aes;
-+		FIPS_selftest_sha1;
-+		FIPS_selftest_rsa;
-+		FIPS_corrupt_sha1;
-+		EVP_des_cfb1;
-+		FIPS_dsa_check;
-+		AES_cfb1_encrypt;
-+		EVP_des_ede3_cfb1;
-+		FIPS_rand_check;
-+		FIPS_md5_allowed;
-+		FIPS_mode;
-+		FIPS_selftest_failed;
-+		sk_is_sorted;
-+		X509_check_ca;
-+		HMAC_CTX_set_flags;
-+		d2i_PROXY_CERT_INFO_EXTENSION;
-+		PROXY_POLICY_it;
-+		i2d_PROXY_POLICY;
-+		i2d_PROXY_CERT_INFO_EXTENSION;
-+		d2i_PROXY_POLICY;
-+		PROXY_CERT_INFO_EXTENSION_new;
-+		PROXY_CERT_INFO_EXTENSION_free;
-+		PROXY_CERT_INFO_EXTENSION_it;
-+		PROXY_POLICY_free;
-+		PROXY_POLICY_new;
-+		BN_MONT_CTX_set_locked;
-+		FIPS_selftest_rng;
-+		EVP_sha384;
-+		EVP_sha512;
-+		EVP_sha224;
-+		EVP_sha256;
-+		FIPS_selftest_hmac;
-+		FIPS_corrupt_rng;
-+		BN_mod_exp_mont_consttime;
-+		RSA_X931_hash_id;
-+		RSA_padding_check_X931;
-+		RSA_verify_PKCS1_PSS;
-+		RSA_padding_add_X931;
-+		RSA_padding_add_PKCS1_PSS;
-+		PKCS1_MGF1;
-+		BN_X931_generate_Xpq;
-+		RSA_X931_generate_key;
-+		BN_X931_derive_prime;
-+		BN_X931_generate_prime;
-+		RSA_X931_derive;
-+		BIO_new_dgram;
-+		BN_get0_nist_prime_384;
-+		ERR_set_mark;
-+		X509_STORE_CTX_set0_crls;
-+		ENGINE_set_STORE;
-+		ENGINE_register_ECDSA;
-+		STORE_meth_set_list_start_fn;
-+		STORE_method_set_list_start_function;
-+		BN_BLINDING_invert_ex;
-+		NAME_CONSTRAINTS_free;
-+		STORE_ATTR_INFO_set_number;
-+		BN_BLINDING_get_thread_id;
-+		X509_STORE_CTX_set0_param;
-+		POLICY_MAPPING_it;
-+		STORE_parse_attrs_start;
-+		POLICY_CONSTRAINTS_free;
-+		EVP_PKEY_add1_attr_by_NID;
-+		BN_nist_mod_192;
-+		EC_GROUP_get_trinomial_basis;
-+		STORE_set_method;
-+		GENERAL_SUBTREE_free;
-+		NAME_CONSTRAINTS_it;
-+		ECDH_get_default_method;
-+		PKCS12_add_safe;
-+		EC_KEY_new_by_curve_name;
-+		STORE_meth_get_update_store_fn;
-+		STORE_method_get_update_store_function;
-+		ENGINE_register_ECDH;
-+		SHA512_Update;
-+		i2d_ECPrivateKey;
-+		BN_get0_nist_prime_192;
-+		STORE_modify_certificate;
-+		EC_POINT_set_affine_coordinates_GF2m;
-+		EC_POINT_set_affine_coords_GF2m;
-+		BN_GF2m_mod_exp_arr;
-+		STORE_ATTR_INFO_modify_number;
-+		X509_keyid_get0;
-+		ENGINE_load_gmp;
-+		pitem_new;
-+		BN_GF2m_mod_mul_arr;
-+		STORE_list_public_key_endp;
-+		o2i_ECPublicKey;
-+		EC_KEY_copy;
-+		BIO_dump_fp;
-+		X509_policy_node_get0_parent;
-+		EC_GROUP_check_discriminant;
-+		i2o_ECPublicKey;
-+		EC_KEY_precompute_mult;
-+		a2i_IPADDRESS;
-+		STORE_meth_set_initialise_fn;
-+		STORE_method_set_initialise_function;
-+		X509_STORE_CTX_set_depth;
-+		X509_VERIFY_PARAM_inherit;
-+		EC_POINT_point2bn;
-+		STORE_ATTR_INFO_set_dn;
-+		X509_policy_tree_get0_policies;
-+		EC_GROUP_new_curve_GF2m;
-+		STORE_destroy_method;
-+		ENGINE_unregister_STORE;
-+		EVP_PKEY_get1_EC_KEY;
-+		STORE_ATTR_INFO_get0_number;
-+		ENGINE_get_default_ECDH;
-+		EC_KEY_get_conv_form;
-+		ASN1_OCTET_STRING_NDEF_it;
-+		STORE_delete_public_key;
-+		STORE_get_public_key;
-+		STORE_modify_arbitrary;
-+		ENGINE_get_static_state;
-+		pqueue_iterator;
-+		ECDSA_SIG_new;
-+		OPENSSL_DIR_end;
-+		BN_GF2m_mod_sqr;
-+		EC_POINT_bn2point;
-+		X509_VERIFY_PARAM_set_depth;
-+		EC_KEY_set_asn1_flag;
-+		STORE_get_method;
-+		EC_KEY_get_key_method_data;
-+		ECDSA_sign_ex;
-+		STORE_parse_attrs_end;
-+		EC_GROUP_get_point_conversion_form;
-+		EC_GROUP_get_point_conv_form;
-+		STORE_method_set_store_function;
-+		STORE_ATTR_INFO_in;
-+		PEM_read_bio_ECPKParameters;
-+		EC_GROUP_get_pentanomial_basis;
-+		EVP_PKEY_add1_attr_by_txt;
-+		BN_BLINDING_set_flags;
-+		X509_VERIFY_PARAM_set1_policies;
-+		X509_VERIFY_PARAM_set1_name;
-+		X509_VERIFY_PARAM_set_purpose;
-+		STORE_get_number;
-+		ECDSA_sign_setup;
-+		BN_GF2m_mod_solve_quad_arr;
-+		EC_KEY_up_ref;
-+		POLICY_MAPPING_free;
-+		BN_GF2m_mod_div;
-+		X509_VERIFY_PARAM_set_flags;
-+		EC_KEY_free;
-+		STORE_meth_set_list_next_fn;
-+		STORE_method_set_list_next_function;
-+		PEM_write_bio_ECPrivateKey;
-+		d2i_EC_PUBKEY;
-+		STORE_meth_get_generate_fn;
-+		STORE_method_get_generate_function;
-+		STORE_meth_set_list_end_fn;
-+		STORE_method_set_list_end_function;
-+		pqueue_print;
-+		EC_GROUP_have_precompute_mult;
-+		EC_KEY_print_fp;
-+		BN_GF2m_mod_arr;
-+		PEM_write_bio_X509_CERT_PAIR;
-+		EVP_PKEY_cmp;
-+		X509_policy_level_node_count;
-+		STORE_new_engine;
-+		STORE_list_public_key_start;
-+		X509_VERIFY_PARAM_new;
-+		ECDH_get_ex_data;
-+		EVP_PKEY_get_attr;
-+		ECDSA_do_sign;
-+		ENGINE_unregister_ECDH;
-+		ECDH_OpenSSL;
-+		EC_KEY_set_conv_form;
-+		EC_POINT_dup;
-+		GENERAL_SUBTREE_new;
-+		STORE_list_crl_endp;
-+		EC_get_builtin_curves;
-+		X509_policy_node_get0_qualifiers;
-+		X509_pcy_node_get0_qualifiers;
-+		STORE_list_crl_end;
-+		EVP_PKEY_set1_EC_KEY;
-+		BN_GF2m_mod_sqrt_arr;
-+		i2d_ECPrivateKey_bio;
-+		ECPKParameters_print_fp;
-+		pqueue_find;
-+		ECDSA_SIG_free;
-+		PEM_write_bio_ECPKParameters;
-+		STORE_method_set_ctrl_function;
-+		STORE_list_public_key_end;
-+		EC_KEY_set_private_key;
-+		pqueue_peek;
-+		STORE_get_arbitrary;
-+		STORE_store_crl;
-+		X509_policy_node_get0_policy;
-+		PKCS12_add_safes;
-+		BN_BLINDING_convert_ex;
-+		X509_policy_tree_free;
-+		OPENSSL_ia32cap_loc;
-+		BN_GF2m_poly2arr;
-+		STORE_ctrl;
-+		STORE_ATTR_INFO_compare;
-+		BN_get0_nist_prime_224;
-+		i2d_ECParameters;
-+		i2d_ECPKParameters;
-+		BN_GENCB_call;
-+		d2i_ECPKParameters;
-+		STORE_meth_set_generate_fn;
-+		STORE_method_set_generate_function;
-+		ENGINE_set_ECDH;
-+		NAME_CONSTRAINTS_new;
-+		SHA256_Init;
-+		EC_KEY_get0_public_key;
-+		PEM_write_bio_EC_PUBKEY;
-+		STORE_ATTR_INFO_set_cstr;
-+		STORE_list_crl_next;
-+		STORE_ATTR_INFO_in_range;
-+		ECParameters_print;
-+		STORE_meth_set_delete_fn;
-+		STORE_method_set_delete_function;
-+		STORE_list_certificate_next;
-+		ASN1_generate_nconf;
-+		BUF_memdup;
-+		BN_GF2m_mod_mul;
-+		STORE_meth_get_list_next_fn;
-+		STORE_method_get_list_next_function;
-+		STORE_ATTR_INFO_get0_dn;
-+		STORE_list_private_key_next;
-+		EC_GROUP_set_seed;
-+		X509_VERIFY_PARAM_set_trust;
-+		STORE_ATTR_INFO_free;
-+		STORE_get_private_key;
-+		EVP_PKEY_get_attr_count;
-+		STORE_ATTR_INFO_new;
-+		EC_GROUP_get_curve_GF2m;
-+		STORE_meth_set_revoke_fn;
-+		STORE_method_set_revoke_function;
-+		STORE_store_number;
-+		BN_is_prime_ex;
-+		STORE_revoke_public_key;
-+		X509_STORE_CTX_get0_param;
-+		STORE_delete_arbitrary;
-+		PEM_read_X509_CERT_PAIR;
-+		X509_STORE_set_depth;
-+		ECDSA_get_ex_data;
-+		SHA224;
-+		BIO_dump_indent_fp;
-+		EC_KEY_set_group;
-+		BUF_strndup;
-+		STORE_list_certificate_start;
-+		BN_GF2m_mod;
-+		X509_REQ_check_private_key;
-+		EC_GROUP_get_seed_len;
-+		ERR_load_STORE_strings;
-+		PEM_read_bio_EC_PUBKEY;
-+		STORE_list_private_key_end;
-+		i2d_EC_PUBKEY;
-+		ECDSA_get_default_method;
-+		ASN1_put_eoc;
-+		X509_STORE_CTX_get_explicit_policy;
-+		X509_STORE_CTX_get_expl_policy;
-+		X509_VERIFY_PARAM_table_cleanup;
-+		STORE_modify_private_key;
-+		X509_VERIFY_PARAM_free;
-+		EC_METHOD_get_field_type;
-+		EC_GFp_nist_method;
-+		STORE_meth_set_modify_fn;
-+		STORE_method_set_modify_function;
-+		STORE_parse_attrs_next;
-+		ENGINE_load_padlock;
-+		EC_GROUP_set_curve_name;
-+		X509_CERT_PAIR_it;
-+		STORE_meth_get_revoke_fn;
-+		STORE_method_get_revoke_function;
-+		STORE_method_set_get_function;
-+		STORE_modify_number;
-+		STORE_method_get_store_function;
-+		STORE_store_private_key;
-+		BN_GF2m_mod_sqr_arr;
-+		RSA_setup_blinding;
-+		BIO_s_datagram;
-+		STORE_Memory;
-+		sk_find_ex;
-+		EC_GROUP_set_curve_GF2m;
-+		ENGINE_set_default_ECDSA;
-+		POLICY_CONSTRAINTS_new;
-+		BN_GF2m_mod_sqrt;
-+		ECDH_set_default_method;
-+		EC_KEY_generate_key;
-+		SHA384_Update;
-+		BN_GF2m_arr2poly;
-+		STORE_method_get_get_function;
-+		STORE_meth_set_cleanup_fn;
-+		STORE_method_set_cleanup_function;
-+		EC_GROUP_check;
-+		d2i_ECPrivateKey_bio;
-+		EC_KEY_insert_key_method_data;
-+		STORE_meth_get_lock_store_fn;
-+		STORE_method_get_lock_store_function;
-+		X509_VERIFY_PARAM_get_depth;
-+		SHA224_Final;
-+		STORE_meth_set_update_store_fn;
-+		STORE_method_set_update_store_function;
-+		SHA224_Update;
-+		d2i_ECPrivateKey;
-+		ASN1_item_ndef_i2d;
-+		STORE_delete_private_key;
-+		ERR_pop_to_mark;
-+		ENGINE_register_all_STORE;
-+		X509_policy_level_get0_node;
-+		i2d_PKCS7_NDEF;
-+		EC_GROUP_get_degree;
-+		ASN1_generate_v3;
-+		STORE_ATTR_INFO_modify_cstr;
-+		X509_policy_tree_level_count;
-+		BN_GF2m_add;
-+		EC_KEY_get0_group;
-+		STORE_generate_crl;
-+		STORE_store_public_key;
-+		X509_CERT_PAIR_free;
-+		STORE_revoke_private_key;
-+		BN_nist_mod_224;
-+		SHA512_Final;
-+		STORE_ATTR_INFO_modify_dn;
-+		STORE_meth_get_initialise_fn;
-+		STORE_method_get_initialise_function;
-+		STORE_delete_number;
-+		i2d_EC_PUBKEY_bio;
-+		BIO_dgram_non_fatal_error;
-+		EC_GROUP_get_asn1_flag;
-+		STORE_ATTR_INFO_in_ex;
-+		STORE_list_crl_start;
-+		ECDH_get_ex_new_index;
-+		STORE_meth_get_modify_fn;
-+		STORE_method_get_modify_function;
-+		v2i_ASN1_BIT_STRING;
-+		STORE_store_certificate;
-+		OBJ_bsearch_ex;
-+		X509_STORE_CTX_set_default;
-+		STORE_ATTR_INFO_set_sha1str;
-+		BN_GF2m_mod_inv;
-+		BN_GF2m_mod_exp;
-+		STORE_modify_public_key;
-+		STORE_meth_get_list_start_fn;
-+		STORE_method_get_list_start_function;
-+		EC_GROUP_get0_seed;
-+		STORE_store_arbitrary;
-+		STORE_meth_set_unlock_store_fn;
-+		STORE_method_set_unlock_store_function;
-+		BN_GF2m_mod_div_arr;
-+		ENGINE_set_ECDSA;
-+		STORE_create_method;
-+		ECPKParameters_print;
-+		EC_KEY_get0_private_key;
-+		PEM_write_EC_PUBKEY;
-+		X509_VERIFY_PARAM_set1;
-+		ECDH_set_method;
-+		v2i_GENERAL_NAME_ex;
-+		ECDH_set_ex_data;
-+		STORE_generate_key;
-+		BN_nist_mod_521;
-+		X509_policy_tree_get0_level;
-+		EC_GROUP_set_point_conversion_form;
-+		EC_GROUP_set_point_conv_form;
-+		PEM_read_EC_PUBKEY;
-+		i2d_ECDSA_SIG;
-+		ECDSA_OpenSSL;
-+		STORE_delete_crl;
-+		EC_KEY_get_enc_flags;
-+		ASN1_const_check_infinite_end;
-+		EVP_PKEY_delete_attr;
-+		ECDSA_set_default_method;
-+		EC_POINT_set_compressed_coordinates_GF2m;
-+		EC_POINT_set_compr_coords_GF2m;
-+		EC_GROUP_cmp;
-+		STORE_revoke_certificate;
-+		BN_get0_nist_prime_256;
-+		STORE_meth_get_delete_fn;
-+		STORE_method_get_delete_function;
-+		SHA224_Init;
-+		PEM_read_ECPrivateKey;
-+		SHA512_Init;
-+		STORE_parse_attrs_endp;
-+		BN_set_negative;
-+		ERR_load_ECDSA_strings;
-+		EC_GROUP_get_basis_type;
-+		STORE_list_public_key_next;
-+		i2v_ASN1_BIT_STRING;
-+		STORE_OBJECT_free;
-+		BN_nist_mod_384;
-+		i2d_X509_CERT_PAIR;
-+		PEM_write_ECPKParameters;
-+		ECDH_compute_key;
-+		STORE_ATTR_INFO_get0_sha1str;
-+		ENGINE_register_all_ECDH;
-+		pqueue_pop;
-+		STORE_ATTR_INFO_get0_cstr;
-+		POLICY_CONSTRAINTS_it;
-+		STORE_get_ex_new_index;
-+		EVP_PKEY_get_attr_by_OBJ;
-+		X509_VERIFY_PARAM_add0_policy;
-+		BN_GF2m_mod_solve_quad;
-+		SHA256;
-+		i2d_ECPrivateKey_fp;
-+		X509_policy_tree_get0_user_policies;
-+		X509_pcy_tree_get0_usr_policies;
-+		OPENSSL_DIR_read;
-+		ENGINE_register_all_ECDSA;
-+		X509_VERIFY_PARAM_lookup;
-+		EC_POINT_get_affine_coordinates_GF2m;
-+		EC_POINT_get_affine_coords_GF2m;
-+		EC_GROUP_dup;
-+		ENGINE_get_default_ECDSA;
-+		EC_KEY_new;
-+		SHA256_Transform;
-+		EC_KEY_set_enc_flags;
-+		ECDSA_verify;
-+		EC_POINT_point2hex;
-+		ENGINE_get_STORE;
-+		SHA512;
-+		STORE_get_certificate;
-+		ECDSA_do_sign_ex;
-+		ECDSA_do_verify;
-+		d2i_ECPrivateKey_fp;
-+		STORE_delete_certificate;
-+		SHA512_Transform;
-+		X509_STORE_set1_param;
-+		STORE_method_get_ctrl_function;
-+		STORE_free;
-+		PEM_write_ECPrivateKey;
-+		STORE_meth_get_unlock_store_fn;
-+		STORE_method_get_unlock_store_function;
-+		STORE_get_ex_data;
-+		EC_KEY_set_public_key;
-+		PEM_read_ECPKParameters;
-+		X509_CERT_PAIR_new;
-+		ENGINE_register_STORE;
-+		RSA_generate_key_ex;
-+		DSA_generate_parameters_ex;
-+		ECParameters_print_fp;
-+		X509V3_NAME_from_section;
-+		EVP_PKEY_add1_attr;
-+		STORE_modify_crl;
-+		STORE_list_private_key_start;
-+		POLICY_MAPPINGS_it;
-+		GENERAL_SUBTREE_it;
-+		EC_GROUP_get_curve_name;
-+		PEM_write_X509_CERT_PAIR;
-+		BIO_dump_indent_cb;
-+		d2i_X509_CERT_PAIR;
-+		STORE_list_private_key_endp;
-+		asn1_const_Finish;
-+		i2d_EC_PUBKEY_fp;
-+		BN_nist_mod_256;
-+		X509_VERIFY_PARAM_add0_table;
-+		pqueue_free;
-+		BN_BLINDING_create_param;
-+		ECDSA_size;
-+		d2i_EC_PUBKEY_bio;
-+		BN_get0_nist_prime_521;
-+		STORE_ATTR_INFO_modify_sha1str;
-+		BN_generate_prime_ex;
-+		EC_GROUP_new_by_curve_name;
-+		SHA256_Final;
-+		DH_generate_parameters_ex;
-+		PEM_read_bio_ECPrivateKey;
-+		STORE_meth_get_cleanup_fn;
-+		STORE_method_get_cleanup_function;
-+		ENGINE_get_ECDH;
-+		d2i_ECDSA_SIG;
-+		BN_is_prime_fasttest_ex;
-+		ECDSA_sign;
-+		X509_policy_check;
-+		EVP_PKEY_get_attr_by_NID;
-+		STORE_set_ex_data;
-+		ENGINE_get_ECDSA;
-+		EVP_ecdsa;
-+		BN_BLINDING_get_flags;
-+		PKCS12_add_cert;
-+		STORE_OBJECT_new;
-+		ERR_load_ECDH_strings;
-+		EC_KEY_dup;
-+		EVP_CIPHER_CTX_rand_key;
-+		ECDSA_set_method;
-+		a2i_IPADDRESS_NC;
-+		d2i_ECParameters;
-+		STORE_list_certificate_end;
-+		STORE_get_crl;
-+		X509_POLICY_NODE_print;
-+		SHA384_Init;
-+		EC_GF2m_simple_method;
-+		ECDSA_set_ex_data;
-+		SHA384_Final;
-+		PKCS7_set_digest;
-+		EC_KEY_print;
-+		STORE_meth_set_lock_store_fn;
-+		STORE_method_set_lock_store_function;
-+		ECDSA_get_ex_new_index;
-+		SHA384;
-+		POLICY_MAPPING_new;
-+		STORE_list_certificate_endp;
-+		X509_STORE_CTX_get0_policy_tree;
-+		EC_GROUP_set_asn1_flag;
-+		EC_KEY_check_key;
-+		d2i_EC_PUBKEY_fp;
-+		PKCS7_set0_type_other;
-+		PEM_read_bio_X509_CERT_PAIR;
-+		pqueue_next;
-+		STORE_meth_get_list_end_fn;
-+		STORE_method_get_list_end_function;
-+		EVP_PKEY_add1_attr_by_OBJ;
-+		X509_VERIFY_PARAM_set_time;
-+		pqueue_new;
-+		ENGINE_set_default_ECDH;
-+		STORE_new_method;
-+		PKCS12_add_key;
-+		DSO_merge;
-+		EC_POINT_hex2point;
-+		BIO_dump_cb;
-+		SHA256_Update;
-+		pqueue_insert;
-+		pitem_free;
-+		BN_GF2m_mod_inv_arr;
-+		ENGINE_unregister_ECDSA;
-+		BN_BLINDING_set_thread_id;
-+		get_rfc3526_prime_8192;
-+		X509_VERIFY_PARAM_clear_flags;
-+		get_rfc2409_prime_1024;
-+		DH_check_pub_key;
-+		get_rfc3526_prime_2048;
-+		get_rfc3526_prime_6144;
-+		get_rfc3526_prime_1536;
-+		get_rfc3526_prime_3072;
-+		get_rfc3526_prime_4096;
-+		get_rfc2409_prime_768;
-+		X509_VERIFY_PARAM_get_flags;
-+		EVP_CIPHER_CTX_new;
-+		EVP_CIPHER_CTX_free;
-+		Camellia_cbc_encrypt;
-+		Camellia_cfb128_encrypt;
-+		Camellia_cfb1_encrypt;
-+		Camellia_cfb8_encrypt;
-+		Camellia_ctr128_encrypt;
-+		Camellia_cfbr_encrypt_block;
-+		Camellia_decrypt;
-+		Camellia_ecb_encrypt;
-+		Camellia_encrypt;
-+		Camellia_ofb128_encrypt;
-+		Camellia_set_key;
-+		EVP_camellia_128_cbc;
-+		EVP_camellia_128_cfb128;
-+		EVP_camellia_128_cfb1;
-+		EVP_camellia_128_cfb8;
-+		EVP_camellia_128_ecb;
-+		EVP_camellia_128_ofb;
-+		EVP_camellia_192_cbc;
-+		EVP_camellia_192_cfb128;
-+		EVP_camellia_192_cfb1;
-+		EVP_camellia_192_cfb8;
-+		EVP_camellia_192_ecb;
-+		EVP_camellia_192_ofb;
-+		EVP_camellia_256_cbc;
-+		EVP_camellia_256_cfb128;
-+		EVP_camellia_256_cfb1;
-+		EVP_camellia_256_cfb8;
-+		EVP_camellia_256_ecb;
-+		EVP_camellia_256_ofb;
-+		a2i_ipadd;
-+		ASIdentifiers_free;
-+		i2d_ASIdOrRange;
-+		EVP_CIPHER_block_size;
-+		v3_asid_is_canonical;
-+		IPAddressChoice_free;
-+		EVP_CIPHER_CTX_set_app_data;
-+		BIO_set_callback_arg;
-+		v3_addr_add_prefix;
-+		IPAddressOrRange_it;
-+		BIO_set_flags;
-+		ASIdentifiers_it;
-+		v3_addr_get_range;
-+		BIO_method_type;
-+		v3_addr_inherits;
-+		IPAddressChoice_it;
-+		AES_ige_encrypt;
-+		v3_addr_add_range;
-+		EVP_CIPHER_CTX_nid;
-+		d2i_ASRange;
-+		v3_addr_add_inherit;
-+		v3_asid_add_id_or_range;
-+		v3_addr_validate_resource_set;
-+		EVP_CIPHER_iv_length;
-+		EVP_MD_type;
-+		v3_asid_canonize;
-+		IPAddressRange_free;
-+		v3_asid_add_inherit;
-+		EVP_CIPHER_CTX_key_length;
-+		IPAddressRange_new;
-+		ASIdOrRange_new;
-+		EVP_MD_size;
-+		EVP_MD_CTX_test_flags;
-+		BIO_clear_flags;
-+		i2d_ASRange;
-+		IPAddressRange_it;
-+		IPAddressChoice_new;
-+		ASIdentifierChoice_new;
-+		ASRange_free;
-+		EVP_MD_pkey_type;
-+		EVP_MD_CTX_clear_flags;
-+		IPAddressFamily_free;
-+		i2d_IPAddressFamily;
-+		IPAddressOrRange_new;
-+		EVP_CIPHER_flags;
-+		v3_asid_validate_resource_set;
-+		d2i_IPAddressRange;
-+		AES_bi_ige_encrypt;
-+		BIO_get_callback;
-+		IPAddressOrRange_free;
-+		v3_addr_subset;
-+		d2i_IPAddressFamily;
-+		v3_asid_subset;
-+		BIO_test_flags;
-+		i2d_ASIdentifierChoice;
-+		ASRange_it;
-+		d2i_ASIdentifiers;
-+		ASRange_new;
-+		d2i_IPAddressChoice;
-+		v3_addr_get_afi;
-+		EVP_CIPHER_key_length;
-+		EVP_Cipher;
-+		i2d_IPAddressOrRange;
-+		ASIdOrRange_it;
-+		EVP_CIPHER_nid;
-+		i2d_IPAddressChoice;
-+		EVP_CIPHER_CTX_block_size;
-+		ASIdentifiers_new;
-+		v3_addr_validate_path;
-+		IPAddressFamily_new;
-+		EVP_MD_CTX_set_flags;
-+		v3_addr_is_canonical;
-+		i2d_IPAddressRange;
-+		IPAddressFamily_it;
-+		v3_asid_inherits;
-+		EVP_CIPHER_CTX_cipher;
-+		EVP_CIPHER_CTX_get_app_data;
-+		EVP_MD_block_size;
-+		EVP_CIPHER_CTX_flags;
-+		v3_asid_validate_path;
-+		d2i_IPAddressOrRange;
-+		v3_addr_canonize;
-+		ASIdentifierChoice_it;
-+		EVP_MD_CTX_md;
-+		d2i_ASIdentifierChoice;
-+		BIO_method_name;
-+		EVP_CIPHER_CTX_iv_length;
-+		ASIdOrRange_free;
-+		ASIdentifierChoice_free;
-+		BIO_get_callback_arg;
-+		BIO_set_callback;
-+		d2i_ASIdOrRange;
-+		i2d_ASIdentifiers;
-+		SEED_decrypt;
-+		SEED_encrypt;
-+		SEED_cbc_encrypt;
-+		EVP_seed_ofb;
-+		SEED_cfb128_encrypt;
-+		SEED_ofb128_encrypt;
-+		EVP_seed_cbc;
-+		SEED_ecb_encrypt;
-+		EVP_seed_ecb;
-+		SEED_set_key;
-+		EVP_seed_cfb128;
-+		X509_EXTENSIONS_it;
-+		X509_get1_ocsp;
-+		OCSP_REQ_CTX_free;
-+		i2d_X509_EXTENSIONS;
-+		OCSP_sendreq_nbio;
-+		OCSP_sendreq_new;
-+		d2i_X509_EXTENSIONS;
-+		X509_ALGORS_it;
-+		X509_ALGOR_get0;
-+		X509_ALGOR_set0;
-+		AES_unwrap_key;
-+		AES_wrap_key;
-+		X509at_get0_data_by_OBJ;
-+		ASN1_TYPE_set1;
-+		ASN1_STRING_set0;
-+		i2d_X509_ALGORS;
-+		BIO_f_zlib;
-+		COMP_zlib_cleanup;
-+		d2i_X509_ALGORS;
-+		CMS_ReceiptRequest_free;
-+		PEM_write_CMS;
-+		CMS_add0_CertificateChoices;
-+		CMS_unsigned_add1_attr_by_OBJ;
-+		ERR_load_CMS_strings;
-+		CMS_sign_receipt;
-+		i2d_CMS_ContentInfo;
-+		CMS_signed_delete_attr;
-+		d2i_CMS_bio;
-+		CMS_unsigned_get_attr_by_NID;
-+		CMS_verify;
-+		SMIME_read_CMS;
-+		CMS_decrypt_set1_key;
-+		CMS_SignerInfo_get0_algs;
-+		CMS_add1_cert;
-+		CMS_set_detached;
-+		CMS_encrypt;
-+		CMS_EnvelopedData_create;
-+		CMS_uncompress;
-+		CMS_add0_crl;
-+		CMS_SignerInfo_verify_content;
-+		CMS_unsigned_get0_data_by_OBJ;
-+		PEM_write_bio_CMS;
-+		CMS_unsigned_get_attr;
-+		CMS_RecipientInfo_ktri_cert_cmp;
-+		CMS_RecipientInfo_ktri_get0_algs;
-+		CMS_RecipInfo_ktri_get0_algs;
-+		CMS_ContentInfo_free;
-+		CMS_final;
-+		CMS_add_simple_smimecap;
-+		CMS_SignerInfo_verify;
-+		CMS_data;
-+		CMS_ContentInfo_it;
-+		d2i_CMS_ReceiptRequest;
-+		CMS_compress;
-+		CMS_digest_create;
-+		CMS_SignerInfo_cert_cmp;
-+		CMS_SignerInfo_sign;
-+		CMS_data_create;
-+		i2d_CMS_bio;
-+		CMS_EncryptedData_set1_key;
-+		CMS_decrypt;
-+		int_smime_write_ASN1;
-+		CMS_unsigned_delete_attr;
-+		CMS_unsigned_get_attr_count;
-+		CMS_add_smimecap;
-+		PEM_read_CMS;
-+		CMS_signed_get_attr_by_OBJ;
-+		d2i_CMS_ContentInfo;
-+		CMS_add_standard_smimecap;
-+		CMS_ContentInfo_new;
-+		CMS_RecipientInfo_type;
-+		CMS_get0_type;
-+		CMS_is_detached;
-+		CMS_sign;
-+		CMS_signed_add1_attr;
-+		CMS_unsigned_get_attr_by_OBJ;
-+		SMIME_write_CMS;
-+		CMS_EncryptedData_decrypt;
-+		CMS_get0_RecipientInfos;
-+		CMS_add0_RevocationInfoChoice;
-+		CMS_decrypt_set1_pkey;
-+		CMS_SignerInfo_set1_signer_cert;
-+		CMS_get0_signers;
-+		CMS_ReceiptRequest_get0_values;
-+		CMS_signed_get0_data_by_OBJ;
-+		CMS_get0_SignerInfos;
-+		CMS_add0_cert;
-+		CMS_EncryptedData_encrypt;
-+		CMS_digest_verify;
-+		CMS_set1_signers_certs;
-+		CMS_signed_get_attr;
-+		CMS_RecipientInfo_set0_key;
-+		CMS_SignedData_init;
-+		CMS_RecipientInfo_kekri_get0_id;
-+		CMS_verify_receipt;
-+		CMS_ReceiptRequest_it;
-+		PEM_read_bio_CMS;
-+		CMS_get1_crls;
-+		CMS_add0_recipient_key;
-+		SMIME_read_ASN1;
-+		CMS_ReceiptRequest_new;
-+		CMS_get0_content;
-+		CMS_get1_ReceiptRequest;
-+		CMS_signed_add1_attr_by_OBJ;
-+		CMS_RecipientInfo_kekri_id_cmp;
-+		CMS_add1_ReceiptRequest;
-+		CMS_SignerInfo_get0_signer_id;
-+		CMS_unsigned_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr;
-+		CMS_signed_get_attr_by_NID;
-+		CMS_get1_certs;
-+		CMS_signed_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr_by_txt;
-+		CMS_dataFinal;
-+		CMS_RecipientInfo_ktri_get0_signer_id;
-+		CMS_RecipInfo_ktri_get0_sigr_id;
-+		i2d_CMS_ReceiptRequest;
-+		CMS_add1_recipient_cert;
-+		CMS_dataInit;
-+		CMS_signed_add1_attr_by_txt;
-+		CMS_RecipientInfo_decrypt;
-+		CMS_signed_get_attr_count;
-+		CMS_get0_eContentType;
-+		CMS_set1_eContentType;
-+		CMS_ReceiptRequest_create0;
-+		CMS_add1_signer;
-+		CMS_RecipientInfo_set0_pkey;
-+		ENGINE_set_load_ssl_client_cert_function;
-+		ENGINE_set_ld_ssl_clnt_cert_fn;
-+		ENGINE_get_ssl_client_cert_function;
-+		ENGINE_get_ssl_client_cert_fn;
-+		ENGINE_load_ssl_client_cert;
-+		ENGINE_load_capi;
-+		OPENSSL_isservice;
-+		FIPS_dsa_sig_decode;
-+		EVP_CIPHER_CTX_clear_flags;
-+		FIPS_rand_status;
-+		FIPS_rand_set_key;
-+		CRYPTO_set_mem_info_functions;
-+		RSA_X931_generate_key_ex;
-+		int_ERR_set_state_func;
-+		int_EVP_MD_set_engine_callbacks;
-+		int_CRYPTO_set_do_dynlock_callback;
-+		FIPS_rng_stick;
-+		EVP_CIPHER_CTX_set_flags;
-+		BN_X931_generate_prime_ex;
-+		FIPS_selftest_check;
-+		FIPS_rand_set_dt;
-+		CRYPTO_dbg_pop_info;
-+		FIPS_dsa_free;
-+		RSA_X931_derive_ex;
-+		FIPS_rsa_new;
-+		FIPS_rand_bytes;
-+		fips_cipher_test;
-+		EVP_CIPHER_CTX_test_flags;
-+		CRYPTO_malloc_debug_init;
-+		CRYPTO_dbg_push_info;
-+		FIPS_corrupt_rsa_keygen;
-+		FIPS_dh_new;
-+		FIPS_corrupt_dsa_keygen;
-+		FIPS_dh_free;
-+		fips_pkey_signature_test;
-+		EVP_add_alg_module;
-+		int_RAND_init_engine_callbacks;
-+		int_EVP_CIPHER_set_engine_callbacks;
-+		int_EVP_MD_init_engine_callbacks;
-+		FIPS_rand_test_mode;
-+		FIPS_rand_reset;
-+		FIPS_dsa_new;
-+		int_RAND_set_callbacks;
-+		BN_X931_derive_prime_ex;
-+		int_ERR_lib_init;
-+		int_EVP_CIPHER_init_engine_callbacks;
-+		FIPS_rsa_free;
-+		FIPS_dsa_sig_encode;
-+		CRYPTO_dbg_remove_all_info;
-+		OPENSSL_init;
-+		CRYPTO_strdup;
-+		JPAKE_STEP3A_process;
-+		JPAKE_STEP1_release;
-+		JPAKE_get_shared_key;
-+		JPAKE_STEP3B_init;
-+		JPAKE_STEP1_generate;
-+		JPAKE_STEP1_init;
-+		JPAKE_STEP3B_process;
-+		JPAKE_STEP2_generate;
-+		JPAKE_CTX_new;
-+		JPAKE_CTX_free;
-+		JPAKE_STEP3B_release;
-+		JPAKE_STEP3A_release;
-+		JPAKE_STEP2_process;
-+		JPAKE_STEP3B_generate;
-+		JPAKE_STEP1_process;
-+		JPAKE_STEP3A_generate;
-+		JPAKE_STEP2_release;
-+		JPAKE_STEP3A_init;
-+		ERR_load_JPAKE_strings;
-+		JPAKE_STEP2_init;
-+		pqueue_size;
-+		i2d_TS_ACCURACY;
-+		i2d_TS_MSG_IMPRINT_fp;
-+		i2d_TS_MSG_IMPRINT;
-+		EVP_PKEY_print_public;
-+		EVP_PKEY_CTX_new;
-+		i2d_TS_TST_INFO;
-+		EVP_PKEY_asn1_find;
-+		DSO_METHOD_beos;
-+		TS_CONF_load_cert;
-+		TS_REQ_get_ext;
-+		EVP_PKEY_sign_init;
-+		ASN1_item_print;
-+		TS_TST_INFO_set_nonce;
-+		TS_RESP_dup;
-+		ENGINE_register_pkey_meths;
-+		EVP_PKEY_asn1_add0;
-+		PKCS7_add0_attrib_signing_time;
-+		i2d_TS_TST_INFO_fp;
-+		BIO_asn1_get_prefix;
-+		TS_TST_INFO_set_time;
-+		EVP_PKEY_meth_set_decrypt;
-+		EVP_PKEY_set_type_str;
-+		EVP_PKEY_CTX_get_keygen_info;
-+		TS_REQ_set_policy_id;
-+		d2i_TS_RESP_fp;
-+		ENGINE_get_pkey_asn1_meth_engine;
-+		ENGINE_get_pkey_asn1_meth_eng;
-+		WHIRLPOOL_Init;
-+		TS_RESP_set_status_info;
-+		EVP_PKEY_keygen;
-+		EVP_DigestSignInit;
-+		TS_ACCURACY_set_millis;
-+		TS_REQ_dup;
-+		GENERAL_NAME_dup;
-+		ASN1_SEQUENCE_ANY_it;
-+		WHIRLPOOL;
-+		X509_STORE_get1_crls;
-+		ENGINE_get_pkey_asn1_meth;
-+		EVP_PKEY_asn1_new;
-+		BIO_new_NDEF;
-+		ENGINE_get_pkey_meth;
-+		TS_MSG_IMPRINT_set_algo;
-+		i2d_TS_TST_INFO_bio;
-+		TS_TST_INFO_set_ordering;
-+		TS_TST_INFO_get_ext_by_OBJ;
-+		CRYPTO_THREADID_set_pointer;
-+		TS_CONF_get_tsa_section;
-+		SMIME_write_ASN1;
-+		TS_RESP_CTX_set_signer_key;
-+		EVP_PKEY_encrypt_old;
-+		EVP_PKEY_encrypt_init;
-+		CRYPTO_THREADID_cpy;
-+		ASN1_PCTX_get_cert_flags;
-+		i2d_ESS_SIGNING_CERT;
-+		TS_CONF_load_key;
-+		i2d_ASN1_SEQUENCE_ANY;
-+		d2i_TS_MSG_IMPRINT_bio;
-+		EVP_PKEY_asn1_set_public;
-+		b2i_PublicKey_bio;
-+		BIO_asn1_set_prefix;
-+		EVP_PKEY_new_mac_key;
-+		BIO_new_CMS;
-+		CRYPTO_THREADID_cmp;
-+		TS_REQ_ext_free;
-+		EVP_PKEY_asn1_set_free;
-+		EVP_PKEY_get0_asn1;
-+		d2i_NETSCAPE_X509;
-+		EVP_PKEY_verify_recover_init;
-+		EVP_PKEY_CTX_set_data;
-+		EVP_PKEY_keygen_init;
-+		TS_RESP_CTX_set_status_info;
-+		TS_MSG_IMPRINT_get_algo;
-+		TS_REQ_print_bio;
-+		EVP_PKEY_CTX_ctrl_str;
-+		EVP_PKEY_get_default_digest_nid;
-+		PEM_write_bio_PKCS7_stream;
-+		TS_MSG_IMPRINT_print_bio;
-+		BN_asc2bn;
-+		TS_REQ_get_policy_id;
-+		ENGINE_set_default_pkey_asn1_meths;
-+		ENGINE_set_def_pkey_asn1_meths;
-+		d2i_TS_ACCURACY;
-+		DSO_global_lookup;
-+		TS_CONF_set_tsa_name;
-+		i2d_ASN1_SET_ANY;
-+		ENGINE_load_gost;
-+		WHIRLPOOL_BitUpdate;
-+		ASN1_PCTX_get_flags;
-+		TS_TST_INFO_get_ext_by_NID;
-+		TS_RESP_new;
-+		ESS_CERT_ID_dup;
-+		TS_STATUS_INFO_dup;
-+		TS_REQ_delete_ext;
-+		EVP_DigestVerifyFinal;
-+		EVP_PKEY_print_params;
-+		i2d_CMS_bio_stream;
-+		TS_REQ_get_msg_imprint;
-+		OBJ_find_sigid_by_algs;
-+		TS_TST_INFO_get_serial;
-+		TS_REQ_get_nonce;
-+		X509_PUBKEY_set0_param;
-+		EVP_PKEY_CTX_set0_keygen_info;
-+		DIST_POINT_set_dpname;
-+		i2d_ISSUING_DIST_POINT;
-+		ASN1_SET_ANY_it;
-+		EVP_PKEY_CTX_get_data;
-+		TS_STATUS_INFO_print_bio;
-+		EVP_PKEY_derive_init;
-+		d2i_TS_TST_INFO;
-+		EVP_PKEY_asn1_add_alias;
-+		d2i_TS_RESP_bio;
-+		OTHERNAME_cmp;
-+		GENERAL_NAME_set0_value;
-+		PKCS7_RECIP_INFO_get0_alg;
-+		TS_RESP_CTX_new;
-+		TS_RESP_set_tst_info;
-+		PKCS7_final;
-+		EVP_PKEY_base_id;
-+		TS_RESP_CTX_set_signer_cert;
-+		TS_REQ_set_msg_imprint;
-+		EVP_PKEY_CTX_ctrl;
-+		TS_CONF_set_digests;
-+		d2i_TS_MSG_IMPRINT;
-+		EVP_PKEY_meth_set_ctrl;
-+		TS_REQ_get_ext_by_NID;
-+		PKCS5_pbe_set0_algor;
-+		BN_BLINDING_thread_id;
-+		TS_ACCURACY_new;
-+		X509_CRL_METHOD_free;
-+		ASN1_PCTX_get_nm_flags;
-+		EVP_PKEY_meth_set_sign;
-+		CRYPTO_THREADID_current;
-+		EVP_PKEY_decrypt_init;
-+		NETSCAPE_X509_free;
-+		i2b_PVK_bio;
-+		EVP_PKEY_print_private;
-+		GENERAL_NAME_get0_value;
-+		b2i_PVK_bio;
-+		ASN1_UTCTIME_adj;
-+		TS_TST_INFO_new;
-+		EVP_MD_do_all_sorted;
-+		TS_CONF_set_default_engine;
-+		TS_ACCURACY_set_seconds;
-+		TS_TST_INFO_get_time;
-+		PKCS8_pkey_get0;
-+		EVP_PKEY_asn1_get0;
-+		OBJ_add_sigid;
-+		PKCS7_SIGNER_INFO_sign;
-+		EVP_PKEY_paramgen_init;
-+		EVP_PKEY_sign;
-+		OBJ_sigid_free;
-+		EVP_PKEY_meth_set_init;
-+		d2i_ESS_ISSUER_SERIAL;
-+		ISSUING_DIST_POINT_new;
-+		ASN1_TIME_adj;
-+		TS_OBJ_print_bio;
-+		EVP_PKEY_meth_set_verify_recover;
-+		EVP_PKEY_meth_set_vrfy_recover;
-+		TS_RESP_get_status_info;
-+		CMS_stream;
-+		EVP_PKEY_CTX_set_cb;
-+		PKCS7_to_TS_TST_INFO;
-+		ASN1_PCTX_get_oid_flags;
-+		TS_TST_INFO_add_ext;
-+		EVP_PKEY_meth_set_derive;
-+		i2d_TS_RESP_fp;
-+		i2d_TS_MSG_IMPRINT_bio;
-+		TS_RESP_CTX_set_accuracy;
-+		TS_REQ_set_nonce;
-+		ESS_CERT_ID_new;
-+		ENGINE_pkey_asn1_find_str;
-+		TS_REQ_get_ext_count;
-+		BUF_reverse;
-+		TS_TST_INFO_print_bio;
-+		d2i_ISSUING_DIST_POINT;
-+		ENGINE_get_pkey_meths;
-+		i2b_PrivateKey_bio;
-+		i2d_TS_RESP;
-+		b2i_PublicKey;
-+		TS_VERIFY_CTX_cleanup;
-+		TS_STATUS_INFO_free;
-+		TS_RESP_verify_token;
-+		OBJ_bsearch_ex_;
-+		ASN1_bn_print;
-+		EVP_PKEY_asn1_get_count;
-+		ENGINE_register_pkey_asn1_meths;
-+		ASN1_PCTX_set_nm_flags;
-+		EVP_DigestVerifyInit;
-+		ENGINE_set_default_pkey_meths;
-+		TS_TST_INFO_get_policy_id;
-+		TS_REQ_get_cert_req;
-+		X509_CRL_set_meth_data;
-+		PKCS8_pkey_set0;
-+		ASN1_STRING_copy;
-+		d2i_TS_TST_INFO_fp;
-+		X509_CRL_match;
-+		EVP_PKEY_asn1_set_private;
-+		TS_TST_INFO_get_ext_d2i;
-+		TS_RESP_CTX_add_policy;
-+		d2i_TS_RESP;
-+		TS_CONF_load_certs;
-+		TS_TST_INFO_get_msg_imprint;
-+		ERR_load_TS_strings;
-+		TS_TST_INFO_get_version;
-+		EVP_PKEY_CTX_dup;
-+		EVP_PKEY_meth_set_verify;
-+		i2b_PublicKey_bio;
-+		TS_CONF_set_certs;
-+		EVP_PKEY_asn1_get0_info;
-+		TS_VERIFY_CTX_free;
-+		TS_REQ_get_ext_by_critical;
-+		TS_RESP_CTX_set_serial_cb;
-+		X509_CRL_get_meth_data;
-+		TS_RESP_CTX_set_time_cb;
-+		TS_MSG_IMPRINT_get_msg;
-+		TS_TST_INFO_ext_free;
-+		TS_REQ_get_version;
-+		TS_REQ_add_ext;
-+		EVP_PKEY_CTX_set_app_data;
-+		OBJ_bsearch_;
-+		EVP_PKEY_meth_set_verifyctx;
-+		i2d_PKCS7_bio_stream;
-+		CRYPTO_THREADID_set_numeric;
-+		PKCS7_sign_add_signer;
-+		d2i_TS_TST_INFO_bio;
-+		TS_TST_INFO_get_ordering;
-+		TS_RESP_print_bio;
-+		TS_TST_INFO_get_exts;
-+		HMAC_CTX_copy;
-+		PKCS5_pbe2_set_iv;
-+		ENGINE_get_pkey_asn1_meths;
-+		b2i_PrivateKey;
-+		EVP_PKEY_CTX_get_app_data;
-+		TS_REQ_set_cert_req;
-+		CRYPTO_THREADID_set_callback;
-+		TS_CONF_set_serial;
-+		TS_TST_INFO_free;
-+		d2i_TS_REQ_fp;
-+		TS_RESP_verify_response;
-+		i2d_ESS_ISSUER_SERIAL;
-+		TS_ACCURACY_get_seconds;
-+		EVP_CIPHER_do_all;
-+		b2i_PrivateKey_bio;
-+		OCSP_CERTID_dup;
-+		X509_PUBKEY_get0_param;
-+		TS_MSG_IMPRINT_dup;
-+		PKCS7_print_ctx;
-+		i2d_TS_REQ_bio;
-+		EVP_whirlpool;
-+		EVP_PKEY_asn1_set_param;
-+		EVP_PKEY_meth_set_encrypt;
-+		ASN1_PCTX_set_flags;
-+		i2d_ESS_CERT_ID;
-+		TS_VERIFY_CTX_new;
-+		TS_RESP_CTX_set_extension_cb;
-+		ENGINE_register_all_pkey_meths;
-+		TS_RESP_CTX_set_status_info_cond;
-+		TS_RESP_CTX_set_stat_info_cond;
-+		EVP_PKEY_verify;
-+		WHIRLPOOL_Final;
-+		X509_CRL_METHOD_new;
-+		EVP_DigestSignFinal;
-+		TS_RESP_CTX_set_def_policy;
-+		NETSCAPE_X509_it;
-+		TS_RESP_create_response;
-+		PKCS7_SIGNER_INFO_get0_algs;
-+		TS_TST_INFO_get_nonce;
-+		EVP_PKEY_decrypt_old;
-+		TS_TST_INFO_set_policy_id;
-+		TS_CONF_set_ess_cert_id_chain;
-+		EVP_PKEY_CTX_get0_pkey;
-+		d2i_TS_REQ;
-+		EVP_PKEY_asn1_find_str;
-+		BIO_f_asn1;
-+		ESS_SIGNING_CERT_new;
-+		EVP_PBE_find;
-+		X509_CRL_get0_by_cert;
-+		EVP_PKEY_derive;
-+		i2d_TS_REQ;
-+		TS_TST_INFO_delete_ext;
-+		ESS_ISSUER_SERIAL_free;
-+		ASN1_PCTX_set_str_flags;
-+		ENGINE_get_pkey_asn1_meth_str;
-+		TS_CONF_set_signer_key;
-+		TS_ACCURACY_get_millis;
-+		TS_RESP_get_token;
-+		TS_ACCURACY_dup;
-+		ENGINE_register_all_pkey_asn1_meths;
-+		ENGINE_reg_all_pkey_asn1_meths;
-+		X509_CRL_set_default_method;
-+		CRYPTO_THREADID_hash;
-+		CMS_ContentInfo_print_ctx;
-+		TS_RESP_free;
-+		ISSUING_DIST_POINT_free;
-+		ESS_ISSUER_SERIAL_new;
-+		CMS_add1_crl;
-+		PKCS7_add1_attrib_digest;
-+		TS_RESP_CTX_add_md;
-+		TS_TST_INFO_dup;
-+		ENGINE_set_pkey_asn1_meths;
-+		PEM_write_bio_Parameters;
-+		TS_TST_INFO_get_accuracy;
-+		X509_CRL_get0_by_serial;
-+		TS_TST_INFO_set_version;
-+		TS_RESP_CTX_get_tst_info;
-+		TS_RESP_verify_signature;
-+		CRYPTO_THREADID_get_callback;
-+		TS_TST_INFO_get_tsa;
-+		TS_STATUS_INFO_new;
-+		EVP_PKEY_CTX_get_cb;
-+		TS_REQ_get_ext_d2i;
-+		GENERAL_NAME_set0_othername;
-+		TS_TST_INFO_get_ext_count;
-+		TS_RESP_CTX_get_request;
-+		i2d_NETSCAPE_X509;
-+		ENGINE_get_pkey_meth_engine;
-+		EVP_PKEY_meth_set_signctx;
-+		EVP_PKEY_asn1_copy;
-+		ASN1_TYPE_cmp;
-+		EVP_CIPHER_do_all_sorted;
-+		EVP_PKEY_CTX_free;
-+		ISSUING_DIST_POINT_it;
-+		d2i_TS_MSG_IMPRINT_fp;
-+		X509_STORE_get1_certs;
-+		EVP_PKEY_CTX_get_operation;
-+		d2i_ESS_SIGNING_CERT;
-+		TS_CONF_set_ordering;
-+		EVP_PBE_alg_add_type;
-+		TS_REQ_set_version;
-+		EVP_PKEY_get0;
-+		BIO_asn1_set_suffix;
-+		i2d_TS_STATUS_INFO;
-+		EVP_MD_do_all;
-+		TS_TST_INFO_set_accuracy;
-+		PKCS7_add_attrib_content_type;
-+		ERR_remove_thread_state;
-+		EVP_PKEY_meth_add0;
-+		TS_TST_INFO_set_tsa;
-+		EVP_PKEY_meth_new;
-+		WHIRLPOOL_Update;
-+		TS_CONF_set_accuracy;
-+		ASN1_PCTX_set_oid_flags;
-+		ESS_SIGNING_CERT_dup;
-+		d2i_TS_REQ_bio;
-+		X509_time_adj_ex;
-+		TS_RESP_CTX_add_flags;
-+		d2i_TS_STATUS_INFO;
-+		TS_MSG_IMPRINT_set_msg;
-+		BIO_asn1_get_suffix;
-+		TS_REQ_free;
-+		EVP_PKEY_meth_free;
-+		TS_REQ_get_exts;
-+		TS_RESP_CTX_set_clock_precision_digits;
-+		TS_RESP_CTX_set_clk_prec_digits;
-+		TS_RESP_CTX_add_failure_info;
-+		i2d_TS_RESP_bio;
-+		EVP_PKEY_CTX_get0_peerkey;
-+		PEM_write_bio_CMS_stream;
-+		TS_REQ_new;
-+		TS_MSG_IMPRINT_new;
-+		EVP_PKEY_meth_find;
-+		EVP_PKEY_id;
-+		TS_TST_INFO_set_serial;
-+		a2i_GENERAL_NAME;
-+		TS_CONF_set_crypto_device;
-+		EVP_PKEY_verify_init;
-+		TS_CONF_set_policies;
-+		ASN1_PCTX_new;
-+		ESS_CERT_ID_free;
-+		ENGINE_unregister_pkey_meths;
-+		TS_MSG_IMPRINT_free;
-+		TS_VERIFY_CTX_init;
-+		PKCS7_stream;
-+		TS_RESP_CTX_set_certs;
-+		TS_CONF_set_def_policy;
-+		ASN1_GENERALIZEDTIME_adj;
-+		NETSCAPE_X509_new;
-+		TS_ACCURACY_free;
-+		TS_RESP_get_tst_info;
-+		EVP_PKEY_derive_set_peer;
-+		PEM_read_bio_Parameters;
-+		TS_CONF_set_clock_precision_digits;
-+		TS_CONF_set_clk_prec_digits;
-+		ESS_ISSUER_SERIAL_dup;
-+		TS_ACCURACY_get_micros;
-+		ASN1_PCTX_get_str_flags;
-+		NAME_CONSTRAINTS_check;
-+		ASN1_BIT_STRING_check;
-+		X509_check_akid;
-+		ENGINE_unregister_pkey_asn1_meths;
-+		ENGINE_unreg_pkey_asn1_meths;
-+		ASN1_PCTX_free;
-+		PEM_write_bio_ASN1_stream;
-+		i2d_ASN1_bio_stream;
-+		TS_X509_ALGOR_print_bio;
-+		EVP_PKEY_meth_set_cleanup;
-+		EVP_PKEY_asn1_free;
-+		ESS_SIGNING_CERT_free;
-+		TS_TST_INFO_set_msg_imprint;
-+		GENERAL_NAME_cmp;
-+		d2i_ASN1_SET_ANY;
-+		ENGINE_set_pkey_meths;
-+		i2d_TS_REQ_fp;
-+		d2i_ASN1_SEQUENCE_ANY;
-+		GENERAL_NAME_get0_otherName;
-+		d2i_ESS_CERT_ID;
-+		OBJ_find_sigid_algs;
-+		EVP_PKEY_meth_set_keygen;
-+		PKCS5_PBKDF2_HMAC;
-+		EVP_PKEY_paramgen;
-+		EVP_PKEY_meth_set_paramgen;
-+		BIO_new_PKCS7;
-+		EVP_PKEY_verify_recover;
-+		TS_ext_print_bio;
-+		TS_ASN1_INTEGER_print_bio;
-+		check_defer;
-+		DSO_pathbyaddr;
-+		EVP_PKEY_set_type;
-+		TS_ACCURACY_set_micros;
-+		TS_REQ_to_TS_VERIFY_CTX;
-+		EVP_PKEY_meth_set_copy;
-+		ASN1_PCTX_set_cert_flags;
-+		TS_TST_INFO_get_ext;
-+		EVP_PKEY_asn1_set_ctrl;
-+		TS_TST_INFO_get_ext_by_critical;
-+		EVP_PKEY_CTX_new_id;
-+		TS_REQ_get_ext_by_OBJ;
-+		TS_CONF_set_signer_cert;
-+		X509_NAME_hash_old;
-+		ASN1_TIME_set_string;
-+		EVP_MD_flags;
-+		TS_RESP_CTX_free;
-+		DSAparams_dup;
-+		DHparams_dup;
-+		OCSP_REQ_CTX_add1_header;
-+		OCSP_REQ_CTX_set1_req;
-+		X509_STORE_set_verify_cb;
-+		X509_STORE_CTX_get0_current_crl;
-+		X509_STORE_CTX_get0_parent_ctx;
-+		X509_STORE_CTX_get0_current_issuer;
-+		X509_STORE_CTX_get0_cur_issuer;
-+		X509_issuer_name_hash_old;
-+		X509_subject_name_hash_old;
-+		EVP_CIPHER_CTX_copy;
-+		UI_method_get_prompt_constructor;
-+		UI_method_get_prompt_constructr;
-+		UI_method_set_prompt_constructor;
-+		UI_method_set_prompt_constructr;
-+		EVP_read_pw_string_min;
-+		CRYPTO_cts128_encrypt;
-+		CRYPTO_cts128_decrypt_block;
-+		CRYPTO_cfb128_1_encrypt;
-+		CRYPTO_cbc128_encrypt;
-+		CRYPTO_ctr128_encrypt;
-+		CRYPTO_ofb128_encrypt;
-+		CRYPTO_cts128_decrypt;
-+		CRYPTO_cts128_encrypt_block;
-+		CRYPTO_cbc128_decrypt;
-+		CRYPTO_cfb128_encrypt;
-+		CRYPTO_cfb128_8_encrypt;
-+		SSL_renegotiate_abbreviated;
-+		TLSv1_1_method;
-+		TLSv1_1_client_method;
-+		TLSv1_1_server_method;
-+		SSL_CTX_set_srp_client_pwd_callback;
-+		SSL_CTX_set_srp_client_pwd_cb;
-+		SSL_get_srp_g;
-+		SSL_CTX_set_srp_username_callback;
-+		SSL_CTX_set_srp_un_cb;
-+		SSL_get_srp_userinfo;
-+		SSL_set_srp_server_param;
-+		SSL_set_srp_server_param_pw;
-+		SSL_get_srp_N;
-+		SSL_get_srp_username;
-+		SSL_CTX_set_srp_password;
-+		SSL_CTX_set_srp_strength;
-+		SSL_CTX_set_srp_verify_param_callback;
-+		SSL_CTX_set_srp_vfy_param_cb;
-+		SSL_CTX_set_srp_cb_arg;
-+		SSL_CTX_set_srp_username;
-+		SSL_CTX_SRP_CTX_init;
-+		SSL_SRP_CTX_init;
-+		SRP_Calc_A_param;
-+		SRP_generate_server_master_secret;
-+		SRP_gen_server_master_secret;
-+		SSL_CTX_SRP_CTX_free;
-+		SRP_generate_client_master_secret;
-+		SRP_gen_client_master_secret;
-+		SSL_srp_server_param_with_username;
-+		SSL_srp_server_param_with_un;
-+		SSL_SRP_CTX_free;
-+		SSL_set_debug;
-+		SSL_SESSION_get0_peer;
-+		TLSv1_2_client_method;
-+		SSL_SESSION_set1_id_context;
-+		TLSv1_2_server_method;
-+		SSL_cache_hit;
-+		SSL_get0_kssl_ctx;
-+		SSL_set0_kssl_ctx;
-+		SSL_set_state;
-+		SSL_CIPHER_get_id;
-+		TLSv1_2_method;
-+		kssl_ctx_get0_client_princ;
-+		SSL_export_keying_material;
-+		SSL_set_tlsext_use_srtp;
-+		SSL_CTX_set_next_protos_advertised_cb;
-+		SSL_CTX_set_next_protos_adv_cb;
-+		SSL_get0_next_proto_negotiated;
-+		SSL_get_selected_srtp_profile;
-+		SSL_CTX_set_tlsext_use_srtp;
-+		SSL_select_next_proto;
-+		SSL_get_srtp_profiles;
-+		SSL_CTX_set_next_proto_select_cb;
-+		SSL_CTX_set_next_proto_sel_cb;
-+		SSL_SESSION_get_compress_id;
-+
-+		SRP_VBASE_get_by_user;
-+		SRP_Calc_server_key;
-+		SRP_create_verifier;
-+		SRP_create_verifier_BN;
-+		SRP_Calc_u;
-+		SRP_VBASE_free;
-+		SRP_Calc_client_key;
-+		SRP_get_default_gN;
-+		SRP_Calc_x;
-+		SRP_Calc_B;
-+		SRP_VBASE_new;
-+		SRP_check_known_gN_param;
-+		SRP_Calc_A;
-+		SRP_Verify_A_mod_N;
-+		SRP_VBASE_init;
-+		SRP_Verify_B_mod_N;
-+		EC_KEY_set_public_key_affine_coordinates;
-+		EC_KEY_set_pub_key_aff_coords;
-+		EVP_aes_192_ctr;
-+		EVP_PKEY_meth_get0_info;
-+		EVP_PKEY_meth_copy;
-+		ERR_add_error_vdata;
-+		EVP_aes_128_ctr;
-+		EVP_aes_256_ctr;
-+		EC_GFp_nistp224_method;
-+		EC_KEY_get_flags;
-+		RSA_padding_add_PKCS1_PSS_mgf1;
-+		EVP_aes_128_xts;
-+		EVP_aes_256_xts;
-+		EVP_aes_128_gcm;
-+		EC_KEY_clear_flags;
-+		EC_KEY_set_flags;
-+		EVP_aes_256_ccm;
-+		RSA_verify_PKCS1_PSS_mgf1;
-+		EVP_aes_128_ccm;
-+		EVP_aes_192_gcm;
-+		X509_ALGOR_set_md;
-+		RAND_init_fips;
-+		EVP_aes_256_gcm;
-+		EVP_aes_192_ccm;
-+		CMAC_CTX_copy;
-+		CMAC_CTX_free;
-+		CMAC_CTX_get0_cipher_ctx;
-+		CMAC_CTX_cleanup;
-+		CMAC_Init;
-+		CMAC_Update;
-+		CMAC_resume;
-+		CMAC_CTX_new;
-+		CMAC_Final;
-+		CRYPTO_ctr128_encrypt_ctr32;
-+		CRYPTO_gcm128_release;
-+		CRYPTO_ccm128_decrypt_ccm64;
-+		CRYPTO_ccm128_encrypt;
-+		CRYPTO_gcm128_encrypt;
-+		CRYPTO_xts128_encrypt;
-+		EVP_rc4_hmac_md5;
-+		CRYPTO_nistcts128_decrypt_block;
-+		CRYPTO_gcm128_setiv;
-+		CRYPTO_nistcts128_encrypt;
-+		EVP_aes_128_cbc_hmac_sha1;
-+		CRYPTO_gcm128_tag;
-+		CRYPTO_ccm128_encrypt_ccm64;
-+		ENGINE_load_rdrand;
-+		CRYPTO_ccm128_setiv;
-+		CRYPTO_nistcts128_encrypt_block;
-+		CRYPTO_gcm128_aad;
-+		CRYPTO_ccm128_init;
-+		CRYPTO_nistcts128_decrypt;
-+		CRYPTO_gcm128_new;
-+		CRYPTO_ccm128_tag;
-+		CRYPTO_ccm128_decrypt;
-+		CRYPTO_ccm128_aad;
-+		CRYPTO_gcm128_init;
-+		CRYPTO_gcm128_decrypt;
-+		ENGINE_load_rsax;
-+		CRYPTO_gcm128_decrypt_ctr32;
-+		CRYPTO_gcm128_encrypt_ctr32;
-+		CRYPTO_gcm128_finish;
-+		EVP_aes_256_cbc_hmac_sha1;
-+		PKCS5_pbkdf2_set;
-+		CMS_add0_recipient_password;
-+		CMS_decrypt_set1_password;
-+		CMS_RecipientInfo_set0_password;
-+		RAND_set_fips_drbg_type;
-+		X509_REQ_sign_ctx;
-+		RSA_PSS_PARAMS_new;
-+		X509_CRL_sign_ctx;
-+		X509_signature_dump;
-+		d2i_RSA_PSS_PARAMS;
-+		RSA_PSS_PARAMS_it;
-+		RSA_PSS_PARAMS_free;
-+		X509_sign_ctx;
-+		i2d_RSA_PSS_PARAMS;
-+		ASN1_item_sign_ctx;
-+		EC_GFp_nistp521_method;
-+		EC_GFp_nistp256_method;
-+		OPENSSL_stderr;
-+		OPENSSL_cpuid_setup;
-+		OPENSSL_showfatal;
-+		BIO_new_dgram_sctp;
-+		BIO_dgram_sctp_msg_waiting;
-+		BIO_dgram_sctp_wait_for_dry;
-+		BIO_s_datagram_sctp;
-+		BIO_dgram_is_sctp;
-+		BIO_dgram_sctp_notification_cb;
-+		CRYPTO_memcmp;
-+		SSL_CTX_set_alpn_protos;
-+		SSL_set_alpn_protos;
-+		SSL_CTX_set_alpn_select_cb;
-+		SSL_get0_alpn_selected;
-+		SSL_CTX_set_custom_cli_ext;
-+		SSL_CTX_set_custom_srv_ext;
-+		SSL_CTX_set_srv_supp_data;
-+		SSL_CTX_set_cli_supp_data;
-+		SSL_set_cert_cb;
-+		SSL_CTX_use_serverinfo;
-+		SSL_CTX_use_serverinfo_file;
-+		SSL_CTX_set_cert_cb;
-+		SSL_CTX_get0_param;
-+		SSL_get0_param;
-+		SSL_certs_clear;
-+		DTLSv1_2_method;
-+		DTLSv1_2_server_method;
-+		DTLSv1_2_client_method;
-+		DTLS_method;
-+		DTLS_server_method;
-+		DTLS_client_method;
-+		SSL_CTX_get_ssl_method;
-+		SSL_CTX_get0_certificate;
-+		SSL_CTX_get0_privatekey;
-+		SSL_COMP_set0_compression_methods;
-+		SSL_COMP_free_compression_methods;
-+		SSL_CIPHER_find;
-+		SSL_is_server;
-+		SSL_CONF_CTX_new;
-+		SSL_CONF_CTX_finish;
-+		SSL_CONF_CTX_free;
-+		SSL_CONF_CTX_set_flags;
-+		SSL_CONF_CTX_clear_flags;
-+		SSL_CONF_CTX_set1_prefix;
-+		SSL_CONF_CTX_set_ssl;
-+		SSL_CONF_CTX_set_ssl_ctx;
-+		SSL_CONF_cmd;
-+		SSL_CONF_cmd_argv;
-+		SSL_CONF_cmd_value_type;
-+		SSL_trace;
-+		SSL_CIPHER_standard_name;
-+		SSL_get_tlsa_record_byname;
-+		ASN1_TIME_diff;
-+		BIO_hex_string;
-+		CMS_RecipientInfo_get0_pkey_ctx;
-+		CMS_RecipientInfo_encrypt;
-+		CMS_SignerInfo_get0_pkey_ctx;
-+		CMS_SignerInfo_get0_md_ctx;
-+		CMS_SignerInfo_get0_signature;
-+		CMS_RecipientInfo_kari_get0_alg;
-+		CMS_RecipientInfo_kari_get0_reks;
-+		CMS_RecipientInfo_kari_get0_orig_id;
-+		CMS_RecipientInfo_kari_orig_id_cmp;
-+		CMS_RecipientEncryptedKey_get0_id;
-+		CMS_RecipientEncryptedKey_cert_cmp;
-+		CMS_RecipientInfo_kari_set0_pkey;
-+		CMS_RecipientInfo_kari_get0_ctx;
-+		CMS_RecipientInfo_kari_decrypt;
-+		CMS_SharedInfo_encode;
-+		DH_compute_key_padded;
-+		d2i_DHxparams;
-+		i2d_DHxparams;
-+		DH_get_1024_160;
-+		DH_get_2048_224;
-+		DH_get_2048_256;
-+		DH_KDF_X9_42;
-+		ECDH_KDF_X9_62;
-+		ECDSA_METHOD_new;
-+		ECDSA_METHOD_free;
-+		ECDSA_METHOD_set_app_data;
-+		ECDSA_METHOD_get_app_data;
-+		ECDSA_METHOD_set_sign;
-+		ECDSA_METHOD_set_sign_setup;
-+		ECDSA_METHOD_set_verify;
-+		ECDSA_METHOD_set_flags;
-+		ECDSA_METHOD_set_name;
-+		EVP_des_ede3_wrap;
-+		EVP_aes_128_wrap;
-+		EVP_aes_192_wrap;
-+		EVP_aes_256_wrap;
-+		EVP_aes_128_cbc_hmac_sha256;
-+		EVP_aes_256_cbc_hmac_sha256;
-+		CRYPTO_128_wrap;
-+		CRYPTO_128_unwrap;
-+		OCSP_REQ_CTX_nbio;
-+		OCSP_REQ_CTX_new;
-+		OCSP_set_max_response_length;
-+		OCSP_REQ_CTX_i2d;
-+		OCSP_REQ_CTX_nbio_d2i;
-+		OCSP_REQ_CTX_get0_mem_bio;
-+		OCSP_REQ_CTX_http;
-+		RSA_padding_add_PKCS1_OAEP_mgf1;
-+		RSA_padding_check_PKCS1_OAEP_mgf1;
-+		RSA_OAEP_PARAMS_free;
-+		RSA_OAEP_PARAMS_it;
-+		RSA_OAEP_PARAMS_new;
-+		SSL_get_sigalgs;
-+		SSL_get_shared_sigalgs;
-+		SSL_check_chain;
-+		X509_chain_up_ref;
-+		X509_http_nbio;
-+		X509_CRL_http_nbio;
-+		X509_REVOKED_dup;
-+		i2d_re_X509_tbs;
-+		X509_get0_signature;
-+		X509_get_signature_nid;
-+		X509_CRL_diff;
-+		X509_chain_check_suiteb;
-+		X509_CRL_check_suiteb;
-+		X509_check_host;
-+		X509_check_email;
-+		X509_check_ip;
-+		X509_check_ip_asc;
-+		X509_STORE_set_lookup_crls_cb;
-+		X509_STORE_CTX_get0_store;
-+		X509_VERIFY_PARAM_set1_host;
-+		X509_VERIFY_PARAM_add1_host;
-+		X509_VERIFY_PARAM_set_hostflags;
-+		X509_VERIFY_PARAM_get0_peername;
-+		X509_VERIFY_PARAM_set1_email;
-+		X509_VERIFY_PARAM_set1_ip;
-+		X509_VERIFY_PARAM_set1_ip_asc;
-+		X509_VERIFY_PARAM_get0_name;
-+		X509_VERIFY_PARAM_get_count;
-+		X509_VERIFY_PARAM_get0;
-+		X509V3_EXT_free;
-+		EC_GROUP_get_mont_data;
-+		EC_curve_nid2nist;
-+		EC_curve_nist2nid;
-+		PEM_write_bio_DHxparams;
-+		PEM_write_DHxparams;
-+		SSL_CTX_add_client_custom_ext;
-+		SSL_CTX_add_server_custom_ext;
-+		SSL_extension_supported;
-+		BUF_strnlen;
-+		sk_deep_copy;
-+		SSL_test_functions;
-+
-+	local:
-+		*;
-+};
-+
-+OPENSSL_1.0.2g {
-+       global:
-+               SRP_VBASE_get1_by_user;
-+               SRP_user_pwd_free;
-+} OPENSSL_1.0.2d;
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.2 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.2 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
diff --git a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
deleted file mode 100644
index a5746483e6..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-
-Index: openssl-1.0.2/engines/Makefile
-===================================================================
---- openssl-1.0.2.orig/engines/Makefile
-+++ openssl-1.0.2/engines/Makefile
-@@ -107,13 +107,13 @@ install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
--		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
-+		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
- 		for l in $(LIBNAMES); do \
- 			( echo installing $$l; \
- 			  pfx=lib; \
- 			  if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- 				sfx=".so"; \
--				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- 			  else \
- 				case "$(CFLAGS)" in \
- 				*DSO_BEOS*)	sfx=".so";;	\
-@@ -122,10 +122,10 @@ install:
- 				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
- 				*)		sfx=".bad";;	\
- 				esac; \
--				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- 			  fi; \
--			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
--			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-+			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
-+			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
- 	@target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.2/engines/ccgost/Makefile
-===================================================================
---- openssl-1.0.2.orig/engines/ccgost/Makefile
-+++ openssl-1.0.2/engines/ccgost/Makefile
-@@ -47,7 +47,7 @@ install:
- 		pfx=lib; \
- 		if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- 			sfx=".so"; \
--			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- 		else \
- 			case "$(CFLAGS)" in \
- 			*DSO_BEOS*) sfx=".so";; \
-@@ -56,10 +56,10 @@ install:
- 			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- 			*) sfx=".bad";; \
- 			esac; \
--			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- 		fi; \
--		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
--		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
-+		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
- 	fi
- 
- links:
diff --git a/meta/recipes-connectivity/openssl/openssl/find.pl b/meta/recipes-connectivity/openssl/openssl/find.pl
deleted file mode 100644
index 8e1b42c88a..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/find.pl
+++ /dev/null
@@ -1,54 +0,0 @@
-warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
-
-# This library is deprecated and unmaintained. It is included for
-# compatibility with Perl 4 scripts which may use it, but it will be
-# removed in a future version of Perl. Please use the File::Find module
-# instead.
-
-# Usage:
-#	require "find.pl";
-#
-#	&find('/foo','/bar');
-#
-#	sub wanted { ... }
-#		where wanted does whatever you want.  $dir contains the
-#		current directory name, and $_ the current filename within
-#		that directory.  $name contains "$dir/$_".  You are cd'ed
-#		to $dir when the function is called.  The function may
-#		set $prune to prune the tree.
-#
-# For example,
-#
-#   find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
-#
-# corresponds to this
-#
-#	sub wanted {
-#	    /^\.nfs.*$/ &&
-#	    (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
-#	    int(-M _) > 7 &&
-#	    unlink($_)
-#	    ||
-#	    ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
-#	    $dev < 0 &&
-#	    ($prune = 1);
-#	}
-#
-# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
-
-use File::Find ();
-
-*name		= *File::Find::name;
-*prune		= *File::Find::prune;
-*dir		= *File::Find::dir;
-*topdir		= *File::Find::topdir;
-*topdev		= *File::Find::topdev;
-*topino		= *File::Find::topino;
-*topmode	= *File::Find::topmode;
-*topnlink	= *File::Find::topnlink;
-
-sub find {
-    &File::Find::find(\&wanted, @_);
-}
-
-1;
diff --git a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
deleted file mode 100644
index 2a318a4584..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Upstream-Status: Submitted
-
-This patch adds the fix for one of the ciphers used in openssl, namely
-the cipher des-ede3-cfb1. Complete bug log and patch is present here:
-http://rt.openssl.org/Ticket/Display.html?id=2867
-
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
-Index: openssl-1.0.2/crypto/evp/e_des3.c
-===================================================================
---- openssl-1.0.2.orig/crypto/evp/e_des3.c
-+++ openssl-1.0.2/crypto/evp/e_des3.c
-@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
-     size_t n;
-     unsigned char c[1], d[1];
- 
--    for (n = 0; n < inl; ++n) {
-+    for (n = 0; n * 8 < inl; ++n) {
-         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
-         DES_ede3_cfb_encrypt(c, d, 1, 1,
-                              &data(ctx)->ks1, &data(ctx)->ks2,
diff --git a/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
deleted file mode 100644
index 292e13dc5f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/oe-ldflags.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Upstream-Status: Inappropriate [open-embedded]
-
-Index: openssl-1.0.0/Makefile.shared
-===================================================================
---- openssl-1.0.0.orig/Makefile.shared
-+++ openssl-1.0.0/Makefile.shared
-@@ -92,7 +92,7 @@
- LINK_APP=	\
-   ( $(SET_X);   \
-     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
--    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
-+    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-@@ -102,7 +102,7 @@
-   ( $(SET_X);   \
-     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
-     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
--    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-+    SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch b/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch
deleted file mode 100644
index 1e5bfa17d6..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-1.0.2a-x32-asm.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
-
-From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 21 Mar 2015 06:01:25 -0400
-Subject: [PATCH] crypto: use bigint in x86-64 perl
-
-Upstream-Status: Pending
-Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
-
-When building on x32 systems where the default type is 32bit, make sure
-we can transparently represent 64bit integers.  Otherwise we end up with
-build errors like:
-/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
-Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
-...
-ghash-x86_64.s: Assembler messages:
-ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
-
-We don't enable this globally as there are some cases where we'd get
-32bit values interpreted as unsigned when we need them as signed.
-
-Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
-URL: https://bugs.gentoo.org/542618
----
- crypto/perlasm/x86_64-xlate.pl | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
-index aae8288..0bf9774 100755
---- a/crypto/perlasm/x86_64-xlate.pl
-+++ b/crypto/perlasm/x86_64-xlate.pl
-@@ -195,6 +195,10 @@ my %globals;
-     sub out {
-     	my $self = shift;
- 
-+	# When building on x32 ABIs, the expanded hex value might be too
-+	# big to fit into 32bits.  Enable transparent 64bit support here
-+	# so we can safely print it out.
-+	use bigint;
- 	if ($gas) {
- 	    # Solaris /usr/ccs/bin/as can't handle multiplications
- 	    # in $self->{value}
--- 
-2.3.3
-
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
deleted file mode 100644
index f736e5c098..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-openssl: avoid NULL pointer dereference in EVP_DigestInit_ex()
-
-We should avoid accessing the type pointer if it's NULL,
-this could happen if ctx->digest is not NULL.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
----
-Index: openssl-1.0.2h/crypto/evp/digest.c
-===================================================================
---- openssl-1.0.2h.orig/crypto/evp/digest.c
-+++ openssl-1.0.2h/crypto/evp/digest.c
-@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
-         type = ctx->digest;
-     }
- #endif
--    if (ctx->digest != type) {
-+    if (type && (ctx->digest != type)) {
-         if (ctx->digest && ctx->digest->ctx_size) {
-             OPENSSL_free(ctx->md_data);
-             ctx->md_data = NULL;
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
deleted file mode 100644
index f67f415544..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
+++ /dev/null
@@ -1,210 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-
-# default certificate location
-DIR=/etc/openssl
-
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-#       1. the filename to be scanned
-# returns:
-#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
-    local IS_TYPE=0
-
-    # make IFS a newline so we can process grep output line by line
-    local OLDIFS=${IFS}
-    IFS=$( printf "\n" )
-
-    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
-    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
-    do
-	if echo ${LINE} \
-	    | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	fi
-    done
-
-    # restore IFS
-    IFS=${OLDIFS}
-
-    return ${IS_TYPE}
-}
-
-
-#
-# use openssl to fingerprint a file
-#    arguments:
-#	1. the filename to fingerprint
-#	2. the method to use (x509, crl)
-#    returns:
-#	none
-#    assumptions:
-#	user will capture output from last stage of pipeline
-#
-fingerprint()
-{
-    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-
-
-#
-# link_hash - create links to certificate files
-#    arguments:
-#       1. the filename to create a link for
-#	2. the type of certificate being linked (x509, crl)
-#    returns:
-#	0 on success, 1 otherwise
-#
-link_hash()
-{
-    local FINGERPRINT=$( fingerprint ${1} ${2} )
-    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
-    local SUFFIX=0
-    local LINKFILE=''
-    local TAG=''
-
-    if [ ${2} = "crl" ]
-    then
-    	TAG='r'
-    fi
-
-    LINKFILE=${HASH}.${TAG}${SUFFIX}
-
-    while [ -f ${LINKFILE} ]
-    do
-	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
-	then
-	    echo "NOTE: Skipping duplicate file ${1}" >&2
-	    return 1
-	fi	
-
-	SUFFIX=$(( ${SUFFIX} + 1 ))
-	LINKFILE=${HASH}.${TAG}${SUFFIX}
-    done
-
-    echo "${1} => ${LINKFILE}"
-
-    # assume any system with a POSIX shell will either support symlinks or
-    # do something to handle this gracefully
-    ln -s ${1} ${LINKFILE}
-
-    return 0
-}
-
-
-# hash_dir create hash links in a given directory
-hash_dir()
-{
-    echo "Doing ${1}"
-
-    cd ${1}
-
-    ls -1 * 2>/dev/null | while read FILE
-    do
-        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
-	    	&& [ -h "${FILE}" ]
-        then
-            rm ${FILE}
-        fi
-    done
-
-    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
-    do
-	check_file ${FILE}
-        local FILE_TYPE=${?}
-	local TYPE_STR=''
-
-        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
-        then
-            TYPE_STR='x509'
-        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
-        then
-            TYPE_STR='crl'
-        else
-            echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
-	    continue
-        fi
-
-	link_hash ${FILE} ${TYPE_STR}
-    done
-}
-
-
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
-    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
-    SSL_CMD=/usr/bin/openssl
-    OPENSSL=${SSL_CMD}
-    export OPENSSL
-fi
-
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
-    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
-    exit 0
-fi
-
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
-    IFS=':'
-    DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
-    DIRLIST=$SSL_CERT_DIR
-else
-    DIRLIST=${DIR}/certs
-fi
-
-IFS=':'
-
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
-    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
-    then
-        IFS=$old_IFS
-        hash_dir ${CERT_DIR}
-        IFS=':'
-    fi
-done
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
deleted file mode 100644
index de49729e5e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-fix-des.pod-error.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-openssl: Fix pod2man des.pod error on Ubuntu 12.04
-
-This is a formatting fix, '=back' is required before
-'=head1' on Ubuntu 12.04.
-
-Upstream-Status: Pending
-Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
-diff -urpN a_origin/des.pod b_modify/des.pod
---- a_origin/crypto/des/des.pod	2013-08-15 15:02:56.211674589 +0800
-+++ b_modify/crypto/des/des.pod	2013-08-15 15:04:14.439674580 +0800
-@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
- output.  If there is no name specified after the B<-u>, the name text.des
- will be embedded in the header.
- 
-+=back
-+
- =head1 SEE ALSO
- 
- ps(1),
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
deleted file mode 100644
index 065b9b122a..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-util-perlpath.pl-cwd.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From e427748f3bb5d37e78dc8d70a558c373aa8ababb Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 19 Sep 2016 22:06:28 -0700
-Subject: [PATCH] util/perlpath.pl: make it work when cwd is not in @INC
-
-Fixed when building on Debian-testing:
-| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
-
-The find.pl is added by oe-core, so once openssl/find.pl is removed,
-then this patch can be dropped.
-
-Upstream-Status: Inappropriate [OE-Specific]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- util/perlpath.pl | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/util/perlpath.pl b/util/perlpath.pl
-index a1f236b..5599892 100755
---- a/util/perlpath.pl
-+++ b/util/perlpath.pl
-@@ -4,6 +4,8 @@
- # line in all scripts that rely on perl.
- #
- 
-+BEGIN { unshift @INC, "."; }
-+
- require "find.pl";
- 
- $#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
--- 
-2.9.0
-
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
deleted file mode 100644
index 0f08a642f6..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Upstream-Status: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.2/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.2.orig/crypto/bn/bn.h
-+++ openssl-1.0.2/crypto/bn/bn.h
-@@ -173,6 +173,13 @@ extern "C" {
- #  endif
- # endif
- 
-+/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /*
-  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
-  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
-Index: openssl-1.0.2/crypto/bn/bn_exp.c
-===================================================================
---- openssl-1.0.2.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.2/crypto/bn/bn_exp.c
-@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
-  * multiple.
-  */
- #define MOD_EXP_CTIME_ALIGN(x_) \
--        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
- 
- /*
-  * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch
deleted file mode 100644
index f3f4c99888..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/parallel.patch
+++ /dev/null
@@ -1,337 +0,0 @@
-Fix the parallel races in the Makefiles.
-
-This patch was taken from the Gentoo packaging:
-https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Refreshed for 1.0.2i
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-
---- openssl-1.0.2g/crypto/Makefile
-+++ openssl-1.0.2g/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2g/engines/Makefile
-+++ openssl-1.0.2g/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- openssl-1.0.2g/Makefile.org
-+++ openssl-1.0.2g/Makefile.org
-@@ -279,17 +279,17 @@
- build_libssl: build_ssl libssl.pc
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -544,7 +544,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
---- openssl-1.0.2g/Makefile.shared
-+++ openssl-1.0.2g/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- openssl-1.0.2g/test/Makefile
-+++ openssl-1.0.2g/test/Makefile
-@@ -144,7 +144,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -438,136 +438,136 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--	@target=$(EVPEXTRATEST); $(BUILD_CMD)
-+	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
--	@target=$(V3NAMETEST); $(BUILD_CMD)
-+	+@target=$(V3NAMETEST); $(BUILD_CMD)
- 
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- 
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--	@target=$(CONSTTIMETEST) $(BUILD_CMD)
-+	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
- 
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
--	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-+	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
- 
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
--	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-+	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
- 
- $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
--	@target=$(BADDTLSTEST) $(BUILD_CMD)
-+	+@target=$(BADDTLSTEST) $(BUILD_CMD)
- 
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
--	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
-+	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
- 
- $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
-+	+@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -580,6 +580,6 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 
\ No newline at end of file
diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
deleted file mode 100644
index ef6d17934d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Remove Makefile dependencies for test targets
-
-These are probably here because the executables aren't always built for
-other platforms (e.g. Windows); however we can safely assume they'll
-always be there. None of the other test targets have such dependencies
-and if we don't remove them, make tries to rebuild the executables and
-fails during run-ptest.
-
-Upstream-Status: Inappropriate [config]
-
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
-Index: openssl-1.0.2/test/Makefile
-===================================================================
---- openssl-1.0.2.orig/test/Makefile
-+++ openssl-1.0.2/test/Makefile
-@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
- 	@echo "CMS consistency test"
- 	$(PERL) cms-test.pl
- 
--test_srp: $(SRPTEST)$(EXE_EXT)
-+test_srp:
- 	@echo "Test SRP"
- 	../util/shlib_wrap.sh ./srptest
- 
-@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
- 	@echo "Test X509v3_check_*"
- 	../util/shlib_wrap.sh ./$(V3NAMETEST)
- 
--test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
-+test_heartbeat:
- 	../util/shlib_wrap.sh ./$(HEARTBEATTEST)
- 
- test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch b/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch
deleted file mode 100644
index 4202e61d1e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/ptest_makefile_deps.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-Additional Makefile dependencies removal for test targets
-
-Removing the dependency check for test targets as these tests are
-causing a number of failures and "noise" during ptest execution.
-
-Upstream-Status: Inappropriate [config]
-
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
-
-diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
---- openssl-1.0.2d-orig/test/Makefile	2015-09-28 12:50:41.530022979 +0300
-+++ openssl-1.0.2d/test/Makefile	2015-09-28 12:57:45.930717240 +0300
-@@ -155,67 +155,67 @@
- 	( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
- 	done)
- 
--test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
-+test_evp:
- 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
- 
--test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
-+test_evp_extra:
- 	../util/shlib_wrap.sh ./$(EVPEXTRATEST)
- 
--test_des: $(DESTEST)$(EXE_EXT)
-+test_des:
- 	../util/shlib_wrap.sh ./$(DESTEST)
- 
--test_idea: $(IDEATEST)$(EXE_EXT)
-+test_idea:
- 	../util/shlib_wrap.sh ./$(IDEATEST)
- 
--test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
-+test_sha:
- 	../util/shlib_wrap.sh ./$(SHATEST)
- 	../util/shlib_wrap.sh ./$(SHA1TEST)
- 	../util/shlib_wrap.sh ./$(SHA256TEST)
- 	../util/shlib_wrap.sh ./$(SHA512TEST)
- 
--test_mdc2: $(MDC2TEST)$(EXE_EXT)
-+test_mdc2:
- 	../util/shlib_wrap.sh ./$(MDC2TEST)
- 
--test_md5: $(MD5TEST)$(EXE_EXT)
-+test_md5:
- 	../util/shlib_wrap.sh ./$(MD5TEST)
- 
--test_md4: $(MD4TEST)$(EXE_EXT)
-+test_md4:
- 	../util/shlib_wrap.sh ./$(MD4TEST)
- 
--test_hmac: $(HMACTEST)$(EXE_EXT)
-+test_hmac:
- 	../util/shlib_wrap.sh ./$(HMACTEST)
- 
--test_wp: $(WPTEST)$(EXE_EXT)
-+test_wp:
- 	../util/shlib_wrap.sh ./$(WPTEST)
- 
--test_md2: $(MD2TEST)$(EXE_EXT)
-+test_md2:
- 	../util/shlib_wrap.sh ./$(MD2TEST)
- 
--test_rmd: $(RMDTEST)$(EXE_EXT)
-+test_rmd:
- 	../util/shlib_wrap.sh ./$(RMDTEST)
- 
--test_bf: $(BFTEST)$(EXE_EXT)
-+test_bf:
- 	../util/shlib_wrap.sh ./$(BFTEST)
- 
--test_cast: $(CASTTEST)$(EXE_EXT)
-+test_cast:
- 	../util/shlib_wrap.sh ./$(CASTTEST)
- 
--test_rc2: $(RC2TEST)$(EXE_EXT)
-+test_rc2:
- 	../util/shlib_wrap.sh ./$(RC2TEST)
- 
--test_rc4: $(RC4TEST)$(EXE_EXT)
-+test_rc4:
- 	../util/shlib_wrap.sh ./$(RC4TEST)
- 
--test_rc5: $(RC5TEST)$(EXE_EXT)
-+test_rc5:
- 	../util/shlib_wrap.sh ./$(RC5TEST)
- 
--test_rand: $(RANDTEST)$(EXE_EXT)
-+test_rand:
- 	../util/shlib_wrap.sh ./$(RANDTEST)
- 
--test_enc: ../apps/openssl$(EXE_EXT) testenc
-+test_enc:
- 	@sh ./testenc
- 
--test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
-+test_x509:
- 	echo test normal x509v1 certificate
- 	sh ./tx509 2>/dev/null
- 	echo test first x509v3 certificate
-@@ -223,25 +223,25 @@
- 	echo test second x509v3 certificate
- 	sh ./tx509 v3-cert2.pem 2>/dev/null
- 
--test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
-+test_rsa:
- 	@sh ./trsa 2>/dev/null
- 	../util/shlib_wrap.sh ./$(RSATEST)
- 
--test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
-+test_crl:
- 	@sh ./tcrl 2>/dev/null
- 
--test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
-+test_sid:
- 	@sh ./tsid 2>/dev/null
- 
--test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
-+test_req:
- 	@sh ./treq 2>/dev/null
- 	@sh ./treq testreq2.pem 2>/dev/null
- 
--test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
-+test_pkcs7:
- 	@sh ./tpkcs7 2>/dev/null
- 	@sh ./tpkcs7d 2>/dev/null
- 
--test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
-+test_bn:
- 	@echo starting big number library test, could take a while...
- 	@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
- 	@echo quit >>tmp.bntest
-@@ -250,33 +250,33 @@
- 	@echo 'test a^b%c implementations'
- 	../util/shlib_wrap.sh ./$(EXPTEST)
- 
--test_ec: $(ECTEST)$(EXE_EXT)
-+test_ec:
- 	@echo 'test elliptic curves'
- 	../util/shlib_wrap.sh ./$(ECTEST)
- 
--test_ecdsa: $(ECDSATEST)$(EXE_EXT)
-+test_ecdsa:
- 	@echo 'test ecdsa'
- 	../util/shlib_wrap.sh ./$(ECDSATEST)
- 
--test_ecdh: $(ECDHTEST)$(EXE_EXT)
-+test_ecdh:
- 	@echo 'test ecdh'
- 	../util/shlib_wrap.sh ./$(ECDHTEST)
- 
--test_verify: ../apps/openssl$(EXE_EXT)
-+test_verify:
- 	@echo "The following command should have some OK's and some failures"
- 	@echo "There are definitly a few expired certificates"
- 	../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
- 
--test_dh: $(DHTEST)$(EXE_EXT)
-+test_dh:
- 	@echo "Generate a set of DH parameters"
- 	../util/shlib_wrap.sh ./$(DHTEST)
- 
--test_dsa: $(DSATEST)$(EXE_EXT)
-+test_dsa:
- 	@echo "Generate a set of DSA parameters"
- 	../util/shlib_wrap.sh ./$(DSATEST)
- 	../util/shlib_wrap.sh ./$(DSATEST) -app2_1
- 
--test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
-+test_gen testreq.pem:
- 	@echo "Generate and verify a certificate request"
- 	@sh ./testgen
- 
-@@ -288,13 +288,11 @@
- 	@cat certCA.ss certU.ss > intP1.ss
- 	@cat certCA.ss certU.ss certP1.ss > intP2.ss
- 
--test_engine:  $(ENGINETEST)$(EXE_EXT)
-+test_engine:
- 	@echo "Manipulate the ENGINE structures"
- 	../util/shlib_wrap.sh ./$(ENGINETEST)
- 
--test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
--		intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
--		../apps/server2.pem serverinfo.pem
-+test_ssl:
- 	@echo "test SSL protocol"
- 	@if [ -n "$(FIPSCANLIB)" ]; then \
- 	  sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
-@@ -304,7 +302,7 @@
- 	@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
- 	@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
- 
--test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
-+test_ca:
- 	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
- 	  echo "skipping CA.sh test -- requires RSA"; \
- 	else \
-@@ -312,11 +310,11 @@
- 	  sh ./testca; \
- 	fi
- 
--test_aes: #$(AESTEST)
-+test_aes:
- #	@echo "test Rijndael"
- #	../util/shlib_wrap.sh ./$(AESTEST)
- 
--test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
-+test_tsa:
- 	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
- 	  echo "skipping testtsa test -- requires RSA"; \
- 	else \
-@@ -331,7 +329,7 @@
- 	@echo "Test JPAKE"
- 	../util/shlib_wrap.sh ./$(JPAKETEST)
- 
--test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
-+test_cms:
- 	@echo "CMS consistency test"
- 	$(PERL) cms-test.pl
- 
-@@ -339,22 +337,22 @@
- 	@echo "Test SRP"
- 	../util/shlib_wrap.sh ./srptest
- 
--test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
-+test_ocsp:
- 	@echo "Test OCSP"
- 	@sh ./tocsp
- 
--test_v3name: $(V3NAMETEST)$(EXE_EXT)
-+test_v3name:
- 	@echo "Test X509v3_check_*"
- 	../util/shlib_wrap.sh ./$(V3NAMETEST)
- 
- test_heartbeat:
- 	../util/shlib_wrap.sh ./$(HEARTBEATTEST)
- 
--test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
-+test_constant_time:
- 	@echo "Test constant time utilites"
- 	../util/shlib_wrap.sh ./$(CONSTTIMETEST)
- 
--test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
-+test_verify_extra:
- 	@echo $(START) $@
- 	../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
index 3b20fce1ee..3fb22471f8 100755..100644
--- a/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -1,2 +1,12 @@
 #!/bin/sh
-make -k runtest
+
+set -e
+
+# Optional arguments are 'list' to lists all tests, or the test name (base name
+# ie test_evp, not 03_test_evp.t).
+
+export TOP=.
+# OPENSSL_ENGINES is relative from the test binaries
+export OPENSSL_ENGINES=../engines
+
+perl ./test/run_tests.pl $* | perl -0pe 's#(.*) \.*.ok#PASS: \1#g; s#(.*) \.*.skipped: (.*)#SKIP: \1 (\2)#g; s#(.*) \.*.\nDubious#FAIL: \1#;'
diff --git a/meta/recipes-connectivity/openssl/openssl/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
deleted file mode 100644
index a7ca0a3078..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/shared-libs.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-Index: openssl-1.0.1e/crypto/Makefile
-===================================================================
---- openssl-1.0.1e.orig/crypto/Makefile
-+++ openssl-1.0.1e/crypto/Makefile
-@@ -108,7 +108,7 @@ $(LIB):	$(LIBOBJ)
- 
- shared: buildinf.h lib subdirs
- 	if [ -n "$(SHARED_LIBS)" ]; then \
--		(cd ..; $(MAKE) $(SHARED_LIB)); \
-+		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
- 	fi
- 
- libs:
-Index: openssl-1.0.1e/Makefile.org
-===================================================================
---- openssl-1.0.1e.orig/Makefile.org
-+++ openssl-1.0.1e/Makefile.org
-@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
- 
- libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
--		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-+		$(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- 	else \
- 		echo "There's no support for shared libraries on this platform" >&2; \
- 		exit 1; \
-Index: openssl-1.0.1e/ssl/Makefile
-===================================================================
---- openssl-1.0.1e.orig/ssl/Makefile
-+++ openssl-1.0.1e/ssl/Makefile
-@@ -62,7 +62,7 @@ lib:	$(LIBOBJ)
- 
- shared: lib
- 	if [ -n "$(SHARED_LIBS)" ]; then \
--		(cd ..; $(MAKE) $(SHARED_LIB)); \
-+		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
- 	fi
- 
- files:
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
deleted file mode 100644
index 257e3cfc4b..0000000000
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2j.bb
+++ /dev/null
@@ -1,58 +0,0 @@
-require openssl.inc
-
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-DEPENDS += "cryptodev-linux"
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://find.pl;subdir=${BP}/util/ \
-            file://run-ptest \
-            file://openssl-c_rehash.sh \
-            file://configure-targets.patch \
-            file://shared-libs.patch \
-            file://oe-ldflags.patch \
-            file://engines-install-in-libdir-ssl.patch \
-            file://debian1.0.2/block_diginotar.patch \
-            file://debian1.0.2/block_digicert_malaysia.patch \
-            file://debian/ca.patch \
-            file://debian/c_rehash-compat.patch \
-            file://debian/debian-targets.patch \
-            file://debian/man-dir.patch \
-            file://debian/man-section.patch \
-            file://debian/no-rpath.patch \
-            file://debian/no-symbolic.patch \
-            file://debian/pic.patch \
-            file://debian1.0.2/version-script.patch \
-            file://openssl_fix_for_x32.patch \
-            file://fix-cipher-des-ede3-cfb1.patch \
-            file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
-            file://openssl-fix-des.pod-error.patch \
-            file://Makefiles-ptest.patch \
-            file://ptest-deps.patch \
-            file://openssl-1.0.2a-x32-asm.patch \
-            file://ptest_makefile_deps.patch  \
-            file://configure-musl-target.patch \
-            file://parallel.patch \
-            file://openssl-util-perlpath.pl-cwd.patch \
-           "
-SRC_URI[md5sum] = "96322138f0b69e61b7212bc53d5e912b"
-SRC_URI[sha256sum] = "e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431"
-
-PACKAGES =+ "${PN}-engines"
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-
-# The crypto_use_bigint patch means that perl's bignum module needs to be
-# installed, but some distributions (for example Fedora 23) don't ship it by
-# default.  As the resulting error is very misleading check for bignum before
-# building.
-do_configure_prepend() {
-	if ! perl -Mbigint -e true; then
-		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
-	fi
-}
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
new file mode 100644
index 0000000000..458ae7daf4
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1d.bb
@@ -0,0 +1,209 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+# "openssl" here actually means both OpenSSL and SSLeay licenses apply
+# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
+LICENSE = "openssl"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d343e62fc9c833710bbbed25f27364c8"
+
+DEPENDS = "hostperl-runtime-native"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+           file://run-ptest \
+           file://0001-skip-test_symbol_presence.patch \
+           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+           file://afalg.patch \
+           file://CVE-2019-1551.patch \
+           "
+
+SRC_URI_append_class-nativesdk = " \
+           file://environment.d-openssl.sh \
+           "
+
+SRC_URI[md5sum] = "3be209000dbc7e1b95bcdf47980a3baa"
+SRC_URI[sha256sum] = "1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2"
+
+inherit lib_package multilib_header multilib_script ptest
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG_class-native = ""
+PACKAGECONFIG_class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux"
+
+B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF_append_libc-musl = " no-async"
+EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
+
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF_class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF_class-nativesdk = "--with-rand-seed=os,devrandom"
+
+# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
+CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+
+do_configure () {
+	os=${HOST_OS}
+	case $os in
+	linux-gnueabi |\
+	linux-gnuspe |\
+	linux-musleabi |\
+	linux-muslspe |\
+	linux-musl )
+		os=linux
+		;;
+	*)
+		;;
+	esac
+	target="$os-${HOST_ARCH}"
+	case $target in
+	linux-arm*)
+		target=linux-armv4
+		;;
+	linux-aarch64*)
+		target=linux-aarch64
+		;;
+	linux-i?86 | linux-viac3)
+		target=linux-x86
+		;;
+	linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+		target=linux-x32
+		;;
+	linux-gnu64-x86_64)
+		target=linux-x86_64
+		;;
+	linux-mips | linux-mipsel)
+		# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+		target="linux-mips32 ${TARGET_CC_ARCH}"
+		;;
+	linux-gnun32-mips*)
+		target=linux-mips64
+		;;
+	linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
+		target=linux64-mips64
+		;;
+	linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
+		target=linux-generic32
+		;;
+	linux-powerpc)
+		target=linux-ppc
+		;;
+	linux-powerpc64)
+		target=linux-ppc64
+		;;
+	linux-riscv32)
+		target=linux-generic32
+		;;
+	linux-riscv64)
+		target=linux-generic64
+		;;
+	linux-sparc | linux-supersparc)
+		target=linux-sparcv9
+		;;
+	esac
+
+	useprefix=${prefix}
+	if [ "x$useprefix" = "x" ]; then
+		useprefix=/
+	fi
+	# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+	# environment variables set by bitbake. Adjust the environment variables instead.
+	PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+	perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
+	perl ${B}/configdata.pm --dump
+}
+
+do_install () {
+	oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+
+	oe_multilib_header openssl/opensslconf.h
+
+	# Create SSL structure for packages such as ca-certificates which
+	# contain hard-coded paths to /etc/ssl. Debian does the same.
+	install -d ${D}${sysconfdir}/ssl
+	mv ${D}${libdir}/ssl-1.1/certs \
+	   ${D}${libdir}/ssl-1.1/private \
+	   ${D}${libdir}/ssl-1.1/openssl.cnf \
+	   ${D}${sysconfdir}/ssl/
+
+	# Although absolute symlinks would be OK for the target, they become
+	# invalid if native or nativesdk are relocated from sstate.
+	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
+	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
+	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
+}
+
+do_install_append_class-native () {
+	create_wrapper ${D}${bindir}/openssl \
+	    OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
+	    SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
+	    SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
+	    OPENSSL_ENGINES=${libdir}/engines-1.1
+}
+
+do_install_append_class-nativesdk () {
+	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+	sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
+do_install_ptest () {
+	# Prune the build tree
+	rm -f ${B}/fuzz/*.* ${B}/test/*.*
+
+	cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+	cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
+
+	# For test_shlibload
+	ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+	ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+
+	install -d ${D}${PTEST_PATH}/apps
+	ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
+	install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
+	install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
+
+	install -d ${D}${PTEST_PATH}/engines
+	install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the openssl-bin package and the libcrypto
+# package since the openssl-bin package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
+
+FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES_libssl = "${libdir}/libssl${SOLIBS}"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+FILES_${PN}-engines = "${libdir}/engines-1.1"
+FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
+FILES_${PN} =+ "${libdir}/ssl-1.1/*"
+FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS_libcrypto += "openssl-conf"
+RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_WHITELIST += "CVE-2019-0190"
diff --git a/meta/recipes-connectivity/portmap/portmap.inc b/meta/recipes-connectivity/portmap/portmap.inc
deleted file mode 100644
index 338af33a38..0000000000
--- a/meta/recipes-connectivity/portmap/portmap.inc
+++ /dev/null
@@ -1,17 +0,0 @@
-SUMMARY = "RPC program number mapper"
-HOMEPAGE = "http://neil.brown.name/portmap/"
-SECTION = "console/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://portmap.c;beginline=2;endline=31;md5=51ff67e66ec84b2009b017b1f94afbf4 \
-                    file://from_local.c;beginline=9;endline=35;md5=1bec938a2268b8b423c58801ace3adc1"
-
-INITSCRIPT_NAME = "portmap"
-INITSCRIPT_PARAMS = "start 10 2 3 4 5 . stop 32 0 1 6 ."
-
-inherit update-rc.d systemd
-
-SYSTEMD_SERVICE_${PN} = "portmap.service"
-
-PACKAGES =+ "portmap-utils"
-FILES_portmap-utils = "${base_sbindir}/pmap_set ${base_sbindir}/pmap_dump"
-FILES_${PN}-doc += "${docdir}"
diff --git a/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch b/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch
deleted file mode 100644
index 2fbf784b73..0000000000
--- a/meta/recipes-connectivity/portmap/portmap/destdir-no-strip.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Upstream-Status: Backport
-
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 13 May 2007 21:15:12 +0000 (-0400)
-Subject: respect DESTDIR and dont use -s with install
-X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=603c59b978c04df2354f68d4a2dc676a758ff46d
-
-respect DESTDIR and dont use -s with install
-
-$(DESTDIR) is the standard for installing into other trees, not $(BASEDIR) ...
-so I've converted the Makefile to use that.  I've also left in $(BASEDIR) as a
-default to support old installs; not sure if you'd just cut it.
-
-Stripping should be left to the person to handle, not automatically done by
-the install step.  Also, `install -s` always calls `strip` which is
-wrong/undesired in cross-compiling scenarios.
-
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-Signed-off-by: Neil Brown <neilb@suse.de>
----
-
-diff --git a/Makefile b/Makefile
-index 9e9a4b4..5343428 100644
---- a/Makefile
-+++ b/Makefile
-@@ -135,13 +135,14 @@ from_local: CPPFLAGS += -DTEST
- portmap.man : portmap.8
- 	sed $(MAN_SED) < portmap.8 > portmap.man
- 
-+DESTDIR = $(BASEDIR)
- install: all
--	install -o root -g root -m 0755 -s portmap ${BASEDIR}/sbin
--	install -o root -g root -m 0755 -s pmap_dump ${BASEDIR}/sbin
--	install -o root -g root -m 0755 -s pmap_set ${BASEDIR}/sbin
--	install -o root -g root -m 0644 portmap.man ${BASEDIR}/usr/share/man/man8/portmap.8
--	install -o root -g root -m 0644 pmap_dump.8 ${BASEDIR}/usr/share/man/man8
--	install -o root -g root -m 0644 pmap_set.8 ${BASEDIR}/usr/share/man/man8
-+	install -o root -g root -m 0755 portmap $(DESTDIR)/sbin
-+	install -o root -g root -m 0755 pmap_dump $(DESTDIR)/sbin
-+	install -o root -g root -m 0755 pmap_set $(DESTDIR)/sbin
-+	install -o root -g root -m 0644 portmap.man $(DESTDIR)/usr/share/man/man8/portmap.8
-+	install -o root -g root -m 0644 pmap_dump.8 $(DESTDIR)/usr/share/man/man8
-+	install -o root -g root -m 0644 pmap_set.8 $(DESTDIR)/usr/share/man/man8
- 
- clean:
- 	rm -f *.o portmap pmap_dump pmap_set from_local \
diff --git a/meta/recipes-connectivity/portmap/portmap/portmap.init b/meta/recipes-connectivity/portmap/portmap/portmap.init
deleted file mode 100755
index 621aa171ae..0000000000
--- a/meta/recipes-connectivity/portmap/portmap/portmap.init
+++ /dev/null
@@ -1,67 +0,0 @@
-#!/bin/sh
-#
-### BEGIN INIT INFO
-# Provides:          portmap
-# Required-Start:    $network
-# Required-Stop:     $network
-# Default-Start:     S 2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: The RPC portmapper
-# Description:       Portmap is a server that converts RPC (Remote
-#                    Procedure Call) program numbers into DARPA
-#                    protocol port numbers. It must be running in
-#                    order to make RPC calls. Services that use
-#                    RPC include NFS and NIS.
-### END INIT INFO
-
-test -f /sbin/portmap || exit 0
-
-case "$1" in
-    start)
-	echo "Starting portmap daemon..."
-        start-stop-daemon --start --quiet --exec /sbin/portmap
-
-	if [ -f /var/run/portmap.upgrade-state ]; then
-          echo "Restoring old RPC service information..."
-          sleep 1 # needs a short pause or pmap_set won't work. :(
-	  pmap_set </var/run/portmap.upgrade-state
-	  rm -f /var/run/portmap.upgrade-state
-          echo "done."
-        fi
-
-	;;
-    stop)
-        echo "Stopping portmap daemon..."
-        start-stop-daemon --stop --quiet --exec /sbin/portmap
-	;;
-    reload)
-	;;
-    force-reload)
-        $0 restart
-	;;
-    restart)
-	# pmap_dump and pmap_set may be in a different package and not installed...
-	if [ -f /sbin/pmap_dump -a -f /sbin/pmap_set ]; then
-		do_state=1
-	else
-		do_state=0
-	fi
-	[ $do_state -eq 1 ] && pmap_dump >/var/run/portmap.state
-        $0 stop
-        $0 start
-	if [ $do_state -eq 1 ]; then
-	  if [ ! -f /var/run/portmap.upgrade-state ]; then
-            sleep 1
-	    pmap_set </var/run/portmap.state
-	  fi
-	  rm -f /var/run/portmap.state
-	fi
-	;;
-    *)
-	echo "Usage: /etc/init.d/portmap {start|stop|reload|restart}"
-	exit 1
-	;;
-esac
-
-exit 0
-
diff --git a/meta/recipes-connectivity/portmap/portmap/portmap.service b/meta/recipes-connectivity/portmap/portmap/portmap.service
deleted file mode 100644
index 7ef9d7b02e..0000000000
--- a/meta/recipes-connectivity/portmap/portmap/portmap.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=The RPC portmapper
-After=network.target
-
-[Service]
-Type=forking
-ExecStart=@BASE_SBINDIR@/portmap
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch b/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch
deleted file mode 100644
index 2f25058095..0000000000
--- a/meta/recipes-connectivity/portmap/portmap/tcpd-config.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Upstream-Status: Backport
-
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 13 May 2007 21:17:32 +0000 (-0400)
-Subject: fix building with tcpd support disabled
-X-Git-Url: http://neil.brown.name/git?p=portmap;a=commitdiff_plain;h=7847207aed1b44faf077eed14a9ac9c68244eba5
-
-fix building with tcpd support disabled
-
-Make sure pmap_check.c only includes tcpd.h when HOSTS_ACCESS is defined.
-
-Signed-off-by: Timothy Redaelli <drizzt@gentoo.org>
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-Signed-off-by: Neil Brown <neilb@suse.de>
----
-
-diff --git a/pmap_check.c b/pmap_check.c
-index 84f2c12..443a822 100644
---- a/pmap_check.c
-+++ b/pmap_check.c
-@@ -44,7 +44,9 @@
- #include <netinet/in.h>
- #include <rpc/rpcent.h>
- #endif
-+#ifdef HOSTS_ACCESS
- #include <tcpd.h>
-+#endif
- #include <arpa/inet.h>
- #include <grp.h>
- 
diff --git a/meta/recipes-connectivity/portmap/portmap_6.0.bb b/meta/recipes-connectivity/portmap/portmap_6.0.bb
deleted file mode 100644
index 999b4a9374..0000000000
--- a/meta/recipes-connectivity/portmap/portmap_6.0.bb
+++ /dev/null
@@ -1,35 +0,0 @@
-require portmap.inc
-
-DEPENDS_append_libc-musl = " libtirpc "
-
-PR = "r9"
-
-SRC_URI = "http://www.sourcefiles.org/Networking/Tools/Miscellanenous/portmap-6.0.tgz \
-           file://destdir-no-strip.patch \
-           file://tcpd-config.patch \
-           file://portmap.init \
-           file://portmap.service"
-
-SRC_URI[md5sum] = "ac108ab68bf0f34477f8317791aaf1ff"
-SRC_URI[sha256sum] = "02c820d39f3e6e729d1bea3287a2d8a6c684f1006fb9612f97dcad4a281d41de"
-
-S = "${WORKDIR}/${BPN}_${PV}/"
-
-PACKAGECONFIG ??= "tcp-wrappers"
-PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers"
-
-CPPFLAGS += "-DFACILITY=LOG_DAEMON -DENABLE_DNS -DHOSTS_ACCESS"
-CFLAGS += "-Wall -Wstrict-prototypes -fPIC"
-EXTRA_OEMAKE += "'NO_TCP_WRAPPER=${@bb.utils.contains('PACKAGECONFIG', 'tcp-wrappers', '', '1', d)}'"
-CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc "
-LDFLAGS_append_libc-musl = " -ltirpc "
-
-do_install() {
-    install -d ${D}${mandir}/man8/ ${D}${base_sbindir} ${D}${sysconfdir}/init.d
-    install -m 0755 ${WORKDIR}/portmap.init ${D}${sysconfdir}/init.d/portmap
-    oe_runmake install DESTDIR=${D}
-
-    install -d ${D}${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/portmap.service ${D}${systemd_unitdir}/system
-    sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/portmap.service
-}
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
index 51a76b4299..b5f68951d7 100644
--- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
+++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
@@ -4,8 +4,7 @@ DEPENDS = "ppp"
 RDEPENDS_${PN} = "ppp"
 PR = "r8"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
-                    file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 
 SRC_URI = "file://host-peer \
            file://ppp-dialin"
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
index 8aa2d2e678..ea4969b366 100644
--- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
+++ b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
@@ -3,34 +3,14 @@ From: Lu Chong <Chong.Lu@windriver.com>
 Date: Tue, 5 Nov 2013 17:32:56 +0800
 Subject: [PATCH] ppp: Fix compilation errors in Makefile
 
-This patch fixes below issues:
-
-1. Make can't exit while compilation error occurs in subdir for plugins building.
-
-2. If build ppp with newer kernel (3.10.10), it will pick 'if_pppox.h' from sysroot-dir and
-   'if_pppol2tp.h' from its own source dir, this cause below build errors:
-
-        bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:84:26:
-        error: field 'pppol2tp' has incomplete type
-          struct pppol2tpin6_addr pppol2tp;
-                                  ^
-        bitbake_build/tmp/sysroots/intel-x86-64/usr/include/linux/if_pppox.h:99:28:
-        error: field 'pppol2tp' has incomplete type
-          struct pppol2tpv3in6_addr pppol2tp;
-                                    ^
-
-The 'sysroot-dir/if_pppox.h' enabled ipv6 support but the 'source-dir/if_pppol2tp.h' lost
-related structure definitions, we should use both header files from sysroots to fix this
-build failure.
+Make can't exit while compilation error occurs in subdir for plugins building.
 
 Upstream-Status: Pending
 
 Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
 ---
- pppd/plugins/Makefile.linux          |    2 +-
- pppd/plugins/pppol2tp/Makefile.linux |    2 +-
- pppd/plugins/rp-pppoe/Makefile.linux |    2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
+ pppd/plugins/Makefile.linux          |    1 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
 
 diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
 index 0a7ec7b..2a2c15a 100644
@@ -45,31 +25,6 @@ index 0a7ec7b..2a2c15a 100644
  
  %.so: %.c
  	$(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
-diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
-index 19eff67..feb2f52 100644
---- a/pppd/plugins/pppol2tp/Makefile.linux
-+++ b/pppd/plugins/pppol2tp/Makefile.linux
-@@ -1,6 +1,6 @@
- #CC	= gcc
- COPTS	= -O2 -g
--CFLAGS	= $(COPTS) -I. -I../.. -I../../../include -fPIC
-+CFLAGS	= $(COPTS) -I. -I../.. -fPIC
- LDFLAGS	= -shared
- INSTALL	= install
- 
-diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
-index f078991..15b9118 100644
---- a/pppd/plugins/rp-pppoe/Makefile.linux
-+++ b/pppd/plugins/rp-pppoe/Makefile.linux
-@@ -26,7 +26,7 @@ INSTALL	= install
- RP_VERSION=3.8p
- 
- COPTS=-O2 -g
--CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
-+CFLAGS=$(COPTS) '-DRP_VERSION="$(RP_VERSION)"'
- all: rp-pppoe.so pppoe-discovery
- 
- pppoe-discovery: pppoe-discovery.o debug.o
 -- 
 1.7.9.5
 
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
new file mode 100644
index 0000000000..a32f89fbc8
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
@@ -0,0 +1,43 @@
+commit cd90fd147844a0cfec101f1e2db7a3c59d236621
+Author: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Date:   Wed Dec 28 14:11:22 2016 +0200
+
+pppol2tp plugin: Remove unneeded include
+
+The include is not required and will break compile on musl libc with
+    
+| In file included from pppol2tp.c:34:0:
+| /usr/include/linux/if.h:97:2: error: expected identifier before numeric constant
+|   IFF_LOWER_UP   = 1<<16, /* __volatile__ */
+
+Patch originally from Khem Raj.
+
+Upstream-Status: Pending [https://github.com/paulusmack/ppp/issues/73]
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+
+diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
+index 9643b96..458316b 100644
+--- a/pppd/plugins/pppol2tp/openl2tp.c
++++ b/pppd/plugins/pppol2tp/openl2tp.c
+@@ -47,7 +47,6 @@
+ #include <linux/if_ether.h>
+ #include <linux/ppp_defs.h>
+ #include <linux/if_ppp.h>
+-#include <linux/if_pppox.h>
+ #include <linux/if_pppol2tp.h>
+ 
+ #include "l2tp_event.h"
+diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
+index 0e28606..4f6d98c 100644
+--- a/pppd/plugins/pppol2tp/pppol2tp.c
++++ b/pppd/plugins/pppol2tp/pppol2tp.c
+@@ -46,7 +46,6 @@
+ #include <linux/if_ether.h>
+ #include <linux/ppp_defs.h>
+ #include <linux/if_ppp.h>
+-#include <linux/if_pppox.h>
+ #include <linux/if_pppol2tp.h>
+ 
+ /* should be added to system's socket.h... */
+---
+
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch
new file mode 100644
index 0000000000..9362d12648
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch
@@ -0,0 +1,54 @@
+From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001
+From: Lubomir Rintel <lkundrak@v3.sk>
+Date: Mon, 9 Jan 2017 13:34:23 +0000
+Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
+
+This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be
+included before <linux/in.h> otherwise the earlier, unaware of the latter,
+tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work
+alone anymore, since it pulls the headers in the wrong order, so we better
+include <netinet/in.h> early.
+
+Upstream-Status: Backport
+[https://github.com/paulusmack/ppp/commit/50a2997b256e0e0ef7a46fae133f56f60fce539c]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ pppd/plugins/rp-pppoe/pppoe.h | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
+index 9ab2eee..c4aaa6e 100644
+--- a/pppd/plugins/rp-pppoe/pppoe.h
++++ b/pppd/plugins/rp-pppoe/pppoe.h
+@@ -47,6 +47,10 @@
+ #include <sys/socket.h>
+ #endif
+ 
++/* This has to be included before Linux 4.8's linux/in.h
++ * gets dragged in. */
++#include <netinet/in.h>
++
+ /* Ugly header files on some Linux boxes... */
+ #if defined(HAVE_LINUX_IF_H)
+ #include <linux/if.h>
+@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t;
+ #include <linux/if_ether.h>
+ #endif
+ 
+-#include <netinet/in.h>
+-
+ #ifdef HAVE_NETINET_IF_ETHER_H
+ #include <sys/types.h>
+ 
+@@ -98,7 +100,6 @@ typedef unsigned long UINT32_t;
+ #endif
+ 
+ 
+-
+ /* Ethernet frame types according to RFC 2516 */
+ #define ETH_PPPOE_DISCOVERY 0x8863
+ #define ETH_PPPOE_SESSION   0x8864
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch b/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
index db4dbc27a9..7dd69d8f4d 100644
--- a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
+++ b/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
@@ -4,10 +4,11 @@ Rebased it to fit ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
 
 Upstream-Status: Inappropriate [debian/suse patches]
 
-diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
---- ppp-2.4.5-orig/pppd/ipcp.c	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/pppd/ipcp.c	2010-06-30 16:40:00.478716855 +0800
-@@ -198,6 +198,16 @@
+Index: ppp-2.4.7/pppd/ipcp.c
+===================================================================
+--- ppp-2.4.7.orig/pppd/ipcp.c
++++ ppp-2.4.7/pppd/ipcp.c
+@@ -198,6 +198,16 @@ static option_t ipcp_option_list[] = {
        "disable defaultroute option", OPT_ALIAS | OPT_A2CLR,
        &ipcp_wantoptions[0].default_route },
  
@@ -24,7 +25,7 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
      { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp,
        "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp },
      { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp,
-@@ -271,7 +281,7 @@
+@@ -271,7 +281,7 @@ struct protent ipcp_protent = {
      ip_active_pkt
  };
  
@@ -33,7 +34,7 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
  static void ipcp_script __P((char *, int));	/* Run an up/down script */
  static void ipcp_script_done __P((void *));
  
-@@ -1742,7 +1752,12 @@
+@@ -1761,7 +1771,12 @@ ip_demand_conf(u)
      if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE))
  	return 0;
      if (wo->default_route)
@@ -46,7 +47,7 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
  	    default_route_set[u] = 1;
      if (wo->proxy_arp)
  	if (sifproxyarp(u, wo->hisaddr))
-@@ -1830,7 +1845,8 @@
+@@ -1849,7 +1864,8 @@ ipcp_up(f)
       */
      if (demand) {
  	if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) {
@@ -56,7 +57,7 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
  	    if (go->ouraddr != wo->ouraddr) {
  		warn("Local IP address changed to %I", go->ouraddr);
  		script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
-@@ -1855,7 +1871,12 @@
+@@ -1874,7 +1890,12 @@ ipcp_up(f)
  
  	    /* assign a default route through the interface if required */
  	    if (ipcp_wantoptions[f->unit].default_route) 
@@ -69,7 +70,7 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
  		    default_route_set[f->unit] = 1;
  
  	    /* Make a proxy ARP entry if requested. */
-@@ -1905,7 +1926,12 @@
+@@ -1924,7 +1945,12 @@ ipcp_up(f)
  
  	/* assign a default route through the interface if required */
  	if (ipcp_wantoptions[f->unit].default_route) 
@@ -82,7 +83,7 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
  		default_route_set[f->unit] = 1;
  
  	/* Make a proxy ARP entry if requested. */
-@@ -1983,7 +2009,7 @@
+@@ -2002,7 +2028,7 @@ ipcp_down(f)
  	sifnpmode(f->unit, PPP_IP, NPMODE_DROP);
  	sifdown(f->unit);
  	ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr,
@@ -91,7 +92,7 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
      }
  
      /* Execute the ip-down script */
-@@ -1999,12 +2025,21 @@
+@@ -2018,12 +2044,21 @@ ipcp_down(f)
   * proxy arp entries, etc.
   */
  static void
@@ -115,10 +116,11 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
  	cifproxyarp(unit, hisaddr);
  	proxy_arp_set[unit] = 0;
      }
-diff -urN ppp-2.4.5-orig/pppd/ipcp.h ppp-2.4.5/pppd/ipcp.h
---- ppp-2.4.5-orig/pppd/ipcp.h	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/ipcp.h	2010-06-30 16:40:49.586203129 +0800
-@@ -70,6 +70,7 @@
+Index: ppp-2.4.7/pppd/ipcp.h
+===================================================================
+--- ppp-2.4.7.orig/pppd/ipcp.h
++++ ppp-2.4.7/pppd/ipcp.h
+@@ -70,6 +70,7 @@ typedef struct ipcp_options {
      bool old_addrs;		/* Use old (IP-Addresses) option? */
      bool req_addr;		/* Ask peer to send IP address? */
      bool default_route;		/* Assign default route through interface? */
@@ -126,10 +128,11 @@ diff -urN ppp-2.4.5-orig/pppd/ipcp.h ppp-2.4.5/pppd/ipcp.h
      bool proxy_arp;		/* Make proxy ARP entry for peer? */
      bool neg_vj;		/* Van Jacobson Compression? */
      bool old_vj;		/* use old (short) form of VJ option? */
-diff -urN ppp-2.4.5-orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8
---- ppp-2.4.5-orig/pppd/pppd.8	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/pppd.8	2010-06-30 16:42:47.102413859 +0800
-@@ -121,6 +121,13 @@
+Index: ppp-2.4.7/pppd/pppd.8
+===================================================================
+--- ppp-2.4.7.orig/pppd/pppd.8
++++ ppp-2.4.7/pppd/pppd.8
+@@ -121,6 +121,13 @@ the gateway, when IPCP negotiation is su
  This entry is removed when the PPP connection is broken.  This option
  is privileged if the \fInodefaultroute\fR option has been specified.
  .TP
@@ -143,7 +146,7 @@ diff -urN ppp-2.4.5-orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8
  .B disconnect \fIscript
  Execute the command specified by \fIscript\fR, by passing it to a
  shell, after
-@@ -717,7 +724,12 @@
+@@ -734,7 +741,12 @@ disable both forms of hardware flow cont
  .TP
  .B nodefaultroute
  Disable the \fIdefaultroute\fR option.  The system administrator who
@@ -157,10 +160,11 @@ diff -urN ppp-2.4.5-orig/pppd/pppd.8 ppp-2.4.5/pppd/pppd.8
  can do so by placing this option in the /etc/ppp/options file.
  .TP
  .B nodeflate
-diff -urN ppp-2.4.5-orig/pppd/pppd.h ppp-2.4.5/pppd/pppd.h
---- ppp-2.4.5-orig/pppd/pppd.h	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/pppd/pppd.h	2010-06-30 16:43:36.514148327 +0800
-@@ -643,7 +643,11 @@
+Index: ppp-2.4.7/pppd/pppd.h
+===================================================================
+--- ppp-2.4.7.orig/pppd/pppd.h
++++ ppp-2.4.7/pppd/pppd.h
+@@ -665,7 +665,11 @@ int  sif6addr __P((int, eui64_t, eui64_t
  int  cif6addr __P((int, eui64_t, eui64_t));
  				/* Remove an IPv6 address from i/f */
  #endif
@@ -172,19 +176,20 @@ diff -urN ppp-2.4.5-orig/pppd/pppd.h ppp-2.4.5/pppd/pppd.h
  				/* Create default route through i/f */
  int  cifdefaultroute __P((int, u_int32_t, u_int32_t));
  				/* Delete default route through i/f */
-diff -urN ppp-2.4.5-orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c
---- ppp-2.4.5-orig/pppd/sys-linux.c	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/pppd/sys-linux.c	2010-06-30 16:54:00.362716231 +0800
-@@ -206,6 +206,8 @@
- 
+Index: ppp-2.4.7/pppd/sys-linux.c
+===================================================================
+--- ppp-2.4.7.orig/pppd/sys-linux.c
++++ ppp-2.4.7/pppd/sys-linux.c
+@@ -207,6 +207,8 @@ static unsigned char inbuf[512]; /* buff
  static int	if_is_up;	/* Interface has been marked up */
+ static int	if6_is_up;	/* Interface has been marked up for IPv6, to help differentiate */
  static int	have_default_route;	/* Gateway for default route added */
 +static struct rtentry old_def_rt;       /* Old default route */
 +static int       default_rt_repl_rest;  /* replace and restore old default rt */
  static u_int32_t proxy_arp_addr;	/* Addr for proxy arp entry added */
  static char proxy_arp_dev[16];		/* Device for proxy arp entry */
  static u_int32_t our_old_addr;		/* for detecting address changes */
-@@ -1537,6 +1539,9 @@
+@@ -1545,6 +1547,9 @@ static int read_route_table(struct rtent
  	p = NULL;
      }
  
@@ -194,7 +199,7 @@ diff -urN ppp-2.4.5-orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c
      SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16);
      SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16);
      SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16);
-@@ -1606,20 +1611,51 @@
+@@ -1614,20 +1619,51 @@ int have_route_to(u_int32_t addr)
  /********************************************************************
   *
   * sifdefaultroute - assign a default route through the address given.
@@ -260,7 +265,7 @@ diff -urN ppp-2.4.5-orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c
      }
  
      memset (&rt, 0, sizeof (rt));
-@@ -1638,6 +1674,12 @@
+@@ -1646,6 +1682,12 @@ int sifdefaultroute (int unit, u_int32_t
  	    error("default route ioctl(SIOCADDRT): %m");
  	return 0;
      }
@@ -273,7 +278,7 @@ diff -urN ppp-2.4.5-orig/pppd/sys-linux.c ppp-2.4.5/pppd/sys-linux.c
  
      have_default_route = 1;
      return 1;
-@@ -1673,6 +1715,16 @@
+@@ -1681,6 +1723,16 @@ int cifdefaultroute (int unit, u_int32_t
  	    return 0;
  	}
      }
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
index d59717ebd3..8a69396cc7 100644
--- a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
+++ b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
@@ -6,10 +6,11 @@ Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
 
 Upstream-Status: Inappropriate [configuration]
 
-diff -urN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
---- ppp-2.4.5-orig/pppd/Makefile.linux	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/Makefile.linux	2010-06-30 17:08:21.806363042 +0800
-@@ -117,10 +117,10 @@
+Index: ppp-2.4.7/pppd/Makefile.linux
+===================================================================
+--- ppp-2.4.7.orig/pppd/Makefile.linux
++++ ppp-2.4.7/pppd/Makefile.linux
+@@ -120,10 +120,10 @@ CFLAGS   += -DHAS_SHADOW
  #LIBS     += -lshadow $(LIBS)
  endif
  
@@ -20,9 +21,9 @@ diff -urN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
 -endif
 +#endif
  
- ifdef NEEDDES
- ifndef USE_CRYPT
-@@ -169,10 +169,10 @@
+ ifdef USE_LIBUTIL
+ CFLAGS	+= -DHAVE_LOGWTMP=1
+@@ -177,10 +177,10 @@ LIBS	+= -ldl
  endif
  
  ifdef FILTER
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
new file mode 100644
index 0000000000..e53f240543
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
@@ -0,0 +1,84 @@
+Used openssl for the DES instead of the libcrypt / glibc
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: ppp-2.4.7/pppd/Makefile.linux
+===================================================================
+--- ppp-2.4.7.orig/pppd/Makefile.linux
++++ ppp-2.4.7/pppd/Makefile.linux
+@@ -38,7 +38,7 @@ LIBS =
+ # Uncomment the next 2 lines to include support for Microsoft's
+ # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
+ CHAPMS=y
+-USE_CRYPT=y
++#USE_CRYPT=y
+ # Don't use MSLANMAN unless you really know what you're doing.
+ #MSLANMAN=y
+ # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
+@@ -132,7 +132,7 @@ endif
+ 
+ ifdef NEEDDES
+ ifndef USE_CRYPT
+-LIBS     += -ldes $(LIBS)
++LIBS     += -lcrypto
+ else
+ CFLAGS   += -DUSE_CRYPT=1
+ endif
+Index: ppp-2.4.7/pppd/pppcrypt.c
+===================================================================
+--- ppp-2.4.7.orig/pppd/pppcrypt.c
++++ ppp-2.4.7/pppd/pppcrypt.c
+@@ -64,7 +64,7 @@ u_char *des_key;	/* OUT 64 bit DES key w
+ 	des_key[7] = Get7Bits(key, 49);
+ 
+ #ifndef USE_CRYPT
+-	des_set_odd_parity((des_cblock *)des_key);
++	DES_set_odd_parity((DES_cblock *)des_key);
+ #endif
+ }
+ 
+@@ -158,25 +158,25 @@ u_char *clear;	/* OUT 8 octets */
+ }
+ 
+ #else /* USE_CRYPT */
+-static des_key_schedule	key_schedule;
++static DES_key_schedule	key_schedule;
+ 
+ bool
+ DesSetkey(key)
+ u_char *key;
+ {
+-	des_cblock des_key;
++	DES_cblock des_key;
+ 	MakeKey(key, des_key);
+-	des_set_key(&des_key, key_schedule);
++	DES_set_key(&des_key, &key_schedule);
+ 	return (1);
+ }
+ 
+ bool
+-DesEncrypt(clear, key, cipher)
++DesEncrypt(clear, cipher)
+ u_char *clear;	/* IN  8 octets */
+ u_char *cipher;	/* OUT 8 octets */
+ {
+-	des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
+-	    key_schedule, 1);
++	DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
++	    &key_schedule, 1);
+ 	return (1);
+ }
+ 
+@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
+ u_char *cipher;	/* IN  8 octets */
+ u_char *clear;	/* OUT 8 octets */
+ {
+-	des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
+-	    key_schedule, 0);
++	DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
++	    &key_schedule, 0);
+ 	return (1);
+ }
+ 
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index 4437b5c519..644cde4562 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -4,14 +4,14 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
 SECTION = "console/network"
 HOMEPAGE = "http://samba.org/ppp/"
 BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
-DEPENDS = "libpcap"
+DEPENDS = "libpcap openssl virtual/crypt"
 LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
 LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
                     file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
                     file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
                     file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
 
-SRC_URI = "http://ppp.samba.org/ftp/ppp/ppp-${PV}.tar.gz \
+SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
            file://makefile.patch \
            file://cifdefroute.patch \
            file://pppd-resolv-varrun.patch \
@@ -30,6 +30,9 @@ SRC_URI = "http://ppp.samba.org/ftp/ppp/ppp-${PV}.tar.gz \
            file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \
            file://ppp@.service \
            file://fix-CVE-2015-3310.patch \
+           file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
+           file://0001-ppp-Remove-unneeded-include.patch \
+           file://ppp-2.4.7-DES-openssl.patch \
 "
 
 SRC_URI_append_libc-musl = "\
@@ -47,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"
 # Package Makefile computes CFLAGS, referencing COPTS.
 # Typically hard-coded to '-O2 -g' in the Makefile's.
 #
-EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'
+EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
 
 do_configure () {
 	oe_runconf
@@ -78,6 +81,10 @@ do_install_append () {
 	chmod u+s ${D}${sbindir}/pppd
 }
 
+do_install_append_libc-musl () {
+	install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h
+}
+
 CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
 PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools"
 FILES_${PN}        = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service"
diff --git a/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch b/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch
deleted file mode 100644
index c0e27f3d78..0000000000
--- a/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From fb10ab134d630705cae0c7be42437cc289af7d32 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 15 Mar 2016 21:36:02 +0000
-Subject: [PATCH] Use __c_ispeed and __c_ospeed on musl
-
-Original intention of these asserts is to find if termios structure
-is mapped correctly to locally define union, the get* APIs for
-baudrate would not do the right thing since they do not return the
-value from c_ospeed/c_ispeed but the value which is stored in iflag
-for baudrate.
-
-So we check if we are on Linux but not using glibc then we use
-__c_ispeed and __c_ospeed as defined in musl, however these are
-internal elements of structs it should not have been used this
-way.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
----
-Upstream-Status: Pending
-
- xioinitialize.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/xioinitialize.c b/xioinitialize.c
-index 9f50155..8fb2e4c 100644
---- a/xioinitialize.c
-+++ b/xioinitialize.c
-@@ -65,6 +65,12 @@ int xioinitialize(void) {
- #if HAVE_TERMIOS_ISPEED && (ISPEED_OFFSET != -1) && (OSPEED_OFFSET != -1)
- #if defined(ISPEED_OFFSET) && (ISPEED_OFFSET != -1)
- #if defined(OSPEED_OFFSET) && (OSPEED_OFFSET != -1)
-+#if defined(__linux__) && !defined(__GLIBC__)
-+      tdata.termarg.__c_ispeed = 0x56789abc;
-+      tdata.termarg.__c_ospeed = 0x6789abcd;
-+      assert(tdata.termarg.__c_ispeed == tdata.speeds[ISPEED_OFFSET]);
-+      assert(tdata.termarg.__c_ospeed == tdata.speeds[OSPEED_OFFSET]);
-+#else
-       tdata.termarg.c_ispeed = 0x56789abc;
-       tdata.termarg.c_ospeed = 0x6789abcd;
-       assert(tdata.termarg.c_ispeed == tdata.speeds[ISPEED_OFFSET]);
-@@ -72,6 +78,7 @@ int xioinitialize(void) {
- #endif
- #endif
- #endif
-+#endif
-    }
- #endif
- 
--- 
-2.8.0
-
diff --git a/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch b/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch
deleted file mode 100644
index 4bbd36766d..0000000000
--- a/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From e6a7d96fa3675bdd3f4d7a3d7682381789eef22f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 15 Feb 2016 20:25:34 +0000
-Subject: [PATCH] define NETDB_INTERNAL to -1 if not available
-
-helps build with musl
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- compat.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/compat.h b/compat.h
-index c8bee4d..bfb013a 100644
---- a/compat.h
-+++ b/compat.h
-@@ -666,6 +666,10 @@ typedef int sig_atomic_t;
- #  define NETDB_INTERNAL h_NETDB_INTERNAL
- #endif
- 
-+#if !defined(NETDB_INTERNAL)
-+#  define NETDB_INTERNAL (-1)
-+#endif
-+
- #ifndef INET_ADDRSTRLEN
- #  define INET_ADDRSTRLEN sizeof(struct sockaddr_in)
- #endif
--- 
-2.7.1
-
diff --git a/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch b/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
deleted file mode 100644
index aa4db65a79..0000000000
--- a/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c6f0080b55679b6e8b5d332d6e05fdcbda1e4064 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 4 May 2015 00:58:47 -0700
-Subject: [PATCH] Makefile.in: fix for parallel build
-
-Fixed:
-vsnprintf_r.o: file not recognized: File truncated
-collect2: error: ld returned 3 exit status
-Makefile:122: recipe for target 'filan' failed
-
-Let filan depend on vsnprintf_r.o and snprinterr.o to fix the issue.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- Makefile.in |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index f2a6edb..88b784b 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -118,7 +118,7 @@ PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysut
- procan: $(PROCAN_OBJS)
- 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(PROCAN_OBJS) $(CLIBS)
- 
--filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o
-+filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o
- 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o $(CLIBS)
- 
- libxio.a: $(XIOOBJS) $(UTLOBJS)
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.1.bb b/meta/recipes-connectivity/socat/socat_1.7.3.1.bb
deleted file mode 100644
index 4da6d3970b..0000000000
--- a/meta/recipes-connectivity/socat/socat_1.7.3.1.bb
+++ /dev/null
@@ -1,38 +0,0 @@
-SUMMARY = "Multipurpose relay for bidirectional data transfer"
-DESCRIPTION = "Socat is a relay for bidirectional data \
-transfer between two independent data channels."
-HOMEPAGE = "http://www.dest-unreach.org/socat/"
-
-SECTION = "console/network"
-
-DEPENDS = "openssl readline"
-
-LICENSE = "GPL-2.0+-with-OpenSSL-exception"
-LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f"
-
-
-SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
-           file://Makefile.in-fix-for-parallel-build.patch \
-           file://0001-define-NETDB_INTERNAL-to-1-if-not-available.patch \
-           file://0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch \
-"
-
-SRC_URI[md5sum] = "334e46924f2b386299c9db2ac22bcd36"
-SRC_URI[sha256sum] = "d2da659540c38139f388e9437bfaae16bb458d174d056cb3228432a8f489fbaa"
-
-inherit autotools
-
-EXTRA_AUTORECONF += "--exclude=autoheader"
-
-EXTRA_OECONF += "ac_cv_have_z_modifier=yes \
-        ac_cv_header_bsd_libutil_h=no \
-"
-
-PACKAGECONFIG ??= "tcp-wrappers"
-PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
-
-do_install_prepend () {
-    mkdir -p ${D}${bindir}
-    install -d ${D}${bindir} ${D}${mandir}/man1
-}
diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.3.bb b/meta/recipes-connectivity/socat/socat_1.7.3.3.bb
new file mode 100644
index 0000000000..1dbbe5cd55
--- /dev/null
+++ b/meta/recipes-connectivity/socat/socat_1.7.3.3.bb
@@ -0,0 +1,52 @@
+SUMMARY = "Multipurpose relay for bidirectional data transfer"
+DESCRIPTION = "Socat is a relay for bidirectional data \
+transfer between two independent data channels."
+HOMEPAGE = "http://www.dest-unreach.org/socat/"
+
+SECTION = "console/network"
+
+DEPENDS = "openssl"
+
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f"
+
+SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
+"
+
+SRC_URI[md5sum] = "b2a032a47b8b89a18485697fa975154f"
+SRC_URI[sha256sum] = "0dd63ffe498168a4aac41d307594c5076ff307aa0ac04b141f8f1cec6594d04a"
+
+inherit autotools
+
+EXTRA_AUTORECONF += "--exclude=autoheader"
+
+EXTRA_OECONF += "ac_cv_have_z_modifier=yes \
+                 ac_cv_header_bsd_libutil_h=no \
+                 sc_cv_termios_ispeed=no \
+                 ${TERMBITS_SHIFTS} \
+"
+
+TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \
+                    sc_cv_sys_tabdly_shift=11 \
+                    sc_cv_sys_csize_shift=4"
+
+TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \
+                           sc_cv_sys_tabdly_shift=10 \
+                           sc_cv_sys_csize_shift=8"
+
+TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \
+                             sc_cv_sys_tabdly_shift=10 \
+                             sc_cv_sys_csize_shift=8"
+
+PACKAGECONFIG_class-target ??= "tcp-wrappers readline"
+PACKAGECONFIG ??= "readline"
+PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline"
+
+do_install_prepend () {
+    mkdir -p ${D}${bindir}
+    install -d ${D}${bindir} ${D}${mandir}/man1
+}
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch
deleted file mode 100644
index f34e243de9..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/avoid_strip.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-wireless_tools: Avoid stripping iwmulticall
-
-Upstream-Status: Inappropriate [other]
-  The removed code was from upstream.
-
-Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
-
-diff -ur wireless_tools.29.orig/Makefile wireless_tools.29/Makefile
---- wireless_tools.29.orig/Makefile	2011-06-18 11:35:12.183907453 -0500
-+++ wireless_tools.29/Makefile	2011-06-18 11:38:09.995907985 -0500
-@@ -135,9 +135,8 @@
- 
- macaddr: macaddr.o $(IWLIB)
- 
--# Always do symbol stripping here
- iwmulticall: iwmulticall.o
--	$(CC) $(LDFLAGS) -Wl,-s $(XCFLAGS) -o $@ $^ $(LIBS)
-+	$(CC) $(LDFLAGS) $(STRIPFLAGS) $(XCFLAGS) -o $@ $^ $(LIBS)
- 
- # It's a kind of magic...
- wireless.h:
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch
deleted file mode 100644
index 6c0d8cbd2e..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/ldflags.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-wireless-tools: Remove QA warning: No GNU_HASH in the elf binary
-
-Upstream-Status: Inappropriate [other]
-  Useful within bitbake environment only.
-
-Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
-
----
- Makefile |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- wireless_tools.29.orig/Makefile
-+++ wireless_tools.29/Makefile
-@@ -144,7 +144,7 @@ wireless.h:
- 
- # Compilation of the dynamic library
- $(DYNAMIC): $(OBJS:.o=.so)
--	$(CC) -shared -o $@ -Wl,-soname,$@ $(STRIPFLAGS) $(LIBS) -lc $^
-+	$(CC) -shared -o $@ -Wl,-soname,$@ $(LDFLAGS) $(STRIPFLAGS) $(LIBS) -lc $^
- 
- # Compilation of the static library
- $(STATIC): $(OBJS:.o=.so)
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch
deleted file mode 100644
index 6a757dae76..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/man.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-Index: wireless_tools.30/Makefile
-===================================================================
---- wireless_tools.30.orig/Makefile	2014-02-01 00:21:04.148463382 -0800
-+++ wireless_tools.30/Makefile	2014-02-01 00:23:35.448072279 -0800
-@@ -76,7 +76,7 @@
- INSTALL_DIR= $(PREFIX)/sbin
- INSTALL_LIB= $(PREFIX)/lib
- INSTALL_INC= $(PREFIX)/include
--INSTALL_MAN= $(PREFIX)/man
-+INSTALL_MAN= $(PREFIX)/share/man
- 
- # Various commands
- RM = rm -f
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch b/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch
deleted file mode 100644
index 3a22c3f1e7..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools/remove.ldconfig.call.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-When /etc/ld.so.cache is writeable by user running bitbake then it creates invalid cache 
-(in my case libstdc++.so cannot be found after building zlib(-native) and I have to call 
-touch */libstdc++.so && /sbin/ldconfig to fix it.
-
-So remove ldconfig call from make install-libs
-
-Upstream-Status: Inappropriate [disable feature]
-
-diff -uNr wireless_tools.29.orig/Makefile wireless_tools.29/Makefile
---- wireless_tools.29.orig/Makefile	2007-09-18 01:56:46.000000000 +0200
-+++ wireless_tools.29/Makefile	2012-02-15 20:46:41.780763514 +0100
-@@ -163,7 +163,6 @@
- 	install -m 755 $(DYNAMIC) $(INSTALL_LIB)
- 	ln -sfn $(DYNAMIC) $(INSTALL_LIB)/$(DYNAMIC_LINK)
- 	@echo "*** Don't forget to add $(INSTALL_LIB) to /etc/ld.so.conf, and run ldconfig as root. ***"
--	@$(LDCONFIG) || echo "*** Could not run ldconfig ! ***"
- 
- # Install the static library
- install-static:: $(STATIC)
diff --git a/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb b/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb
deleted file mode 100644
index c3b8f665b1..0000000000
--- a/meta/recipes-connectivity/wireless-tools/wireless-tools_30.pre9.bb
+++ /dev/null
@@ -1,50 +0,0 @@
-SUMMARY = "Tools for the Linux Standard Wireless Extension Subsystem"
-HOMEPAGE = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html"
-LICENSE = "GPLv2 & (LGPLv2.1 | MPL-1.1 | BSD)"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-			file://iwconfig.c;beginline=1;endline=12;md5=cf710eb1795c376eb10ea4ff04649caf \
-			file://iwevent.c;beginline=59;endline=72;md5=d66a10026d4394f0a5b1c5587bce4537 \
-			file://sample_enc.c;beginline=1;endline=4;md5=838372be07874260b566bae2f6ed33b6"
-SECTION = "base"
-PE = "1"
-
-SRC_URI = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/wireless_tools.${PV}.tar.gz \
-           file://remove.ldconfig.call.patch \
-           file://man.patch \
-           file://avoid_strip.patch \
-           file://ldflags.patch \
-          "
-SRC_URI[md5sum] = "ca91ba7c7eff9bfff6926b1a34a4697d"
-SRC_URI[sha256sum] = "abd9c5c98abf1fdd11892ac2f8a56737544fe101e1be27c6241a564948f34c63"
-
-UPSTREAM_CHECK_URI = "http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html"
-UPSTREAM_CHECK_REGEX = "wireless_tools\.(?P<pver>(\d+)(\..*|))\.tar\.gz"
-
-S = "${WORKDIR}/wireless_tools.30"
-
-CFLAGS =+ "-I${S}"
-EXTRA_OEMAKE = "-e 'BUILD_SHARED=y' \
-		'INSTALL_DIR=${D}${base_sbindir}' \
-		'INSTALL_LIB=${D}${libdir}' \
-		'INSTALL_INC=${D}${includedir}' \
-		'INSTALL_MAN=${D}${mandir}'"
-
-do_compile() {
-	oe_runmake all libiw.a
-}
-
-do_install() {
-	oe_runmake PREFIX=${D} install-iwmulticall install-dynamic install-man install-hdr
-	install -d ${D}${sbindir}
-	install -m 0755 ifrename ${D}${sbindir}/ifrename
-}
-
-PACKAGES = "libiw libiw-dev libiw-doc ifrename-doc ifrename ${PN} ${PN}-doc ${PN}-dbg"
-
-FILES_libiw = "${libdir}/*.so.*"
-FILES_libiw-dev = "${libdir}/*.a ${libdir}/*.so ${includedir}"
-FILES_libiw-doc = "${mandir}/man7"
-FILES_ifrename = "${sbindir}/ifrename"
-FILES_ifrename-doc = "${mandir}/man8/ifrename.8 ${mandir}/man5/iftab.5"
-FILES_${PN} = "${bindir} ${sbindir}/iw* ${base_sbindir} ${base_bindir} ${sysconfdir}/network"
-FILES_${PN}-doc = "${mandir}"
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
new file mode 100644
index 0000000000..7b0713cf6d
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
@@ -0,0 +1,82 @@
+hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication
+of disconnection in certain situations because source address validation is
+mishandled. This is a denial of service that should have been prevented by PMF
+(aka management frame protection). The attacker must send a crafted 802.11 frame
+from a location that is within the 802.11 communications range.
+
+CVE: CVE-2019-16275
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Thu, 29 Aug 2019 11:52:04 +0300
+Subject: [PATCH] AP: Silently ignore management frame from unexpected source
+ address
+
+Do not process any received Management frames with unexpected/invalid SA
+so that we do not add any state for unexpected STA addresses or end up
+sending out frames to unexpected destination. This prevents unexpected
+sequences where an unprotected frame might end up causing the AP to send
+out a response to another device and that other device processing the
+unexpected response.
+
+In particular, this prevents some potential denial of service cases
+where the unexpected response frame from the AP might result in a
+connected station dropping its association.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/drv_callbacks.c | 13 +++++++++++++
+ src/ap/ieee802_11.c    | 12 ++++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
+index 31587685fe3b..34ca379edc3d 100644
+--- a/src/ap/drv_callbacks.c
++++ b/src/ap/drv_callbacks.c
+@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
+ 			   "hostapd_notif_assoc: Skip event with no address");
+ 		return -1;
+ 	}
++
++	if (is_multicast_ether_addr(addr) ||
++	    is_zero_ether_addr(addr) ||
++	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
++			   " in received indication - ignore this indication silently",
++			   __func__, MAC2STR(addr));
++		return 0;
++	}
++
+ 	random_add_randomness(addr, ETH_ALEN);
+ 
+ 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index c85a28db44b7..e7065372e158 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
+ 	fc = le_to_host16(mgmt->frame_control);
+ 	stype = WLAN_FC_GET_STYPE(fc);
+ 
++	if (is_multicast_ether_addr(mgmt->sa) ||
++	    is_zero_ether_addr(mgmt->sa) ||
++	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
++		/* Do not process any frames with unexpected/invalid SA so that
++		 * we do not add any state for unexpected STA addresses or end
++		 * up sending out frames to unexpected destination. */
++		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
++			   " in received frame - ignore this frame silently",
++			   MAC2STR(mgmt->sa));
++		return 0;
++	}
++
+ 	if (stype == WLAN_FC_STYPE_BEACON) {
+ 		handle_beacon(hapd, mgmt, len, fi);
+ 		return 1;
+-- 
+2.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
deleted file mode 100644
index dd7d5f7267..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Fri, 4 Mar 2016 18:46:41 +0200
-Subject: [PATCH 1/3] Reject psk parameter set with invalid passphrase
- character
-
-WPA/WPA2-Personal passphrase is not allowed to include control
-characters. Reject a passphrase configuration attempt if that passphrase
-includes an invalid passphrase.
-
-This fixes an issue where wpa_supplicant could have updated the
-configuration file psk parameter with arbitrary data from the control
-interface or D-Bus interface. While those interfaces are supposed to be
-accessible only for trusted users/applications, it may be possible that
-an untrusted user has access to a management software component that
-does not validate the passphrase value before passing it to
-wpa_supplicant.
-
-This could allow such an untrusted user to inject up to 63 characters of
-almost arbitrary data into the configuration file. Such configuration
-file could result in wpa_supplicant trying to load a library (e.g.,
-opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
-load_dynamic_eap) from user controlled location when starting again.
-This would allow code from that library to be executed under the
-wpa_supplicant process privileges.
-
-Upstream-Status: Backport
-
-CVE: CVE-2016-4477
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
----
- wpa_supplicant/config.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
-index b1c7870..fdd9643 100644
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data,
- 		}
- 		wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
- 				      (u8 *) value, len);
-+		if (has_ctrl_char((u8 *) value, len)) {
-+			wpa_printf(MSG_ERROR,
-+				   "Line %d: Invalid passphrase character",
-+				   line);
-+			return -1;
-+		}
- 		if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
- 		    os_memcmp(ssid->passphrase, value, len) == 0) {
- 			/* No change to the previously configured value */
--- 
-1.9.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
deleted file mode 100644
index db222e41d4..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From ecbb0b3dc122b0d290987cf9c84010bbe53e1022 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Fri, 4 Mar 2016 17:20:18 +0200
-Subject: [PATCH 1/2] WPS: Reject a Credential with invalid passphrase
-
-WPA/WPA2-Personal passphrase is not allowed to include control
-characters. Reject a Credential received from a WPS Registrar both as
-STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
-WPA2PSK authentication type and includes an invalid passphrase.
-
-This fixes an issue where hostapd or wpa_supplicant could have updated
-the configuration file PSK/passphrase parameter with arbitrary data from
-an external device (Registrar) that may not be fully trusted. Should
-such data include a newline character, the resulting configuration file
-could become invalid and fail to be parsed.
-
-Upstream-Status: Backport
-
-CVE: CVE-2016-4476
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
----
- src/utils/common.c         | 12 ++++++++++++
- src/utils/common.h         |  1 +
- src/wps/wps_attr_process.c | 10 ++++++++++
- 3 files changed, 23 insertions(+)
-
-diff --git a/src/utils/common.c b/src/utils/common.c
-index 450e2c6..27b7c02 100644
---- a/src/utils/common.c
-+++ b/src/utils/common.c
-@@ -697,6 +697,18 @@ int is_hex(const u8 *data, size_t len)
- }
- 
- 
-+int has_ctrl_char(const u8 *data, size_t len)
-+{
-+	size_t i;
-+
-+	for (i = 0; i < len; i++) {
-+		if (data[i] < 32 || data[i] == 127)
-+			return 1;
-+	}
-+	return 0;
-+}
-+
-+
- size_t merge_byte_arrays(u8 *res, size_t res_len,
- 			 const u8 *src1, size_t src1_len,
- 			 const u8 *src2, size_t src2_len)
-diff --git a/src/utils/common.h b/src/utils/common.h
-index 701dbb2..a972240 100644
---- a/src/utils/common.h
-+++ b/src/utils/common.h
-@@ -488,6 +488,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
- 
- char * wpa_config_parse_string(const char *value, size_t *len);
- int is_hex(const u8 *data, size_t len);
-+int has_ctrl_char(const u8 *data, size_t len);
- size_t merge_byte_arrays(u8 *res, size_t res_len,
- 			 const u8 *src1, size_t src1_len,
- 			 const u8 *src2, size_t src2_len);
-diff --git a/src/wps/wps_attr_process.c b/src/wps/wps_attr_process.c
-index eadb22f..e8c4579 100644
---- a/src/wps/wps_attr_process.c
-+++ b/src/wps/wps_attr_process.c
-@@ -229,6 +229,16 @@ static int wps_workaround_cred_key(struct wps_credential *cred)
- 		cred->key_len--;
- #endif /* CONFIG_WPS_STRICT */
- 	}
-+
-+
-+	if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
-+	    (cred->key_len < 8 || has_ctrl_char(cred->key, cred->key_len))) {
-+		wpa_printf(MSG_INFO, "WPS: Reject credential with invalid WPA/WPA2-Personal passphrase");
-+		wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
-+				      cred->key, cred->key_len);
-+		return -1;
-+	}
-+
- 	return 0;
- }
- 
---
-1.9.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
new file mode 100644
index 0000000000..a476cf040e
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
@@ -0,0 +1,52 @@
+From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
+From: Joshua DeWeese <jdeweese@hennypenny.com>
+Date: Wed, 30 Jan 2019 16:19:47 -0500
+Subject: [PATCH] replace systemd install Alias with WantedBy
+
+According to the systemd documentation "WantedBy=foo.service in a
+service bar.service is mostly equivalent to
+Alias=foo.service.wants/bar.service in the same file." However,
+this is not really the intended purpose of install Aliases.
+
+Upstream-Status: Submitted [hostap@lists.infradead.org]
+
+Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
+---
+ wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in   | 2 +-
+ wpa_supplicant/systemd/wpa_supplicant.service.arg.in         | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+index 03ac507..da69a87 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+index c8a744d..ca3054b 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
++WantedBy=multi-user.target
+diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+index 7788b38..55d2b9c 100644
+--- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
++++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
+@@ -12,4 +12,4 @@ Type=simple
+ ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
+ 
+ [Install]
+-Alias=multi-user.target.wants/wpa_supplicant@%i.service
++WantedBy=multi-user.target
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
deleted file mode 100644
index cad7425c36..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From b166cd84a77a6717be9600bf95378a0055d6f5a5 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 5 Apr 2016 23:33:10 +0300
-Subject: [PATCH 2/3] Reject SET_CRED commands with newline characters in the
- string values
-
-Most of the cred block parameters are written as strings without
-filtering and if there is an embedded newline character in the value,
-unexpected configuration file data might be written.
-
-This fixes an issue where wpa_supplicant could have updated the
-configuration file cred parameter with arbitrary data from the control
-interface or D-Bus interface. While those interfaces are supposed to be
-accessible only for trusted users/applications, it may be possible that
-an untrusted user has access to a management software component that
-does not validate the credential value before passing it to
-wpa_supplicant.
-
-This could allow such an untrusted user to inject almost arbitrary data
-into the configuration file. Such configuration file could result in
-wpa_supplicant trying to load a library (e.g., opensc_engine_path,
-pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
-controlled location when starting again. This would allow code from that
-library to be executed under the wpa_supplicant process privileges.
-
-Upstream-Status: Backport
-
-CVE: CVE-2016-4477
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
----
- wpa_supplicant/config.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
-index eb97cd5..69152ef 100644
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -2896,6 +2896,8 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
- 
- 	if (os_strcmp(var, "password") == 0 &&
- 	    os_strncmp(value, "ext:", 4) == 0) {
-+		if (has_newline(value))
-+			return -1;
- 		str_clear_free(cred->password);
- 		cred->password = os_strdup(value);
- 		cred->ext_password = 1;
-@@ -2946,9 +2948,14 @@ int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
- 	}
- 
- 	val = wpa_config_parse_string(value, &len);
--	if (val == NULL) {
-+	if (val == NULL ||
-+	    (os_strcmp(var, "excluded_ssid") != 0 &&
-+	     os_strcmp(var, "roaming_consortium") != 0 &&
-+	     os_strcmp(var, "required_roaming_consortium") != 0 &&
-+	     has_newline(val))) {
- 		wpa_printf(MSG_ERROR, "Line %d: invalid field '%s' string "
- 			   "value '%s'.", line, var, value);
-+		os_free(val);
- 		return -1;
- 	}
- 
--- 
-1.9.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
deleted file mode 100644
index cc7b01ad57..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 0fe5a234240a108b294a87174ad197f6b5cb38e9 Mon Sep 17 00:00:00 2001
-From: Paul Stewart <pstew@google.com>
-Date: Thu, 3 Mar 2016 15:40:19 -0800
-Subject: [PATCH 2/2] Remove newlines from wpa_supplicant config network
- output
-
-Spurious newlines output while writing the config file can corrupt the
-wpa_supplicant configuration. Avoid writing these for the network block
-parameters. This is a generic filter that cover cases that may not have
-been explicitly addressed with a more specific commit to avoid control
-characters in the psk parameter.
-
-Upstream-Status: Backport
-
-CVE: CVE-2016-4476
-
-Signed-off-by: Paul Stewart <pstew@google.com>
-Signed-off-by: Zhixiong Chi <Zhixiong.Chi.wrs.com>
----
- src/utils/common.c      | 11 +++++++++++
- src/utils/common.h      |  1 +
- wpa_supplicant/config.c | 15 +++++++++++++--
- 3 files changed, 25 insertions(+), 2 deletions(-)
-
-diff --git a/src/utils/common.c b/src/utils/common.c
-index 27b7c02..9856463 100644
---- a/src/utils/common.c
-+++ b/src/utils/common.c
-@@ -709,6 +709,17 @@ int has_ctrl_char(const u8 *data, size_t len)
- }
- 
- 
-+int has_newline(const char *str)
-+{
-+	while (*str) {
-+		if (*str == '\n' || *str == '\r')
-+			return 1;
-+		str++;
-+	}
-+	return 0;
-+}
-+
-+
- size_t merge_byte_arrays(u8 *res, size_t res_len,
- 			 const u8 *src1, size_t src1_len,
- 			 const u8 *src2, size_t src2_len)
-diff --git a/src/utils/common.h b/src/utils/common.h
-index a972240..d19927b 100644
---- a/src/utils/common.h
-+++ b/src/utils/common.h
-@@ -489,6 +489,7 @@ const char * wpa_ssid_txt(const u8 *ssid, size_t ssid_len);
- char * wpa_config_parse_string(const char *value, size_t *len);
- int is_hex(const u8 *data, size_t len);
- int has_ctrl_char(const u8 *data, size_t len);
-+int has_newline(const char *str);
- size_t merge_byte_arrays(u8 *res, size_t res_len,
- 			 const u8 *src1, size_t src1_len,
- 			 const u8 *src2, size_t src2_len);
-diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
-index fdd9643..eb97cd5 100644
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -2699,8 +2699,19 @@ char * wpa_config_get(struct wpa_ssid *ssid, const char *var)
- 
- 	for (i = 0; i < NUM_SSID_FIELDS; i++) {
- 		const struct parse_data *field = &ssid_fields[i];
--		if (os_strcmp(var, field->name) == 0)
--			return field->writer(field, ssid);
-+		if (os_strcmp(var, field->name) == 0) {
-+			char *ret = field->writer(field, ssid);
-+
-+			if (ret && has_newline(ret)) {
-+				wpa_printf(MSG_ERROR,
-+					   "Found newline in value for %s; not returning it",
-+					   var);
-+				os_free(ret);
-+				ret = NULL;
-+			}
-+
-+			return ret;
-+		}
- 	}
- 
- 	return NULL;
---
-1.9.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
deleted file mode 100644
index 5375db74b3..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 2a3f56502b52375c3bf113cf92adfa99bad6b488 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@qca.qualcomm.com>
-Date: Tue, 5 Apr 2016 23:55:48 +0300
-Subject: [PATCH 3/3] Reject SET commands with newline characters in the
- string values
-
-Many of the global configuration parameters are written as strings
-without filtering and if there is an embedded newline character in the
-value, unexpected configuration file data might be written.
-
-This fixes an issue where wpa_supplicant could have updated the
-configuration file global parameter with arbitrary data from the control
-interface or D-Bus interface. While those interfaces are supposed to be
-accessible only for trusted users/applications, it may be possible that
-an untrusted user has access to a management software component that
-does not validate the value of a parameter before passing it to
-wpa_supplicant.
-
-This could allow such an untrusted user to inject almost arbitrary data
-into the configuration file. Such configuration file could result in
-wpa_supplicant trying to load a library (e.g., opensc_engine_path,
-pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
-controlled location when starting again. This would allow code from that
-library to be executed under the wpa_supplicant process privileges.
-
-Upstream-Status: Backport
-
-CVE: CVE-2016-4477
-
-Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
----
- wpa_supplicant/config.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
-index 69152ef..d9a1603 100644
---- a/wpa_supplicant/config.c
-+++ b/wpa_supplicant/config.c
-@@ -3764,6 +3764,12 @@ static int wpa_global_config_parse_str(const struct global_parse_data *data,
- 		return -1;
- 	}
- 
-+	if (has_newline(pos)) {
-+		wpa_printf(MSG_ERROR, "Line %d: invalid %s value with newline",
-+			   line, data->name);
-+		return -1;
-+	}
-+
- 	tmp = os_strdup(pos);
- 	if (tmp == NULL)
- 		return -1;
--- 
-1.9.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
index 5c9e5d33a7..35a1aa639e 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
@@ -4,6 +4,7 @@
 WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
 WPA_SUP_PNAME="wpa_supplicant"
 WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
+WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant"
 WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
 
 VERBOSITY=0
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index a4160e1c5c..3e92427bb0 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.5.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -2,10 +2,10 @@ SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
 HOMEPAGE = "http://w1.fi/wpa_supplicant/"
 BUGTRACKER = "http://w1.fi/security/"
 SECTION = "network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=36b27801447e0662ee0138d17fe93880 \
-                    file://README;beginline=1;endline=56;md5=7f393579f8b109fe91f3b9765d26c7d3 \
-                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=3430fda79f2ba1dd545f0b3c4d6e4d24"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=279b4f5abb9c153c285221855ddb78cc \
+                    file://README;beginline=1;endline=56;md5=e7d3dbb01f75f0b9799e192731d1e1ff \
+                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=0a8b56d3543498b742b9c0e94cc2d18b"
 DEPENDS = "dbus libnl"
 RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
 
@@ -13,7 +13,7 @@ PACKAGECONFIG ??= "gnutls"
 PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
 PACKAGECONFIG[openssl] = ",,openssl"
 
-inherit systemd
+inherit pkgconfig systemd
 
 SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service"
 SYSTEMD_AUTO_ENABLE = "disable"
@@ -24,14 +24,13 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
            file://wpa_supplicant.conf \
            file://wpa_supplicant.conf-sane \
            file://99_wpa_supplicant \
-           file://0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch \
-           file://0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch \
-           file://0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch \
-           file://0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch \
-           file://0003-Reject-SET-commands-with-newline-characters-in-the-s.patch \
+           file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
+		   file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
           "
-SRC_URI[md5sum] = "96ff75c3a514f1f324560a2376f13110"
-SRC_URI[sha256sum] = "cce55bae483b364eae55c35ba567c279be442ed8bab5b80a3c7fb0d057b9b316"
+SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
+SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"
+
+CVE_PRODUCT = "wpa_supplicant"
 
 S = "${WORKDIR}/wpa_supplicant-${PV}"
 
@@ -44,8 +43,6 @@ CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
 do_configure () {
 	${MAKE} -C wpa_supplicant clean
 	install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
-	echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
-	echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
 	
 	if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
         	ssl=openssl