496 files changed, 18489 insertions, 10124 deletions

diff --git a/meta-selftest/recipes-test/devtool/devtool-test-patch-gz.bb b/meta-selftest/recipes-test/devtool/devtool-test-patch-gz.bb
index e45ee9f60a..fc3799590c 100644
--- a/meta-selftest/recipes-test/devtool/devtool-test-patch-gz.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-test-patch-gz.bb
@@ -6,6 +6,7 @@ DEPENDS = "libxres libxext virtual/libx11 ncurses"
 SRC_URI = "http://downloads.yoctoproject.org/releases/xrestop/xrestop-0.4.tar.gz \
            file://readme.patch.gz \
            "
+UPSTREAM_VERSION_UNKNOWN = "1"
 
 S = "${WORKDIR}/xrestop-0.4"
 
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb b/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb
index 4049be292b..333ecac7ed 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb
@@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://doc/COPYING;md5=9c50db2589ee3ef10a9b7b2e50ce1d02"
 
 SRC_URI = "http://www.ivarch.com/programs/sources/pv-${PV}.tar.gz \
            file://0001-Add-a-note-line-to-the-quick-reference.patch"
+UPSTREAM_CHECK_URI = "http://www.ivarch.com/programs/pv.shtml"
+RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
 
 SRC_URI[md5sum] = "9365d86bd884222b4bf1039b5a9ed1bd"
 SRC_URI[sha256sum] = "681bcca9784bf3cb2207e68236d1f68e2aa7b80f999b5750dc77dcd756e81fbc"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb.upgraded b/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb.upgraded
index 42c070506d..9d94f671db 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb.upgraded
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test1_1.5.3.bb.upgraded
@@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://doc/COPYING;md5=9c50db2589ee3ef10a9b7b2e50ce1d02"
 
 SRC_URI = "http://www.ivarch.com/programs/sources/pv-${PV}.tar.gz \
            file://0001-Add-a-note-line-to-the-quick-reference.patch"
+UPSTREAM_CHECK_URI = "http://www.ivarch.com/programs/pv.shtml"
+RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
 
 SRC_URI[md5sum] = "062bca5ff33df1dd09472e7fc3bbe332"
 SRC_URI[sha256sum] = "9dd45391806b0ed215abee4c5ac1597d018c386fe9c1f5afd2f6bc3b07fd82c3"
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
index 450636ef18..07b83276fb 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb
@@ -12,6 +12,8 @@ PV = "0.1+git${SRCPV}"
 PR = "r2"
 
 SRC_URI = "git://git.yoctoproject.org/dbus-wait"
+UPSTREAM_CHECK_COMMITS = "1"
+RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
index 0d2e19e5a5..32ec4b14fa 100644
--- a/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
+++ b/meta-selftest/recipes-test/devtool/devtool-upgrade-test2_git.bb.upgraded
@@ -11,6 +11,8 @@ SRCREV = "6cc6077a36fe2648a5f993fe7c16c9632f946517"
 PV = "0.1+git${SRCPV}"
 
 SRC_URI = "git://git.yoctoproject.org/dbus-wait"
+UPSTREAM_CHECK_COMMITS = "1"
+RECIPE_NO_UPDATE_REASON = "This recipe is used to test devtool upgrade feature"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta/classes/base.bbclass b/meta/classes/base.bbclass
index bd0d6e3ca6..3014767b8a 100644
--- a/meta/classes/base.bbclass
+++ b/meta/classes/base.bbclass
@@ -100,8 +100,8 @@ def get_lic_checksum_file_list(d):
         # We only care about items that are absolute paths since
         # any others should be covered by SRC_URI.
         try:
-            path = bb.fetch.decodeurl(url)[2]
-            if not path:
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
                 raise bb.fetch.MalformedUrl(url)
 
             if path[0] == '/':
diff --git a/meta/classes/clutter.bbclass b/meta/classes/clutter.bbclass
index 167407dfdc..f5cd04f97f 100644
--- a/meta/classes/clutter.bbclass
+++ b/meta/classes/clutter.bbclass
@@ -14,7 +14,7 @@ REALNAME = "${@get_real_name("${BPN}")}"
 
 CLUTTER_SRC_FTP = "${GNOME_MIRROR}/${REALNAME}/${VERMINOR}/${REALNAME}-${PV}.tar.xz;name=archive"
 
-CLUTTER_SRC_GIT = "git://git.gnome.org/${REALNAME}"
+CLUTTER_SRC_GIT = "git://gitlab.gnome.org/GNOME/${REALNAME};protocol=https"
 
 SRC_URI = "${CLUTTER_SRC_FTP}"
 S = "${WORKDIR}/${REALNAME}-${PV}"
diff --git a/meta/classes/gio-module-cache.bbclass b/meta/classes/gio-module-cache.bbclass
index a8190b7b89..e429bd3197 100644
--- a/meta/classes/gio-module-cache.bbclass
+++ b/meta/classes/gio-module-cache.bbclass
@@ -9,6 +9,7 @@ if [ "x$D" != "x" ]; then
             mlprefix=${MLPREFIX} \
             binprefix=${MLPREFIX} \
             libdir=${libdir} \
+            libexecdir=${libexecdir} \
             base_libdir=${base_libdir} \
             bindir=${bindir}
 else
diff --git a/meta/classes/image-live.bbclass b/meta/classes/image-live.bbclass
index 7a388d5c60..1623c15988 100644
--- a/meta/classes/image-live.bbclass
+++ b/meta/classes/image-live.bbclass
@@ -40,7 +40,7 @@ do_bootimg[depends] += "dosfstools-native:do_populate_sysroot \
 
 LABELS_LIVE ?= "boot install"
 ROOT_LIVE ?= "root=/dev/ram0"
-INITRD_IMAGE_LIVE ?= "core-image-minimal-initramfs"
+INITRD_IMAGE_LIVE ?= "${MLPREFIX}core-image-minimal-initramfs"
 INITRD_LIVE ?= "${DEPLOY_DIR_IMAGE}/${INITRD_IMAGE_LIVE}-${MACHINE}.cpio.gz"
 
 LIVE_ROOTFS_TYPE ?= "ext4"
@@ -92,7 +92,7 @@ build_iso() {
 	for fs in ${INITRD}
 	do
 		if [ ! -s "$fs" ]; then
-			bbnote "ISO image will not be created. $fs is invalid."
+			bbwarn "ISO image will not be created. $fs is invalid."
 			return
 		fi
 	done
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index d93de02b75..d88ce5c07f 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -441,6 +441,8 @@ python () {
         # This means the task's hash can be stable rather than having hardcoded
         # date/time values. It will get expanded at execution time.
         # Similarly TMPDIR since otherwise we see QA stamp comparision problems
+        # Expand PV else it can trigger get_srcrev which can fail due to these variables being unset
+        localdata.setVar('PV', d.getVar('PV'))
         localdata.delVar('DATETIME')
         localdata.delVar('DATE')
         localdata.delVar('TMPDIR')
diff --git a/meta/classes/image_types.bbclass b/meta/classes/image_types.bbclass
index d09d1277ea..e881d0cc2d 100644
--- a/meta/classes/image_types.bbclass
+++ b/meta/classes/image_types.bbclass
@@ -104,7 +104,7 @@ IMAGE_CMD_btrfs () {
 		size=${MIN_BTRFS_SIZE}
 		bbwarn "Rootfs size is too small for BTRFS. Filesystem will be extended to ${size}K"
 	fi
-	dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs count=${size} bs=1024
+	dd if=/dev/zero of=${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs seek=${size} count=0 bs=1024
 	mkfs.btrfs ${EXTRA_IMAGECMD} -r ${IMAGE_ROOTFS} ${IMGDEPLOYDIR}/${IMAGE_NAME}${IMAGE_NAME_SUFFIX}.btrfs
 }
 
diff --git a/meta/classes/image_types_wic.bbclass b/meta/classes/image_types_wic.bbclass
index 222ae00433..dcf620cee0 100644
--- a/meta/classes/image_types_wic.bbclass
+++ b/meta/classes/image_types_wic.bbclass
@@ -41,6 +41,9 @@ WKS_FILE_CHECKSUM = "${@'${WKS_FULL_PATH}:%s' % os.path.exists('${WKS_FULL_PATH}
 do_image_wic[file-checksums] += "${WKS_FILE_CHECKSUM}"
 do_image_wic[depends] += "${@' '.join('%s-native:do_populate_sysroot' % r for r in ('parted', 'gptfdisk', 'dosfstools', 'mtools'))}"
 
+# We ensure all artfacts are deployed (e.g virtual/bootloader)
+do_image_wic[recrdeptask] += "do_deploy"
+
 WKS_FILE_DEPENDS_DEFAULT = "syslinux-native bmap-tools-native cdrtools-native btrfs-tools-native squashfs-tools-native e2fsprogs-native"
 WKS_FILE_DEPENDS_BOOTLOADERS = ""
 WKS_FILE_DEPENDS_BOOTLOADERS_x86 = "syslinux grub-efi systemd-boot"
diff --git a/meta/classes/kernel-arch.bbclass b/meta/classes/kernel-arch.bbclass
index d036fcf20c..c7b33d99ff 100644
--- a/meta/classes/kernel-arch.bbclass
+++ b/meta/classes/kernel-arch.bbclass
@@ -25,6 +25,8 @@ def map_kernel_arch(a, d):
     elif re.match('armeb$', a):                 return 'arm'
     elif re.match('aarch64$', a):               return 'arm64'
     elif re.match('aarch64_be$', a):            return 'arm64'
+    elif re.match('aarch64_ilp32$', a):         return 'arm64'
+    elif re.match('aarch64_be_ilp32$', a):      return 'arm64'
     elif re.match('mips(isa|)(32|64|)(r6|)(el|)$', a):      return 'mips'
     elif re.match('p(pc|owerpc)(|64)', a):      return 'powerpc'
     elif re.match('sh(3|4)$', a):               return 'sh'
diff --git a/meta/classes/kernel-fitimage.bbclass b/meta/classes/kernel-fitimage.bbclass
index 179185b6b2..9baf399f2e 100644
--- a/meta/classes/kernel-fitimage.bbclass
+++ b/meta/classes/kernel-fitimage.bbclass
@@ -7,9 +7,12 @@ python __anonymous () {
         depends = "%s u-boot-mkimage-native dtc-native" % depends
         d.setVar("DEPENDS", depends)
 
-        if d.getVar("UBOOT_ARCH") == "mips":
+        uarch = d.getVar("UBOOT_ARCH")
+        if uarch == "arm64":
+            replacementtype = "Image"
+        elif uarch == "mips":
             replacementtype = "vmlinuz.bin"
-        elif d.getVar("UBOOT_ARCH") == "x86":
+        elif uarch == "x86":
             replacementtype = "bzImage"
         else:
             replacementtype = "zImage"
diff --git a/meta/classes/kernel-uboot.bbclass b/meta/classes/kernel-uboot.bbclass
index 87f02654fa..2364053f31 100644
--- a/meta/classes/kernel-uboot.bbclass
+++ b/meta/classes/kernel-uboot.bbclass
@@ -3,6 +3,10 @@ uboot_prep_kimage() {
 		vmlinux_path="arch/${ARCH}/boot/compressed/vmlinux"
 		linux_suffix=""
 		linux_comp="none"
+	elif [ -e arch/${ARCH}/boot/Image ] ; then
+		vmlinux_path="vmlinux"
+		linux_suffix=""
+		linux_comp="none"
 	elif [ -e arch/${ARCH}/boot/vmlinuz.bin ]; then
 		rm -f linux.bin
 		cp -l arch/${ARCH}/boot/vmlinuz.bin linux.bin
diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass
index 1d447951c4..663c6557d9 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -107,20 +107,31 @@ do_kernel_metadata() {
 				cmp "${WORKDIR}/defconfig" "${S}/arch/${ARCH}/configs/${KBUILD_DEFCONFIG}"
 				if [ $? -ne 0 ]; then
 					bbwarn "defconfig detected in WORKDIR. ${KBUILD_DEFCONFIG} skipped"
+				else
+					cp -f ${S}/arch/${ARCH}/configs/${KBUILD_DEFCONFIG} ${WORKDIR}/defconfig
 				fi
 			else
 				cp -f ${S}/arch/${ARCH}/configs/${KBUILD_DEFCONFIG} ${WORKDIR}/defconfig
-				sccs="${WORKDIR}/defconfig"
 			fi
+			sccs="${WORKDIR}/defconfig"
 		else
 			bbfatal "A KBUILD_DEFCONFIG '${KBUILD_DEFCONFIG}' was specified, but not present in the source tree"
 		fi
 	fi
 
-	sccs="$sccs ${@" ".join(find_sccs(d))}"
+	sccs_from_src_uri="${@" ".join(find_sccs(d))}"
 	patches="${@" ".join(find_patches(d))}"
 	feat_dirs="${@" ".join(find_kernel_feature_dirs(d))}"
 
+	# a quick check to make sure we don't have duplicate defconfigs
+	# If there's a defconfig in the SRC_URI, did we also have one from
+	# the KBUILD_DEFCONFIG processing above ?
+	if [ -n "$sccs" ]; then
+	    # we did have a defconfig from above. remove any that might be in the src_uri
+	    sccs_from_src_uri=$(echo $sccs_from_src_uri | awk '{ if ($0!="defconfig") { print $0 } }' RS=' ')
+	fi
+	sccs="$sccs $sccs_from_src_uri"
+
 	# check for feature directories/repos/branches that were part of the
 	# SRC_URI. If they were supplied, we convert them into include directives
 	# for the update part of the process
@@ -146,7 +157,7 @@ do_kernel_metadata() {
 	if [ -z "$bsp_definition" ]; then
 		echo "$sccs" | grep -q defconfig
 		if [ $? -ne 0 ]; then
-			bberror "Could not locate BSP definition for ${KMACHINE}/${LINUX_KERNEL_TYPE} and no defconfig was provided"
+			bbfatal_log "Could not locate BSP definition for ${KMACHINE}/${LINUX_KERNEL_TYPE} and no defconfig was provided"
 		fi
 	fi
 	meta_dir=$(kgit --meta)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index 756707a3c2..14f41e9b17 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -595,19 +595,27 @@ do_strip[dirs] = "${B}"
 addtask strip before do_sizecheck after do_kernel_link_images
 
 # Support checking the kernel size since some kernels need to reside in partitions
-# with a fixed length or there is a limit in transferring the kernel to memory
+# with a fixed length or there is a limit in transferring the kernel to memory.
+# If more than one image type is enabled, warn on any that don't fit but only fail
+# if none fit.
 do_sizecheck() {
 	if [ ! -z "${KERNEL_IMAGE_MAXSIZE}" ]; then
 		invalid=`echo ${KERNEL_IMAGE_MAXSIZE} | sed 's/[0-9]//g'`
 		if [ -n "$invalid" ]; then
-			die "Invalid KERNEL_IMAGE_MAXSIZE: ${KERNEL_IMAGE_MAXSIZE}, should be an integerx (The unit is Kbytes)"
+			die "Invalid KERNEL_IMAGE_MAXSIZE: ${KERNEL_IMAGE_MAXSIZE}, should be an integer (The unit is Kbytes)"
 		fi
+		at_least_one_fits=
 		for type in ${KERNEL_IMAGETYPES} ; do
 			size=`du -ks ${B}/${KERNEL_OUTPUT_DIR}/$type | awk '{print $1}'`
 			if [ $size -ge ${KERNEL_IMAGE_MAXSIZE} ]; then
-				warn "This kernel $type (size=$size(K) > ${KERNEL_IMAGE_MAXSIZE}(K)) is too big for your device. Please reduce the size of the kernel by making more of it modular."
+				bbwarn "This kernel $type (size=$size(K) > ${KERNEL_IMAGE_MAXSIZE}(K)) is too big for your device."
+			else
+				at_least_one_fits=y
 			fi
 		done
+		if [ -z "$at_least_one_fits" ]; then
+			die "All kernel images are too big for your device. Please reduce the size of the kernel by making more of it modular."
+		fi
 	fi
 }
 do_sizecheck[dirs] = "${B}"
diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index d353110464..5103ed8533 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -226,9 +226,7 @@ def get_deployed_dependencies(d):
     # The manifest file name contains the arch. Because we are not running
     # in the recipe context it is necessary to check every arch used.
     sstate_manifest_dir = d.getVar("SSTATE_MANIFESTS")
-    sstate_archs = d.getVar("SSTATE_ARCHS")
-    extra_archs = d.getVar("PACKAGE_EXTRA_ARCHS")
-    archs = list(set(("%s %s" % (sstate_archs, extra_archs)).split()))
+    archs = list(set(d.getVar("SSTATE_ARCHS").split()))
     for dep in depends:
         # Some recipes have an arch on their own, so we try that first.
         special_arch = d.getVar("PACKAGE_ARCH_pn-%s" % dep)
@@ -336,7 +334,7 @@ def add_package_and_files(d):
     files = d.getVar('LICENSE_FILES_DIRECTORY')
     pn = d.getVar('PN')
     pn_lic = "%s%s" % (pn, d.getVar('LICENSE_PACKAGE_SUFFIX', False))
-    if pn_lic in packages:
+    if pn_lic in packages.split():
         bb.warn("%s package already existed in %s." % (pn_lic, pn))
     else:
         # first in PACKAGES to be sure that nothing else gets LICENSE_FILES_DIRECTORY
@@ -482,7 +480,9 @@ def find_license_files(d):
 
     for url in lic_files.split():
         try:
-            (type, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            (method, host, path, user, pswd, parm) = bb.fetch.decodeurl(url)
+            if method != "file" or not path:
+                raise bb.fetch.MalformedUrl()
         except bb.fetch.MalformedUrl:
             bb.fatal("%s: LIC_FILES_CHKSUM contains an invalid URL:  %s" % (d.getVar('PF'), url))
         # We want the license filename and path
diff --git a/meta/classes/logging.bbclass b/meta/classes/logging.bbclass
index 06c7c31c3e..a0c94e98c7 100644
--- a/meta/classes/logging.bbclass
+++ b/meta/classes/logging.bbclass
@@ -86,7 +86,7 @@ bbdebug() {
 	
 	# Strip off the debug level and ensure it is an integer
 	DBGLVL=$1; shift
-	NONDIGITS=$(echo "$DBGLVL" | tr -d [:digit:])
+	NONDIGITS=$(echo "$DBGLVL" | tr -d "[:digit:]")
 	if [ "$NONDIGITS" ]; then
 		bbfatal "$USAGE"
 	fi
diff --git a/meta/classes/mirrors.bbclass b/meta/classes/mirrors.bbclass
index 766f1cb6fa..87bba41472 100644
--- a/meta/classes/mirrors.bbclass
+++ b/meta/classes/mirrors.bbclass
@@ -1,4 +1,5 @@
 MIRRORS += "\
+${DEBIAN_MIRROR}	http://snapshot.debian.org/archive/debian/20180310T215105Z/pool \n \
 ${DEBIAN_MIRROR}	http://snapshot.debian.org/archive/debian-archive/20120328T092752Z/debian/pool \n \
 ${DEBIAN_MIRROR}	http://snapshot.debian.org/archive/debian-archive/20110127T084257Z/debian/pool \n \
 ${DEBIAN_MIRROR}	http://snapshot.debian.org/archive/debian-archive/20090802T004153Z/debian/pool \n \
@@ -67,8 +68,8 @@ ${CPAN_MIRROR}  http://search.cpan.org/CPAN/ \n \
 # where git native protocol fetches may fail due to local firewall rules, etc.
 
 MIRRORS += "\
-git://anonscm.debian.org/.*   git://anonscm.debian.org/git/PATH;protocol=https \n \
-git://git.gnome.org/.*        git://git.gnome.org/browse/PATH;protocol=https \n \
+git://salsa.debian.org/.*     git://salsa.debian.org/PATH;protocol=https \n \
+git://git.gnome.org/.*        git://gitlab.gnome.org/GNOME/PATH;protocol=https \n \
 git://git.savannah.gnu.org/.* git://git.savannah.gnu.org/git/PATH;protocol=https \n \
 git://git.yoctoproject.org/.* git://git.yoctoproject.org/git/PATH;protocol=https \n \
 git://.*/.*                   git://HOST/PATH;protocol=https \n \
diff --git a/meta/classes/module-base.bbclass b/meta/classes/module-base.bbclass
index 6fe77c01b7..c1fa3ad1c1 100644
--- a/meta/classes/module-base.bbclass
+++ b/meta/classes/module-base.bbclass
@@ -12,6 +12,8 @@ export CROSS_COMPILE = "${TARGET_PREFIX}"
 # we didn't pick the name.
 export KBUILD_OUTPUT = "${STAGING_KERNEL_BUILDDIR}"
 
+DEPENDS += "bc-native"
+
 export KERNEL_VERSION = "${@base_read_file('${STAGING_KERNEL_BUILDDIR}/kernel-abiversion')}"
 KERNEL_OBJECT_SUFFIX = ".ko"
 
@@ -23,5 +25,6 @@ PACKAGE_ARCH = "${MACHINE_ARCH}"
 do_make_scripts() {
 	unset CFLAGS CPPFLAGS CXXFLAGS LDFLAGS 
 	make CC="${KERNEL_CC}" LD="${KERNEL_LD}" AR="${KERNEL_AR}" \
-	           -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts
+	           HOSTCC="${BUILD_CC} ${BUILD_CFLAGS} ${BUILD_LDFLAGS}" HOSTCPP="${BUILD_CPP}" \
+	           -C ${STAGING_KERNEL_DIR} O=${STAGING_KERNEL_BUILDDIR} scripts prepare
 }
diff --git a/meta/classes/module.bbclass b/meta/classes/module.bbclass
index 78d1b21dbd..282900dc6d 100644
--- a/meta/classes/module.bbclass
+++ b/meta/classes/module.bbclass
@@ -2,7 +2,7 @@ inherit module-base kernel-module-split pkgconfig
 
 addtask make_scripts after do_prepare_recipe_sysroot before do_configure
 do_make_scripts[lockfiles] = "${TMPDIR}/kernel-scripts.lock"
-do_make_scripts[depends] += "virtual/kernel:do_shared_workdir"
+do_make_scripts[depends] += "virtual/kernel:do_shared_workdir openssl-native:do_populate_sysroot"
 
 EXTRA_OEMAKE += "KERNEL_SRC=${STAGING_KERNEL_DIR}"
 
diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index 2053d46395..2a5d8a5cda 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -901,7 +901,7 @@ python split_and_strip_files () {
     # 16 - kernel module
     def isELF(path):
         type = 0
-        ret, result = oe.utils.getstatusoutput("file \"%s\"" % path.replace("\"", "\\\""))
+        ret, result = oe.utils.getstatusoutput("file -b '%s'" % path)
 
         if ret:
             msg = "split_and_strip_files: 'file %s' failed" % path
diff --git a/meta/classes/package_rpm.bbclass b/meta/classes/package_rpm.bbclass
index 1deaf832da..ad5c5e9ef7 100644
--- a/meta/classes/package_rpm.bbclass
+++ b/meta/classes/package_rpm.bbclass
@@ -646,9 +646,13 @@ python do_package_rpm () {
     rpmbuild = d.getVar('RPMBUILD')
     targetsys = d.getVar('TARGET_SYS')
     targetvendor = d.getVar('HOST_VENDOR')
+
     # Too many places in dnf stack assume that arch-independent packages are "noarch".
     # Let's not fight against this.
-    package_arch = (d.getVar('PACKAGE_ARCH') or "").replace("-", "_").replace("all", "noarch")
+    package_arch = (d.getVar('PACKAGE_ARCH') or "").replace("-", "_")
+    if package_arch == "all":
+        package_arch = "noarch"
+
     sdkpkgsuffix = (d.getVar('SDKPKGSUFFIX') or "nativesdk").replace("-", "_")
     d.setVar('PACKAGE_ARCH_EXTEND', package_arch)
     pkgwritedir = d.expand('${PKGWRITEDIRRPM}/${PACKAGE_ARCH_EXTEND}')
@@ -661,7 +665,7 @@ python do_package_rpm () {
     cmd = rpmbuild
     cmd = cmd + " --noclean --nodeps --short-circuit --target " + pkgarch + " --buildroot " + pkgd
     cmd = cmd + " --define '_topdir " + workdir + "' --define '_rpmdir " + pkgwritedir + "'"
-    cmd = cmd + " --define '_builddir " + d.getVar('S') + "'"
+    cmd = cmd + " --define '_builddir " + d.getVar('B') + "'"
     cmd = cmd + " --define '_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'"
     cmd = cmd + " --define '_use_internal_dependency_generator 0'"
     cmd = cmd + " --define '_binaries_in_noarch_packages_terminate_build 0'"
diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass
index 424c63cbfc..30fcefca38 100644
--- a/meta/classes/populate_sdk_base.bbclass
+++ b/meta/classes/populate_sdk_base.bbclass
@@ -20,6 +20,9 @@ def complementary_globs(featurevar, d):
 SDKIMAGE_FEATURES ??= "dev-pkgs dbg-pkgs ${@bb.utils.contains('DISTRO_FEATURES', 'api-documentation', 'doc-pkgs', '', d)}"
 SDKIMAGE_INSTALL_COMPLEMENTARY = '${@complementary_globs("SDKIMAGE_FEATURES", d)}'
 
+# List of locales to install, or "all" for all of them, or unset for none.
+SDKIMAGE_LINGUAS ?= "all"
+
 inherit rootfs_${IMAGE_PKGTYPE}
 
 SDK_DIR = "${WORKDIR}/sdk"
@@ -39,7 +42,8 @@ TOOLCHAIN_TARGET_TASK_ATTEMPTONLY ?= ""
 TOOLCHAIN_OUTPUTNAME ?= "${SDK_NAME}-toolchain-${SDK_VERSION}"
 
 SDK_RDEPENDS = "${TOOLCHAIN_TARGET_TASK} ${TOOLCHAIN_HOST_TASK}"
-SDK_DEPENDS = "virtual/fakeroot-native pixz-native"
+SDK_DEPENDS = "virtual/fakeroot-native pixz-native cross-localedef-native"
+SDK_DEPENDS_append_libc-glibc = " nativesdk-glibc-locale"
 
 # We want the MULTIARCH_TARGET_SYS to point to the TUNE_PKGARCH, not PACKAGE_ARCH as it
 # could be set to the MACHINE_ARCH
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index 36209954a3..2dd21237e2 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -276,11 +276,12 @@ python copy_buildsystem () {
 
     # Copy uninative tarball
     # For now this is where uninative.bbclass expects the tarball
-    uninative_file = d.expand('${SDK_DEPLOY}/${BUILD_ARCH}-nativesdk-libc.tar.bz2')
-    uninative_checksum = bb.utils.sha256_file(uninative_file)
-    uninative_outdir = '%s/downloads/uninative/%s' % (baseoutpath, uninative_checksum)
-    bb.utils.mkdirhier(uninative_outdir)
-    shutil.copy(uninative_file, uninative_outdir)
+    if bb.data.inherits_class('uninative', d):
+        uninative_file = d.expand('${UNINATIVE_DLDIR}/' + d.getVarFlag("UNINATIVE_CHECKSUM", d.getVar("BUILD_ARCH")) + '/${UNINATIVE_TARBALL}')
+        uninative_checksum = bb.utils.sha256_file(uninative_file)
+        uninative_outdir = '%s/downloads/uninative/%s' % (baseoutpath, uninative_checksum)
+        bb.utils.mkdirhier(uninative_outdir)
+        shutil.copy(uninative_file, uninative_outdir)
 
     env_whitelist = (d.getVar('BB_ENV_EXTRAWHITE') or '').split()
     env_whitelist_values = {}
@@ -656,7 +657,8 @@ fakeroot python do_populate_sdk_ext() {
     d.setVar('SDK_REQUIRED_UTILITIES', get_sdk_required_utilities(buildtools_fn, d))
     d.setVar('SDK_BUILDTOOLS_INSTALLER', buildtools_fn)
     d.setVar('SDKDEPLOYDIR', '${SDKEXTDEPLOYDIR}')
-
+    # ESDKs have a libc from the buildtools so ensure we don't ship linguas twice
+    d.delVar('SDKIMAGE_LINGUAS')
     populate_sdk_common(d)
 }
 
@@ -695,7 +697,7 @@ def get_sdk_ext_rdepends(d):
 do_populate_sdk_ext[dirs] = "${@d.getVarFlag('do_populate_sdk', 'dirs', False)}"
 
 do_populate_sdk_ext[depends] = "${@d.getVarFlag('do_populate_sdk', 'depends', False)} \
-                                buildtools-tarball:do_populate_sdk uninative-tarball:do_populate_sdk \
+                                buildtools-tarball:do_populate_sdk \
                                 ${@'meta-world-pkgdata:do_collect_packagedata' if d.getVar('SDK_INCLUDE_PKGDATA') == '1' else ''} \
                                 ${@'meta-extsdk-toolchain:do_locked_sigs' if d.getVar('SDK_INCLUDE_TOOLCHAIN') == '1' else ''}"
 
@@ -719,7 +721,7 @@ SDKEXTDEPLOYDIR = "${WORKDIR}/deploy-${PN}-populate-sdk-ext"
 
 SSTATETASKS += "do_populate_sdk_ext"
 SSTATE_SKIP_CREATION_task-populate-sdk-ext = '1'
-do_populate_sdk_ext[cleandirs] = "${SDKDEPLOYDIR}"
+do_populate_sdk_ext[cleandirs] = "${SDKEXTDEPLOYDIR}"
 do_populate_sdk_ext[sstate-inputdirs] = "${SDKEXTDEPLOYDIR}"
 do_populate_sdk_ext[sstate-outputdirs] = "${SDK_DEPLOY}"
 do_populate_sdk_ext[stamp-extra-info] = "${MACHINE}"
diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass
index 13a9e75d85..31d99e4554 100644
--- a/meta/classes/rm_work.bbclass
+++ b/meta/classes/rm_work.bbclass
@@ -166,6 +166,10 @@ python inject_rm_work() {
     deps = set(bb.build.preceedtask('do_build', True, d))
     deps.difference_update(('do_build', 'do_rm_work_all'))
 
+    # deps can be empty if do_build doesn't exist, e.g. *-inital recipes
+    if not deps:
+        deps = ["do_populate_sysroot", "do_populate_lic"]
+
     if pn in excludes:
         d.delVarFlag('rm_work_rootfs', 'cleandirs')
         d.delVarFlag('rm_work_populatesdk', 'cleandirs')
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index 5391e7a8e3..a4e627fef8 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -14,6 +14,14 @@ ROOTFS_POSTPROCESS_COMMAND += "rootfs_update_timestamp ; "
 # Tweak the mount options for rootfs in /etc/fstab if read-only-rootfs is enabled
 ROOTFS_POSTPROCESS_COMMAND += '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", "read_only_rootfs_hook; ", "",d)}'
 
+# We also need to do the same for the kernel boot parameters,
+# otherwise kernel or initramfs end up mounting the rootfs read/write
+# (the default) if supported by the underlying storage.
+#
+# We do this with _append because the default value might get set later with ?=
+# and we don't want to disable such a default that by setting a value here.
+APPEND_append = '${@bb.utils.contains("IMAGE_FEATURES", "read-only-rootfs", " ro", "", d)}'
+
 # Generates test data file with data store variables expanded in json format
 ROOTFS_POSTPROCESS_COMMAND += "write_image_test_data ; "
 
diff --git a/meta/classes/rootfs_deb.bbclass b/meta/classes/rootfs_deb.bbclass
index 12002c49f3..9ee1dfc866 100644
--- a/meta/classes/rootfs_deb.bbclass
+++ b/meta/classes/rootfs_deb.bbclass
@@ -11,6 +11,7 @@ do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
 
 do_rootfs[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
 do_populate_sdk[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
+do_populate_sdk_ext[lockfiles] += "${DEPLOY_DIR_DEB}/deb.lock"
 
 python rootfs_deb_bad_recommendations() {
     if d.getVar("BAD_RECOMMENDATIONS"):
diff --git a/meta/classes/rootfs_ipk.bbclass b/meta/classes/rootfs_ipk.bbclass
index a57b1d34f7..52b468d85b 100644
--- a/meta/classes/rootfs_ipk.bbclass
+++ b/meta/classes/rootfs_ipk.bbclass
@@ -15,6 +15,7 @@ do_rootfs[vardeps] += "PACKAGE_FEED_URIS"
 
 do_rootfs[lockfiles] += "${WORKDIR}/ipk.lock"
 do_populate_sdk[lockfiles] += "${WORKDIR}/ipk.lock"
+do_populate_sdk_ext[lockfiles] += "${WORKDIR}/ipk.lock"
 
 OPKG_PREPROCESS_COMMANDS = ""
 
diff --git a/meta/classes/systemd.bbclass b/meta/classes/systemd.bbclass
index c4b4bb9b70..1b134322fb 100644
--- a/meta/classes/systemd.bbclass
+++ b/meta/classes/systemd.bbclass
@@ -154,8 +154,10 @@ python systemd_populate_packages() {
                 # Deal with adding, for example, 'ifplugd@eth0.service' from
                 # 'ifplugd@.service'
                 base = None
-                if service.find('@') != -1:
-                    base = re.sub('@[^.]+.', '@.', service)
+                at = service.find('@')
+                if at != -1:
+                    ext = service.rfind('.')
+                    base = service[:at] + '@' + service[ext:]
 
                 for path in searchpaths:
                     if os.path.exists(oe.path.join(d.getVar("D"), path, service)):
diff --git a/meta/classes/toolchain-scripts.bbclass b/meta/classes/toolchain-scripts.bbclass
index 9bcfe708c7..c9a04dd1d9 100644
--- a/meta/classes/toolchain-scripts.bbclass
+++ b/meta/classes/toolchain-scripts.bbclass
@@ -62,7 +62,8 @@ toolchain_create_tree_env_script () {
 	script=${TMPDIR}/environment-setup-${REAL_MULTIMACH_TARGET_SYS}
 	rm -f $script
 	touch $script
-	echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${PATH}' >> $script
+	echo ". ${COREBASE}/oe-init-build-env ${TOPDIR}" >> $script
+	echo 'export PATH=${STAGING_DIR_NATIVE}/usr/bin:${STAGING_BINDIR_TOOLCHAIN}:$PATH' >> $script
 	echo 'export PKG_CONFIG_SYSROOT_DIR=${PKG_CONFIG_SYSROOT_DIR}' >> $script
 	echo 'export PKG_CONFIG_PATH=${PKG_CONFIG_PATH}' >> $script
 	echo 'export CONFIG_SITE="${@siteinfo_get_files(d)}"' >> $script
diff --git a/meta/classes/uninative.bbclass b/meta/classes/uninative.bbclass
index a410647328..de2221a365 100644
--- a/meta/classes/uninative.bbclass
+++ b/meta/classes/uninative.bbclass
@@ -8,6 +8,9 @@ UNINATIVE_TARBALL ?= "${BUILD_ARCH}-nativesdk-libc.tar.bz2"
 #UNINATIVE_CHECKSUM[x86_64] = "dead"
 UNINATIVE_DLDIR ?= "${DL_DIR}/uninative/"
 
+# Enabling uninative will change the following variables so they need to go the parsing white list to prevent multiple recipe parsing
+BB_HASHCONFIG_WHITELIST += "NATIVELSBSTRING SSTATEPOSTUNPACKFUNCS BUILD_LDFLAGS"
+
 addhandler uninative_event_fetchloader
 uninative_event_fetchloader[eventmask] = "bb.event.BuildStarted"
 
@@ -63,7 +66,24 @@ python uninative_event_fetchloader() {
             fetcher.download()
             localpath = fetcher.localpath(srcuri)
             if localpath != tarballpath and os.path.exists(localpath) and not os.path.exists(tarballpath):
+                # Follow the symlink behavior from the bitbake fetch2.
+                # This will cover the case where an existing symlink is broken
+                # as well as if there are two processes trying to create it
+                # at the same time.
+                if os.path.islink(tarballpath):
+                    # Broken symbolic link
+                    os.unlink(tarballpath)
+
+                # Deal with two processes trying to make symlink at once
+                try:
                     os.symlink(localpath, tarballpath)
+                except FileExistsError:
+                    pass
+
+        # ldd output is "ldd (Ubuntu GLIBC 2.23-0ubuntu10) 2.23", extract last option from first line
+        glibcver = subprocess.check_output(["ldd", "--version"]).decode('utf-8').split('\n')[0].split()[-1]
+        if bb.utils.vercmp_string(d.getVar("UNINATIVE_MAXGLIBCVERSION"), glibcver) < 0:
+            raise RuntimeError("Your host glibc verson (%s) is newer than that in uninative (%s). Disabling uninative so that sstate is not corrupted." % (glibcver, d.getVar("UNINATIVE_MAXGLIBCVERSION")))
 
         cmd = d.expand("\
 mkdir -p ${UNINATIVE_STAGING_DIR}-uninative; \
@@ -82,6 +102,8 @@ ${UNINATIVE_STAGING_DIR}-uninative/relocate_sdk.py \
 
         enable_uninative(d)
 
+    except RuntimeError as e:
+        bb.warn(str(e))
     except bb.fetch2.BBFetchException as exc:
         bb.warn("Disabling uninative as unable to fetch uninative tarball: %s" % str(exc))
         bb.warn("To build your own uninative loader, please bitbake uninative-tarball and set UNINATIVE_TARBALL appropriately.")
@@ -107,6 +129,9 @@ def enable_uninative(d):
         d.setVar("NATIVELSBSTRING", "universal%s" % oe.utils.host_gcc_version(d))
         d.appendVar("SSTATEPOSTUNPACKFUNCS", " uninative_changeinterp")
         d.appendVarFlag("SSTATEPOSTUNPACKFUNCS", "vardepvalueexclude", "| uninative_changeinterp")
+        d.appendVar("BUILD_LDFLAGS", " -Wl,--allow-shlib-undefined -Wl,--dynamic-linker=${UNINATIVE_LOADER}")
+        d.appendVarFlag("BUILD_LDFLAGS", "vardepvalueexclude", "| -Wl,--allow-shlib-undefined -Wl,--dynamic-linker=${UNINATIVE_LOADER}")
+        d.appendVarFlag("BUILD_LDFLAGS", "vardepsexclude", "UNINATIVE_LOADER")
         d.prependVar("PATH", "${STAGING_DIR}-uninative/${BUILD_ARCH}-linux${bindir_native}:")
 
 python uninative_changeinterp () {
diff --git a/meta/classes/update-alternatives.bbclass b/meta/classes/update-alternatives.bbclass
index 4bba76c3ba..aa01058cf9 100644
--- a/meta/classes/update-alternatives.bbclass
+++ b/meta/classes/update-alternatives.bbclass
@@ -143,6 +143,10 @@ python perform_packagecopy_append () {
             if not alt_link:
                 alt_link = "%s/%s" % (d.getVar('bindir'), alt_name)
                 d.setVarFlag('ALTERNATIVE_LINK_NAME', alt_name, alt_link)
+            if alt_link.startswith(os.path.join(d.getVar('sysconfdir', True), 'init.d')):
+                # Managing init scripts does not work (bug #10433), foremost
+                # because of a race with update-rc.d
+                bb.fatal("Using update-alternatives for managing SysV init scripts is not supported")
 
             alt_target   = d.getVarFlag('ALTERNATIVE_TARGET_%s' % pkg, alt_name) or d.getVarFlag('ALTERNATIVE_TARGET', alt_name)
             alt_target   = alt_target or d.getVar('ALTERNATIVE_TARGET_%s' % pkg) or d.getVar('ALTERNATIVE_TARGET') or alt_link
@@ -201,8 +205,8 @@ python populate_packages_updatealternatives () {
     pkgdest = d.getVar('PKGD')
     for pkg in (d.getVar('PACKAGES') or "").split():
         # Create post install/removal scripts
-        alt_setup_links = "# Begin section update-alternatives\n"
-        alt_remove_links = "# Begin section update-alternatives\n"
+        alt_setup_links = ""
+        alt_remove_links = ""
         for alt_name in (d.getVar('ALTERNATIVE_%s' % pkg) or "").split():
             alt_link     = d.getVarFlag('ALTERNATIVE_LINK_NAME', alt_name)
             alt_target   = d.getVarFlag('ALTERNATIVE_TARGET_%s' % pkg, alt_name) or d.getVarFlag('ALTERNATIVE_TARGET', alt_name)
@@ -225,13 +229,10 @@ python populate_packages_updatealternatives () {
             # Default to generate shell script.. eventually we may want to change this...
             alt_target = os.path.normpath(alt_target)
 
-            alt_setup_links  += 'update-alternatives --install %s %s %s %s\n' % (alt_link, alt_name, alt_target, alt_priority)
-            alt_remove_links += 'update-alternatives --remove  %s %s\n' % (alt_name, alt_target)
+            alt_setup_links  += '\tupdate-alternatives --install %s %s %s %s\n' % (alt_link, alt_name, alt_target, alt_priority)
+            alt_remove_links += '\tupdate-alternatives --remove  %s %s\n' % (alt_name, alt_target)
 
-        alt_setup_links += "# End section update-alternatives\n"
-        alt_remove_links += "# End section update-alternatives\n"
-
-        if len(alt_setup_links.splitlines()) > 2:
+        if alt_setup_links:
             # RDEPENDS setup
             provider = d.getVar('VIRTUAL-RUNTIME_update-alternatives')
             if provider:
@@ -241,24 +242,12 @@ python populate_packages_updatealternatives () {
             bb.note('adding update-alternatives calls to postinst/prerm for %s' % pkg)
             bb.note('%s' % alt_setup_links)
             postinst = d.getVar('pkg_postinst_%s' % pkg) or '#!/bin/sh\n'
-            postinst = postinst.splitlines(True)
-            try:
-                index = postinst.index('# Begin section update-rc.d\n')
-                postinst.insert(index, alt_setup_links)
-            except ValueError:
-                postinst.append(alt_setup_links)
-            postinst = ''.join(postinst)
+            postinst += alt_setup_links
             d.setVar('pkg_postinst_%s' % pkg, postinst)
 
             bb.note('%s' % alt_remove_links)
             prerm = d.getVar('pkg_prerm_%s' % pkg) or '#!/bin/sh\n'
-            prerm = prerm.splitlines(True)
-            try:
-                index = prerm.index('# End section update-rc.d\n')
-                prerm.insert(index + 1, alt_remove_links)
-            except ValueError:
-                prerm.append(alt_remove_links)
-            prerm = ''.join(prerm)
+            prerm += alt_remove_links
             d.setVar('pkg_prerm_%s' % pkg, prerm)
 }
 
diff --git a/meta/classes/update-rc.d.bbclass b/meta/classes/update-rc.d.bbclass
index 9ba3daccaf..06e3b21396 100644
--- a/meta/classes/update-rc.d.bbclass
+++ b/meta/classes/update-rc.d.bbclass
@@ -37,7 +37,6 @@ fi
 PACKAGE_WRITE_DEPS += "update-rc.d-native"
 
 updatercd_postinst() {
-# Begin section update-rc.d
 if ${@use_updatercd(d)} && type update-rc.d >/dev/null 2>/dev/null; then
 	if [ -n "$D" ]; then
 		OPT="-r $D"
@@ -46,15 +45,12 @@ if ${@use_updatercd(d)} && type update-rc.d >/dev/null 2>/dev/null; then
 	fi
 	update-rc.d $OPT ${INITSCRIPT_NAME} ${INITSCRIPT_PARAMS}
 fi
-# End section update-rc.d
 }
 
 updatercd_prerm() {
-# Begin section update-rc.d
 if ${@use_updatercd(d)} && [ -z "$D" -a -x "${INIT_D_DIR}/${INITSCRIPT_NAME}" ]; then
 	${INIT_D_DIR}/${INITSCRIPT_NAME} stop || :
 fi
-# End section update-rc.d
 }
 
 updatercd_postrm() {
@@ -96,7 +92,7 @@ python populate_packages_updatercd () {
         statement = "grep -q -w '/etc/init.d/functions' %s" % path
         if subprocess.call(statement, shell=True) == 0:
             mlprefix = d.getVar('MLPREFIX') or ""
-            d.appendVar('RDEPENDS_' + pkg, ' %sinitscripts-functions' % (mlprefix))
+            d.appendVar('RDEPENDS_' + pkg, ' %sinitd-functions' % (mlprefix))
 
     def update_rcd_package(pkg):
         bb.debug(1, 'adding update-rc.d calls to preinst/postinst/prerm/postrm for %s' % pkg)
@@ -116,25 +112,13 @@ python populate_packages_updatercd () {
         postinst = d.getVar('pkg_postinst_%s' % pkg)
         if not postinst:
             postinst = '#!/bin/sh\n'
-        postinst = postinst.splitlines(True)
-        try:
-            index = postinst.index('# End section update-alternatives\n')
-            postinst.insert(index + 1, localdata.getVar('updatercd_postinst'))
-        except ValueError:
-            postinst.append(localdata.getVar('updatercd_postinst'))
-        postinst = ''.join(postinst)
+        postinst += localdata.getVar('updatercd_postinst')
         d.setVar('pkg_postinst_%s' % pkg, postinst)
 
         prerm = d.getVar('pkg_prerm_%s' % pkg)
         if not prerm:
             prerm = '#!/bin/sh\n'
-        prerm = prerm.splitlines(True)
-        try:
-            index = prerm.index('# Begin section update-alternatives\n')
-            prerm.insert(index, localdata.getVar('updatercd_prerm'))
-        except ValueError:
-            prerm.append(localdata.getVar('updatercd_prerm'))
-        prerm = ''.join(prerm)
+        prerm += localdata.getVar('updatercd_prerm')
         d.setVar('pkg_prerm_%s' % pkg, prerm)
 
         postrm = d.getVar('pkg_postrm_%s' % pkg)
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 9696273acc..d4754dd5bf 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -473,7 +473,7 @@ HOSTTOOLS_DIR = "${TMPDIR}/hosttools"
 
 # Tools needed to run builds with OE-Core
 HOSTTOOLS += " \
-    [ ar as awk basename bash bzip2 cat chgrp chmod chown chrpath cmp cp cpio \
+    [ ar as awk basename bash bzip2 cat chgrp chmod chown chrpath cmp comm cp cpio \
     cpp cut date dd diff diffstat dirname du echo egrep env expand expr false \
     fgrep file find flock g++ gawk gcc getconf getopt git grep gunzip gzip \
     head hostname id install ld ldd ln ls make makeinfo md5sum mkdir mknod \
@@ -536,6 +536,7 @@ export MAKE = "make"
 EXTRA_OEMAKE = ""
 EXTRA_OECONF = ""
 export LC_ALL = "en_US.UTF-8"
+export TZ = 'UTC'
 
 ##################################################################
 # Patch handling.
@@ -619,7 +620,7 @@ BBLAYERS_FETCH_DIR ??= "${COREBASE}"
 APACHE_MIRROR = "http://archive.apache.org/dist"
 DEBIAN_MIRROR = "http://ftp.debian.org/debian/pool"
 GENTOO_MIRROR = "http://distfiles.gentoo.org/distfiles"
-GNOME_GIT = "git://git.gnome.org"
+GNOME_GIT = "git://gitlab.gnome.org/GNOME"
 GNOME_MIRROR = "http://ftp.gnome.org/pub/GNOME/sources"
 GNU_MIRROR = "http://ftp.gnu.org/gnu"
 GNUPG_MIRROR = "https://www.gnupg.org/ftp/gcrypt"
diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc
index 08542a743f..76d09af726 100644
--- a/meta/conf/distro/include/default-distrovars.inc
+++ b/meta/conf/distro/include/default-distrovars.inc
@@ -8,6 +8,7 @@ IMAGE_LINGUAS ?= "en-us en-gb"
 ENABLE_BINARY_LOCALE_GENERATION ?= "1"
 LOCALE_UTF8_ONLY ?= "0"
 LOCALE_UTF8_IS_DEFAULT ?= "1"
+LOCALE_UTF8_IS_DEFAULT_class-nativesdk = "0"
 
 DISTRO_FEATURES_DEFAULT ?= "acl alsa argp bluetooth ext2 irda largefile pcmcia usbgadget usbhost wifi xattr nfs zeroconf pci 3g nfc x11"
 DISTRO_FEATURES_LIBC_DEFAULT ?= "ipv4 ipv6 libc-backtrace libc-big-macros libc-bsd libc-cxx-tests libc-catgets libc-charsets libc-crypt \
diff --git a/meta/conf/distro/include/default-providers.inc b/meta/conf/distro/include/default-providers.inc
index f54fdcd776..2b76c3c31d 100644
--- a/meta/conf/distro/include/default-providers.inc
+++ b/meta/conf/distro/include/default-providers.inc
@@ -56,3 +56,4 @@ PREFERRED_PROVIDER_nativesdk-openssl ?= "nativesdk-openssl"
 PREFERRED_PROVIDER_pkgconfig ?= "pkgconfig"
 PREFERRED_PROVIDER_nativesdk-pkgconfig ?= "nativesdk-pkgconfig"
 PREFERRED_PROVIDER_pkgconfig-native ?= "pkgconfig-native"
+PREFERRED_RPROVIDER_initd-functions ?= "initscripts"
diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc
index 38789b217c..d0e6450530 100644
--- a/meta/conf/distro/include/maintainers.inc
+++ b/meta/conf/distro/include/maintainers.inc
@@ -88,6 +88,7 @@ RECIPE_MAINTAINER_pn-build-sysroots = "Richard Purdie <richard.purdie@linuxfound
 RECIPE_MAINTAINER_pn-builder = "Cristian Iorga <cristian.iorga@intel.com>"
 RECIPE_MAINTAINER_pn-buildtools-tarball = "Cristian Iorga <cristian.iorga@intel.com>"
 RECIPE_MAINTAINER_pn-busybox = "Armin Kuster <akuster808@gmail.com>"
+RECIPE_MAINTAINER_pn-busybox-inittab = "Denys Dmytriyenko <denys@ti.com>"
 RECIPE_MAINTAINER_pn-byacc = "Chen Qi <Qi.Chen@windriver.com>"
 RECIPE_MAINTAINER_pn-bzip2 = "Denys Dmytriyenko <denys@ti.com>"
 RECIPE_MAINTAINER_pn-ca-certificates = "Alexander Kanavin <alexander.kanavin@intel.com>"
diff --git a/meta/conf/distro/include/world-broken.inc b/meta/conf/distro/include/world-broken.inc
index 49e9516d53..42cacfdf2e 100644
--- a/meta/conf/distro/include/world-broken.inc
+++ b/meta/conf/distro/include/world-broken.inc
@@ -5,10 +5,6 @@
 # rt-tests needs PI mutex support in libc
 EXCLUDE_FROM_WORLD_pn-rt-tests_libc-musl = "1"
 
-# error: no member named 'sin_port' in 'struct sockaddr_in6'
-# this is due to libtirpc using ipv6 but portmap rpc expecting ipv4
-EXCLUDE_FROM_WORLD_pn-unfs3_libc-musl = "1"
-
 # error: use of undeclared identifier '_STAT_VER'
 EXCLUDE_FROM_WORLD_pn-pseudo_libc-musl = "1"
 
diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc
index 839c19aa57..c5b0556cf8 100644
--- a/meta/conf/distro/include/yocto-uninative.inc
+++ b/meta/conf/distro/include/yocto-uninative.inc
@@ -6,6 +6,9 @@
 # to the distro running on the build machine.
 #
 
-UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/1.7/"
-UNINATIVE_CHECKSUM[i686] ?= "d7c341460035936c19d63fe02f354ef1bc993c62d694ae3a31458d1c6997f0c5"
-UNINATIVE_CHECKSUM[x86_64] ?= "ed033c868b87852b07957a4400f3b744c00aef5d6470346ea1a59b6d3e03075e"
+UNINATIVE_MAXGLIBCVERSION = "2.28"
+
+UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/2.3/"
+UNINATIVE_CHECKSUM[i686] ?= "44253cddbf629082568cea4fff59419106871a0cf81b4845b5d34e7014887b20"
+UNINATIVE_CHECKSUM[x86_64] ?= "c6954563dad3c95608117c6fc328099036c832bbd924ebf5fdccb622fc0a8684"
+
diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf
index 6be2a57a70..0c3dae597c 100644
--- a/meta/conf/layer.conf
+++ b/meta/conf/layer.conf
@@ -21,6 +21,7 @@ COREBASE = '${@os.path.normpath("${LAYERDIR}/../")}'
 # opkg-utils is for update-alternatives :(
 SIGGEN_EXCLUDERECIPES_ABISAFE += " \
   sysvinit-inittab \
+  busybox-inittab \
   shadow-securetty \
   opkg-arch-config \
   netbase \
@@ -57,6 +58,10 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
   initramfs-module-install-efi->e2fsprogs \
   initramfs-module-install-efi->parted \
   initramfs-module-install-efi->util-linux \
+  initramfs-module-install->e2fsprogs \
+  initramfs-module-install->grub \
+  initramfs-module-install->parted \
+  initramfs-module-install->util-linux \
   liberation-fonts->fontconfig \
   cantarell-fonts->fontconfig \
   gnome-icon-theme->librsvg \
diff --git a/meta/conf/local.conf.sample b/meta/conf/local.conf.sample
index b754853390..742f2498c8 100644
--- a/meta/conf/local.conf.sample
+++ b/meta/conf/local.conf.sample
@@ -168,7 +168,7 @@ PATCHRESOLVE = "noop"
 # files and damages the build in ways which may not be easily recoverable.
 # It's necesary to monitor /tmp, if there is no space left the build will fail
 # with very exotic errors.
-BB_DISKMON_DIRS = "\
+BB_DISKMON_DIRS ??= "\
     STOPTASKS,${TMPDIR},1G,100K \
     STOPTASKS,${DL_DIR},1G,100K \
     STOPTASKS,${SSTATE_DIR},1G,100K \
diff --git a/meta/files/common-licenses/BSD-1-Clause b/meta/files/common-licenses/BSD-1-Clause
new file mode 100644
index 0000000000..ded889768f
--- /dev/null
+++ b/meta/files/common-licenses/BSD-1-Clause
@@ -0,0 +1,9 @@
+
+Copyright (c) <YEAR>, <OWNER>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+THIS SOFTWARE IS PROVIDED BY Berkeley Software Design, Inc. "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/meta/lib/bblayers/templates/layer.conf b/meta/lib/bblayers/templates/layer.conf
index e0d9ba2fde..3c0300226c 100644
--- a/meta/lib/bblayers/templates/layer.conf
+++ b/meta/lib/bblayers/templates/layer.conf
@@ -2,7 +2,7 @@
 BBPATH .= ":${LAYERDIR}"
 
 # We have recipes-* directories, add to BBFILES
-BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \\
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
             ${LAYERDIR}/recipes-*/*/*.bbappend"
 
 BBFILE_COLLECTIONS += "%s"
diff --git a/meta/lib/oe/package.py b/meta/lib/oe/package.py
index 1e5c3aa8e1..4f3e21ad40 100644
--- a/meta/lib/oe/package.py
+++ b/meta/lib/oe/package.py
@@ -72,8 +72,7 @@ def strip_execs(pn, dstdir, strip_cmd, libdir, base_libdir, qa_already_stripped=
     # 16 - kernel module
     def is_elf(path):
         exec_type = 0
-        ret, result = oe.utils.getstatusoutput(
-            "file \"%s\"" % path.replace("\"", "\\\""))
+        ret, result = oe.utils.getstatusoutput("file -b '%s'" % path)
 
         if ret:
             bb.error("split_and_strip_files: 'file %s' failed" % path)
diff --git a/meta/lib/oe/package_manager.py b/meta/lib/oe/package_manager.py
index 6cbb61fd84..b2aab15189 100644
--- a/meta/lib/oe/package_manager.py
+++ b/meta/lib/oe/package_manager.py
@@ -371,6 +371,29 @@ class PackageManager(object, metaclass=ABCMeta):
         pass
 
     """
+    Install all packages that match a glob.
+    """
+    def install_glob(self, globs, sdk=False):
+        # TODO don't have sdk here but have a property on the superclass
+        # (and respect in install_complementary)
+        if sdk:
+            pkgdatadir = self.d.expand("${TMPDIR}/pkgdata/${SDK_SYS}")
+        else:
+            pkgdatadir = self.d.getVar("PKGDATA_DIR")
+
+        try:
+            bb.note("Installing globbed packages...")
+            cmd = ["oe-pkgdata-util", "-p", pkgdatadir, "list-pkgs", globs]
+            pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
+            self.install(pkgs.split(), attempt_only=True)
+        except subprocess.CalledProcessError as e:
+            # Return code 1 means no packages matched
+            if e.returncode != 1:
+                bb.fatal("Could not compute globbed packages list. Command "
+                         "'%s' returned %d:\n%s" %
+                         (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
+
+    """
     Install complementary packages based upon the list of currently installed
     packages e.g. locales, *-dev, *-dbg, etc. This will only attempt to install
     these packages, if they don't exist then no error will occur.  Note: every
@@ -402,7 +425,7 @@ class PackageManager(object, metaclass=ABCMeta):
             installed_pkgs.write(output)
             installed_pkgs.flush()
 
-            cmd = [bb.utils.which(os.getenv('PATH'), "oe-pkgdata-util"),
+            cmd = ["oe-pkgdata-util",
                    "-p", self.d.getVar('PKGDATA_DIR'), "glob", installed_pkgs.name,
                    globs]
             exclude = self.d.getVar('PACKAGE_EXCLUDE_COMPLEMENTARY')
@@ -412,11 +435,11 @@ class PackageManager(object, metaclass=ABCMeta):
                 bb.note("Installing complementary packages ...")
                 bb.note('Running %s' % cmd)
                 complementary_pkgs = subprocess.check_output(cmd, stderr=subprocess.STDOUT).decode("utf-8")
+                self.install(complementary_pkgs.split(), attempt_only=True)
             except subprocess.CalledProcessError as e:
                 bb.fatal("Could not compute complementary packages list. Command "
                          "'%s' returned %d:\n%s" %
                          (' '.join(cmd), e.returncode, e.output.decode("utf-8")))
-            self.install(complementary_pkgs.split(), attempt_only=True)
 
     def deploy_dir_lock(self):
         if self.deploy_dir is None:
@@ -462,7 +485,8 @@ class RpmPM(PackageManager):
                  task_name='target',
                  providename=None,
                  arch_var=None,
-                 os_var=None):
+                 os_var=None,
+                 rpm_repo_workdir="oe-rootfs-repo"):
         super(RpmPM, self).__init__(d)
         self.target_rootfs = target_rootfs
         self.target_vendor = target_vendor
@@ -476,7 +500,7 @@ class RpmPM(PackageManager):
         else:
             self.primary_arch = self.d.getVar('MACHINE_ARCH')
 
-        self.rpm_repo_dir = oe.path.join(self.d.getVar('WORKDIR'), "oe-rootfs-repo")
+        self.rpm_repo_dir = oe.path.join(self.d.getVar('WORKDIR'), rpm_repo_workdir)
         bb.utils.mkdirhier(self.rpm_repo_dir)
         oe.path.symlink(self.d.getVar('DEPLOY_DIR_RPM'), oe.path.join(self.rpm_repo_dir, "rpm"), True)
 
@@ -553,7 +577,7 @@ class RpmPM(PackageManager):
             gpg_opts += 'repo_gpgcheck=1\n'
             gpg_opts += 'gpgkey=file://%s/pki/packagefeed-gpg/PACKAGEFEED-GPG-KEY-%s-%s\n' % (self.d.getVar('sysconfdir'), self.d.getVar('DISTRO'), self.d.getVar('DISTRO_CODENAME'))
 
-        if self.d.getVar('RPM_SIGN_PACKAGES') == '0':
+        if self.d.getVar('RPM_SIGN_PACKAGES') != '1':
             gpg_opts += 'gpgcheck=0\n'
 
         bb.utils.mkdirhier(oe.path.join(self.target_rootfs, "etc", "yum.repos.d"))
@@ -692,7 +716,7 @@ class RpmPM(PackageManager):
         return packages
 
     def update(self):
-        self._invoke_dnf(["makecache"])
+        self._invoke_dnf(["makecache", "--refresh"])
 
     def _invoke_dnf(self, dnf_args, fatal = True, print_output = True ):
         os.environ['RPM_ETCCONFIGDIR'] = self.target_rootfs
@@ -1065,7 +1089,7 @@ class OpkgPM(OpkgDpkgPM):
             output = subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT).decode("utf-8")
             bb.note(output)
         except subprocess.CalledProcessError as e:
-            (bb.fatal, bb.note)[attempt_only]("Unable to install packages. "
+            (bb.fatal, bb.warn)[attempt_only]("Unable to install packages. "
                                               "Command '%s' returned %d:\n%s" %
                                               (cmd, e.returncode, e.output.decode("utf-8")))
 
@@ -1364,7 +1388,7 @@ class DpkgPM(OpkgDpkgPM):
             bb.note("Installing the following packages: %s" % ' '.join(pkgs))
             subprocess.check_output(cmd.split(), stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError as e:
-            (bb.fatal, bb.note)[attempt_only]("Unable to install packages. "
+            (bb.fatal, bb.warn)[attempt_only]("Unable to install packages. "
                                               "Command '%s' returned %d:\n%s" %
                                               (cmd, e.returncode, e.output.decode("utf-8")))
 
diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index f1ab3dd809..584bf6c05f 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -1,4 +1,5 @@
 import oe.path
+import oe.types
 
 class NotFoundError(bb.BBHandledException):
     def __init__(self, path):
diff --git a/meta/lib/oe/sdk.py b/meta/lib/oe/sdk.py
index 30e1fb5316..7f71cfba6a 100644
--- a/meta/lib/oe/sdk.py
+++ b/meta/lib/oe/sdk.py
@@ -7,6 +7,51 @@ import shutil
 import glob
 import traceback
 
+def generate_locale_archive(d, rootfs):
+    # Pretty sure we don't need this for SDK archive generation but
+    # keeping it to be safe...
+    target_arch = d.getVar('SDK_ARCH')
+    locale_arch_options = { \
+        "arm": ["--uint32-align=4", "--little-endian"],
+        "armeb": ["--uint32-align=4", "--big-endian"],
+        "aarch64": ["--uint32-align=4", "--little-endian"],
+        "aarch64_be": ["--uint32-align=4", "--big-endian"],
+        "sh4": ["--uint32-align=4", "--big-endian"],
+        "powerpc": ["--uint32-align=4", "--big-endian"],
+        "powerpc64": ["--uint32-align=4", "--big-endian"],
+        "mips": ["--uint32-align=4", "--big-endian"],
+        "mipsisa32r6": ["--uint32-align=4", "--big-endian"],
+        "mips64": ["--uint32-align=4", "--big-endian"],
+        "mipsisa64r6": ["--uint32-align=4", "--big-endian"],
+        "mipsel": ["--uint32-align=4", "--little-endian"],
+        "mipsisa32r6el": ["--uint32-align=4", "--little-endian"],
+        "mips64el": ["--uint32-align=4", "--little-endian"],
+        "mipsisa64r6el": ["--uint32-align=4", "--little-endian"],
+        "i586": ["--uint32-align=4", "--little-endian"],
+        "i686": ["--uint32-align=4", "--little-endian"],
+        "x86_64": ["--uint32-align=4", "--little-endian"]
+    }
+    if target_arch in locale_arch_options:
+        arch_options = locale_arch_options[target_arch]
+    else:
+        bb.error("locale_arch_options not found for target_arch=" + target_arch)
+        bb.fatal("unknown arch:" + target_arch + " for locale_arch_options")
+
+    localedir = oe.path.join(rootfs, d.getVar("libdir_nativesdk"), "locale")
+    # Need to set this so cross-localedef knows where the archive is
+    env = dict(os.environ)
+    env["LOCALEARCHIVE"] = oe.path.join(localedir, "locale-archive")
+
+    for name in os.listdir(localedir):
+        path = os.path.join(localedir, name)
+        if os.path.isdir(path):
+            try:
+                cmd = ["cross-localedef", "--verbose"]
+                cmd += arch_options
+                cmd += ["--add-to-archive", path]
+                subprocess.check_output(cmd, env=env, stderr=subprocess.STDOUT)
+            except Exception as e:
+                bb.fatal("Cannot create locale archive: %s" % e.output)
 
 class Sdk(object, metaclass=ABCMeta):
     def __init__(self, d, manifest_dir):
@@ -84,8 +129,32 @@ class Sdk(object, metaclass=ABCMeta):
             bb.debug(1, "printing the stack trace\n %s" %traceback.format_exc())
             bb.warn("cannot remove SDK dir: %s" % path)
 
+    def install_locales(self, pm):
+        # This is only relevant for glibc
+        if self.d.getVar("TCLIBC") != "glibc":
+            return
+
+        linguas = self.d.getVar("SDKIMAGE_LINGUAS")
+        if linguas:
+            import fnmatch
+            # Install the binary locales
+            if linguas == "all":
+                pm.install_glob("nativesdk-glibc-binary-localedata-*.utf-8", sdk=True)
+            else:
+                for lang in linguas.split():
+                    pm.install("nativesdk-glibc-binary-localedata-%s.utf-8" % lang)
+            # Generate a locale archive of them
+            generate_locale_archive(self.d, oe.path.join(self.sdk_host_sysroot, self.sdk_native_path))
+            # And now delete the binary locales
+            pkgs = fnmatch.filter(pm.list_installed(), "nativesdk-glibc-binary-localedata-*.utf-8")
+            pm.remove(pkgs)
+        else:
+            # No linguas so do nothing
+            pass
+
+
 class RpmSdk(Sdk):
-    def __init__(self, d, manifest_dir=None):
+    def __init__(self, d, manifest_dir=None, rpm_workdir="oe-sdk-repo"):
         super(RpmSdk, self).__init__(d, manifest_dir)
 
         self.target_manifest = RpmManifest(d, self.manifest_dir,
@@ -100,11 +169,17 @@ class RpmSdk(Sdk):
                               'pkgconfig'
                               ]
 
+        rpm_repo_workdir = "oe-sdk-repo"
+        if "sdk_ext" in d.getVar("BB_RUNTASK"):
+            rpm_repo_workdir = "oe-sdk-ext-repo"
+
+
         self.target_pm = RpmPM(d,
                                self.sdk_target_sysroot,
                                self.d.getVar('TARGET_VENDOR'),
                                'target',
-                               target_providename
+                               target_providename,
+                               rpm_repo_workdir=rpm_repo_workdir
                                )
 
         sdk_providename = ['/bin/sh',
@@ -122,7 +197,8 @@ class RpmSdk(Sdk):
                              'host',
                              sdk_providename,
                              "SDK_PACKAGE_ARCHS",
-                             "SDK_OS"
+                             "SDK_OS",
+                             rpm_repo_workdir=rpm_repo_workdir
                              )
 
     def _populate_sysroot(self, pm, manifest):
@@ -159,6 +235,7 @@ class RpmSdk(Sdk):
 
         bb.note("Installing NATIVESDK packages")
         self._populate_sysroot(self.host_pm, self.host_manifest)
+        self.install_locales(self.host_pm)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND"))
 
@@ -242,6 +319,7 @@ class OpkgSdk(Sdk):
 
         bb.note("Installing NATIVESDK packages")
         self._populate_sysroot(self.host_pm, self.host_manifest)
+        self.install_locales(self.host_pm)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND"))
 
@@ -328,6 +406,7 @@ class DpkgSdk(Sdk):
 
         bb.note("Installing NATIVESDK packages")
         self._populate_sysroot(self.host_pm, self.host_manifest)
+        self.install_locales(self.host_pm)
 
         execute_pre_post_process(self.d, self.d.getVar("POPULATE_SDK_POST_HOST_COMMAND"))
 
diff --git a/meta/lib/oeqa/runtime/cases/buildcpio.py b/meta/lib/oeqa/runtime/cases/buildcpio.py
index 59edc9c2c1..79b22d04dd 100644
--- a/meta/lib/oeqa/runtime/cases/buildcpio.py
+++ b/meta/lib/oeqa/runtime/cases/buildcpio.py
@@ -9,8 +9,7 @@ class BuildCpioTest(OERuntimeTestCase):
 
     @classmethod
     def setUpClass(cls):
-        uri = 'https://ftp.gnu.org/gnu/cpio'
-        uri = '%s/cpio-2.12.tar.bz2' % uri
+        uri = 'https://downloads.yoctoproject.org/mirror/sources/cpio-2.12.tar.gz'
         cls.project = TargetBuildProject(cls.tc.target,
                                          uri,
                                          dl_dir = cls.tc.td['DL_DIR'])
diff --git a/meta/lib/oeqa/runtime/cases/kernelmodule.py b/meta/lib/oeqa/runtime/cases/kernelmodule.py
index 11ad7b7f01..de1a5aa445 100644
--- a/meta/lib/oeqa/runtime/cases/kernelmodule.py
+++ b/meta/lib/oeqa/runtime/cases/kernelmodule.py
@@ -28,7 +28,7 @@ class KernelModuleTest(OERuntimeTestCase):
     @OETestDepends(['gcc.GccCompileTest.test_gcc_compile'])
     def test_kernel_module(self):
         cmds = [
-            'cd /usr/src/kernel && make scripts',
+            'cd /usr/src/kernel && make scripts prepare',
             'cd /tmp && make',
             'cd /tmp && insmod hellomod.ko',
             'lsmod | grep hellomod',
diff --git a/meta/recipes-bsp/grub/grub-efi_2.02.bb b/meta/recipes-bsp/grub/grub-efi_2.02.bb
index 44e32a88f1..112a99dcfb 100644
--- a/meta/recipes-bsp/grub/grub-efi_2.02.bb
+++ b/meta/recipes-bsp/grub/grub-efi_2.02.bb
@@ -2,8 +2,8 @@ require grub2.inc
 
 GRUBPLATFORM = "efi"
 
-DEPENDS_class-target = "grub-efi-native"
-RDEPENDS_${PN}_class-target = "diffutils freetype"
+DEPENDS_append_class-target = " grub-efi-native"
+RDEPENDS_${PN}_class-target = "diffutils freetype grub-common"
 
 SRC_URI += " \
            file://cfg \
@@ -41,7 +41,9 @@ do_install_class-native() {
 	install -m 755 grub-mkimage ${D}${bindir}
 }
 
-do_install_append_class-target() {
+do_install_class-target() {
+    oe_runmake 'DESTDIR=${D}' -C grub-core install
+
     # Remove build host references...
     find "${D}" -name modinfo.sh -type f -exec \
         sed -i \
@@ -51,7 +53,8 @@ do_install_append_class-target() {
         {} +
 }
 
-GRUB_BUILDIN ?= "boot linux ext2 fat serial part_msdos part_gpt normal efi_gop iso9660 search"
+GRUB_BUILDIN ?= "boot linux ext2 fat serial part_msdos part_gpt normal \
+                 efi_gop iso9660 search loadenv test"
 
 do_deploy() {
 	# Search for the grub.cfg on the local boot media by using the
@@ -68,8 +71,7 @@ do_deploy_class-native() {
 
 addtask deploy after do_install before do_build
 
-FILES_${PN} += "${libdir}/grub/${GRUB_TARGET}-efi \
-                ${datadir}/grub \
+FILES_${PN} = "${libdir}/grub/${GRUB_TARGET}-efi \
                 "
 
 # 64-bit binaries are expected for the bootloader with an x32 userland
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index a56fbe7bf8..79a84e9ac5 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -67,6 +67,4 @@ do_configure_prepend() {
 	${S}/autogen.sh )
 }
 
-# grub and grub-efi's sysroot/${datadir}/grub/grub-mkconfig_lib are
-# conflicted, remove it since no one uses it.
-SYSROOT_DIRS_BLACKLIST += "${datadir}/grub/grub-mkconfig_lib"
+RDEPENDS_${PN}_class-native = ""
diff --git a/meta/recipes-bsp/grub/grub_2.02.bb b/meta/recipes-bsp/grub/grub_2.02.bb
index b8055e7537..e0973759fb 100644
--- a/meta/recipes-bsp/grub/grub_2.02.bb
+++ b/meta/recipes-bsp/grub/grub_2.02.bb
@@ -1,10 +1,18 @@
 require grub2.inc
 
-RDEPENDS_${PN} = "diffutils freetype grub-editenv"
+RDEPENDS_${PN}-common += "${PN}-editenv"
+RDEPENDS_${PN} += "diffutils freetype ${PN}-common"
 
-PACKAGES =+ "grub-editenv"
+RPROVIDES_${PN}-editenv += "${PN}-efi-editenv"
 
-FILES_grub-editenv = "${bindir}/grub-editenv"
+PACKAGES =+ "${PN}-editenv ${PN}-common"
+FILES_${PN}-editenv = "${bindir}/grub-editenv"
+FILES_${PN}-common = " \
+    ${bindir} \
+    ${sysconfdir} \
+    ${sbindir} \
+    ${datadir}/grub \
+"
 
 do_install_append () {
     install -d ${D}${sysconfdir}/grub.d
diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
index 6c8f405a8a..2b03f9cb06 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -97,9 +97,6 @@ do_install_append() {
 
     # For read-only filesystem, do not create links during bootup
     if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-        if ${@bb.utils.contains('IMAGE_FEATURES','read-only-rootfs','true','false',d)}; then
-            echo "d    /var/run/connman    - - - -" > ${D}${sysconfdir}/tmpfiles.d/connman_resolvconf.conf
-        fi
         ln -sf ../run/connman/resolv.conf ${D}${sysconfdir}/resolv-conf.connman
     fi
 }
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
new file mode 100644
index 0000000000..2b2688cb2f
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
@@ -0,0 +1,74 @@
+From 8cfdedee369c26d2869b6ec4a64460b5f5a30934 Mon Sep 17 00:00:00 2001
+From: Thomas Markwalder <tmark@isc.org>
+Date: Thu, 7 Dec 2017 11:39:30 -0500
+Subject: [PATCH] [v4_3] Plugs a socket descriptor leak in OMAPI
+
+        Merges in rt46767.
+
+Upstream-Status: Backport
+[https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4]
+
+CVE: CVE-2017-3144
+
+Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ RELNOTES         | 7 +++++++
+ omapip/buffer.c  | 9 +++++++++
+ omapip/message.c | 2 +-
+ 3 files changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/RELNOTES b/RELNOTES
+index dd40aaf..3741b80 100644
+--- a/RELNOTES
++++ b/RELNOTES
+@@ -66,6 +66,13 @@ We welcome comments from DHCP users, about this or anything else we do.
+ Email Vicky Risk, Product Manager at vicky@isc.org or discuss on 
+ dhcp-users@lists.isc.org.
+ 
++- Plugged a socket descriptor leak in OMAPI, that can occur when there is
++  data pending to be written to an OMAPI connection, when the connection
++  is closed by the reader.  Thanks to Pavel Zhukov at RedHat for bringing
++  this issue to our attention and whose patch helped guide us in the right
++  direction.
++  [ISc-Bugs #46767]
++
+ 			Changes since 4.3.6b1
+ 
+ - None
+diff --git a/omapip/buffer.c b/omapip/buffer.c
+index f7fdc32..809034d 100644
+--- a/omapip/buffer.c
++++ b/omapip/buffer.c
+@@ -566,6 +566,15 @@ isc_result_t omapi_connection_writer (omapi_object_t *h)
+ 			omapi_buffer_dereference (&buffer, MDL);
+ 		}
+ 	}
++
++	/* If we had data left to write when we're told to disconnect,
++	* we need recall disconnect, now that we're done writing.
++	* See rt46767. */
++	if (c->out_bytes == 0 && c->state == omapi_connection_disconnecting) {
++		omapi_disconnect (h, 1);
++		return ISC_R_SHUTTINGDOWN;
++	}
++
+ 	return ISC_R_SUCCESS;
+ }
+ 
+diff --git a/omapip/message.c b/omapip/message.c
+index 59ccdc2..21bcfc3 100644
+--- a/omapip/message.c
++++ b/omapip/message.c
+@@ -339,7 +339,7 @@ isc_result_t omapi_message_unregister (omapi_object_t *mo)
+ }
+ 
+ #ifdef DEBUG_PROTOCOL
+-static const char *omapi_message_op_name(int op) {
++const char *omapi_message_op_name(int op) {
+ 	switch (op) {
+ 	case OMAPI_OP_OPEN:    return "OMAPI_OP_OPEN";
+ 	case OMAPI_OP_REFRESH: return "OMAPI_OP_REFRESH";
+-- 
+2.7.4
+
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
index 6615ae2555..cc135493e5 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.6.bb
@@ -12,6 +12,7 @@ SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.pat
             file://0010-build-shared-libs.patch \
             file://0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch \
             file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
+            file://CVE-2017-3144.patch \
            "
 
 SRC_URI[md5sum] = "afa6e9b3eb7539ea048421a82c668adc"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index dbc578e2d8..57f521a6c4 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -7,7 +7,8 @@ SRCREV = "befcbbc9867e742ac16415660b0b7521218a530c"
 PV = "20170310"
 PE = "1"
 
-SRC_URI = "git://git.gnome.org/mobile-broadband-provider-info"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info;protocol=https"
+
 S = "${WORKDIR}/git"
 
 inherit autotools
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/version-script.patch
deleted file mode 100644
index 557434fcb5..0000000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/version-script.patch
+++ /dev/null
@@ -1,4666 +0,0 @@
-
-Upstream-Status: Inappropriate
-
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
-===================================================================
---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure	2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure	2014-02-24 21:02:30.000000000 +0100
-@@ -1651,6 +1651,8 @@
- 		}
- 	}
- 
-+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
-+
- open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
- unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
- open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4615 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		BIO_f_ssl;
-+		BIO_new_buffer_ssl_connect;
-+		BIO_new_ssl;
-+		BIO_new_ssl_connect;
-+		BIO_proxy_ssl_copy_session_id;
-+		BIO_ssl_copy_session_id;
-+		BIO_ssl_shutdown;
-+		d2i_SSL_SESSION;
-+		DTLSv1_client_method;
-+		DTLSv1_method;
-+		DTLSv1_server_method;
-+		ERR_load_SSL_strings;
-+		i2d_SSL_SESSION;
-+		kssl_build_principal_2;
-+		kssl_cget_tkt;
-+		kssl_check_authent;
-+		kssl_ctx_free;
-+		kssl_ctx_new;
-+		kssl_ctx_setkey;
-+		kssl_ctx_setprinc;
-+		kssl_ctx_setstring;
-+		kssl_ctx_show;
-+		kssl_err_set;
-+		kssl_krb5_free_data_contents;
-+		kssl_sget_tkt;
-+		kssl_skip_confound;
-+		kssl_validate_times;
-+		PEM_read_bio_SSL_SESSION;
-+		PEM_read_SSL_SESSION;
-+		PEM_write_bio_SSL_SESSION;
-+		PEM_write_SSL_SESSION;
-+		SSL_accept;
-+		SSL_add_client_CA;
-+		SSL_add_dir_cert_subjects_to_stack;
-+		SSL_add_dir_cert_subjs_to_stk;
-+		SSL_add_file_cert_subjects_to_stack;
-+		SSL_add_file_cert_subjs_to_stk;
-+		SSL_alert_desc_string;
-+		SSL_alert_desc_string_long;
-+		SSL_alert_type_string;
-+		SSL_alert_type_string_long;
-+		SSL_callback_ctrl;
-+		SSL_check_private_key;
-+		SSL_CIPHER_description;
-+		SSL_CIPHER_get_bits;
-+		SSL_CIPHER_get_name;
-+		SSL_CIPHER_get_version;
-+		SSL_clear;
-+		SSL_COMP_add_compression_method;
-+		SSL_COMP_get_compression_methods;
-+		SSL_COMP_get_compress_methods;
-+		SSL_COMP_get_name;
-+		SSL_connect;
-+		SSL_copy_session_id;
-+		SSL_ctrl;
-+		SSL_CTX_add_client_CA;
-+		SSL_CTX_add_session;
-+		SSL_CTX_callback_ctrl;
-+		SSL_CTX_check_private_key;
-+		SSL_CTX_ctrl;
-+		SSL_CTX_flush_sessions;
-+		SSL_CTX_free;
-+		SSL_CTX_get_cert_store;
-+		SSL_CTX_get_client_CA_list;
-+		SSL_CTX_get_client_cert_cb;
-+		SSL_CTX_get_ex_data;
-+		SSL_CTX_get_ex_new_index;
-+		SSL_CTX_get_info_callback;
-+		SSL_CTX_get_quiet_shutdown;
-+		SSL_CTX_get_timeout;
-+		SSL_CTX_get_verify_callback;
-+		SSL_CTX_get_verify_depth;
-+		SSL_CTX_get_verify_mode;
-+		SSL_CTX_load_verify_locations;
-+		SSL_CTX_new;
-+		SSL_CTX_remove_session;
-+		SSL_CTX_sess_get_get_cb;
-+		SSL_CTX_sess_get_new_cb;
-+		SSL_CTX_sess_get_remove_cb;
-+		SSL_CTX_sessions;
-+		SSL_CTX_sess_set_get_cb;
-+		SSL_CTX_sess_set_new_cb;
-+		SSL_CTX_sess_set_remove_cb;
-+		SSL_CTX_set1_param;
-+		SSL_CTX_set_cert_store;
-+		SSL_CTX_set_cert_verify_callback;
-+		SSL_CTX_set_cert_verify_cb;
-+		SSL_CTX_set_cipher_list;
-+		SSL_CTX_set_client_CA_list;
-+		SSL_CTX_set_client_cert_cb;
-+		SSL_CTX_set_client_cert_engine;
-+		SSL_CTX_set_cookie_generate_cb;
-+		SSL_CTX_set_cookie_verify_cb;
-+		SSL_CTX_set_default_passwd_cb;
-+		SSL_CTX_set_default_passwd_cb_userdata;
-+		SSL_CTX_set_default_verify_paths;
-+		SSL_CTX_set_def_passwd_cb_ud;
-+		SSL_CTX_set_def_verify_paths;
-+		SSL_CTX_set_ex_data;
-+		SSL_CTX_set_generate_session_id;
-+		SSL_CTX_set_info_callback;
-+		SSL_CTX_set_msg_callback;
-+		SSL_CTX_set_psk_client_callback;
-+		SSL_CTX_set_psk_server_callback;
-+		SSL_CTX_set_purpose;
-+		SSL_CTX_set_quiet_shutdown;
-+		SSL_CTX_set_session_id_context;
-+		SSL_CTX_set_ssl_version;
-+		SSL_CTX_set_timeout;
-+		SSL_CTX_set_tmp_dh_callback;
-+		SSL_CTX_set_tmp_ecdh_callback;
-+		SSL_CTX_set_tmp_rsa_callback;
-+		SSL_CTX_set_trust;
-+		SSL_CTX_set_verify;
-+		SSL_CTX_set_verify_depth;
-+		SSL_CTX_use_cert_chain_file;
-+		SSL_CTX_use_certificate;
-+		SSL_CTX_use_certificate_ASN1;
-+		SSL_CTX_use_certificate_chain_file;
-+		SSL_CTX_use_certificate_file;
-+		SSL_CTX_use_PrivateKey;
-+		SSL_CTX_use_PrivateKey_ASN1;
-+		SSL_CTX_use_PrivateKey_file;
-+		SSL_CTX_use_psk_identity_hint;
-+		SSL_CTX_use_RSAPrivateKey;
-+		SSL_CTX_use_RSAPrivateKey_ASN1;
-+		SSL_CTX_use_RSAPrivateKey_file;
-+		SSL_do_handshake;
-+		SSL_dup;
-+		SSL_dup_CA_list;
-+		SSLeay_add_ssl_algorithms;
-+		SSL_free;
-+		SSL_get1_session;
-+		SSL_get_certificate;
-+		SSL_get_cipher_list;
-+		SSL_get_ciphers;
-+		SSL_get_client_CA_list;
-+		SSL_get_current_cipher;
-+		SSL_get_current_compression;
-+		SSL_get_current_expansion;
-+		SSL_get_default_timeout;
-+		SSL_get_error;
-+		SSL_get_ex_data;
-+		SSL_get_ex_data_X509_STORE_CTX_idx;
-+		SSL_get_ex_d_X509_STORE_CTX_idx;
-+		SSL_get_ex_new_index;
-+		SSL_get_fd;
-+		SSL_get_finished;
-+		SSL_get_info_callback;
-+		SSL_get_peer_cert_chain;
-+		SSL_get_peer_certificate;
-+		SSL_get_peer_finished;
-+		SSL_get_privatekey;
-+		SSL_get_psk_identity;
-+		SSL_get_psk_identity_hint;
-+		SSL_get_quiet_shutdown;
-+		SSL_get_rbio;
-+		SSL_get_read_ahead;
-+		SSL_get_rfd;
-+		SSL_get_servername;
-+		SSL_get_servername_type;
-+		SSL_get_session;
-+		SSL_get_shared_ciphers;
-+		SSL_get_shutdown;
-+		SSL_get_SSL_CTX;
-+		SSL_get_ssl_method;
-+		SSL_get_verify_callback;
-+		SSL_get_verify_depth;
-+		SSL_get_verify_mode;
-+		SSL_get_verify_result;
-+		SSL_get_version;
-+		SSL_get_wbio;
-+		SSL_get_wfd;
-+		SSL_has_matching_session_id;
-+		SSL_library_init;
-+		SSL_load_client_CA_file;
-+		SSL_load_error_strings;
-+		SSL_new;
-+		SSL_peek;
-+		SSL_pending;
-+		SSL_read;
-+		SSL_renegotiate;
-+		SSL_renegotiate_pending;
-+		SSL_rstate_string;
-+		SSL_rstate_string_long;
-+		SSL_SESSION_cmp;
-+		SSL_SESSION_free;
-+		SSL_SESSION_get_ex_data;
-+		SSL_SESSION_get_ex_new_index;
-+		SSL_SESSION_get_id;
-+		SSL_SESSION_get_time;
-+		SSL_SESSION_get_timeout;
-+		SSL_SESSION_hash;
-+		SSL_SESSION_new;
-+		SSL_SESSION_print;
-+		SSL_SESSION_print_fp;
-+		SSL_SESSION_set_ex_data;
-+		SSL_SESSION_set_time;
-+		SSL_SESSION_set_timeout;
-+		SSL_set1_param;
-+		SSL_set_accept_state;
-+		SSL_set_bio;
-+		SSL_set_cipher_list;
-+		SSL_set_client_CA_list;
-+		SSL_set_connect_state;
-+		SSL_set_ex_data;
-+		SSL_set_fd;
-+		SSL_set_generate_session_id;
-+		SSL_set_info_callback;
-+		SSL_set_msg_callback;
-+		SSL_set_psk_client_callback;
-+		SSL_set_psk_server_callback;
-+		SSL_set_purpose;
-+		SSL_set_quiet_shutdown;
-+		SSL_set_read_ahead;
-+		SSL_set_rfd;
-+		SSL_set_session;
-+		SSL_set_session_id_context;
-+		SSL_set_session_secret_cb;
-+		SSL_set_session_ticket_ext;
-+		SSL_set_session_ticket_ext_cb;
-+		SSL_set_shutdown;
-+		SSL_set_SSL_CTX;
-+		SSL_set_ssl_method;
-+		SSL_set_tmp_dh_callback;
-+		SSL_set_tmp_ecdh_callback;
-+		SSL_set_tmp_rsa_callback;
-+		SSL_set_trust;
-+		SSL_set_verify;
-+		SSL_set_verify_depth;
-+		SSL_set_verify_result;
-+		SSL_set_wfd;
-+		SSL_shutdown;
-+		SSL_state;
-+		SSL_state_string;
-+		SSL_state_string_long;
-+		SSL_use_certificate;
-+		SSL_use_certificate_ASN1;
-+		SSL_use_certificate_file;
-+		SSL_use_PrivateKey;
-+		SSL_use_PrivateKey_ASN1;
-+		SSL_use_PrivateKey_file;
-+		SSL_use_psk_identity_hint;
-+		SSL_use_RSAPrivateKey;
-+		SSL_use_RSAPrivateKey_ASN1;
-+		SSL_use_RSAPrivateKey_file;
-+		SSLv23_client_method;
-+		SSLv23_method;
-+		SSLv23_server_method;
-+		SSLv2_client_method;
-+		SSLv2_method;
-+		SSLv2_server_method;
-+		SSLv3_client_method;
-+		SSLv3_method;
-+		SSLv3_server_method;
-+		SSL_version;
-+		SSL_want;
-+		SSL_write;
-+		TLSv1_client_method;
-+		TLSv1_method;
-+		TLSv1_server_method;
-+
-+
-+		SSLeay;
-+		SSLeay_version;
-+		ASN1_BIT_STRING_asn1_meth;
-+		ASN1_HEADER_free;
-+		ASN1_HEADER_new;
-+		ASN1_IA5STRING_asn1_meth;
-+		ASN1_INTEGER_get;
-+		ASN1_INTEGER_set;
-+		ASN1_INTEGER_to_BN;
-+		ASN1_OBJECT_create;
-+		ASN1_OBJECT_free;
-+		ASN1_OBJECT_new;
-+		ASN1_PRINTABLE_type;
-+		ASN1_STRING_cmp;
-+		ASN1_STRING_dup;
-+		ASN1_STRING_free;
-+		ASN1_STRING_new;
-+		ASN1_STRING_print;
-+		ASN1_STRING_set;
-+		ASN1_STRING_type_new;
-+		ASN1_TYPE_free;
-+		ASN1_TYPE_new;
-+		ASN1_UNIVERSALSTRING_to_string;
-+		ASN1_UTCTIME_check;
-+		ASN1_UTCTIME_print;
-+		ASN1_UTCTIME_set;
-+		ASN1_check_infinite_end;
-+		ASN1_d2i_bio;
-+		ASN1_d2i_fp;
-+		ASN1_digest;
-+		ASN1_dup;
-+		ASN1_get_object;
-+		ASN1_i2d_bio;
-+		ASN1_i2d_fp;
-+		ASN1_object_size;
-+		ASN1_parse;
-+		ASN1_put_object;
-+		ASN1_sign;
-+		ASN1_verify;
-+		BF_cbc_encrypt;
-+		BF_cfb64_encrypt;
-+		BF_ecb_encrypt;
-+		BF_encrypt;
-+		BF_ofb64_encrypt;
-+		BF_options;
-+		BF_set_key;
-+		BIO_CONNECT_free;
-+		BIO_CONNECT_new;
-+		BIO_accept;
-+		BIO_ctrl;
-+		BIO_int_ctrl;
-+		BIO_debug_callback;
-+		BIO_dump;
-+		BIO_dup_chain;
-+		BIO_f_base64;
-+		BIO_f_buffer;
-+		BIO_f_cipher;
-+		BIO_f_md;
-+		BIO_f_null;
-+		BIO_f_proxy_server;
-+		BIO_fd_non_fatal_error;
-+		BIO_fd_should_retry;
-+		BIO_find_type;
-+		BIO_free;
-+		BIO_free_all;
-+		BIO_get_accept_socket;
-+		BIO_get_filter_bio;
-+		BIO_get_host_ip;
-+		BIO_get_port;
-+		BIO_get_retry_BIO;
-+		BIO_get_retry_reason;
-+		BIO_gethostbyname;
-+		BIO_gets;
-+		BIO_new;
-+		BIO_new_accept;
-+		BIO_new_connect;
-+		BIO_new_fd;
-+		BIO_new_file;
-+		BIO_new_fp;
-+		BIO_new_socket;
-+		BIO_pop;
-+		BIO_printf;
-+		BIO_push;
-+		BIO_puts;
-+		BIO_read;
-+		BIO_s_accept;
-+		BIO_s_connect;
-+		BIO_s_fd;
-+		BIO_s_file;
-+		BIO_s_mem;
-+		BIO_s_null;
-+		BIO_s_proxy_client;
-+		BIO_s_socket;
-+		BIO_set;
-+		BIO_set_cipher;
-+		BIO_set_tcp_ndelay;
-+		BIO_sock_cleanup;
-+		BIO_sock_error;
-+		BIO_sock_init;
-+		BIO_sock_non_fatal_error;
-+		BIO_sock_should_retry;
-+		BIO_socket_ioctl;
-+		BIO_write;
-+		BN_CTX_free;
-+		BN_CTX_new;
-+		BN_MONT_CTX_free;
-+		BN_MONT_CTX_new;
-+		BN_MONT_CTX_set;
-+		BN_add;
-+		BN_add_word;
-+		BN_hex2bn;
-+		BN_bin2bn;
-+		BN_bn2hex;
-+		BN_bn2bin;
-+		BN_clear;
-+		BN_clear_bit;
-+		BN_clear_free;
-+		BN_cmp;
-+		BN_copy;
-+		BN_div;
-+		BN_div_word;
-+		BN_dup;
-+		BN_free;
-+		BN_from_montgomery;
-+		BN_gcd;
-+		BN_generate_prime;
-+		BN_get_word;
-+		BN_is_bit_set;
-+		BN_is_prime;
-+		BN_lshift;
-+		BN_lshift1;
-+		BN_mask_bits;
-+		BN_mod;
-+		BN_mod_exp;
-+		BN_mod_exp_mont;
-+		BN_mod_exp_simple;
-+		BN_mod_inverse;
-+		BN_mod_mul;
-+		BN_mod_mul_montgomery;
-+		BN_mod_word;
-+		BN_mul;
-+		BN_new;
-+		BN_num_bits;
-+		BN_num_bits_word;
-+		BN_options;
-+		BN_print;
-+		BN_print_fp;
-+		BN_rand;
-+		BN_reciprocal;
-+		BN_rshift;
-+		BN_rshift1;
-+		BN_set_bit;
-+		BN_set_word;
-+		BN_sqr;
-+		BN_sub;
-+		BN_to_ASN1_INTEGER;
-+		BN_ucmp;
-+		BN_value_one;
-+		BUF_MEM_free;
-+		BUF_MEM_grow;
-+		BUF_MEM_new;
-+		BUF_strdup;
-+		CONF_free;
-+		CONF_get_number;
-+		CONF_get_section;
-+		CONF_get_string;
-+		CONF_load;
-+		CRYPTO_add_lock;
-+		CRYPTO_dbg_free;
-+		CRYPTO_dbg_malloc;
-+		CRYPTO_dbg_realloc;
-+		CRYPTO_dbg_remalloc;
-+		CRYPTO_free;
-+		CRYPTO_get_add_lock_callback;
-+		CRYPTO_get_id_callback;
-+		CRYPTO_get_lock_name;
-+		CRYPTO_get_locking_callback;
-+		CRYPTO_get_mem_functions;
-+		CRYPTO_lock;
-+		CRYPTO_malloc;
-+		CRYPTO_mem_ctrl;
-+		CRYPTO_mem_leaks;
-+		CRYPTO_mem_leaks_cb;
-+		CRYPTO_mem_leaks_fp;
-+		CRYPTO_realloc;
-+		CRYPTO_remalloc;
-+		CRYPTO_set_add_lock_callback;
-+		CRYPTO_set_id_callback;
-+		CRYPTO_set_locking_callback;
-+		CRYPTO_set_mem_functions;
-+		CRYPTO_thread_id;
-+		DH_check;
-+		DH_compute_key;
-+		DH_free;
-+		DH_generate_key;
-+		DH_generate_parameters;
-+		DH_new;
-+		DH_size;
-+		DHparams_print;
-+		DHparams_print_fp;
-+		DSA_free;
-+		DSA_generate_key;
-+		DSA_generate_parameters;
-+		DSA_is_prime;
-+		DSA_new;
-+		DSA_print;
-+		DSA_print_fp;
-+		DSA_sign;
-+		DSA_sign_setup;
-+		DSA_size;
-+		DSA_verify;
-+		DSAparams_print;
-+		DSAparams_print_fp;
-+		ERR_clear_error;
-+		ERR_error_string;
-+		ERR_free_strings;
-+		ERR_func_error_string;
-+		ERR_get_err_state_table;
-+		ERR_get_error;
-+		ERR_get_error_line;
-+		ERR_get_state;
-+		ERR_get_string_table;
-+		ERR_lib_error_string;
-+		ERR_load_ASN1_strings;
-+		ERR_load_BIO_strings;
-+		ERR_load_BN_strings;
-+		ERR_load_BUF_strings;
-+		ERR_load_CONF_strings;
-+		ERR_load_DH_strings;
-+		ERR_load_DSA_strings;
-+		ERR_load_ERR_strings;
-+		ERR_load_EVP_strings;
-+		ERR_load_OBJ_strings;
-+		ERR_load_PEM_strings;
-+		ERR_load_PROXY_strings;
-+		ERR_load_RSA_strings;
-+		ERR_load_X509_strings;
-+		ERR_load_crypto_strings;
-+		ERR_load_strings;
-+		ERR_peek_error;
-+		ERR_peek_error_line;
-+		ERR_print_errors;
-+		ERR_print_errors_fp;
-+		ERR_put_error;
-+		ERR_reason_error_string;
-+		ERR_remove_state;
-+		EVP_BytesToKey;
-+		EVP_CIPHER_CTX_cleanup;
-+		EVP_CipherFinal;
-+		EVP_CipherInit;
-+		EVP_CipherUpdate;
-+		EVP_DecodeBlock;
-+		EVP_DecodeFinal;
-+		EVP_DecodeInit;
-+		EVP_DecodeUpdate;
-+		EVP_DecryptFinal;
-+		EVP_DecryptInit;
-+		EVP_DecryptUpdate;
-+		EVP_DigestFinal;
-+		EVP_DigestInit;
-+		EVP_DigestUpdate;
-+		EVP_EncodeBlock;
-+		EVP_EncodeFinal;
-+		EVP_EncodeInit;
-+		EVP_EncodeUpdate;
-+		EVP_EncryptFinal;
-+		EVP_EncryptInit;
-+		EVP_EncryptUpdate;
-+		EVP_OpenFinal;
-+		EVP_OpenInit;
-+		EVP_PKEY_assign;
-+		EVP_PKEY_copy_parameters;
-+		EVP_PKEY_free;
-+		EVP_PKEY_missing_parameters;
-+		EVP_PKEY_new;
-+		EVP_PKEY_save_parameters;
-+		EVP_PKEY_size;
-+		EVP_PKEY_type;
-+		EVP_SealFinal;
-+		EVP_SealInit;
-+		EVP_SignFinal;
-+		EVP_VerifyFinal;
-+		EVP_add_alias;
-+		EVP_add_cipher;
-+		EVP_add_digest;
-+		EVP_bf_cbc;
-+		EVP_bf_cfb64;
-+		EVP_bf_ecb;
-+		EVP_bf_ofb;
-+		EVP_cleanup;
-+		EVP_des_cbc;
-+		EVP_des_cfb64;
-+		EVP_des_ecb;
-+		EVP_des_ede;
-+		EVP_des_ede3;
-+		EVP_des_ede3_cbc;
-+		EVP_des_ede3_cfb64;
-+		EVP_des_ede3_ofb;
-+		EVP_des_ede_cbc;
-+		EVP_des_ede_cfb64;
-+		EVP_des_ede_ofb;
-+		EVP_des_ofb;
-+		EVP_desx_cbc;
-+		EVP_dss;
-+		EVP_dss1;
-+		EVP_enc_null;
-+		EVP_get_cipherbyname;
-+		EVP_get_digestbyname;
-+		EVP_get_pw_prompt;
-+		EVP_idea_cbc;
-+		EVP_idea_cfb64;
-+		EVP_idea_ecb;
-+		EVP_idea_ofb;
-+		EVP_md2;
-+		EVP_md5;
-+		EVP_md_null;
-+		EVP_rc2_cbc;
-+		EVP_rc2_cfb64;
-+		EVP_rc2_ecb;
-+		EVP_rc2_ofb;
-+		EVP_rc4;
-+		EVP_read_pw_string;
-+		EVP_set_pw_prompt;
-+		EVP_sha;
-+		EVP_sha1;
-+		MD2;
-+		MD2_Final;
-+		MD2_Init;
-+		MD2_Update;
-+		MD2_options;
-+		MD5;
-+		MD5_Final;
-+		MD5_Init;
-+		MD5_Update;
-+		MDC2;
-+		MDC2_Final;
-+		MDC2_Init;
-+		MDC2_Update;
-+		NETSCAPE_SPKAC_free;
-+		NETSCAPE_SPKAC_new;
-+		NETSCAPE_SPKI_free;
-+		NETSCAPE_SPKI_new;
-+		NETSCAPE_SPKI_sign;
-+		NETSCAPE_SPKI_verify;
-+		OBJ_add_object;
-+		OBJ_bsearch;
-+		OBJ_cleanup;
-+		OBJ_cmp;
-+		OBJ_create;
-+		OBJ_dup;
-+		OBJ_ln2nid;
-+		OBJ_new_nid;
-+		OBJ_nid2ln;
-+		OBJ_nid2obj;
-+		OBJ_nid2sn;
-+		OBJ_obj2nid;
-+		OBJ_sn2nid;
-+		OBJ_txt2nid;
-+		PEM_ASN1_read;
-+		PEM_ASN1_read_bio;
-+		PEM_ASN1_write;
-+		PEM_ASN1_write_bio;
-+		PEM_SealFinal;
-+		PEM_SealInit;
-+		PEM_SealUpdate;
-+		PEM_SignFinal;
-+		PEM_SignInit;
-+		PEM_SignUpdate;
-+		PEM_X509_INFO_read;
-+		PEM_X509_INFO_read_bio;
-+		PEM_X509_INFO_write_bio;
-+		PEM_dek_info;
-+		PEM_do_header;
-+		PEM_get_EVP_CIPHER_INFO;
-+		PEM_proc_type;
-+		PEM_read;
-+		PEM_read_DHparams;
-+		PEM_read_DSAPrivateKey;
-+		PEM_read_DSAparams;
-+		PEM_read_PKCS7;
-+		PEM_read_PrivateKey;
-+		PEM_read_RSAPrivateKey;
-+		PEM_read_X509;
-+		PEM_read_X509_CRL;
-+		PEM_read_X509_REQ;
-+		PEM_read_bio;
-+		PEM_read_bio_DHparams;
-+		PEM_read_bio_DSAPrivateKey;
-+		PEM_read_bio_DSAparams;
-+		PEM_read_bio_PKCS7;
-+		PEM_read_bio_PrivateKey;
-+		PEM_read_bio_RSAPrivateKey;
-+		PEM_read_bio_X509;
-+		PEM_read_bio_X509_CRL;
-+		PEM_read_bio_X509_REQ;
-+		PEM_write;
-+		PEM_write_DHparams;
-+		PEM_write_DSAPrivateKey;
-+		PEM_write_DSAparams;
-+		PEM_write_PKCS7;
-+		PEM_write_PrivateKey;
-+		PEM_write_RSAPrivateKey;
-+		PEM_write_X509;
-+		PEM_write_X509_CRL;
-+		PEM_write_X509_REQ;
-+		PEM_write_bio;
-+		PEM_write_bio_DHparams;
-+		PEM_write_bio_DSAPrivateKey;
-+		PEM_write_bio_DSAparams;
-+		PEM_write_bio_PKCS7;
-+		PEM_write_bio_PrivateKey;
-+		PEM_write_bio_RSAPrivateKey;
-+		PEM_write_bio_X509;
-+		PEM_write_bio_X509_CRL;
-+		PEM_write_bio_X509_REQ;
-+		PKCS7_DIGEST_free;
-+		PKCS7_DIGEST_new;
-+		PKCS7_ENCRYPT_free;
-+		PKCS7_ENCRYPT_new;
-+		PKCS7_ENC_CONTENT_free;
-+		PKCS7_ENC_CONTENT_new;
-+		PKCS7_ENVELOPE_free;
-+		PKCS7_ENVELOPE_new;
-+		PKCS7_ISSUER_AND_SERIAL_digest;
-+		PKCS7_ISSUER_AND_SERIAL_free;
-+		PKCS7_ISSUER_AND_SERIAL_new;
-+		PKCS7_RECIP_INFO_free;
-+		PKCS7_RECIP_INFO_new;
-+		PKCS7_SIGNED_free;
-+		PKCS7_SIGNED_new;
-+		PKCS7_SIGNER_INFO_free;
-+		PKCS7_SIGNER_INFO_new;
-+		PKCS7_SIGN_ENVELOPE_free;
-+		PKCS7_SIGN_ENVELOPE_new;
-+		PKCS7_dup;
-+		PKCS7_free;
-+		PKCS7_new;
-+		PROXY_ENTRY_add_noproxy;
-+		PROXY_ENTRY_clear_noproxy;
-+		PROXY_ENTRY_free;
-+		PROXY_ENTRY_get_noproxy;
-+		PROXY_ENTRY_new;
-+		PROXY_ENTRY_set_server;
-+		PROXY_add_noproxy;
-+		PROXY_add_server;
-+		PROXY_check_by_host;
-+		PROXY_check_url;
-+		PROXY_clear_noproxy;
-+		PROXY_free;
-+		PROXY_get_noproxy;
-+		PROXY_get_proxies;
-+		PROXY_get_proxy_entry;
-+		PROXY_load_conf;
-+		PROXY_new;
-+		PROXY_print;
-+		RAND_bytes;
-+		RAND_cleanup;
-+		RAND_file_name;
-+		RAND_load_file;
-+		RAND_screen;
-+		RAND_seed;
-+		RAND_write_file;
-+		RC2_cbc_encrypt;
-+		RC2_cfb64_encrypt;
-+		RC2_ecb_encrypt;
-+		RC2_encrypt;
-+		RC2_ofb64_encrypt;
-+		RC2_set_key;
-+		RC4;
-+		RC4_options;
-+		RC4_set_key;
-+		RSAPrivateKey_asn1_meth;
-+		RSAPrivateKey_dup;
-+		RSAPublicKey_dup;
-+		RSA_PKCS1_SSLeay;
-+		RSA_free;
-+		RSA_generate_key;
-+		RSA_new;
-+		RSA_new_method;
-+		RSA_print;
-+		RSA_print_fp;
-+		RSA_private_decrypt;
-+		RSA_private_encrypt;
-+		RSA_public_decrypt;
-+		RSA_public_encrypt;
-+		RSA_set_default_method;
-+		RSA_sign;
-+		RSA_sign_ASN1_OCTET_STRING;
-+		RSA_size;
-+		RSA_verify;
-+		RSA_verify_ASN1_OCTET_STRING;
-+		SHA;
-+		SHA1;
-+		SHA1_Final;
-+		SHA1_Init;
-+		SHA1_Update;
-+		SHA_Final;
-+		SHA_Init;
-+		SHA_Update;
-+		OpenSSL_add_all_algorithms;
-+		OpenSSL_add_all_ciphers;
-+		OpenSSL_add_all_digests;
-+		TXT_DB_create_index;
-+		TXT_DB_free;
-+		TXT_DB_get_by_index;
-+		TXT_DB_insert;
-+		TXT_DB_read;
-+		TXT_DB_write;
-+		X509_ALGOR_free;
-+		X509_ALGOR_new;
-+		X509_ATTRIBUTE_free;
-+		X509_ATTRIBUTE_new;
-+		X509_CINF_free;
-+		X509_CINF_new;
-+		X509_CRL_INFO_free;
-+		X509_CRL_INFO_new;
-+		X509_CRL_add_ext;
-+		X509_CRL_cmp;
-+		X509_CRL_delete_ext;
-+		X509_CRL_dup;
-+		X509_CRL_free;
-+		X509_CRL_get_ext;
-+		X509_CRL_get_ext_by_NID;
-+		X509_CRL_get_ext_by_OBJ;
-+		X509_CRL_get_ext_by_critical;
-+		X509_CRL_get_ext_count;
-+		X509_CRL_new;
-+		X509_CRL_sign;
-+		X509_CRL_verify;
-+		X509_EXTENSION_create_by_NID;
-+		X509_EXTENSION_create_by_OBJ;
-+		X509_EXTENSION_dup;
-+		X509_EXTENSION_free;
-+		X509_EXTENSION_get_critical;
-+		X509_EXTENSION_get_data;
-+		X509_EXTENSION_get_object;
-+		X509_EXTENSION_new;
-+		X509_EXTENSION_set_critical;
-+		X509_EXTENSION_set_data;
-+		X509_EXTENSION_set_object;
-+		X509_INFO_free;
-+		X509_INFO_new;
-+		X509_LOOKUP_by_alias;
-+		X509_LOOKUP_by_fingerprint;
-+		X509_LOOKUP_by_issuer_serial;
-+		X509_LOOKUP_by_subject;
-+		X509_LOOKUP_ctrl;
-+		X509_LOOKUP_file;
-+		X509_LOOKUP_free;
-+		X509_LOOKUP_hash_dir;
-+		X509_LOOKUP_init;
-+		X509_LOOKUP_new;
-+		X509_LOOKUP_shutdown;
-+		X509_NAME_ENTRY_create_by_NID;
-+		X509_NAME_ENTRY_create_by_OBJ;
-+		X509_NAME_ENTRY_dup;
-+		X509_NAME_ENTRY_free;
-+		X509_NAME_ENTRY_get_data;
-+		X509_NAME_ENTRY_get_object;
-+		X509_NAME_ENTRY_new;
-+		X509_NAME_ENTRY_set_data;
-+		X509_NAME_ENTRY_set_object;
-+		X509_NAME_add_entry;
-+		X509_NAME_cmp;
-+		X509_NAME_delete_entry;
-+		X509_NAME_digest;
-+		X509_NAME_dup;
-+		X509_NAME_entry_count;
-+		X509_NAME_free;
-+		X509_NAME_get_entry;
-+		X509_NAME_get_index_by_NID;
-+		X509_NAME_get_index_by_OBJ;
-+		X509_NAME_get_text_by_NID;
-+		X509_NAME_get_text_by_OBJ;
-+		X509_NAME_hash;
-+		X509_NAME_new;
-+		X509_NAME_oneline;
-+		X509_NAME_print;
-+		X509_NAME_set;
-+		X509_OBJECT_free_contents;
-+		X509_OBJECT_retrieve_by_subject;
-+		X509_OBJECT_up_ref_count;
-+		X509_PKEY_free;
-+		X509_PKEY_new;
-+		X509_PUBKEY_free;
-+		X509_PUBKEY_get;
-+		X509_PUBKEY_new;
-+		X509_PUBKEY_set;
-+		X509_REQ_INFO_free;
-+		X509_REQ_INFO_new;
-+		X509_REQ_dup;
-+		X509_REQ_free;
-+		X509_REQ_get_pubkey;
-+		X509_REQ_new;
-+		X509_REQ_print;
-+		X509_REQ_print_fp;
-+		X509_REQ_set_pubkey;
-+		X509_REQ_set_subject_name;
-+		X509_REQ_set_version;
-+		X509_REQ_sign;
-+		X509_REQ_to_X509;
-+		X509_REQ_verify;
-+		X509_REVOKED_add_ext;
-+		X509_REVOKED_delete_ext;
-+		X509_REVOKED_free;
-+		X509_REVOKED_get_ext;
-+		X509_REVOKED_get_ext_by_NID;
-+		X509_REVOKED_get_ext_by_OBJ;
-+		X509_REVOKED_get_ext_by_critical;
-+		X509_REVOKED_get_ext_by_critic;
-+		X509_REVOKED_get_ext_count;
-+		X509_REVOKED_new;
-+		X509_SIG_free;
-+		X509_SIG_new;
-+		X509_STORE_CTX_cleanup;
-+		X509_STORE_CTX_init;
-+		X509_STORE_add_cert;
-+		X509_STORE_add_lookup;
-+		X509_STORE_free;
-+		X509_STORE_get_by_subject;
-+		X509_STORE_load_locations;
-+		X509_STORE_new;
-+		X509_STORE_set_default_paths;
-+		X509_VAL_free;
-+		X509_VAL_new;
-+		X509_add_ext;
-+		X509_asn1_meth;
-+		X509_certificate_type;
-+		X509_check_private_key;
-+		X509_cmp_current_time;
-+		X509_delete_ext;
-+		X509_digest;
-+		X509_dup;
-+		X509_free;
-+		X509_get_default_cert_area;
-+		X509_get_default_cert_dir;
-+		X509_get_default_cert_dir_env;
-+		X509_get_default_cert_file;
-+		X509_get_default_cert_file_env;
-+		X509_get_default_private_dir;
-+		X509_get_ext;
-+		X509_get_ext_by_NID;
-+		X509_get_ext_by_OBJ;
-+		X509_get_ext_by_critical;
-+		X509_get_ext_count;
-+		X509_get_issuer_name;
-+		X509_get_pubkey;
-+		X509_get_pubkey_parameters;
-+		X509_get_serialNumber;
-+		X509_get_subject_name;
-+		X509_gmtime_adj;
-+		X509_issuer_and_serial_cmp;
-+		X509_issuer_and_serial_hash;
-+		X509_issuer_name_cmp;
-+		X509_issuer_name_hash;
-+		X509_load_cert_file;
-+		X509_new;
-+		X509_print;
-+		X509_print_fp;
-+		X509_set_issuer_name;
-+		X509_set_notAfter;
-+		X509_set_notBefore;
-+		X509_set_pubkey;
-+		X509_set_serialNumber;
-+		X509_set_subject_name;
-+		X509_set_version;
-+		X509_sign;
-+		X509_subject_name_cmp;
-+		X509_subject_name_hash;
-+		X509_to_X509_REQ;
-+		X509_verify;
-+		X509_verify_cert;
-+		X509_verify_cert_error_string;
-+		X509v3_add_ext;
-+		X509v3_add_extension;
-+		X509v3_add_netscape_extensions;
-+		X509v3_add_standard_extensions;
-+		X509v3_cleanup_extensions;
-+		X509v3_data_type_by_NID;
-+		X509v3_data_type_by_OBJ;
-+		X509v3_delete_ext;
-+		X509v3_get_ext;
-+		X509v3_get_ext_by_NID;
-+		X509v3_get_ext_by_OBJ;
-+		X509v3_get_ext_by_critical;
-+		X509v3_get_ext_count;
-+		X509v3_pack_string;
-+		X509v3_pack_type_by_NID;
-+		X509v3_pack_type_by_OBJ;
-+		X509v3_unpack_string;
-+		_des_crypt;
-+		a2d_ASN1_OBJECT;
-+		a2i_ASN1_INTEGER;
-+		a2i_ASN1_STRING;
-+		asn1_Finish;
-+		asn1_GetSequence;
-+		bn_div_words;
-+		bn_expand2;
-+		bn_mul_add_words;
-+		bn_mul_words;
-+		BN_uadd;
-+		BN_usub;
-+		bn_sqr_words;
-+		_ossl_old_crypt;
-+		d2i_ASN1_BIT_STRING;
-+		d2i_ASN1_BOOLEAN;
-+		d2i_ASN1_HEADER;
-+		d2i_ASN1_IA5STRING;
-+		d2i_ASN1_INTEGER;
-+		d2i_ASN1_OBJECT;
-+		d2i_ASN1_OCTET_STRING;
-+		d2i_ASN1_PRINTABLE;
-+		d2i_ASN1_PRINTABLESTRING;
-+		d2i_ASN1_SET;
-+		d2i_ASN1_T61STRING;
-+		d2i_ASN1_TYPE;
-+		d2i_ASN1_UTCTIME;
-+		d2i_ASN1_bytes;
-+		d2i_ASN1_type_bytes;
-+		d2i_DHparams;
-+		d2i_DSAPrivateKey;
-+		d2i_DSAPrivateKey_bio;
-+		d2i_DSAPrivateKey_fp;
-+		d2i_DSAPublicKey;
-+		d2i_DSAparams;
-+		d2i_NETSCAPE_SPKAC;
-+		d2i_NETSCAPE_SPKI;
-+		d2i_Netscape_RSA;
-+		d2i_PKCS7;
-+		d2i_PKCS7_DIGEST;
-+		d2i_PKCS7_ENCRYPT;
-+		d2i_PKCS7_ENC_CONTENT;
-+		d2i_PKCS7_ENVELOPE;
-+		d2i_PKCS7_ISSUER_AND_SERIAL;
-+		d2i_PKCS7_RECIP_INFO;
-+		d2i_PKCS7_SIGNED;
-+		d2i_PKCS7_SIGNER_INFO;
-+		d2i_PKCS7_SIGN_ENVELOPE;
-+		d2i_PKCS7_bio;
-+		d2i_PKCS7_fp;
-+		d2i_PrivateKey;
-+		d2i_PublicKey;
-+		d2i_RSAPrivateKey;
-+		d2i_RSAPrivateKey_bio;
-+		d2i_RSAPrivateKey_fp;
-+		d2i_RSAPublicKey;
-+		d2i_X509;
-+		d2i_X509_ALGOR;
-+		d2i_X509_ATTRIBUTE;
-+		d2i_X509_CINF;
-+		d2i_X509_CRL;
-+		d2i_X509_CRL_INFO;
-+		d2i_X509_CRL_bio;
-+		d2i_X509_CRL_fp;
-+		d2i_X509_EXTENSION;
-+		d2i_X509_NAME;
-+		d2i_X509_NAME_ENTRY;
-+		d2i_X509_PKEY;
-+		d2i_X509_PUBKEY;
-+		d2i_X509_REQ;
-+		d2i_X509_REQ_INFO;
-+		d2i_X509_REQ_bio;
-+		d2i_X509_REQ_fp;
-+		d2i_X509_REVOKED;
-+		d2i_X509_SIG;
-+		d2i_X509_VAL;
-+		d2i_X509_bio;
-+		d2i_X509_fp;
-+		DES_cbc_cksum;
-+		DES_cbc_encrypt;
-+		DES_cblock_print_file;
-+		DES_cfb64_encrypt;
-+		DES_cfb_encrypt;
-+		DES_decrypt3;
-+		DES_ecb3_encrypt;
-+		DES_ecb_encrypt;
-+		DES_ede3_cbc_encrypt;
-+		DES_ede3_cfb64_encrypt;
-+		DES_ede3_ofb64_encrypt;
-+		DES_enc_read;
-+		DES_enc_write;
-+		DES_encrypt1;
-+		DES_encrypt2;
-+		DES_encrypt3;
-+		DES_fcrypt;
-+		DES_is_weak_key;
-+		DES_key_sched;
-+		DES_ncbc_encrypt;
-+		DES_ofb64_encrypt;
-+		DES_ofb_encrypt;
-+		DES_options;
-+		DES_pcbc_encrypt;
-+		DES_quad_cksum;
-+		DES_random_key;
-+		_ossl_old_des_random_seed;
-+		_ossl_old_des_read_2passwords;
-+		_ossl_old_des_read_password;
-+		_ossl_old_des_read_pw;
-+		_ossl_old_des_read_pw_string;
-+		DES_set_key;
-+		DES_set_odd_parity;
-+		DES_string_to_2keys;
-+		DES_string_to_key;
-+		DES_xcbc_encrypt;
-+		DES_xwhite_in2out;
-+		fcrypt_body;
-+		i2a_ASN1_INTEGER;
-+		i2a_ASN1_OBJECT;
-+		i2a_ASN1_STRING;
-+		i2d_ASN1_BIT_STRING;
-+		i2d_ASN1_BOOLEAN;
-+		i2d_ASN1_HEADER;
-+		i2d_ASN1_IA5STRING;
-+		i2d_ASN1_INTEGER;
-+		i2d_ASN1_OBJECT;
-+		i2d_ASN1_OCTET_STRING;
-+		i2d_ASN1_PRINTABLE;
-+		i2d_ASN1_SET;
-+		i2d_ASN1_TYPE;
-+		i2d_ASN1_UTCTIME;
-+		i2d_ASN1_bytes;
-+		i2d_DHparams;
-+		i2d_DSAPrivateKey;
-+		i2d_DSAPrivateKey_bio;
-+		i2d_DSAPrivateKey_fp;
-+		i2d_DSAPublicKey;
-+		i2d_DSAparams;
-+		i2d_NETSCAPE_SPKAC;
-+		i2d_NETSCAPE_SPKI;
-+		i2d_Netscape_RSA;
-+		i2d_PKCS7;
-+		i2d_PKCS7_DIGEST;
-+		i2d_PKCS7_ENCRYPT;
-+		i2d_PKCS7_ENC_CONTENT;
-+		i2d_PKCS7_ENVELOPE;
-+		i2d_PKCS7_ISSUER_AND_SERIAL;
-+		i2d_PKCS7_RECIP_INFO;
-+		i2d_PKCS7_SIGNED;
-+		i2d_PKCS7_SIGNER_INFO;
-+		i2d_PKCS7_SIGN_ENVELOPE;
-+		i2d_PKCS7_bio;
-+		i2d_PKCS7_fp;
-+		i2d_PrivateKey;
-+		i2d_PublicKey;
-+		i2d_RSAPrivateKey;
-+		i2d_RSAPrivateKey_bio;
-+		i2d_RSAPrivateKey_fp;
-+		i2d_RSAPublicKey;
-+		i2d_X509;
-+		i2d_X509_ALGOR;
-+		i2d_X509_ATTRIBUTE;
-+		i2d_X509_CINF;
-+		i2d_X509_CRL;
-+		i2d_X509_CRL_INFO;
-+		i2d_X509_CRL_bio;
-+		i2d_X509_CRL_fp;
-+		i2d_X509_EXTENSION;
-+		i2d_X509_NAME;
-+		i2d_X509_NAME_ENTRY;
-+		i2d_X509_PKEY;
-+		i2d_X509_PUBKEY;
-+		i2d_X509_REQ;
-+		i2d_X509_REQ_INFO;
-+		i2d_X509_REQ_bio;
-+		i2d_X509_REQ_fp;
-+		i2d_X509_REVOKED;
-+		i2d_X509_SIG;
-+		i2d_X509_VAL;
-+		i2d_X509_bio;
-+		i2d_X509_fp;
-+		idea_cbc_encrypt;
-+		idea_cfb64_encrypt;
-+		idea_ecb_encrypt;
-+		idea_encrypt;
-+		idea_ofb64_encrypt;
-+		idea_options;
-+		idea_set_decrypt_key;
-+		idea_set_encrypt_key;
-+		lh_delete;
-+		lh_doall;
-+		lh_doall_arg;
-+		lh_free;
-+		lh_insert;
-+		lh_new;
-+		lh_node_stats;
-+		lh_node_stats_bio;
-+		lh_node_usage_stats;
-+		lh_node_usage_stats_bio;
-+		lh_retrieve;
-+		lh_stats;
-+		lh_stats_bio;
-+		lh_strhash;
-+		sk_delete;
-+		sk_delete_ptr;
-+		sk_dup;
-+		sk_find;
-+		sk_free;
-+		sk_insert;
-+		sk_new;
-+		sk_pop;
-+		sk_pop_free;
-+		sk_push;
-+		sk_set_cmp_func;
-+		sk_shift;
-+		sk_unshift;
-+		sk_zero;
-+		BIO_f_nbio_test;
-+		ASN1_TYPE_get;
-+		ASN1_TYPE_set;
-+		PKCS7_content_free;
-+		ERR_load_PKCS7_strings;
-+		X509_find_by_issuer_and_serial;
-+		X509_find_by_subject;
-+		PKCS7_ctrl;
-+		PKCS7_set_type;
-+		PKCS7_set_content;
-+		PKCS7_SIGNER_INFO_set;
-+		PKCS7_add_signer;
-+		PKCS7_add_certificate;
-+		PKCS7_add_crl;
-+		PKCS7_content_new;
-+		PKCS7_dataSign;
-+		PKCS7_dataVerify;
-+		PKCS7_dataInit;
-+		PKCS7_add_signature;
-+		PKCS7_cert_from_signer_info;
-+		PKCS7_get_signer_info;
-+		EVP_delete_alias;
-+		EVP_mdc2;
-+		PEM_read_bio_RSAPublicKey;
-+		PEM_write_bio_RSAPublicKey;
-+		d2i_RSAPublicKey_bio;
-+		i2d_RSAPublicKey_bio;
-+		PEM_read_RSAPublicKey;
-+		PEM_write_RSAPublicKey;
-+		d2i_RSAPublicKey_fp;
-+		i2d_RSAPublicKey_fp;
-+		BIO_copy_next_retry;
-+		RSA_flags;
-+		X509_STORE_add_crl;
-+		X509_load_crl_file;
-+		EVP_rc2_40_cbc;
-+		EVP_rc4_40;
-+		EVP_CIPHER_CTX_init;
-+		HMAC;
-+		HMAC_Init;
-+		HMAC_Update;
-+		HMAC_Final;
-+		ERR_get_next_error_library;
-+		EVP_PKEY_cmp_parameters;
-+		HMAC_cleanup;
-+		BIO_ptr_ctrl;
-+		BIO_new_file_internal;
-+		BIO_new_fp_internal;
-+		BIO_s_file_internal;
-+		BN_BLINDING_convert;
-+		BN_BLINDING_invert;
-+		BN_BLINDING_update;
-+		RSA_blinding_on;
-+		RSA_blinding_off;
-+		i2t_ASN1_OBJECT;
-+		BN_BLINDING_new;
-+		BN_BLINDING_free;
-+		EVP_cast5_cbc;
-+		EVP_cast5_cfb64;
-+		EVP_cast5_ecb;
-+		EVP_cast5_ofb;
-+		BF_decrypt;
-+		CAST_set_key;
-+		CAST_encrypt;
-+		CAST_decrypt;
-+		CAST_ecb_encrypt;
-+		CAST_cbc_encrypt;
-+		CAST_cfb64_encrypt;
-+		CAST_ofb64_encrypt;
-+		RC2_decrypt;
-+		OBJ_create_objects;
-+		BN_exp;
-+		BN_mul_word;
-+		BN_sub_word;
-+		BN_dec2bn;
-+		BN_bn2dec;
-+		BIO_ghbn_ctrl;
-+		CRYPTO_free_ex_data;
-+		CRYPTO_get_ex_data;
-+		CRYPTO_set_ex_data;
-+		ERR_load_CRYPTO_strings;
-+		ERR_load_CRYPTOlib_strings;
-+		EVP_PKEY_bits;
-+		MD5_Transform;
-+		SHA1_Transform;
-+		SHA_Transform;
-+		X509_STORE_CTX_get_chain;
-+		X509_STORE_CTX_get_current_cert;
-+		X509_STORE_CTX_get_error;
-+		X509_STORE_CTX_get_error_depth;
-+		X509_STORE_CTX_get_ex_data;
-+		X509_STORE_CTX_set_cert;
-+		X509_STORE_CTX_set_chain;
-+		X509_STORE_CTX_set_error;
-+		X509_STORE_CTX_set_ex_data;
-+		CRYPTO_dup_ex_data;
-+		CRYPTO_get_new_lockid;
-+		CRYPTO_new_ex_data;
-+		RSA_set_ex_data;
-+		RSA_get_ex_data;
-+		RSA_get_ex_new_index;
-+		RSA_padding_add_PKCS1_type_1;
-+		RSA_padding_add_PKCS1_type_2;
-+		RSA_padding_add_SSLv23;
-+		RSA_padding_add_none;
-+		RSA_padding_check_PKCS1_type_1;
-+		RSA_padding_check_PKCS1_type_2;
-+		RSA_padding_check_SSLv23;
-+		RSA_padding_check_none;
-+		bn_add_words;
-+		d2i_Netscape_RSA_2;
-+		CRYPTO_get_ex_new_index;
-+		RIPEMD160_Init;
-+		RIPEMD160_Update;
-+		RIPEMD160_Final;
-+		RIPEMD160;
-+		RIPEMD160_Transform;
-+		RC5_32_set_key;
-+		RC5_32_ecb_encrypt;
-+		RC5_32_encrypt;
-+		RC5_32_decrypt;
-+		RC5_32_cbc_encrypt;
-+		RC5_32_cfb64_encrypt;
-+		RC5_32_ofb64_encrypt;
-+		BN_bn2mpi;
-+		BN_mpi2bn;
-+		ASN1_BIT_STRING_get_bit;
-+		ASN1_BIT_STRING_set_bit;
-+		BIO_get_ex_data;
-+		BIO_get_ex_new_index;
-+		BIO_set_ex_data;
-+		X509v3_get_key_usage;
-+		X509v3_set_key_usage;
-+		a2i_X509v3_key_usage;
-+		i2a_X509v3_key_usage;
-+		EVP_PKEY_decrypt;
-+		EVP_PKEY_encrypt;
-+		PKCS7_RECIP_INFO_set;
-+		PKCS7_add_recipient;
-+		PKCS7_add_recipient_info;
-+		PKCS7_set_cipher;
-+		ASN1_TYPE_get_int_octetstring;
-+		ASN1_TYPE_get_octetstring;
-+		ASN1_TYPE_set_int_octetstring;
-+		ASN1_TYPE_set_octetstring;
-+		ASN1_UTCTIME_set_string;
-+		ERR_add_error_data;
-+		ERR_set_error_data;
-+		EVP_CIPHER_asn1_to_param;
-+		EVP_CIPHER_param_to_asn1;
-+		EVP_CIPHER_get_asn1_iv;
-+		EVP_CIPHER_set_asn1_iv;
-+		EVP_rc5_32_12_16_cbc;
-+		EVP_rc5_32_12_16_cfb64;
-+		EVP_rc5_32_12_16_ecb;
-+		EVP_rc5_32_12_16_ofb;
-+		asn1_add_error;
-+		d2i_ASN1_BMPSTRING;
-+		i2d_ASN1_BMPSTRING;
-+		BIO_f_ber;
-+		BN_init;
-+		COMP_CTX_new;
-+		COMP_CTX_free;
-+		COMP_CTX_compress_block;
-+		COMP_CTX_expand_block;
-+		X509_STORE_CTX_get_ex_new_index;
-+		OBJ_NAME_add;
-+		BIO_socket_nbio;
-+		EVP_rc2_64_cbc;
-+		OBJ_NAME_cleanup;
-+		OBJ_NAME_get;
-+		OBJ_NAME_init;
-+		OBJ_NAME_new_index;
-+		OBJ_NAME_remove;
-+		BN_MONT_CTX_copy;
-+		BIO_new_socks4a_connect;
-+		BIO_s_socks4a_connect;
-+		PROXY_set_connect_mode;
-+		RAND_SSLeay;
-+		RAND_set_rand_method;
-+		RSA_memory_lock;
-+		bn_sub_words;
-+		bn_mul_normal;
-+		bn_mul_comba8;
-+		bn_mul_comba4;
-+		bn_sqr_normal;
-+		bn_sqr_comba8;
-+		bn_sqr_comba4;
-+		bn_cmp_words;
-+		bn_mul_recursive;
-+		bn_mul_part_recursive;
-+		bn_sqr_recursive;
-+		bn_mul_low_normal;
-+		BN_RECP_CTX_init;
-+		BN_RECP_CTX_new;
-+		BN_RECP_CTX_free;
-+		BN_RECP_CTX_set;
-+		BN_mod_mul_reciprocal;
-+		BN_mod_exp_recp;
-+		BN_div_recp;
-+		BN_CTX_init;
-+		BN_MONT_CTX_init;
-+		RAND_get_rand_method;
-+		PKCS7_add_attribute;
-+		PKCS7_add_signed_attribute;
-+		PKCS7_digest_from_attributes;
-+		PKCS7_get_attribute;
-+		PKCS7_get_issuer_and_serial;
-+		PKCS7_get_signed_attribute;
-+		COMP_compress_block;
-+		COMP_expand_block;
-+		COMP_rle;
-+		COMP_zlib;
-+		ms_time_diff;
-+		ms_time_new;
-+		ms_time_free;
-+		ms_time_cmp;
-+		ms_time_get;
-+		PKCS7_set_attributes;
-+		PKCS7_set_signed_attributes;
-+		X509_ATTRIBUTE_create;
-+		X509_ATTRIBUTE_dup;
-+		ASN1_GENERALIZEDTIME_check;
-+		ASN1_GENERALIZEDTIME_print;
-+		ASN1_GENERALIZEDTIME_set;
-+		ASN1_GENERALIZEDTIME_set_string;
-+		ASN1_TIME_print;
-+		BASIC_CONSTRAINTS_free;
-+		BASIC_CONSTRAINTS_new;
-+		ERR_load_X509V3_strings;
-+		NETSCAPE_CERT_SEQUENCE_free;
-+		NETSCAPE_CERT_SEQUENCE_new;
-+		OBJ_txt2obj;
-+		PEM_read_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_NS_CERT_SEQ;
-+		PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_bio_NS_CERT_SEQ;
-+		PEM_write_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_NS_CERT_SEQ;
-+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_bio_NS_CERT_SEQ;
-+		X509V3_EXT_add;
-+		X509V3_EXT_add_alias;
-+		X509V3_EXT_add_conf;
-+		X509V3_EXT_cleanup;
-+		X509V3_EXT_conf;
-+		X509V3_EXT_conf_nid;
-+		X509V3_EXT_get;
-+		X509V3_EXT_get_nid;
-+		X509V3_EXT_print;
-+		X509V3_EXT_print_fp;
-+		X509V3_add_standard_extensions;
-+		X509V3_add_value;
-+		X509V3_add_value_bool;
-+		X509V3_add_value_int;
-+		X509V3_conf_free;
-+		X509V3_get_value_bool;
-+		X509V3_get_value_int;
-+		X509V3_parse_list;
-+		d2i_ASN1_GENERALIZEDTIME;
-+		d2i_ASN1_TIME;
-+		d2i_BASIC_CONSTRAINTS;
-+		d2i_NETSCAPE_CERT_SEQUENCE;
-+		d2i_ext_ku;
-+		ext_ku_free;
-+		ext_ku_new;
-+		i2d_ASN1_GENERALIZEDTIME;
-+		i2d_ASN1_TIME;
-+		i2d_BASIC_CONSTRAINTS;
-+		i2d_NETSCAPE_CERT_SEQUENCE;
-+		i2d_ext_ku;
-+		EVP_MD_CTX_copy;
-+		i2d_ASN1_ENUMERATED;
-+		d2i_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_set;
-+		ASN1_ENUMERATED_get;
-+		BN_to_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_to_BN;
-+		i2a_ASN1_ENUMERATED;
-+		a2i_ASN1_ENUMERATED;
-+		i2d_GENERAL_NAME;
-+		d2i_GENERAL_NAME;
-+		GENERAL_NAME_new;
-+		GENERAL_NAME_free;
-+		GENERAL_NAMES_new;
-+		GENERAL_NAMES_free;
-+		d2i_GENERAL_NAMES;
-+		i2d_GENERAL_NAMES;
-+		i2v_GENERAL_NAMES;
-+		i2s_ASN1_OCTET_STRING;
-+		s2i_ASN1_OCTET_STRING;
-+		X509V3_EXT_check_conf;
-+		hex_to_string;
-+		string_to_hex;
-+		DES_ede3_cbcm_encrypt;
-+		RSA_padding_add_PKCS1_OAEP;
-+		RSA_padding_check_PKCS1_OAEP;
-+		X509_CRL_print_fp;
-+		X509_CRL_print;
-+		i2v_GENERAL_NAME;
-+		v2i_GENERAL_NAME;
-+		i2d_PKEY_USAGE_PERIOD;
-+		d2i_PKEY_USAGE_PERIOD;
-+		PKEY_USAGE_PERIOD_new;
-+		PKEY_USAGE_PERIOD_free;
-+		v2i_GENERAL_NAMES;
-+		i2s_ASN1_INTEGER;
-+		X509V3_EXT_d2i;
-+		name_cmp;
-+		str_dup;
-+		i2s_ASN1_ENUMERATED;
-+		i2s_ASN1_ENUMERATED_TABLE;
-+		BIO_s_log;
-+		BIO_f_reliable;
-+		PKCS7_dataFinal;
-+		PKCS7_dataDecode;
-+		X509V3_EXT_CRL_add_conf;
-+		BN_set_params;
-+		BN_get_params;
-+		BIO_get_ex_num;
-+		BIO_set_ex_free_func;
-+		EVP_ripemd160;
-+		ASN1_TIME_set;
-+		i2d_AUTHORITY_KEYID;
-+		d2i_AUTHORITY_KEYID;
-+		AUTHORITY_KEYID_new;
-+		AUTHORITY_KEYID_free;
-+		ASN1_seq_unpack;
-+		ASN1_seq_pack;
-+		ASN1_unpack_string;
-+		ASN1_pack_string;
-+		PKCS12_pack_safebag;
-+		PKCS12_MAKE_KEYBAG;
-+		PKCS8_encrypt;
-+		PKCS12_MAKE_SHKEYBAG;
-+		PKCS12_pack_p7data;
-+		PKCS12_pack_p7encdata;
-+		PKCS12_add_localkeyid;
-+		PKCS12_add_friendlyname_asc;
-+		PKCS12_add_friendlyname_uni;
-+		PKCS12_get_friendlyname;
-+		PKCS12_pbe_crypt;
-+		PKCS12_decrypt_d2i;
-+		PKCS12_i2d_encrypt;
-+		PKCS12_init;
-+		PKCS12_key_gen_asc;
-+		PKCS12_key_gen_uni;
-+		PKCS12_gen_mac;
-+		PKCS12_verify_mac;
-+		PKCS12_set_mac;
-+		PKCS12_setup_mac;
-+		OPENSSL_asc2uni;
-+		OPENSSL_uni2asc;
-+		i2d_PKCS12_BAGS;
-+		PKCS12_BAGS_new;
-+		d2i_PKCS12_BAGS;
-+		PKCS12_BAGS_free;
-+		i2d_PKCS12;
-+		d2i_PKCS12;
-+		PKCS12_new;
-+		PKCS12_free;
-+		i2d_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_new;
-+		d2i_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_free;
-+		i2d_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_new;
-+		d2i_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_free;
-+		ERR_load_PKCS12_strings;
-+		PKCS12_PBE_add;
-+		PKCS8_add_keyusage;
-+		PKCS12_get_attr_gen;
-+		PKCS12_parse;
-+		PKCS12_create;
-+		i2d_PKCS12_bio;
-+		i2d_PKCS12_fp;
-+		d2i_PKCS12_bio;
-+		d2i_PKCS12_fp;
-+		i2d_PBEPARAM;
-+		PBEPARAM_new;
-+		d2i_PBEPARAM;
-+		PBEPARAM_free;
-+		i2d_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_new;
-+		d2i_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_free;
-+		EVP_PKCS82PKEY;
-+		EVP_PKEY2PKCS8;
-+		PKCS8_set_broken;
-+		EVP_PBE_ALGOR_CipherInit;
-+		EVP_PBE_alg_add;
-+		PKCS5_pbe_set;
-+		EVP_PBE_cleanup;
-+		i2d_SXNET;
-+		d2i_SXNET;
-+		SXNET_new;
-+		SXNET_free;
-+		i2d_SXNETID;
-+		d2i_SXNETID;
-+		SXNETID_new;
-+		SXNETID_free;
-+		DSA_SIG_new;
-+		DSA_SIG_free;
-+		DSA_do_sign;
-+		DSA_do_verify;
-+		d2i_DSA_SIG;
-+		i2d_DSA_SIG;
-+		i2d_ASN1_VISIBLESTRING;
-+		d2i_ASN1_VISIBLESTRING;
-+		i2d_ASN1_UTF8STRING;
-+		d2i_ASN1_UTF8STRING;
-+		i2d_DIRECTORYSTRING;
-+		d2i_DIRECTORYSTRING;
-+		i2d_DISPLAYTEXT;
-+		d2i_DISPLAYTEXT;
-+		d2i_ASN1_SET_OF_X509;
-+		i2d_ASN1_SET_OF_X509;
-+		i2d_PBKDF2PARAM;
-+		PBKDF2PARAM_new;
-+		d2i_PBKDF2PARAM;
-+		PBKDF2PARAM_free;
-+		i2d_PBE2PARAM;
-+		PBE2PARAM_new;
-+		d2i_PBE2PARAM;
-+		PBE2PARAM_free;
-+		d2i_ASN1_SET_OF_GENERAL_NAME;
-+		i2d_ASN1_SET_OF_GENERAL_NAME;
-+		d2i_ASN1_SET_OF_SXNETID;
-+		i2d_ASN1_SET_OF_SXNETID;
-+		d2i_ASN1_SET_OF_POLICYQUALINFO;
-+		i2d_ASN1_SET_OF_POLICYQUALINFO;
-+		d2i_ASN1_SET_OF_POLICYINFO;
-+		i2d_ASN1_SET_OF_POLICYINFO;
-+		SXNET_add_id_asc;
-+		SXNET_add_id_ulong;
-+		SXNET_add_id_INTEGER;
-+		SXNET_get_id_asc;
-+		SXNET_get_id_ulong;
-+		SXNET_get_id_INTEGER;
-+		X509V3_set_conf_lhash;
-+		i2d_CERTIFICATEPOLICIES;
-+		CERTIFICATEPOLICIES_new;
-+		CERTIFICATEPOLICIES_free;
-+		d2i_CERTIFICATEPOLICIES;
-+		i2d_POLICYINFO;
-+		POLICYINFO_new;
-+		d2i_POLICYINFO;
-+		POLICYINFO_free;
-+		i2d_POLICYQUALINFO;
-+		POLICYQUALINFO_new;
-+		d2i_POLICYQUALINFO;
-+		POLICYQUALINFO_free;
-+		i2d_USERNOTICE;
-+		USERNOTICE_new;
-+		d2i_USERNOTICE;
-+		USERNOTICE_free;
-+		i2d_NOTICEREF;
-+		NOTICEREF_new;
-+		d2i_NOTICEREF;
-+		NOTICEREF_free;
-+		X509V3_get_string;
-+		X509V3_get_section;
-+		X509V3_string_free;
-+		X509V3_section_free;
-+		X509V3_set_ctx;
-+		s2i_ASN1_INTEGER;
-+		CRYPTO_set_locked_mem_functions;
-+		CRYPTO_get_locked_mem_functions;
-+		CRYPTO_malloc_locked;
-+		CRYPTO_free_locked;
-+		BN_mod_exp2_mont;
-+		ERR_get_error_line_data;
-+		ERR_peek_error_line_data;
-+		PKCS12_PBE_keyivgen;
-+		X509_ALGOR_dup;
-+		d2i_ASN1_SET_OF_DIST_POINT;
-+		i2d_ASN1_SET_OF_DIST_POINT;
-+		i2d_CRL_DIST_POINTS;
-+		CRL_DIST_POINTS_new;
-+		CRL_DIST_POINTS_free;
-+		d2i_CRL_DIST_POINTS;
-+		i2d_DIST_POINT;
-+		DIST_POINT_new;
-+		d2i_DIST_POINT;
-+		DIST_POINT_free;
-+		i2d_DIST_POINT_NAME;
-+		DIST_POINT_NAME_new;
-+		DIST_POINT_NAME_free;
-+		d2i_DIST_POINT_NAME;
-+		X509V3_add_value_uchar;
-+		d2i_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_ASN1_TYPE;
-+		d2i_ASN1_SET_OF_X509_EXTENSION;
-+		d2i_ASN1_SET_OF_X509_NAME_ENTRY;
-+		d2i_ASN1_SET_OF_ASN1_TYPE;
-+		i2d_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_X509_EXTENSION;
-+		i2d_ASN1_SET_OF_X509_NAME_ENTRY;
-+		X509V3_EXT_i2d;
-+		X509V3_EXT_val_prn;
-+		X509V3_EXT_add_list;
-+		EVP_CIPHER_type;
-+		EVP_PBE_CipherInit;
-+		X509V3_add_value_bool_nf;
-+		d2i_ASN1_UINTEGER;
-+		sk_value;
-+		sk_num;
-+		sk_set;
-+		i2d_ASN1_SET_OF_X509_REVOKED;
-+		sk_sort;
-+		d2i_ASN1_SET_OF_X509_REVOKED;
-+		i2d_ASN1_SET_OF_X509_ALGOR;
-+		i2d_ASN1_SET_OF_X509_CRL;
-+		d2i_ASN1_SET_OF_X509_ALGOR;
-+		d2i_ASN1_SET_OF_X509_CRL;
-+		i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		PKCS5_PBE_add;
-+		PEM_write_bio_PKCS8;
-+		i2d_PKCS8_fp;
-+		PEM_read_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_bio_P8_PRIV_KEY_INFO;
-+		d2i_PKCS8_bio;
-+		d2i_PKCS8_PRIV_KEY_INFO_fp;
-+		PEM_write_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_bio_P8_PRIV_KEY_INFO;
-+		PEM_read_PKCS8;
-+		d2i_PKCS8_PRIV_KEY_INFO_bio;
-+		d2i_PKCS8_fp;
-+		PEM_write_PKCS8;
-+		PEM_read_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_P8_PRIV_KEY_INFO;
-+		PEM_read_bio_PKCS8;
-+		PEM_write_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_P8_PRIV_KEY_INFO;
-+		PKCS5_PBE_keyivgen;
-+		i2d_PKCS8_bio;
-+		i2d_PKCS8_PRIV_KEY_INFO_fp;
-+		i2d_PKCS8_PRIV_KEY_INFO_bio;
-+		BIO_s_bio;
-+		PKCS5_pbe2_set;
-+		PKCS5_PBKDF2_HMAC_SHA1;
-+		PKCS5_v2_PBE_keyivgen;
-+		PEM_write_bio_PKCS8PrivateKey;
-+		PEM_write_PKCS8PrivateKey;
-+		BIO_ctrl_get_read_request;
-+		BIO_ctrl_pending;
-+		BIO_ctrl_wpending;
-+		BIO_new_bio_pair;
-+		BIO_ctrl_get_write_guarantee;
-+		CRYPTO_num_locks;
-+		CONF_load_bio;
-+		CONF_load_fp;
-+		i2d_ASN1_SET_OF_ASN1_OBJECT;
-+		d2i_ASN1_SET_OF_ASN1_OBJECT;
-+		PKCS7_signatureVerify;
-+		RSA_set_method;
-+		RSA_get_method;
-+		RSA_get_default_method;
-+		RSA_check_key;
-+		OBJ_obj2txt;
-+		DSA_dup_DH;
-+		X509_REQ_get_extensions;
-+		X509_REQ_set_extension_nids;
-+		BIO_nwrite;
-+		X509_REQ_extension_nid;
-+		BIO_nread;
-+		X509_REQ_get_extension_nids;
-+		BIO_nwrite0;
-+		X509_REQ_add_extensions_nid;
-+		BIO_nread0;
-+		X509_REQ_add_extensions;
-+		BIO_new_mem_buf;
-+		DH_set_ex_data;
-+		DH_set_method;
-+		DSA_OpenSSL;
-+		DH_get_ex_data;
-+		DH_get_ex_new_index;
-+		DSA_new_method;
-+		DH_new_method;
-+		DH_OpenSSL;
-+		DSA_get_ex_new_index;
-+		DH_get_default_method;
-+		DSA_set_ex_data;
-+		DH_set_default_method;
-+		DSA_get_ex_data;
-+		X509V3_EXT_REQ_add_conf;
-+		NETSCAPE_SPKI_print;
-+		NETSCAPE_SPKI_set_pubkey;
-+		NETSCAPE_SPKI_b64_encode;
-+		NETSCAPE_SPKI_get_pubkey;
-+		NETSCAPE_SPKI_b64_decode;
-+		UTF8_putc;
-+		UTF8_getc;
-+		RSA_null_method;
-+		ASN1_tag2str;
-+		BIO_ctrl_reset_read_request;
-+		DISPLAYTEXT_new;
-+		ASN1_GENERALIZEDTIME_free;
-+		X509_REVOKED_get_ext_d2i;
-+		X509_set_ex_data;
-+		X509_reject_set_bit_asc;
-+		X509_NAME_add_entry_by_txt;
-+		X509_NAME_add_entry_by_NID;
-+		X509_PURPOSE_get0;
-+		PEM_read_X509_AUX;
-+		d2i_AUTHORITY_INFO_ACCESS;
-+		PEM_write_PUBKEY;
-+		ACCESS_DESCRIPTION_new;
-+		X509_CERT_AUX_free;
-+		d2i_ACCESS_DESCRIPTION;
-+		X509_trust_clear;
-+		X509_TRUST_add;
-+		ASN1_VISIBLESTRING_new;
-+		X509_alias_set1;
-+		ASN1_PRINTABLESTRING_free;
-+		EVP_PKEY_get1_DSA;
-+		ASN1_BMPSTRING_new;
-+		ASN1_mbstring_copy;
-+		ASN1_UTF8STRING_new;
-+		DSA_get_default_method;
-+		i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_T61STRING_free;
-+		DSA_set_method;
-+		X509_get_ex_data;
-+		ASN1_STRING_type;
-+		X509_PURPOSE_get_by_sname;
-+		ASN1_TIME_free;
-+		ASN1_OCTET_STRING_cmp;
-+		ASN1_BIT_STRING_new;
-+		X509_get_ext_d2i;
-+		PEM_read_bio_X509_AUX;
-+		ASN1_STRING_set_default_mask_asc;
-+		ASN1_STRING_set_def_mask_asc;
-+		PEM_write_bio_RSA_PUBKEY;
-+		ASN1_INTEGER_cmp;
-+		d2i_RSA_PUBKEY_fp;
-+		X509_trust_set_bit_asc;
-+		PEM_write_bio_DSA_PUBKEY;
-+		X509_STORE_CTX_free;
-+		EVP_PKEY_set1_DSA;
-+		i2d_DSA_PUBKEY_fp;
-+		X509_load_cert_crl_file;
-+		ASN1_TIME_new;
-+		i2d_RSA_PUBKEY;
-+		X509_STORE_CTX_purpose_inherit;
-+		PEM_read_RSA_PUBKEY;
-+		d2i_X509_AUX;
-+		i2d_DSA_PUBKEY;
-+		X509_CERT_AUX_print;
-+		PEM_read_DSA_PUBKEY;
-+		i2d_RSA_PUBKEY_bio;
-+		ASN1_BIT_STRING_num_asc;
-+		i2d_PUBKEY;
-+		ASN1_UTCTIME_free;
-+		DSA_set_default_method;
-+		X509_PURPOSE_get_by_id;
-+		ACCESS_DESCRIPTION_free;
-+		PEM_read_bio_PUBKEY;
-+		ASN1_STRING_set_by_NID;
-+		X509_PURPOSE_get_id;
-+		DISPLAYTEXT_free;
-+		OTHERNAME_new;
-+		X509_CERT_AUX_new;
-+		X509_TRUST_cleanup;
-+		X509_NAME_add_entry_by_OBJ;
-+		X509_CRL_get_ext_d2i;
-+		X509_PURPOSE_get0_name;
-+		PEM_read_PUBKEY;
-+		i2d_DSA_PUBKEY_bio;
-+		i2d_OTHERNAME;
-+		ASN1_OCTET_STRING_free;
-+		ASN1_BIT_STRING_set_asc;
-+		X509_get_ex_new_index;
-+		ASN1_STRING_TABLE_cleanup;
-+		X509_TRUST_get_by_id;
-+		X509_PURPOSE_get_trust;
-+		ASN1_STRING_length;
-+		d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_PRINTABLESTRING_new;
-+		X509V3_get_d2i;
-+		ASN1_ENUMERATED_free;
-+		i2d_X509_CERT_AUX;
-+		X509_STORE_CTX_set_trust;
-+		ASN1_STRING_set_default_mask;
-+		X509_STORE_CTX_new;
-+		EVP_PKEY_get1_RSA;
-+		DIRECTORYSTRING_free;
-+		PEM_write_X509_AUX;
-+		ASN1_OCTET_STRING_set;
-+		d2i_DSA_PUBKEY_fp;
-+		d2i_RSA_PUBKEY;
-+		X509_TRUST_get0_name;
-+		X509_TRUST_get0;
-+		AUTHORITY_INFO_ACCESS_free;
-+		ASN1_IA5STRING_new;
-+		d2i_DSA_PUBKEY;
-+		X509_check_purpose;
-+		ASN1_ENUMERATED_new;
-+		d2i_RSA_PUBKEY_bio;
-+		d2i_PUBKEY;
-+		X509_TRUST_get_trust;
-+		X509_TRUST_get_flags;
-+		ASN1_BMPSTRING_free;
-+		ASN1_T61STRING_new;
-+		ASN1_UTCTIME_new;
-+		i2d_AUTHORITY_INFO_ACCESS;
-+		EVP_PKEY_set1_RSA;
-+		X509_STORE_CTX_set_purpose;
-+		ASN1_IA5STRING_free;
-+		PEM_write_bio_X509_AUX;
-+		X509_PURPOSE_get_count;
-+		CRYPTO_add_info;
-+		X509_NAME_ENTRY_create_by_txt;
-+		ASN1_STRING_get_default_mask;
-+		X509_alias_get0;
-+		ASN1_STRING_data;
-+		i2d_ACCESS_DESCRIPTION;
-+		X509_trust_set_bit;
-+		ASN1_BIT_STRING_free;
-+		PEM_read_bio_RSA_PUBKEY;
-+		X509_add1_reject_object;
-+		X509_check_trust;
-+		PEM_read_bio_DSA_PUBKEY;
-+		X509_PURPOSE_add;
-+		ASN1_STRING_TABLE_get;
-+		ASN1_UTF8STRING_free;
-+		d2i_DSA_PUBKEY_bio;
-+		PEM_write_RSA_PUBKEY;
-+		d2i_OTHERNAME;
-+		X509_reject_set_bit;
-+		PEM_write_DSA_PUBKEY;
-+		X509_PURPOSE_get0_sname;
-+		EVP_PKEY_set1_DH;
-+		ASN1_OCTET_STRING_dup;
-+		ASN1_BIT_STRING_set;
-+		X509_TRUST_get_count;
-+		ASN1_INTEGER_free;
-+		OTHERNAME_free;
-+		i2d_RSA_PUBKEY_fp;
-+		ASN1_INTEGER_dup;
-+		d2i_X509_CERT_AUX;
-+		PEM_write_bio_PUBKEY;
-+		ASN1_VISIBLESTRING_free;
-+		X509_PURPOSE_cleanup;
-+		ASN1_mbstring_ncopy;
-+		ASN1_GENERALIZEDTIME_new;
-+		EVP_PKEY_get1_DH;
-+		ASN1_OCTET_STRING_new;
-+		ASN1_INTEGER_new;
-+		i2d_X509_AUX;
-+		ASN1_BIT_STRING_name_print;
-+		X509_cmp;
-+		ASN1_STRING_length_set;
-+		DIRECTORYSTRING_new;
-+		X509_add1_trust_object;
-+		PKCS12_newpass;
-+		SMIME_write_PKCS7;
-+		SMIME_read_PKCS7;
-+		DES_set_key_checked;
-+		PKCS7_verify;
-+		PKCS7_encrypt;
-+		DES_set_key_unchecked;
-+		SMIME_crlf_copy;
-+		i2d_ASN1_PRINTABLESTRING;
-+		PKCS7_get0_signers;
-+		PKCS7_decrypt;
-+		SMIME_text;
-+		PKCS7_simple_smimecap;
-+		PKCS7_get_smimecap;
-+		PKCS7_sign;
-+		PKCS7_add_attrib_smimecap;
-+		CRYPTO_dbg_set_options;
-+		CRYPTO_remove_all_info;
-+		CRYPTO_get_mem_debug_functions;
-+		CRYPTO_is_mem_check_on;
-+		CRYPTO_set_mem_debug_functions;
-+		CRYPTO_pop_info;
-+		CRYPTO_push_info_;
-+		CRYPTO_set_mem_debug_options;
-+		PEM_write_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivKey_nid;
-+		d2i_PKCS8PrivateKey_bio;
-+		ASN1_NULL_free;
-+		d2i_ASN1_NULL;
-+		ASN1_NULL_new;
-+		i2d_PKCS8PrivateKey_bio;
-+		i2d_PKCS8PrivateKey_fp;
-+		i2d_ASN1_NULL;
-+		i2d_PKCS8PrivateKey_nid_fp;
-+		d2i_PKCS8PrivateKey_fp;
-+		i2d_PKCS8PrivateKey_nid_bio;
-+		i2d_PKCS8PrivateKeyInfo_fp;
-+		i2d_PKCS8PrivateKeyInfo_bio;
-+		PEM_cb;
-+		i2d_PrivateKey_fp;
-+		d2i_PrivateKey_bio;
-+		d2i_PrivateKey_fp;
-+		i2d_PrivateKey_bio;
-+		X509_reject_clear;
-+		X509_TRUST_set_default;
-+		d2i_AutoPrivateKey;
-+		X509_ATTRIBUTE_get0_type;
-+		X509_ATTRIBUTE_set1_data;
-+		X509at_get_attr;
-+		X509at_get_attr_count;
-+		X509_ATTRIBUTE_create_by_NID;
-+		X509_ATTRIBUTE_set1_object;
-+		X509_ATTRIBUTE_count;
-+		X509_ATTRIBUTE_create_by_OBJ;
-+		X509_ATTRIBUTE_get0_object;
-+		X509at_get_attr_by_NID;
-+		X509at_add1_attr;
-+		X509_ATTRIBUTE_get0_data;
-+		X509at_delete_attr;
-+		X509at_get_attr_by_OBJ;
-+		RAND_add;
-+		BIO_number_written;
-+		BIO_number_read;
-+		X509_STORE_CTX_get1_chain;
-+		ERR_load_RAND_strings;
-+		RAND_pseudo_bytes;
-+		X509_REQ_get_attr_by_NID;
-+		X509_REQ_get_attr;
-+		X509_REQ_add1_attr_by_NID;
-+		X509_REQ_get_attr_by_OBJ;
-+		X509at_add1_attr_by_NID;
-+		X509_REQ_add1_attr_by_OBJ;
-+		X509_REQ_get_attr_count;
-+		X509_REQ_add1_attr;
-+		X509_REQ_delete_attr;
-+		X509at_add1_attr_by_OBJ;
-+		X509_REQ_add1_attr_by_txt;
-+		X509_ATTRIBUTE_create_by_txt;
-+		X509at_add1_attr_by_txt;
-+		BN_pseudo_rand;
-+		BN_is_prime_fasttest;
-+		BN_CTX_end;
-+		BN_CTX_start;
-+		BN_CTX_get;
-+		EVP_PKEY2PKCS8_broken;
-+		ASN1_STRING_TABLE_add;
-+		CRYPTO_dbg_get_options;
-+		AUTHORITY_INFO_ACCESS_new;
-+		CRYPTO_get_mem_debug_options;
-+		DES_crypt;
-+		PEM_write_bio_X509_REQ_NEW;
-+		PEM_write_X509_REQ_NEW;
-+		BIO_callback_ctrl;
-+		RAND_egd;
-+		RAND_status;
-+		bn_dump1;
-+		DES_check_key_parity;
-+		lh_num_items;
-+		RAND_event;
-+		DSO_new;
-+		DSO_new_method;
-+		DSO_free;
-+		DSO_flags;
-+		DSO_up;
-+		DSO_set_default_method;
-+		DSO_get_default_method;
-+		DSO_get_method;
-+		DSO_set_method;
-+		DSO_load;
-+		DSO_bind_var;
-+		DSO_METHOD_null;
-+		DSO_METHOD_openssl;
-+		DSO_METHOD_dlfcn;
-+		DSO_METHOD_win32;
-+		ERR_load_DSO_strings;
-+		DSO_METHOD_dl;
-+		NCONF_load;
-+		NCONF_load_fp;
-+		NCONF_new;
-+		NCONF_get_string;
-+		NCONF_free;
-+		NCONF_get_number;
-+		CONF_dump_fp;
-+		NCONF_load_bio;
-+		NCONF_dump_fp;
-+		NCONF_get_section;
-+		NCONF_dump_bio;
-+		CONF_dump_bio;
-+		NCONF_free_data;
-+		CONF_set_default_method;
-+		ERR_error_string_n;
-+		BIO_snprintf;
-+		DSO_ctrl;
-+		i2d_ASN1_SET_OF_ASN1_INTEGER;
-+		i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		i2d_ASN1_SET_OF_PKCS7;
-+		BIO_vfree;
-+		d2i_ASN1_SET_OF_ASN1_INTEGER;
-+		d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		ASN1_UTCTIME_get;
-+		X509_REQ_digest;
-+		X509_CRL_digest;
-+		d2i_ASN1_SET_OF_PKCS7;
-+		EVP_CIPHER_CTX_set_key_length;
-+		EVP_CIPHER_CTX_ctrl;
-+		BN_mod_exp_mont_word;
-+		RAND_egd_bytes;
-+		X509_REQ_get1_email;
-+		X509_get1_email;
-+		X509_email_free;
-+		i2d_RSA_NET;
-+		d2i_RSA_NET_2;
-+		d2i_RSA_NET;
-+		DSO_bind_func;
-+		CRYPTO_get_new_dynlockid;
-+		sk_new_null;
-+		CRYPTO_set_dynlock_destroy_callback;
-+		CRYPTO_set_dynlock_destroy_cb;
-+		CRYPTO_destroy_dynlockid;
-+		CRYPTO_set_dynlock_size;
-+		CRYPTO_set_dynlock_create_callback;
-+		CRYPTO_set_dynlock_create_cb;
-+		CRYPTO_set_dynlock_lock_callback;
-+		CRYPTO_set_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_lock_callback;
-+		CRYPTO_get_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_destroy_callback;
-+		CRYPTO_get_dynlock_destroy_cb;
-+		CRYPTO_get_dynlock_value;
-+		CRYPTO_get_dynlock_create_callback;
-+		CRYPTO_get_dynlock_create_cb;
-+		c2i_ASN1_BIT_STRING;
-+		i2c_ASN1_BIT_STRING;
-+		RAND_poll;
-+		c2i_ASN1_INTEGER;
-+		i2c_ASN1_INTEGER;
-+		BIO_dump_indent;
-+		ASN1_parse_dump;
-+		c2i_ASN1_OBJECT;
-+		X509_NAME_print_ex_fp;
-+		ASN1_STRING_print_ex_fp;
-+		X509_NAME_print_ex;
-+		ASN1_STRING_print_ex;
-+		MD4;
-+		MD4_Transform;
-+		MD4_Final;
-+		MD4_Update;
-+		MD4_Init;
-+		EVP_md4;
-+		i2d_PUBKEY_bio;
-+		i2d_PUBKEY_fp;
-+		d2i_PUBKEY_bio;
-+		ASN1_STRING_to_UTF8;
-+		BIO_vprintf;
-+		BIO_vsnprintf;
-+		d2i_PUBKEY_fp;
-+		X509_cmp_time;
-+		X509_STORE_CTX_set_time;
-+		X509_STORE_CTX_get1_issuer;
-+		X509_OBJECT_retrieve_match;
-+		X509_OBJECT_idx_by_subject;
-+		X509_STORE_CTX_set_flags;
-+		X509_STORE_CTX_trusted_stack;
-+		X509_time_adj;
-+		X509_check_issued;
-+		ASN1_UTCTIME_cmp_time_t;
-+		DES_set_weak_key_flag;
-+		DES_check_key;
-+		DES_rw_mode;
-+		RSA_PKCS1_RSAref;
-+		X509_keyid_set1;
-+		BIO_next;
-+		DSO_METHOD_vms;
-+		BIO_f_linebuffer;
-+		BN_bntest_rand;
-+		OPENSSL_issetugid;
-+		BN_rand_range;
-+		ERR_load_ENGINE_strings;
-+		ENGINE_set_DSA;
-+		ENGINE_get_finish_function;
-+		ENGINE_get_default_RSA;
-+		ENGINE_get_BN_mod_exp;
-+		DSA_get_default_openssl_method;
-+		ENGINE_set_DH;
-+		ENGINE_set_def_BN_mod_exp_crt;
-+		ENGINE_set_default_BN_mod_exp_crt;
-+		ENGINE_init;
-+		DH_get_default_openssl_method;
-+		RSA_set_default_openssl_method;
-+		ENGINE_finish;
-+		ENGINE_load_public_key;
-+		ENGINE_get_DH;
-+		ENGINE_ctrl;
-+		ENGINE_get_init_function;
-+		ENGINE_set_init_function;
-+		ENGINE_set_default_DSA;
-+		ENGINE_get_name;
-+		ENGINE_get_last;
-+		ENGINE_get_prev;
-+		ENGINE_get_default_DH;
-+		ENGINE_get_RSA;
-+		ENGINE_set_default;
-+		ENGINE_get_RAND;
-+		ENGINE_get_first;
-+		ENGINE_by_id;
-+		ENGINE_set_finish_function;
-+		ENGINE_get_def_BN_mod_exp_crt;
-+		ENGINE_get_default_BN_mod_exp_crt;
-+		RSA_get_default_openssl_method;
-+		ENGINE_set_RSA;
-+		ENGINE_load_private_key;
-+		ENGINE_set_default_RAND;
-+		ENGINE_set_BN_mod_exp;
-+		ENGINE_remove;
-+		ENGINE_free;
-+		ENGINE_get_BN_mod_exp_crt;
-+		ENGINE_get_next;
-+		ENGINE_set_name;
-+		ENGINE_get_default_DSA;
-+		ENGINE_set_default_BN_mod_exp;
-+		ENGINE_set_default_RSA;
-+		ENGINE_get_default_RAND;
-+		ENGINE_get_default_BN_mod_exp;
-+		ENGINE_set_RAND;
-+		ENGINE_set_id;
-+		ENGINE_set_BN_mod_exp_crt;
-+		ENGINE_set_default_DH;
-+		ENGINE_new;
-+		ENGINE_get_id;
-+		DSA_set_default_openssl_method;
-+		ENGINE_add;
-+		DH_set_default_openssl_method;
-+		ENGINE_get_DSA;
-+		ENGINE_get_ctrl_function;
-+		ENGINE_set_ctrl_function;
-+		BN_pseudo_rand_range;
-+		X509_STORE_CTX_set_verify_cb;
-+		ERR_load_COMP_strings;
-+		PKCS12_item_decrypt_d2i;
-+		ASN1_UTF8STRING_it;
-+		ENGINE_unregister_ciphers;
-+		ENGINE_get_ciphers;
-+		d2i_OCSP_BASICRESP;
-+		KRB5_CHECKSUM_it;
-+		EC_POINT_add;
-+		ASN1_item_ex_i2d;
-+		OCSP_CERTID_it;
-+		d2i_OCSP_RESPBYTES;
-+		X509V3_add1_i2d;
-+		PKCS7_ENVELOPE_it;
-+		UI_add_input_boolean;
-+		ENGINE_unregister_RSA;
-+		X509V3_EXT_nconf;
-+		ASN1_GENERALSTRING_free;
-+		d2i_OCSP_CERTSTATUS;
-+		X509_REVOKED_set_serialNumber;
-+		X509_print_ex;
-+		OCSP_ONEREQ_get1_ext_d2i;
-+		ENGINE_register_all_RAND;
-+		ENGINE_load_dynamic;
-+		PBKDF2PARAM_it;
-+		EXTENDED_KEY_USAGE_new;
-+		EC_GROUP_clear_free;
-+		OCSP_sendreq_bio;
-+		ASN1_item_digest;
-+		OCSP_BASICRESP_delete_ext;
-+		OCSP_SIGNATURE_it;
-+		X509_CRL_it;
-+		OCSP_BASICRESP_add_ext;
-+		KRB5_ENCKEY_it;
-+		UI_method_set_closer;
-+		X509_STORE_set_purpose;
-+		i2d_ASN1_GENERALSTRING;
-+		OCSP_response_status;
-+		i2d_OCSP_SERVICELOC;
-+		ENGINE_get_digest_engine;
-+		EC_GROUP_set_curve_GFp;
-+		OCSP_REQUEST_get_ext_by_OBJ;
-+		_ossl_old_des_random_key;
-+		ASN1_T61STRING_it;
-+		EC_GROUP_method_of;
-+		i2d_KRB5_APREQ;
-+		_ossl_old_des_encrypt;
-+		ASN1_PRINTABLE_new;
-+		HMAC_Init_ex;
-+		d2i_KRB5_AUTHENT;
-+		OCSP_archive_cutoff_new;
-+		EC_POINT_set_Jprojective_coordinates_GFp;
-+		EC_POINT_set_Jproj_coords_GFp;
-+		_ossl_old_des_is_weak_key;
-+		OCSP_BASICRESP_get_ext_by_OBJ;
-+		EC_POINT_oct2point;
-+		OCSP_SINGLERESP_get_ext_count;
-+		UI_ctrl;
-+		_shadow_DES_rw_mode;
-+		asn1_do_adb;
-+		ASN1_template_i2d;
-+		ENGINE_register_DH;
-+		UI_construct_prompt;
-+		X509_STORE_set_trust;
-+		UI_dup_input_string;
-+		d2i_KRB5_APREQ;
-+		EVP_MD_CTX_copy_ex;
-+		OCSP_request_is_signed;
-+		i2d_OCSP_REQINFO;
-+		KRB5_ENCKEY_free;
-+		OCSP_resp_get0;
-+		GENERAL_NAME_it;
-+		ASN1_GENERALIZEDTIME_it;
-+		X509_STORE_set_flags;
-+		EC_POINT_set_compressed_coordinates_GFp;
-+		EC_POINT_set_compr_coords_GFp;
-+		OCSP_response_status_str;
-+		d2i_OCSP_REVOKEDINFO;
-+		OCSP_basic_add1_cert;
-+		ERR_get_implementation;
-+		EVP_CipherFinal_ex;
-+		OCSP_CERTSTATUS_new;
-+		CRYPTO_cleanup_all_ex_data;
-+		OCSP_resp_find;
-+		BN_nnmod;
-+		X509_CRL_sort;
-+		X509_REVOKED_set_revocationDate;
-+		ENGINE_register_RAND;
-+		OCSP_SERVICELOC_new;
-+		EC_POINT_set_affine_coordinates_GFp;
-+		EC_POINT_set_affine_coords_GFp;
-+		_ossl_old_des_options;
-+		SXNET_it;
-+		UI_dup_input_boolean;
-+		PKCS12_add_CSPName_asc;
-+		EC_POINT_is_at_infinity;
-+		ENGINE_load_cryptodev;
-+		DSO_convert_filename;
-+		POLICYQUALINFO_it;
-+		ENGINE_register_ciphers;
-+		BN_mod_lshift_quick;
-+		DSO_set_filename;
-+		ASN1_item_free;
-+		KRB5_TKTBODY_free;
-+		AUTHORITY_KEYID_it;
-+		KRB5_APREQBODY_new;
-+		X509V3_EXT_REQ_add_nconf;
-+		ENGINE_ctrl_cmd_string;
-+		i2d_OCSP_RESPDATA;
-+		EVP_MD_CTX_init;
-+		EXTENDED_KEY_USAGE_free;
-+		PKCS7_ATTR_SIGN_it;
-+		UI_add_error_string;
-+		KRB5_CHECKSUM_free;
-+		OCSP_REQUEST_get_ext;
-+		ENGINE_load_ubsec;
-+		ENGINE_register_all_digests;
-+		PKEY_USAGE_PERIOD_it;
-+		PKCS12_unpack_authsafes;
-+		ASN1_item_unpack;
-+		NETSCAPE_SPKAC_it;
-+		X509_REVOKED_it;
-+		ASN1_STRING_encode;
-+		EVP_aes_128_ecb;
-+		KRB5_AUTHENT_free;
-+		OCSP_BASICRESP_get_ext_by_critical;
-+		OCSP_BASICRESP_get_ext_by_crit;
-+		OCSP_cert_status_str;
-+		d2i_OCSP_REQUEST;
-+		UI_dup_info_string;
-+		_ossl_old_des_xwhite_in2out;
-+		PKCS12_it;
-+		OCSP_SINGLERESP_get_ext_by_critical;
-+		OCSP_SINGLERESP_get_ext_by_crit;
-+		OCSP_CERTSTATUS_free;
-+		_ossl_old_des_crypt;
-+		ASN1_item_i2d;
-+		EVP_DecryptFinal_ex;
-+		ENGINE_load_openssl;
-+		ENGINE_get_cmd_defns;
-+		ENGINE_set_load_privkey_function;
-+		ENGINE_set_load_privkey_fn;
-+		EVP_EncryptFinal_ex;
-+		ENGINE_set_default_digests;
-+		X509_get0_pubkey_bitstr;
-+		asn1_ex_i2c;
-+		ENGINE_register_RSA;
-+		ENGINE_unregister_DSA;
-+		_ossl_old_des_key_sched;
-+		X509_EXTENSION_it;
-+		i2d_KRB5_AUTHENT;
-+		SXNETID_it;
-+		d2i_OCSP_SINGLERESP;
-+		EDIPARTYNAME_new;
-+		PKCS12_certbag2x509;
-+		_ossl_old_des_ofb64_encrypt;
-+		d2i_EXTENDED_KEY_USAGE;
-+		ERR_print_errors_cb;
-+		ENGINE_set_ciphers;
-+		d2i_KRB5_APREQBODY;
-+		UI_method_get_flusher;
-+		X509_PUBKEY_it;
-+		_ossl_old_des_enc_read;
-+		PKCS7_ENCRYPT_it;
-+		i2d_OCSP_RESPONSE;
-+		EC_GROUP_get_cofactor;
-+		PKCS12_unpack_p7data;
-+		d2i_KRB5_AUTHDATA;
-+		OCSP_copy_nonce;
-+		KRB5_AUTHDATA_new;
-+		OCSP_RESPDATA_new;
-+		EC_GFp_mont_method;
-+		OCSP_REVOKEDINFO_free;
-+		UI_get_ex_data;
-+		KRB5_APREQBODY_free;
-+		EC_GROUP_get0_generator;
-+		UI_get_default_method;
-+		X509V3_set_nconf;
-+		PKCS12_item_i2d_encrypt;
-+		X509_add1_ext_i2d;
-+		PKCS7_SIGNER_INFO_it;
-+		KRB5_PRINCNAME_new;
-+		PKCS12_SAFEBAG_it;
-+		EC_GROUP_get_order;
-+		d2i_OCSP_RESPID;
-+		OCSP_request_verify;
-+		NCONF_get_number_e;
-+		_ossl_old_des_decrypt3;
-+		X509_signature_print;
-+		OCSP_SINGLERESP_free;
-+		ENGINE_load_builtin_engines;
-+		i2d_OCSP_ONEREQ;
-+		OCSP_REQUEST_add_ext;
-+		OCSP_RESPBYTES_new;
-+		EVP_MD_CTX_create;
-+		OCSP_resp_find_status;
-+		X509_ALGOR_it;
-+		ASN1_TIME_it;
-+		OCSP_request_set1_name;
-+		OCSP_ONEREQ_get_ext_count;
-+		UI_get0_result;
-+		PKCS12_AUTHSAFES_it;
-+		EVP_aes_256_ecb;
-+		PKCS12_pack_authsafes;
-+		ASN1_IA5STRING_it;
-+		UI_get_input_flags;
-+		EC_GROUP_set_generator;
-+		_ossl_old_des_string_to_2keys;
-+		OCSP_CERTID_free;
-+		X509_CERT_AUX_it;
-+		CERTIFICATEPOLICIES_it;
-+		_ossl_old_des_ede3_cbc_encrypt;
-+		RAND_set_rand_engine;
-+		DSO_get_loaded_filename;
-+		X509_ATTRIBUTE_it;
-+		OCSP_ONEREQ_get_ext_by_NID;
-+		PKCS12_decrypt_skey;
-+		KRB5_AUTHENT_it;
-+		UI_dup_error_string;
-+		RSAPublicKey_it;
-+		i2d_OCSP_REQUEST;
-+		PKCS12_x509crl2certbag;
-+		OCSP_SERVICELOC_it;
-+		ASN1_item_sign;
-+		X509_CRL_set_issuer_name;
-+		OBJ_NAME_do_all_sorted;
-+		i2d_OCSP_BASICRESP;
-+		i2d_OCSP_RESPBYTES;
-+		PKCS12_unpack_p7encdata;
-+		HMAC_CTX_init;
-+		ENGINE_get_digest;
-+		OCSP_RESPONSE_print;
-+		KRB5_TKTBODY_it;
-+		ACCESS_DESCRIPTION_it;
-+		PKCS7_ISSUER_AND_SERIAL_it;
-+		PBE2PARAM_it;
-+		PKCS12_certbag2x509crl;
-+		PKCS7_SIGNED_it;
-+		ENGINE_get_cipher;
-+		i2d_OCSP_CRLID;
-+		OCSP_SINGLERESP_new;
-+		ENGINE_cmd_is_executable;
-+		RSA_up_ref;
-+		ASN1_GENERALSTRING_it;
-+		ENGINE_register_DSA;
-+		X509V3_EXT_add_nconf_sk;
-+		ENGINE_set_load_pubkey_function;
-+		PKCS8_decrypt;
-+		PEM_bytes_read_bio;
-+		DIRECTORYSTRING_it;
-+		d2i_OCSP_CRLID;
-+		EC_POINT_is_on_curve;
-+		CRYPTO_set_locked_mem_ex_functions;
-+		CRYPTO_set_locked_mem_ex_funcs;
-+		d2i_KRB5_CHECKSUM;
-+		ASN1_item_dup;
-+		X509_it;
-+		BN_mod_add;
-+		KRB5_AUTHDATA_free;
-+		_ossl_old_des_cbc_cksum;
-+		ASN1_item_verify;
-+		CRYPTO_set_mem_ex_functions;
-+		EC_POINT_get_Jprojective_coordinates_GFp;
-+		EC_POINT_get_Jproj_coords_GFp;
-+		ZLONG_it;
-+		CRYPTO_get_locked_mem_ex_functions;
-+		CRYPTO_get_locked_mem_ex_funcs;
-+		ASN1_TIME_check;
-+		UI_get0_user_data;
-+		HMAC_CTX_cleanup;
-+		DSA_up_ref;
-+		_ossl_old_des_ede3_cfb64_encrypt;
-+		_ossl_odes_ede3_cfb64_encrypt;
-+		ASN1_BMPSTRING_it;
-+		ASN1_tag2bit;
-+		UI_method_set_flusher;
-+		X509_ocspid_print;
-+		KRB5_ENCDATA_it;
-+		ENGINE_get_load_pubkey_function;
-+		UI_add_user_data;
-+		OCSP_REQUEST_delete_ext;
-+		UI_get_method;
-+		OCSP_ONEREQ_free;
-+		ASN1_PRINTABLESTRING_it;
-+		X509_CRL_set_nextUpdate;
-+		OCSP_REQUEST_it;
-+		OCSP_BASICRESP_it;
-+		AES_ecb_encrypt;
-+		BN_mod_sqr;
-+		NETSCAPE_CERT_SEQUENCE_it;
-+		GENERAL_NAMES_it;
-+		AUTHORITY_INFO_ACCESS_it;
-+		ASN1_FBOOLEAN_it;
-+		UI_set_ex_data;
-+		_ossl_old_des_string_to_key;
-+		ENGINE_register_all_RSA;
-+		d2i_KRB5_PRINCNAME;
-+		OCSP_RESPBYTES_it;
-+		X509_CINF_it;
-+		ENGINE_unregister_digests;
-+		d2i_EDIPARTYNAME;
-+		d2i_OCSP_SERVICELOC;
-+		ENGINE_get_digests;
-+		_ossl_old_des_set_odd_parity;
-+		OCSP_RESPDATA_free;
-+		d2i_KRB5_TICKET;
-+		OTHERNAME_it;
-+		EVP_MD_CTX_cleanup;
-+		d2i_ASN1_GENERALSTRING;
-+		X509_CRL_set_version;
-+		BN_mod_sub;
-+		OCSP_SINGLERESP_get_ext_by_NID;
-+		ENGINE_get_ex_new_index;
-+		OCSP_REQUEST_free;
-+		OCSP_REQUEST_add1_ext_i2d;
-+		X509_VAL_it;
-+		EC_POINTs_make_affine;
-+		EC_POINT_mul;
-+		X509V3_EXT_add_nconf;
-+		X509_TRUST_set;
-+		X509_CRL_add1_ext_i2d;
-+		_ossl_old_des_fcrypt;
-+		DISPLAYTEXT_it;
-+		X509_CRL_set_lastUpdate;
-+		OCSP_BASICRESP_free;
-+		OCSP_BASICRESP_add1_ext_i2d;
-+		d2i_KRB5_AUTHENTBODY;
-+		CRYPTO_set_ex_data_implementation;
-+		CRYPTO_set_ex_data_impl;
-+		KRB5_ENCDATA_new;
-+		DSO_up_ref;
-+		OCSP_crl_reason_str;
-+		UI_get0_result_string;
-+		ASN1_GENERALSTRING_new;
-+		X509_SIG_it;
-+		ERR_set_implementation;
-+		ERR_load_EC_strings;
-+		UI_get0_action_string;
-+		OCSP_ONEREQ_get_ext;
-+		EC_POINT_method_of;
-+		i2d_KRB5_APREQBODY;
-+		_ossl_old_des_ecb3_encrypt;
-+		CRYPTO_get_mem_ex_functions;
-+		ENGINE_get_ex_data;
-+		UI_destroy_method;
-+		ASN1_item_i2d_bio;
-+		OCSP_ONEREQ_get_ext_by_OBJ;
-+		ASN1_primitive_new;
-+		ASN1_PRINTABLE_it;
-+		EVP_aes_192_ecb;
-+		OCSP_SIGNATURE_new;
-+		LONG_it;
-+		ASN1_VISIBLESTRING_it;
-+		OCSP_SINGLERESP_add1_ext_i2d;
-+		d2i_OCSP_CERTID;
-+		ASN1_item_d2i_fp;
-+		CRL_DIST_POINTS_it;
-+		GENERAL_NAME_print;
-+		OCSP_SINGLERESP_delete_ext;
-+		PKCS12_SAFEBAGS_it;
-+		d2i_OCSP_SIGNATURE;
-+		OCSP_request_add1_nonce;
-+		ENGINE_set_cmd_defns;
-+		OCSP_SERVICELOC_free;
-+		EC_GROUP_free;
-+		ASN1_BIT_STRING_it;
-+		X509_REQ_it;
-+		_ossl_old_des_cbc_encrypt;
-+		ERR_unload_strings;
-+		PKCS7_SIGN_ENVELOPE_it;
-+		EDIPARTYNAME_free;
-+		OCSP_REQINFO_free;
-+		EC_GROUP_new_curve_GFp;
-+		OCSP_REQUEST_get1_ext_d2i;
-+		PKCS12_item_pack_safebag;
-+		asn1_ex_c2i;
-+		ENGINE_register_digests;
-+		i2d_OCSP_REVOKEDINFO;
-+		asn1_enc_restore;
-+		UI_free;
-+		UI_new_method;
-+		EVP_EncryptInit_ex;
-+		X509_pubkey_digest;
-+		EC_POINT_invert;
-+		OCSP_basic_sign;
-+		i2d_OCSP_RESPID;
-+		OCSP_check_nonce;
-+		ENGINE_ctrl_cmd;
-+		d2i_KRB5_ENCKEY;
-+		OCSP_parse_url;
-+		OCSP_SINGLERESP_get_ext;
-+		OCSP_CRLID_free;
-+		OCSP_BASICRESP_get1_ext_d2i;
-+		RSAPrivateKey_it;
-+		ENGINE_register_all_DH;
-+		i2d_EDIPARTYNAME;
-+		EC_POINT_get_affine_coordinates_GFp;
-+		EC_POINT_get_affine_coords_GFp;
-+		OCSP_CRLID_new;
-+		ENGINE_get_flags;
-+		OCSP_ONEREQ_it;
-+		UI_process;
-+		ASN1_INTEGER_it;
-+		EVP_CipherInit_ex;
-+		UI_get_string_type;
-+		ENGINE_unregister_DH;
-+		ENGINE_register_all_DSA;
-+		OCSP_ONEREQ_get_ext_by_critical;
-+		bn_dup_expand;
-+		OCSP_cert_id_new;
-+		BASIC_CONSTRAINTS_it;
-+		BN_mod_add_quick;
-+		EC_POINT_new;
-+		EVP_MD_CTX_destroy;
-+		OCSP_RESPBYTES_free;
-+		EVP_aes_128_cbc;
-+		OCSP_SINGLERESP_get1_ext_d2i;
-+		EC_POINT_free;
-+		DH_up_ref;
-+		X509_NAME_ENTRY_it;
-+		UI_get_ex_new_index;
-+		BN_mod_sub_quick;
-+		OCSP_ONEREQ_add_ext;
-+		OCSP_request_sign;
-+		EVP_DigestFinal_ex;
-+		ENGINE_set_digests;
-+		OCSP_id_issuer_cmp;
-+		OBJ_NAME_do_all;
-+		EC_POINTs_mul;
-+		ENGINE_register_complete;
-+		X509V3_EXT_nconf_nid;
-+		ASN1_SEQUENCE_it;
-+		UI_set_default_method;
-+		RAND_query_egd_bytes;
-+		UI_method_get_writer;
-+		UI_OpenSSL;
-+		PEM_def_callback;
-+		ENGINE_cleanup;
-+		DIST_POINT_it;
-+		OCSP_SINGLERESP_it;
-+		d2i_KRB5_TKTBODY;
-+		EC_POINT_cmp;
-+		OCSP_REVOKEDINFO_new;
-+		i2d_OCSP_CERTSTATUS;
-+		OCSP_basic_add1_nonce;
-+		ASN1_item_ex_d2i;
-+		BN_mod_lshift1_quick;
-+		UI_set_method;
-+		OCSP_id_get0_info;
-+		BN_mod_sqrt;
-+		EC_GROUP_copy;
-+		KRB5_ENCDATA_free;
-+		_ossl_old_des_cfb_encrypt;
-+		OCSP_SINGLERESP_get_ext_by_OBJ;
-+		OCSP_cert_to_id;
-+		OCSP_RESPID_new;
-+		OCSP_RESPDATA_it;
-+		d2i_OCSP_RESPDATA;
-+		ENGINE_register_all_complete;
-+		OCSP_check_validity;
-+		PKCS12_BAGS_it;
-+		OCSP_url_svcloc_new;
-+		ASN1_template_free;
-+		OCSP_SINGLERESP_add_ext;
-+		KRB5_AUTHENTBODY_it;
-+		X509_supported_extension;
-+		i2d_KRB5_AUTHDATA;
-+		UI_method_get_opener;
-+		ENGINE_set_ex_data;
-+		OCSP_REQUEST_print;
-+		CBIGNUM_it;
-+		KRB5_TICKET_new;
-+		KRB5_APREQ_new;
-+		EC_GROUP_get_curve_GFp;
-+		KRB5_ENCKEY_new;
-+		ASN1_template_d2i;
-+		_ossl_old_des_quad_cksum;
-+		OCSP_single_get0_status;
-+		BN_swap;
-+		POLICYINFO_it;
-+		ENGINE_set_destroy_function;
-+		asn1_enc_free;
-+		OCSP_RESPID_it;
-+		EC_GROUP_new;
-+		EVP_aes_256_cbc;
-+		i2d_KRB5_PRINCNAME;
-+		_ossl_old_des_encrypt2;
-+		_ossl_old_des_encrypt3;
-+		PKCS8_PRIV_KEY_INFO_it;
-+		OCSP_REQINFO_it;
-+		PBEPARAM_it;
-+		KRB5_AUTHENTBODY_new;
-+		X509_CRL_add0_revoked;
-+		EDIPARTYNAME_it;
-+		NETSCAPE_SPKI_it;
-+		UI_get0_test_string;
-+		ENGINE_get_cipher_engine;
-+		ENGINE_register_all_ciphers;
-+		EC_POINT_copy;
-+		BN_kronecker;
-+		_ossl_old_des_ede3_ofb64_encrypt;
-+		_ossl_odes_ede3_ofb64_encrypt;
-+		UI_method_get_reader;
-+		OCSP_BASICRESP_get_ext_count;
-+		ASN1_ENUMERATED_it;
-+		UI_set_result;
-+		i2d_KRB5_TICKET;
-+		X509_print_ex_fp;
-+		EVP_CIPHER_CTX_set_padding;
-+		d2i_OCSP_RESPONSE;
-+		ASN1_UTCTIME_it;
-+		_ossl_old_des_enc_write;
-+		OCSP_RESPONSE_new;
-+		AES_set_encrypt_key;
-+		OCSP_resp_count;
-+		KRB5_CHECKSUM_new;
-+		ENGINE_load_cswift;
-+		OCSP_onereq_get0_id;
-+		ENGINE_set_default_ciphers;
-+		NOTICEREF_it;
-+		X509V3_EXT_CRL_add_nconf;
-+		OCSP_REVOKEDINFO_it;
-+		AES_encrypt;
-+		OCSP_REQUEST_new;
-+		ASN1_ANY_it;
-+		CRYPTO_ex_data_new_class;
-+		_ossl_old_des_ncbc_encrypt;
-+		i2d_KRB5_TKTBODY;
-+		EC_POINT_clear_free;
-+		AES_decrypt;
-+		asn1_enc_init;
-+		UI_get_result_maxsize;
-+		OCSP_CERTID_new;
-+		ENGINE_unregister_RAND;
-+		UI_method_get_closer;
-+		d2i_KRB5_ENCDATA;
-+		OCSP_request_onereq_count;
-+		OCSP_basic_verify;
-+		KRB5_AUTHENTBODY_free;
-+		ASN1_item_d2i;
-+		ASN1_primitive_free;
-+		i2d_EXTENDED_KEY_USAGE;
-+		i2d_OCSP_SIGNATURE;
-+		asn1_enc_save;
-+		ENGINE_load_nuron;
-+		_ossl_old_des_pcbc_encrypt;
-+		PKCS12_MAC_DATA_it;
-+		OCSP_accept_responses_new;
-+		asn1_do_lock;
-+		PKCS7_ATTR_VERIFY_it;
-+		KRB5_APREQBODY_it;
-+		i2d_OCSP_SINGLERESP;
-+		ASN1_item_ex_new;
-+		UI_add_verify_string;
-+		_ossl_old_des_set_key;
-+		KRB5_PRINCNAME_it;
-+		EVP_DecryptInit_ex;
-+		i2d_OCSP_CERTID;
-+		ASN1_item_d2i_bio;
-+		EC_POINT_dbl;
-+		asn1_get_choice_selector;
-+		i2d_KRB5_CHECKSUM;
-+		ENGINE_set_table_flags;
-+		AES_options;
-+		ENGINE_load_chil;
-+		OCSP_id_cmp;
-+		OCSP_BASICRESP_new;
-+		OCSP_REQUEST_get_ext_by_NID;
-+		KRB5_APREQ_it;
-+		ENGINE_get_destroy_function;
-+		CONF_set_nconf;
-+		ASN1_PRINTABLE_free;
-+		OCSP_BASICRESP_get_ext_by_NID;
-+		DIST_POINT_NAME_it;
-+		X509V3_extensions_print;
-+		_ossl_old_des_cfb64_encrypt;
-+		X509_REVOKED_add1_ext_i2d;
-+		_ossl_old_des_ofb_encrypt;
-+		KRB5_TKTBODY_new;
-+		ASN1_OCTET_STRING_it;
-+		ERR_load_UI_strings;
-+		i2d_KRB5_ENCKEY;
-+		ASN1_template_new;
-+		OCSP_SIGNATURE_free;
-+		ASN1_item_i2d_fp;
-+		KRB5_PRINCNAME_free;
-+		PKCS7_RECIP_INFO_it;
-+		EXTENDED_KEY_USAGE_it;
-+		EC_GFp_simple_method;
-+		EC_GROUP_precompute_mult;
-+		OCSP_request_onereq_get0;
-+		UI_method_set_writer;
-+		KRB5_AUTHENT_new;
-+		X509_CRL_INFO_it;
-+		DSO_set_name_converter;
-+		AES_set_decrypt_key;
-+		PKCS7_DIGEST_it;
-+		PKCS12_x5092certbag;
-+		EVP_DigestInit_ex;
-+		i2a_ACCESS_DESCRIPTION;
-+		OCSP_RESPONSE_it;
-+		PKCS7_ENC_CONTENT_it;
-+		OCSP_request_add0_id;
-+		EC_POINT_make_affine;
-+		DSO_get_filename;
-+		OCSP_CERTSTATUS_it;
-+		OCSP_request_add1_cert;
-+		UI_get0_output_string;
-+		UI_dup_verify_string;
-+		BN_mod_lshift;
-+		KRB5_AUTHDATA_it;
-+		asn1_set_choice_selector;
-+		OCSP_basic_add1_status;
-+		OCSP_RESPID_free;
-+		asn1_get_field_ptr;
-+		UI_add_input_string;
-+		OCSP_CRLID_it;
-+		i2d_KRB5_AUTHENTBODY;
-+		OCSP_REQUEST_get_ext_count;
-+		ENGINE_load_atalla;
-+		X509_NAME_it;
-+		USERNOTICE_it;
-+		OCSP_REQINFO_new;
-+		OCSP_BASICRESP_get_ext;
-+		CRYPTO_get_ex_data_implementation;
-+		CRYPTO_get_ex_data_impl;
-+		ASN1_item_pack;
-+		i2d_KRB5_ENCDATA;
-+		X509_PURPOSE_set;
-+		X509_REQ_INFO_it;
-+		UI_method_set_opener;
-+		ASN1_item_ex_free;
-+		ASN1_BOOLEAN_it;
-+		ENGINE_get_table_flags;
-+		UI_create_method;
-+		OCSP_ONEREQ_add1_ext_i2d;
-+		_shadow_DES_check_key;
-+		d2i_OCSP_REQINFO;
-+		UI_add_info_string;
-+		UI_get_result_minsize;
-+		ASN1_NULL_it;
-+		BN_mod_lshift1;
-+		d2i_OCSP_ONEREQ;
-+		OCSP_ONEREQ_new;
-+		KRB5_TICKET_it;
-+		EVP_aes_192_cbc;
-+		KRB5_TICKET_free;
-+		UI_new;
-+		OCSP_response_create;
-+		_ossl_old_des_xcbc_encrypt;
-+		PKCS7_it;
-+		OCSP_REQUEST_get_ext_by_critical;
-+		OCSP_REQUEST_get_ext_by_crit;
-+		ENGINE_set_flags;
-+		_ossl_old_des_ecb_encrypt;
-+		OCSP_response_get1_basic;
-+		EVP_Digest;
-+		OCSP_ONEREQ_delete_ext;
-+		ASN1_TBOOLEAN_it;
-+		ASN1_item_new;
-+		ASN1_TIME_to_generalizedtime;
-+		BIGNUM_it;
-+		AES_cbc_encrypt;
-+		ENGINE_get_load_privkey_function;
-+		ENGINE_get_load_privkey_fn;
-+		OCSP_RESPONSE_free;
-+		UI_method_set_reader;
-+		i2d_ASN1_T61STRING;
-+		EC_POINT_set_to_infinity;
-+		ERR_load_OCSP_strings;
-+		EC_POINT_point2oct;
-+		KRB5_APREQ_free;
-+		ASN1_OBJECT_it;
-+		OCSP_crlID_new;
-+		OCSP_crlID2_new;
-+		CONF_modules_load_file;
-+		CONF_imodule_set_usr_data;
-+		ENGINE_set_default_string;
-+		CONF_module_get_usr_data;
-+		ASN1_add_oid_module;
-+		CONF_modules_finish;
-+		OPENSSL_config;
-+		CONF_modules_unload;
-+		CONF_imodule_get_value;
-+		CONF_module_set_usr_data;
-+		CONF_parse_list;
-+		CONF_module_add;
-+		CONF_get1_default_config_file;
-+		CONF_imodule_get_flags;
-+		CONF_imodule_get_module;
-+		CONF_modules_load;
-+		CONF_imodule_get_name;
-+		ERR_peek_top_error;
-+		CONF_imodule_get_usr_data;
-+		CONF_imodule_set_flags;
-+		ENGINE_add_conf_module;
-+		ERR_peek_last_error_line;
-+		ERR_peek_last_error_line_data;
-+		ERR_peek_last_error;
-+		DES_read_2passwords;
-+		DES_read_password;
-+		UI_UTIL_read_pw;
-+		UI_UTIL_read_pw_string;
-+		ENGINE_load_aep;
-+		ENGINE_load_sureware;
-+		OPENSSL_add_all_algorithms_noconf;
-+		OPENSSL_add_all_algo_noconf;
-+		OPENSSL_add_all_algorithms_conf;
-+		OPENSSL_add_all_algo_conf;
-+		OPENSSL_load_builtin_modules;
-+		AES_ofb128_encrypt;
-+		AES_ctr128_encrypt;
-+		AES_cfb128_encrypt;
-+		ENGINE_load_4758cca;
-+		_ossl_096_des_random_seed;
-+		EVP_aes_256_ofb;
-+		EVP_aes_192_ofb;
-+		EVP_aes_128_cfb128;
-+		EVP_aes_256_cfb128;
-+		EVP_aes_128_ofb;
-+		EVP_aes_192_cfb128;
-+		CONF_modules_free;
-+		NCONF_default;
-+		OPENSSL_no_config;
-+		NCONF_WIN32;
-+		ASN1_UNIVERSALSTRING_new;
-+		EVP_des_ede_ecb;
-+		i2d_ASN1_UNIVERSALSTRING;
-+		ASN1_UNIVERSALSTRING_free;
-+		ASN1_UNIVERSALSTRING_it;
-+		d2i_ASN1_UNIVERSALSTRING;
-+		EVP_des_ede3_ecb;
-+		X509_REQ_print_ex;
-+		ENGINE_up_ref;
-+		BUF_MEM_grow_clean;
-+		CRYPTO_realloc_clean;
-+		BUF_strlcat;
-+		BIO_indent;
-+		BUF_strlcpy;
-+		OpenSSLDie;
-+		OPENSSL_cleanse;
-+		ENGINE_setup_bsd_cryptodev;
-+		ERR_release_err_state_table;
-+		EVP_aes_128_cfb8;
-+		FIPS_corrupt_rsa;
-+		FIPS_selftest_des;
-+		EVP_aes_128_cfb1;
-+		EVP_aes_192_cfb8;
-+		FIPS_mode_set;
-+		FIPS_selftest_dsa;
-+		EVP_aes_256_cfb8;
-+		FIPS_allow_md5;
-+		DES_ede3_cfb_encrypt;
-+		EVP_des_ede3_cfb8;
-+		FIPS_rand_seeded;
-+		AES_cfbr_encrypt_block;
-+		AES_cfb8_encrypt;
-+		FIPS_rand_seed;
-+		FIPS_corrupt_des;
-+		EVP_aes_192_cfb1;
-+		FIPS_selftest_aes;
-+		FIPS_set_prng_key;
-+		EVP_des_cfb8;
-+		FIPS_corrupt_dsa;
-+		FIPS_test_mode;
-+		FIPS_rand_method;
-+		EVP_aes_256_cfb1;
-+		ERR_load_FIPS_strings;
-+		FIPS_corrupt_aes;
-+		FIPS_selftest_sha1;
-+		FIPS_selftest_rsa;
-+		FIPS_corrupt_sha1;
-+		EVP_des_cfb1;
-+		FIPS_dsa_check;
-+		AES_cfb1_encrypt;
-+		EVP_des_ede3_cfb1;
-+		FIPS_rand_check;
-+		FIPS_md5_allowed;
-+		FIPS_mode;
-+		FIPS_selftest_failed;
-+		sk_is_sorted;
-+		X509_check_ca;
-+		HMAC_CTX_set_flags;
-+		d2i_PROXY_CERT_INFO_EXTENSION;
-+		PROXY_POLICY_it;
-+		i2d_PROXY_POLICY;
-+		i2d_PROXY_CERT_INFO_EXTENSION;
-+		d2i_PROXY_POLICY;
-+		PROXY_CERT_INFO_EXTENSION_new;
-+		PROXY_CERT_INFO_EXTENSION_free;
-+		PROXY_CERT_INFO_EXTENSION_it;
-+		PROXY_POLICY_free;
-+		PROXY_POLICY_new;
-+		BN_MONT_CTX_set_locked;
-+		FIPS_selftest_rng;
-+		EVP_sha384;
-+		EVP_sha512;
-+		EVP_sha224;
-+		EVP_sha256;
-+		FIPS_selftest_hmac;
-+		FIPS_corrupt_rng;
-+		BN_mod_exp_mont_consttime;
-+		RSA_X931_hash_id;
-+		RSA_padding_check_X931;
-+		RSA_verify_PKCS1_PSS;
-+		RSA_padding_add_X931;
-+		RSA_padding_add_PKCS1_PSS;
-+		PKCS1_MGF1;
-+		BN_X931_generate_Xpq;
-+		RSA_X931_generate_key;
-+		BN_X931_derive_prime;
-+		BN_X931_generate_prime;
-+		RSA_X931_derive;
-+		BIO_new_dgram;
-+		BN_get0_nist_prime_384;
-+		ERR_set_mark;
-+		X509_STORE_CTX_set0_crls;
-+		ENGINE_set_STORE;
-+		ENGINE_register_ECDSA;
-+		STORE_meth_set_list_start_fn;
-+		STORE_method_set_list_start_function;
-+		BN_BLINDING_invert_ex;
-+		NAME_CONSTRAINTS_free;
-+		STORE_ATTR_INFO_set_number;
-+		BN_BLINDING_get_thread_id;
-+		X509_STORE_CTX_set0_param;
-+		POLICY_MAPPING_it;
-+		STORE_parse_attrs_start;
-+		POLICY_CONSTRAINTS_free;
-+		EVP_PKEY_add1_attr_by_NID;
-+		BN_nist_mod_192;
-+		EC_GROUP_get_trinomial_basis;
-+		STORE_set_method;
-+		GENERAL_SUBTREE_free;
-+		NAME_CONSTRAINTS_it;
-+		ECDH_get_default_method;
-+		PKCS12_add_safe;
-+		EC_KEY_new_by_curve_name;
-+		STORE_meth_get_update_store_fn;
-+		STORE_method_get_update_store_function;
-+		ENGINE_register_ECDH;
-+		SHA512_Update;
-+		i2d_ECPrivateKey;
-+		BN_get0_nist_prime_192;
-+		STORE_modify_certificate;
-+		EC_POINT_set_affine_coordinates_GF2m;
-+		EC_POINT_set_affine_coords_GF2m;
-+		BN_GF2m_mod_exp_arr;
-+		STORE_ATTR_INFO_modify_number;
-+		X509_keyid_get0;
-+		ENGINE_load_gmp;
-+		pitem_new;
-+		BN_GF2m_mod_mul_arr;
-+		STORE_list_public_key_endp;
-+		o2i_ECPublicKey;
-+		EC_KEY_copy;
-+		BIO_dump_fp;
-+		X509_policy_node_get0_parent;
-+		EC_GROUP_check_discriminant;
-+		i2o_ECPublicKey;
-+		EC_KEY_precompute_mult;
-+		a2i_IPADDRESS;
-+		STORE_meth_set_initialise_fn;
-+		STORE_method_set_initialise_function;
-+		X509_STORE_CTX_set_depth;
-+		X509_VERIFY_PARAM_inherit;
-+		EC_POINT_point2bn;
-+		STORE_ATTR_INFO_set_dn;
-+		X509_policy_tree_get0_policies;
-+		EC_GROUP_new_curve_GF2m;
-+		STORE_destroy_method;
-+		ENGINE_unregister_STORE;
-+		EVP_PKEY_get1_EC_KEY;
-+		STORE_ATTR_INFO_get0_number;
-+		ENGINE_get_default_ECDH;
-+		EC_KEY_get_conv_form;
-+		ASN1_OCTET_STRING_NDEF_it;
-+		STORE_delete_public_key;
-+		STORE_get_public_key;
-+		STORE_modify_arbitrary;
-+		ENGINE_get_static_state;
-+		pqueue_iterator;
-+		ECDSA_SIG_new;
-+		OPENSSL_DIR_end;
-+		BN_GF2m_mod_sqr;
-+		EC_POINT_bn2point;
-+		X509_VERIFY_PARAM_set_depth;
-+		EC_KEY_set_asn1_flag;
-+		STORE_get_method;
-+		EC_KEY_get_key_method_data;
-+		ECDSA_sign_ex;
-+		STORE_parse_attrs_end;
-+		EC_GROUP_get_point_conversion_form;
-+		EC_GROUP_get_point_conv_form;
-+		STORE_method_set_store_function;
-+		STORE_ATTR_INFO_in;
-+		PEM_read_bio_ECPKParameters;
-+		EC_GROUP_get_pentanomial_basis;
-+		EVP_PKEY_add1_attr_by_txt;
-+		BN_BLINDING_set_flags;
-+		X509_VERIFY_PARAM_set1_policies;
-+		X509_VERIFY_PARAM_set1_name;
-+		X509_VERIFY_PARAM_set_purpose;
-+		STORE_get_number;
-+		ECDSA_sign_setup;
-+		BN_GF2m_mod_solve_quad_arr;
-+		EC_KEY_up_ref;
-+		POLICY_MAPPING_free;
-+		BN_GF2m_mod_div;
-+		X509_VERIFY_PARAM_set_flags;
-+		EC_KEY_free;
-+		STORE_meth_set_list_next_fn;
-+		STORE_method_set_list_next_function;
-+		PEM_write_bio_ECPrivateKey;
-+		d2i_EC_PUBKEY;
-+		STORE_meth_get_generate_fn;
-+		STORE_method_get_generate_function;
-+		STORE_meth_set_list_end_fn;
-+		STORE_method_set_list_end_function;
-+		pqueue_print;
-+		EC_GROUP_have_precompute_mult;
-+		EC_KEY_print_fp;
-+		BN_GF2m_mod_arr;
-+		PEM_write_bio_X509_CERT_PAIR;
-+		EVP_PKEY_cmp;
-+		X509_policy_level_node_count;
-+		STORE_new_engine;
-+		STORE_list_public_key_start;
-+		X509_VERIFY_PARAM_new;
-+		ECDH_get_ex_data;
-+		EVP_PKEY_get_attr;
-+		ECDSA_do_sign;
-+		ENGINE_unregister_ECDH;
-+		ECDH_OpenSSL;
-+		EC_KEY_set_conv_form;
-+		EC_POINT_dup;
-+		GENERAL_SUBTREE_new;
-+		STORE_list_crl_endp;
-+		EC_get_builtin_curves;
-+		X509_policy_node_get0_qualifiers;
-+		X509_pcy_node_get0_qualifiers;
-+		STORE_list_crl_end;
-+		EVP_PKEY_set1_EC_KEY;
-+		BN_GF2m_mod_sqrt_arr;
-+		i2d_ECPrivateKey_bio;
-+		ECPKParameters_print_fp;
-+		pqueue_find;
-+		ECDSA_SIG_free;
-+		PEM_write_bio_ECPKParameters;
-+		STORE_method_set_ctrl_function;
-+		STORE_list_public_key_end;
-+		EC_KEY_set_private_key;
-+		pqueue_peek;
-+		STORE_get_arbitrary;
-+		STORE_store_crl;
-+		X509_policy_node_get0_policy;
-+		PKCS12_add_safes;
-+		BN_BLINDING_convert_ex;
-+		X509_policy_tree_free;
-+		OPENSSL_ia32cap_loc;
-+		BN_GF2m_poly2arr;
-+		STORE_ctrl;
-+		STORE_ATTR_INFO_compare;
-+		BN_get0_nist_prime_224;
-+		i2d_ECParameters;
-+		i2d_ECPKParameters;
-+		BN_GENCB_call;
-+		d2i_ECPKParameters;
-+		STORE_meth_set_generate_fn;
-+		STORE_method_set_generate_function;
-+		ENGINE_set_ECDH;
-+		NAME_CONSTRAINTS_new;
-+		SHA256_Init;
-+		EC_KEY_get0_public_key;
-+		PEM_write_bio_EC_PUBKEY;
-+		STORE_ATTR_INFO_set_cstr;
-+		STORE_list_crl_next;
-+		STORE_ATTR_INFO_in_range;
-+		ECParameters_print;
-+		STORE_meth_set_delete_fn;
-+		STORE_method_set_delete_function;
-+		STORE_list_certificate_next;
-+		ASN1_generate_nconf;
-+		BUF_memdup;
-+		BN_GF2m_mod_mul;
-+		STORE_meth_get_list_next_fn;
-+		STORE_method_get_list_next_function;
-+		STORE_ATTR_INFO_get0_dn;
-+		STORE_list_private_key_next;
-+		EC_GROUP_set_seed;
-+		X509_VERIFY_PARAM_set_trust;
-+		STORE_ATTR_INFO_free;
-+		STORE_get_private_key;
-+		EVP_PKEY_get_attr_count;
-+		STORE_ATTR_INFO_new;
-+		EC_GROUP_get_curve_GF2m;
-+		STORE_meth_set_revoke_fn;
-+		STORE_method_set_revoke_function;
-+		STORE_store_number;
-+		BN_is_prime_ex;
-+		STORE_revoke_public_key;
-+		X509_STORE_CTX_get0_param;
-+		STORE_delete_arbitrary;
-+		PEM_read_X509_CERT_PAIR;
-+		X509_STORE_set_depth;
-+		ECDSA_get_ex_data;
-+		SHA224;
-+		BIO_dump_indent_fp;
-+		EC_KEY_set_group;
-+		BUF_strndup;
-+		STORE_list_certificate_start;
-+		BN_GF2m_mod;
-+		X509_REQ_check_private_key;
-+		EC_GROUP_get_seed_len;
-+		ERR_load_STORE_strings;
-+		PEM_read_bio_EC_PUBKEY;
-+		STORE_list_private_key_end;
-+		i2d_EC_PUBKEY;
-+		ECDSA_get_default_method;
-+		ASN1_put_eoc;
-+		X509_STORE_CTX_get_explicit_policy;
-+		X509_STORE_CTX_get_expl_policy;
-+		X509_VERIFY_PARAM_table_cleanup;
-+		STORE_modify_private_key;
-+		X509_VERIFY_PARAM_free;
-+		EC_METHOD_get_field_type;
-+		EC_GFp_nist_method;
-+		STORE_meth_set_modify_fn;
-+		STORE_method_set_modify_function;
-+		STORE_parse_attrs_next;
-+		ENGINE_load_padlock;
-+		EC_GROUP_set_curve_name;
-+		X509_CERT_PAIR_it;
-+		STORE_meth_get_revoke_fn;
-+		STORE_method_get_revoke_function;
-+		STORE_method_set_get_function;
-+		STORE_modify_number;
-+		STORE_method_get_store_function;
-+		STORE_store_private_key;
-+		BN_GF2m_mod_sqr_arr;
-+		RSA_setup_blinding;
-+		BIO_s_datagram;
-+		STORE_Memory;
-+		sk_find_ex;
-+		EC_GROUP_set_curve_GF2m;
-+		ENGINE_set_default_ECDSA;
-+		POLICY_CONSTRAINTS_new;
-+		BN_GF2m_mod_sqrt;
-+		ECDH_set_default_method;
-+		EC_KEY_generate_key;
-+		SHA384_Update;
-+		BN_GF2m_arr2poly;
-+		STORE_method_get_get_function;
-+		STORE_meth_set_cleanup_fn;
-+		STORE_method_set_cleanup_function;
-+		EC_GROUP_check;
-+		d2i_ECPrivateKey_bio;
-+		EC_KEY_insert_key_method_data;
-+		STORE_meth_get_lock_store_fn;
-+		STORE_method_get_lock_store_function;
-+		X509_VERIFY_PARAM_get_depth;
-+		SHA224_Final;
-+		STORE_meth_set_update_store_fn;
-+		STORE_method_set_update_store_function;
-+		SHA224_Update;
-+		d2i_ECPrivateKey;
-+		ASN1_item_ndef_i2d;
-+		STORE_delete_private_key;
-+		ERR_pop_to_mark;
-+		ENGINE_register_all_STORE;
-+		X509_policy_level_get0_node;
-+		i2d_PKCS7_NDEF;
-+		EC_GROUP_get_degree;
-+		ASN1_generate_v3;
-+		STORE_ATTR_INFO_modify_cstr;
-+		X509_policy_tree_level_count;
-+		BN_GF2m_add;
-+		EC_KEY_get0_group;
-+		STORE_generate_crl;
-+		STORE_store_public_key;
-+		X509_CERT_PAIR_free;
-+		STORE_revoke_private_key;
-+		BN_nist_mod_224;
-+		SHA512_Final;
-+		STORE_ATTR_INFO_modify_dn;
-+		STORE_meth_get_initialise_fn;
-+		STORE_method_get_initialise_function;
-+		STORE_delete_number;
-+		i2d_EC_PUBKEY_bio;
-+		BIO_dgram_non_fatal_error;
-+		EC_GROUP_get_asn1_flag;
-+		STORE_ATTR_INFO_in_ex;
-+		STORE_list_crl_start;
-+		ECDH_get_ex_new_index;
-+		STORE_meth_get_modify_fn;
-+		STORE_method_get_modify_function;
-+		v2i_ASN1_BIT_STRING;
-+		STORE_store_certificate;
-+		OBJ_bsearch_ex;
-+		X509_STORE_CTX_set_default;
-+		STORE_ATTR_INFO_set_sha1str;
-+		BN_GF2m_mod_inv;
-+		BN_GF2m_mod_exp;
-+		STORE_modify_public_key;
-+		STORE_meth_get_list_start_fn;
-+		STORE_method_get_list_start_function;
-+		EC_GROUP_get0_seed;
-+		STORE_store_arbitrary;
-+		STORE_meth_set_unlock_store_fn;
-+		STORE_method_set_unlock_store_function;
-+		BN_GF2m_mod_div_arr;
-+		ENGINE_set_ECDSA;
-+		STORE_create_method;
-+		ECPKParameters_print;
-+		EC_KEY_get0_private_key;
-+		PEM_write_EC_PUBKEY;
-+		X509_VERIFY_PARAM_set1;
-+		ECDH_set_method;
-+		v2i_GENERAL_NAME_ex;
-+		ECDH_set_ex_data;
-+		STORE_generate_key;
-+		BN_nist_mod_521;
-+		X509_policy_tree_get0_level;
-+		EC_GROUP_set_point_conversion_form;
-+		EC_GROUP_set_point_conv_form;
-+		PEM_read_EC_PUBKEY;
-+		i2d_ECDSA_SIG;
-+		ECDSA_OpenSSL;
-+		STORE_delete_crl;
-+		EC_KEY_get_enc_flags;
-+		ASN1_const_check_infinite_end;
-+		EVP_PKEY_delete_attr;
-+		ECDSA_set_default_method;
-+		EC_POINT_set_compressed_coordinates_GF2m;
-+		EC_POINT_set_compr_coords_GF2m;
-+		EC_GROUP_cmp;
-+		STORE_revoke_certificate;
-+		BN_get0_nist_prime_256;
-+		STORE_meth_get_delete_fn;
-+		STORE_method_get_delete_function;
-+		SHA224_Init;
-+		PEM_read_ECPrivateKey;
-+		SHA512_Init;
-+		STORE_parse_attrs_endp;
-+		BN_set_negative;
-+		ERR_load_ECDSA_strings;
-+		EC_GROUP_get_basis_type;
-+		STORE_list_public_key_next;
-+		i2v_ASN1_BIT_STRING;
-+		STORE_OBJECT_free;
-+		BN_nist_mod_384;
-+		i2d_X509_CERT_PAIR;
-+		PEM_write_ECPKParameters;
-+		ECDH_compute_key;
-+		STORE_ATTR_INFO_get0_sha1str;
-+		ENGINE_register_all_ECDH;
-+		pqueue_pop;
-+		STORE_ATTR_INFO_get0_cstr;
-+		POLICY_CONSTRAINTS_it;
-+		STORE_get_ex_new_index;
-+		EVP_PKEY_get_attr_by_OBJ;
-+		X509_VERIFY_PARAM_add0_policy;
-+		BN_GF2m_mod_solve_quad;
-+		SHA256;
-+		i2d_ECPrivateKey_fp;
-+		X509_policy_tree_get0_user_policies;
-+		X509_pcy_tree_get0_usr_policies;
-+		OPENSSL_DIR_read;
-+		ENGINE_register_all_ECDSA;
-+		X509_VERIFY_PARAM_lookup;
-+		EC_POINT_get_affine_coordinates_GF2m;
-+		EC_POINT_get_affine_coords_GF2m;
-+		EC_GROUP_dup;
-+		ENGINE_get_default_ECDSA;
-+		EC_KEY_new;
-+		SHA256_Transform;
-+		EC_KEY_set_enc_flags;
-+		ECDSA_verify;
-+		EC_POINT_point2hex;
-+		ENGINE_get_STORE;
-+		SHA512;
-+		STORE_get_certificate;
-+		ECDSA_do_sign_ex;
-+		ECDSA_do_verify;
-+		d2i_ECPrivateKey_fp;
-+		STORE_delete_certificate;
-+		SHA512_Transform;
-+		X509_STORE_set1_param;
-+		STORE_method_get_ctrl_function;
-+		STORE_free;
-+		PEM_write_ECPrivateKey;
-+		STORE_meth_get_unlock_store_fn;
-+		STORE_method_get_unlock_store_function;
-+		STORE_get_ex_data;
-+		EC_KEY_set_public_key;
-+		PEM_read_ECPKParameters;
-+		X509_CERT_PAIR_new;
-+		ENGINE_register_STORE;
-+		RSA_generate_key_ex;
-+		DSA_generate_parameters_ex;
-+		ECParameters_print_fp;
-+		X509V3_NAME_from_section;
-+		EVP_PKEY_add1_attr;
-+		STORE_modify_crl;
-+		STORE_list_private_key_start;
-+		POLICY_MAPPINGS_it;
-+		GENERAL_SUBTREE_it;
-+		EC_GROUP_get_curve_name;
-+		PEM_write_X509_CERT_PAIR;
-+		BIO_dump_indent_cb;
-+		d2i_X509_CERT_PAIR;
-+		STORE_list_private_key_endp;
-+		asn1_const_Finish;
-+		i2d_EC_PUBKEY_fp;
-+		BN_nist_mod_256;
-+		X509_VERIFY_PARAM_add0_table;
-+		pqueue_free;
-+		BN_BLINDING_create_param;
-+		ECDSA_size;
-+		d2i_EC_PUBKEY_bio;
-+		BN_get0_nist_prime_521;
-+		STORE_ATTR_INFO_modify_sha1str;
-+		BN_generate_prime_ex;
-+		EC_GROUP_new_by_curve_name;
-+		SHA256_Final;
-+		DH_generate_parameters_ex;
-+		PEM_read_bio_ECPrivateKey;
-+		STORE_meth_get_cleanup_fn;
-+		STORE_method_get_cleanup_function;
-+		ENGINE_get_ECDH;
-+		d2i_ECDSA_SIG;
-+		BN_is_prime_fasttest_ex;
-+		ECDSA_sign;
-+		X509_policy_check;
-+		EVP_PKEY_get_attr_by_NID;
-+		STORE_set_ex_data;
-+		ENGINE_get_ECDSA;
-+		EVP_ecdsa;
-+		BN_BLINDING_get_flags;
-+		PKCS12_add_cert;
-+		STORE_OBJECT_new;
-+		ERR_load_ECDH_strings;
-+		EC_KEY_dup;
-+		EVP_CIPHER_CTX_rand_key;
-+		ECDSA_set_method;
-+		a2i_IPADDRESS_NC;
-+		d2i_ECParameters;
-+		STORE_list_certificate_end;
-+		STORE_get_crl;
-+		X509_POLICY_NODE_print;
-+		SHA384_Init;
-+		EC_GF2m_simple_method;
-+		ECDSA_set_ex_data;
-+		SHA384_Final;
-+		PKCS7_set_digest;
-+		EC_KEY_print;
-+		STORE_meth_set_lock_store_fn;
-+		STORE_method_set_lock_store_function;
-+		ECDSA_get_ex_new_index;
-+		SHA384;
-+		POLICY_MAPPING_new;
-+		STORE_list_certificate_endp;
-+		X509_STORE_CTX_get0_policy_tree;
-+		EC_GROUP_set_asn1_flag;
-+		EC_KEY_check_key;
-+		d2i_EC_PUBKEY_fp;
-+		PKCS7_set0_type_other;
-+		PEM_read_bio_X509_CERT_PAIR;
-+		pqueue_next;
-+		STORE_meth_get_list_end_fn;
-+		STORE_method_get_list_end_function;
-+		EVP_PKEY_add1_attr_by_OBJ;
-+		X509_VERIFY_PARAM_set_time;
-+		pqueue_new;
-+		ENGINE_set_default_ECDH;
-+		STORE_new_method;
-+		PKCS12_add_key;
-+		DSO_merge;
-+		EC_POINT_hex2point;
-+		BIO_dump_cb;
-+		SHA256_Update;
-+		pqueue_insert;
-+		pitem_free;
-+		BN_GF2m_mod_inv_arr;
-+		ENGINE_unregister_ECDSA;
-+		BN_BLINDING_set_thread_id;
-+		get_rfc3526_prime_8192;
-+		X509_VERIFY_PARAM_clear_flags;
-+		get_rfc2409_prime_1024;
-+		DH_check_pub_key;
-+		get_rfc3526_prime_2048;
-+		get_rfc3526_prime_6144;
-+		get_rfc3526_prime_1536;
-+		get_rfc3526_prime_3072;
-+		get_rfc3526_prime_4096;
-+		get_rfc2409_prime_768;
-+		X509_VERIFY_PARAM_get_flags;
-+		EVP_CIPHER_CTX_new;
-+		EVP_CIPHER_CTX_free;
-+		Camellia_cbc_encrypt;
-+		Camellia_cfb128_encrypt;
-+		Camellia_cfb1_encrypt;
-+		Camellia_cfb8_encrypt;
-+		Camellia_ctr128_encrypt;
-+		Camellia_cfbr_encrypt_block;
-+		Camellia_decrypt;
-+		Camellia_ecb_encrypt;
-+		Camellia_encrypt;
-+		Camellia_ofb128_encrypt;
-+		Camellia_set_key;
-+		EVP_camellia_128_cbc;
-+		EVP_camellia_128_cfb128;
-+		EVP_camellia_128_cfb1;
-+		EVP_camellia_128_cfb8;
-+		EVP_camellia_128_ecb;
-+		EVP_camellia_128_ofb;
-+		EVP_camellia_192_cbc;
-+		EVP_camellia_192_cfb128;
-+		EVP_camellia_192_cfb1;
-+		EVP_camellia_192_cfb8;
-+		EVP_camellia_192_ecb;
-+		EVP_camellia_192_ofb;
-+		EVP_camellia_256_cbc;
-+		EVP_camellia_256_cfb128;
-+		EVP_camellia_256_cfb1;
-+		EVP_camellia_256_cfb8;
-+		EVP_camellia_256_ecb;
-+		EVP_camellia_256_ofb;
-+		a2i_ipadd;
-+		ASIdentifiers_free;
-+		i2d_ASIdOrRange;
-+		EVP_CIPHER_block_size;
-+		v3_asid_is_canonical;
-+		IPAddressChoice_free;
-+		EVP_CIPHER_CTX_set_app_data;
-+		BIO_set_callback_arg;
-+		v3_addr_add_prefix;
-+		IPAddressOrRange_it;
-+		BIO_set_flags;
-+		ASIdentifiers_it;
-+		v3_addr_get_range;
-+		BIO_method_type;
-+		v3_addr_inherits;
-+		IPAddressChoice_it;
-+		AES_ige_encrypt;
-+		v3_addr_add_range;
-+		EVP_CIPHER_CTX_nid;
-+		d2i_ASRange;
-+		v3_addr_add_inherit;
-+		v3_asid_add_id_or_range;
-+		v3_addr_validate_resource_set;
-+		EVP_CIPHER_iv_length;
-+		EVP_MD_type;
-+		v3_asid_canonize;
-+		IPAddressRange_free;
-+		v3_asid_add_inherit;
-+		EVP_CIPHER_CTX_key_length;
-+		IPAddressRange_new;
-+		ASIdOrRange_new;
-+		EVP_MD_size;
-+		EVP_MD_CTX_test_flags;
-+		BIO_clear_flags;
-+		i2d_ASRange;
-+		IPAddressRange_it;
-+		IPAddressChoice_new;
-+		ASIdentifierChoice_new;
-+		ASRange_free;
-+		EVP_MD_pkey_type;
-+		EVP_MD_CTX_clear_flags;
-+		IPAddressFamily_free;
-+		i2d_IPAddressFamily;
-+		IPAddressOrRange_new;
-+		EVP_CIPHER_flags;
-+		v3_asid_validate_resource_set;
-+		d2i_IPAddressRange;
-+		AES_bi_ige_encrypt;
-+		BIO_get_callback;
-+		IPAddressOrRange_free;
-+		v3_addr_subset;
-+		d2i_IPAddressFamily;
-+		v3_asid_subset;
-+		BIO_test_flags;
-+		i2d_ASIdentifierChoice;
-+		ASRange_it;
-+		d2i_ASIdentifiers;
-+		ASRange_new;
-+		d2i_IPAddressChoice;
-+		v3_addr_get_afi;
-+		EVP_CIPHER_key_length;
-+		EVP_Cipher;
-+		i2d_IPAddressOrRange;
-+		ASIdOrRange_it;
-+		EVP_CIPHER_nid;
-+		i2d_IPAddressChoice;
-+		EVP_CIPHER_CTX_block_size;
-+		ASIdentifiers_new;
-+		v3_addr_validate_path;
-+		IPAddressFamily_new;
-+		EVP_MD_CTX_set_flags;
-+		v3_addr_is_canonical;
-+		i2d_IPAddressRange;
-+		IPAddressFamily_it;
-+		v3_asid_inherits;
-+		EVP_CIPHER_CTX_cipher;
-+		EVP_CIPHER_CTX_get_app_data;
-+		EVP_MD_block_size;
-+		EVP_CIPHER_CTX_flags;
-+		v3_asid_validate_path;
-+		d2i_IPAddressOrRange;
-+		v3_addr_canonize;
-+		ASIdentifierChoice_it;
-+		EVP_MD_CTX_md;
-+		d2i_ASIdentifierChoice;
-+		BIO_method_name;
-+		EVP_CIPHER_CTX_iv_length;
-+		ASIdOrRange_free;
-+		ASIdentifierChoice_free;
-+		BIO_get_callback_arg;
-+		BIO_set_callback;
-+		d2i_ASIdOrRange;
-+		i2d_ASIdentifiers;
-+		SEED_decrypt;
-+		SEED_encrypt;
-+		SEED_cbc_encrypt;
-+		EVP_seed_ofb;
-+		SEED_cfb128_encrypt;
-+		SEED_ofb128_encrypt;
-+		EVP_seed_cbc;
-+		SEED_ecb_encrypt;
-+		EVP_seed_ecb;
-+		SEED_set_key;
-+		EVP_seed_cfb128;
-+		X509_EXTENSIONS_it;
-+		X509_get1_ocsp;
-+		OCSP_REQ_CTX_free;
-+		i2d_X509_EXTENSIONS;
-+		OCSP_sendreq_nbio;
-+		OCSP_sendreq_new;
-+		d2i_X509_EXTENSIONS;
-+		X509_ALGORS_it;
-+		X509_ALGOR_get0;
-+		X509_ALGOR_set0;
-+		AES_unwrap_key;
-+		AES_wrap_key;
-+		X509at_get0_data_by_OBJ;
-+		ASN1_TYPE_set1;
-+		ASN1_STRING_set0;
-+		i2d_X509_ALGORS;
-+		BIO_f_zlib;
-+		COMP_zlib_cleanup;
-+		d2i_X509_ALGORS;
-+		CMS_ReceiptRequest_free;
-+		PEM_write_CMS;
-+		CMS_add0_CertificateChoices;
-+		CMS_unsigned_add1_attr_by_OBJ;
-+		ERR_load_CMS_strings;
-+		CMS_sign_receipt;
-+		i2d_CMS_ContentInfo;
-+		CMS_signed_delete_attr;
-+		d2i_CMS_bio;
-+		CMS_unsigned_get_attr_by_NID;
-+		CMS_verify;
-+		SMIME_read_CMS;
-+		CMS_decrypt_set1_key;
-+		CMS_SignerInfo_get0_algs;
-+		CMS_add1_cert;
-+		CMS_set_detached;
-+		CMS_encrypt;
-+		CMS_EnvelopedData_create;
-+		CMS_uncompress;
-+		CMS_add0_crl;
-+		CMS_SignerInfo_verify_content;
-+		CMS_unsigned_get0_data_by_OBJ;
-+		PEM_write_bio_CMS;
-+		CMS_unsigned_get_attr;
-+		CMS_RecipientInfo_ktri_cert_cmp;
-+		CMS_RecipientInfo_ktri_get0_algs;
-+		CMS_RecipInfo_ktri_get0_algs;
-+		CMS_ContentInfo_free;
-+		CMS_final;
-+		CMS_add_simple_smimecap;
-+		CMS_SignerInfo_verify;
-+		CMS_data;
-+		CMS_ContentInfo_it;
-+		d2i_CMS_ReceiptRequest;
-+		CMS_compress;
-+		CMS_digest_create;
-+		CMS_SignerInfo_cert_cmp;
-+		CMS_SignerInfo_sign;
-+		CMS_data_create;
-+		i2d_CMS_bio;
-+		CMS_EncryptedData_set1_key;
-+		CMS_decrypt;
-+		int_smime_write_ASN1;
-+		CMS_unsigned_delete_attr;
-+		CMS_unsigned_get_attr_count;
-+		CMS_add_smimecap;
-+		PEM_read_CMS;
-+		CMS_signed_get_attr_by_OBJ;
-+		d2i_CMS_ContentInfo;
-+		CMS_add_standard_smimecap;
-+		CMS_ContentInfo_new;
-+		CMS_RecipientInfo_type;
-+		CMS_get0_type;
-+		CMS_is_detached;
-+		CMS_sign;
-+		CMS_signed_add1_attr;
-+		CMS_unsigned_get_attr_by_OBJ;
-+		SMIME_write_CMS;
-+		CMS_EncryptedData_decrypt;
-+		CMS_get0_RecipientInfos;
-+		CMS_add0_RevocationInfoChoice;
-+		CMS_decrypt_set1_pkey;
-+		CMS_SignerInfo_set1_signer_cert;
-+		CMS_get0_signers;
-+		CMS_ReceiptRequest_get0_values;
-+		CMS_signed_get0_data_by_OBJ;
-+		CMS_get0_SignerInfos;
-+		CMS_add0_cert;
-+		CMS_EncryptedData_encrypt;
-+		CMS_digest_verify;
-+		CMS_set1_signers_certs;
-+		CMS_signed_get_attr;
-+		CMS_RecipientInfo_set0_key;
-+		CMS_SignedData_init;
-+		CMS_RecipientInfo_kekri_get0_id;
-+		CMS_verify_receipt;
-+		CMS_ReceiptRequest_it;
-+		PEM_read_bio_CMS;
-+		CMS_get1_crls;
-+		CMS_add0_recipient_key;
-+		SMIME_read_ASN1;
-+		CMS_ReceiptRequest_new;
-+		CMS_get0_content;
-+		CMS_get1_ReceiptRequest;
-+		CMS_signed_add1_attr_by_OBJ;
-+		CMS_RecipientInfo_kekri_id_cmp;
-+		CMS_add1_ReceiptRequest;
-+		CMS_SignerInfo_get0_signer_id;
-+		CMS_unsigned_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr;
-+		CMS_signed_get_attr_by_NID;
-+		CMS_get1_certs;
-+		CMS_signed_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr_by_txt;
-+		CMS_dataFinal;
-+		CMS_RecipientInfo_ktri_get0_signer_id;
-+		CMS_RecipInfo_ktri_get0_sigr_id;
-+		i2d_CMS_ReceiptRequest;
-+		CMS_add1_recipient_cert;
-+		CMS_dataInit;
-+		CMS_signed_add1_attr_by_txt;
-+		CMS_RecipientInfo_decrypt;
-+		CMS_signed_get_attr_count;
-+		CMS_get0_eContentType;
-+		CMS_set1_eContentType;
-+		CMS_ReceiptRequest_create0;
-+		CMS_add1_signer;
-+		CMS_RecipientInfo_set0_pkey;
-+		ENGINE_set_load_ssl_client_cert_function;
-+		ENGINE_set_ld_ssl_clnt_cert_fn;
-+		ENGINE_get_ssl_client_cert_function;
-+		ENGINE_get_ssl_client_cert_fn;
-+		ENGINE_load_ssl_client_cert;
-+		ENGINE_load_capi;
-+		OPENSSL_isservice;
-+		FIPS_dsa_sig_decode;
-+		EVP_CIPHER_CTX_clear_flags;
-+		FIPS_rand_status;
-+		FIPS_rand_set_key;
-+		CRYPTO_set_mem_info_functions;
-+		RSA_X931_generate_key_ex;
-+		int_ERR_set_state_func;
-+		int_EVP_MD_set_engine_callbacks;
-+		int_CRYPTO_set_do_dynlock_callback;
-+		FIPS_rng_stick;
-+		EVP_CIPHER_CTX_set_flags;
-+		BN_X931_generate_prime_ex;
-+		FIPS_selftest_check;
-+		FIPS_rand_set_dt;
-+		CRYPTO_dbg_pop_info;
-+		FIPS_dsa_free;
-+		RSA_X931_derive_ex;
-+		FIPS_rsa_new;
-+		FIPS_rand_bytes;
-+		fips_cipher_test;
-+		EVP_CIPHER_CTX_test_flags;
-+		CRYPTO_malloc_debug_init;
-+		CRYPTO_dbg_push_info;
-+		FIPS_corrupt_rsa_keygen;
-+		FIPS_dh_new;
-+		FIPS_corrupt_dsa_keygen;
-+		FIPS_dh_free;
-+		fips_pkey_signature_test;
-+		EVP_add_alg_module;
-+		int_RAND_init_engine_callbacks;
-+		int_EVP_CIPHER_set_engine_callbacks;
-+		int_EVP_MD_init_engine_callbacks;
-+		FIPS_rand_test_mode;
-+		FIPS_rand_reset;
-+		FIPS_dsa_new;
-+		int_RAND_set_callbacks;
-+		BN_X931_derive_prime_ex;
-+		int_ERR_lib_init;
-+		int_EVP_CIPHER_init_engine_callbacks;
-+		FIPS_rsa_free;
-+		FIPS_dsa_sig_encode;
-+		CRYPTO_dbg_remove_all_info;
-+		OPENSSL_init;
-+		CRYPTO_strdup;
-+		JPAKE_STEP3A_process;
-+		JPAKE_STEP1_release;
-+		JPAKE_get_shared_key;
-+		JPAKE_STEP3B_init;
-+		JPAKE_STEP1_generate;
-+		JPAKE_STEP1_init;
-+		JPAKE_STEP3B_process;
-+		JPAKE_STEP2_generate;
-+		JPAKE_CTX_new;
-+		JPAKE_CTX_free;
-+		JPAKE_STEP3B_release;
-+		JPAKE_STEP3A_release;
-+		JPAKE_STEP2_process;
-+		JPAKE_STEP3B_generate;
-+		JPAKE_STEP1_process;
-+		JPAKE_STEP3A_generate;
-+		JPAKE_STEP2_release;
-+		JPAKE_STEP3A_init;
-+		ERR_load_JPAKE_strings;
-+		JPAKE_STEP2_init;
-+		pqueue_size;
-+		i2d_TS_ACCURACY;
-+		i2d_TS_MSG_IMPRINT_fp;
-+		i2d_TS_MSG_IMPRINT;
-+		EVP_PKEY_print_public;
-+		EVP_PKEY_CTX_new;
-+		i2d_TS_TST_INFO;
-+		EVP_PKEY_asn1_find;
-+		DSO_METHOD_beos;
-+		TS_CONF_load_cert;
-+		TS_REQ_get_ext;
-+		EVP_PKEY_sign_init;
-+		ASN1_item_print;
-+		TS_TST_INFO_set_nonce;
-+		TS_RESP_dup;
-+		ENGINE_register_pkey_meths;
-+		EVP_PKEY_asn1_add0;
-+		PKCS7_add0_attrib_signing_time;
-+		i2d_TS_TST_INFO_fp;
-+		BIO_asn1_get_prefix;
-+		TS_TST_INFO_set_time;
-+		EVP_PKEY_meth_set_decrypt;
-+		EVP_PKEY_set_type_str;
-+		EVP_PKEY_CTX_get_keygen_info;
-+		TS_REQ_set_policy_id;
-+		d2i_TS_RESP_fp;
-+		ENGINE_get_pkey_asn1_meth_engine;
-+		ENGINE_get_pkey_asn1_meth_eng;
-+		WHIRLPOOL_Init;
-+		TS_RESP_set_status_info;
-+		EVP_PKEY_keygen;
-+		EVP_DigestSignInit;
-+		TS_ACCURACY_set_millis;
-+		TS_REQ_dup;
-+		GENERAL_NAME_dup;
-+		ASN1_SEQUENCE_ANY_it;
-+		WHIRLPOOL;
-+		X509_STORE_get1_crls;
-+		ENGINE_get_pkey_asn1_meth;
-+		EVP_PKEY_asn1_new;
-+		BIO_new_NDEF;
-+		ENGINE_get_pkey_meth;
-+		TS_MSG_IMPRINT_set_algo;
-+		i2d_TS_TST_INFO_bio;
-+		TS_TST_INFO_set_ordering;
-+		TS_TST_INFO_get_ext_by_OBJ;
-+		CRYPTO_THREADID_set_pointer;
-+		TS_CONF_get_tsa_section;
-+		SMIME_write_ASN1;
-+		TS_RESP_CTX_set_signer_key;
-+		EVP_PKEY_encrypt_old;
-+		EVP_PKEY_encrypt_init;
-+		CRYPTO_THREADID_cpy;
-+		ASN1_PCTX_get_cert_flags;
-+		i2d_ESS_SIGNING_CERT;
-+		TS_CONF_load_key;
-+		i2d_ASN1_SEQUENCE_ANY;
-+		d2i_TS_MSG_IMPRINT_bio;
-+		EVP_PKEY_asn1_set_public;
-+		b2i_PublicKey_bio;
-+		BIO_asn1_set_prefix;
-+		EVP_PKEY_new_mac_key;
-+		BIO_new_CMS;
-+		CRYPTO_THREADID_cmp;
-+		TS_REQ_ext_free;
-+		EVP_PKEY_asn1_set_free;
-+		EVP_PKEY_get0_asn1;
-+		d2i_NETSCAPE_X509;
-+		EVP_PKEY_verify_recover_init;
-+		EVP_PKEY_CTX_set_data;
-+		EVP_PKEY_keygen_init;
-+		TS_RESP_CTX_set_status_info;
-+		TS_MSG_IMPRINT_get_algo;
-+		TS_REQ_print_bio;
-+		EVP_PKEY_CTX_ctrl_str;
-+		EVP_PKEY_get_default_digest_nid;
-+		PEM_write_bio_PKCS7_stream;
-+		TS_MSG_IMPRINT_print_bio;
-+		BN_asc2bn;
-+		TS_REQ_get_policy_id;
-+		ENGINE_set_default_pkey_asn1_meths;
-+		ENGINE_set_def_pkey_asn1_meths;
-+		d2i_TS_ACCURACY;
-+		DSO_global_lookup;
-+		TS_CONF_set_tsa_name;
-+		i2d_ASN1_SET_ANY;
-+		ENGINE_load_gost;
-+		WHIRLPOOL_BitUpdate;
-+		ASN1_PCTX_get_flags;
-+		TS_TST_INFO_get_ext_by_NID;
-+		TS_RESP_new;
-+		ESS_CERT_ID_dup;
-+		TS_STATUS_INFO_dup;
-+		TS_REQ_delete_ext;
-+		EVP_DigestVerifyFinal;
-+		EVP_PKEY_print_params;
-+		i2d_CMS_bio_stream;
-+		TS_REQ_get_msg_imprint;
-+		OBJ_find_sigid_by_algs;
-+		TS_TST_INFO_get_serial;
-+		TS_REQ_get_nonce;
-+		X509_PUBKEY_set0_param;
-+		EVP_PKEY_CTX_set0_keygen_info;
-+		DIST_POINT_set_dpname;
-+		i2d_ISSUING_DIST_POINT;
-+		ASN1_SET_ANY_it;
-+		EVP_PKEY_CTX_get_data;
-+		TS_STATUS_INFO_print_bio;
-+		EVP_PKEY_derive_init;
-+		d2i_TS_TST_INFO;
-+		EVP_PKEY_asn1_add_alias;
-+		d2i_TS_RESP_bio;
-+		OTHERNAME_cmp;
-+		GENERAL_NAME_set0_value;
-+		PKCS7_RECIP_INFO_get0_alg;
-+		TS_RESP_CTX_new;
-+		TS_RESP_set_tst_info;
-+		PKCS7_final;
-+		EVP_PKEY_base_id;
-+		TS_RESP_CTX_set_signer_cert;
-+		TS_REQ_set_msg_imprint;
-+		EVP_PKEY_CTX_ctrl;
-+		TS_CONF_set_digests;
-+		d2i_TS_MSG_IMPRINT;
-+		EVP_PKEY_meth_set_ctrl;
-+		TS_REQ_get_ext_by_NID;
-+		PKCS5_pbe_set0_algor;
-+		BN_BLINDING_thread_id;
-+		TS_ACCURACY_new;
-+		X509_CRL_METHOD_free;
-+		ASN1_PCTX_get_nm_flags;
-+		EVP_PKEY_meth_set_sign;
-+		CRYPTO_THREADID_current;
-+		EVP_PKEY_decrypt_init;
-+		NETSCAPE_X509_free;
-+		i2b_PVK_bio;
-+		EVP_PKEY_print_private;
-+		GENERAL_NAME_get0_value;
-+		b2i_PVK_bio;
-+		ASN1_UTCTIME_adj;
-+		TS_TST_INFO_new;
-+		EVP_MD_do_all_sorted;
-+		TS_CONF_set_default_engine;
-+		TS_ACCURACY_set_seconds;
-+		TS_TST_INFO_get_time;
-+		PKCS8_pkey_get0;
-+		EVP_PKEY_asn1_get0;
-+		OBJ_add_sigid;
-+		PKCS7_SIGNER_INFO_sign;
-+		EVP_PKEY_paramgen_init;
-+		EVP_PKEY_sign;
-+		OBJ_sigid_free;
-+		EVP_PKEY_meth_set_init;
-+		d2i_ESS_ISSUER_SERIAL;
-+		ISSUING_DIST_POINT_new;
-+		ASN1_TIME_adj;
-+		TS_OBJ_print_bio;
-+		EVP_PKEY_meth_set_verify_recover;
-+		EVP_PKEY_meth_set_vrfy_recover;
-+		TS_RESP_get_status_info;
-+		CMS_stream;
-+		EVP_PKEY_CTX_set_cb;
-+		PKCS7_to_TS_TST_INFO;
-+		ASN1_PCTX_get_oid_flags;
-+		TS_TST_INFO_add_ext;
-+		EVP_PKEY_meth_set_derive;
-+		i2d_TS_RESP_fp;
-+		i2d_TS_MSG_IMPRINT_bio;
-+		TS_RESP_CTX_set_accuracy;
-+		TS_REQ_set_nonce;
-+		ESS_CERT_ID_new;
-+		ENGINE_pkey_asn1_find_str;
-+		TS_REQ_get_ext_count;
-+		BUF_reverse;
-+		TS_TST_INFO_print_bio;
-+		d2i_ISSUING_DIST_POINT;
-+		ENGINE_get_pkey_meths;
-+		i2b_PrivateKey_bio;
-+		i2d_TS_RESP;
-+		b2i_PublicKey;
-+		TS_VERIFY_CTX_cleanup;
-+		TS_STATUS_INFO_free;
-+		TS_RESP_verify_token;
-+		OBJ_bsearch_ex_;
-+		ASN1_bn_print;
-+		EVP_PKEY_asn1_get_count;
-+		ENGINE_register_pkey_asn1_meths;
-+		ASN1_PCTX_set_nm_flags;
-+		EVP_DigestVerifyInit;
-+		ENGINE_set_default_pkey_meths;
-+		TS_TST_INFO_get_policy_id;
-+		TS_REQ_get_cert_req;
-+		X509_CRL_set_meth_data;
-+		PKCS8_pkey_set0;
-+		ASN1_STRING_copy;
-+		d2i_TS_TST_INFO_fp;
-+		X509_CRL_match;
-+		EVP_PKEY_asn1_set_private;
-+		TS_TST_INFO_get_ext_d2i;
-+		TS_RESP_CTX_add_policy;
-+		d2i_TS_RESP;
-+		TS_CONF_load_certs;
-+		TS_TST_INFO_get_msg_imprint;
-+		ERR_load_TS_strings;
-+		TS_TST_INFO_get_version;
-+		EVP_PKEY_CTX_dup;
-+		EVP_PKEY_meth_set_verify;
-+		i2b_PublicKey_bio;
-+		TS_CONF_set_certs;
-+		EVP_PKEY_asn1_get0_info;
-+		TS_VERIFY_CTX_free;
-+		TS_REQ_get_ext_by_critical;
-+		TS_RESP_CTX_set_serial_cb;
-+		X509_CRL_get_meth_data;
-+		TS_RESP_CTX_set_time_cb;
-+		TS_MSG_IMPRINT_get_msg;
-+		TS_TST_INFO_ext_free;
-+		TS_REQ_get_version;
-+		TS_REQ_add_ext;
-+		EVP_PKEY_CTX_set_app_data;
-+		OBJ_bsearch_;
-+		EVP_PKEY_meth_set_verifyctx;
-+		i2d_PKCS7_bio_stream;
-+		CRYPTO_THREADID_set_numeric;
-+		PKCS7_sign_add_signer;
-+		d2i_TS_TST_INFO_bio;
-+		TS_TST_INFO_get_ordering;
-+		TS_RESP_print_bio;
-+		TS_TST_INFO_get_exts;
-+		HMAC_CTX_copy;
-+		PKCS5_pbe2_set_iv;
-+		ENGINE_get_pkey_asn1_meths;
-+		b2i_PrivateKey;
-+		EVP_PKEY_CTX_get_app_data;
-+		TS_REQ_set_cert_req;
-+		CRYPTO_THREADID_set_callback;
-+		TS_CONF_set_serial;
-+		TS_TST_INFO_free;
-+		d2i_TS_REQ_fp;
-+		TS_RESP_verify_response;
-+		i2d_ESS_ISSUER_SERIAL;
-+		TS_ACCURACY_get_seconds;
-+		EVP_CIPHER_do_all;
-+		b2i_PrivateKey_bio;
-+		OCSP_CERTID_dup;
-+		X509_PUBKEY_get0_param;
-+		TS_MSG_IMPRINT_dup;
-+		PKCS7_print_ctx;
-+		i2d_TS_REQ_bio;
-+		EVP_whirlpool;
-+		EVP_PKEY_asn1_set_param;
-+		EVP_PKEY_meth_set_encrypt;
-+		ASN1_PCTX_set_flags;
-+		i2d_ESS_CERT_ID;
-+		TS_VERIFY_CTX_new;
-+		TS_RESP_CTX_set_extension_cb;
-+		ENGINE_register_all_pkey_meths;
-+		TS_RESP_CTX_set_status_info_cond;
-+		TS_RESP_CTX_set_stat_info_cond;
-+		EVP_PKEY_verify;
-+		WHIRLPOOL_Final;
-+		X509_CRL_METHOD_new;
-+		EVP_DigestSignFinal;
-+		TS_RESP_CTX_set_def_policy;
-+		NETSCAPE_X509_it;
-+		TS_RESP_create_response;
-+		PKCS7_SIGNER_INFO_get0_algs;
-+		TS_TST_INFO_get_nonce;
-+		EVP_PKEY_decrypt_old;
-+		TS_TST_INFO_set_policy_id;
-+		TS_CONF_set_ess_cert_id_chain;
-+		EVP_PKEY_CTX_get0_pkey;
-+		d2i_TS_REQ;
-+		EVP_PKEY_asn1_find_str;
-+		BIO_f_asn1;
-+		ESS_SIGNING_CERT_new;
-+		EVP_PBE_find;
-+		X509_CRL_get0_by_cert;
-+		EVP_PKEY_derive;
-+		i2d_TS_REQ;
-+		TS_TST_INFO_delete_ext;
-+		ESS_ISSUER_SERIAL_free;
-+		ASN1_PCTX_set_str_flags;
-+		ENGINE_get_pkey_asn1_meth_str;
-+		TS_CONF_set_signer_key;
-+		TS_ACCURACY_get_millis;
-+		TS_RESP_get_token;
-+		TS_ACCURACY_dup;
-+		ENGINE_register_all_pkey_asn1_meths;
-+		ENGINE_reg_all_pkey_asn1_meths;
-+		X509_CRL_set_default_method;
-+		CRYPTO_THREADID_hash;
-+		CMS_ContentInfo_print_ctx;
-+		TS_RESP_free;
-+		ISSUING_DIST_POINT_free;
-+		ESS_ISSUER_SERIAL_new;
-+		CMS_add1_crl;
-+		PKCS7_add1_attrib_digest;
-+		TS_RESP_CTX_add_md;
-+		TS_TST_INFO_dup;
-+		ENGINE_set_pkey_asn1_meths;
-+		PEM_write_bio_Parameters;
-+		TS_TST_INFO_get_accuracy;
-+		X509_CRL_get0_by_serial;
-+		TS_TST_INFO_set_version;
-+		TS_RESP_CTX_get_tst_info;
-+		TS_RESP_verify_signature;
-+		CRYPTO_THREADID_get_callback;
-+		TS_TST_INFO_get_tsa;
-+		TS_STATUS_INFO_new;
-+		EVP_PKEY_CTX_get_cb;
-+		TS_REQ_get_ext_d2i;
-+		GENERAL_NAME_set0_othername;
-+		TS_TST_INFO_get_ext_count;
-+		TS_RESP_CTX_get_request;
-+		i2d_NETSCAPE_X509;
-+		ENGINE_get_pkey_meth_engine;
-+		EVP_PKEY_meth_set_signctx;
-+		EVP_PKEY_asn1_copy;
-+		ASN1_TYPE_cmp;
-+		EVP_CIPHER_do_all_sorted;
-+		EVP_PKEY_CTX_free;
-+		ISSUING_DIST_POINT_it;
-+		d2i_TS_MSG_IMPRINT_fp;
-+		X509_STORE_get1_certs;
-+		EVP_PKEY_CTX_get_operation;
-+		d2i_ESS_SIGNING_CERT;
-+		TS_CONF_set_ordering;
-+		EVP_PBE_alg_add_type;
-+		TS_REQ_set_version;
-+		EVP_PKEY_get0;
-+		BIO_asn1_set_suffix;
-+		i2d_TS_STATUS_INFO;
-+		EVP_MD_do_all;
-+		TS_TST_INFO_set_accuracy;
-+		PKCS7_add_attrib_content_type;
-+		ERR_remove_thread_state;
-+		EVP_PKEY_meth_add0;
-+		TS_TST_INFO_set_tsa;
-+		EVP_PKEY_meth_new;
-+		WHIRLPOOL_Update;
-+		TS_CONF_set_accuracy;
-+		ASN1_PCTX_set_oid_flags;
-+		ESS_SIGNING_CERT_dup;
-+		d2i_TS_REQ_bio;
-+		X509_time_adj_ex;
-+		TS_RESP_CTX_add_flags;
-+		d2i_TS_STATUS_INFO;
-+		TS_MSG_IMPRINT_set_msg;
-+		BIO_asn1_get_suffix;
-+		TS_REQ_free;
-+		EVP_PKEY_meth_free;
-+		TS_REQ_get_exts;
-+		TS_RESP_CTX_set_clock_precision_digits;
-+		TS_RESP_CTX_set_clk_prec_digits;
-+		TS_RESP_CTX_add_failure_info;
-+		i2d_TS_RESP_bio;
-+		EVP_PKEY_CTX_get0_peerkey;
-+		PEM_write_bio_CMS_stream;
-+		TS_REQ_new;
-+		TS_MSG_IMPRINT_new;
-+		EVP_PKEY_meth_find;
-+		EVP_PKEY_id;
-+		TS_TST_INFO_set_serial;
-+		a2i_GENERAL_NAME;
-+		TS_CONF_set_crypto_device;
-+		EVP_PKEY_verify_init;
-+		TS_CONF_set_policies;
-+		ASN1_PCTX_new;
-+		ESS_CERT_ID_free;
-+		ENGINE_unregister_pkey_meths;
-+		TS_MSG_IMPRINT_free;
-+		TS_VERIFY_CTX_init;
-+		PKCS7_stream;
-+		TS_RESP_CTX_set_certs;
-+		TS_CONF_set_def_policy;
-+		ASN1_GENERALIZEDTIME_adj;
-+		NETSCAPE_X509_new;
-+		TS_ACCURACY_free;
-+		TS_RESP_get_tst_info;
-+		EVP_PKEY_derive_set_peer;
-+		PEM_read_bio_Parameters;
-+		TS_CONF_set_clock_precision_digits;
-+		TS_CONF_set_clk_prec_digits;
-+		ESS_ISSUER_SERIAL_dup;
-+		TS_ACCURACY_get_micros;
-+		ASN1_PCTX_get_str_flags;
-+		NAME_CONSTRAINTS_check;
-+		ASN1_BIT_STRING_check;
-+		X509_check_akid;
-+		ENGINE_unregister_pkey_asn1_meths;
-+		ENGINE_unreg_pkey_asn1_meths;
-+		ASN1_PCTX_free;
-+		PEM_write_bio_ASN1_stream;
-+		i2d_ASN1_bio_stream;
-+		TS_X509_ALGOR_print_bio;
-+		EVP_PKEY_meth_set_cleanup;
-+		EVP_PKEY_asn1_free;
-+		ESS_SIGNING_CERT_free;
-+		TS_TST_INFO_set_msg_imprint;
-+		GENERAL_NAME_cmp;
-+		d2i_ASN1_SET_ANY;
-+		ENGINE_set_pkey_meths;
-+		i2d_TS_REQ_fp;
-+		d2i_ASN1_SEQUENCE_ANY;
-+		GENERAL_NAME_get0_otherName;
-+		d2i_ESS_CERT_ID;
-+		OBJ_find_sigid_algs;
-+		EVP_PKEY_meth_set_keygen;
-+		PKCS5_PBKDF2_HMAC;
-+		EVP_PKEY_paramgen;
-+		EVP_PKEY_meth_set_paramgen;
-+		BIO_new_PKCS7;
-+		EVP_PKEY_verify_recover;
-+		TS_ext_print_bio;
-+		TS_ASN1_INTEGER_print_bio;
-+		check_defer;
-+		DSO_pathbyaddr;
-+		EVP_PKEY_set_type;
-+		TS_ACCURACY_set_micros;
-+		TS_REQ_to_TS_VERIFY_CTX;
-+		EVP_PKEY_meth_set_copy;
-+		ASN1_PCTX_set_cert_flags;
-+		TS_TST_INFO_get_ext;
-+		EVP_PKEY_asn1_set_ctrl;
-+		TS_TST_INFO_get_ext_by_critical;
-+		EVP_PKEY_CTX_new_id;
-+		TS_REQ_get_ext_by_OBJ;
-+		TS_CONF_set_signer_cert;
-+		X509_NAME_hash_old;
-+		ASN1_TIME_set_string;
-+		EVP_MD_flags;
-+		TS_RESP_CTX_free;
-+		DSAparams_dup;
-+		DHparams_dup;
-+		OCSP_REQ_CTX_add1_header;
-+		OCSP_REQ_CTX_set1_req;
-+		X509_STORE_set_verify_cb;
-+		X509_STORE_CTX_get0_current_crl;
-+		X509_STORE_CTX_get0_parent_ctx;
-+		X509_STORE_CTX_get0_current_issuer;
-+		X509_STORE_CTX_get0_cur_issuer;
-+		X509_issuer_name_hash_old;
-+		X509_subject_name_hash_old;
-+		EVP_CIPHER_CTX_copy;
-+		UI_method_get_prompt_constructor;
-+		UI_method_get_prompt_constructr;
-+		UI_method_set_prompt_constructor;
-+		UI_method_set_prompt_constructr;
-+		EVP_read_pw_string_min;
-+		CRYPTO_cts128_encrypt;
-+		CRYPTO_cts128_decrypt_block;
-+		CRYPTO_cfb128_1_encrypt;
-+		CRYPTO_cbc128_encrypt;
-+		CRYPTO_ctr128_encrypt;
-+		CRYPTO_ofb128_encrypt;
-+		CRYPTO_cts128_decrypt;
-+		CRYPTO_cts128_encrypt_block;
-+		CRYPTO_cbc128_decrypt;
-+		CRYPTO_cfb128_encrypt;
-+		CRYPTO_cfb128_8_encrypt;
-+
-+	local:
-+		*;
-+};
-+
-+
-+OPENSSL_1.0.1 {
-+	global:
-+		SSL_renegotiate_abbreviated;
-+		TLSv1_1_method;
-+		TLSv1_1_client_method;
-+		TLSv1_1_server_method;
-+		SSL_CTX_set_srp_client_pwd_callback;
-+		SSL_CTX_set_srp_client_pwd_cb;
-+		SSL_get_srp_g;
-+		SSL_CTX_set_srp_username_callback;
-+		SSL_CTX_set_srp_un_cb;
-+		SSL_get_srp_userinfo;
-+		SSL_set_srp_server_param;
-+		SSL_set_srp_server_param_pw;
-+		SSL_get_srp_N;
-+		SSL_get_srp_username;
-+		SSL_CTX_set_srp_password;
-+		SSL_CTX_set_srp_strength;
-+		SSL_CTX_set_srp_verify_param_callback;
-+		SSL_CTX_set_srp_vfy_param_cb;
-+		SSL_CTX_set_srp_cb_arg;
-+		SSL_CTX_set_srp_username;
-+		SSL_CTX_SRP_CTX_init;
-+		SSL_SRP_CTX_init;
-+		SRP_Calc_A_param;
-+		SRP_generate_server_master_secret;
-+		SRP_gen_server_master_secret;
-+		SSL_CTX_SRP_CTX_free;
-+		SRP_generate_client_master_secret;
-+		SRP_gen_client_master_secret;
-+		SSL_srp_server_param_with_username;
-+		SSL_srp_server_param_with_un;
-+		SSL_SRP_CTX_free;
-+		SSL_set_debug;
-+		SSL_SESSION_get0_peer;
-+		TLSv1_2_client_method;
-+		SSL_SESSION_set1_id_context;
-+		TLSv1_2_server_method;
-+		SSL_cache_hit;
-+		SSL_get0_kssl_ctx;
-+		SSL_set0_kssl_ctx;
-+		SSL_set_state;
-+		SSL_CIPHER_get_id;
-+		TLSv1_2_method;
-+		kssl_ctx_get0_client_princ;
-+		SSL_export_keying_material;
-+		SSL_set_tlsext_use_srtp;
-+		SSL_CTX_set_next_protos_advertised_cb;
-+		SSL_CTX_set_next_protos_adv_cb;
-+		SSL_get0_next_proto_negotiated;
-+		SSL_get_selected_srtp_profile;
-+		SSL_CTX_set_tlsext_use_srtp;
-+		SSL_select_next_proto;
-+		SSL_get_srtp_profiles;
-+		SSL_CTX_set_next_proto_select_cb;
-+		SSL_CTX_set_next_proto_sel_cb;
-+		SSL_SESSION_get_compress_id;
-+
-+		SRP_VBASE_get_by_user;
-+		SRP_Calc_server_key;
-+		SRP_create_verifier;
-+		SRP_create_verifier_BN;
-+		SRP_Calc_u;
-+		SRP_VBASE_free;
-+		SRP_Calc_client_key;
-+		SRP_get_default_gN;
-+		SRP_Calc_x;
-+		SRP_Calc_B;
-+		SRP_VBASE_new;
-+		SRP_check_known_gN_param;
-+		SRP_Calc_A;
-+		SRP_Verify_A_mod_N;
-+		SRP_VBASE_init;
-+		SRP_Verify_B_mod_N;
-+		EC_KEY_set_public_key_affine_coordinates;
-+		EC_KEY_set_pub_key_aff_coords;
-+		EVP_aes_192_ctr;
-+		EVP_PKEY_meth_get0_info;
-+		EVP_PKEY_meth_copy;
-+		ERR_add_error_vdata;
-+		EVP_aes_128_ctr;
-+		EVP_aes_256_ctr;
-+		EC_GFp_nistp224_method;
-+		EC_KEY_get_flags;
-+		RSA_padding_add_PKCS1_PSS_mgf1;
-+		EVP_aes_128_xts;
-+		EVP_aes_256_xts;
-+		EVP_aes_128_gcm;
-+		EC_KEY_clear_flags;
-+		EC_KEY_set_flags;
-+		EVP_aes_256_ccm;
-+		RSA_verify_PKCS1_PSS_mgf1;
-+		EVP_aes_128_ccm;
-+		EVP_aes_192_gcm;
-+		X509_ALGOR_set_md;
-+		RAND_init_fips;
-+		EVP_aes_256_gcm;
-+		EVP_aes_192_ccm;
-+		CMAC_CTX_copy;
-+		CMAC_CTX_free;
-+		CMAC_CTX_get0_cipher_ctx;
-+		CMAC_CTX_cleanup;
-+		CMAC_Init;
-+		CMAC_Update;
-+		CMAC_resume;
-+		CMAC_CTX_new;
-+		CMAC_Final;
-+		CRYPTO_ctr128_encrypt_ctr32;
-+		CRYPTO_gcm128_release;
-+		CRYPTO_ccm128_decrypt_ccm64;
-+		CRYPTO_ccm128_encrypt;
-+		CRYPTO_gcm128_encrypt;
-+		CRYPTO_xts128_encrypt;
-+		EVP_rc4_hmac_md5;
-+		CRYPTO_nistcts128_decrypt_block;
-+		CRYPTO_gcm128_setiv;
-+		CRYPTO_nistcts128_encrypt;
-+		EVP_aes_128_cbc_hmac_sha1;
-+		CRYPTO_gcm128_tag;
-+		CRYPTO_ccm128_encrypt_ccm64;
-+		ENGINE_load_rdrand;
-+		CRYPTO_ccm128_setiv;
-+		CRYPTO_nistcts128_encrypt_block;
-+		CRYPTO_gcm128_aad;
-+		CRYPTO_ccm128_init;
-+		CRYPTO_nistcts128_decrypt;
-+		CRYPTO_gcm128_new;
-+		CRYPTO_ccm128_tag;
-+		CRYPTO_ccm128_decrypt;
-+		CRYPTO_ccm128_aad;
-+		CRYPTO_gcm128_init;
-+		CRYPTO_gcm128_decrypt;
-+		ENGINE_load_rsax;
-+		CRYPTO_gcm128_decrypt_ctr32;
-+		CRYPTO_gcm128_encrypt_ctr32;
-+		CRYPTO_gcm128_finish;
-+		EVP_aes_256_cbc_hmac_sha1;
-+		PKCS5_pbkdf2_set;
-+		CMS_add0_recipient_password;
-+		CMS_decrypt_set1_password;
-+		CMS_RecipientInfo_set0_password;
-+		RAND_set_fips_drbg_type;
-+		X509_REQ_sign_ctx;
-+		RSA_PSS_PARAMS_new;
-+		X509_CRL_sign_ctx;
-+		X509_signature_dump;
-+		d2i_RSA_PSS_PARAMS;
-+		RSA_PSS_PARAMS_it;
-+		RSA_PSS_PARAMS_free;
-+		X509_sign_ctx;
-+		i2d_RSA_PSS_PARAMS;
-+		ASN1_item_sign_ctx;
-+		EC_GFp_nistp521_method;
-+		EC_GFp_nistp256_method;
-+		OPENSSL_stderr;
-+		OPENSSL_cpuid_setup;
-+		OPENSSL_showfatal;
-+		BIO_new_dgram_sctp;
-+		BIO_dgram_sctp_msg_waiting;
-+		BIO_dgram_sctp_wait_for_dry;
-+		BIO_s_datagram_sctp;
-+		BIO_dgram_is_sctp;
-+		BIO_dgram_sctp_notification_cb;
-+} OPENSSL_1.0.0;
-+
-+OPENSSL_1.0.1d {
-+	global:
-+		CRYPTO_memcmp;
-+} OPENSSL_1.0.1;
-+
-+OPENSSL_1.0.2 {
-+	global:
-+		SSL_CTX_set_alpn_protos;
-+		SSL_set_alpn_protos;
-+		SSL_CTX_set_alpn_select_cb;
-+		SSL_get0_alpn_selected;
-+		SSL_CTX_set_custom_cli_ext;
-+		SSL_CTX_set_custom_srv_ext;
-+		SSL_CTX_set_srv_supp_data;
-+		SSL_CTX_set_cli_supp_data;
-+		SSL_set_cert_cb;
-+		SSL_CTX_use_serverinfo;
-+		SSL_CTX_use_serverinfo_file;
-+		SSL_CTX_set_cert_cb;
-+		SSL_CTX_get0_param;
-+		SSL_get0_param;
-+		SSL_certs_clear;
-+		DTLSv1_2_method;
-+		DTLSv1_2_server_method;
-+		DTLSv1_2_client_method;
-+		DTLS_method;
-+		DTLS_server_method;
-+		DTLS_client_method;
-+		SSL_CTX_get_ssl_method;
-+		SSL_CTX_get0_certificate;
-+		SSL_CTX_get0_privatekey;
-+		SSL_COMP_set0_compression_methods;
-+		SSL_COMP_free_compression_methods;
-+		SSL_CIPHER_find;
-+		SSL_is_server;
-+		SSL_CONF_CTX_new;
-+		SSL_CONF_CTX_finish;
-+		SSL_CONF_CTX_free;
-+		SSL_CONF_CTX_set_flags;
-+		SSL_CONF_CTX_clear_flags;
-+		SSL_CONF_CTX_set1_prefix;
-+		SSL_CONF_CTX_set_ssl;
-+		SSL_CONF_CTX_set_ssl_ctx;
-+		SSL_CONF_cmd;
-+		SSL_CONF_cmd_argv;
-+		SSL_CONF_cmd_value_type;
-+		SSL_trace;
-+		SSL_CIPHER_standard_name;
-+		SSL_get_tlsa_record_byname;
-+		ASN1_TIME_diff;
-+		BIO_hex_string;
-+		CMS_RecipientInfo_get0_pkey_ctx;
-+		CMS_RecipientInfo_encrypt;
-+		CMS_SignerInfo_get0_pkey_ctx;
-+		CMS_SignerInfo_get0_md_ctx;
-+		CMS_SignerInfo_get0_signature;
-+		CMS_RecipientInfo_kari_get0_alg;
-+		CMS_RecipientInfo_kari_get0_reks;
-+		CMS_RecipientInfo_kari_get0_orig_id;
-+		CMS_RecipientInfo_kari_orig_id_cmp;
-+		CMS_RecipientEncryptedKey_get0_id;
-+		CMS_RecipientEncryptedKey_cert_cmp;
-+		CMS_RecipientInfo_kari_set0_pkey;
-+		CMS_RecipientInfo_kari_get0_ctx;
-+		CMS_RecipientInfo_kari_decrypt;
-+		CMS_SharedInfo_encode;
-+		DH_compute_key_padded;
-+		d2i_DHxparams;
-+		i2d_DHxparams;
-+		DH_get_1024_160;
-+		DH_get_2048_224;
-+		DH_get_2048_256;
-+		DH_KDF_X9_42;
-+		ECDH_KDF_X9_62;
-+		ECDSA_METHOD_new;
-+		ECDSA_METHOD_free;
-+		ECDSA_METHOD_set_app_data;
-+		ECDSA_METHOD_get_app_data;
-+		ECDSA_METHOD_set_sign;
-+		ECDSA_METHOD_set_sign_setup;
-+		ECDSA_METHOD_set_verify;
-+		ECDSA_METHOD_set_flags;
-+		ECDSA_METHOD_set_name;
-+		EVP_des_ede3_wrap;
-+		EVP_aes_128_wrap;
-+		EVP_aes_192_wrap;
-+		EVP_aes_256_wrap;
-+		EVP_aes_128_cbc_hmac_sha256;
-+		EVP_aes_256_cbc_hmac_sha256;
-+		CRYPTO_128_wrap;
-+		CRYPTO_128_unwrap;
-+		OCSP_REQ_CTX_nbio;
-+		OCSP_REQ_CTX_new;
-+		OCSP_set_max_response_length;
-+		OCSP_REQ_CTX_i2d;
-+		OCSP_REQ_CTX_nbio_d2i;
-+		OCSP_REQ_CTX_get0_mem_bio;
-+		OCSP_REQ_CTX_http;
-+		RSA_padding_add_PKCS1_OAEP_mgf1;
-+		RSA_padding_check_PKCS1_OAEP_mgf1;
-+		RSA_OAEP_PARAMS_free;
-+		RSA_OAEP_PARAMS_it;
-+		RSA_OAEP_PARAMS_new;
-+		SSL_get_sigalgs;
-+		SSL_get_shared_sigalgs;
-+		SSL_check_chain;
-+		X509_chain_up_ref;
-+		X509_http_nbio;
-+		X509_CRL_http_nbio;
-+		X509_REVOKED_dup;
-+		i2d_re_X509_tbs;
-+		X509_get0_signature;
-+		X509_get_signature_nid;
-+		X509_CRL_diff;
-+		X509_chain_check_suiteb;
-+		X509_CRL_check_suiteb;
-+		X509_check_host;
-+		X509_check_email;
-+		X509_check_ip;
-+		X509_check_ip_asc;
-+		X509_STORE_set_lookup_crls_cb;
-+		X509_STORE_CTX_get0_store;
-+		X509_VERIFY_PARAM_set1_host;
-+		X509_VERIFY_PARAM_add1_host;
-+		X509_VERIFY_PARAM_set_hostflags;
-+		X509_VERIFY_PARAM_get0_peername;
-+		X509_VERIFY_PARAM_set1_email;
-+		X509_VERIFY_PARAM_set1_ip;
-+		X509_VERIFY_PARAM_set1_ip_asc;
-+		X509_VERIFY_PARAM_get0_name;
-+		X509_VERIFY_PARAM_get_count;
-+		X509_VERIFY_PARAM_get0;
-+		X509V3_EXT_free;
-+		EC_GROUP_get_mont_data;
-+		EC_curve_nid2nist;
-+		EC_curve_nist2nid;
-+		PEM_write_bio_DHxparams;
-+		PEM_write_DHxparams;
-+		SSL_CTX_add_client_custom_ext;
-+		SSL_CTX_add_server_custom_ext;
-+		SSL_extension_supported;
-+		BUF_strnlen;
-+		sk_deep_copy;
-+		SSL_test_functions;
-+} OPENSSL_1.0.1d;
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.0 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-1.0.2a-x32-asm.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-1.0.2a-x32-asm.patch
deleted file mode 100644
index 1e5bfa17d6..0000000000
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-1.0.2a-x32-asm.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
-
-From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 21 Mar 2015 06:01:25 -0400
-Subject: [PATCH] crypto: use bigint in x86-64 perl
-
-Upstream-Status: Pending
-Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
-
-When building on x32 systems where the default type is 32bit, make sure
-we can transparently represent 64bit integers.  Otherwise we end up with
-build errors like:
-/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
-Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
-...
-ghash-x86_64.s: Assembler messages:
-ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
-
-We don't enable this globally as there are some cases where we'd get
-32bit values interpreted as unsigned when we need them as signed.
-
-Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
-URL: https://bugs.gentoo.org/542618
----
- crypto/perlasm/x86_64-xlate.pl | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
-index aae8288..0bf9774 100755
---- a/crypto/perlasm/x86_64-xlate.pl
-+++ b/crypto/perlasm/x86_64-xlate.pl
-@@ -195,6 +195,10 @@ my %globals;
-     sub out {
-     	my $self = shift;
- 
-+	# When building on x32 ABIs, the expanded hex value might be too
-+	# big to fit into 32bits.  Enable transparent 64bit support here
-+	# so we can safely print it out.
-+	use bigint;
- 	if ($gas) {
- 	    # Solaris /usr/ccs/bin/as can't handle multiplications
- 	    # in $self->{value}
--- 
-2.3.3
-
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-Fix-build-with-clang-using-external-assembler.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch
index 2270962a6f..2270962a6f 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-Fix-build-with-clang-using-external-assembler.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-Fix-build-with-clang-using-external-assembler.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch
index dd1a9b1dd2..dd1a9b1dd2 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/0001-openssl-force-soft-link-to-avoid-rare-race.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/0001-openssl-force-soft-link-to-avoid-rare-race.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch
index 249446a5bd..2122fa1fb4 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/Makefiles-ptest.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/Makefiles-ptest.patch
@@ -1,15 +1,28 @@
+From a176c69f4fdfbfa7e4ccb79d91c3b6602da7e69a Mon Sep 17 00:00:00 2001
+From: Anders Roxell <anders.roxell@enea.com>
+Date: Thu, 24 Apr 2014 19:28:25 +0200
+Subject: [PATCH 19/28] openssl: enable ptest support
+
 Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
 cross-compiled.
 
 Signed-off-by: Anders Roxell <anders.roxell@enea.com>
 Signed-off-by: Maxin B. John <maxin.john@enea.com>
 Upstream-Status: Pending
+
 ---
-Index: openssl-1.0.2/Makefile.org
-===================================================================
---- openssl-1.0.2.orig/Makefile.org
-+++ openssl-1.0.2/Makefile.org
-@@ -451,8 +451,16 @@ rehash.time: certs apps
+ Makefile.org       |  10 +-
+ Makefile.org.orig  |   7 +-
+ test/Makefile      |  13 +-
+ test/Makefile.orig | 987 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 1009 insertions(+), 8 deletions(-)
+ create mode 100644 test/Makefile.orig
+
+diff --git a/Makefile.org b/Makefile.org
+index 111fbba..8e7936c 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -468,8 +468,16 @@ rehash.time: certs apps
  test:   tests
  
  tests: rehash
@@ -27,11 +40,11 @@ Index: openssl-1.0.2/Makefile.org
  	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
  
  report:
-Index: openssl-1.0.2/test/Makefile
-===================================================================
---- openssl-1.0.2.orig/test/Makefile
-+++ openssl-1.0.2/test/Makefile
-@@ -137,7 +137,7 @@ tests:	exe apps $(TESTS)
+diff --git a/test/Makefile b/test/Makefile
+index a1f7eeb..b2984c4 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -150,7 +150,7 @@ tests:	exe apps $(TESTS)
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
  
@@ -40,9 +53,9 @@ Index: openssl-1.0.2/test/Makefile
  	test_des test_idea test_sha test_md4 test_md5 test_hmac \
  	test_md2 test_mdc2 test_wp \
  	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
-@@ -148,6 +148,11 @@ alltests: \
- 	test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
- 	test_constant_time
+@@ -162,6 +162,11 @@ alltests: \
+ 	test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
+ 	test_dtls test_bad_dtls test_fatalerr
  
 +alltests:
 +	@(for i in $(all-tests); do \
@@ -52,7 +65,7 @@ Index: openssl-1.0.2/test/Makefile
  test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
  	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
  
-@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
+@@ -230,7 +235,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pe
  	echo test second x509v3 certificate
  	sh ./tx509 v3-cert2.pem 2>/dev/null
  
@@ -61,7 +74,7 @@ Index: openssl-1.0.2/test/Makefile
  	@sh ./trsa 2>/dev/null
  	../util/shlib_wrap.sh ./$(RSATEST)
  
-@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
+@@ -331,11 +336,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
  	  sh ./testtsa; \
  	fi
  
@@ -75,3 +88,6 @@ Index: openssl-1.0.2/test/Makefile
  	@echo "Test JPAKE"
  	../util/shlib_wrap.sh ./$(JPAKETEST)
  
+-- 
+2.15.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch
index 58c9ee7844..58c9ee7844 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/Use-SHA256-not-MD5-as-default-digest.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/Use-SHA256-not-MD5-as-default-digest.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/configure-musl-target.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch
index f357b3f59f..f357b3f59f 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/configure-musl-target.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-musl-target.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch
index 1e01589722..1e01589722 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/configure-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/configure-targets.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch
index 68e54d561e..3820e3e306 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/c_rehash-compat.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/c_rehash-compat.patch
@@ -5,10 +5,10 @@ Subject: [PATCH] also create old hash for compatibility
 
 Upstream-Status: Backport [debian]
 
-diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index b086ff9..b777d79 100644
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
+Index: openssl-1.0.2n/tools/c_rehash.in
+===================================================================
+--- openssl-1.0.2n.orig/tools/c_rehash.in
++++ openssl-1.0.2n/tools/c_rehash.in
 @@ -8,8 +8,6 @@ my $prefix;
  
  my $openssl = $ENV{OPENSSL} || "openssl";
@@ -48,7 +48,7 @@ index b086ff9..b777d79 100644
  		$fname =~ s/'/'\\''/g;
  		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
  		chomp $hash;
-@@ -176,11 +174,21 @@ sub link_hash_cert {
+@@ -177,10 +175,20 @@ sub link_hash_cert {
  		$hashlist{$hash} = $fprint;
  }
  
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
index fb745e4394..fb745e4394 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/ca.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/ca.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch
index 39d4328184..35d92bedb7 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/debian-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/debian-targets.patch
@@ -1,12 +1,12 @@
 Upstream-Status: Backport [debian]
 
-Index: openssl-1.0.2/Configure
+Index: openssl-1.0.2n/Configure
 ===================================================================
---- openssl-1.0.2.orig/Configure
-+++ openssl-1.0.2/Configure
-@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic
- 
- my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
+--- openssl-1.0.2n.orig/Configure
++++ openssl-1.0.2n/Configure
+@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-pa
+ # Warn that "make depend" should be run?
+ my $warn_make_depend = 0;
  
 +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
 +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
@@ -15,7 +15,7 @@ Index: openssl-1.0.2/Configure
  my $strict_warnings = 0;
  
  my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -343,6 +347,55 @@ my %table=(
+@@ -369,6 +373,55 @@ my %table=(
  "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
  "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
  
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch
index 4085e3b1d7..4085e3b1d7 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/man-dir.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-dir.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch
index 21c1d1a4eb..21c1d1a4eb 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/man-section.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/man-section.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch
index 1ccb3b86ee..1ccb3b86ee 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/no-rpath.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-rpath.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch
index cc4408ab7d..cc4408ab7d 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/no-symbolic.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/no-symbolic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch
index bfda3888bf..bfda3888bf 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian/pic.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian/pic.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch
index c43bcd1c77..c43bcd1c77 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/block_digicert_malaysia.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_digicert_malaysia.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch
index d81e22cd8d..d81e22cd8d 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/block_diginotar.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/block_diginotar.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/soname.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch
index 09dd9eaf86..09dd9eaf86 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/soname.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/soname.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch
index e404ee3312..e404ee3312 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/debian1.0.2/version-script.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/debian1.0.2/version-script.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch
index a5746483e6..a5746483e6 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/engines-install-in-libdir-ssl.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/engines-install-in-libdir-ssl.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/find.pl b/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl
index 8e1b42c88a..8e1b42c88a 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/find.pl
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/find.pl
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch
index 292e13dc5f..292e13dc5f 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/oe-ldflags.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/oe-ldflags.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh
index 6620fdcb53..6620fdcb53 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-c_rehash.sh
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-c_rehash.sh
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch
index de49729e5e..de49729e5e 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-fix-des.pod-error.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-fix-des.pod-error.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-util-perlpath.pl-cwd.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch
index 065b9b122a..065b9b122a 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl-util-perlpath.pl-cwd.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl-util-perlpath.pl-cwd.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch
index 0f08a642f6..0f08a642f6 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/openssl_fix_for_x32.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/openssl_fix_for_x32.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/parallel.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch
index f3f4c99888..e5413bf389 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/parallel.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/parallel.patch
@@ -1,4 +1,7 @@
-Fix the parallel races in the Makefiles.
+From 7fb1192f112c1920bfd39f4185f34e9afff3cff2 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Sat, 5 Mar 2016 00:12:02 +0000
+Subject: [PATCH 24/28] Fix the parallel races in the Makefiles.
 
 This patch was taken from the Gentoo packaging:
 https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
@@ -9,9 +12,82 @@ Signed-off-by: Ross Burton <ross.burton@intel.com>
 Refreshed for 1.0.2i
 Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
 
---- openssl-1.0.2g/crypto/Makefile
-+++ openssl-1.0.2g/crypto/Makefile
-@@ -85,11 +85,11 @@
+---
+ Makefile.org          |  14 +-
+ Makefile.org.orig     |  10 +-
+ Makefile.shared       |   2 +
+ Makefile.shared.orig  | 655 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ crypto/Makefile       |  10 +-
+ engines/Makefile      |   6 +-
+ engines/Makefile.orig | 338 ++++++++++++++++++++++++++
+ test/Makefile         |  92 +++----
+ test/Makefile.orig    |  88 ++++---
+ 9 files changed, 1108 insertions(+), 107 deletions(-)
+ create mode 100644 Makefile.shared.orig
+ create mode 100644 engines/Makefile.orig
+
+diff --git a/Makefile.org b/Makefile.org
+index 8e7936c..ed98d2a 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -283,17 +283,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
+ build_libssl: build_ssl libssl.pc
+ 
+ build_crypto:
+-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
++	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
++	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
++	+@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
++	+@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
++	+@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
++	+@dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -565,7 +565,7 @@ install_sw:
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
++	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+diff --git a/Makefile.shared b/Makefile.shared
+index f6f92e7..8164186 100644
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -105,6 +105,7 @@ LINK_SO=	\
+     SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+ 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@ SYMLINK_SO=	\
+ 			done; \
+ 		fi; \
+ 		if [ -n "$$SHLIB_SOVER" ]; then \
++			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ 		fi; \
+diff --git a/crypto/Makefile b/crypto/Makefile
+index 17a87f8..29c2dcf 100644
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -85,11 +85,11 @@ testapps:
  	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
  
  subdirs:
@@ -25,7 +101,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  
  links:
  	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
+@@ -100,7 +100,7 @@ links:
  # lib: $(LIB): are splitted to avoid end-less loop
  lib:	$(LIB)
  	@touch lib
@@ -34,7 +110,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  	$(AR) $(LIB) $(LIBOBJ)
  	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
  	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
+@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
  	fi
  
  libs:
@@ -43,7 +119,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  
  install:
  	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
+@@ -120,7 +120,7 @@ install:
  	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
  	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
  	done;
@@ -52,9 +128,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  
  lint:
  	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2g/engines/Makefile
-+++ openssl-1.0.2g/engines/Makefile
-@@ -72,7 +72,7 @@
+diff --git a/engines/Makefile b/engines/Makefile
+index fe8e9ca..a43d21b 100644
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@ top:
  
  all:	lib subdirs
  
@@ -63,7 +141,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  	@if [ -n "$(SHARED_LIBS)" ]; then \
  		set -e; \
  		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
+@@ -89,7 +89,7 @@ lib:	$(LIBOBJ)
  
  subdirs:
  	echo $(EDIRS)
@@ -72,8 +150,8 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  
  files:
  	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+@@ -128,7 +128,7 @@ install:
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
  		done; \
  	fi
 -	@target=install; $(RECURSIVE_MAKE)
@@ -81,62 +159,11 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  
  tags:
  	ctags $(SRC)
---- openssl-1.0.2g/Makefile.org
-+++ openssl-1.0.2g/Makefile.org
-@@ -279,17 +279,17 @@
- build_libssl: build_ssl libssl.pc
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -544,7 +544,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
---- openssl-1.0.2g/Makefile.shared
-+++ openssl-1.0.2g/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- openssl-1.0.2g/test/Makefile
-+++ openssl-1.0.2g/test/Makefile
-@@ -144,7 +144,7 @@
+diff --git a/test/Makefile b/test/Makefile
+index 40abd60..78d3788 100644
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -145,7 +145,7 @@ install:
  tags:
  	ctags $(SRC)
  
@@ -145,7 +172,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -438,136 +438,136 @@
+@@ -444,139 +444,139 @@ BUILD_CMD_STATIC=shlib_target=; \
  		link_app.$${shlib_target}
  
  $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -316,6 +343,9 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
 -	@target=$(BADDTLSTEST) $(BUILD_CMD)
 +	+@target=$(BADDTLSTEST) $(BUILD_CMD)
  
+ $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+ 	@target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+ 
  $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
 -	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
 +	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
@@ -326,7 +356,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
  
  #$(AESTEST).o: $(AESTEST).c
  #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -580,6 +580,6 @@
+@@ -589,7 +589,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
@@ -334,4 +364,7 @@ Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
 +	+@target=dummytest; $(BUILD_CMD)
  
  # DO NOT DELETE THIS LINE -- make depend depends on it.
- 
\ No newline at end of file
+ 
+-- 
+2.15.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch
index ef6d17934d..ef6d17934d 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/ptest-deps.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest-deps.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/ptest_makefile_deps.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch
index 4202e61d1e..4202e61d1e 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/ptest_makefile_deps.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/ptest_makefile_deps.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch
new file mode 100644
index 0000000000..2803cb0393
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-cflags.patch
@@ -0,0 +1,20 @@
+Allow passing custom c-flags to mkbuildinf.pl in order to pass
+flags without any build host references
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+--- Makefile	2018-03-06 14:50:18.342138147 -0800
++++ Makefile	2018-03-06 15:24:04.794239071 -0800
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -55,7 +55,7 @@
+ all: shared
+ 
+ buildinf.h: ../Makefile
+-	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
++	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC_INFO)" "$(PLATFORM)" >buildinf.h
+ 
+ x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
+ 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch
new file mode 100644
index 0000000000..b556731219
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/reproducible-mkbuildinf.patch
@@ -0,0 +1,21 @@
+If SOURCE_DATE_EPOCH is present in the environment, use it as build date.
+Also make sure to use UTC time.
+
+Upstream-Status: Backport [ https://github.com/openssl/openssl/blob/master/util/mkbuildinf.pl ]
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+--- mkbuildinf.pl	2018-03-06 14:20:09.438048058 -0800
++++ mkbuildinf.pl	2018-03-06 14:19:20.722045632 -0800
+--- a/util/mkbuildinf.pl
++++ b/util/mkbuildinf.pl
+@@ -3,7 +3,8 @@
+ my ($cflags, $platform) = @ARGV;
+ 
+ $cflags = "compiler: $cflags";
+-$date = localtime();
++my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC";
++
+ print <<"END_OUTPUT";
+ #ifndef MK1MF_BUILD
+     /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/run-ptest b/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest
index 3b20fce1ee..3b20fce1ee 100755
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/run-ptest
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/run-ptest
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.2l/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch
index a7ca0a3078..a7ca0a3078 100644
--- a/meta/recipes-connectivity/openssl/openssl-1.0.2l/shared-libs.patch
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.2o/shared-libs.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch b/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch
deleted file mode 100644
index 736bb39acd..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-Remove-test-that-requires-running-as-non-root.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 3fdb1e2a16ea405c6731447a8994f222808ef7e6 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Fri, 7 Apr 2017 18:01:52 +0300
-Subject: [PATCH] Remove test that requires running as non-root
-
-Upstream-Status: Inappropriate [oe-core specific]
-Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
----
- test/recipes/40-test_rehash.t | 17 +----------------
- 1 file changed, 1 insertion(+), 16 deletions(-)
-
-diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t
-index f902c23..c7567c1 100644
---- a/test/recipes/40-test_rehash.t
-+++ b/test/recipes/40-test_rehash.t
-@@ -23,7 +23,7 @@ setup("test_rehash");
- plan skip_all => "test_rehash is not available on this platform"
-     unless run(app(["openssl", "rehash", "-help"]));
- 
--plan tests => 5;
-+plan tests => 3;
- 
- indir "rehash.$$" => sub {
-     prepare();
-@@ -42,21 +42,6 @@ indir "rehash.$$" => sub {
-        'Testing rehash operations on empty directory');
- }, create => 1, cleanup => 1;
- 
--indir "rehash.$$" => sub {
--    prepare();
--    chmod 0500, curdir();
--  SKIP: {
--      if (!ok(!open(FOO, ">unwritable.txt"),
--              "Testing that we aren't running as a privileged user, such as root")) {
--          close FOO;
--          skip "It's pointless to run the next test as root", 1;
--      }
--      isnt(run(app(["openssl", "rehash", curdir()])), 1,
--           'Testing rehash operations on readonly directory');
--    }
--    chmod 0700, curdir();       # make it writable again, so cleanup works
--}, create => 1, cleanup => 1;
--
- sub prepare {
-     my @pemsourcefiles = sort glob(srctop_file('test', "*.pem"));
-     my @destfiles = ();
--- 
-2.11.0
-
diff --git a/meta/recipes-connectivity/openssl/openssl10.inc b/meta/recipes-connectivity/openssl/openssl10.inc
index a710e9e25a..800910aa09 100644
--- a/meta/recipes-connectivity/openssl/openssl10.inc
+++ b/meta/recipes-connectivity/openssl/openssl10.inc
@@ -151,11 +151,15 @@ do_configure () {
         if [ "x$useprefix" = "x" ]; then
                 useprefix=/
         fi        
-	perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename ${libdir}` $target
+	libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
+	perl ./Configure ${EXTRA_OECONF} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=${libdirleaf} $target
 }
 
 do_compile_prepend_class-target () {
     sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
+    oe_runmake depend
+	cc_sanitized=`echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g'`
+	oe_runmake CC_INFO="${cc_sanitized}"
 }
 
 do_compile () {
@@ -255,6 +259,12 @@ do_install_ptest () {
 	for d in ssltest_old v3ext x509aux; do
 		rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
 	done
+
+	# Remove build host references
+	sed -i \
+       -e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
+       -e 's|${DEBUG_PREFIX_MAP}||g' \
+       ${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
 }
 
 do_install_append_class-native() {
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
deleted file mode 100644
index c537aa4cd0..0000000000
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2l.bb
+++ /dev/null
@@ -1,60 +0,0 @@
-require openssl10.inc
-
-# For target side versions of openssl enable support for OCF Linux driver
-# if they are available.
-
-CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
-CFLAG_append_class-native = " -fPIC"
-
-LIC_FILES_CHKSUM = "file://LICENSE;md5=057d9218c6180e1d9ee407572b2dd225"
-
-export DIRS = "crypto ssl apps engines"
-export OE_LDFLAGS="${LDFLAGS}"
-
-SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
-            file://run-ptest \
-            file://openssl-c_rehash.sh \
-            file://configure-targets.patch \
-            file://shared-libs.patch \
-            file://oe-ldflags.patch \
-            file://engines-install-in-libdir-ssl.patch \
-            file://debian1.0.2/block_diginotar.patch \
-            file://debian1.0.2/block_digicert_malaysia.patch \
-            file://debian/ca.patch \
-            file://debian/c_rehash-compat.patch \
-            file://debian/debian-targets.patch \
-            file://debian/man-dir.patch \
-            file://debian/man-section.patch \
-            file://debian/no-rpath.patch \
-            file://debian/no-symbolic.patch \
-            file://debian/pic.patch \
-            file://debian1.0.2/version-script.patch \
-            file://debian1.0.2/soname.patch \
-            file://openssl_fix_for_x32.patch \
-            file://openssl-fix-des.pod-error.patch \
-            file://Makefiles-ptest.patch \
-            file://ptest-deps.patch \
-            file://openssl-1.0.2a-x32-asm.patch \
-            file://ptest_makefile_deps.patch \
-            file://configure-musl-target.patch \
-            file://parallel.patch \
-            file://openssl-util-perlpath.pl-cwd.patch \
-            file://Use-SHA256-not-MD5-as-default-digest.patch \
-            file://0001-Fix-build-with-clang-using-external-assembler.patch \
-            file://0001-openssl-force-soft-link-to-avoid-rare-race.patch  \
-            "
-SRC_URI[md5sum] = "f85123cd390e864dfbe517e7616e6566"
-SRC_URI[sha256sum] = "ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c"
-
-PACKAGES =+ "${PN}-engines"
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-
-# The crypto_use_bigint patch means that perl's bignum module needs to be
-# installed, but some distributions (for example Fedora 23) don't ship it by
-# default.  As the resulting error is very misleading check for bignum before
-# building.
-do_configure_prepend() {
-	if ! perl -Mbigint -e true; then
-		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
-	fi
-}
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
new file mode 100644
index 0000000000..413ebf37f4
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2o.bb
@@ -0,0 +1,64 @@
+require openssl10.inc
+
+# For target side versions of openssl enable support for OCF Linux driver
+# if they are available.
+
+CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
+CFLAG_append_class-native = " -fPIC"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
+
+export DIRS = "crypto ssl apps engines"
+export OE_LDFLAGS="${LDFLAGS}"
+
+SRC_URI += "file://find.pl;subdir=openssl-${PV}/util/ \
+           file://run-ptest \
+           file://openssl-c_rehash.sh \
+           file://configure-targets.patch \
+           file://shared-libs.patch \
+           file://oe-ldflags.patch \
+           file://engines-install-in-libdir-ssl.patch \
+           file://debian1.0.2/block_diginotar.patch \
+           file://debian1.0.2/block_digicert_malaysia.patch \
+           file://debian/ca.patch \
+           file://debian/c_rehash-compat.patch \
+           file://debian/debian-targets.patch \
+           file://debian/man-dir.patch \
+           file://debian/man-section.patch \
+           file://debian/no-rpath.patch \
+           file://debian/no-symbolic.patch \
+           file://debian/pic.patch \
+           file://debian1.0.2/version-script.patch \
+           file://debian1.0.2/soname.patch \
+           file://openssl_fix_for_x32.patch \
+           file://openssl-fix-des.pod-error.patch \
+           file://Makefiles-ptest.patch \
+           file://ptest-deps.patch \
+           file://ptest_makefile_deps.patch \
+           file://configure-musl-target.patch \
+           file://parallel.patch \
+           file://openssl-util-perlpath.pl-cwd.patch \
+           file://Use-SHA256-not-MD5-as-default-digest.patch \
+           file://0001-Fix-build-with-clang-using-external-assembler.patch \
+           file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
+           "
+
+SRC_URI_append_class-target = "\
+           file://reproducible-cflags.patch \
+           file://reproducible-mkbuildinf.patch \
+           "
+SRC_URI[md5sum] = "44279b8557c3247cbe324e2322ecd114"
+SRC_URI[sha256sum] = "ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d"
+
+PACKAGES =+ "${PN}-engines"
+FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
+
+# The crypto_use_bigint patch means that perl's bignum module needs to be
+# installed, but some distributions (for example Fedora 23) don't ship it by
+# default.  As the resulting error is very misleading check for bignum before
+# building.
+do_configure_prepend() {
+	if ! perl -Mbigint -e true; then
+		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
+	fi
+}
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
index 711a95985a..6937cc4649 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.0f.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.0h.bb
@@ -6,19 +6,18 @@ SECTION = "libs/network"
 
 # "openssl | SSLeay" dual license
 LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=cae6da10f4ffd9703214776d2aabce32"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
 
 BBCLASSEXTEND = "native nativesdk"
 
-SRC_URI[md5sum] = "7b521dea79ab159e8ec879d2333369fa"
-SRC_URI[sha256sum] = "12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765"
+SRC_URI[md5sum] = "5271477e4d93f4ea032b665ef095ff24"
+SRC_URI[sha256sum] = "5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517"
 
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://run-ptest \
            file://openssl-c_rehash.sh \
            file://0001-Take-linking-flags-from-LDFLAGS-env-var.patch \
-           file://0001-Remove-test-that-requires-running-as-non-root.patch \
-          "
+           "
 
 S = "${WORKDIR}/openssl-${PV}"
 
@@ -109,7 +108,8 @@ do_configure () {
         if [ "x$useprefix" = "x" ]; then
                 useprefix=/
         fi
-	perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=`basename ${libdir}` $target
+	libdirleaf="$(echo ${libdir} | sed s:$useprefix::)"
+	perl ./Configure ${EXTRA_OECONF} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdirleaf} $target
 }
 
 #| engines/afalg/e_afalg.c: In function 'eventfd':
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
index 5c9e5d33a7..35a1aa639e 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa-supplicant.sh
@@ -4,6 +4,7 @@
 WPA_SUP_BIN="/usr/sbin/wpa_supplicant"
 WPA_SUP_PNAME="wpa_supplicant"
 WPA_SUP_PIDFILE="/var/run/wpa_supplicant.$IFACE.pid"
+WPA_COMMON_CTRL_IFACE="/var/run/wpa_supplicant"
 WPA_SUP_OPTIONS="-B -P $WPA_SUP_PIDFILE -i $IFACE"
 
 VERBOSITY=0
diff --git a/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb b/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb
new file mode 100644
index 0000000000..a83620e859
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox-inittab_1.24.1.bb
@@ -0,0 +1,32 @@
+SUMMARY = "inittab configuration for BusyBox"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+
+SRC_URI = "file://inittab"
+
+S = "${WORKDIR}"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+do_compile() {
+	:
+}
+
+do_install() {
+    install -d ${D}${sysconfdir}
+    install -D -m 0644 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
+    tmp="${SERIAL_CONSOLES}"
+    for i in $tmp
+    do
+            j=`echo ${i} | sed s/\;/\ /g`
+            id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'`
+            echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
+    done
+}
+
+# SERIAL_CONSOLES is generally defined by the MACHINE .conf.
+# Set PACKAGE_ARCH appropriately.
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+FILES_${PN} = "${sysconfdir}/inittab"
+CONFFILES_${PN} = "${sysconfdir}/inittab"
diff --git a/meta/recipes-core/busybox/busybox.inc b/meta/recipes-core/busybox/busybox.inc
index 48910ca33a..a6bfd46b67 100644
--- a/meta/recipes-core/busybox/busybox.inc
+++ b/meta/recipes-core/busybox/busybox.inc
@@ -48,6 +48,8 @@ CONFFILES_${PN}-mdev = "${sysconfdir}/mdev.conf"
 
 RRECOMMENDS_${PN} = "${PN}-syslog ${PN}-udhcpc"
 
+RDEPENDS_${PN} = "${@["", "busybox-inittab"][(d.getVar('VIRTUAL-RUNTIME_init_manager') == 'busybox')]}"
+
 inherit cml1 systemd update-rc.d ptest
 
 # internal helper
@@ -292,16 +294,6 @@ do_install () {
                 install -D -m 0777 ${WORKDIR}/rcS ${D}${sysconfdir}/init.d/rcS
                 install -D -m 0777 ${WORKDIR}/rcK ${D}${sysconfdir}/init.d/rcK
                 install -D -m 0755 ${WORKDIR}/runlevel ${D}${base_sbindir}/runlevel
-                if grep "CONFIG_FEATURE_USE_INITTAB=y" ${B}/.config; then
-                        install -D -m 0777 ${WORKDIR}/inittab ${D}${sysconfdir}/inittab
-                        tmp="${SERIAL_CONSOLES}"
-                        for i in $tmp
-                        do
-                                j=`echo ${i} | sed s/\;/\ /g`
-                                id=`echo ${i} | sed -e 's/^.*;//' -e 's/;.*//'`
-                                echo "$id::respawn:${base_sbindir}/getty ${j}" >> ${D}${sysconfdir}/inittab
-                        done
-                fi
         fi
 
     if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
diff --git a/meta/recipes-core/expat/expat.inc b/meta/recipes-core/expat/expat.inc
index 0ee6c276d9..b815f736ff 100644
--- a/meta/recipes-core/expat/expat.inc
+++ b/meta/recipes-core/expat/expat.inc
@@ -9,7 +9,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \
            file://libtool-tag.patch \
 	  "
 
-SRC_URI_append_class-native = " file://no_getrandom.patch"
+SRC_URI[md5sum] = "789e297f547980fc9ecc036f9a070d49"
+SRC_URI[sha256sum] = "d9dc32efba7e74f788fcc4f212a43216fc37cf5f23f4c2339664d473353aedf6"
 
 inherit autotools lib_package
 
diff --git a/meta/recipes-core/expat/expat/no_getrandom.patch b/meta/recipes-core/expat/expat/no_getrandom.patch
deleted file mode 100644
index d64f1bf113..0000000000
--- a/meta/recipes-core/expat/expat/no_getrandom.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-The native version of expat may be used on older systems which dont have glibc 2.25
-and hence don't have getrandom() thanks to uninative. Disable the libc call and
-use the syscall instead to avoid a compatibility issue until we have 2.25 everywhere
-we support with uninative.
-
-RP
-2017/8/14
-
-Upstream-Status: Inappropriate
-
-Index: expat-2.2.3/configure.ac
-===================================================================
---- expat-2.2.3.orig/configure.ac
-+++ expat-2.2.3/configure.ac
-@@ -151,7 +151,7 @@ AC_LINK_IFELSE([AC_LANG_SOURCE([
-   #include <stdlib.h>  /* for NULL */
-   #include <sys/random.h>
-   int main() {
--    return getrandom(NULL, 0U, 0U);
-+    return getrandomBREAKME(NULL, 0U, 0U);
-   }
- ])], [
-     AC_DEFINE([HAVE_GETRANDOM], [1],
diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc
index 8434b7dae3..4cdf1411e8 100644
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -121,6 +121,12 @@ do_install_append_class-target () {
 	fi
 }
 
+RDEPENDS_${PN}-codegen += "\
+            python3 \
+            python3-distutils \
+            python3-xml \
+           "
+
 RDEPENDS_${PN}-ptest += "\
             dbus \
             gnome-desktop-testing \
diff --git a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb
index 2782bd95c4..0ba6c8d835 100644
--- a/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb
+++ b/meta/recipes-core/glib-networking/glib-networking_2.50.0.bb
@@ -1,6 +1,6 @@
 SUMMARY = "GLib networking extensions"
 DESCRIPTION = "glib-networking contains the implementations of certain GLib networking features that cannot be implemented directly in GLib itself because of their dependencies."
-HOMEPAGE = "http://git.gnome.org/browse/glib-networking/"
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/glib-networking/"
 BUGTRACKER = "http://bugzilla.gnome.org"
 
 LICENSE = "LGPLv2"
diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.26.bb b/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
index fc5d70dbb9..744085f413 100644
--- a/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
+++ b/meta/recipes-core/glibc/cross-localedef-native_2.26.bb
@@ -21,7 +21,7 @@ SRCBRANCH ?= "release/${PV}/master"
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)"
 
-SRCREV_glibc ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369"
+SRCREV_glibc ?= "d300041c533a3d837c9f37a099bcc95466860e98"
 SRCREV_localedef ?= "dfb4afe551c6c6e94f9cc85417bd1f582168c843"
 
 SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
@@ -35,6 +35,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0021-eglibc-Install-PIC-archives.patch \
            file://0022-eglibc-Forward-port-cross-locale-generation-support.patch \
            file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \
+           file://archive-path.patch \
 "
 # Makes for a rather long rev (22 characters), but...
 #
diff --git a/meta/recipes-core/glibc/glibc-locale.inc b/meta/recipes-core/glibc/glibc-locale.inc
index 1a629fc69d..b3cb10b87a 100644
--- a/meta/recipes-core/glibc/glibc-locale.inc
+++ b/meta/recipes-core/glibc/glibc-locale.inc
@@ -39,7 +39,6 @@ PACKAGES = "localedef ${PN}-dbg"
 
 PACKAGES_DYNAMIC = "^locale-base-.* \
                     ^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \
-                    ^glibc-gconv-.*  ^glibc-charmap-.*  ^glibc-localedata-.*  ^glibc-binary-localedata-.* \
                     ^${MLPREFIX}glibc-gconv$"
 
 # Create a glibc-binaries package
diff --git a/meta/recipes-core/glibc/glibc-package.inc b/meta/recipes-core/glibc/glibc-package.inc
index df3db2cc45..b6d80745cc 100644
--- a/meta/recipes-core/glibc/glibc-package.inc
+++ b/meta/recipes-core/glibc/glibc-package.inc
@@ -113,15 +113,15 @@ do_install_append () {
 }
 
 do_install_append_aarch64 () {
-	if [ "${base_libdir}" != "/lib" ] ; then
+	if [ "${base_libdir}" != "${nonarch_base_libdir}" ]; then
 		# The aarch64 ABI says the dynamic linker -must- be /lib/ld-linux-aarch64[_be].so.1
-		install -d ${D}/lib
+		install -d ${D}${nonarch_base_libdir}
 		if [ -e ${D}${base_libdir}/ld-linux-aarch64.so.1 ]; then
-			ln -s ${@base_path_relative('/lib', '${base_libdir}')}/ld-linux-aarch64.so.1 \
-				${D}/lib/ld-linux-aarch64.so.1
+			ln -s ${@base_path_relative('${nonarch_base_libdir}', '${base_libdir}')}/ld-linux-aarch64.so.1 \
+				${D}${nonarch_base_libdir}/ld-linux-aarch64.so.1
 		elif [ -e ${D}${base_libdir}/ld-linux-aarch64_be.so.1 ]; then
-			ln -s ${@base_path_relative('/lib', '${base_libdir}')}/ld-linux-aarch64_be.so.1 \
-				${D}/lib/ld-linux-aarch64_be.so.1
+			ln -s ${@base_path_relative('${nonarch_base_libdir}', '${base_libdir}')}/ld-linux-aarch64_be.so.1 \
+				${D}${nonarch_base_libdir}/ld-linux-aarch64_be.so.1
 		fi
 	fi
 	do_install_armmultilib
diff --git a/meta/recipes-core/glibc/glibc/0029-assert-Support-types-without-operator-int-BZ-21972.patch b/meta/recipes-core/glibc/glibc/0029-assert-Support-types-without-operator-int-BZ-21972.patch
new file mode 100644
index 0000000000..3c7050f078
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0029-assert-Support-types-without-operator-int-BZ-21972.patch
@@ -0,0 +1,194 @@
+Upstream-Status: Backport
+
+* fixes "lambda-expression in unevaluated context" compile failures such as
+  https://github.com/nlohmann/json/issues/705
+
+* fixes "no match for 'operator==" compile failures such as
+  https://bugzilla.redhat.com/show_bug.cgi?id=1482990
+
+* Changelog edit was removed from upstream commit because it caused conflict
+
+Signed-off-by: S. Lockwood-Childs <sjl@vctlabs.com>
+
+From b5889d25e9bf944a89fdd7bcabf3b6c6f6bb6f7c Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 21 Aug 2017 13:03:29 +0200
+Subject: [PATCH] assert: Support types without operator== (int) [BZ #21972]
+
+---
+ assert/Makefile          | 11 ++++++-
+ assert/assert.h          | 16 ++++++----
+ assert/tst-assert-c++.cc | 78 ++++++++++++++++++++++++++++++++++++++++++++++++
+ assert/tst-assert-g++.cc | 19 ++++++++++++
+ 4 files changed, 128 insertions(+), 7 deletions(-)
+ create mode 100644 assert/tst-assert-c++.cc
+ create mode 100644 assert/tst-assert-g++.cc
+
+diff --git a/assert/Makefile b/assert/Makefile
+index 1c3be9b..9ec1be8 100644
+--- a/assert/Makefile
++++ b/assert/Makefile
+@@ -25,6 +25,15 @@ include ../Makeconfig
+ headers	:= assert.h
+ 
+ routines := assert assert-perr __assert
+-tests := test-assert test-assert-perr
++tests := test-assert test-assert-perr tst-assert-c++ tst-assert-g++
+ 
+ include ../Rules
++
++ifeq ($(have-cxx-thread_local),yes)
++CFLAGS-tst-assert-c++.o = -std=c++11
++LDLIBS-tst-assert-c++ = -lstdc++
++CFLAGS-tst-assert-g++.o = -std=gnu++11
++LDLIBS-tst-assert-g++ = -lstdc++
++else
++tests-unsupported += tst-assert-c++ tst-assert-g++
++endif
+diff --git a/assert/assert.h b/assert/assert.h
+index 6801cfe..640c95c 100644
+--- a/assert/assert.h
++++ b/assert/assert.h
+@@ -85,7 +85,12 @@ __END_DECLS
+ /* When possible, define assert so that it does not add extra
+    parentheses around EXPR.  Otherwise, those added parentheses would
+    suppress warnings we'd expect to be detected by gcc's -Wparentheses.  */
+-# if !defined __GNUC__ || defined __STRICT_ANSI__
++# if defined __cplusplus
++#  define assert(expr)							\
++     (static_cast <bool> (expr)						\
++      ? void (0)							\
++      : __assert_fail (#expr, __FILE__, __LINE__, __ASSERT_FUNCTION))
++# elif !defined __GNUC__ || defined __STRICT_ANSI__
+ #  define assert(expr)							\
+     ((expr)								\
+      ? __ASSERT_VOID_CAST (0)						\
+@@ -93,12 +98,11 @@ __END_DECLS
+ # else
+ /* The first occurrence of EXPR is not evaluated due to the sizeof,
+    but will trigger any pedantic warnings masked by the __extension__
+-   for the second occurrence.  The explicit comparison against zero is
+-   required to support function pointers and bit fields in this
+-   context, and to suppress the evaluation of variable length
+-   arrays.  */
++   for the second occurrence.  The ternary operator is required to
++   support function pointers and bit fields in this context, and to
++   suppress the evaluation of variable length arrays.  */
+ #  define assert(expr)							\
+-  ((void) sizeof ((expr) == 0), __extension__ ({			\
++  ((void) sizeof ((expr) ? 1 : 0), __extension__ ({			\
+       if (expr)								\
+         ; /* empty */							\
+       else								\
+diff --git a/assert/tst-assert-c++.cc b/assert/tst-assert-c++.cc
+new file mode 100644
+index 0000000..12a5e69
+--- /dev/null
++++ b/assert/tst-assert-c++.cc
+@@ -0,0 +1,78 @@
++/* Tests for interactions between C++ and assert.
++   Copyright (C) 2017 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <assert.h>
++
++/* The C++ standard requires that if the assert argument is a constant
++   subexpression, then the assert itself is one, too.  */
++constexpr int
++check_constexpr ()
++{
++  return (assert (true), 1);
++}
++
++/* Objects of this class can be contextually converted to bool, but
++   cannot be compared to int.  */
++struct no_int
++{
++  no_int () = default;
++  no_int (const no_int &) = delete;
++
++  explicit operator bool () const
++  {
++    return true;
++  }
++
++  bool operator! () const; /* No definition.  */
++  template <class T> bool operator== (T) const; /* No definition.  */
++  template <class T> bool operator!= (T) const; /* No definition.  */
++};
++
++/* This class tests that operator== is not used by assert.  */
++struct bool_and_int
++{
++  bool_and_int () = default;
++  bool_and_int (const no_int &) = delete;
++
++  explicit operator bool () const
++  {
++    return true;
++  }
++
++  bool operator! () const; /* No definition.  */
++  template <class T> bool operator== (T) const; /* No definition.  */
++  template <class T> bool operator!= (T) const; /* No definition.  */
++};
++
++static int
++do_test ()
++{
++  {
++    no_int value;
++    assert (value);
++  }
++
++  {
++    bool_and_int value;
++    assert (value);
++  }
++
++  return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/assert/tst-assert-g++.cc b/assert/tst-assert-g++.cc
+new file mode 100644
+index 0000000..8c06402
+--- /dev/null
++++ b/assert/tst-assert-g++.cc
+@@ -0,0 +1,19 @@
++/* Tests for interactions between C++ and assert.  GNU C++11 version.
++   Copyright (C) 2017 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <tst-assert-c++.cc>
+-- 
+1.9.4
+
diff --git a/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch b/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch
new file mode 100644
index 0000000000..436c84778e
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch
@@ -0,0 +1,69 @@
+From af3054b3856379d353a779801678f330e1b58c9a Mon Sep 17 00:00:00 2001
+Message-Id: <af3054b3856379d353a779801678f330e1b58c9a.1490183611.git.panand@redhat.com>
+From: Pratyush Anand <panand@redhat.com>
+Date: Wed, 22 Mar 2017 17:02:38 +0530
+Subject: [PATCH] bits/siginfo-consts.h: enum definition for TRAP_HWBKPT is missing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Compile following linux kernel test code with latest glibc:
+
+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/breakpoints/breakpoint_test_arm64.c
+
+and we get following error:
+breakpoint_test_arm64.c: In function ‘run_test’:
+breakpoint_test_arm64.c:171:25: error: ‘TRAP_HWBKPT’ undeclared (first use in this function)
+  if (siginfo.si_code != TRAP_HWBKPT) {
+                         ^
+I can compile test code by modifying my local
+/usr/include/bits/siginfo.h and test works great. Therefore, this patch
+will be needed in upstream glibc so that issue is fixed there as well.
+
+Signed-off-by: Pratyush Anand <panand@redhat.com>
+
+Upstream-Status: Submitted [https://sourceware.org/bugzilla/show_bug.cgi?id=21286]
+---
+ bits/siginfo-consts.h                         | 6 +++++-
+ sysdeps/unix/sysv/linux/bits/siginfo-consts.h | 6 +++++-
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/bits/siginfo-consts.h b/bits/siginfo-consts.h
+index a58ac4b..8448fac 100644
+--- a/bits/siginfo-consts.h
++++ b/bits/siginfo-consts.h
+@@ -106,8 +106,12 @@ enum
+ {
+   TRAP_BRKPT = 1,		/* Process breakpoint.  */
+ #  define TRAP_BRKPT	TRAP_BRKPT
+-  TRAP_TRACE			/* Process trace trap.  */
++  TRAP_TRACE,			/* Process trace trap.  */
+ #  define TRAP_TRACE	TRAP_TRACE
++  TRAP_BRANCH,			/* Process branch trap. */
++# define TRAP_BRANCH	TRAP_BRANCH
++  TRAP_HWBKPT			/* hardware breakpoint/watchpoint  */
++# define TRAP_HWBKPT	TRAP_HWBKPT
+ };
+ # endif
+ 
+diff --git a/sysdeps/unix/sysv/linux/bits/siginfo-consts.h b/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
+index 525840c..57a9edb 100644
+--- a/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
++++ b/sysdeps/unix/sysv/linux/bits/siginfo-consts.h
+@@ -137,8 +137,12 @@ enum
+ {
+   TRAP_BRKPT = 1,		/* Process breakpoint.  */
+ #  define TRAP_BRKPT	TRAP_BRKPT
+-  TRAP_TRACE			/* Process trace trap.  */
++  TRAP_TRACE,			/* Process trace trap.  */
+ #  define TRAP_TRACE	TRAP_TRACE
++  TRAP_BRANCH,			/* Process branch trap. */
++# define TRAP_BRANCH	TRAP_BRANCH
++  TRAP_HWBKPT			/* hardware breakpoint/watchpoint  */
++# define TRAP_HWBKPT	TRAP_HWBKPT
+ };
+ # endif
+ 
+-- 
+2.7.4
+
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
new file mode 100644
index 0000000000..ae050a5223
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,61 @@
+From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Fri, 20 Oct 2017 18:41:14 +0200
+Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)
+
+Upstream-Status: Backport
+CVE: CVE-2017-15670
+Affects: glibc < 2.27
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog    | 6 ++++++
+ NEWS         | 5 +++++
+ posix/glob.c | 2 +-
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -206,6 +206,11 @@ Security related changes:
+ * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
+   fixed (CVE-2017-12133).
+ 
++  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
++  suffered from a one-byte overflow during ~ operator processing (either
++  on the stack or the heap, depending on the length of the user name).
++  Reported by Tim Rühsen.
++
+ The following bugs are resolved with this release:
+ 
+   [984] network: Respond to changed resolv.conf in gethostbyname
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c
++++ git/posix/glob.c
+@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
+ 		  *p = '\0';
+ 		}
+ 	      else
+-		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++		*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ 		  = '\0';
+ 	      user_name = newp;
+ 	    }
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-20  Paul Eggert <eggert@cs.ucla.edu>
++
++       [BZ #22320]
++       CVE-2017-15670
++       * posix/glob.c (__glob): Fix one-byte overflow.
++
+ 2017-08-02  Siddhesh Poyarekar  <siddhesh@sourceware.org>
+ 
+ 	* version.h (RELEASE): Set to "stable"
diff --git a/meta/recipes-core/glibc/glibc/archive-path.patch b/meta/recipes-core/glibc/glibc/archive-path.patch
new file mode 100644
index 0000000000..b0d3158cfe
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/archive-path.patch
@@ -0,0 +1,39 @@
+localedef --add-to-archive uses a hard-coded locale path which doesn't exist in
+normal use, and there's no way to pass an alternative filename.
+
+Add a fallback of $LOCALEARCHIVE from the environment, and allow creation of new locale archives that are not the system archive.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c
+index ca332a34..6b7ba9b2 100644
+--- a/locale/programs/locarchive.c
++++ b/locale/programs/locarchive.c
+@@ -569,10 +569,13 @@ open_archive (struct locarhandle *ah, bool readonly)
+   /* If ah has a non-NULL fname open that otherwise open the default.  */
+   if (archivefname == NULL)
+     {
+-      archivefname = default_fname;
+-      if (output_prefix)
+-        memcpy (default_fname, output_prefix, prefix_len);
+-      strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++      archivefname = getenv("LOCALEARCHIVE");
++      if (archivefname == NULL) {
++              archivefname = default_fname;
++              if (output_prefix)
++                memcpy (default_fname, output_prefix, prefix_len);
++              strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++      }
+     }
+ 
+   while (1)
+@@ -585,7 +588,7 @@ open_archive (struct locarhandle *ah, bool readonly)
+ 	     the default locale archive we ignore the failure and
+ 	     list an empty archive, otherwise we print an error
+ 	     and exit.  */
+-	  if (errno == ENOENT && archivefname == default_fname)
++	  if (errno == ENOENT)
+ 	    {
+ 	      if (readonly)
+ 		{
diff --git a/meta/recipes-core/glibc/glibc/relocate-locales.patch b/meta/recipes-core/glibc/glibc/relocate-locales.patch
new file mode 100644
index 0000000000..2aea37f5ca
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/relocate-locales.patch
@@ -0,0 +1,55 @@
+The glibc locale path is hard-coded to the install prefix, but in SDKs we need
+to be able to relocate the binaries.  Expand the strings to 4K and put them in a
+magic segment that we can relocate at install time.
+
+Upstream-Status: Inappropriate (OE-specific)
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff --git a/locale/findlocale.c b/locale/findlocale.c
+index 872cadb5..da14fa39 100644
+--- a/locale/findlocale.c
++++ b/locale/findlocale.c
+@@ -56,7 +56,7 @@ struct __locale_data *const _nl_C[] attribute_hidden =
+    which are somehow addressed.  */
+ struct loaded_l10nfile *_nl_locale_file_list[__LC_LAST];
+ 
+-const char _nl_default_locale_path[] attribute_hidden = COMPLOCALEDIR;
++char _nl_default_locale_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR;
+ 
+ /* Checks if the name is actually present, that is, not NULL and not
+    empty.  */
+@@ -167,7 +167,7 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
+ 
+       /* Nothing in the archive.  Set the default path to search below.  */
+       locale_path = _nl_default_locale_path;
+-      locale_path_len = sizeof _nl_default_locale_path;
++      locale_path_len = strlen(locale_path) + 1;
+     }
+   else
+     /* We really have to load some data.  First see whether the name is
+diff --git a/locale/localeinfo.h b/locale/localeinfo.h
+index 68822a63..537bc351 100644
+--- a/locale/localeinfo.h
++++ b/locale/localeinfo.h
+@@ -325,7 +325,7 @@ _nl_lookup_word (locale_t l, int category, int item)
+ }
+ 
+ /* Default search path if no LOCPATH environment variable.  */
+-extern const char _nl_default_locale_path[] attribute_hidden;
++extern char _nl_default_locale_path[4096] attribute_hidden;
+ 
+ /* Load the locale data for CATEGORY from the file specified by *NAME.
+    If *NAME is "", use environment variables as specified by POSIX, and
+diff --git a/locale/loadarchive.c b/locale/loadarchive.c
+index 516d30d8..792b37fb 100644
+--- a/locale/loadarchive.c
++++ b/locale/loadarchive.c
+@@ -42,7 +43,7 @@
+ 
+ 
+ /* Name of the locale archive file.  */
+-static const char archfname[] = COMPLOCALEDIR "/locale-archive";
++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive";
+ 
+ /* Size of initial mapping window, optimal if large enough to
+    cover the header plus the initial locale.  */
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb
index 135ec4fb16..a1a4022ebc 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -1,13 +1,13 @@
 require glibc.inc
 
-LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
+LIC_FILES_CHKSUM = "file://LICENSES;md5=ebc14508894997e6daaad1b8ffd53a15\
       file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
       file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \
       file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
 
-DEPENDS += "gperf-native"
+DEPENDS += "gperf-native bison-native"
 
-SRCREV ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369"
+SRCREV ?= "c9570bd2f54abb68e4e3c767aca3a54e05d2c7f6"
 
 SRCBRANCH ?= "release/${PV}/master"
 
@@ -40,9 +40,9 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0023-Define-DUMMY_LOCALE_T-if-not-defined.patch \
            file://0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \
            file://0025-locale-fix-hard-coded-reference-to-gcc-E.patch \
-           file://0026-assert-Suppress-pedantic-warning-caused-by-statement.patch \
            file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
            file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
+           file://0029-bits-siginfo-consts.h-enum-definition-for-TRAP_HWBKP.patch \
 "
 
 NATIVESDKFIXES ?= ""
@@ -51,6 +51,7 @@ NATIVESDKFIXES_class-nativesdk = "\
            file://0002-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \
            file://0003-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \
            file://0004-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \
+           file://relocate-locales.patch \
 "
 
 S = "${WORKDIR}/git"
@@ -103,6 +104,10 @@ do_configure () {
 # version check and doesn't really help with anything
         (cd ${S} && gnu-configize) || die "failure in running gnu-configize"
         find ${S} -name "configure" | xargs touch
+        # "plural.c" may or may not get regenerated from "plural.y" so we
+        # touch "plural.y" to make sure it does. (This should not be needed
+        # for glibc version 2.26+)
+        find ${S}/intl -name "plural.y" | xargs touch
         CPPFLAGS="" oe_runconf
 }
 
@@ -134,12 +139,6 @@ do_compile () {
 
 }
 
-# Use the host locale archive when built for nativesdk so that we don't need to
-# ship a complete (100MB) locale set.
-do_compile_prepend_class-nativesdk() {
-    echo "complocaledir=/usr/lib/locale" >> ${S}/configparms
-}
-
 require glibc-package.inc
 
 BBCLASSEXTEND = "nativesdk"
diff --git a/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb
index 5654528ae8..e9f3a2aee9 100644
--- a/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb
+++ b/meta/recipes-core/ifupdown/ifupdown_0.8.16.bb
@@ -6,7 +6,7 @@ the file /etc/network/interfaces."
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 
-SRC_URI = "git://anonscm.debian.org/git/collab-maint/ifupdown.git \
+SRC_URI = "git://salsa.debian.org/debian/ifupdown.git;protocol=https \
 	   file://defn2-c-man-don-t-rely-on-dpkg-architecture-to-set-a.patch \
 	   file://inet-6-.defn-fix-inverted-checks-for-loopback.patch \
 	   file://99_network \
diff --git a/meta/recipes-core/images/build-appliance-image_15.0.0.bb b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
index cd96a128a8..b24d2cd651 100644
--- a/meta/recipes-core/images/build-appliance-image_15.0.0.bb
+++ b/meta/recipes-core/images/build-appliance-image_15.0.0.bb
@@ -22,8 +22,8 @@ IMAGE_FSTYPES = "wic.vmdk"
 
 inherit core-image module-base setuptools3
 
-SRCREV ?= "1d57ca352f798dd671fd8c15ee4286644c49c4b9"
-SRC_URI = "git://git.yoctoproject.org/poky;branch=master \
+SRCREV ?= "30c10a3d8bd9bcd909cc1600894815c2fd5400a2"
+SRC_URI = "git://git.yoctoproject.org/poky;branch=rocko \
            file://Yocto_Build_Appliance.vmx \
            file://Yocto_Build_Appliance.vmxf \
            file://README_VirtualBox_Guest_Additions.txt \
diff --git a/meta/recipes-core/images/core-image-minimal-initramfs.bb b/meta/recipes-core/images/core-image-minimal-initramfs.bb
index 5794a25952..c446e87bd1 100644
--- a/meta/recipes-core/images/core-image-minimal-initramfs.bb
+++ b/meta/recipes-core/images/core-image-minimal-initramfs.bb
@@ -8,7 +8,7 @@ PACKAGE_INSTALL = "initramfs-live-boot initramfs-live-install initramfs-live-ins
 # Do not pollute the initrd image with rootfs features
 IMAGE_FEATURES = ""
 
-export IMAGE_BASENAME = "core-image-minimal-initramfs"
+export IMAGE_BASENAME = "${MLPREFIX}core-image-minimal-initramfs"
 IMAGE_LINGUAS = ""
 
 LICENSE = "MIT"
diff --git a/meta/recipes-core/initrdscripts/files/init-install-efi.sh b/meta/recipes-core/initrdscripts/files/init-install-efi.sh
index 5ad3a60c05..706418fa9c 100644
--- a/meta/recipes-core/initrdscripts/files/init-install-efi.sh
+++ b/meta/recipes-core/initrdscripts/files/init-install-efi.sh
@@ -186,6 +186,13 @@ parted ${device} mkpart swap linux-swap $swap_start 100%
 
 parted ${device} print
 
+echo "Waiting for device nodes..."
+C=0
+while [ $C -ne 3 ] && [ ! -e $bootfs  -o ! -e $rootfs -o ! -e $swap ]; do
+    C=$(( C + 1 ))
+    sleep 1
+done
+
 echo "Formatting $bootfs to vfat..."
 mkfs.vfat $bootfs
 
diff --git a/meta/recipes-core/initrdscripts/files/init-install.sh b/meta/recipes-core/initrdscripts/files/init-install.sh
index 572613ecd4..dade059c8f 100644
--- a/meta/recipes-core/initrdscripts/files/init-install.sh
+++ b/meta/recipes-core/initrdscripts/files/init-install.sh
@@ -132,7 +132,7 @@ fi
 
 disk_size=$(parted ${device} unit mb print | grep '^Disk .*: .*MB' | cut -d" " -f 3 | sed -e "s/MB//")
 
-grub_version=$(grub-install -v|sed 's/.* \([0-9]\).*/\1/')
+grub_version=$(grub-install -V|sed 's/.* \([0-9]\).*/\1/')
 
 if [ $grub_version -eq 0 ] ; then
     bios_boot_size=0
@@ -211,6 +211,13 @@ parted ${device} mkpart $pname linux-swap $swap_start 100%
 
 parted ${device} print
 
+echo "Waiting for device nodes..."
+C=0
+while [ $C -ne 3 ] && [ ! -e $bootfs  -o ! -e $rootfs -o ! -e $swap ]; do
+    C=$(( C + 1 ))
+    sleep 1
+done
+
 echo "Formatting $bootfs to ext3..."
 mkfs.ext3 $bootfs
 
diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/install-efi.sh b/meta/recipes-core/initrdscripts/initramfs-framework/install-efi.sh
deleted file mode 100644
index 5ad3a60c05..0000000000
--- a/meta/recipes-core/initrdscripts/initramfs-framework/install-efi.sh
+++ /dev/null
@@ -1,276 +0,0 @@
-#!/bin/sh -e
-#
-# Copyright (c) 2012, Intel Corporation.
-# All rights reserved.
-#
-# install.sh [device_name] [rootfs_name]
-#
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-
-# We need 20 Mb for the boot partition
-boot_size=20
-
-# 5% for swap
-swap_ratio=5
-
-# Get a list of hard drives
-hdnamelist=""
-live_dev_name=`cat /proc/mounts | grep ${1%/} | awk '{print $1}'`
-live_dev_name=${live_dev_name#\/dev/}
-# Only strip the digit identifier if the device is not an mmc
-case $live_dev_name in
-    mmcblk*)
-    ;;
-    nvme*)
-    ;;
-    *)
-        live_dev_name=${live_dev_name%%[0-9]*}
-    ;;
-esac
-
-echo "Searching for hard drives ..."
-
-# Some eMMC devices have special sub devices such as mmcblk0boot0 etc
-# we're currently only interested in the root device so pick them wisely
-devices=`ls /sys/block/ | grep -v mmcblk` || true
-mmc_devices=`ls /sys/block/ | grep "mmcblk[0-9]\{1,\}$"` || true
-devices="$devices $mmc_devices"
-
-for device in $devices; do
-    case $device in
-        loop*)
-            # skip loop device
-            ;;
-        sr*)
-            # skip CDROM device
-            ;;
-        ram*)
-            # skip ram device
-            ;;
-        *)
-            # skip the device LiveOS is on
-            # Add valid hard drive name to the list
-            case $device in
-                $live_dev_name*)
-                # skip the device we are running from
-                ;;
-                *)
-                    hdnamelist="$hdnamelist $device"
-                ;;
-            esac
-            ;;
-    esac
-done
-
-if [ -z "${hdnamelist}" ]; then
-    echo "You need another device (besides the live device /dev/${live_dev_name}) to install the image. Installation aborted."
-    exit 1
-fi
-
-TARGET_DEVICE_NAME=""
-for hdname in $hdnamelist; do
-    # Display found hard drives and their basic info
-    echo "-------------------------------"
-    echo /dev/$hdname
-    if [ -r /sys/block/$hdname/device/vendor ]; then
-        echo -n "VENDOR="
-        cat /sys/block/$hdname/device/vendor
-    fi
-    if [ -r /sys/block/$hdname/device/model ]; then
-        echo -n "MODEL="
-        cat /sys/block/$hdname/device/model
-    fi
-    if [ -r /sys/block/$hdname/device/uevent ]; then
-        echo -n "UEVENT="
-        cat /sys/block/$hdname/device/uevent
-    fi
-    echo
-done
-
-# Get user choice
-while true; do
-    echo "Please select an install target or press n to exit ($hdnamelist ): "
-    read answer
-    if [ "$answer" = "n" ]; then
-        echo "Installation manually aborted."
-        exit 1
-    fi
-    for hdname in $hdnamelist; do
-        if [ "$answer" = "$hdname" ]; then
-            TARGET_DEVICE_NAME=$answer
-            break
-        fi
-    done
-    if [ -n "$TARGET_DEVICE_NAME" ]; then
-        break
-    fi
-done
-
-if [ -n "$TARGET_DEVICE_NAME" ]; then
-    echo "Installing image on /dev/$TARGET_DEVICE_NAME ..."
-else
-    echo "No hard drive selected. Installation aborted."
-    exit 1
-fi
-
-device=/dev/$TARGET_DEVICE_NAME
-
-#
-# The udev automounter can cause pain here, kill it
-#
-rm -f /etc/udev/rules.d/automount.rules
-rm -f /etc/udev/scripts/mount*
-
-#
-# Unmount anything the automounter had mounted
-#
-umount ${device}* 2> /dev/null || /bin/true
-
-mkdir -p /tmp
-
-# Create /etc/mtab if not present
-if [ ! -e /etc/mtab ] && [ -e /proc/mounts ]; then
-    ln -sf /proc/mounts /etc/mtab
-fi
-
-disk_size=$(parted ${device} unit mb print | grep '^Disk .*: .*MB' | cut -d" " -f 3 | sed -e "s/MB//")
-
-swap_size=$((disk_size*swap_ratio/100))
-rootfs_size=$((disk_size-boot_size-swap_size))
-
-rootfs_start=$((boot_size))
-rootfs_end=$((rootfs_start+rootfs_size))
-swap_start=$((rootfs_end))
-
-# MMC devices are special in a couple of ways
-# 1) they use a partition prefix character 'p'
-# 2) they are detected asynchronously (need rootwait)
-rootwait=""
-part_prefix=""
-if [ ! "${device#/dev/mmcblk}" = "${device}" ] || \
-   [ ! "${device#/dev/nvme}" = "${device}" ]; then
-    part_prefix="p"
-    rootwait="rootwait"
-fi
-
-# USB devices also require rootwait
-if [ -n `readlink /dev/disk/by-id/usb* | grep $TARGET_DEVICE_NAME` ]; then
-    rootwait="rootwait"
-fi
-
-bootfs=${device}${part_prefix}1
-rootfs=${device}${part_prefix}2
-swap=${device}${part_prefix}3
-
-echo "*****************"
-echo "Boot partition size:   $boot_size MB ($bootfs)"
-echo "Rootfs partition size: $rootfs_size MB ($rootfs)"
-echo "Swap partition size:   $swap_size MB ($swap)"
-echo "*****************"
-echo "Deleting partition table on ${device} ..."
-dd if=/dev/zero of=${device} bs=512 count=35
-
-echo "Creating new partition table on ${device} ..."
-parted ${device} mklabel gpt
-
-echo "Creating boot partition on $bootfs"
-parted ${device} mkpart boot fat32 0% $boot_size
-parted ${device} set 1 boot on
-
-echo "Creating rootfs partition on $rootfs"
-parted ${device} mkpart root ext3 $rootfs_start $rootfs_end
-
-echo "Creating swap partition on $swap"
-parted ${device} mkpart swap linux-swap $swap_start 100%
-
-parted ${device} print
-
-echo "Formatting $bootfs to vfat..."
-mkfs.vfat $bootfs
-
-echo "Formatting $rootfs to ext3..."
-mkfs.ext3 $rootfs
-
-echo "Formatting swap partition...($swap)"
-mkswap $swap
-
-mkdir /tgt_root
-mkdir /src_root
-mkdir -p /boot
-
-# Handling of the target root partition
-mount $rootfs /tgt_root
-mount -o rw,loop,noatime,nodiratime /run/media/$1/$2 /src_root
-echo "Copying rootfs files..."
-cp -a /src_root/* /tgt_root
-if [ -d /tgt_root/etc/ ] ; then
-    boot_uuid=$(blkid -o value -s UUID ${bootfs})
-    swap_part_uuid=$(blkid -o value -s PARTUUID ${swap})
-    echo "/dev/disk/by-partuuid/$swap_part_uuid                swap             swap       defaults              0  0" >> /tgt_root/etc/fstab
-    echo "UUID=$boot_uuid              /boot            vfat       defaults              1  2" >> /tgt_root/etc/fstab
-    # We dont want udev to mount our root device while we're booting...
-    if [ -d /tgt_root/etc/udev/ ] ; then
-        echo "${device}" >> /tgt_root/etc/udev/mount.blacklist
-    fi
-fi
-
-umount /src_root
-
-# Handling of the target boot partition
-mount $bootfs /boot
-echo "Preparing boot partition..."
-
-EFIDIR="/boot/EFI/BOOT"
-mkdir -p $EFIDIR
-# Copy the efi loader
-cp /run/media/$1/EFI/BOOT/*.efi $EFIDIR
-
-if [ -f /run/media/$1/EFI/BOOT/grub.cfg ]; then
-    root_part_uuid=$(blkid -o value -s PARTUUID ${rootfs})
-    GRUBCFG="$EFIDIR/grub.cfg"
-    cp /run/media/$1/EFI/BOOT/grub.cfg $GRUBCFG
-    # Update grub config for the installed image
-    # Delete the install entry
-    sed -i "/menuentry 'install'/,/^}/d" $GRUBCFG
-    # Delete the initrd lines
-    sed -i "/initrd /d" $GRUBCFG
-    # Delete any LABEL= strings
-    sed -i "s/ LABEL=[^ ]*/ /" $GRUBCFG
-    # Delete any root= strings
-    sed -i "s/ root=[^ ]*/ /g" $GRUBCFG
-    # Add the root= and other standard boot options
-    sed -i "s@linux /vmlinuz *@linux /vmlinuz root=PARTUUID=$root_part_uuid rw $rootwait quiet @" $GRUBCFG
-fi
-
-if [ -d /run/media/$1/loader ]; then
-    rootuuid=$(blkid -o value -s PARTUUID ${rootfs})
-    SYSTEMDBOOT_CFGS="/boot/loader/entries/*.conf"
-    # copy config files for systemd-boot
-    cp -dr /run/media/$1/loader /boot
-    # delete the install entry
-    rm -f /boot/loader/entries/install.conf
-    # delete the initrd lines
-    sed -i "/initrd /d" $SYSTEMDBOOT_CFGS
-    # delete any LABEL= strings
-    sed -i "s/ LABEL=[^ ]*/ /" $SYSTEMDBOOT_CFGS
-    # delete any root= strings
-    sed -i "s/ root=[^ ]*/ /" $SYSTEMDBOOT_CFGS
-    # add the root= and other standard boot options
-    sed -i "s@options *@options root=PARTUUID=$rootuuid rw $rootwait quiet @" $SYSTEMDBOOT_CFGS
-fi
-
-umount /tgt_root
-
-cp /run/media/$1/vmlinuz /boot
-
-umount /boot
-
-sync
-
-echo "Remove your installation media, and press ENTER"
-
-read enter
-
-echo "Rebooting..."
-reboot -f
diff --git a/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb b/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb
index 2270441d06..1e7f76fd56 100644
--- a/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb
+++ b/meta/recipes-core/initrdscripts/initramfs-module-install-efi_1.0.bb
@@ -1,20 +1,17 @@
-SUMMARY = "initramfs-framework module for installation option"
+SUMMARY = "initramfs-framework module for EFI installation option"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
 RDEPENDS_${PN} = "initramfs-framework-base parted e2fsprogs-mke2fs dosfstools util-linux-blkid"
 
 PR = "r4"
 
-inherit allarch
-
-FILESEXTRAPATHS_prepend := "${THISDIR}/initramfs-framework:"
-SRC_URI = "file://install-efi.sh"
+SRC_URI = "file://init-install-efi.sh"
 
 S = "${WORKDIR}"
 
 do_install() {
     install -d ${D}/init.d
-    install -m 0755 ${WORKDIR}/install-efi.sh ${D}/init.d/install-efi.sh
+    install -m 0755 ${WORKDIR}/init-install-efi.sh ${D}/init.d/install-efi.sh
 }
 
 FILES_${PN} = "/init.d/install-efi.sh"
diff --git a/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb b/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb
new file mode 100644
index 0000000000..02b69f37a4
--- /dev/null
+++ b/meta/recipes-core/initrdscripts/initramfs-module-install_1.0.bb
@@ -0,0 +1,22 @@
+SUMMARY = "initramfs-framework module for installation option"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+RDEPENDS_${PN} = "initramfs-framework-base grub parted e2fsprogs-mke2fs util-linux-blkid"
+
+# The same restriction as grub
+COMPATIBLE_HOST = '(x86_64.*|i.86.*|arm.*|aarch64.*)-(linux.*|freebsd.*)'
+COMPATIBLE_HOST_armv7a = 'null'
+COMPATIBLE_HOST_armv7ve = 'null'
+
+PR = "r1"
+
+SRC_URI = "file://init-install.sh"
+
+S = "${WORKDIR}"
+
+do_install() {
+    install -d ${D}/init.d
+    install -m 0755 ${WORKDIR}/init-install.sh ${D}/init.d/install.sh
+}
+
+FILES_${PN} = "/init.d/install.sh"
diff --git a/meta/recipes-core/initscripts/initscripts_1.0.bb b/meta/recipes-core/initscripts/initscripts_1.0.bb
index fea4f22e95..91eea4b8c2 100644
--- a/meta/recipes-core/initscripts/initscripts_1.0.bb
+++ b/meta/recipes-core/initscripts/initscripts_1.0.bb
@@ -43,21 +43,20 @@ SRC_URI_append_arm = " file://alignment.sh"
 
 KERNEL_VERSION = ""
 
-inherit update-alternatives
 DEPENDS_append = " update-rc.d-native"
 PACKAGE_WRITE_DEPS_append = " ${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd-systemctl-native','',d)}"
 
 PACKAGES =+ "${PN}-functions ${PN}-sushell"
-RDEPENDS_${PN} = "${PN}-functions \
+RDEPENDS_${PN} = "initd-functions \
                   ${@bb.utils.contains('DISTRO_FEATURES','selinux','${PN}-sushell','',d)} \
 		 "
+# Recommend pn-functions so that it will be a preferred default provider for initd-functions
+RRECOMMENDS_${PN} = "${PN}-functions"
+RPROVIDES_${PN}-functions = "initd-functions"
+RCONFLICTS_${PN}-functions = "lsbinitscripts"
 FILES_${PN}-functions = "${sysconfdir}/init.d/functions*"
 FILES_${PN}-sushell = "${base_sbindir}/sushell"
 
-ALTERNATIVE_PRIORITY_${PN}-functions = "90"
-ALTERNATIVE_${PN}-functions = "functions"
-ALTERNATIVE_LINK_NAME[functions] = "${sysconfdir}/init.d/functions"
-
 HALTARGS ?= "-d -f"
 
 do_configure() {
diff --git a/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch b/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch
new file mode 100644
index 0000000000..51a9e1935f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/fix-execution-of-ptests.patch
@@ -0,0 +1,21 @@
+Make sure that Makefile doesn't try to compile these tests again
+on the target where the source dependencies won't be available.
+
+Upstream-Status: Inappropriate [cross-compile specific]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+
+Index: libxml2-2.9.7/Makefile.am
+===================================================================
+--- libxml2-2.9.7.orig/Makefile.am
++++ libxml2-2.9.7/Makefile.am
+@@ -211,8 +211,7 @@ install-ptest:
+ 	sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
+ 	$(MAKE) -C python install-ptest
+ 
+-runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+-          testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
++runtests:
+ 	[ -d test   ] || $(LN_S) $(srcdir)/test   .
+ 	[ -d result ] || $(LN_S) $(srcdir)/result .
+ 	$(CHECKER) ./runtest$(EXEEXT) && \
diff --git a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
index 3277165618..d9ed1516fe 100644
--- a/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
+++ b/meta/recipes-core/libxml/libxml2/libxml-m4-use-pkgconfig.patch
@@ -183,7 +183,7 @@ index 68cd824..5fa0a9b 100644
 -          echo "*** If you have an old version installed, it is best to remove it, although"
 -          echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
 -        [ echo "*** The test program failed to compile or link. See the file config.log for the"
--          echo "*** exact error that occured. This usually means LIBXML was incorrectly installed"
+-          echo "*** exact error that occurred. This usually means LIBXML was incorrectly installed"
 -          echo "*** or that you have moved LIBXML since it was installed. In the latter case, you"
 -          echo "*** may want to edit the xml2-config script: $XML2_CONFIG" ])
 -          CPPFLAGS="$ac_save_CPPFLAGS"
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
deleted file mode 100644
index bb55eed171..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-4658.patch
+++ /dev/null
@@ -1,269 +0,0 @@
-libxml2-2.9.4: Fix CVE-2016-4658
-
-[No upstream tracking] -- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4658
-
-xpointer: Disallow namespace nodes in XPointer points and ranges
-
-Namespace nodes must be copied to avoid use-after-free errors.
-But they don't necessarily have a physical representation in a
-document, so simply disallow them in XPointer ranges.
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=3f8a91036d338e51c059d54397a42d645f019c65]
-CVE: CVE-2016-4658
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..911680d 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -320,6 +320,45 @@ xmlXPtrRangesEqual(xmlXPathObjectPtr range1, xmlXPathObjectPtr range2) {
- }
- 
- /**
-+ * xmlXPtrNewRangeInternal:
-+ * @start:  the starting node
-+ * @startindex:  the start index
-+ * @end:  the ending point
-+ * @endindex:  the ending index
-+ *
-+ * Internal function to create a new xmlXPathObjectPtr of type range
-+ *
-+ * Returns the newly created object.
-+ */
-+static xmlXPathObjectPtr
-+xmlXPtrNewRangeInternal(xmlNodePtr start, int startindex,
-+                        xmlNodePtr end, int endindex) {
-+    xmlXPathObjectPtr ret;
-+
-+    /*
-+     * Namespace nodes must be copied (see xmlXPathNodeSetDupNs).
-+     * Disallow them for now.
-+     */
-+    if ((start != NULL) && (start->type == XML_NAMESPACE_DECL))
-+	return(NULL);
-+    if ((end != NULL) && (end->type == XML_NAMESPACE_DECL))
-+	return(NULL);
-+
-+    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
-+    if (ret == NULL) {
-+        xmlXPtrErrMemory("allocating range");
-+	return(NULL);
-+    }
-+    memset(ret, 0, sizeof(xmlXPathObject));
-+    ret->type = XPATH_RANGE;
-+    ret->user = start;
-+    ret->index = startindex;
-+    ret->user2 = end;
-+    ret->index2 = endindex;
-+    return(ret);
-+}
-+
-+/**
-  * xmlXPtrNewRange:
-  * @start:  the starting node
-  * @startindex:  the start index
-@@ -344,17 +383,7 @@ xmlXPtrNewRange(xmlNodePtr start, int startindex,
-     if (endindex < 0)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = startindex;
--    ret->user2 = end;
--    ret->index2 = endindex;
-+    ret = xmlXPtrNewRangeInternal(start, startindex, end, endindex);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -381,17 +410,8 @@ xmlXPtrNewRangePoints(xmlXPathObjectPtr start, xmlXPathObjectPtr end) {
-     if (end->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start->user;
--    ret->index = start->index;
--    ret->user2 = end->user;
--    ret->index2 = end->index;
-+    ret = xmlXPtrNewRangeInternal(start->user, start->index, end->user,
-+				  end->index);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -416,17 +436,7 @@ xmlXPtrNewRangePointNode(xmlXPathObjectPtr start, xmlNodePtr end) {
-     if (start->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start->user;
--    ret->index = start->index;
--    ret->user2 = end;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start->user, start->index, end, -1);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -453,17 +463,7 @@ xmlXPtrNewRangeNodePoint(xmlNodePtr start, xmlXPathObjectPtr end) {
-     if (end->type != XPATH_POINT)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = end->user;
--    ret->index2 = end->index;
-+    ret = xmlXPtrNewRangeInternal(start, -1, end->user, end->index);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -486,17 +486,7 @@ xmlXPtrNewRangeNodes(xmlNodePtr start, xmlNodePtr end) {
-     if (end == NULL)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = end;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start, -1, end, -1);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -516,17 +506,7 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
-     if (start == NULL)
- 	return(NULL);
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    ret->user2 = NULL;
--    ret->index2 = -1;
-+    ret = xmlXPtrNewRangeInternal(start, -1, NULL, -1);
-     return(ret);
- }
- 
-@@ -541,6 +521,8 @@ xmlXPtrNewCollapsedRange(xmlNodePtr start) {
-  */
- xmlXPathObjectPtr
- xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
-+    xmlNodePtr endNode;
-+    int endIndex;
-     xmlXPathObjectPtr ret;
- 
-     if (start == NULL)
-@@ -549,7 +531,12 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- 	return(NULL);
-     switch (end->type) {
- 	case XPATH_POINT:
-+	    endNode = end->user;
-+	    endIndex = end->index;
-+	    break;
- 	case XPATH_RANGE:
-+	    endNode = end->user2;
-+	    endIndex = end->index2;
- 	    break;
- 	case XPATH_NODESET:
- 	    /*
-@@ -557,39 +544,15 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- 	     */
- 	    if (end->nodesetval->nodeNr <= 0)
- 		return(NULL);
-+	    endNode = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
-+	    endIndex = -1;
- 	    break;
- 	default:
- 	    /* TODO */
- 	    return(NULL);
-     }
- 
--    ret = (xmlXPathObjectPtr) xmlMalloc(sizeof(xmlXPathObject));
--    if (ret == NULL) {
--        xmlXPtrErrMemory("allocating range");
--	return(NULL);
--    }
--    memset(ret, 0 , (size_t) sizeof(xmlXPathObject));
--    ret->type = XPATH_RANGE;
--    ret->user = start;
--    ret->index = -1;
--    switch (end->type) {
--	case XPATH_POINT:
--	    ret->user2 = end->user;
--	    ret->index2 = end->index;
--	    break;
--	case XPATH_RANGE:
--	    ret->user2 = end->user2;
--	    ret->index2 = end->index2;
--	    break;
--	case XPATH_NODESET: {
--	    ret->user2 = end->nodesetval->nodeTab[end->nodesetval->nodeNr - 1];
--	    ret->index2 = -1;
--	    break;
--	}
--	default:
--	    STRANGE
--	    return(NULL);
--    }
-+    ret = xmlXPtrNewRangeInternal(start, -1, endNode, endIndex);
-     xmlXPtrRangeCheckOrder(ret);
-     return(ret);
- }
-@@ -1835,8 +1798,8 @@ xmlXPtrStartPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- 		case XPATH_RANGE: {
- 		    xmlNodePtr node = tmp->user;
- 		    if (node != NULL) {
--			if (node->type == XML_ATTRIBUTE_NODE) {
--			    /* TODO: Namespace Nodes ??? */
-+			if ((node->type == XML_ATTRIBUTE_NODE) ||
-+			     (node->type == XML_NAMESPACE_DECL)) {
- 			    xmlXPathFreeObject(obj);
- 			    xmlXPtrFreeLocationSet(newset);
- 			    XP_ERROR(XPTR_SYNTAX_ERROR);
-@@ -1931,8 +1894,8 @@ xmlXPtrEndPointFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- 		case XPATH_RANGE: {
- 		    xmlNodePtr node = tmp->user2;
- 		    if (node != NULL) {
--			if (node->type == XML_ATTRIBUTE_NODE) {
--			    /* TODO: Namespace Nodes ??? */
-+			if ((node->type == XML_ATTRIBUTE_NODE) ||
-+			     (node->type == XML_NAMESPACE_DECL)) {
- 			    xmlXPathFreeObject(obj);
- 			    xmlXPtrFreeLocationSet(newset);
- 			    XP_ERROR(XPTR_SYNTAX_ERROR);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
deleted file mode 100644
index 9d47d023a9..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2016-5131.patch
+++ /dev/null
@@ -1,180 +0,0 @@
-From 9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e Mon Sep 17 00:00:00 2001
-From: Nick Wellnhofer <wellnhofer@aevum.de>
-Date: Tue, 28 Jun 2016 14:22:23 +0200
-Subject: [PATCH] Fix XPointer paths beginning with range-to
-
-The old code would invoke the broken xmlXPtrRangeToFunction. range-to
-isn't really a function but a special kind of location step. Remove
-this function and always handle range-to in the XPath code.
-
-The old xmlXPtrRangeToFunction could also be abused to trigger a
-use-after-free error with the potential for remote code execution.
-
-Found with afl-fuzz.
-
-Fixes CVE-2016-5131.
-
-CVE: CVE-2016-5131
-Upstream-Status: Backport
-https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- result/XPath/xptr/vidbase | 13 ++++++++
- test/XPath/xptr/vidbase   |  1 +
- xpath.c                   |  7 ++++-
- xpointer.c                | 76 ++++-------------------------------------------
- 4 files changed, 26 insertions(+), 71 deletions(-)
-
-diff --git a/result/XPath/xptr/vidbase b/result/XPath/xptr/vidbase
-index 8b9e92d..f19193e 100644
---- a/result/XPath/xptr/vidbase
-+++ b/result/XPath/xptr/vidbase
-@@ -17,3 +17,16 @@ Object is a Location Set:
-   To node
-     ELEMENT p
- 
-+
-+========================
-+Expression: xpointer(range-to(id('chapter2')))
-+Object is a Location Set:
-+1 :   Object is a range :
-+  From node
-+     /
-+  To node
-+    ELEMENT chapter
-+      ATTRIBUTE id
-+        TEXT
-+          content=chapter2
-+
-diff --git a/test/XPath/xptr/vidbase b/test/XPath/xptr/vidbase
-index b146383..884b106 100644
---- a/test/XPath/xptr/vidbase
-+++ b/test/XPath/xptr/vidbase
-@@ -1,2 +1,3 @@
- xpointer(id('chapter1')/p)
- xpointer(id('chapter1')/p[1]/range-to(following-sibling::p[2]))
-+xpointer(range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index d992841..5a01b1b 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -10691,13 +10691,18 @@ xmlXPathCompPathExpr(xmlXPathParserContextPtr ctxt) {
- 		    lc = 1;
- 		    break;
- 		} else if ((NXT(len) == '(')) {
--		    /* Note Type or Function */
-+		    /* Node Type or Function */
- 		    if (xmlXPathIsNodeType(name)) {
- #ifdef DEBUG_STEP
- 		        xmlGenericError(xmlGenericErrorContext,
- 				"PathExpr: Type search\n");
- #endif
- 			lc = 1;
-+#ifdef LIBXML_XPTR_ENABLED
-+                    } else if (ctxt->xptr &&
-+                               xmlStrEqual(name, BAD_CAST "range-to")) {
-+                        lc = 1;
-+#endif
- 		    } else {
- #ifdef DEBUG_STEP
- 		        xmlGenericError(xmlGenericErrorContext,
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..d74174a 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -1332,8 +1332,6 @@ xmlXPtrNewContext(xmlDocPtr doc, xmlNodePtr here, xmlNodePtr origin) {
-     ret->here = here;
-     ret->origin = origin;
- 
--    xmlXPathRegisterFunc(ret, (xmlChar *)"range-to",
--	                 xmlXPtrRangeToFunction);
-     xmlXPathRegisterFunc(ret, (xmlChar *)"range",
- 	                 xmlXPtrRangeFunction);
-     xmlXPathRegisterFunc(ret, (xmlChar *)"range-inside",
-@@ -2243,76 +2241,14 @@ xmlXPtrRangeInsideFunction(xmlXPathParserContextPtr ctxt, int nargs) {
-  * @nargs:  the number of args
-  *
-  * Implement the range-to() XPointer function
-+ *
-+ * Obsolete. range-to is not a real function but a special type of location
-+ * step which is handled in xpath.c.
-  */
- void
--xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt, int nargs) {
--    xmlXPathObjectPtr range;
--    const xmlChar *cur;
--    xmlXPathObjectPtr res, obj;
--    xmlXPathObjectPtr tmp;
--    xmlLocationSetPtr newset = NULL;
--    xmlNodeSetPtr oldset;
--    int i;
--
--    if (ctxt == NULL) return;
--    CHECK_ARITY(1);
--    /*
--     * Save the expression pointer since we will have to evaluate
--     * it multiple times. Initialize the new set.
--     */
--    CHECK_TYPE(XPATH_NODESET);
--    obj = valuePop(ctxt);
--    oldset = obj->nodesetval;
--    ctxt->context->node = NULL;
--
--    cur = ctxt->cur;
--    newset = xmlXPtrLocationSetCreate(NULL);
--
--    for (i = 0; i < oldset->nodeNr; i++) {
--	ctxt->cur = cur;
--
--	/*
--	 * Run the evaluation with a node list made of a single item
--	 * in the nodeset.
--	 */
--	ctxt->context->node = oldset->nodeTab[i];
--	tmp = xmlXPathNewNodeSet(ctxt->context->node);
--	valuePush(ctxt, tmp);
--
--	xmlXPathEvalExpr(ctxt);
--	CHECK_ERROR;
--
--	/*
--	 * The result of the evaluation need to be tested to
--	 * decided whether the filter succeeded or not
--	 */
--	res = valuePop(ctxt);
--	range = xmlXPtrNewRangeNodeObject(oldset->nodeTab[i], res);
--	if (range != NULL) {
--	    xmlXPtrLocationSetAdd(newset, range);
--	}
--
--	/*
--	 * Cleanup
--	 */
--	if (res != NULL)
--	    xmlXPathFreeObject(res);
--	if (ctxt->value == tmp) {
--	    res = valuePop(ctxt);
--	    xmlXPathFreeObject(res);
--	}
--
--	ctxt->context->node = NULL;
--    }
--
--    /*
--     * The result is used as the new evaluation set.
--     */
--    xmlXPathFreeObject(obj);
--    ctxt->context->node = NULL;
--    ctxt->context->contextSize = -1;
--    ctxt->context->proximityPosition = -1;
--    valuePush(ctxt, xmlXPtrWrapLocationSet(newset));
-+xmlXPtrRangeToFunction(xmlXPathParserContextPtr ctxt,
-+                       int nargs ATTRIBUTE_UNUSED) {
-+    XP_ERROR(XPATH_EXPR_ERROR);
- }
- 
- /**
--- 
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
deleted file mode 100644
index 0108265855..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-0663.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-libxml2: Fix CVE-2017-0663
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=780228
-
-valid: Fix type confusion in xmlValidateOneNamespace
-
-Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
-on namespace declarations make no practical sense anyway.
-
-Fixes bug 780228
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66]
-CVE: CVE-2017-0663
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..e03d35e 100644
---- a/valid.c
-+++ b/valid.c
-@@ -4621,6 +4621,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
- 	}
-     }
- 
-+    /*
-+     * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
-+     * xmlAddID and xmlAddRef for namespace declarations, but it makes
-+     * no practical sense to use ID types anyway.
-+     */
-+#if 0
-     /* Validity Constraint: ID uniqueness */
-     if (attrDecl->atype == XML_ATTRIBUTE_ID) {
-         if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
-@@ -4632,6 +4638,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
-         if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
- 	    ret = 0;
-     }
-+#endif
- 
-     /* Validity Constraint: Notation Attributes */
-     if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
deleted file mode 100644
index 571b05c087..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-5969.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-5969
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=758422
-
-valid: Fix NULL pointer deref in xmlDumpElementContent
-
-Can only be triggered in recovery mode.
-
-Fixes bug 758422
-
-Upstream-Status: Backport - [https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882]
-CVE: CVE-2017-5969
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/valid.c b/valid.c
-index 19f84b8..0a8e58a 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1172,29 +1172,33 @@ xmlDumpElementContent(xmlBufferPtr buf, xmlElementContentPtr content, int glob)
- 	    xmlBufferWriteCHAR(buf, content->name);
- 	    break;
- 	case XML_ELEMENT_CONTENT_SEQ:
--	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
--	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+	    if ((content->c1 != NULL) &&
-+	        ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+	         (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- 		xmlDumpElementContent(buf, content->c1, 1);
- 	    else
- 		xmlDumpElementContent(buf, content->c1, 0);
-             xmlBufferWriteChar(buf, " , ");
--	    if ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
--	        ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
--		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+	    if ((content->c2 != NULL) &&
-+	        ((content->c2->type == XML_ELEMENT_CONTENT_OR) ||
-+	         ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) &&
-+		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- 		xmlDumpElementContent(buf, content->c2, 1);
- 	    else
- 		xmlDumpElementContent(buf, content->c2, 0);
- 	    break;
- 	case XML_ELEMENT_CONTENT_OR:
--	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
--	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-+	    if ((content->c1 != NULL) &&
-+	        ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
-+	         (content->c1->type == XML_ELEMENT_CONTENT_SEQ)))
- 		xmlDumpElementContent(buf, content->c1, 1);
- 	    else
- 		xmlDumpElementContent(buf, content->c1, 0);
-             xmlBufferWriteChar(buf, " | ");
--	    if ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
--	        ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
--		 (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE)))
-+	    if ((content->c2 != NULL) &&
-+	        ((content->c2->type == XML_ELEMENT_CONTENT_SEQ) ||
-+	         ((content->c2->type == XML_ELEMENT_CONTENT_OR) &&
-+		  (content->c2->ocur != XML_ELEMENT_CONTENT_ONCE))))
- 		xmlDumpElementContent(buf, content->c2, 1);
- 	    else
- 		xmlDumpElementContent(buf, content->c2, 0);
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
deleted file mode 100644
index 26779aa572..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From d2f873a541c72b0f67e15562819bf98b884b30b7 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 23 Aug 2017 16:04:49 +0800
-Subject: [PATCH] fix CVE-2017-8872
-
-this makes xmlHaltParser "empty" the buffer, as it resets cur and ava
-il too here.
-
-this seems to cure this specific issue, and also passes the testsuite
-
-Signed-off-by: Marcus Meissner <meissner@suse.de>
-
-https://bugzilla.gnome.org/show_bug.cgi?id=775200
-Upstream-Status: Backport [https://bugzilla.gnome.org/attachment.cgi?id=355527&action=diff]
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- parser.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/parser.c b/parser.c
-index 9506ead..6c07ffd 100644
---- a/parser.c
-+++ b/parser.c
-@@ -12664,6 +12664,10 @@ xmlHaltParser(xmlParserCtxtPtr ctxt) {
- 	}
- 	ctxt->input->cur = BAD_CAST"";
- 	ctxt->input->base = ctxt->input->cur;
-+	if (ctxt->input->buf) {
-+		xmlBufEmpty (ctxt->input->buf->buffer);
-+	} else
-+		ctxt->input->length = 0;
-     }
- }
- 
--- 
-2.7.4
-
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
deleted file mode 100644
index 8b034560fa..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9047_CVE-2017-9048.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9047 and CVE-2017-9048
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781333
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781701
-
-valid: Fix buffer size checks in xmlSnprintfElementContent
-
-xmlSnprintfElementContent failed to correctly check the available
-buffer space in two locations.
-
-Fixes bug 781333 and bug 781701
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9047 CVE-2017-9048
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/result/valid/781333.xml b/result/valid/781333.xml
-new file mode 100644
-index 0000000..01baf11
---- /dev/null
-+++ b/result/valid/781333.xml
-@@ -0,0 +1,5 @@
-+<?xml version="1.0"?>
-+<!DOCTYPE a [
-+<!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/result/valid/781333.xml.err b/result/valid/781333.xml.err
-new file mode 100644
-index 0000000..2176200
---- /dev/null
-+++ b/result/valid/781333.xml.err
-@@ -0,0 +1,3 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
-+<a/>
-+    ^
-diff --git a/result/valid/781333.xml.err.rdr b/result/valid/781333.xml.err.rdr
-new file mode 100644
-index 0000000..1195a04
---- /dev/null
-+++ b/result/valid/781333.xml.err.rdr
-@@ -0,0 +1,6 @@
-+./test/valid/781333.xml:4: element a: validity error : Element a content does not follow the DTD, expecting ( ..., got 
-+<a/>
-+    ^
-+./test/valid/781333.xml:5: element a: validity error : Element a content does not follow the DTD, Expecting more child
-+
-+^
-diff --git a/test/valid/781333.xml b/test/valid/781333.xml
-new file mode 100644
-index 0000000..bceac9c
---- /dev/null
-+++ b/test/valid/781333.xml
-@@ -0,0 +1,4 @@
-+<!DOCTYPE a [
-+    <!ELEMENT a (pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp:llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll)>
-+]>
-+<a/>
-diff --git a/valid.c b/valid.c
-index 19f84b8..aaa30f6 100644
---- a/valid.c
-+++ b/valid.c
-@@ -1262,22 +1262,23 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
-         case XML_ELEMENT_CONTENT_PCDATA:
-             strcat(buf, "#PCDATA");
- 	    break;
--	case XML_ELEMENT_CONTENT_ELEMENT:
-+	case XML_ELEMENT_CONTENT_ELEMENT: {
-+            int qnameLen = xmlStrlen(content->name);
-+
-+	    if (content->prefix != NULL)
-+                qnameLen += xmlStrlen(content->prefix) + 1;
-+	    if (size - len < qnameLen + 10) {
-+		strcat(buf, " ...");
-+		return;
-+	    }
- 	    if (content->prefix != NULL) {
--		if (size - len < xmlStrlen(content->prefix) + 10) {
--		    strcat(buf, " ...");
--		    return;
--		}
- 		strcat(buf, (char *) content->prefix);
- 		strcat(buf, ":");
- 	    }
--	    if (size - len < xmlStrlen(content->name) + 10) {
--		strcat(buf, " ...");
--		return;
--	    }
- 	    if (content->name != NULL)
- 		strcat(buf, (char *) content->name);
- 	    break;
-+	}
- 	case XML_ELEMENT_CONTENT_SEQ:
- 	    if ((content->c1->type == XML_ELEMENT_CONTENT_OR) ||
- 	        (content->c1->type == XML_ELEMENT_CONTENT_SEQ))
-@@ -1319,6 +1320,7 @@ xmlSnprintfElementContent(char *buf, int size, xmlElementContentPtr content, int
- 		xmlSnprintfElementContent(buf, size, content->c2, 0);
- 	    break;
-     }
-+    if (size - strlen(buf) <= 2) return;
-     if (englob)
-         strcat(buf, ")");
-     switch (content->ocur) {
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
deleted file mode 100644
index 591075de3c..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-9049_CVE-2017-9050.patch
+++ /dev/null
@@ -1,291 +0,0 @@
-libxml2-2.9.4: Fix CVE-2017-9049 and CVE-2017-9050
-
-[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=781205
- -- https://bugzilla.gnome.org/show_bug.cgi?id=781361
-
-parser: Fix handling of parameter-entity references
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-Percent sign in DTD Names
-=========================
-
-The NEXTL macro used to call xmlParserHandlePEReference. When parsing
-"complex" names inside the DTD, this could result in entity expansion
-which created a new input buffer. The fix is to simply remove the call
-to xmlParserHandlePEReference from the NEXTL macro. This is safe because
-no users of the macro require expansion of parameter entities.
-
-- xmlParseNameComplex
-- xmlParseNCNameComplex
-- xmlParseNmtoken
-
-The percent sign is not allowed in names, which are grammatical tokens.
-
-- xmlParseEntityValue
-
-Parameter-entity references in entity values are expanded but this
-happens in a separate step in this function.
-
-- xmlParseSystemLiteral
-
-Parameter-entity references are ignored in the system literal.
-
-- xmlParseAttValueComplex
-- xmlParseCharDataComplex
-- xmlParseCommentComplex
-- xmlParsePI
-- xmlParseCDSect
-
-Parameter-entity references are ignored outside the DTD.
-
-- xmlLoadEntityContent
-
-This function is only called from xmlStringLenDecodeEntities and
-entities are replaced in a separate step immediately after the function
-call.
-
-This bug could also be triggered with an internal subset and double
-entity expansion.
-
-This fixes bug 766956 initially reported by Wei Lei and independently by
-Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
-involved.
-
-xmlParseNameComplex with XML_PARSE_OLD10
-========================================
-
-When parsing Names inside an expanded parameter entity with the
-XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
-GROW macro if the input buffer was exhausted. At the end of the
-parameter entity's replacement text, this function would then call
-xmlPopInput which invalidated the input buffer.
-
-There should be no need to invoke GROW in this situation because the
-buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
-at least for UTF-8, in xmlCurrentChar. This also matches the code path
-executed when XML_PARSE_OLD10 is not set.
-
-This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
-Thanks to Marcel Böhme and Thuan Pham for the report.
-
-Additional hardening
-====================
-
-A separate check was added in xmlParseNameComplex to validate the
-buffer size.
-
-Fixes bug 781205 and bug 781361
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74]
-CVE: CVE-2017-9049 CVE-2017-9050
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/Makefile.am b/Makefile.am
-index 9f988b0..dab15a4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -422,6 +422,24 @@ Errtests : xmllint$(EXEEXT)
- 	      if [ -n "$$log" ] ; then echo $$name result ; echo $$log ; fi ; \
- 	      rm result.$$name error.$$name ; \
- 	  fi ; fi ; done)
-+	@echo "## Error cases regression tests (old 1.0)"
-+	-@(for i in $(srcdir)/test/errors10/*.xml ; do \
-+	  name=`basename $$i`; \
-+	  if [ ! -d $$i ] ; then \
-+	  if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
-+	      echo New test file $$name ; \
-+	      $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
-+	         2> $(srcdir)/result/errors10/$$name.err \
-+		 > $(srcdir)/result/errors10/$$name ; \
-+	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
-+	  else \
-+	      log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
-+	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
-+	      diff $(srcdir)/result/errors10/$$name result.$$name ; \
-+	      diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
-+	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
-+	      rm result.$$name error.$$name ; \
-+	  fi ; fi ; done)
- 	@echo "## Error cases stream regression tests"
- 	-@(for i in $(srcdir)/test/errors/*.xml ; do \
- 	  name=`basename $$i`; \
-diff --git a/parser.c b/parser.c
-index 609a270..8e11c12 100644
---- a/parser.c
-+++ b/parser.c
-@@ -2115,7 +2115,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
- 	ctxt->input->line++; ctxt->input->col = 1;			\
-     } else ctxt->input->col++;						\
-     ctxt->input->cur += l;				\
--    if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt);	\
-   } while (0)
- 
- #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
-@@ -3406,13 +3405,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
- 	    len += l;
- 	    NEXTL(l);
- 	    c = CUR_CHAR(l);
--	    if (c == 0) {
--		count = 0;
--		GROW;
--                if (ctxt->instate == XML_PARSER_EOF)
--                    return(NULL);
--		c = CUR_CHAR(l);
--	    }
- 	}
-     }
-     if ((len > XML_MAX_NAME_LENGTH) &&
-@@ -3420,6 +3412,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
-         xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
-         return(NULL);
-     }
-+    if (ctxt->input->cur - ctxt->input->base < len) {
-+        /*
-+         * There were a couple of bugs where PERefs lead to to a change
-+         * of the buffer. Check the buffer size to avoid passing an invalid
-+         * pointer to xmlDictLookup.
-+         */
-+        xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
-+                    "unexpected change of input buffer");
-+        return (NULL);
-+    }
-     if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
-         return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
-     return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
-diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
-new file mode 100644
-index 0000000..da15c3f
---- /dev/null
-+++ b/result/errors10/781205.xml.err
-@@ -0,0 +1,21 @@
-+Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+ %a; 
-+    ^
-+Entity: line 1: 
-+<:0000
-+^
-+Entity: line 1: parser error : DOCTYPE improperly terminated
-+ %a; 
-+    ^
-+Entity: line 1: 
-+<:0000
-+^
-+namespace error : Failed to parse QName ':0000'
-+ %a; 
-+    ^
-+<:0000
-+      ^
-+./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
-+
-+^
-diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
-new file mode 100644
-index 0000000..655f41a
---- /dev/null
-+++ b/result/errors10/781361.xml.err
-@@ -0,0 +1,13 @@
-+./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
-+
-+^
-+./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
-+
-+
-+^
-+./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
-+
-+^
-+./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
-+
-+^
-diff --git a/result/valid/766956.xml b/result/valid/766956.xml
-new file mode 100644
-index 0000000..e69de29
-diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
-new file mode 100644
-index 0000000..34b1dae
---- /dev/null
-+++ b/result/valid/766956.xml.err
-@@ -0,0 +1,9 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+   ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent; 
-+      ^
-+Entity: line 1: 
-+value
-+^
-diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
-new file mode 100644
-index 0000000..7760346
---- /dev/null
-+++ b/result/valid/766956.xml.err.rdr
-@@ -0,0 +1,10 @@
-+test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
-+%ä%ent;
-+   ^
-+Entity: line 1: parser error : Content error in the external subset
-+ %ent; 
-+      ^
-+Entity: line 1: 
-+value
-+^
-+./test/valid/766956.xml : failed to parse
-diff --git a/runtest.c b/runtest.c
-index bb74d2a..63e8c20 100644
---- a/runtest.c
-+++ b/runtest.c
-@@ -4202,6 +4202,9 @@ testDesc testDescriptions[] = {
-     { "Error cases regression tests",
-       errParseTest, "./test/errors/*.xml", "result/errors/", "", ".err",
-       0 },
-+    { "Error cases regression tests (old 1.0)",
-+      errParseTest, "./test/errors10/*.xml", "result/errors10/", "", ".err",
-+      XML_PARSE_OLD10 },
- #ifdef LIBXML_READER_ENABLED
-     { "Error cases stream regression tests",
-       streamParseTest, "./test/errors/*.xml", "result/errors/", NULL, ".str",
-diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
-new file mode 100644
-index 0000000..d9e9e83
---- /dev/null
-+++ b/test/errors10/781205.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE D [
-+  <!ENTITY % a "<:0000">
-+  %a;
-diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
-new file mode 100644
-index 0000000..67476bc
---- /dev/null
-+++ b/test/errors10/781361.xml
-@@ -0,0 +1,3 @@
-+<!DOCTYPE doc [
-+  <!ENTITY % elem "<!ELEMENT e0000000000">
-+  %elem;
-diff --git a/test/valid/766956.xml b/test/valid/766956.xml
-new file mode 100644
-index 0000000..19a95a0
---- /dev/null
-+++ b/test/valid/766956.xml
-@@ -0,0 +1,2 @@
-+<!DOCTYPE test SYSTEM "dtds/766956.dtd">
-+<test/>
-diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
-new file mode 100644
-index 0000000..dddde68
---- /dev/null
-+++ b/test/valid/dtds/766956.dtd
-@@ -0,0 +1,2 @@
-+<!ENTITY % ent "value">
-+%ä%ent;
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
deleted file mode 100644
index c60e32f656..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_NULL_pointer_derefs.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-libxml2-2.9.4: Fix more NULL pointer derefs
-
-xpointer: Fix more NULL pointer derefs
-
-Upstream-Status: Backport [https://git.gnome.org/browse/libxml2/commit/?id=e905f08123e4a6e7731549e6f09dadff4cab65bd]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/xpointer.c b/xpointer.c
-index 676c510..074db24 100644
---- a/xpointer.c
-+++ b/xpointer.c
-@@ -555,7 +555,7 @@ xmlXPtrNewRangeNodeObject(xmlNodePtr start, xmlXPathObjectPtr end) {
- 	    /*
- 	     * Empty set ...
- 	     */
--	    if (end->nodesetval->nodeNr <= 0)
-+	    if ((end->nodesetval == NULL) || (end->nodesetval->nodeNr <= 0))
- 		return(NULL);
- 	    break;
- 	default:
-@@ -1400,7 +1400,7 @@ xmlXPtrEval(const xmlChar *str, xmlXPathContextPtr ctx) {
- 		     */
- 		    xmlNodeSetPtr set;
- 		    set = tmp->nodesetval;
--		    if ((set->nodeNr != 1) ||
-+		    if ((set == NULL) || (set->nodeNr != 1) ||
- 			(set->nodeTab[0] != (xmlNodePtr) ctx->doc))
- 			stack++;
- 		} else
-@@ -2073,9 +2073,11 @@ xmlXPtrRangeFunction(xmlXPathParserContextPtr ctxt, int nargs) {
- 	xmlXPathFreeObject(set);
-         XP_ERROR(XPATH_MEMORY_ERROR);
-     }
--    for (i = 0;i < oldset->locNr;i++) {
--	xmlXPtrLocationSetAdd(newset,
--		xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+    if (oldset != NULL) {
-+	for (i = 0;i < oldset->locNr;i++) {
-+	  xmlXPtrLocationSetAdd(newset,
-+		  xmlXPtrCoveringRange(ctxt, oldset->locTab[i]));
-+      }
-     }
- 
-     /*
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
deleted file mode 100644
index faa57701f5..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_and_simplify_xmlParseStartTag2.patch
+++ /dev/null
@@ -1,590 +0,0 @@
-libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2
-
-[No upstream tracking]
-
-parser: Avoid reparsing in xmlParseStartTag2
-
-The code in xmlParseStartTag2 must handle the case that the input
-buffer was grown and reallocated which can invalidate pointers to
-attribute values. Before, this was handled by detecting changes of
-the input buffer "base" pointer and, in case of a change, jumping
-back to the beginning of the function and reparsing the start tag.
-
-The major problem of this approach is that whether an input buffer is
-reallocated is nondeterministic, resulting in seemingly random test
-failures. See the mailing list thread "runtest mystery bug: name2.xml
-error case regression test" from 2012, for example.
-
-If a reallocation was detected, the code also made no attempts to
-continue parsing in case of errors which makes a difference in
-the lax "recover" mode.
-
-Now we store the current input buffer "base" pointer for each (not
-separately allocated) attribute in the namespace URI field, which isn't
-used until later. After the whole start tag was parsed, the pointers to
-the attribute values are reconstructed using the offset between the
-new and the old input buffer. This relies on arithmetic on dangling
-pointers which is technically undefined behavior. But it seems like
-the easiest and most efficient fix and a similar approach is used in
-xmlParserInputGrow.
-
-This changes the error output of several tests, typically making it
-more verbose because we try harder to continue parsing in case of errors.
-
-(Another possible solution is to check not only the "base" pointer
-but the size of the input buffer as well. But this would result in
-even more reparsing.)
-
-Remove some goto labels and deduplicate a bit of code after handling
-namespaces.
-
-There were two bugs where parameter-entity references could lead to an
-unexpected change of the input buffer in xmlParseNameComplex and
-xmlDictLookup being called with an invalid pointer.
-
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=07b7428b69c368611d215a140fe630b2d1e61349]
- - [https://git.gnome.org/browse/libxml2/commit/?id=855c19efb7cd30d927d673b3658563c4959ca6f0]
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-
-diff --git a/parser.c b/parser.c
-index 609a270..74016e3 100644
---- a/parser.c
-+++ b/parser.c
-@@ -43,6 +43,7 @@
- #include <limits.h>
- #include <string.h>
- #include <stdarg.h>
-+#include <stddef.h>
- #include <libxml/xmlmemory.h>
- #include <libxml/threads.h>
- #include <libxml/globals.h>
-@@ -9377,8 +9378,7 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
-     const xmlChar **atts = ctxt->atts;
-     int maxatts = ctxt->maxatts;
-     int nratts, nbatts, nbdef;
--    int i, j, nbNs, attval, oldline, oldcol, inputNr;
--    const xmlChar *base;
-+    int i, j, nbNs, attval;
-     unsigned long cur;
-     int nsNr = ctxt->nsNr;
- 
-@@ -9392,13 +9392,8 @@ xmlParseStartTag2(xmlParserCtxtPtr ctxt, const xmlChar **pref,
-      *       The Shrinking is only possible once the full set of attribute
-      *       callbacks have been done.
-      */
--reparse:
-     SHRINK;
--    base = ctxt->input->base;
-     cur = ctxt->input->cur - ctxt->input->base;
--    inputNr = ctxt->inputNr;
--    oldline = ctxt->input->line;
--    oldcol = ctxt->input->col;
-     nbatts = 0;
-     nratts = 0;
-     nbdef = 0;
-@@ -9422,8 +9417,6 @@ reparse:
-      */
-     SKIP_BLANKS;
-     GROW;
--    if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
--        goto base_changed;
- 
-     while (((RAW != '>') &&
- 	   ((RAW != '/') || (NXT(1) != '>')) &&
-@@ -9434,203 +9427,174 @@ reparse:
- 
- 	attname = xmlParseAttribute2(ctxt, prefix, localname,
- 	                             &aprefix, &attvalue, &len, &alloc);
--	if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr)) {
--	    if ((attvalue != NULL) && (alloc != 0))
--	        xmlFree(attvalue);
--	    attvalue = NULL;
--	    goto base_changed;
--	}
--        if ((attname != NULL) && (attvalue != NULL)) {
--	    if (len < 0) len = xmlStrlen(attvalue);
--            if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
--	        const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
--		xmlURIPtr uri;
--
--                if (URL == NULL) {
--		    xmlErrMemory(ctxt, "dictionary allocation failure");
--		    if ((attvalue != NULL) && (alloc != 0))
--			xmlFree(attvalue);
--		    return(NULL);
--		}
--                if (*URL != 0) {
--		    uri = xmlParseURI((const char *) URL);
--		    if (uri == NULL) {
--			xmlNsErr(ctxt, XML_WAR_NS_URI,
--			         "xmlns: '%s' is not a valid URI\n",
--					   URL, NULL, NULL);
--		    } else {
--			if (uri->scheme == NULL) {
--			    xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
--				      "xmlns: URI %s is not absolute\n",
--				      URL, NULL, NULL);
--			}
--			xmlFreeURI(uri);
--		    }
--		    if (URL == ctxt->str_xml_ns) {
--			if (attname != ctxt->str_xml) {
--			    xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
--			 "xml namespace URI cannot be the default namespace\n",
--				     NULL, NULL, NULL);
--			}
--			goto skip_default_ns;
--		    }
--		    if ((len == 29) &&
--			(xmlStrEqual(URL,
--				 BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
--			xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
--			     "reuse of the xmlns namespace name is forbidden\n",
--				 NULL, NULL, NULL);
--			goto skip_default_ns;
--		    }
--		}
--		/*
--		 * check that it's not a defined namespace
--		 */
--		for (j = 1;j <= nbNs;j++)
--		    if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
--			break;
--		if (j <= nbNs)
--		    xmlErrAttributeDup(ctxt, NULL, attname);
--		else
--		    if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
--skip_default_ns:
--		if ((attvalue != NULL) && (alloc != 0)) {
--		    xmlFree(attvalue);
--		    attvalue = NULL;
--		}
--		if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
--		    break;
--		if (!IS_BLANK_CH(RAW)) {
--		    xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
--				   "attributes construct error\n");
--		    break;
--		}
--		SKIP_BLANKS;
--		if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
--		    goto base_changed;
--		continue;
--	    }
--            if (aprefix == ctxt->str_xmlns) {
--	        const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
--		xmlURIPtr uri;
--
--                if (attname == ctxt->str_xml) {
--		    if (URL != ctxt->str_xml_ns) {
--		        xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
--			         "xml namespace prefix mapped to wrong URI\n",
--			         NULL, NULL, NULL);
--		    }
--		    /*
--		     * Do not keep a namespace definition node
--		     */
--		    goto skip_ns;
--		}
-+        if ((attname == NULL) || (attvalue == NULL))
-+            goto next_attr;
-+	if (len < 0) len = xmlStrlen(attvalue);
-+
-+        if ((attname == ctxt->str_xmlns) && (aprefix == NULL)) {
-+            const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+            xmlURIPtr uri;
-+
-+            if (URL == NULL) {
-+                xmlErrMemory(ctxt, "dictionary allocation failure");
-+                if ((attvalue != NULL) && (alloc != 0))
-+                    xmlFree(attvalue);
-+                return(NULL);
-+            }
-+            if (*URL != 0) {
-+                uri = xmlParseURI((const char *) URL);
-+                if (uri == NULL) {
-+                    xmlNsErr(ctxt, XML_WAR_NS_URI,
-+                             "xmlns: '%s' is not a valid URI\n",
-+                                       URL, NULL, NULL);
-+                } else {
-+                    if (uri->scheme == NULL) {
-+                        xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+                                  "xmlns: URI %s is not absolute\n",
-+                                  URL, NULL, NULL);
-+                    }
-+                    xmlFreeURI(uri);
-+                }
-                 if (URL == ctxt->str_xml_ns) {
--		    if (attname != ctxt->str_xml) {
--		        xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
--			         "xml namespace URI mapped to wrong prefix\n",
--			         NULL, NULL, NULL);
--		    }
--		    goto skip_ns;
--		}
--                if (attname == ctxt->str_xmlns) {
--		    xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
--			     "redefinition of the xmlns prefix is forbidden\n",
--			     NULL, NULL, NULL);
--		    goto skip_ns;
--		}
--		if ((len == 29) &&
--		    (xmlStrEqual(URL,
--		                 BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
--		    xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
--			     "reuse of the xmlns namespace name is forbidden\n",
--			     NULL, NULL, NULL);
--		    goto skip_ns;
--		}
--		if ((URL == NULL) || (URL[0] == 0)) {
--		    xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
--		             "xmlns:%s: Empty XML namespace is not allowed\n",
--			          attname, NULL, NULL);
--		    goto skip_ns;
--		} else {
--		    uri = xmlParseURI((const char *) URL);
--		    if (uri == NULL) {
--			xmlNsErr(ctxt, XML_WAR_NS_URI,
--			     "xmlns:%s: '%s' is not a valid URI\n",
--					   attname, URL, NULL);
--		    } else {
--			if ((ctxt->pedantic) && (uri->scheme == NULL)) {
--			    xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
--				      "xmlns:%s: URI %s is not absolute\n",
--				      attname, URL, NULL);
--			}
--			xmlFreeURI(uri);
--		    }
--		}
--
--		/*
--		 * check that it's not a defined namespace
--		 */
--		for (j = 1;j <= nbNs;j++)
--		    if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
--			break;
--		if (j <= nbNs)
--		    xmlErrAttributeDup(ctxt, aprefix, attname);
--		else
--		    if (nsPush(ctxt, attname, URL) > 0) nbNs++;
--skip_ns:
--		if ((attvalue != NULL) && (alloc != 0)) {
--		    xmlFree(attvalue);
--		    attvalue = NULL;
--		}
--		if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
--		    break;
--		if (!IS_BLANK_CH(RAW)) {
--		    xmlFatalErrMsg(ctxt, XML_ERR_SPACE_REQUIRED,
--				   "attributes construct error\n");
--		    break;
--		}
--		SKIP_BLANKS;
--		if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
--		    goto base_changed;
--		continue;
--	    }
-+                    if (attname != ctxt->str_xml) {
-+                        xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+                     "xml namespace URI cannot be the default namespace\n",
-+                                 NULL, NULL, NULL);
-+                    }
-+                    goto next_attr;
-+                }
-+                if ((len == 29) &&
-+                    (xmlStrEqual(URL,
-+                             BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+                    xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+                         "reuse of the xmlns namespace name is forbidden\n",
-+                             NULL, NULL, NULL);
-+                    goto next_attr;
-+                }
-+            }
-+            /*
-+             * check that it's not a defined namespace
-+             */
-+            for (j = 1;j <= nbNs;j++)
-+                if (ctxt->nsTab[ctxt->nsNr - 2 * j] == NULL)
-+                    break;
-+            if (j <= nbNs)
-+                xmlErrAttributeDup(ctxt, NULL, attname);
-+            else
-+                if (nsPush(ctxt, NULL, URL) > 0) nbNs++;
-+
-+        } else if (aprefix == ctxt->str_xmlns) {
-+            const xmlChar *URL = xmlDictLookup(ctxt->dict, attvalue, len);
-+            xmlURIPtr uri;
-+
-+            if (attname == ctxt->str_xml) {
-+                if (URL != ctxt->str_xml_ns) {
-+                    xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+                             "xml namespace prefix mapped to wrong URI\n",
-+                             NULL, NULL, NULL);
-+                }
-+                /*
-+                 * Do not keep a namespace definition node
-+                 */
-+                goto next_attr;
-+            }
-+            if (URL == ctxt->str_xml_ns) {
-+                if (attname != ctxt->str_xml) {
-+                    xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+                             "xml namespace URI mapped to wrong prefix\n",
-+                             NULL, NULL, NULL);
-+                }
-+                goto next_attr;
-+            }
-+            if (attname == ctxt->str_xmlns) {
-+                xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+                         "redefinition of the xmlns prefix is forbidden\n",
-+                         NULL, NULL, NULL);
-+                goto next_attr;
-+            }
-+            if ((len == 29) &&
-+                (xmlStrEqual(URL,
-+                             BAD_CAST "http://www.w3.org/2000/xmlns/"))) {
-+                xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+                         "reuse of the xmlns namespace name is forbidden\n",
-+                         NULL, NULL, NULL);
-+                goto next_attr;
-+            }
-+            if ((URL == NULL) || (URL[0] == 0)) {
-+                xmlNsErr(ctxt, XML_NS_ERR_XML_NAMESPACE,
-+                         "xmlns:%s: Empty XML namespace is not allowed\n",
-+                              attname, NULL, NULL);
-+                goto next_attr;
-+            } else {
-+                uri = xmlParseURI((const char *) URL);
-+                if (uri == NULL) {
-+                    xmlNsErr(ctxt, XML_WAR_NS_URI,
-+                         "xmlns:%s: '%s' is not a valid URI\n",
-+                                       attname, URL, NULL);
-+                } else {
-+                    if ((ctxt->pedantic) && (uri->scheme == NULL)) {
-+                        xmlNsWarn(ctxt, XML_WAR_NS_URI_RELATIVE,
-+                                  "xmlns:%s: URI %s is not absolute\n",
-+                                  attname, URL, NULL);
-+                    }
-+                    xmlFreeURI(uri);
-+                }
-+            }
- 
--	    /*
--	     * Add the pair to atts
--	     */
--	    if ((atts == NULL) || (nbatts + 5 > maxatts)) {
--	        if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
--		    if (attvalue[len] == 0)
--			xmlFree(attvalue);
--		    goto failed;
--		}
--	        maxatts = ctxt->maxatts;
--		atts = ctxt->atts;
--	    }
--	    ctxt->attallocs[nratts++] = alloc;
--	    atts[nbatts++] = attname;
--	    atts[nbatts++] = aprefix;
--	    atts[nbatts++] = NULL; /* the URI will be fetched later */
--	    atts[nbatts++] = attvalue;
--	    attvalue += len;
--	    atts[nbatts++] = attvalue;
--	    /*
--	     * tag if some deallocation is needed
--	     */
--	    if (alloc != 0) attval = 1;
--	} else {
--	    if ((attvalue != NULL) && (attvalue[len] == 0))
--		xmlFree(attvalue);
--	}
-+            /*
-+             * check that it's not a defined namespace
-+             */
-+            for (j = 1;j <= nbNs;j++)
-+                if (ctxt->nsTab[ctxt->nsNr - 2 * j] == attname)
-+                    break;
-+            if (j <= nbNs)
-+                xmlErrAttributeDup(ctxt, aprefix, attname);
-+            else
-+                if (nsPush(ctxt, attname, URL) > 0) nbNs++;
-+
-+        } else {
-+            /*
-+             * Add the pair to atts
-+             */
-+            if ((atts == NULL) || (nbatts + 5 > maxatts)) {
-+                if (xmlCtxtGrowAttrs(ctxt, nbatts + 5) < 0) {
-+                    goto next_attr;
-+                }
-+                maxatts = ctxt->maxatts;
-+                atts = ctxt->atts;
-+            }
-+            ctxt->attallocs[nratts++] = alloc;
-+            atts[nbatts++] = attname;
-+            atts[nbatts++] = aprefix;
-+            /*
-+             * The namespace URI field is used temporarily to point at the
-+             * base of the current input buffer for non-alloced attributes.
-+             * When the input buffer is reallocated, all the pointers become
-+             * invalid, but they can be reconstructed later.
-+             */
-+            if (alloc)
-+                atts[nbatts++] = NULL;
-+            else
-+                atts[nbatts++] = ctxt->input->base;
-+            atts[nbatts++] = attvalue;
-+            attvalue += len;
-+            atts[nbatts++] = attvalue;
-+            /*
-+             * tag if some deallocation is needed
-+             */
-+            if (alloc != 0) attval = 1;
-+            attvalue = NULL; /* moved into atts */
-+        }
- 
--failed:
-+next_attr:
-+        if ((attvalue != NULL) && (alloc != 0)) {
-+            xmlFree(attvalue);
-+            attvalue = NULL;
-+        }
- 
- 	GROW
-         if (ctxt->instate == XML_PARSER_EOF)
-             break;
--	if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
--	    goto base_changed;
- 	if ((RAW == '>') || (((RAW == '/') && (NXT(1) == '>'))))
- 	    break;
- 	if (!IS_BLANK_CH(RAW)) {
-@@ -9646,8 +9610,20 @@ failed:
- 	    break;
- 	}
-         GROW;
--	if ((ctxt->input->base != base) || (inputNr != ctxt->inputNr))
--	    goto base_changed;
-+    }
-+
-+    /* Reconstruct attribute value pointers. */
-+    for (i = 0, j = 0; j < nratts; i += 5, j++) {
-+        if (atts[i+2] != NULL) {
-+            /*
-+             * Arithmetic on dangling pointers is technically undefined
-+             * behavior, but well...
-+             */
-+            ptrdiff_t offset = ctxt->input->base - atts[i+2];
-+            atts[i+2]  = NULL;    /* Reset repurposed namespace URI */
-+            atts[i+3] += offset;  /* value */
-+            atts[i+4] += offset;  /* valuend */
-+        }
-     }
- 
-     /*
-@@ -9804,34 +9780,6 @@ failed:
-     }
- 
-     return(localname);
--
--base_changed:
--    /*
--     * the attribute strings are valid iif the base didn't changed
--     */
--    if (attval != 0) {
--	for (i = 3,j = 0; j < nratts;i += 5,j++)
--	    if ((ctxt->attallocs[j] != 0) && (atts[i] != NULL))
--	        xmlFree((xmlChar *) atts[i]);
--    }
--
--    /*
--     * We can't switch from one entity to another in the middle
--     * of a start tag
--     */
--    if (inputNr != ctxt->inputNr) {
--        xmlFatalErrMsg(ctxt, XML_ERR_ENTITY_BOUNDARY,
--		    "Start tag doesn't start and stop in the same entity\n");
--	return(NULL);
--    }
--
--    ctxt->input->cur = ctxt->input->base + cur;
--    ctxt->input->line = oldline;
--    ctxt->input->col = oldcol;
--    if (ctxt->wellFormed == 1) {
--	goto reparse;
--    }
--    return(NULL);
- }
- 
- /**
-diff --git a/result/errors/759398.xml.err b/result/errors/759398.xml.err
-index e08d9bf..f6036a3 100644
---- a/result/errors/759398.xml.err
-+++ b/result/errors/759398.xml.err
-@@ -1,9 +1,12 @@
- ./test/errors/759398.xml:210: parser error : StartTag: invalid element name
- need to worry about parsers whi<! don't expand PErefs finding
-                                 ^
--./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: spec line 50 and termdef
-+./test/errors/759398.xml:309: parser error : Opening and ending tag mismatch: №№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№№m line 308 and termdef
- and provide access to their content and structure.</termdef> <termdef
-                                                             ^
--./test/errors/759398.xml:309: parser error : Extra content at the end of the document
--and provide access to their content and structure.</termdef> <termdef
--                                                             ^
-+./test/errors/759398.xml:314: parser error : Opening and ending tag mismatch: spec line 50 and p
-+data and the information it must provide to the application.</p>
-+                                                                ^
-+./test/errors/759398.xml:316: parser error : Extra content at the end of the document
-+<div2 id='sec-origin-goals'>
-+^
-diff --git a/result/errors/attr1.xml.err b/result/errors/attr1.xml.err
-index 4f08538..c4c4fc8 100644
---- a/result/errors/attr1.xml.err
-+++ b/result/errors/attr1.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr1.xml:2: parser error : AttValue: ' expected
- 
- ^
--./test/errors/attr1.xml:1: parser error : Extra content at the end of the document
--<foo foo="oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr1.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr1.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/attr2.xml.err b/result/errors/attr2.xml.err
-index c8a9c7d..77e342e 100644
---- a/result/errors/attr2.xml.err
-+++ b/result/errors/attr2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/attr2.xml:2: parser error : AttValue: ' expected
- 
- ^
--./test/errors/attr2.xml:1: parser error : Extra content at the end of the document
--<foo foo=">ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/attr2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/attr2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
-diff --git a/result/errors/name2.xml.err b/result/errors/name2.xml.err
-index a6649a1..8a6acee 100644
---- a/result/errors/name2.xml.err
-+++ b/result/errors/name2.xml.err
-@@ -1,6 +1,9 @@
- ./test/errors/name2.xml:2: parser error : Specification mandate value for attribute foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- 
- ^
--./test/errors/name2.xml:1: parser error : Extra content at the end of the document
--<foo foooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
-- ^
-+./test/errors/name2.xml:2: parser error : attributes construct error
-+
-+^
-+./test/errors/name2.xml:2: parser error : Couldn't find end of Start Tag foo line 1
-+
-+^
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch b/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
deleted file mode 100644
index 65f6bef1e6..0000000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-fix_node_comparison.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-libxml2-2.9.4: Fix comparison with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer
-
-xpath:
- - Check for errors after evaluating first operand.
- - Add sanity check for empty stack.
- - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
-
-Upstream-Status: Backport
- - [https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b]
- - [https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8]
-CVE: CVE-2016-5131
-Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
-Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
-
-diff --git a/result/XPath/xptr/viderror b/result/XPath/xptr/viderror
-new file mode 100644
-index 0000000..d589882
---- /dev/null
-+++ b/result/XPath/xptr/viderror
-@@ -0,0 +1,4 @@
-+
-+========================
-+Expression: xpointer(non-existing-fn()/range-to(id('chapter2')))
-+Object is empty (NULL)
-diff --git a/test/XPath/xptr/viderror b/test/XPath/xptr/viderror
-new file mode 100644
-index 0000000..da8c53b
---- /dev/null
-+++ b/test/XPath/xptr/viderror
-@@ -0,0 +1 @@
-+xpointer(non-existing-fn()/range-to(id('chapter2')))
-diff --git a/xpath.c b/xpath.c
-index 113bce6..d992841 100644
---- a/xpath.c
-+++ b/xpath.c
-@@ -3342,13 +3342,13 @@ xmlXPathCmpNodes(xmlNodePtr node1, xmlNodePtr node2) {
-      * compute depth to root
-      */
-     for (depth2 = 0, cur = node2;cur->parent != NULL;cur = cur->parent) {
--	if (cur == node1)
-+	if (cur->parent == node1)
- 	    return(1);
- 	depth2++;
-     }
-     root = cur;
-     for (depth1 = 0, cur = node1;cur->parent != NULL;cur = cur->parent) {
--	if (cur == node2)
-+	if (cur->parent == node2)
- 	    return(-1);
- 	depth1++;
-     }
-@@ -14005,9 +14005,14 @@ xmlXPathCompOpEval(xmlXPathParserContextPtr ctxt, xmlXPathStepOpPtr op)
-                 xmlNodeSetPtr oldset;
-                 int i, j;
- 
--                if (op->ch1 != -1)
-+                if (op->ch1 != -1) {
-                     total +=
-                         xmlXPathCompOpEval(ctxt, &comp->steps[op->ch1]);
-+                    CHECK_ERROR0;
-+                }
-+                if (ctxt->value == NULL) {
-+                    XP_ERROR0(XPATH_INVALID_OPERAND);
-+                }
-                 if (op->ch2 == -1)
-                     return (total);
- 
diff --git a/meta/recipes-core/libxml/libxml2/runtest.patch b/meta/recipes-core/libxml/libxml2/runtest.patch
index 6e56857caf..cb171d5b36 100644
--- a/meta/recipes-core/libxml/libxml2/runtest.patch
+++ b/meta/recipes-core/libxml/libxml2/runtest.patch
@@ -2,47 +2,29 @@ Add 'install-ptest' rule.
 Print a standard result line for each test.
 
 Signed-off-by: Mihaela Sendrea <mihaela.sendrea@enea.com>
-Signed-off-by: Andrej Valek <andrej.valek@enea.com>
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
 Upstream-Status: Backport
 
 diff -uNr a/Makefile.am b/Makefile.am
---- a/Makefile.am	2016-05-22 03:49:02.000000000 +0200
-+++ b/Makefile.am	2017-06-14 10:38:43.381305385 +0200
-@@ -202,10 +202,24 @@
+--- a/Makefile.am	2017-08-28 15:01:14.000000000 +0200
++++ b/Makefile.am	2017-09-05 08:06:05.752287323 +0200
+@@ -202,6 +202,15 @@
  #testOOM_DEPENDENCIES = $(DEPS)
  #testOOM_LDADD= $(LDADDS)
  
 +install-ptest:
 +	@(if [ -d .libs ] ; then cd .libs; fi; \
-+	install $(noinst_PROGRAMS) $(DESTDIR))
++	install $(check_PROGRAMS) $(DESTDIR))
 +	cp -r $(srcdir)/test $(DESTDIR)
 +	cp -r $(srcdir)/result $(DESTDIR)
 +	cp -r $(srcdir)/python $(DESTDIR)
 +	cp Makefile $(DESTDIR)
 +	sed -i -e 's|^Makefile:|_Makefile:|' $(DESTDIR)/Makefile
 +
- runtests:
+ runtests: runtest$(EXEEXT) testrecurse$(EXEEXT) testapi$(EXEEXT) \
+           testchar$(EXEEXT) testdict$(EXEEXT) runxmlconf$(EXEEXT)
  	[ -d test   ] || $(LN_S) $(srcdir)/test   .
- 	[ -d result ] || $(LN_S) $(srcdir)/result .
--	$(CHECKER) ./runtest$(EXEEXT) && $(CHECKER) ./testrecurse$(EXEEXT) &&$(CHECKER) ./testapi$(EXEEXT) && $(CHECKER) ./testchar$(EXEEXT)&& $(CHECKER) ./testdict$(EXEEXT) && $(CHECKER) ./runxmlconf$(EXEEXT)
-+	$(CHECKER) ./runtest$(EXEEXT) && \
-+	    $(CHECKER) ./testrecurse$(EXEEXT) && \
-+	    ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) ./testapi$(EXEEXT) && \
-+	    $(CHECKER) ./testchar$(EXEEXT) && \
-+	    $(CHECKER) ./testdict$(EXEEXT) && \
-+	    $(CHECKER) ./runxmlconf$(EXEEXT)
- 	@(if [ "$(PYTHON_SUBDIR)" != "" ] ; then cd python ; \
- 	    $(MAKE) tests ; fi)
- 
-@@ -229,7 +243,7 @@
- 
- APItests: testapi$(EXEEXT)
- 	@echo "## Running the API regression tests this may take a little while"
--	-@($(CHECKER) $(top_builddir)/testapi -q)
-+	-@(ASAN_OPTIONS="$$ASAN_OPTIONS:detect_leaks=0" $(CHECKER) $(top_builddir)/testapi -q)
- 
- HTMLtests : testHTML$(EXEEXT)
- 	@(echo > .memdump)
+
 diff -uNr a/runsuite.c b/runsuite.c
 --- a/runsuite.c	2013-04-12 16:17:11.462823238 +0200
 +++ b/runsuite.c	2013-04-17 14:07:24.352693211 +0200
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb b/meta/recipes-core/libxml/libxml2_2.9.5.bb
index 9adb29cfdd..27e1a8e7b1 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.5.bb
@@ -19,21 +19,12 @@ SRC_URI = "http://www.xmlsoft.org/sources/libxml2-${PV}.tar.gz;name=libtar \
            file://run-ptest \
            file://python-sitepackages-dir.patch \
            file://libxml-m4-use-pkgconfig.patch \
-           file://libxml2-fix_node_comparison.patch \
-           file://libxml2-CVE-2016-5131.patch \
-           file://libxml2-CVE-2016-4658.patch \
-           file://libxml2-fix_NULL_pointer_derefs.patch \
-           file://libxml2-fix_and_simplify_xmlParseStartTag2.patch \
-           file://libxml2-CVE-2017-9047_CVE-2017-9048.patch \
-           file://libxml2-CVE-2017-9049_CVE-2017-9050.patch \
-           file://libxml2-CVE-2017-5969.patch \
-           file://libxml2-CVE-2017-0663.patch \
-           file://libxml2-CVE-2017-8872.patch \
            file://0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch \
+           file://fix-execution-of-ptests.patch \
            "
 
-SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
-SRC_URI[libtar.sha256sum] = "ffb911191e509b966deb55de705387f14156e1a56b21824357cdf0053233633c"
+SRC_URI[libtar.md5sum] = "5ce0da9bdaa267b40c4ca36d35363b8b"
+SRC_URI[libtar.sha256sum] = "4031c1ecee9ce7ba4f313e91ef6284164885cdb69937a123f6a83bb6a72dcd38"
 SRC_URI[testtar.md5sum] = "ae3d1ebe000a3972afa104ca7f0e1b4a"
 SRC_URI[testtar.sha256sum] = "96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7"
 
@@ -81,6 +72,10 @@ do_configure_prepend () {
 	find ${WORKDIR}/xmlconf/ -type f -exec chmod -x {} \+
 }
 
+do_compile_ptest() {
+	oe_runmake check-am
+}
+
 do_install_ptest () {
 	cp -r ${WORKDIR}/xmlconf ${D}${PTEST_PATH}
 	if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb
index be37c44210..d98a9c901c 100644
--- a/meta/recipes-core/meta/buildtools-tarball.bb
+++ b/meta/recipes-core/meta/buildtools-tarball.bb
@@ -21,7 +21,6 @@ TOOLCHAIN_HOST_TASK ?= "\
     nativesdk-wget \
     nativesdk-ca-certificates \
     nativesdk-texinfo \
-    nativesdk-locale-base-en-us \
     "
 
 MULTIMACH_TARGET_SYS = "${SDK_ARCH}-nativesdk${SDK_VENDOR}-${SDK_OS}"
diff --git a/meta/recipes-core/musl/musl.inc b/meta/recipes-core/musl/musl.inc
index 56c9d7fe17..9af1172ae0 100644
--- a/meta/recipes-core/musl/musl.inc
+++ b/meta/recipes-core/musl/musl.inc
@@ -26,3 +26,8 @@ INSANE_SKIP_${PN} = "dev-so"
 # Doesn't compile in MIPS16e mode due to use of hand-written
 # assembly
 MIPS_INSTRUCTION_SET = "mips"
+
+# thumb1 is unsupported
+ARM_INSTRUCTION_SET_armv5 = "arm"
+ARM_INSTRUCTION_SET_armv4 = "arm"
+
diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb
index bd7573e0f3..db26b4fef2 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -3,9 +3,9 @@
 
 require musl.inc
 
-SRCREV = "da438ee1fc516c41ba1790cef7be551a9e244397"
+SRCREV = "eb03bde2f24582874cb72b56c7811bf51da0c817"
 
-PV = "1.1.16+git${SRCPV}"
+PV = "1.1.18+git${SRCPV}"
 
 # mirror is at git://github.com/kraj/musl.git
 
@@ -57,10 +57,11 @@ do_install() {
 	oe_runmake install DESTDIR='${D}'
 
 	install -d ${D}${bindir}
+	rm -f ${D}${bindir}/ldd
 	lnr ${D}${libdir}/libc.so ${D}${bindir}/ldd
 	for l in crypt dl m pthread resolv rt util xnet
 	do
-		ln -s libc.so ${D}${libdir}/lib$l.so
+		ln -sf libc.so ${D}${libdir}/lib$l.so
 	done
 }
 
diff --git a/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch b/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch
deleted file mode 100644
index a19332c4b2..0000000000
--- a/meta/recipes-core/ncurses/files/CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch
+++ /dev/null
@@ -1,541 +0,0 @@
-From 4bf72cb8f1d3aa5f33c31eb817a5f0338f4aaf6f Mon Sep 17 00:00:00 2001
-From: Ovidiu Panait <ovidiu.panait@windriver.com>
-Date: Wed, 20 Sep 2017 05:02:00 +0000
-Subject: [PATCH] Import upstream patch 20170826
-
-20170826
-	+ fixes for "iterm2" (report by Leonardo Brondani Schenkel) -TD
-	+ corrected a warning from tic about keys which are the same, to skip
-	  over missing/cancelled values.
-	+ add check in tic for unnecessary use of "2" to denote a shifted
-	  special key.
-	+ improve checks in trim_sgr0, comp_parse.c and parse_entry.c, for
-	  cancelled string capabilities.
-	+ add check in _nc_parse_entry() for invalid entry name, setting the
-	  name to "invalid" to avoid problems storing entries.
-	+ add/improve checks in tic's parser to address invalid input
-	  + add a check in comp_scan.c to handle the special case where a
-	    nontext file ending with a NUL rather than newline is given to tic
-	    as input (Redhat #1484274).
-	  + allow for cancelled capabilities in _nc_save_str (Redhat #1484276).
-	  + add validity checks for "use=" target in _nc_parse_entry (Redhat
-	    #1484284).
-	  + check for invalid strings in postprocess_termcap (Redhat #1484285)
-	  + reset secondary pointers on EOF in next_char() (Redhat #1484287).
-	  + guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using
-	    cancelled strings (Redhat #1484291).
-	+ correct typo in curs_memleaks.3x (Sven Joachim).
-	+ improve test/configure checks for some curses variants not based on
-	  X/Open Curses.
-	+ add options for test/configure to disable checks for form, menu and
-	  panel libraries.
-
-Upstream-Status: Backport
-CVE: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730, CVE-2017-13729, CVE-2017-13728, CVE-2017-13731
- 
-
-Author: Sven Joachim <svenjoac@gmx.de>
-Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
----
- dist.mk                     |  4 +-
- include/ncurses_defs        |  4 +-
- ncurses/tinfo/alloc_entry.c |  4 +-
- ncurses/tinfo/comp_parse.c  | 10 ++---
- ncurses/tinfo/comp_scan.c   |  6 ++-
- ncurses/tinfo/parse_entry.c | 91 ++++++++++++++++++++++++++++++---------------
- ncurses/tinfo/strings.c     |  9 +++--
- ncurses/tinfo/trim_sgr0.c   |  4 +-
- progs/tic.c                 | 75 ++++++++++++++++++++++++++++++++++++-
- 9 files changed, 157 insertions(+), 50 deletions(-)
-
-diff --git a/dist.mk b/dist.mk
-index 9af2699..2c70472 100644
---- a/dist.mk
-+++ b/dist.mk
-@@ -25,7 +25,7 @@
- # use or other dealings in this Software without prior written               #
- # authorization.                                                             #
- ##############################################################################
--# $Id: dist.mk,v 1.1172 2017/07/13 00:15:27 tom Exp $
-+# $Id: dist.mk,v 1.1179 2017/08/20 15:33:41 tom Exp $
- # Makefile for creating ncurses distributions.
- #
- # This only needs to be used directly as a makefile by developers, but
-@@ -37,7 +37,7 @@ SHELL = /bin/sh
- # These define the major/minor/patch versions of ncurses.
- NCURSES_MAJOR = 6
- NCURSES_MINOR = 0
--NCURSES_PATCH = 20170715
-+NCURSES_PATCH = 20170826
- 
- # We don't append the patch to the version, since this only applies to releases
- VERSION = $(NCURSES_MAJOR).$(NCURSES_MINOR)
-diff --git a/include/ncurses_defs b/include/ncurses_defs
-index e6611b7..d237db1 100644
---- a/include/ncurses_defs
-+++ b/include/ncurses_defs
-@@ -1,4 +1,4 @@
--# $Id: ncurses_defs,v 1.73 2017/06/24 14:20:57 tom Exp $
-+# $Id: ncurses_defs,v 1.75 2017/08/20 16:50:04 tom Exp $
- ##############################################################################
- # Copyright (c) 2000-2016,2017 Free Software Foundation, Inc.                #
- #                                                                            #
-@@ -50,7 +50,9 @@ HAVE_BSD_STRING_H
- HAVE_BTOWC 
- HAVE_BUILTIN_H
- HAVE_CHGAT	1
-+HAVE_COLOR_CONTENT	1
- HAVE_COLOR_SET	1
-+HAVE_CURSCR	1
- HAVE_DIRENT_H
- HAVE_ERRNO
- HAVE_FCNTL_H
-diff --git a/ncurses/tinfo/alloc_entry.c b/ncurses/tinfo/alloc_entry.c
-index 5de09f1..09374d6 100644
---- a/ncurses/tinfo/alloc_entry.c
-+++ b/ncurses/tinfo/alloc_entry.c
-@@ -47,7 +47,7 @@
- 
- #include <tic.h>
- 
--MODULE_ID("$Id: alloc_entry.c,v 1.60 2017/06/27 23:48:55 tom Exp $")
-+MODULE_ID("$Id: alloc_entry.c,v 1.61 2017/08/25 09:09:08 tom Exp $")
- 
- #define ABSENT_OFFSET    -1
- #define CANCELLED_OFFSET -2
-@@ -98,7 +98,7 @@ _nc_save_str(const char *const string)
-     size_t old_next_free = next_free;
-     size_t len;
- 
--    if (string == 0)
-+    if (!VALID_STRING(string))
- 	return _nc_save_str("");
-     len = strlen(string) + 1;
- 
-diff --git a/ncurses/tinfo/comp_parse.c b/ncurses/tinfo/comp_parse.c
-index 34e6216..580d4df 100644
---- a/ncurses/tinfo/comp_parse.c
-+++ b/ncurses/tinfo/comp_parse.c
-@@ -47,7 +47,7 @@
- 
- #include <tic.h>
- 
--MODULE_ID("$Id: comp_parse.c,v 1.96 2017/04/15 15:36:58 tom Exp $")
-+MODULE_ID("$Id: comp_parse.c,v 1.99 2017/08/26 16:15:50 tom Exp $")
- 
- static void sanity_check2(TERMTYPE2 *, bool);
- NCURSES_IMPEXP void NCURSES_API(*_nc_check_termtype2) (TERMTYPE2 *, bool) = sanity_check2;
-@@ -510,9 +510,9 @@ static void
- fixup_acsc(TERMTYPE2 *tp, int literal)
- {
-     if (!literal) {
--	if (acs_chars == 0
--	    && enter_alt_charset_mode != 0
--	    && exit_alt_charset_mode != 0)
-+	if (acs_chars == ABSENT_STRING
-+	    && PRESENT(enter_alt_charset_mode)
-+	    && PRESENT(exit_alt_charset_mode))
- 	    acs_chars = strdup(VT_ACSC);
-     }
- }
-@@ -568,9 +568,7 @@ sanity_check2(TERMTYPE2 *tp, bool literal)
-     PAIRED(enter_xon_mode, exit_xon_mode);
-     PAIRED(enter_am_mode, exit_am_mode);
-     ANDMISSING(label_off, label_on);
--#ifdef remove_clock
-     PAIRED(display_clock, remove_clock);
--#endif
-     ANDMISSING(set_color_pair, initialize_pair);
- }
- 
-diff --git a/ncurses/tinfo/comp_scan.c b/ncurses/tinfo/comp_scan.c
-index 40d7f6a..b207257 100644
---- a/ncurses/tinfo/comp_scan.c
-+++ b/ncurses/tinfo/comp_scan.c
-@@ -50,7 +50,7 @@
- #include <ctype.h>
- #include <tic.h>
- 
--MODULE_ID("$Id: comp_scan.c,v 1.106 2017/04/22 11:41:12 tom Exp $")
-+MODULE_ID("$Id: comp_scan.c,v 1.108 2017/08/25 22:57:21 tom Exp $")
- 
- /*
-  * Maximum length of string capability we'll accept before raising an error.
-@@ -168,6 +168,8 @@ next_char(void)
- 	if (result != 0) {
- 	    FreeAndNull(result);
- 	    FreeAndNull(pushname);
-+	    bufptr = 0;
-+	    bufstart = 0;
- 	    allocated = 0;
- 	}
- 	/*
-@@ -222,6 +224,8 @@ next_char(void)
- 		}
- 		if ((bufptr = bufstart) != 0) {
- 		    used = strlen(bufptr);
-+		    if (used == 0)
-+			return (EOF);
- 		    while (iswhite(*bufptr)) {
- 			if (*bufptr == '\t') {
- 			    _nc_curr_col = (_nc_curr_col | 7) + 1;
-diff --git a/ncurses/tinfo/parse_entry.c b/ncurses/tinfo/parse_entry.c
-index 3fa2f25..bbbfcb2 100644
---- a/ncurses/tinfo/parse_entry.c
-+++ b/ncurses/tinfo/parse_entry.c
-@@ -47,7 +47,7 @@
- #include <ctype.h>
- #include <tic.h>
- 
--MODULE_ID("$Id: parse_entry.c,v 1.86 2017/06/28 00:53:12 tom Exp $")
-+MODULE_ID("$Id: parse_entry.c,v 1.91 2017/08/26 16:13:34 tom Exp $")
- 
- #ifdef LINT
- static short const parametrized[] =
-@@ -180,6 +180,20 @@ _nc_extend_names(ENTRY * entryp, char *name, int token_type)
- }
- #endif /* NCURSES_XNAMES */
- 
-+static bool
-+valid_entryname(const char *name)
-+{
-+    bool result = TRUE;
-+    int ch;
-+    while ((ch = UChar(*name++)) != '\0') {
-+	if (ch <= ' ' || ch > '~' || ch == '/') {
-+	    result = FALSE;
-+	    break;
-+	}
-+    }
-+    return result;
-+}
-+
- /*
-  *	int
-  *	_nc_parse_entry(entry, literal, silent)
-@@ -211,6 +225,7 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
-     int token_type;
-     struct name_table_entry const *entry_ptr;
-     char *ptr, *base;
-+    const char *name;
-     bool bad_tc_usage = FALSE;
- 
-     token_type = _nc_get_token(silent);
-@@ -261,7 +276,12 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
-      * results in the terminal type getting prematurely set to correspond
-      * to that of the next entry.
-      */
--    _nc_set_type(_nc_first_name(entryp->tterm.term_names));
-+    name = _nc_first_name(entryp->tterm.term_names);
-+    if (!valid_entryname(name)) {
-+	_nc_warning("invalid entry name \"%s\"", name);
-+	name = "invalid";
-+    }
-+    _nc_set_type(name);
- 
-     /* check for overly-long names and aliases */
-     for (base = entryp->tterm.term_names; (ptr = strchr(base, '|')) != 0;
-@@ -283,13 +303,24 @@ _nc_parse_entry(ENTRY * entryp, int literal, bool silent)
- 	bool is_use = (strcmp(_nc_curr_token.tk_name, "use") == 0);
- 	bool is_tc = !is_use && (strcmp(_nc_curr_token.tk_name, "tc") == 0);
- 	if (is_use || is_tc) {
-+	    if (!VALID_STRING(_nc_curr_token.tk_valstring)
-+		|| _nc_curr_token.tk_valstring[0] == '\0') {
-+		_nc_warning("missing name for use-clause");
-+		continue;
-+	    } else if (!valid_entryname(_nc_curr_token.tk_valstring)) {
-+		_nc_warning("invalid name for use-clause \"%s\"",
-+			    _nc_curr_token.tk_valstring);
-+		continue;
-+	    } else if (entryp->nuses >= MAX_USES) {
-+		_nc_warning("too many use-clauses, ignored \"%s\"",
-+			    _nc_curr_token.tk_valstring);
-+		continue;
-+	    }
- 	    entryp->uses[entryp->nuses].name = _nc_save_str(_nc_curr_token.tk_valstring);
- 	    entryp->uses[entryp->nuses].line = _nc_curr_line;
--	    if (VALID_STRING(entryp->uses[entryp->nuses].name)) {
--		entryp->nuses++;
--		if (entryp->nuses > 1 && is_tc) {
--		    BAD_TC_USAGE
--		}
-+	    entryp->nuses++;
-+	    if (entryp->nuses > 1 && is_tc) {
-+		BAD_TC_USAGE
- 	    }
- 	} else {
- 	    /* normal token lookup */
-@@ -641,13 +672,6 @@ static const char C_BS[] = "\b";
- static const char C_HT[] = "\t";
- 
- /*
-- * Note that WANTED and PRESENT are not simple inverses!  If a capability
-- * has been explicitly cancelled, it's not considered WANTED.
-- */
--#define WANTED(s)	((s) == ABSENT_STRING)
--#define PRESENT(s)	(((s) != ABSENT_STRING) && ((s) != CANCELLED_STRING))
--
--/*
-  * This bit of legerdemain turns all the terminfo variable names into
-  * references to locations in the arrays Booleans, Numbers, and Strings ---
-  * precisely what's needed.
-@@ -672,10 +696,10 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base)
- 
-     /* if there was a tc entry, assume we picked up defaults via that */
-     if (!has_base) {
--	if (WANTED(init_3string) && termcap_init2)
-+	if (WANTED(init_3string) && PRESENT(termcap_init2))
- 	    init_3string = _nc_save_str(termcap_init2);
- 
--	if (WANTED(reset_2string) && termcap_reset)
-+	if (WANTED(reset_2string) && PRESENT(termcap_reset))
- 	    reset_2string = _nc_save_str(termcap_reset);
- 
- 	if (WANTED(carriage_return)) {
-@@ -790,7 +814,7 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base)
- 	if (init_tabs != 8 && init_tabs != ABSENT_NUMERIC)
- 	    _nc_warning("hardware tabs with a width other than 8: %d", init_tabs);
- 	else {
--	    if (tab && _nc_capcmp(tab, C_HT))
-+	    if (PRESENT(tab) && _nc_capcmp(tab, C_HT))
- 		_nc_warning("hardware tabs with a non-^I tab string %s",
- 			    _nc_visbuf(tab));
- 	    else {
-@@ -867,17 +891,22 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base)
- 	     * The magic moment -- copy the mapped key string over,
- 	     * stripping out padding.
- 	     */
--	    for (dp = buf2, bp = tp->Strings[from_ptr->nte_index]; *bp; bp++) {
--		if (bp[0] == '$' && bp[1] == '<') {
--		    while (*bp && *bp != '>') {
--			++bp;
--		    }
--		} else
--		    *dp++ = *bp;
--	    }
--	    *dp = '\0';
-+	    bp = tp->Strings[from_ptr->nte_index];
-+	    if (VALID_STRING(bp)) {
-+		for (dp = buf2; *bp; bp++) {
-+		    if (bp[0] == '$' && bp[1] == '<') {
-+			while (*bp && *bp != '>') {
-+			    ++bp;
-+			}
-+		    } else
-+			*dp++ = *bp;
-+		}
-+		*dp = '\0';
- 
--	    tp->Strings[to_ptr->nte_index] = _nc_save_str(buf2);
-+		tp->Strings[to_ptr->nte_index] = _nc_save_str(buf2);
-+	    } else {
-+		tp->Strings[to_ptr->nte_index] = bp;
-+	    }
- 	}
- 
- 	/*
-@@ -886,7 +915,7 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base)
- 	 * got mapped to kich1 and im to kIC to avoid a collision.
- 	 * If the description has im but not ic, hack kIC back to kich1.
- 	 */
--	if (foundim && WANTED(key_ic) && key_sic) {
-+	if (foundim && WANTED(key_ic) && PRESENT(key_sic)) {
- 	    key_ic = key_sic;
- 	    key_sic = ABSENT_STRING;
- 	}
-@@ -938,9 +967,9 @@ postprocess_termcap(TERMTYPE2 *tp, bool has_base)
- 	    acs_chars = _nc_save_str(buf2);
- 	    _nc_warning("acsc string synthesized from XENIX capabilities");
- 	}
--    } else if (acs_chars == 0
--	       && enter_alt_charset_mode != 0
--	       && exit_alt_charset_mode != 0) {
-+    } else if (acs_chars == ABSENT_STRING
-+	       && PRESENT(enter_alt_charset_mode)
-+	       && PRESENT(exit_alt_charset_mode)) {
- 	acs_chars = _nc_save_str(VT_ACSC);
-     }
- }
-diff --git a/ncurses/tinfo/strings.c b/ncurses/tinfo/strings.c
-index 393d8e7..10ec6c8 100644
---- a/ncurses/tinfo/strings.c
-+++ b/ncurses/tinfo/strings.c
-@@ -1,5 +1,5 @@
- /****************************************************************************
-- * Copyright (c) 2000-2007,2012 Free Software Foundation, Inc.              *
-+ * Copyright (c) 2000-2012,2017 Free Software Foundation, Inc.              *
-  *                                                                          *
-  * Permission is hereby granted, free of charge, to any person obtaining a  *
-  * copy of this software and associated documentation files (the            *
-@@ -35,8 +35,9 @@
- **/
- 
- #include <curses.priv.h>
-+#include <tic.h>
- 
--MODULE_ID("$Id: strings.c,v 1.8 2012/02/22 22:34:31 tom Exp $")
-+MODULE_ID("$Id: strings.c,v 1.9 2017/08/26 13:16:11 tom Exp $")
- 
- /****************************************************************************
-  * Useful string functions (especially for mvcur)
-@@ -105,7 +106,7 @@ _nc_str_copy(string_desc * dst, string_desc * src)
- NCURSES_EXPORT(bool)
- _nc_safe_strcat(string_desc * dst, const char *src)
- {
--    if (src != 0) {
-+    if (PRESENT(src)) {
- 	size_t len = strlen(src);
- 
- 	if (len < dst->s_size) {
-@@ -126,7 +127,7 @@ _nc_safe_strcat(string_desc * dst, const char *src)
- NCURSES_EXPORT(bool)
- _nc_safe_strcpy(string_desc * dst, const char *src)
- {
--    if (src != 0) {
-+    if (PRESENT(src)) {
- 	size_t len = strlen(src);
- 
- 	if (len < dst->s_size) {
-diff --git a/ncurses/tinfo/trim_sgr0.c b/ncurses/tinfo/trim_sgr0.c
-index 4cbcb65..4d92d15 100644
---- a/ncurses/tinfo/trim_sgr0.c
-+++ b/ncurses/tinfo/trim_sgr0.c
-@@ -36,7 +36,7 @@
- 
- #include <tic.h>
- 
--MODULE_ID("$Id: trim_sgr0.c,v 1.16 2017/04/05 22:33:07 tom Exp $")
-+MODULE_ID("$Id: trim_sgr0.c,v 1.17 2017/08/26 14:54:16 tom Exp $")
- 
- #undef CUR
- #define CUR tp->
-@@ -263,7 +263,7 @@ _nc_trim_sgr0(TERMTYPE2 *tp)
- 	    /*
- 	     * If rmacs is a substring of sgr(0), remove that chunk.
- 	     */
--	    if (exit_alt_charset_mode != 0) {
-+	    if (PRESENT(exit_alt_charset_mode)) {
- 		TR(TRACE_DATABASE, ("scan for rmacs %s", _nc_visbuf(exit_alt_charset_mode)));
- 		j = strlen(off);
- 		k = strlen(exit_alt_charset_mode);
-diff --git a/progs/tic.c b/progs/tic.c
-index c5d78e5..6dd4678 100644
---- a/progs/tic.c
-+++ b/progs/tic.c
-@@ -48,7 +48,7 @@
- #include <parametrized.h>
- #include <transform.h>
- 
--MODULE_ID("$Id: tic.c,v 1.233 2017/07/15 17:40:19 tom Exp $")
-+MODULE_ID("$Id: tic.c,v 1.243 2017/08/26 20:56:55 tom Exp $")
- 
- #define STDIN_NAME "<stdin>"
- 
-@@ -62,6 +62,10 @@ static bool showsummary = FALSE;
- static char **namelst = 0;
- static const char *to_remove;
- 
-+#if NCURSES_XNAMES
-+static bool using_extensions = FALSE;
-+#endif
-+
- static void (*save_check_termtype) (TERMTYPE2 *, bool);
- static void check_termtype(TERMTYPE2 *tt, bool);
- 
-@@ -850,6 +854,7 @@ main(int argc, char *argv[])
- 	    /* FALLTHRU */
- 	case 'x':
- 	    use_extended_names(TRUE);
-+	    using_extensions = TRUE;
- 	    break;
- #endif
- 	default:
-@@ -2405,10 +2410,17 @@ check_conflict(TERMTYPE2 *tp)
- 	    const char *a = given[j].value;
- 	    bool first = TRUE;
- 
-+	    if (!VALID_STRING(a))
-+		continue;
-+
- 	    for (k = j + 1; given[k].keycode; k++) {
- 		const char *b = given[k].value;
-+
-+		if (!VALID_STRING(b))
-+		    continue;
- 		if (check[k])
- 		    continue;
-+
- 		if (!_nc_capcmp(a, b)) {
- 		    check[j] = 1;
- 		    check[k] = 1;
-@@ -2431,6 +2443,67 @@ check_conflict(TERMTYPE2 *tp)
- 	    if (!first)
- 		fprintf(stderr, "\n");
- 	}
-+#if NCURSES_XNAMES
-+	if (using_extensions) {
-+	    /* *INDENT-OFF* */
-+	    static struct {
-+		const char *xcurses;
-+		const char *shifted;
-+	    } table[] = {
-+		{ "kDC",  NULL },
-+		{ "kDN",  "kind" },
-+		{ "kEND", NULL },
-+		{ "kHOM", NULL },
-+		{ "kLFT", NULL },
-+		{ "kNXT", NULL },
-+		{ "kPRV", NULL },
-+		{ "kRIT", NULL },
-+		{ "kUP",  "kri" },
-+		{ NULL,   NULL },
-+	    };
-+	    /* *INDENT-ON* */
-+
-+	    /*
-+	     * SVr4 curses defines the "xcurses" names listed above except for
-+	     * the special cases in the "shifted" column.  When using these
-+	     * names for xterm's extensions, that was confusing, and resulted
-+	     * in adding extended capabilities with "2" (shift) suffix.  This
-+	     * check warns about unnecessary use of extensions for this quirk.
-+	     */
-+	    for (j = 0; given[j].keycode; ++j) {
-+		const char *find = given[j].name;
-+		int value;
-+		char ch;
-+
-+		if (!VALID_STRING(given[j].value))
-+		    continue;
-+
-+		for (k = 0; table[k].xcurses; ++k) {
-+		    const char *test = table[k].xcurses;
-+		    size_t size = strlen(test);
-+
-+		    if (!strncmp(find, test, size) && strcmp(find, test)) {
-+			switch (sscanf(find + size, "%d%c", &value, &ch)) {
-+			case 1:
-+			    if (value == 2) {
-+				_nc_warning("expected '%s' rather than '%s'",
-+					    (table[k].shifted
-+					     ? table[k].shifted
-+					     : test), find);
-+			    } else if (value < 2 || value > 15) {
-+				_nc_warning("expected numeric 2..15 '%s'", find);
-+			    }
-+			    break;
-+			default:
-+			    _nc_warning("expected numeric suffix for '%s'", find);
-+			    break;
-+			}
-+			break;
-+		    }
-+		}
-+	    }
-+	}
-+#endif
- 	free(given);
- 	free(check);
-     }
--- 
-2.10.2
-
diff --git a/meta/recipes-core/ncurses/ncurses.inc b/meta/recipes-core/ncurses/ncurses.inc
index 1f21cd413d..01e41d5f73 100644
--- a/meta/recipes-core/ncurses/ncurses.inc
+++ b/meta/recipes-core/ncurses/ncurses.inc
@@ -13,7 +13,7 @@ BINCONFIG = "${bindir}/ncurses5-config ${bindir}/ncursesw5-config \
 inherit autotools binconfig-disabled multilib_header pkgconfig
 
 # Upstream has useful patches at times at ftp://invisible-island.net/ncurses/
-SRC_URI = "git://anonscm.debian.org/collab-maint/ncurses.git"
+SRC_URI = "git://salsa.debian.org/debian/ncurses.git;protocol=https"
 
 EXTRA_AUTORECONF = "-I m4"
 CONFIG_SITE =+ "${WORKDIR}/config.cache"
@@ -59,6 +59,7 @@ EX_TERMCAP_class-nativesdk = ":/etc/termcap:/usr/share/misc/termcap"
 EX_TERMINFO = ""
 EX_TERMINFO_class-native = ":/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo"
 EX_TERMINFO_class-nativesdk = ":/etc/terminfo:/usr/share/terminfo:/usr/share/misc/terminfo:/lib/terminfo"
+EX_TERMLIB ?= "tinfo"
 
 # Helper function for do_configure to allow multiple configurations
 # $1 the directory to run configure in
@@ -80,7 +81,7 @@ ncurses_configure() {
 	        --disable-big-core \
 	        --program-prefix= \
 	        --with-ticlib \
-	        --with-termlib=tinfo \
+	        --with-termlib=${EX_TERMLIB} \
 	        --enable-sigwinch \
 	        --enable-pc-files \
 	        --disable-rpath-hack \
@@ -201,7 +202,10 @@ do_install() {
                 ln -sf xterm-color ${D}${sysconfdir}/terminfo/x/xterm
         fi
 
-        rm -f ${D}${libdir}/terminfo
+        # When changing ${libdir} to e.g. /usr/lib/myawesomelib/ ncurses 
+        # still installs '/usr/lib/terminfo', so try to rm both 
+        # the proper path and a slightly hardcoded one
+        rm -f ${D}${libdir}/terminfo ${D}${prefix}/lib/terminfo
 
         # create linker scripts for libcurses.so and libncurses to
         # link against -ltinfo when needed. Some builds might break
@@ -227,7 +231,7 @@ do_install() {
         if [ ! -d "${D}${base_libdir}" ]; then
             # Setting base_libdir to libdir as is done in the -native
             # case will skip this code
-            mkdir ${D}${base_libdir}
+            mkdir -p ${D}${base_libdir}
             mv ${D}${libdir}/libncurses.so.* ${D}${base_libdir}
             ! ${ENABLE_WIDEC} || \
                 mv ${D}${libdir}/libncursesw.so.* ${D}${base_libdir}
diff --git a/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb b/meta/recipes-core/ncurses/ncurses_6.0+20171125.bb
index d1da5d16e0..6c4b96f428 100644
--- a/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.0+20171125.bb
@@ -3,10 +3,9 @@ require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
             file://0002-configure-reproducible.patch \
             file://config.cache \
-            file://CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch \
 "
 # commit id corresponds to the revision in package version
-SRCREV = "52681a6a1a18b4d6eb1a716512d0dd827bd71c87"
+SRCREV = "5d849e836052459901cfe0b85a0b2939ff8d2b2a"
 S = "${WORKDIR}/git"
 EXTRA_OECONF += "--with-abi-version=5"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+(\.\d+)+(\+\d+)*)"
diff --git a/meta/recipes-core/os-release/os-release.bb b/meta/recipes-core/os-release/os-release.bb
index f988704756..7f3d9cba00 100644
--- a/meta/recipes-core/os-release/os-release.bb
+++ b/meta/recipes-core/os-release/os-release.bb
@@ -1,7 +1,7 @@
 inherit allarch
 
 SUMMARY = "Operating system identification"
-DESCRIPTION = "The /etc/os-release file contains operating system identification data."
+DESCRIPTION = "The /usr/lib/os-release file contains operating system identification data."
 LICENSE = "MIT"
 INHIBIT_DEFAULT_DEPS = "1"
 
@@ -42,6 +42,9 @@ python do_compile () {
 do_compile[vardeps] += "${OS_RELEASE_FIELDS}"
 
 do_install () {
-    install -d ${D}${sysconfdir}
-    install -m 0644 os-release ${D}${sysconfdir}/
+    install -d ${D}${nonarch_libdir} ${D}${sysconfdir}
+    install -m 0644 os-release ${D}${nonarch_libdir}/
+    lnr ${D}${nonarch_libdir}/os-release ${D}${sysconfdir}/os-release
 }
+
+FILES_${PN} += "${nonarch_libdir}/os-release"
diff --git a/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch
new file mode 100644
index 0000000000..342fcc6231
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch
@@ -0,0 +1,71 @@
+From 9fce4bab014b9aa618060eba13d6dd04b0fa1b70 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 1/4] BaseTools/header.makefile: add "-Wno-stringop-truncation"
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wstringop-truncation" in "-Wall". This warning is documented in detail
+at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn for calls to bounded string manipulation functions such as strncat,
+> strncpy, and stpncpy that may either truncate the copied string or leave
+> the destination unchanged.
+
+It breaks the BaseTools build with:
+
+> EfiUtilityMsgs.c: In function 'PrintMessage':
+> EfiUtilityMsgs.c:484:9: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+>          strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> EfiUtilityMsgs.c:469:9: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+>          strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> EfiUtilityMsgs.c:511:5: error: 'strncat' output may be truncated copying
+> between 0 and 511 bytes from a string of length 511
+> [-Werror=stringop-truncation]
+>      strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);
+>      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The right way to fix the warning would be to implement string concat with
+snprintf(). However, Microsoft does not appear to support snprintf()
+before VS2015
+<https://stackoverflow.com/questions/2915672/snprintf-and-visual-studio-2010>,
+so we just have to shut up the warning. The strncat() calls flagged above
+are valid BTW.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+
+ BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2

+ ifeq ($(DARWIN),Darwin)

+ # assume clang or clang compatible flags on OS X

+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g

++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g

+ else

+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-unused-result -nostdlib -c -g

++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g

+ endif

+ BUILD_LFLAGS = $(LDFLAGS)

+ BUILD_CXXFLAGS += -Wno-unused-result

diff --git a/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch
new file mode 100644
index 0000000000..a076665c33
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0002-BaseTools-header.makefile-add-Wno-restrict.patch
@@ -0,0 +1,102 @@
+From 86dbdac5a25bd23deb4a0e0a97b527407e02184d Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 2/4] BaseTools/header.makefile: add "-Wno-restrict"
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wrestrict" in "-Wall". This warning is documented in detail
+at <https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn when an object referenced by a restrict-qualified parameter (or, in
+> C++, a __restrict-qualified parameter) is aliased by another argument,
+> or when copies between such objects overlap.
+
+It breaks the BaseTools build (in the Brotli compression library) with:
+
+> In function 'ProcessCommandsInternal',
+>     inlined from 'ProcessCommands' at dec/decode.c:1828:10:
+> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631
+> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at
+> offset 16 [-Werror=restrict]
+>          memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
+>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> In function 'ProcessCommandsInternal',
+>     inlined from 'SafeProcessCommands' at dec/decode.c:1833:10:
+> dec/decode.c:1781:9: error: 'memcpy' accessing between 17 and 2147483631
+> bytes at offsets 16 and 16 overlaps between 17 and 2147483631 bytes at
+> offset 16 [-Werror=restrict]
+>          memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
+>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Paolo Bonzini <pbonzini@redhat.com> analyzed the Brotli source in detail,
+and concluded that the warning is a false positive:
+
+> This seems safe to me, because it's preceded by:
+>
+>     uint8_t* copy_dst = &s->ringbuffer[pos];
+>     uint8_t* copy_src = &s->ringbuffer[src_start];
+>     int dst_end = pos + i;
+>     int src_end = src_start + i;
+>     if (src_end > pos && dst_end > src_start) {
+>       /* Regions intersect. */
+>       goto CommandPostWrapCopy;
+>     }
+>
+> If [src_start, src_start + i) and [pos, pos + i) don't intersect, then
+> neither do [src_start + 16, src_start + i) and [pos + 16, pos + i).
+>
+> The if seems okay:
+>
+>        (src_start + i > pos && pos + i > src_start)
+>
+> which can be rewritten to:
+>
+>        (pos < src_start + i && src_start < pos + i)
+>
+> Then the numbers are in one of these two orders:
+>
+>      pos <= src_start < pos + i <= src_start + i
+>      src_start <= pos < src_start + i <= pos + i
+>
+> These two would be allowed by the "if", but they can only happen if pos
+> == src_start so they degenerate to the same two orders above:
+>
+>      pos <= src_start < src_start + i <= pos + i
+>      src_start <= pos < pos + i <= src_start + i
+>
+> So it is a false positive in GCC.
+
+Disable the warning for now.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/Makefiles/header.makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,9 +47,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2

+ ifeq ($(DARWIN),Darwin)

+ # assume clang or clang compatible flags on OS X

+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-self-assign -Wno-unused-result -nostdlib -c -g

++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g

+ else

+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-unused-result -nostdlib -c -g

++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g

+ endif

+ BUILD_LFLAGS = $(LDFLAGS)

+ BUILD_CXXFLAGS += -Wno-unused-result

diff --git a/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch
new file mode 100644
index 0000000000..920723e326
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch
@@ -0,0 +1,53 @@
+From 6866325dd9c17412e555974dde41f9631224db52 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 7 Mar 2018 10:17:28 +0100
+Subject: [PATCH 3/4] BaseTools/header.makefile: revert gcc-8 "-Wno-xxx"
+ options on OSX
+
+I recently added the gcc-8 specific "-Wno-stringop-truncation" and
+"-Wno-restrict" options to BUILD_CFLAGS, both for "Darwin" (XCODE5 /
+clang, OSX) and otherwise (gcc, Linux / Cygwin).
+
+I also regression-tested the change with gcc-4.8 on Linux -- gcc-4.8 does
+not know either of the (gcc-8 specific) "-Wno-stringop-truncation" and
+"-Wno-restrict" options, yet the build completed fine (by GCC design).
+
+Regarding OSX, my expectation was that
+
+- XCODE5 / clang would either recognize these warnings options (because
+  clang does recognize most -W options of gcc),
+
+- or, similarly to gcc, clang would simply ignore the "-Wno-xxx" flags
+  that it didn't recognize.
+
+Neither is the case; the new flags have broken the BaseTools build on OSX.
+Revert them (for OSX only).
+
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Liming Gao <liming.gao@intel.com>
+Fixes: 1d212a83df0eaf32a6f5d4159beb2d77832e0231
+Fixes: 9222154ae7b3eef75ae88cdb56158256227cb929
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/Makefiles/header.makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: git/BaseTools/Source/C/Makefiles/header.makefile
+===================================================================
+--- git.orig/BaseTools/Source/C/Makefiles/header.makefile
++++ git/BaseTools/Source/C/Makefiles/header.makefile
+@@ -47,7 +47,7 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT)
+ BUILD_CPPFLAGS += $(INCLUDE) -O2

+ ifeq ($(DARWIN),Darwin)

+ # assume clang or clang compatible flags on OS X

+-BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-self-assign -Wno-unused-result -nostdlib -c -g

++BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g

+ else

+ BUILD_CFLAGS += -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g

+ endif

diff --git a/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch
new file mode 100644
index 0000000000..7ad7cdf0ce
--- /dev/null
+++ b/meta/recipes-core/ovmf/ovmf/0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch
@@ -0,0 +1,66 @@
+From dfb42a5bff78d9239a80731e337855234badef3e Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Fri, 2 Mar 2018 17:11:52 +0100
+Subject: [PATCH 4/4] BaseTools/GenVtf: silence false "stringop-overflow"
+ warning with memcpy()
+
+gcc-8 (which is part of Fedora 28) enables the new warning
+"-Wstringop-overflow" in "-Wall". This warning is documented in detail at
+<https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html>; the
+introduction says
+
+> Warn for calls to string manipulation functions such as memcpy and
+> strcpy that are determined to overflow the destination buffer.
+
+It breaks the BaseTools build with:
+
+> GenVtf.c: In function 'ConvertVersionInfo':
+> GenVtf.c:132:7: error: 'strncpy' specified bound depends on the length
+> of the source argument [-Werror=stringop-overflow=]
+>        strncpy (TemStr + 4 - Length, Str, Length);
+>        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+> GenVtf.c:130:14: note: length computed here
+>      Length = strlen(Str);
+>               ^~~~~~~~~~~
+
+It is a false positive because, while the bound equals the length of the
+source argument, the destination pointer is moved back towards the
+beginning of the destination buffer by the same amount (and this amount is
+range-checked first, so we can't precede the start of the dest buffer).
+
+Replace both strncpy() calls with memcpy().
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Cole Robinson <crobinso@redhat.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Yonghong Zhu <yonghong.zhu@intel.com>
+Reported-by: Cole Robinson <crobinso@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+---
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport
+ BaseTools/Source/C/GenVtf/GenVtf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/BaseTools/Source/C/GenVtf/GenVtf.c b/BaseTools/Source/C/GenVtf/GenVtf.c
+index 2ae9a7be2c..0cd33e71e9 100644
+--- a/BaseTools/Source/C/GenVtf/GenVtf.c
++++ b/BaseTools/Source/C/GenVtf/GenVtf.c
+@@ -129,9 +129,9 @@ Returns:
+   } else {

+     Length = strlen(Str);

+     if (Length < 4) {

+-      strncpy (TemStr + 4 - Length, Str, Length);

++      memcpy (TemStr + 4 - Length, Str, Length);

+     } else {

+-      strncpy (TemStr, Str + Length - 4, 4);

++      memcpy (TemStr, Str + Length - 4, 4);

+     }

+   

+     sscanf (

+-- 
+2.17.0
+
diff --git a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch
index 959b1c649c..25e5b58e70 100644
--- a/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch
+++ b/meta/recipes-core/ovmf/ovmf/no-stack-protector-all-archs.patch
@@ -17,4 +17,4 @@ Index: git/BaseTools/Conf/tools_def.template
 +DEFINE GCC44_ALL_CC_FLAGS            = -g -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -ffunction-sections -fdata-sections -fno-stack-protector -include AutoGen.h -fno-common -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings

  DEFINE GCC44_IA32_CC_FLAGS           = DEF(GCC44_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -fno-PIE -no-pie

  DEFINE GCC44_X64_CC_FLAGS            = DEF(GCC44_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables

- DEFINE GCC44_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20

+ DEFINE GCC44_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20 -no-pie

diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index a98826210e..fe0850cc03 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -19,6 +19,10 @@ SRC_URI = "git://github.com/tianocore/edk2.git;branch=master \
 	file://0004-ovmf-enable-long-path-file.patch \
 	file://VfrCompile-increase-path-length-limit.patch \
 	file://no-stack-protector-all-archs.patch \
+	file://0001-BaseTools-header.makefile-add-Wno-stringop-truncatio.patch \
+	file://0002-BaseTools-header.makefile-add-Wno-restrict.patch \
+	file://0003-BaseTools-header.makefile-revert-gcc-8-Wno-xxx-optio.patch \
+	file://0004-BaseTools-GenVtf-silence-false-stringop-overflow-war.patch \
         "
 UPSTREAM_VERSION_UNKNOWN = "1"
 
@@ -35,7 +39,7 @@ SRC_URI[openssl.sha256sum] = "57be8618979d80c910728cfc99369bf97b2a1abd8f366ab6eb
 
 inherit deploy
 
-PARALLEL_MAKE_class-native = ""
+PARALLEL_MAKE = ""
 
 S = "${WORKDIR}/git"
 
@@ -151,7 +155,7 @@ do_compile_class-native() {
 
 do_compile_class-target() {
     export LFLAGS="${LDFLAGS}"
-    PARALLEL_JOBS="${@ '${PARALLEL_MAKE}'.replace('-j', '-n')}"
+    PARALLEL_JOBS="${@ '${PARALLEL_MAKE}'.replace('-j', '-n ')}"
     OVMF_ARCH="X64"
     if [ "${TARGET_ARCH}" != "x86_64" ] ; then
         OVMF_ARCH="IA32"
diff --git a/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb b/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
index 51335e232d..a8e47da40c 100644
--- a/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
+++ b/meta/recipes-core/packagegroups/packagegroup-core-tools-profile.bb
@@ -58,6 +58,7 @@ VALGRIND_nios2 = ""
 VALGRIND_armv4 = ""
 VALGRIND_armv5 = ""
 VALGRIND_armv6 = ""
+VALGRIND_armeb = ""
 VALGRIND_aarch64 = ""
 VALGRIND_linux-gnux32 = ""
 
diff --git a/meta/recipes-core/systemd/systemd/0001-core-evaluate-presets-after-generators-have-run-6526.patch b/meta/recipes-core/systemd/systemd/0001-core-evaluate-presets-after-generators-have-run-6526.patch
new file mode 100644
index 0000000000..df100e587d
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-core-evaluate-presets-after-generators-have-run-6526.patch
@@ -0,0 +1,69 @@
+From 28dd66ecfce743b1ea9046c7bb501e0fcaeff724 Mon Sep 17 00:00:00 2001
+From: Luca Bruno <luca.bruno@coreos.com>
+Date: Sun, 6 Aug 2017 13:24:24 +0000
+Subject: [PATCH] core: evaluate presets after generators have run (#6526)
+
+This commit moves the first-boot system preset-settings evaluation out
+of main and into the manager startup logic itself. Notably, it reverses
+the order between generators and presets evaluation, so that any changes
+performed by first-boot generators are taken into the account by presets
+logic.
+
+After this change, units created by a generator can be enabled as part
+of a preset.
+
+Upstream-Status: Backport
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ src/core/main.c    | 12 ++----------
+ src/core/manager.c |  8 ++++++++
+ 2 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index dfedc3d..11ac9cf 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -1809,18 +1809,10 @@ int main(int argc, char *argv[]) {
+                 if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
+                         log_warning_errno(errno, "Failed to make us a subreaper: %m");
+ 
+-        if (arg_system) {
++        if (arg_system)
++                /* Bump up RLIMIT_NOFILE for systemd itself */
+                 (void) bump_rlimit_nofile(&saved_rlimit_nofile);
+ 
+-                if (empty_etc) {
+-                        r = unit_file_preset_all(UNIT_FILE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0);
+-                        if (r < 0)
+-                                log_full_errno(r == -EEXIST ? LOG_NOTICE : LOG_WARNING, r, "Failed to populate /etc with preset unit settings, ignoring: %m");
+-                        else
+-                                log_info("Populated /etc with preset unit settings.");
+-                }
+-        }
+-
+         r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, arg_action == ACTION_TEST, &m);
+         if (r < 0) {
+                 log_emergency_errno(r, "Failed to allocate manager object: %m");
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 1aadb70..fb5e2b5 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1328,6 +1328,14 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
+         if (r < 0)
+                 return r;
+ 
++        if (m->first_boot && m->unit_file_scope == UNIT_FILE_SYSTEM) {
++                q = unit_file_preset_all(UNIT_FILE_SYSTEM, 0, NULL, UNIT_FILE_PRESET_ENABLE_ONLY, NULL, 0);
++                if (q < 0)
++                        log_full_errno(q == -EEXIST ? LOG_NOTICE : LOG_WARNING, q, "Failed to populate /etc with preset unit settings, ignoring: %m");
++                else
++                        log_info("Populated /etc with preset unit settings.");
++        }
++
+         lookup_paths_reduce(&m->lookup_paths);
+         manager_build_unit_path_cache(m);
+ 
+-- 
+2.10.2
+
diff --git a/meta/recipes-core/systemd/systemd/0001-main-skip-many-initialization-steps-when-running-in-.patch b/meta/recipes-core/systemd/systemd/0001-main-skip-many-initialization-steps-when-running-in-.patch
new file mode 100644
index 0000000000..a033b04b23
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0001-main-skip-many-initialization-steps-when-running-in-.patch
@@ -0,0 +1,163 @@
+From dea374e898a749a0474b72b2015cca9009b1432b Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 13 Sep 2017 10:31:40 +0200
+Subject: [PATCH] main: skip many initialization steps when running in --test
+ mode
+
+Most importantly, don't collect open socket activation fds when in
+--test mode. This specifically created a problem because we invoke
+pager_open() beforehand (which these days makes copies of the original
+stdout/stderr in order to be able to restore them when the pager goes
+away) and we might mistakenly the fd copies it creates as socket
+activation fds.
+
+Fixes: #6383
+
+Upstream-Status: Backport
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ src/core/main.c | 108 +++++++++++++++++++++++++++++---------------------------
+ 1 file changed, 56 insertions(+), 52 deletions(-)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index 11ac9cf..d1a53a5 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -1679,20 +1679,22 @@ int main(int argc, char *argv[]) {
+         log_close();
+ 
+         /* Remember open file descriptors for later deserialization */
+-        r = fdset_new_fill(&fds);
+-        if (r < 0) {
+-                log_emergency_errno(r, "Failed to allocate fd set: %m");
+-                error_message = "Failed to allocate fd set";
+-                goto finish;
+-        } else
+-                fdset_cloexec(fds, true);
++        if (arg_action == ACTION_RUN) {
++                r = fdset_new_fill(&fds);
++                if (r < 0) {
++                        log_emergency_errno(r, "Failed to allocate fd set: %m");
++                        error_message = "Failed to allocate fd set";
++                        goto finish;
++                } else
++                        fdset_cloexec(fds, true);
+ 
+-        if (arg_serialization)
+-                assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0);
++                if (arg_serialization)
++                        assert_se(fdset_remove(fds, fileno(arg_serialization)) >= 0);
+ 
+-        if (arg_system)
+-                /* Become a session leader if we aren't one yet. */
+-                setsid();
++                if (arg_system)
++                        /* Become a session leader if we aren't one yet. */
++                        setsid();
++        }
+ 
+         /* Move out of the way, so that we won't block unmounts */
+         assert_se(chdir("/") == 0);
+@@ -1762,56 +1764,58 @@ int main(int argc, char *argv[]) {
+                           arg_action == ACTION_TEST ? " test" : "", getuid(), t);
+         }
+ 
+-        if (arg_system && !skip_setup) {
+-                if (arg_show_status > 0)
+-                        status_welcome();
++        if (arg_action == ACTION_RUN) {
++                if (arg_system && !skip_setup) {
++                        if (arg_show_status > 0)
++                                status_welcome();
+ 
+-                hostname_setup();
+-                machine_id_setup(NULL, arg_machine_id, NULL);
+-                loopback_setup();
+-                bump_unix_max_dgram_qlen();
++                        hostname_setup();
++                        machine_id_setup(NULL, arg_machine_id, NULL);
++                        loopback_setup();
++                        bump_unix_max_dgram_qlen();
+ 
+-                test_usr();
+-        }
++                        test_usr();
++                }
+ 
+-        if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY)
+-                watchdog_set_timeout(&arg_runtime_watchdog);
++                if (arg_system && arg_runtime_watchdog > 0 && arg_runtime_watchdog != USEC_INFINITY)
++                        watchdog_set_timeout(&arg_runtime_watchdog);
+ 
+-        if (arg_timer_slack_nsec != NSEC_INFINITY)
+-                if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
+-                        log_error_errno(errno, "Failed to adjust timer slack: %m");
++                if (arg_timer_slack_nsec != NSEC_INFINITY)
++                        if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)
++                                log_error_errno(errno, "Failed to adjust timer slack: %m");
+ 
+-        if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
+-                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
+-                if (r < 0) {
+-                        log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
+-                        error_message = "Failed to drop capability bounding set of usermode helpers";
+-                        goto finish;
+-                }
+-                r = capability_bounding_set_drop(arg_capability_bounding_set, true);
+-                if (r < 0) {
+-                        log_emergency_errno(r, "Failed to drop capability bounding set: %m");
+-                        error_message = "Failed to drop capability bounding set";
+-                        goto finish;
++                if (arg_system && !cap_test_all(arg_capability_bounding_set)) {
++                        r = capability_bounding_set_drop_usermode(arg_capability_bounding_set);
++                        if (r < 0) {
++                                log_emergency_errno(r, "Failed to drop capability bounding set of usermode helpers: %m");
++                                error_message = "Failed to drop capability bounding set of usermode helpers";
++                                goto finish;
++                        }
++                        r = capability_bounding_set_drop(arg_capability_bounding_set, true);
++                        if (r < 0) {
++                                log_emergency_errno(r, "Failed to drop capability bounding set: %m");
++                                error_message = "Failed to drop capability bounding set";
++                                goto finish;
++                        }
+                 }
+-        }
+ 
+-        if (arg_syscall_archs) {
+-                r = enforce_syscall_archs(arg_syscall_archs);
+-                if (r < 0) {
+-                        error_message = "Failed to set syscall architectures";
+-                        goto finish;
++                if (arg_syscall_archs) {
++                        r = enforce_syscall_archs(arg_syscall_archs);
++                        if (r < 0) {
++                                error_message = "Failed to set syscall architectures";
++                                goto finish;
++                        }
+                 }
+-        }
+ 
+-        if (!arg_system)
+-                /* Become reaper of our children */
+-                if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
+-                        log_warning_errno(errno, "Failed to make us a subreaper: %m");
++                if (!arg_system)
++                        /* Become reaper of our children */
++                        if (prctl(PR_SET_CHILD_SUBREAPER, 1) < 0)
++                                log_warning_errno(errno, "Failed to make us a subreaper: %m");
+ 
+-        if (arg_system)
+-                /* Bump up RLIMIT_NOFILE for systemd itself */
+-                (void) bump_rlimit_nofile(&saved_rlimit_nofile);
++                if (arg_system)
++                        /* Bump up RLIMIT_NOFILE for systemd itself */
++                        (void) bump_rlimit_nofile(&saved_rlimit_nofile);
++        }
+ 
+         r = manager_new(arg_system ? UNIT_FILE_SYSTEM : UNIT_FILE_USER, arg_action == ACTION_TEST, &m);
+         if (r < 0) {
+-- 
+2.10.2
+
diff --git a/meta/recipes-core/systemd/systemd_234.bb b/meta/recipes-core/systemd/systemd_234.bb
index bfcecb3d4e..6c248e8828 100644
--- a/meta/recipes-core/systemd/systemd_234.bb
+++ b/meta/recipes-core/systemd/systemd_234.bb
@@ -41,6 +41,8 @@ SRC_URI = "git://github.com/systemd/systemd.git;protocol=git \
            file://0013-comparison_fn_t-is-glibc-specific-use-raw-signature-.patch \
            file://0001-Define-_PATH_WTMPX-and-_PATH_UTMPX-if-not-defined.patch \
            file://0001-Use-uintmax_t-for-handling-rlim_t.patch \
+           file://0001-core-evaluate-presets-after-generators-have-run-6526.patch \
+           file://0001-main-skip-many-initialization-steps-when-running-in-.patch \
            "
 SRC_URI_append_qemuall = " file://0001-core-device.c-Change-the-default-device-timeout-to-2.patch"
 
@@ -342,7 +344,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--sys
 USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '', d)}"
 USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '', d)}"
 USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}"
-GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal"
+GROUPADD_PARAM_${PN} = "-r systemd-journal"
 USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell /bin/nologin systemd-bus-proxy;"
 
 FILES_${PN}-analyze = "${bindir}/systemd-analyze"
diff --git a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
index 884857a96d..22a0ecf839 100644
--- a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
+++ b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb
@@ -68,7 +68,7 @@ FILES_${PN} += "${base_sbindir}/* ${base_bindir}/*"
 FILES_sysvinit-pidof = "${base_bindir}/pidof.sysvinit ${base_sbindir}/killall5"
 FILES_sysvinit-sulogin = "${base_sbindir}/sulogin.sysvinit"
 
-RDEPENDS_${PN} += "sysvinit-pidof initscripts-functions"
+RDEPENDS_${PN} += "sysvinit-pidof initd-functions"
 
 CFLAGS_prepend = "-D_GNU_SOURCE "
 export LCRYPT = "-lcrypt"
diff --git a/meta/recipes-core/util-linux/util-linux/no_getrandom.patch b/meta/recipes-core/util-linux/util-linux/no_getrandom.patch
deleted file mode 100644
index b9fa1cace4..0000000000
--- a/meta/recipes-core/util-linux/util-linux/no_getrandom.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-getrandom() is only available in glibc 2.25+ and uninative may relocate 
-binaries onto systems that don't have this function. For now, force the 
-code to the older codepath until we can come up with a better solution 
-for this kind of issue.
-
-Upstream-Status: Inappropriate
-RP
-2016/8/15
-
-Index: util-linux-2.30/configure.ac
-===================================================================
---- util-linux-2.30.orig/configure.ac
-+++ util-linux-2.30/configure.ac
-@@ -399,7 +399,6 @@ AC_CHECK_FUNCS([ \
- 	getdtablesize \
- 	getexecname \
- 	getmntinfo \
--	getrandom \
- 	getrlimit \
- 	getsgnam \
- 	inotify_init \
diff --git a/meta/recipes-core/util-linux/util-linux_2.30.bb b/meta/recipes-core/util-linux/util-linux_2.30.bb
index 39449d9ac9..6b309b555f 100644
--- a/meta/recipes-core/util-linux/util-linux_2.30.bb
+++ b/meta/recipes-core/util-linux/util-linux_2.30.bb
@@ -15,7 +15,6 @@ SRC_URI += "file://configure-sbindir.patch \
             file://display_testname_for_subtest.patch \
             file://avoid_parallel_tests.patch \
 "
-SRC_URI_append_class-native = " file://no_getrandom.patch"
 SRC_URI[md5sum] = "eaa3429150268027908a1b8ae6ee9a62"
 SRC_URI[sha256sum] = "c208a4ff6906cb7f57940aa5bc3a6eed146e50a7cc0a092f52ef2ab65057a08d"
 
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.inc b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 27d46eb088..eccb12828e 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -18,9 +18,10 @@ BINUPV = "${@binutils_branch_version(d)}"
 
 UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
-SRCREV = "37e991bb143ca2106330bcdc625590d53838b7a1"
+SRCREV ?= "8efd17cb25686c51b9db6531ae2fbeb2e6ef2399"
+BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=binutils-${BINUPV}-branch;protocol=git"
 SRC_URI = "\
-     git://sourceware.org/git/binutils-gdb.git;branch=binutils-${BINUPV}-branch;protocol=git \
+     ${BINUTILS_GIT_URI} \
      file://0003-configure-widen-the-regexp-for-SH-architectures.patch \
      file://0004-Point-scripts-location-to-libdir.patch \
      file://0005-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \
@@ -34,6 +35,48 @@ SRC_URI = "\
      file://0013-fix-the-incorrect-assembling-for-ppc-wait-mnemonic.patch \
      file://0014-Detect-64-bit-MIPS-targets.patch \
      file://0015-sync-with-OE-libtool-changes.patch \
+     file://CVE-2017-17124.patch \
+     file://CVE-2017-14930.patch \
+     file://CVE-2017-14932.patch \
+     file://CVE-2017-14933_p1.patch \
+     file://CVE-2017-14933_p2.patch \
+     file://CVE-2017-14934.patch \
+     file://CVE-2017-14938.patch \
+     file://CVE-2017-14939.patch \
+     file://CVE-2017-14940.patch \
+     file://CVE-2017-15021.patch \
+     file://CVE-2017-15022.patch \
+     file://CVE-2017-15023.patch \
+     file://CVE-2017-15024.patch \
+     file://CVE-2017-15025.patch \
+     file://CVE-2017-15225.patch \
+     file://CVE-2017-15939.patch \
+     file://CVE-2017-15996.patch \
+     file://CVE-2017-16826.patch \
+     file://CVE-2017-16827.patch \
+     file://CVE-2017-16828_p1.patch \
+     file://CVE-2017-16828_p2.patch \
+     file://CVE-2017-16829.patch \
+     file://CVE-2017-16830.patch \
+     file://CVE-2017-16831.patch \
+     file://CVE-2017-16832.patch \
+     file://CVE-2017-17080.patch \
+     file://CVE-2017-17121.patch \
+     file://CVE-2017-17122.patch \
+     file://CVE-2017-17125.patch \
+     file://CVE-2017-17123.patch \
+     file://CVE-2018-10372.patch \
+     file://CVE-2018-10373.patch \
+     file://CVE-2018-10534.patch \
+     file://CVE-2018-10535.patch \
+     file://CVE-2018-13033.patch \
+     file://CVE-2018-6323.patch \
+     file://CVE-2018-6759.patch \
+     file://CVE-2018-7208.patch \
+     file://CVE-2018-7568_p1.patch \
+     file://CVE-2018-7568_p2.patch \
+     file://CVE-2018-7569.patch \
+     file://CVE-2018-7642.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils-cross-canadian_2.29.bb b/meta/recipes-devtools/binutils/binutils-cross-canadian_2.29.1.bb
index 5dbaa03017..5dbaa03017 100644
--- a/meta/recipes-devtools/binutils/binutils-cross-canadian_2.29.bb
+++ b/meta/recipes-devtools/binutils/binutils-cross-canadian_2.29.1.bb
diff --git a/meta/recipes-devtools/binutils/binutils-cross_2.29.bb b/meta/recipes-devtools/binutils/binutils-cross_2.29.1.bb
index fbd1f7d25a..fbd1f7d25a 100644
--- a/meta/recipes-devtools/binutils/binutils-cross_2.29.bb
+++ b/meta/recipes-devtools/binutils/binutils-cross_2.29.1.bb
diff --git a/meta/recipes-devtools/binutils/binutils-crosssdk_2.29.bb b/meta/recipes-devtools/binutils/binutils-crosssdk_2.29.1.bb
index 37f4d6d2e9..37f4d6d2e9 100644
--- a/meta/recipes-devtools/binutils/binutils-crosssdk_2.29.bb
+++ b/meta/recipes-devtools/binutils/binutils-crosssdk_2.29.1.bb
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch
new file mode 100644
index 0000000000..bbd267a959
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14930.patch
@@ -0,0 +1,53 @@
+From a26a013f22a19e2c16729e64f40ef8a7dfcc086e Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 17:10:14 +0930
+Subject: [PATCH] PR22191, memory leak in dwarf2.c
+
+table->sequences is a linked list before it is replaced by a bfd_alloc
+array in sort_line_sequences.
+
+	PR 22191
+	* dwarf2.c (decode_line_info): Properly free line sequences on error.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-14930
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 8 ++++++--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2473,8 +2473,12 @@ decode_line_info (struct comp_unit *unit
+     return table;
+ 
+  fail:
+-  if (table->sequences != NULL)
+-    free (table->sequences);
++  while (table->sequences != NULL)
++    {
++      struct line_sequence* seq = table->sequences;
++      table->sequences = table->sequences->prev_sequence;
++      free (seq);
++    }
+   if (table->files != NULL)
+     free (table->files);
+   if (table->dirs != NULL)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2017-09-24  Alan Modra  <amodra@gmail.com>
++
++       PR 22191
++       * dwarf2.c (decode_line_info): Properly free line sequences on error.
++
+ 2017-11-28  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22507
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch
new file mode 100644
index 0000000000..a436031dc2
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14932.patch
@@ -0,0 +1,46 @@
+From e338894dc2e603683bed2172e8e9f25b29051005 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 26 Sep 2017 09:32:18 +0930
+Subject: [PATCH] PR22204, Lack of DW_LNE_end_sequence causes "infinite" loop
+
+	PR 22204
+	* dwarf2.c (decode_line_info): Ensure line_ptr stays within
+	bounds in inner loop.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14932
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf2.c  | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2269,7 +2269,7 @@ decode_line_info (struct comp_unit *unit
+       bfd_vma high_pc = 0;
+ 
+       /* Decode the table.  */
+-      while (! end_sequence)
++      while (!end_sequence && line_ptr < line_end)
+ 	{
+ 	  op_code = read_1_byte (abfd, line_ptr, line_end);
+ 	  line_ptr += 1;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-09-26  Alan Modra  <amodra@gmail.com>
++
++       PR 22204
++       * dwarf2.c (decode_line_info): Ensure line_ptr stays within
++       bounds in inner loop.
++
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22191
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch
new file mode 100644
index 0000000000..9df8138401
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch
@@ -0,0 +1,58 @@
+From 30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 26 Sep 2017 14:37:47 +0100
+Subject: [PATCH] Avoid needless resource usage when processing a corrupt DWARF
+ directory or file name table.
+
+	PR 22210
+	* dwarf2.c (read_formatted_entries): Fail early if we know that
+	the loop parsing data entries will overflow the end of the
+	section.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14933 #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/dwarf2.c  | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-26  Nick Clifton  <nickc@redhat.com>
++
++	PR 22210
++	* dwarf2.c (read_formatted_entries): Fail early if we know that
++	the loop parsing data entries will overflow the end of the
++	section.
++
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22204
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1933,6 +1933,17 @@ read_formatted_entries (struct comp_unit
+ 
+   data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end);
+   buf += bytes_read;
++
++  /* PR 22210.  Paranoia check.  Don't bother running the loop
++     if we know that we are going to run out of buffer.  */
++  if (data_count > (bfd_vma) (buf_end - buf))
++    {
++      _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."),
++                         data_count);
++      bfd_set_error (bfd_error_bad_value);
++      return FALSE;
++    }
++
+   for (datai = 0; datai < data_count; datai++)
+     {
+       bfd_byte *format = format_header_data;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch
new file mode 100644
index 0000000000..607d92f3d4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch
@@ -0,0 +1,102 @@
+From 33e0a9a056bd23e923b929a4f2ab049ade0b1c32 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 26 Sep 2017 23:20:06 +0930
+Subject: [PATCH] Tidy reading data in read_formatted_entries
+
+Using read_attribute_value accomplishes two things: It checks for
+unexpected formats, and ensures the buffer pointer always increments.
+
+	PR 22210
+	* dwarf2.c (read_formatted_entries): Use read_attribute_value to
+	read data.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14933 #2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/dwarf2.c  | 37 +++++++------------------------------
+ 2 files changed, 13 insertions(+), 30 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-09-26  Alan Modra  <amodra@gmail.com>
++
++	PR 22210
++	* dwarf2.c (read_formatted_entries): Use read_attribute_value to
++	read data.
++
+ 2017-09-26  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR 22210
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1955,6 +1955,7 @@ read_formatted_entries (struct comp_unit
+ 	  char *string_trash;
+ 	  char **stringp = &string_trash;
+ 	  unsigned int uint_trash, *uintp = &uint_trash;
++	  struct attribute attr;
+ 
+ 	  content_type = _bfd_safe_read_leb128 (abfd, format, &bytes_read,
+ 						FALSE, buf_end);
+@@ -1986,47 +1987,23 @@ read_formatted_entries (struct comp_unit
+ 	  form = _bfd_safe_read_leb128 (abfd, format, &bytes_read, FALSE,
+ 					buf_end);
+ 	  format += bytes_read;
++
++	  buf = read_attribute_value (&attr, form, 0, unit, buf, buf_end);
++	  if (buf == NULL)
++	    return FALSE;
+ 	  switch (form)
+ 	    {
+ 	    case DW_FORM_string:
+-	      *stringp = read_string (abfd, buf, buf_end, &bytes_read);
+-	      buf += bytes_read;
+-	      break;
+-
+ 	    case DW_FORM_line_strp:
+-	      *stringp = read_indirect_line_string (unit, buf, buf_end, &bytes_read);
+-	      buf += bytes_read;
++	      *stringp = attr.u.str;
+ 	      break;
+ 
+ 	    case DW_FORM_data1:
+-	      *uintp = read_1_byte (abfd, buf, buf_end);
+-	      buf += 1;
+-	      break;
+-
+ 	    case DW_FORM_data2:
+-	      *uintp = read_2_bytes (abfd, buf, buf_end);
+-	      buf += 2;
+-	      break;
+-
+ 	    case DW_FORM_data4:
+-	      *uintp = read_4_bytes (abfd, buf, buf_end);
+-	      buf += 4;
+-	      break;
+-
+ 	    case DW_FORM_data8:
+-	      *uintp = read_8_bytes (abfd, buf, buf_end);
+-	      buf += 8;
+-	      break;
+-
+ 	    case DW_FORM_udata:
+-	      *uintp = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE,
+-					      buf_end);
+-	      buf += bytes_read;
+-	      break;
+-
+-	    case DW_FORM_block:
+-	      /* It is valid only for DW_LNCT_timestamp which is ignored by
+-		 current GDB.  */
++	      *uintp = attr.u.val;
+ 	      break;
+ 	    }
+ 	}
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch
new file mode 100644
index 0000000000..57733f08cf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14934.patch
@@ -0,0 +1,63 @@
+From 19485196044b2521af979f1e5c4a89bfb90fba0b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 27 Sep 2017 10:42:51 +0100
+Subject: [PATCH] Prevent an infinite loop in the DWARF parsing code when
+ encountering a CU structure with a small negative size.
+
+	PR 22219
+	* dwarf.c (process_debug_info): Add a check for a negative
+	cu_length field.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14934
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/dwarf.c   | 11 ++++++++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -2547,7 +2547,7 @@ process_debug_info (struct dwarf_section
+       int level, last_level, saved_level;
+       dwarf_vma cu_offset;
+       unsigned int offset_size;
+-      int initial_length_size;
++      unsigned int initial_length_size;
+       dwarf_vma signature_high = 0;
+       dwarf_vma signature_low = 0;
+       dwarf_vma type_offset = 0;
+@@ -2695,6 +2695,15 @@ process_debug_info (struct dwarf_section
+ 	  num_units = unit;
+ 	  break;
+ 	}
++      else if (compunit.cu_length + initial_length_size < initial_length_size)
++	{
++	  warn (_("Debug info is corrupted, length of CU at %s is negative (%s)\n"),
++		dwarf_vmatoa ("x", cu_offset),
++		dwarf_vmatoa ("x", compunit.cu_length));
++	  num_units = unit;
++	  break;
++	}
++
+       tags = hdrptr;
+       start += compunit.cu_length + initial_length_size;
+ 
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-09-27  Nick Clifton  <nickc@redhat.com>
++
++       PR 22219
++       * dwarf.c (process_debug_info): Add a check for a negative
++       cu_length field.
++
+ 2017-11-01  Alan Modra  <amodra@gmail.com>
+ 
+ 	Apply from master
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
new file mode 100644
index 0000000000..e62c73c06d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14938.patch
@@ -0,0 +1,64 @@
+From bd61e135492ecf624880e6b78e5fcde3c9716df6 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:34:57 +0930
+Subject: [PATCH] PR22166, SHT_GNU_verneed memory allocation
+
+The sanity check covers the previous minimim size, plus that the size
+is at least enough for sh_info verneed entries.
+
+Also, since we write all verneed fields or exit with an error, there
+isn't any need to zero the memory allocated for verneed entries.
+
+	PR 22166
+	* elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
+	SHT_GNU_verneed section for sanity.  Don't zalloc memory for
+	verref.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14938
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/elf.c     | 5 +++--
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -8198,7 +8198,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 
+       hdr = &elf_tdata (abfd)->dynverref_hdr;
+ 
+-      if (hdr->sh_info == 0 || hdr->sh_size < sizeof (Elf_External_Verneed))
++      if (hdr->sh_info == 0
++	  || hdr->sh_info > hdr->sh_size / sizeof (Elf_External_Verneed))
+ 	{
+ error_return_bad_verref:
+ 	  _bfd_error_handler
+@@ -8219,7 +8220,7 @@ error_return_verref:
+ 	goto error_return_verref;
+ 
+       elf_tdata (abfd)->verref = (Elf_Internal_Verneed *)
+-	bfd_zalloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
++	bfd_alloc2 (abfd, hdr->sh_info, sizeof (Elf_Internal_Verneed));
+ 
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-24  Alan Modra  <amodra@gmail.com>
++
++       PR 22166
++       * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
++       SHT_GNU_verneed section for sanity.  Don't zalloc memory for
++       verref.
++
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+ 
+ 	PR 22210
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch
new file mode 100644
index 0000000000..d1e4c3e609
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14939.patch
@@ -0,0 +1,56 @@
+From 515f23e63c0074ab531bc954f84ca40c6281a724 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:36:16 +0930
+Subject: [PATCH] PR22169, heap-based buffer overflow in read_1_byte
+
+The .debug_line header length field doesn't include the length field
+itself, ie. it's the size of the rest of .debug_line.
+
+	PR 22169
+	* dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14939
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 7 ++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2084,12 +2084,13 @@ decode_line_info (struct comp_unit *unit
+       offset_size = 8;
+     }
+ 
+-  if (unit->line_offset + lh.total_length > stash->dwarf_line_size)
++  if (lh.total_length > (size_t) (line_end - line_ptr))
+     {
+       _bfd_error_handler
+ 	/* xgettext: c-format */
+-	(_("Dwarf Error: Line info data is bigger (%#Lx) than the space remaining in the section (%#Lx)"),
+-	 lh.total_length, stash->dwarf_line_size - unit->line_offset);
++	(_("Dwarf Error: Line info data is bigger (%#Lx)"
++	   " than the space remaining in the section (%#lx)"),
++	 lh.total_length, (unsigned long) (line_end - line_ptr));
+       bfd_set_error (bfd_error_bad_value);
+       return NULL;
+     }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,9 @@
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
++ 
++       PR 22169
++       * dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
++
++2017-09-24  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22166
+        * elf.c (_bfd_elf_slurp_version_tables): Test sh_info on
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch
new file mode 100644
index 0000000000..49b0bdc546
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14940.patch
@@ -0,0 +1,47 @@
+From 0d76029f92182c3682d8be2c833d45bc9a2068fe Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:35:33 +0930
+Subject: [PATCH] PR22167, NULL pointer dereference in scan_unit_for_symbols
+
+	PR 22167
+	* dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14940
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 3 ++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -3202,7 +3202,8 @@ scan_unit_for_symbols (struct comp_unit
+ 		    case DW_FORM_block2:
+ 		    case DW_FORM_block4:
+ 		    case DW_FORM_exprloc:
+-		      if (*attr.u.blk->data == DW_OP_addr)
++		      if (attr.u.blk->data != NULL
++			  && *attr.u.blk->data == DW_OP_addr)
+ 			{
+ 			  var->stack = 0;
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,10 @@
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+  
++       PR 22167
++       * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
++
++2017-09-24  Alan Modra  <amodra@gmail.com>
++ 
+        PR 22169
+        * dwarf2.c (decode_line_info): Correct .debug_line unit_length check.
+ 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch
new file mode 100644
index 0000000000..caca7b107e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15021.patch
@@ -0,0 +1,48 @@
+From 52b36c51e5bf6d7600fdc6ba115b170b0e78e31d Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 21:36:18 +0930
+Subject: [PATCH] PR22197, buffer overflow in bfd_get_debug_link_info_1
+
+	PR 22197
+	* opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
+	within section bounds.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15021
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/opncls.c  | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/opncls.c
+===================================================================
+--- git.orig/bfd/opncls.c
++++ git/bfd/opncls.c
+@@ -1200,7 +1200,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+   /* PR 17597: avoid reading off the end of the buffer.  */
+   crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
+   crc_offset = (crc_offset + 3) & ~3;
+-  if (crc_offset >= bfd_get_section_size (sect))
++  if (crc_offset + 4 > bfd_get_section_size (sect))
+     return NULL;
+ 
+   *crc32 = bfd_get_32 (abfd, contents + crc_offset);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+  
++       PR 22197
++       * opncls.c (bfd_get_debug_link_info_1): Properly check that crc is
++       within section bounds.
++
++2017-09-24  Alan Modra  <amodra@gmail.com>
++ 
+        PR 22167
+        * dwarf2.c (scan_unit_for_symbols): Check u.blk->data is non-NULL.
+ 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch
new file mode 100644
index 0000000000..c9acfa7853
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15022.patch
@@ -0,0 +1,61 @@
+From 11855d8a1f11b102a702ab76e95b22082cccf2f8 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 25 Sep 2017 19:46:34 +0930
+Subject: [PATCH] PR22201, DW_AT_name with out of bounds reference
+
+DW_AT_name ought to always have a string value.
+
+	PR 22201
+	* dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it
+	has string form.
+	(parse_comp_unit): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15022
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++++++
+ bfd/dwarf2.c  | 6 ++++--
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -3177,7 +3177,8 @@ scan_unit_for_symbols (struct comp_unit
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+-		  var->name = attr.u.str;
++		  if (is_str_attr (attr.form))
++		    var->name = attr.u.str;
+ 		  break;
+ 
+ 		case DW_AT_decl_file:
+@@ -3429,7 +3430,8 @@ parse_comp_unit (struct dwarf2_debug *st
+ 	  break;
+ 
+ 	case DW_AT_name:
+-	  unit->name = attr.u.str;
++	  if (is_str_attr (attr.form))
++	    unit->name = attr.u.str;
+ 	  break;
+ 
+ 	case DW_AT_low_pc:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-25  Alan Modra  <amodra@gmail.com>
++ 
++       PR 22201
++       * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it
++       has string form.
++       (parse_comp_unit): Likewise.
++
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+  
+        PR 22197
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch
new file mode 100644
index 0000000000..9439b7b55f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15023.patch
@@ -0,0 +1,52 @@
+From c361faae8d964db951b7100cada4dcdc983df1bf Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 25 Sep 2017 19:03:46 +0930
+Subject: [PATCH] PR22200, DWARF5 .debug_line sanity check
+
+The format_count entry can't be zero unless the count is also zero.
+
+	PR 22200
+	* dwarf2.c (read_formatted_entries): Error on format_count zero.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15023
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 7 +++++++
+ 2 files changed, 12 insertions(+)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1934,6 +1934,13 @@ read_formatted_entries (struct comp_unit
+   data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end);
+   buf += bytes_read;
+ 
++  if (format_count == 0 && data_count != 0)
++    {
++      _bfd_error_handler (_("Dwarf Error: Zero format count."));
++      bfd_set_error (bfd_error_bad_value);
++      return FALSE;
++    }
++
+   /* PR 22210.  Paranoia check.  Don't bother running the loop
+      if we know that we are going to run out of buffer.  */
+   if (data_count > (bfd_vma) (buf_end - buf))
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,9 @@
+ 2017-09-25  Alan Modra  <amodra@gmail.com>
++
++       PR 22200
++       * dwarf2.c (read_formatted_entries): Error on format_count zero.
++
++2017-09-25  Alan Modra  <amodra@gmail.com>
+  
+        PR 22201
+        * dwarf2.c (scan_unit_for_symbols): Ignore DW_AT_name unless it
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch
new file mode 100644
index 0000000000..53b072ebaf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15024.patch
@@ -0,0 +1,227 @@
+From 52a93b95ec0771c97e26f0bb28630a271a667bd2 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:37:16 +0930
+Subject: [PATCH] PR22187, infinite loop in find_abstract_instance_name
+
+This patch prevents the simple case of infinite recursion in
+find_abstract_instance_name by ensuring that the attributes being
+processed are not the same as the previous call.
+
+The patch also does a little cleanup, and leaves in place some changes
+to the nested_funcs array that I made when I wrongly thought looping
+might occur in scan_unit_for_symbols.
+
+	PR 22187
+	* dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and
+	pname param.  Return status.  Make name const.  Don't abort,
+	return an error.  Formatting.  Exit if current info_ptr matches
+	orig_info_ptr.  Update callers.
+	(scan_unit_for_symbols): Start at nesting_level of zero.  Make
+	nested_funcs an array of structs for extensibility.  Formatting.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15024
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 10 ++++++++
+ bfd/dwarf2.c  | 76 +++++++++++++++++++++++++++++++++++++++--------------------
+ 2 files changed, 61 insertions(+), 25 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2823,9 +2823,11 @@ lookup_symbol_in_variable_table (struct
+   return FALSE;
+ }
+ 
+-static char *
++static bfd_boolean
+ find_abstract_instance_name (struct comp_unit *unit,
++			     bfd_byte *orig_info_ptr,
+ 			     struct attribute *attr_ptr,
++			     const char **pname,
+ 			     bfd_boolean *is_linkage)
+ {
+   bfd *abfd = unit->abfd;
+@@ -2835,7 +2837,7 @@ find_abstract_instance_name (struct comp
+   struct abbrev_info *abbrev;
+   bfd_uint64_t die_ref = attr_ptr->u.val;
+   struct attribute attr;
+-  char *name = NULL;
++  const char *name = NULL;
+ 
+   /* DW_FORM_ref_addr can reference an entry in a different CU. It
+      is an offset from the .debug_info section, not the current CU.  */
+@@ -2844,7 +2846,12 @@ find_abstract_instance_name (struct comp
+       /* We only support DW_FORM_ref_addr within the same file, so
+ 	 any relocations should be resolved already.  */
+       if (!die_ref)
+-	abort ();
++	{
++	  _bfd_error_handler
++	    (_("Dwarf Error: Abstract instance DIE ref zero."));
++	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
++	}
+ 
+       info_ptr = unit->sec_info_ptr + die_ref;
+       info_ptr_end = unit->end_ptr;
+@@ -2879,9 +2886,10 @@ find_abstract_instance_name (struct comp
+ 	  _bfd_error_handler
+ 	    (_("Dwarf Error: Unable to read alt ref %u."), die_ref);
+ 	  bfd_set_error (bfd_error_bad_value);
+-	  return NULL;
++	  return FALSE;
+ 	}
+-      info_ptr_end = unit->stash->alt_dwarf_info_buffer + unit->stash->alt_dwarf_info_size;
++      info_ptr_end = (unit->stash->alt_dwarf_info_buffer
++		      + unit->stash->alt_dwarf_info_size);
+ 
+       /* FIXME: Do we need to locate the correct CU, in a similar
+ 	 fashion to the code in the DW_FORM_ref_addr case above ?  */
+@@ -2904,6 +2912,7 @@ find_abstract_instance_name (struct comp
+ 	  _bfd_error_handler
+ 	    (_("Dwarf Error: Could not find abbrev number %u."), abbrev_number);
+ 	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
+ 	}
+       else
+ 	{
+@@ -2913,6 +2922,15 @@ find_abstract_instance_name (struct comp
+ 					 info_ptr, info_ptr_end);
+ 	      if (info_ptr == NULL)
+ 		break;
++	      /* It doesn't ever make sense for DW_AT_specification to
++		 refer to the same DIE.  Stop simple recursion.  */
++	      if (info_ptr == orig_info_ptr)
++		{
++		  _bfd_error_handler
++		    (_("Dwarf Error: Abstract instance recursion detected."));
++		  bfd_set_error (bfd_error_bad_value);
++		  return FALSE;
++		}
+ 	      switch (attr.name)
+ 		{
+ 		case DW_AT_name:
+@@ -2926,7 +2944,9 @@ find_abstract_instance_name (struct comp
+ 		    }
+ 		  break;
+ 		case DW_AT_specification:
+-		  name = find_abstract_instance_name (unit, &attr, is_linkage);
++		  if (!find_abstract_instance_name (unit, info_ptr, &attr,
++						    pname, is_linkage))
++		    return FALSE;
+ 		  break;
+ 		case DW_AT_linkage_name:
+ 		case DW_AT_MIPS_linkage_name:
+@@ -2944,7 +2964,8 @@ find_abstract_instance_name (struct comp
+ 	    }
+ 	}
+     }
+-  return name;
++  *pname = name;
++  return TRUE;
+ }
+ 
+ static bfd_boolean
+@@ -3005,20 +3026,22 @@ scan_unit_for_symbols (struct comp_unit
+   bfd *abfd = unit->abfd;
+   bfd_byte *info_ptr = unit->first_child_die_ptr;
+   bfd_byte *info_ptr_end = unit->stash->info_ptr_end;
+-  int nesting_level = 1;
+-  struct funcinfo **nested_funcs;
++  int nesting_level = 0;
++  struct nest_funcinfo {
++    struct funcinfo *func;
++  } *nested_funcs;
+   int nested_funcs_size;
+ 
+   /* Maintain a stack of in-scope functions and inlined functions, which we
+      can use to set the caller_func field.  */
+   nested_funcs_size = 32;
+-  nested_funcs = (struct funcinfo **)
+-    bfd_malloc (nested_funcs_size * sizeof (struct funcinfo *));
++  nested_funcs = (struct nest_funcinfo *)
++    bfd_malloc (nested_funcs_size * sizeof (*nested_funcs));
+   if (nested_funcs == NULL)
+     return FALSE;
+-  nested_funcs[nesting_level] = 0;
++  nested_funcs[nesting_level].func = 0;
+ 
+-  while (nesting_level)
++  while (nesting_level >= 0)
+     {
+       unsigned int abbrev_number, bytes_read, i;
+       struct abbrev_info *abbrev;
+@@ -3076,13 +3099,13 @@ scan_unit_for_symbols (struct comp_unit
+ 	  BFD_ASSERT (!unit->cached);
+ 
+ 	  if (func->tag == DW_TAG_inlined_subroutine)
+-	    for (i = nesting_level - 1; i >= 1; i--)
+-	      if (nested_funcs[i])
++	    for (i = nesting_level; i-- != 0; )
++	      if (nested_funcs[i].func)
+ 		{
+-		  func->caller_func = nested_funcs[i];
++		  func->caller_func = nested_funcs[i].func;
+ 		  break;
+ 		}
+-	  nested_funcs[nesting_level] = func;
++	  nested_funcs[nesting_level].func = func;
+ 	}
+       else
+ 	{
+@@ -3102,12 +3125,13 @@ scan_unit_for_symbols (struct comp_unit
+ 	    }
+ 
+ 	  /* No inline function in scope at this nesting level.  */
+-	  nested_funcs[nesting_level] = 0;
++	  nested_funcs[nesting_level].func = 0;
+ 	}
+ 
+       for (i = 0; i < abbrev->num_attrs; ++i)
+ 	{
+-	  info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, info_ptr_end);
++	  info_ptr = read_attribute (&attr, &abbrev->attrs[i],
++				     unit, info_ptr, info_ptr_end);
+ 	  if (info_ptr == NULL)
+ 	    goto fail;
+ 
+@@ -3126,8 +3150,10 @@ scan_unit_for_symbols (struct comp_unit
+ 
+ 		case DW_AT_abstract_origin:
+ 		case DW_AT_specification:
+-		  func->name = find_abstract_instance_name (unit, &attr,
+-							    &func->is_linkage);
++		  if (!find_abstract_instance_name (unit, info_ptr, &attr,
++						    &func->name,
++						    &func->is_linkage))
++		    goto fail;
+ 		  break;
+ 
+ 		case DW_AT_name:
+@@ -3254,17 +3280,17 @@ scan_unit_for_symbols (struct comp_unit
+ 
+ 	  if (nesting_level >= nested_funcs_size)
+ 	    {
+-	      struct funcinfo **tmp;
++	      struct nest_funcinfo *tmp;
+ 
+ 	      nested_funcs_size *= 2;
+-	      tmp = (struct funcinfo **)
++	      tmp = (struct nest_funcinfo *)
+ 		bfd_realloc (nested_funcs,
+-			     nested_funcs_size * sizeof (struct funcinfo *));
++			     nested_funcs_size * sizeof (*nested_funcs));
+ 	      if (tmp == NULL)
+ 		goto fail;
+ 	      nested_funcs = tmp;
+ 	    }
+-	  nested_funcs[nesting_level] = 0;
++	  nested_funcs[nesting_level].func = 0;
+ 	}
+     }
+ 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch
new file mode 100644
index 0000000000..ce5315976a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15025.patch
@@ -0,0 +1,47 @@
+From d8010d3e75ec7194a4703774090b27486b742d48 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 24 Sep 2017 14:36:48 +0930
+Subject: [PATCH] PR22186, divide-by-zero in decode_line_info
+
+	PR 22186
+	* dwarf2.c (decode_line_info): Fail on lh.line_range of zero
+	rather than dividing by zero.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15025
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf2.c  | 2 ++
+ 2 files changed, 8 insertions(+)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -2432,6 +2432,8 @@ decode_line_info (struct comp_unit *unit
+ 	    case DW_LNS_set_basic_block:
+ 	      break;
+ 	    case DW_LNS_const_add_pc:
++	      if (lh.line_range == 0)
++		goto line_fail;
+ 	      if (lh.maximum_ops_per_insn == 1)
+ 		address += (lh.minimum_instruction_length
+ 			    * ((255 - lh.opcode_base) / lh.line_range));
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-24  Alan Modra  <amodra@gmail.com>
++
++       PR 22186
++       * dwarf2.c (decode_line_info): Fail on lh.line_range of zero
++       rather than dividing by zero.
++
++
+ 2017-09-25  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22200
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch
new file mode 100644
index 0000000000..2ef3f53737
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15225.patch
@@ -0,0 +1,48 @@
+From b55ec8b676ed05d93ee49d6c79ae0403616c4fb0 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 9 Oct 2017 13:21:44 +1030
+Subject: [PATCH] PR22212, memory leak in nm
+
+	PR 22212
+	* dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free
+	funcinfo_hash_table and varinfo_hash_table.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15225
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf2.c  | 4 ++++
+ 2 files changed, 10 insertions(+)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -4932,6 +4932,10 @@ _bfd_dwarf2_cleanup_debug_info (bfd *abf
+ 	}
+     }
+ 
++  if (stash->funcinfo_hash_table)
++    bfd_hash_table_free (&stash->funcinfo_hash_table->base);
++  if (stash->varinfo_hash_table)
++    bfd_hash_table_free (&stash->varinfo_hash_table->base);
+   if (stash->dwarf_abbrev_buffer)
+     free (stash->dwarf_abbrev_buffer);
+   if (stash->dwarf_line_buffer)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-09  Alan Modra  <amodra@gmail.com>
++
++       PR 22212
++       * dwarf2.c (_bfd_dwarf2_cleanup_debug_info): Free
++       funcinfo_hash_table and varinfo_hash_table.
++
+ 2017-09-24  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22186
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch
new file mode 100644
index 0000000000..bccad763f4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15939.patch
@@ -0,0 +1,113 @@
+From a54018b72d75abf2e74bf36016702da06399c1d9 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 26 Sep 2017 09:38:26 +0930
+Subject: [PATCH] PR22205, .debug_line file table NULL filename
+
+The PR22200 fuzzer testcase found one way to put NULLs into .debug_line
+file tables.  PR22205 finds another.  This patch gives up on trying to
+prevent NULL files in the file table and instead just copes with them.
+Arguably, this is better than giving up and showing no info from
+.debug_line.  I've also fixed a case where the fairly recent DWARF5
+support in handling broken DWARG could result in uninitialized memory
+reads, and made a small tidy.
+
+	PR 22205
+	* dwarf2.c (concat_filename): Return "<unknown>" on NULL filename.
+	(read_formatted_entries): Init "fe".
+	(decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15939
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/dwarf2.c  | 35 +++++++++++++----------------------
+ 2 files changed, 20 insertions(+), 22 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1597,6 +1597,8 @@ concat_filename (struct line_info_table
+     }
+ 
+   filename = table->files[file - 1].name;
++  if (filename == NULL)
++    return strdup ("<unknown>");
+ 
+   if (!IS_ABSOLUTE_PATH (filename))
+     {
+@@ -1956,6 +1958,7 @@ read_formatted_entries (struct comp_unit
+       bfd_byte *format = format_header_data;
+       struct fileinfo fe;
+ 
++      memset (&fe, 0, sizeof fe);
+       for (formati = 0; formati < format_count; formati++)
+ 	{
+ 	  bfd_vma content_type, form;
+@@ -2256,6 +2259,7 @@ decode_line_info (struct comp_unit *unit
+       unsigned int discriminator = 0;
+       int is_stmt = lh.default_is_stmt;
+       int end_sequence = 0;
++      unsigned int dir, xtime, size;
+       /* eraxxon@alumni.rice.edu: Against the DWARF2 specs, some
+ 	 compilers generate address sequences that are wildly out of
+ 	 order using DW_LNE_set_address (e.g. Intel C++ 6.0 compiler
+@@ -2330,31 +2334,18 @@ decode_line_info (struct comp_unit *unit
+ 		case DW_LNE_define_file:
+ 		  cur_file = read_string (abfd, line_ptr, line_end, &bytes_read);
+ 		  line_ptr += bytes_read;
+-		  if ((table->num_files % FILE_ALLOC_CHUNK) == 0)
+-		    {
+-		      struct fileinfo *tmp;
+-
+-		      amt = table->num_files + FILE_ALLOC_CHUNK;
+-		      amt *= sizeof (struct fileinfo);
+-		      tmp = (struct fileinfo *) bfd_realloc (table->files, amt);
+-		      if (tmp == NULL)
+-			goto line_fail;
+-		      table->files = tmp;
+-		    }
+-		  table->files[table->num_files].name = cur_file;
+-		  table->files[table->num_files].dir =
+-		    _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
+-					   FALSE, line_end);
++		  dir = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
++					       FALSE, line_end);
+ 		  line_ptr += bytes_read;
+-		  table->files[table->num_files].time =
+-		    _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
+-					   FALSE, line_end);
++		  xtime = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
++						 FALSE, line_end);
+ 		  line_ptr += bytes_read;
+-		  table->files[table->num_files].size =
+-		    _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
+-					   FALSE, line_end);
++		  size = _bfd_safe_read_leb128 (abfd, line_ptr, &bytes_read,
++						FALSE, line_end);
+ 		  line_ptr += bytes_read;
+-		  table->num_files++;
++		  if (!line_info_add_file_name (table, cur_file, dir,
++						xtime, size))
++		    goto line_fail;
+ 		  break;
+ 		case DW_LNE_set_discriminator:
+ 		  discriminator =
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-26  Alan Modra  <amodra@gmail.com>
++ 
++       PR 22205
++       * dwarf2.c (concat_filename): Return "<unknown>" on NULL filename.
++       (read_formatted_entries): Init "fe".
++       (decode_line_info <DW_LNE_define_file>): Use line_info_add_file_name.
++
+ 2017-10-09  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22212
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch
new file mode 100644
index 0000000000..dab8380e33
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-15996.patch
@@ -0,0 +1,84 @@
+From d91f0b20e561e326ee91a09a76206257bde8438b Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 28 Oct 2017 21:31:16 +1030
+Subject: [PATCH] PR22361 readelf buffer overflow on fuzzed archive header
+
+	PR 22361
+	* readelf.c (process_archive_index_and_symbols): Ensure ar_size
+	field is zero terminated for strtoul.
+	(setup_archive, get_archive_member_name): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-15996
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  7 +++++++
+ binutils/elfcomm.c | 11 +++++++++++
+ 2 files changed, 18 insertions(+)
+
+Index: git/binutils/elfcomm.c
+===================================================================
+--- git.orig/binutils/elfcomm.c
++++ git/binutils/elfcomm.c
+@@ -466,8 +466,12 @@ process_archive_index_and_symbols (struc
+ {
+   size_t got;
+   unsigned long size;
++  char fmag_save;
+ 
++  fmag_save = arch->arhdr.ar_fmag[0];
++  arch->arhdr.ar_fmag[0] = 0;
+   size = strtoul (arch->arhdr.ar_size, NULL, 10);
++  arch->arhdr.ar_fmag[0] = fmag_save;
+   /* PR 17531: file: 912bd7de.  */
+   if ((signed long) size < 0)
+     {
+@@ -655,7 +659,10 @@ setup_archive (struct archive_info *arch
+   if (const_strneq (arch->arhdr.ar_name, "//              "))
+     {
+       /* This is the archive string table holding long member names.  */
++      char fmag_save = arch->arhdr.ar_fmag[0];
++      arch->arhdr.ar_fmag[0] = 0;
+       arch->longnames_size = strtoul (arch->arhdr.ar_size, NULL, 10);
++      arch->arhdr.ar_fmag[0] = fmag_save;
+       /* PR 17531: file: 01068045.  */
+       if (arch->longnames_size < 8)
+ 	{
+@@ -758,6 +765,7 @@ get_archive_member_name (struct archive_
+       char *endp;
+       char *member_file_name;
+       char *member_name;
++      char fmag_save;
+ 
+       if (arch->longnames == NULL || arch->longnames_size == 0)
+ 	{
+@@ -766,9 +774,12 @@ get_archive_member_name (struct archive_
+ 	}
+ 
+       arch->nested_member_origin = 0;
++      fmag_save = arch->arhdr.ar_fmag[0];
++      arch->arhdr.ar_fmag[0] = 0;
+       k = j = strtoul (arch->arhdr.ar_name + 1, &endp, 10);
+       if (arch->is_thin_archive && endp != NULL && * endp == ':')
+         arch->nested_member_origin = strtoul (endp + 1, NULL, 10);
++      arch->arhdr.ar_fmag[0] = fmag_save;
+ 
+       if (j > arch->longnames_size)
+ 	{
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-10-28  Alan Modra  <amodra@gmail.com>
++
++       PR 22361
++       * readelf.c (process_archive_index_and_symbols): Ensure ar_size
++       field is zero terminated for strtoul.
++       (setup_archive, get_archive_member_name): Likewise.
++
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+  
+        PR 22205
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch
new file mode 100644
index 0000000000..bb24ba8834
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16826.patch
@@ -0,0 +1,53 @@
+From a67d66eb97e7613a38ffe6622d837303b3ecd31d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 1 Nov 2017 15:21:46 +0000
+Subject: [PATCH] Prevent illegal memory accesses when attempting to read
+ excessively large COFF line number tables.
+
+	PR 22376
+	* coffcode.h (coff_slurp_line_table): Check for an excessively
+	large line number count.
+
+Upstream-Status: Backport 
+Affects: <= 2.29.1
+CVE: CVE-2017-16826
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog  | 6 ++++++
+ bfd/coffcode.h | 8 ++++++++
+ 2 files changed, 14 insertions(+)
+
+Index: git/bfd/coffcode.h
+===================================================================
+--- git.orig/bfd/coffcode.h
++++ git/bfd/coffcode.h
+@@ -4578,6 +4578,14 @@ coff_slurp_line_table (bfd *abfd, asecti
+ 
+   BFD_ASSERT (asect->lineno == NULL);
+ 
++  if (asect->lineno_count > asect->size)
++    {
++      _bfd_error_handler
++	(_("%B: warning: line number count (%#lx) exceeds section size (%#lx)"),
++	 abfd, (unsigned long) asect->lineno_count, (unsigned long) asect->size);
++      return FALSE;
++    }
++
+   amt = ((bfd_size_type) asect->lineno_count + 1) * sizeof (alent);
+   lineno_cache = (alent *) bfd_alloc (abfd, amt);
+   if (lineno_cache == NULL)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-11-01  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 22376
++       * coffcode.h (coff_slurp_line_table): Check for an excessively
++       large line number count.
++
+ 2017-10-28  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22361
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch
new file mode 100644
index 0000000000..dbc577c8e0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16827.patch
@@ -0,0 +1,95 @@
+From 0301ce1486b1450f219202677f30d0fa97335419 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 17 Oct 2017 16:43:47 +1030
+Subject: [PATCH] PR22306, Invalid free() in slurp_symtab()
+
+	PR 22306
+	* aoutx.h (aout_get_external_symbols): Handle stringsize of zero,
+	and error for any other size that doesn't cover the header word.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16827
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/aoutx.h   | 45 ++++++++++++++++++++++++++++++---------------
+ 2 files changed, 36 insertions(+), 15 deletions(-)
+
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h
++++ git/bfd/aoutx.h
+@@ -1352,27 +1352,42 @@ aout_get_external_symbols (bfd *abfd)
+ 	  || bfd_bread ((void *) string_chars, amt, abfd) != amt)
+ 	return FALSE;
+       stringsize = GET_WORD (abfd, string_chars);
++      if (stringsize == 0)
++	stringsize = 1;
++      else if (stringsize < BYTES_IN_WORD
++	       || (size_t) stringsize != stringsize)
++	{
++	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
++	}
+ 
+ #ifdef USE_MMAP
+-      if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize,
+-				 &obj_aout_string_window (abfd), TRUE))
+-	return FALSE;
+-      strings = (char *) obj_aout_string_window (abfd).data;
+-#else
+-      strings = (char *) bfd_malloc (stringsize + 1);
+-      if (strings == NULL)
+-	return FALSE;
+-
+-      /* Skip space for the string count in the buffer for convenience
+-	 when using indexes.  */
+-      amt = stringsize - BYTES_IN_WORD;
+-      if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt)
++      if (stringsize >= BYTES_IN_WORD)
+ 	{
+-	  free (strings);
+-	  return FALSE;
++	  if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize,
++				     &obj_aout_string_window (abfd), TRUE))
++	    return FALSE;
++	  strings = (char *) obj_aout_string_window (abfd).data;
+ 	}
++      else
+ #endif
++	{
++	  strings = (char *) bfd_malloc (stringsize);
++	  if (strings == NULL)
++	    return FALSE;
+ 
++	  if (stringsize >= BYTES_IN_WORD)
++	    {
++	      /* Keep the string count in the buffer for convenience
++		 when indexing with e_strx.  */
++	      amt = stringsize - BYTES_IN_WORD;
++	      if (bfd_bread (strings + BYTES_IN_WORD, amt, abfd) != amt)
++		{
++		  free (strings);
++		  return FALSE;
++		}
++	    }
++	}
+       /* Ensure that a zero index yields an empty string.  */
+       strings[0] = '\0';
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-17  Alan Modra  <amodra@gmail.com>
++
++       PR 22306
++       * aoutx.h (aout_get_external_symbols): Handle stringsize of zero,
++       and error for any other size that doesn't cover the header word.
++
+ 2017-11-01  Nick Clifton  <nickc@redhat.com>
+  
+        PR 22376
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch
new file mode 100644
index 0000000000..310908f86d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p1.patch
@@ -0,0 +1,79 @@
+From 9c0f3d3f2017829ffd908c9893b85094985c3b58 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 5 Oct 2017 17:32:18 +1030
+Subject: [PATCH] PR22239 - invalid memory read in display_debug_frames
+
+Pointer comparisons have traps for the unwary.  After adding a large
+unknown value to "start", the test "start < end" depends on where
+"start" is originally in memory.
+
+	PR 22239
+	* dwarf.c (read_cie): Don't compare "start" and "end" pointers
+	after adding a possibly wild length to "start", compare the length
+	to the difference of the pointers instead.  Remove now redundant
+	"negative" length test.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16828 patch1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  8 ++++++++
+ binutils/dwarf.c   | 15 ++++-----------
+ 2 files changed, 12 insertions(+), 11 deletions(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -6652,14 +6652,14 @@ read_cie (unsigned char *start, unsigned
+     {
+       READ_ULEB (augmentation_data_len);
+       augmentation_data = start;
+-      start += augmentation_data_len;
+       /* PR 17512: file: 11042-2589-0.004.  */
+-      if (start > end)
++      if (augmentation_data_len > (size_t) (end - start))
+ 	{
+ 	  warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"),
+-		augmentation_data_len, (long)((end - start) + augmentation_data_len));
++		augmentation_data_len, (unsigned long) (end - start));
+ 	  return end;
+ 	}
++      start += augmentation_data_len;
+     }
+ 
+   if (augmentation_data_len)
+@@ -6672,14 +6672,7 @@ read_cie (unsigned char *start, unsigned
+       q = augmentation_data;
+       qend = q + augmentation_data_len;
+ 
+-      /* PR 17531: file: 015adfaa.  */
+-      if (qend < q)
+-	{
+-	  warn (_("Negative augmentation data length: 0x%lx"), augmentation_data_len);
+-	  augmentation_data_len = 0;
+-	}
+-
+-      while (p < end && q < augmentation_data + augmentation_data_len)
++      while (p < end && q < qend)
+ 	{
+ 	  if (*p == 'L')
+ 	    q++;
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,11 @@
++2017-10-05  Alan Modra  <amodra@gmail.com>
++
++       PR 22239
++       * dwarf.c (read_cie): Don't compare "start" and "end" pointers
++       after adding a possibly wild length to "start", compare the length
++       to the difference of the pointers instead.  Remove now redundant
++       "negative" length test.
++
+ 2017-09-27  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22219
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch
new file mode 100644
index 0000000000..5073d31ce0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16828_p2.patch
@@ -0,0 +1,149 @@
+From bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 3 Nov 2017 13:57:15 +0000
+Subject: [PATCH] Fix integer overflow problems when reading an ELF binary with
+ corrupt augmentation data.
+
+	PR 22386
+	* dwarf.c (read_cie): Use bfd_size_type for
+	augmentation_data_len.
+	(display_augmentation_data): New function.
+	(display_debug_frames): Use it.
+	Check for integer overflow when testing augmentation_data_len.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16828 patch2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 10 +++++++++
+ binutils/dwarf.c   | 65 +++++++++++++++++++++++++++++++++---------------------
+ 2 files changed, 50 insertions(+), 25 deletions(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -6577,13 +6577,13 @@ frame_display_row (Frame_Chunk *fc, int
+ static unsigned char *
+ read_cie (unsigned char *start, unsigned char *end,
+ 	  Frame_Chunk **p_cie, int *p_version,
+-	  unsigned long *p_aug_len, unsigned char **p_aug)
++	  bfd_size_type *p_aug_len, unsigned char **p_aug)
+ {
+   int version;
+   Frame_Chunk *fc;
+   unsigned int length_return;
+   unsigned char *augmentation_data = NULL;
+-  unsigned long augmentation_data_len = 0;
++  bfd_size_type augmentation_data_len = 0;
+ 
+   * p_cie = NULL;
+   /* PR 17512: file: 001-228113-0.004.  */
+@@ -6653,10 +6653,11 @@ read_cie (unsigned char *start, unsigned
+       READ_ULEB (augmentation_data_len);
+       augmentation_data = start;
+       /* PR 17512: file: 11042-2589-0.004.  */
+-      if (augmentation_data_len > (size_t) (end - start))
++      if (augmentation_data_len > (bfd_size_type) (end - start))
+ 	{
+-	  warn (_("Augmentation data too long: %#lx, expected at most %#lx\n"),
+-		augmentation_data_len, (unsigned long) (end - start));
++	  warn (_("Augmentation data too long: 0x%s, expected at most %#lx\n"),
++		dwarf_vmatoa ("x", augmentation_data_len),
++		(unsigned long) (end - start));
+ 	  return end;
+ 	}
+       start += augmentation_data_len;
+@@ -6701,6 +6702,31 @@ read_cie (unsigned char *start, unsigned
+   return start;
+ }
+ 
++/* Prints out the contents on the augmentation data array.
++   If do_wide is not enabled, then formats the output to fit into 80 columns.  */
++
++static void
++display_augmentation_data (const unsigned char * data, const bfd_size_type len)
++{
++  bfd_size_type i;
++
++  i = printf (_("  Augmentation data:    "));
++
++  if (do_wide || len < ((80 - i) / 3))
++    for (i = 0; i < len; ++i)
++      printf (" %02x", data[i]);
++  else
++    {
++      for (i = 0; i < len; ++i)
++	{
++	  if (i % (80 / 3) == 0)
++	    putchar ('\n');
++	  printf (" %02x", data[i]);
++	}
++    }
++  putchar ('\n');
++}
++
+ static int
+ display_debug_frames (struct dwarf_section *section,
+ 		      void *file ATTRIBUTE_UNUSED)
+@@ -6729,7 +6755,7 @@ display_debug_frames (struct dwarf_secti
+       Frame_Chunk *cie;
+       int need_col_headers = 1;
+       unsigned char *augmentation_data = NULL;
+-      unsigned long augmentation_data_len = 0;
++      bfd_size_type augmentation_data_len = 0;
+       unsigned int encoded_ptr_size = saved_eh_addr_size;
+       unsigned int offset_size;
+       unsigned int initial_length_size;
+@@ -6823,16 +6849,8 @@ display_debug_frames (struct dwarf_secti
+ 	      printf ("  Return address column: %d\n", fc->ra);
+ 
+ 	      if (augmentation_data_len)
+-		{
+-		  unsigned long i;
++		display_augmentation_data (augmentation_data, augmentation_data_len);
+ 
+-		  printf ("  Augmentation data:    ");
+-		  for (i = 0; i < augmentation_data_len; ++i)
+-		    /* FIXME: If do_wide is FALSE, then we should
+-		       add carriage returns at 80 columns...  */
+-		    printf (" %02x", augmentation_data[i]);
+-		  putchar ('\n');
+-		}
+ 	      putchar ('\n');
+ 	    }
+ 	}
+@@ -6988,11 +7006,13 @@ display_debug_frames (struct dwarf_secti
+ 	      READ_ULEB (augmentation_data_len);
+ 	      augmentation_data = start;
+ 	      start += augmentation_data_len;
+-	      /* PR 17512: file: 722-8446-0.004.  */
+-	      if (start >= end || ((signed long) augmentation_data_len) < 0)
++	      /* PR 17512 file: 722-8446-0.004 and PR 22386.  */
++	      if (start >= end
++		  || ((bfd_signed_vma) augmentation_data_len) < 0
++		  || augmentation_data > start)
+ 		{
+-		  warn (_("Corrupt augmentation data length: %lx\n"),
+-			augmentation_data_len);
++		  warn (_("Corrupt augmentation data length: 0x%s\n"),
++			dwarf_vmatoa ("x", augmentation_data_len));
+ 		  start = end;
+ 		  augmentation_data = NULL;
+ 		  augmentation_data_len = 0;
+@@ -7014,12 +7034,7 @@ display_debug_frames (struct dwarf_secti
+ 
+ 	  if (! do_debug_frames_interp && augmentation_data_len)
+ 	    {
+-	      unsigned long i;
+-
+-	      printf ("  Augmentation data:    ");
+-	      for (i = 0; i < augmentation_data_len; ++i)
+-		printf (" %02x", augmentation_data[i]);
+-	      putchar ('\n');
++	      display_augmentation_data (augmentation_data, augmentation_data_len);
+ 	      putchar ('\n');
+ 	    }
+ 	}
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch
new file mode 100644
index 0000000000..f9410e2728
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16829.patch
@@ -0,0 +1,82 @@
+From cf54ebff3b7361989712fd9c0128a9b255578163 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 17 Oct 2017 21:57:29 +1030
+Subject: [PATCH] PR22307, Heap out of bounds read in
+ _bfd_elf_parse_gnu_properties
+
+When adding an unbounded increment to a pointer, you can't just check
+against the end of the buffer but also must check that overflow
+doesn't result in "negative" pointer movement.  Pointer comparisons
+are signed.  Better, check the increment against the space left using
+an unsigned comparison.
+
+	PR 22307
+	* elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz
+	against size left rather than comparing pointers.  Reorganise loop.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16829
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog        |  6 ++++++
+ bfd/elf-properties.c | 18 +++++++++---------
+ 2 files changed, 15 insertions(+), 9 deletions(-)
+
+Index: git/bfd/elf-properties.c
+===================================================================
+--- git.orig/bfd/elf-properties.c
++++ git/bfd/elf-properties.c
+@@ -93,15 +93,20 @@ bad_size:
+       return FALSE;
+     }
+ 
+-  while (1)
++  while (ptr != ptr_end)
+     {
+-      unsigned int type = bfd_h_get_32 (abfd, ptr);
+-      unsigned int datasz = bfd_h_get_32 (abfd, ptr + 4);
++      unsigned int type;
++      unsigned int datasz;
+       elf_property *prop;
+ 
++      if ((size_t) (ptr_end - ptr) < 8)
++	goto bad_size;
++
++      type = bfd_h_get_32 (abfd, ptr);
++      datasz = bfd_h_get_32 (abfd, ptr + 4);
+       ptr += 8;
+ 
+-      if ((ptr + datasz) > ptr_end)
++      if (datasz > (size_t) (ptr_end - ptr))
+ 	{
+ 	  _bfd_error_handler
+ 	    (_("warning: %B: corrupt GNU_PROPERTY_TYPE (%ld) type (0x%x) datasz: 0x%x"),
+@@ -182,11 +187,6 @@ bad_size:
+ 
+ next:
+       ptr += (datasz + (align_size - 1)) & ~ (align_size - 1);
+-      if (ptr == ptr_end)
+-	break;
+-
+-      if (ptr > (ptr_end - 8))
+-	goto bad_size;
+     }
+ 
+   return TRUE;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,10 @@
+ 2017-10-17  Alan Modra  <amodra@gmail.com>
++ 
++       PR 22307
++       * elf-properties.c (_bfd_elf_parse_gnu_properties): Compare datasz
++       against size left rather than comparing pointers.  Reorganise loop.
++
++2017-10-17  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22306
+        * aoutx.h (aout_get_external_symbols): Handle stringsize of zero,
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch
new file mode 100644
index 0000000000..1382c8e3e7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16830.patch
@@ -0,0 +1,91 @@
+From 6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 Mon Sep 17 00:00:00 2001
+From: Mingi Cho <mgcho.minic@gmail.com>
+Date: Thu, 2 Nov 2017 17:01:08 +0000
+Subject: [PATCH] Work around integer overflows when readelf is checking for
+ corrupt ELF notes when run on a 32-bit host.
+
+	PR 22384
+	* readelf.c (print_gnu_property_note): Improve overflow checks so
+	that they will work on a 32-bit host.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16830
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/readelf.c | 33 +++++++++++++++++----------------
+ 2 files changed, 23 insertions(+), 16 deletions(-)
+
+Index: git/binutils/readelf.c
+===================================================================
+--- git.orig/binutils/readelf.c
++++ git/binutils/readelf.c
+@@ -16431,15 +16431,24 @@ print_gnu_property_note (Elf_Internal_No
+       return;
+     }
+ 
+-  while (1)
++  while (ptr < ptr_end)
+     {
+       unsigned int j;
+-      unsigned int type = byte_get (ptr, 4);
+-      unsigned int datasz = byte_get (ptr + 4, 4);
++      unsigned int type;
++      unsigned int datasz;
++
++      if ((size_t) (ptr_end - ptr) < 8)
++	{
++	  printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
++	  break;
++	}
++
++      type = byte_get (ptr, 4);
++      datasz = byte_get (ptr + 4, 4);
+ 
+       ptr += 8;
+ 
+-      if ((ptr + datasz) > ptr_end)
++      if (datasz > (size_t) (ptr_end - ptr))
+ 	{
+ 	  printf (_("<corrupt type (%#x) datasz: %#x>\n"),
+ 		  type, datasz);
+@@ -16520,19 +16529,11 @@ next:
+       ptr += ((datasz + (size - 1)) & ~ (size - 1));
+       if (ptr == ptr_end)
+ 	break;
+-      else
+-	{
+-	  if (do_wide)
+-	    printf (", ");
+-	  else
+-	    printf ("\n\t");
+-	}
+ 
+-      if (ptr > (ptr_end - 8))
+-	{
+-	  printf (_("<corrupt descsz: %#lx>\n"), pnote->descsz);
+-	  break;
+-	}
++      if (do_wide)
++	printf (", ");
++      else
++	printf ("\n\t");
+     }
+ 
+   printf ("\n");
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-11-02  Mingi Cho  <mgcho.minic@gmail.com>
++
++       PR 22384
++       * readelf.c (print_gnu_property_note): Improve overflow checks so
++       that they will work on a 32-bit host.
++
+ 2017-10-05  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22239
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch
new file mode 100644
index 0000000000..7acd5e0f2f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16831.patch
@@ -0,0 +1,77 @@
+From 6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 3 Nov 2017 11:55:21 +0000
+Subject: [PATCH] Fix excessive memory allocation attempts and possible integer
+ overfloaws when attempting to read a COFF binary with a corrupt symbol count.
+
+	PR 22385
+	* coffgen.c (_bfd_coff_get_external_symbols): Check for an
+	overlarge raw syment count.
+	(coff_get_normalized_symtab): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-16831
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  8 ++++++++
+ bfd/coffgen.c | 17 +++++++++++++++--
+ 2 files changed, 23 insertions(+), 2 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2017-11-03  Mingi Cho  <mgcho.minic@gmail.com>
++           Nick Clifton  <nickc@redhat.com>
++
++       PR 22385
++       * coffgen.c (_bfd_coff_get_external_symbols): Check for an
++       overlarge raw syment count.
++       (coff_get_normalized_symtab): Likewise.
++
+ 2017-10-17  Alan Modra  <amodra@gmail.com>
+  
+        PR 22307
+Index: git/bfd/coffgen.c
+===================================================================
+--- git.orig/bfd/coffgen.c
++++ git/bfd/coffgen.c
+@@ -1640,13 +1640,23 @@ _bfd_coff_get_external_symbols (bfd *abf
+   size = obj_raw_syment_count (abfd) * symesz;
+   if (size == 0)
+     return TRUE;
++   /* Check for integer overflow and for unreasonable symbol counts.  */
++   if (size < obj_raw_syment_count (abfd)
++       || (bfd_get_file_size (abfd) > 0
++          && size > bfd_get_file_size (abfd)))
++
++     {
++       _bfd_error_handler (_("%B: corrupt symbol count: %#Lx"),
++                         abfd, obj_raw_syment_count (abfd));
++       return FALSE;
++    }
+ 
+   syms = bfd_malloc (size);
+   if (syms == NULL)
+     {
+       /* PR 21013: Provide an error message when the alloc fails.  */
+-      _bfd_error_handler (_("%B: Not enough memory to allocate space for %lu symbols"),
+-			  abfd, size);
++      _bfd_error_handler (_("%B: not enough memory to allocate space for %#Lx symbols of size %#Lx"),
++                         abfd, obj_raw_syment_count (abfd), symesz);
+       return FALSE;
+     }
+ 
+@@ -1790,6 +1800,9 @@ coff_get_normalized_symtab (bfd *abfd)
+     return NULL;
+ 
+   size = obj_raw_syment_count (abfd) * sizeof (combined_entry_type);
++  /* Check for integer overflow.  */
++  if (size < obj_raw_syment_count (abfd))
++    return NULL;
+   internal = (combined_entry_type *) bfd_zalloc (abfd, size);
+   if (internal == NULL && size != 0)
+     return NULL;
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch
new file mode 100644
index 0000000000..9044bccf95
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-16832.patch
@@ -0,0 +1,61 @@
+From 0bb6961f18b8e832d88b490d421ca56cea16c45b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 31 Oct 2017 14:29:40 +0000
+Subject: [PATCH] Fix illegal memory access triggered when parsing a PE binary
+ with a corrupt data dictionary.
+
+	PR 22373
+	* peicode.h (pe_bfd_read_buildid): Check for invalid size and data
+	offset values.
+
+Upstrem-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-16832
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/peicode.h | 9 ++++++---
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+Index: git/bfd/peicode.h
+===================================================================
+--- git.orig/bfd/peicode.h
++++ git/bfd/peicode.h
+@@ -1303,7 +1303,6 @@ pe_bfd_read_buildid (bfd *abfd)
+   bfd_byte *data = 0;
+   bfd_size_type dataoff;
+   unsigned int i;
+-
+   bfd_vma addr = extra->DataDirectory[PE_DEBUG_DATA].VirtualAddress;
+   bfd_size_type size = extra->DataDirectory[PE_DEBUG_DATA].Size;
+ 
+@@ -1327,8 +1326,12 @@ pe_bfd_read_buildid (bfd *abfd)
+ 
+   dataoff = addr - section->vma;
+ 
+-  /* PR 20605: Make sure that the data is really there.  */
+-  if (dataoff + size > section->size)
++  /* PR 20605 and 22373: Make sure that the data is really there.
++     Note - since we are dealing with unsigned quantities we have
++     to be careful to check for potential overflows.  */
++  if (dataoff > section->size
++      || size > section->size
++      || dataoff + size > section->size)
+     {
+       _bfd_error_handler (_("%B: Error: Debug Data ends beyond end of debug directory."),
+ 			  abfd);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-31  Nick Clifton  <nickc@redhat.com>
++
++       PR 22373
++       * peicode.h (pe_bfd_read_buildid): Check for invalid size and data
++       offset values.
++
+ 2017-11-03  Mingi Cho  <mgcho.minic@gmail.com>
+            Nick Clifton  <nickc@redhat.com>
+ 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
new file mode 100644
index 0000000000..611a276def
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17080.patch
@@ -0,0 +1,78 @@
+From 80a0437873045cc08753fcac4af154e2931a99fd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 16 Nov 2017 14:53:32 +0000
+Subject: [PATCH] Prevent illegal memory accesses when parsing incorrecctly
+ formated core notes.
+
+	PR 22421
+	* elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
+	(elfcore_grok_openbsd_procinfo): Likewise.
+	(elfcore_grok_nto_status): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-17080 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/elf.c     | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -9862,6 +9862,7 @@ elfcore_grok_freebsd_psinfo (bfd *abfd,
+   /* Check for version 1 in pr_version.  */
+   if (bfd_h_get_32 (abfd, (bfd_byte *) note->descdata) != 1)
+     return FALSE;
++
+   offset = 4;
+ 
+   /* Skip over pr_psinfosz. */
+@@ -10030,6 +10031,9 @@ elfcore_netbsd_get_lwpid (Elf_Internal_N
+ static bfd_boolean
+ elfcore_grok_netbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
+ {
++  if (note->descsz <= 0x7c + 31)
++    return FALSE;
++
+   /* Signal number at offset 0x08. */
+   elf_tdata (abfd)->core->signal
+     = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
+@@ -10114,6 +10118,9 @@ elfcore_grok_netbsd_note (bfd *abfd, Elf
+ static bfd_boolean
+ elfcore_grok_openbsd_procinfo (bfd *abfd, Elf_Internal_Note *note)
+ {
++  if (note->descsz <= 0x48 + 31)
++    return FALSE;
++
+   /* Signal number at offset 0x08. */
+   elf_tdata (abfd)->core->signal
+     = bfd_h_get_32 (abfd, (bfd_byte *) note->descdata + 0x08);
+@@ -10185,6 +10192,9 @@ elfcore_grok_nto_status (bfd *abfd, Elf_
+   short sig;
+   unsigned flags;
+ 
++  if (note->descsz < 16)
++    return FALSE;
++
+   /* nto_procfs_status 'pid' field is at offset 0.  */
+   elf_tdata (abfd)->core->pid = bfd_get_32 (abfd, (bfd_byte *) ddata);
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-11-16  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 22421
++       * elf.c (elfcore_grok_netbsd_procinfo): Check that the note is big enough.
++       (elfcore_grok_openbsd_procinfo): Likewise.
++       (elfcore_grok_nto_status): Likewise.
++
+ 2017-10-31  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22373
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch
new file mode 100644
index 0000000000..4b675f7b72
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17121.patch
@@ -0,0 +1,366 @@
+From b23dc97fe237a1d9e850d7cbeee066183a00630b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Nov 2017 13:20:31 +0000
+Subject: [PATCH] Fix a memory access violation when attempting to parse a
+ corrupt COFF binary with a relocation that points beyond the end of the
+ section to be relocated.
+
+	PR 22506
+	* reloc.c (reloc_offset_in_range): Rename to
+	bfd_reloc_offset_in_range and export.
+	(bfd_perform_relocation): Rename function invocation.
+	(bfd_install_relocation): Likewise.
+	(bfd_final_link_relocate): Likewise.
+	* bfd-in2.h: Regenerate.
+	* coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range.
+	* coff-i386.c (coff_i386_reloc): Likewise.
+	* coff-i860.c (coff_i860_reloc): Likewise.
+	* coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise.
+	* coff-m88k.c (m88k_special_reloc): Likewise.
+	* coff-mips.c (mips_reflo_reloc): Likewise.
+	* coff-x86_64.c (coff_amd64_reloc): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-17121
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog     | 17 +++++++++++++++
+ bfd/bfd-in2.h     |  6 +++++
+ bfd/coff-arm.c    | 65 ++++++++++++++++++++++++++++++-------------------------
+ bfd/coff-i386.c   |  5 +++++
+ bfd/coff-i860.c   |  5 +++++
+ bfd/coff-m68k.c   |  5 +++++
+ bfd/coff-m88k.c   |  9 +++++++-
+ bfd/coff-mips.c   |  6 +++++
+ bfd/coff-x86_64.c | 16 +++++---------
+ bfd/reloc.c       | 40 +++++++++++++++++++++++++++++-----
+ 10 files changed, 126 insertions(+), 48 deletions(-)
+
+Index: git/bfd/bfd-in2.h
+===================================================================
+--- git.orig/bfd/bfd-in2.h
++++ git/bfd/bfd-in2.h
+@@ -2661,6 +2661,12 @@ bfd_reloc_status_type bfd_check_overflow
+     unsigned int addrsize,
+     bfd_vma relocation);
+ 
++bfd_boolean bfd_reloc_offset_in_range
++   (reloc_howto_type *howto,
++    bfd *abfd,
++    asection *section,
++    bfd_size_type offset);
++
+ bfd_reloc_status_type bfd_perform_relocation
+    (bfd *abfd,
+     arelent *reloc_entry,
+Index: git/bfd/coff-arm.c
+===================================================================
+--- git.orig/bfd/coff-arm.c
++++ git/bfd/coff-arm.c
+@@ -109,41 +109,46 @@ coff_arm_reloc (bfd *abfd,
+   x = ((x & ~howto->dst_mask)					\
+        | (((x & howto->src_mask) + diff) & howto->dst_mask))
+ 
+-    if (diff != 0)
+-      {
+-	reloc_howto_type *howto = reloc_entry->howto;
+-	unsigned char *addr = (unsigned char *) data + reloc_entry->address;
++  if (diff != 0)
++    {
++      reloc_howto_type *howto = reloc_entry->howto;
++      unsigned char *addr = (unsigned char *) data + reloc_entry->address;
++
++      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++				       reloc_entry->address
++				       * bfd_octets_per_byte (abfd)))
++	return bfd_reloc_outofrange;
++
++      switch (howto->size)
++	{
++	case 0:
++	  {
++	    char x = bfd_get_8 (abfd, addr);
++	    DOIT (x);
++	    bfd_put_8 (abfd, x, addr);
++	  }
++	  break;
+ 
+-	switch (howto->size)
++	case 1:
+ 	  {
+-	  case 0:
+-	    {
+-	      char x = bfd_get_8 (abfd, addr);
+-	      DOIT (x);
+-	      bfd_put_8 (abfd, x, addr);
+-	    }
+-	    break;
+-
+-	  case 1:
+-	    {
+-	      short x = bfd_get_16 (abfd, addr);
+-	      DOIT (x);
+-	      bfd_put_16 (abfd, (bfd_vma) x, addr);
+-	    }
+-	    break;
+-
+-	  case 2:
+-	    {
+-	      long x = bfd_get_32 (abfd, addr);
+-	      DOIT (x);
+-	      bfd_put_32 (abfd, (bfd_vma) x, addr);
+-	    }
+-	    break;
++	    short x = bfd_get_16 (abfd, addr);
++	    DOIT (x);
++	    bfd_put_16 (abfd, (bfd_vma) x, addr);
++	  }
++	  break;
+ 
+-	  default:
+-	    abort ();
++	case 2:
++	  {
++	    long x = bfd_get_32 (abfd, addr);
++	    DOIT (x);
++	    bfd_put_32 (abfd, (bfd_vma) x, addr);
+ 	  }
+-      }
++	  break;
++
++	default:
++	  abort ();
++	}
++    }
+ 
+   /* Now let bfd_perform_relocation finish everything up.  */
+   return bfd_reloc_continue;
+Index: git/bfd/coff-i386.c
+===================================================================
+--- git.orig/bfd/coff-i386.c
++++ git/bfd/coff-i386.c
+@@ -144,6 +144,11 @@ coff_i386_reloc (bfd *abfd,
+       reloc_howto_type *howto = reloc_entry->howto;
+       unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+ 
++      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++				       reloc_entry->address
++				       * bfd_octets_per_byte (abfd)))
++	return bfd_reloc_outofrange;
++
+       switch (howto->size)
+ 	{
+ 	case 0:
+Index: git/bfd/coff-i860.c
+===================================================================
+--- git.orig/bfd/coff-i860.c
++++ git/bfd/coff-i860.c
+@@ -95,6 +95,11 @@ coff_i860_reloc (bfd *abfd,
+ 	reloc_howto_type *howto = reloc_entry->howto;
+ 	unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+ 
++	if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++					 reloc_entry->address
++					 * bfd_octets_per_byte (abfd)))
++	  return bfd_reloc_outofrange;
++
+ 	switch (howto->size)
+ 	  {
+ 	  case 0:
+Index: git/bfd/coff-m68k.c
+===================================================================
+--- git.orig/bfd/coff-m68k.c
++++ git/bfd/coff-m68k.c
+@@ -305,6 +305,11 @@ m68kcoff_common_addend_special_fn (bfd *
+       reloc_howto_type *howto = reloc_entry->howto;
+       unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+ 
++      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++				       reloc_entry->address
++				       * bfd_octets_per_byte (abfd)))
++	return bfd_reloc_outofrange;
++
+       switch (howto->size)
+ 	{
+ 	case 0:
+Index: git/bfd/coff-m88k.c
+===================================================================
+--- git.orig/bfd/coff-m88k.c
++++ git/bfd/coff-m88k.c
+@@ -72,10 +72,17 @@ m88k_special_reloc (bfd *abfd,
+ 	{
+ 	  bfd_vma output_base = 0;
+ 	  bfd_vma addr = reloc_entry->address;
+-	  bfd_vma x = bfd_get_16 (abfd, (bfd_byte *) data + addr);
++	  bfd_vma x;
+ 	  asection *reloc_target_output_section;
+ 	  long relocation = 0;
+ 
++	  if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++					   reloc_entry->address
++					   * bfd_octets_per_byte (abfd)))
++	    return bfd_reloc_outofrange;
++
++	  x = bfd_get_16 (abfd, (bfd_byte *) data + addr);
++
+ 	  /* Work out which section the relocation is targeted at and the
+ 	     initial relocation command value.  */
+ 
+Index: git/bfd/coff-mips.c
+===================================================================
+--- git.orig/bfd/coff-mips.c
++++ git/bfd/coff-mips.c
+@@ -504,6 +504,12 @@ mips_reflo_reloc (bfd *abfd ATTRIBUTE_UN
+ 	  unsigned long vallo;
+ 	  struct mips_hi *next;
+ 
++	  if (! bfd_reloc_offset_in_range (reloc_entry->howto, abfd,
++					   input_section,
++					   reloc_entry->address
++					   * bfd_octets_per_byte (abfd)))
++	    return bfd_reloc_outofrange;
++
+ 	  /* Do the REFHI relocation.  Note that we actually don't
+ 	     need to know anything about the REFLO itself, except
+ 	     where to find the low 16 bits of the addend needed by the
+Index: git/bfd/coff-x86_64.c
+===================================================================
+--- git.orig/bfd/coff-x86_64.c
++++ git/bfd/coff-x86_64.c
+@@ -143,16 +143,10 @@ coff_amd64_reloc (bfd *abfd,
+       reloc_howto_type *howto = reloc_entry->howto;
+       unsigned char *addr = (unsigned char *) data + reloc_entry->address;
+ 
+-      /* FIXME: We do not have an end address for data, so we cannot
+-	 accurately range check any addresses computed against it.
+-	 cf: PR binutils/17512: file: 1085-1761-0.004.
+-	 For now we do the best that we can.  */
+-      if (addr < (unsigned char *) data
+-	  || addr > ((unsigned char *) data) + input_section->size)
+-	{
+-	  bfd_set_error (bfd_error_bad_value);
+-	  return bfd_reloc_notsupported;
+-	}
++      if (! bfd_reloc_offset_in_range (howto, abfd, input_section,
++				       reloc_entry->address
++				       * bfd_octets_per_byte (abfd)))
++	return bfd_reloc_outofrange;
+ 
+       switch (howto->size)
+ 	{
+Index: git/bfd/reloc.c
+===================================================================
+--- git.orig/bfd/reloc.c
++++ git/bfd/reloc.c
+@@ -538,12 +538,31 @@ bfd_check_overflow (enum complain_overfl
+   return flag;
+ }
+ 
++/*
++FUNCTION
++	bfd_reloc_offset_in_range
++
++SYNOPSIS
++	bfd_boolean bfd_reloc_offset_in_range
++          (reloc_howto_type *howto,
++           bfd *abfd,
++           asection *section,
++           bfd_size_type offset);
++
++DESCRIPTION
++        Returns TRUE if the reloc described by @var{HOWTO} can be
++	applied at @var{OFFSET} octets in @var{SECTION}.
++
++*/
++
+ /* HOWTO describes a relocation, at offset OCTET.  Return whether the
+    relocation field is within SECTION of ABFD.  */
+ 
+-static bfd_boolean
+-reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd,
+-		       asection *section, bfd_size_type octet)
++bfd_boolean
++bfd_reloc_offset_in_range (reloc_howto_type *howto,
++			   bfd *abfd,
++			   asection *section,
++			   bfd_size_type octet)
+ {
+   bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section);
+   bfd_size_type reloc_size = bfd_get_reloc_size (howto);
+@@ -617,6 +636,11 @@ bfd_perform_relocation (bfd *abfd,
+   if (howto && howto->special_function)
+     {
+       bfd_reloc_status_type cont;
++
++      /* Note - we do not call bfd_reloc_offset_in_range here as the
++	 reloc_entry->address field might actually be valid for the
++	 backend concerned.  It is up to the special_function itself
++	 to call bfd_reloc_offset_in_range if needed.  */
+       cont = howto->special_function (abfd, reloc_entry, symbol, data,
+ 				      input_section, output_bfd,
+ 				      error_message);
+@@ -637,7 +661,7 @@ bfd_perform_relocation (bfd *abfd,
+ 
+   /* Is the address of the relocation really within the section?  */
+   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+-  if (!reloc_offset_in_range (howto, abfd, input_section, octets))
++  if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* Work out which section the relocation is targeted at and the
+@@ -1003,6 +1027,10 @@ bfd_install_relocation (bfd *abfd,
+     {
+       bfd_reloc_status_type cont;
+ 
++      /* Note - we do not call bfd_reloc_offset_in_range here as the
++	 reloc_entry->address field might actually be valid for the
++	 backend concerned.  It is up to the special_function itself
++	 to call bfd_reloc_offset_in_range if needed.  */
+       /* XXX - The special_function calls haven't been fixed up to deal
+ 	 with creating new relocations and section contents.  */
+       cont = howto->special_function (abfd, reloc_entry, symbol,
+@@ -1025,7 +1053,7 @@ bfd_install_relocation (bfd *abfd,
+ 
+   /* Is the address of the relocation really within the section?  */
+   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+-  if (!reloc_offset_in_range (howto, abfd, input_section, octets))
++  if (!bfd_reloc_offset_in_range (howto, abfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* Work out which section the relocation is targeted at and the
+@@ -1363,7 +1391,7 @@ _bfd_final_link_relocate (reloc_howto_ty
+   bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
+ 
+   /* Sanity check the address.  */
+-  if (!reloc_offset_in_range (howto, input_bfd, input_section, octets))
++  if (!bfd_reloc_offset_in_range (howto, input_bfd, input_section, octets))
+     return bfd_reloc_outofrange;
+ 
+   /* This function assumes that we are dealing with a basic relocation
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,20 @@
++2017-11-28  Nick Clifton  <nickc@redhat.com>
++
++       PR 22506
++       * reloc.c (reloc_offset_in_range): Rename to
++      bfd_reloc_offset_in_range and export.
++       (bfd_perform_relocation): Rename function invocation.
++       (bfd_install_relocation): Likewise.
++       (bfd_final_link_relocate): Likewise.
++       * bfd-in2.h: Regenerate.
++       * coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range.
++       * coff-i386.c (coff_i386_reloc): Likewise.
++       * coff-i860.c (coff_i860_reloc): Likewise.
++       * coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise.
++       * coff-m88k.c (m88k_special_reloc): Likewise.
++       * coff-mips.c (mips_reflo_reloc): Likewise.
++       * coff-x86_64.c (coff_amd64_reloc): Likewise.
++
+ 2017-11-16  Nick Clifton  <nickc@redhat.com>
+  
+        PR 22421
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch
new file mode 100644
index 0000000000..5ae749bcca
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17122.patch
@@ -0,0 +1,58 @@
+From d785b7d4b877ed465d04072e17ca19d0f47d840f Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 29 Nov 2017 12:40:43 +0000
+Subject: [PATCH] Stop objdump from attempting to allocate a huge chunk of
+ memory when parsing relocs in a corrupt file.
+
+	PR 22508
+	* objdump.c (dump_relocs_in_section): Also check the section's
+	relocation count to make sure that it is reasonable before
+	attempting to allocate space for the relocs.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-17122
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  7 +++++++
+ binutils/objdump.c | 11 ++++++++++-
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -3381,7 +3381,16 @@ dump_relocs_in_section (bfd *abfd,
+     }
+ 
+   if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+-      && (ufile_ptr) relsize > bfd_get_file_size (abfd))
++      && (((ufile_ptr) relsize > bfd_get_file_size (abfd))
++	  /* Also check the section's reloc count since if this is negative
++	     (or very large) the computation in bfd_get_reloc_upper_bound
++	     may have resulted in returning a small, positive integer.
++	     See PR 22508 for a reproducer.
++
++	     Note - we check against file size rather than section size as
++	     it is possible for there to be more relocs that apply to a
++	     section than there are bytes in that section.  */
++	  || (section->reloc_count > bfd_get_file_size (abfd))))
+     {
+       printf (" (too many: 0x%x)\n", section->reloc_count);
+       bfd_set_error (bfd_error_file_truncated);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,10 @@
++2017-11-29  Nick Clifton  <nickc@redhat.com>
++
++       PR 22508
++       * objdump.c (dump_relocs_in_section): Also check the section's
++       relocation count to make sure that it is reasonable before
++       attempting to allocate space for the relocs.
++
+ 2017-11-02  Mingi Cho  <mgcho.minic@gmail.com>
+ 
+        PR 22384
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch
new file mode 100644
index 0000000000..08412108da
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17123.patch
@@ -0,0 +1,33 @@
+From 4581a1c7d304ce14e714b27522ebf3d0188d6543 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 29 Nov 2017 17:12:12 +0000
+Subject: [PATCH] Check for a NULL symbol pointer when reading relocs from a
+ COFF based file.
+
+	PR 22509
+	* coffcode.h (coff_slurp_reloc_table): Check for a NULL symbol
+	pointer when processing relocs.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-17123
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog  | 6 ++++++
+ bfd/coffcode.h | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/coffcode.h
+===================================================================
+--- git.orig/bfd/coffcode.h
++++ git/bfd/coffcode.h
+@@ -5326,7 +5326,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_
+ #else
+       cache_ptr->address = dst.r_vaddr;
+ 
+-      if (dst.r_symndx != -1)
++      if (dst.r_symndx != -1 && symbols != NULL)
+ 	{
+ 	  if (dst.r_symndx < 0 || dst.r_symndx >= obj_conv_table_size (abfd))
+ 	    {
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch
new file mode 100644
index 0000000000..16f0768d95
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17124.patch
@@ -0,0 +1,47 @@
+From b0029dce6867de1a2828293177b0e030d2f0f03c Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 28 Nov 2017 18:00:29 +0000
+Subject: [PATCH] Prevent a memory exhaustion problem when trying to read in
+ strings from a COFF binary with a corrupt string table size.
+
+	PR 22507
+	* coffgen.c (_bfd_coff_read_string_table): Check for an excessive
+	size of the external string table.
+
+Upstream-Status: Backport
+Affects binutls <= 2.29.1
+CVE:  CVE-2017-17124 
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/coffgen.c | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+Index: git/bfd/coffgen.c
+===================================================================
+--- git.orig/bfd/coffgen.c
++++ git/bfd/coffgen.c
+@@ -1709,7 +1709,7 @@ _bfd_coff_read_string_table (bfd *abfd)
+ #endif
+     }
+ 
+-  if (strsize < STRING_SIZE_SIZE)
++  if (strsize < STRING_SIZE_SIZE || strsize > bfd_get_file_size (abfd))
+     {
+       _bfd_error_handler
+ 	/* xgettext: c-format */
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-11-28  Nick Clifton  <nickc@redhat.com>
++
++       PR 22507
++       * coffgen.c (_bfd_coff_read_string_table): Check for an excessive
++       size of the external string table.
++
+ 2018-03-28  Eric Botcazou  <ebotcazou@adacore.com>
+ 
+ 	PR ld/22972
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch
new file mode 100644
index 0000000000..30dc6d5727
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-17125.patch
@@ -0,0 +1,129 @@
+From 160b1a618ad94988410dc81fce9189fcda5b7ff4 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 18 Nov 2017 23:18:22 +1030
+Subject: [PATCH] PR22443, Global buffer overflow in
+ _bfd_elf_get_symbol_version_string
+
+Symbols like *ABS* defined in bfd/section.c:global_syms are not
+elf_symbol_type.  They can appear on relocs and perhaps other places
+in an ELF bfd, so a number of places in nm.c and objdump.c are wrong
+to cast an asymbol based on the bfd being ELF.  I think we lose
+nothing by excluding all section symbols, not just the global_syms.
+
+	PR 22443
+	* nm.c (sort_symbols_by_size): Don't attempt to access
+	section symbol internal_elf_sym.
+	(print_symbol): Likewise.  Don't call bfd_get_symbol_version_string
+	for section symbols.
+	* objdump.c (compare_symbols): Don't attempt to access
+	section symbol internal_elf_sym.
+	(objdump_print_symname): Don't call bfd_get_symbol_version_string
+	for section symbols.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE:  CVE-2017-17125
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 12 ++++++++++++
+ binutils/nm.c      | 17 ++++++++++-------
+ binutils/objdump.c |  6 +++---
+ 3 files changed, 25 insertions(+), 10 deletions(-)
+
+Index: git/binutils/nm.c
+===================================================================
+--- git.orig/binutils/nm.c
++++ git/binutils/nm.c
+@@ -765,7 +765,6 @@ sort_symbols_by_size (bfd *abfd, bfd_boo
+       asection *sec;
+       bfd_vma sz;
+       asymbol *temp;
+-      int synthetic = (sym->flags & BSF_SYNTHETIC);
+ 
+       if (from + size < fromend)
+ 	{
+@@ -782,10 +781,13 @@ sort_symbols_by_size (bfd *abfd, bfd_boo
+       sec = bfd_get_section (sym);
+ 
+       /* Synthetic symbols don't have a full type set of data available, thus
+-	 we can't rely on that information for the symbol size.  */
+-      if (!synthetic && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
++	 we can't rely on that information for the symbol size.  Ditto for
++	 bfd/section.c:global_syms like *ABS*.  */
++      if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
++	  && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
+ 	sz = ((elf_symbol_type *) sym)->internal_elf_sym.st_size;
+-      else if (!synthetic && bfd_is_com_section (sec))
++      else if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
++	       && bfd_is_com_section (sec))
+ 	sz = sym->value;
+       else
+ 	{
+@@ -874,8 +876,9 @@ print_symbol (bfd *        abfd,
+ 
+   info.sinfo = &syminfo;
+   info.ssize = ssize;
+-  /* Synthetic symbols do not have a full symbol type set of data available.  */
+-  if ((sym->flags & BSF_SYNTHETIC) != 0)
++  /* Synthetic symbols do not have a full symbol type set of data available.
++     Nor do bfd/section.c:global_syms like *ABS*.  */
++  if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) != 0)
+     {
+       info.elfinfo = NULL;
+       info.coffinfo = NULL;
+@@ -893,7 +896,7 @@ print_symbol (bfd *        abfd,
+       const char *  version_string = NULL;
+       bfd_boolean   hidden = FALSE;
+ 
+-      if ((sym->flags & BSF_SYNTHETIC) == 0)
++      if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+ 	version_string = bfd_get_symbol_version_string (abfd, sym, &hidden);
+ 
+       if (bfd_is_und_section (bfd_get_section (sym)))
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -799,10 +799,10 @@ compare_symbols (const void *ap, const v
+       bfd_vma asz, bsz;
+ 
+       asz = 0;
+-      if ((a->flags & BSF_SYNTHETIC) == 0)
++      if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+ 	asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+       bsz = 0;
+-      if ((b->flags & BSF_SYNTHETIC) == 0)
++      if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+ 	bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+       if (asz != bsz)
+ 	return asz > bsz ? -1 : 1;
+@@ -888,7 +888,7 @@ objdump_print_symname (bfd *abfd, struct
+ 	name = alloc;
+     }
+ 
+-  if ((sym->flags & BSF_SYNTHETIC) == 0)
++  if ((sym->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+     version_string = bfd_get_symbol_version_string (abfd, sym, &hidden);
+ 
+   if (bfd_is_und_section (bfd_get_section (sym)))
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,15 @@
++2017-11-18  Alan Modra  <amodra@gmail.com>
++
++       PR 22443
++       * nm.c (sort_symbols_by_size): Don't attempt to access
++       section symbol internal_elf_sym.
++       (print_symbol): Likewise.  Don't call bfd_get_symbol_version_string
++       for section symbols.
++       * objdump.c (compare_symbols): Don't attempt to access
++       section symbol internal_elf_sym.
++       (objdump_print_symname): Don't call bfd_get_symbol_version_string
++       for section symbols.
++
+ 2017-11-29  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22508
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch
new file mode 100644
index 0000000000..caaaf2317e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10372.patch
@@ -0,0 +1,58 @@
+From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 12:35:55 +0100
+Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF
+ information.
+
+	PR 23064
+	* dwarf.c (process_cu_tu_index): Test for a potential buffer
+	overrun before copying signature pointer.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-10372
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/dwarf.c   | 13 ++++++++++++-
+ 2 files changed, 18 insertions(+), 1 deletion(-)
+
+Index: git/binutils/dwarf.c
+===================================================================
+--- git.orig/binutils/dwarf.c
++++ git/binutils/dwarf.c
+@@ -8526,7 +8526,18 @@ process_cu_tu_index (struct dwarf_sectio
+ 		}
+ 
+ 	      if (!do_display)
+-		memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
++		{
++		  size_t num_copy = sizeof (uint64_t);
++
++		  /* PR 23064: Beware of buffer overflow.  */
++		  if (ph + num_copy < limit)
++		    memcpy (&this_set[row - 1].signature, ph, num_copy);
++		  else
++		    {
++		      warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
++		      return 0;
++		    }
++		}
+ 
+ 	      prow = poffsets + (row - 1) * ncols * 4;
+ 	      /* PR 17531: file: b8ce60a8.  */
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2018-04-17  Nick Clifton  <nickc@redhat.com>
++
++       PR 23064
++       * dwarf.c (process_cu_tu_index): Test for a potential buffer
++       overrun before copying signature pointer.
++
+ 2017-11-18  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22443
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
new file mode 100644
index 0000000000..963d767f84
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
@@ -0,0 +1,45 @@
+From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 14:30:07 +0100
+Subject: [PATCH] Add a check for a NULL table pointer before attempting to
+ compute a DWARF filename.
+
+	PR 23065
+	* dwarf2.c (concat_filename): Check for a NULL table pointer.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-10373
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c  | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1587,7 +1587,7 @@ concat_filename (struct line_info_table
+ {
+   char *filename;
+ 
+-  if (file - 1 >= table->num_files)
++  if (table == NULL || file - 1 >= table->num_files)
+     {
+       /* FILE == 0 means unknown.  */
+       if (file)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-04-17  Nick Clifton  <nickc@redhat.com>
++
++       PR 23065
++       * dwarf2.c (concat_filename): Check for a NULL table pointer.
++
+ 2017-11-28  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22506
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch
new file mode 100644
index 0000000000..27e86285a2
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10534.patch
@@ -0,0 +1,2443 @@
+From aa4a8c2a2a67545e90c877162c53cc9de42dc8b4 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 24 Apr 2018 16:31:27 +0100
+Subject: [PATCH] Fix an illegal memory access when copying a PE format file
+ with corrupt debug information.
+
+	PR 23110
+	* peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
+	a negative PE_DEBUG_DATA size before iterating over the debug data.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-10534
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog  |    6 +
+ bfd/peXXigen.c |    9 +
+ bfd/po/bfd.pot | 5631 ++++++++++++++++++++++++++------------------------------
+ 3 files changed, 2662 insertions(+), 2984 deletions(-)
+
+Index: git/bfd/peXXigen.c
+===================================================================
+--- git.orig/bfd/peXXigen.c
++++ git/bfd/peXXigen.c
+@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common
+ 				  bfd_get_section_size (section) - (addr - section->vma));
+ 	      return FALSE;
+ 	    }
++	  /* PR 23110.  */
++	  else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
++	    {
++	      /* xgettext:c-format */
++	      _bfd_error_handler
++		(_("%pB: Data Directory size (%#lx) is negative"),
++		 obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
++	      return FALSE;
++	    }
+ 
+           for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
+ 		 / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)
+Index: git/bfd/po/bfd.pot
+===================================================================
+--- git.orig/bfd/po/bfd.pot
++++ git/bfd/po/bfd.pot
+@@ -6119,1961 +6119,1932 @@ msgstr ""
+ #. Rotate.
+ #. Redefine symbol to current location.
+ #. Define a literal.
+-#: vms-alpha.c:2115 vms-alpha.c:2146 vms-alpha.c:2237 vms-alpha.c:2395
++#: vms-alpha.c:2116 vms-alpha.c:2147 vms-alpha.c:2238 vms-alpha.c:2396
+ #, c-format
+ msgid "%s: not supported"
+ msgstr ""
+ 
+-#: vms-alpha.c:2121
++#: vms-alpha.c:2122
+ #, c-format
+ msgid "%s: not implemented"
+ msgstr ""
+ 
+-#: vms-alpha.c:2379
++#: vms-alpha.c:2380
+ #, c-format
+ msgid "invalid use of %s with contexts"
+ msgstr ""
+ 
+-#: vms-alpha.c:2413
++#: vms-alpha.c:2414
+ #, c-format
+ msgid "reserved cmd %d"
+ msgstr ""
+ 
+-#: vms-alpha.c:2497
+-msgid "Corrupt EEOM record - size is too small"
++#: vms-alpha.c:2498
++msgid "corrupt EEOM record - size is too small"
+ msgstr ""
+ 
+-#: vms-alpha.c:2506
+-msgid "Object module NOT error-free !\n"
++#: vms-alpha.c:2507
++msgid "object module not error-free !"
+ msgstr ""
+ 
+-#: vms-alpha.c:3830
++#: vms-alpha.c:3831
+ #, c-format
+-msgid "SEC_RELOC with no relocs in section %A"
++msgid "SEC_RELOC with no relocs in section %pA"
+ msgstr ""
+ 
+-#: vms-alpha.c:3882 vms-alpha.c:4095
++#: vms-alpha.c:3883 vms-alpha.c:4096
+ #, c-format
+-msgid "Size error in section %A"
++msgid "size error in section %pA"
+ msgstr ""
+ 
+-#: vms-alpha.c:4041
+-msgid "Spurious ALPHA_R_BSR reloc"
++#: vms-alpha.c:4042
++msgid "spurious ALPHA_R_BSR reloc"
+ msgstr ""
+ 
+-#: vms-alpha.c:4082
++#: vms-alpha.c:4083
+ #, c-format
+-msgid "Unhandled relocation %s"
++msgid "unhandled relocation %s"
+ msgstr ""
+ 
+-#: vms-alpha.c:4375
++#: vms-alpha.c:4376
+ #, c-format
+ msgid "unknown source command %d"
+ msgstr ""
+ 
+-#: vms-alpha.c:4436
+-msgid "DST__K_SET_LINUM_INCR not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4442
+-msgid "DST__K_SET_LINUM_INCR_W not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4448
+-msgid "DST__K_RESET_LINUM_INCR not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4454
+-msgid "DST__K_BEG_STMT_MODE not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4460
+-msgid "DST__K_END_STMT_MODE not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4487
+-msgid "DST__K_SET_PC not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4493
+-msgid "DST__K_SET_PC_W not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4499
+-msgid "DST__K_SET_PC_L not implemented"
+-msgstr ""
+-
+-#: vms-alpha.c:4505
+-msgid "DST__K_SET_STMTNUM not implemented"
++#: vms-alpha.c:4437 vms-alpha.c:4443 vms-alpha.c:4449 vms-alpha.c:4455
++#: vms-alpha.c:4461 vms-alpha.c:4488 vms-alpha.c:4494 vms-alpha.c:4500
++#: vms-alpha.c:4506
++#, c-format
++msgid "%s not implemented"
+ msgstr ""
+ 
+-#: vms-alpha.c:4548
++#: vms-alpha.c:4549
+ #, c-format
+ msgid "unknown line command %d"
+ msgstr ""
+ 
+-#: vms-alpha.c:5008 vms-alpha.c:5026 vms-alpha.c:5041 vms-alpha.c:5057
+-#: vms-alpha.c:5070 vms-alpha.c:5082 vms-alpha.c:5095
++#: vms-alpha.c:5009 vms-alpha.c:5027 vms-alpha.c:5042 vms-alpha.c:5058
++#: vms-alpha.c:5071 vms-alpha.c:5083 vms-alpha.c:5096
+ #, c-format
+-msgid "Unknown reloc %s + %s"
++msgid "unknown reloc %s + %s"
+ msgstr ""
+ 
+-#: vms-alpha.c:5150
++#: vms-alpha.c:5151
+ #, c-format
+-msgid "Unknown reloc %s"
++msgid "unknown reloc %s"
+ msgstr ""
+ 
+-#: vms-alpha.c:5163
+-msgid "Invalid section index in ETIR"
++#: vms-alpha.c:5164
++msgid "invalid section index in ETIR"
+ msgstr ""
+ 
+-#: vms-alpha.c:5172
+-msgid "Relocation for non-REL psect"
++#: vms-alpha.c:5173
++msgid "relocation for non-REL psect"
+ msgstr ""
+ 
+-#: vms-alpha.c:5219
++#: vms-alpha.c:5220
+ #, c-format
+-msgid "Unknown symbol in command %s"
++msgid "unknown symbol in command %s"
+ msgstr ""
+ 
+-#: vms-alpha.c:5629
++#: vms-alpha.c:5630
+ #, c-format
+ msgid "reloc (%d) is *UNKNOWN*"
+ msgstr ""
+ 
+-#: vms-alpha.c:5745
++#: vms-alpha.c:5746
+ #, c-format
+ msgid "  EMH %u (len=%u): "
+ msgstr ""
+ 
+-#: vms-alpha.c:5750
++#: vms-alpha.c:5751
+ #, c-format
+ msgid "   Error: The length is less than the length of an EMH record\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5767
++#: vms-alpha.c:5768
+ #, c-format
+ msgid ""
+ "   Error: The record length is less than the size of an EMH_MHD record\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5770
++#: vms-alpha.c:5771
+ #, c-format
+ msgid "Module header\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5771
++#: vms-alpha.c:5772
+ #, c-format
+ msgid "   structure level: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5772
++#: vms-alpha.c:5773
+ #, c-format
+ msgid "   max record size: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5778
++#: vms-alpha.c:5779
+ #, c-format
+ msgid "   Error: The module name is missing\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5784
++#: vms-alpha.c:5785
+ #, c-format
+ msgid "   Error: The module name is too long\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5787
++#: vms-alpha.c:5788
+ #, c-format
+ msgid "   module name    : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5791
++#: vms-alpha.c:5792
+ #, c-format
+ msgid "   Error: The module version is missing\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5797
++#: vms-alpha.c:5798
+ #, c-format
+ msgid "   Error: The module version is too long\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5800
++#: vms-alpha.c:5801
+ #, c-format
+ msgid "   module version : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5803
++#: vms-alpha.c:5804
+ #, c-format
+ msgid "   Error: The compile date is truncated\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5805
++#: vms-alpha.c:5806
+ #, c-format
+ msgid "   compile date   : %.17s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5810
++#: vms-alpha.c:5811
+ #, c-format
+ msgid "Language Processor Name\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5811
++#: vms-alpha.c:5812
+ #, c-format
+ msgid "   language name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5815
++#: vms-alpha.c:5816
+ #, c-format
+ msgid "Source Files Header\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5816
++#: vms-alpha.c:5817
+ #, c-format
+ msgid "   file: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5820
++#: vms-alpha.c:5821
+ #, c-format
+ msgid "Title Text Header\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5821
++#: vms-alpha.c:5822
+ #, c-format
+ msgid "   title: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5825
++#: vms-alpha.c:5826
+ #, c-format
+ msgid "Copyright Header\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5826
++#: vms-alpha.c:5827
+ #, c-format
+ msgid "   copyright: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5830
++#: vms-alpha.c:5831
+ #, c-format
+ msgid "unhandled emh subtype %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5840
++#: vms-alpha.c:5841
+ #, c-format
+ msgid "  EEOM (len=%u):\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5845
++#: vms-alpha.c:5846
+ #, c-format
+ msgid "   Error: The length is less than the length of an EEOM record\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5849
++#: vms-alpha.c:5850
+ #, c-format
+ msgid "   number of cond linkage pairs: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5851
++#: vms-alpha.c:5852
+ #, c-format
+ msgid "   completion code: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5855
++#: vms-alpha.c:5856
+ #, c-format
+ msgid "   transfer addr flags: 0x%02x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5856
++#: vms-alpha.c:5857
+ #, c-format
+ msgid "   transfer addr psect: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5858
++#: vms-alpha.c:5859
+ #, c-format
+ msgid "   transfer address   : 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5867
++#: vms-alpha.c:5868
+ msgid " WEAK"
+ msgstr ""
+ 
+-#: vms-alpha.c:5869
++#: vms-alpha.c:5870
+ msgid " DEF"
+ msgstr ""
+ 
+-#: vms-alpha.c:5871
++#: vms-alpha.c:5872
+ msgid " UNI"
+ msgstr ""
+ 
+-#: vms-alpha.c:5873 vms-alpha.c:5894
++#: vms-alpha.c:5874 vms-alpha.c:5895
+ msgid " REL"
+ msgstr ""
+ 
+-#: vms-alpha.c:5875
++#: vms-alpha.c:5876
+ msgid " COMM"
+ msgstr ""
+ 
+-#: vms-alpha.c:5877
++#: vms-alpha.c:5878
+ msgid " VECEP"
+ msgstr ""
+ 
+-#: vms-alpha.c:5879
++#: vms-alpha.c:5880
+ msgid " NORM"
+ msgstr ""
+ 
+-#: vms-alpha.c:5881
++#: vms-alpha.c:5882
+ msgid " QVAL"
+ msgstr ""
+ 
+-#: vms-alpha.c:5888
++#: vms-alpha.c:5889
+ msgid " PIC"
+ msgstr ""
+ 
+-#: vms-alpha.c:5890
++#: vms-alpha.c:5891
+ msgid " LIB"
+ msgstr ""
+ 
+-#: vms-alpha.c:5892
++#: vms-alpha.c:5893
+ msgid " OVR"
+ msgstr ""
+ 
+-#: vms-alpha.c:5896
++#: vms-alpha.c:5897
+ msgid " GBL"
+ msgstr ""
+ 
+-#: vms-alpha.c:5898
++#: vms-alpha.c:5899
+ msgid " SHR"
+ msgstr ""
+ 
+-#: vms-alpha.c:5900
++#: vms-alpha.c:5901
+ msgid " EXE"
+ msgstr ""
+ 
+-#: vms-alpha.c:5902
++#: vms-alpha.c:5903
+ msgid " RD"
+ msgstr ""
+ 
+-#: vms-alpha.c:5904
++#: vms-alpha.c:5905
+ msgid " WRT"
+ msgstr ""
+ 
+-#: vms-alpha.c:5906
++#: vms-alpha.c:5907
+ msgid " VEC"
+ msgstr ""
+ 
+-#: vms-alpha.c:5908
++#: vms-alpha.c:5909
+ msgid " NOMOD"
+ msgstr ""
+ 
+-#: vms-alpha.c:5910
++#: vms-alpha.c:5911
+ msgid " COM"
+ msgstr ""
+ 
+-#: vms-alpha.c:5912
++#: vms-alpha.c:5913
+ msgid " 64B"
+ msgstr ""
+ 
+-#: vms-alpha.c:5921
++#: vms-alpha.c:5922
+ #, c-format
+ msgid "  EGSD (len=%u):\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5934
++#: vms-alpha.c:5935
+ #, c-format
+ msgid "  EGSD entry %2u (type: %u, len: %u): "
+ msgstr ""
+ 
+-#: vms-alpha.c:5940 vms-alpha.c:6191
++#: vms-alpha.c:5941 vms-alpha.c:6192
+ #, c-format
+ msgid "   Error: length larger than remaining space in record\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5952
++#: vms-alpha.c:5953
+ #, c-format
+ msgid "PSC - Program section definition\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5953 vms-alpha.c:5970
++#: vms-alpha.c:5954 vms-alpha.c:5971
+ #, c-format
+ msgid "   alignment  : 2**%u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5954 vms-alpha.c:5971
++#: vms-alpha.c:5955 vms-alpha.c:5972
+ #, c-format
+ msgid "   flags      : 0x%04x"
+ msgstr ""
+ 
+-#: vms-alpha.c:5958
++#: vms-alpha.c:5959
+ #, c-format
+ msgid "   alloc (len): %u (0x%08x)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5959 vms-alpha.c:6016 vms-alpha.c:6065
++#: vms-alpha.c:5960 vms-alpha.c:6017 vms-alpha.c:6066
+ #, c-format
+ msgid "   name       : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5969
++#: vms-alpha.c:5970
+ #, c-format
+ msgid "SPSC - Shared Image Program section def\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5975
++#: vms-alpha.c:5976
+ #, c-format
+ msgid "   alloc (len)   : %u (0x%08x)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5976
++#: vms-alpha.c:5977
+ #, c-format
+ msgid "   image offset  : 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5978
++#: vms-alpha.c:5979
+ #, c-format
+ msgid "   symvec offset : 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5980
++#: vms-alpha.c:5981
+ #, c-format
+ msgid "   name          : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5993
++#: vms-alpha.c:5994
+ #, c-format
+ msgid "SYM - Global symbol definition\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:5994 vms-alpha.c:6054 vms-alpha.c:6075 vms-alpha.c:6094
++#: vms-alpha.c:5995 vms-alpha.c:6055 vms-alpha.c:6076 vms-alpha.c:6095
+ #, c-format
+ msgid "   flags: 0x%04x"
+ msgstr ""
+ 
+-#: vms-alpha.c:5997
++#: vms-alpha.c:5998
+ #, c-format
+ msgid "   psect offset: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6001
++#: vms-alpha.c:6002
+ #, c-format
+ msgid "   code address: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6003
++#: vms-alpha.c:6004
+ #, c-format
+ msgid "   psect index for entry point : %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6006 vms-alpha.c:6082 vms-alpha.c:6101
++#: vms-alpha.c:6007 vms-alpha.c:6083 vms-alpha.c:6102
+ #, c-format
+ msgid "   psect index : %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6008 vms-alpha.c:6084 vms-alpha.c:6103
++#: vms-alpha.c:6009 vms-alpha.c:6085 vms-alpha.c:6104
+ #, c-format
+ msgid "   name        : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6015
++#: vms-alpha.c:6016
+ #, c-format
+ msgid "SYM - Global symbol reference\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6027
++#: vms-alpha.c:6028
+ #, c-format
+ msgid "IDC - Ident Consistency check\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6028
++#: vms-alpha.c:6029
+ #, c-format
+ msgid "   flags         : 0x%08x"
+ msgstr ""
+ 
+-#: vms-alpha.c:6032
++#: vms-alpha.c:6033
+ #, c-format
+ msgid "   id match      : %x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6034
++#: vms-alpha.c:6035
+ #, c-format
+ msgid "   error severity: %x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6037
++#: vms-alpha.c:6038
+ #, c-format
+ msgid "   entity name   : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6039
++#: vms-alpha.c:6040
+ #, c-format
+ msgid "   object name   : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6042
++#: vms-alpha.c:6043
+ #, c-format
+ msgid "   binary ident  : 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6045
++#: vms-alpha.c:6046
+ #, c-format
+ msgid "   ascii ident   : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6053
++#: vms-alpha.c:6054
+ #, c-format
+ msgid "SYMG - Universal symbol definition\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6057
++#: vms-alpha.c:6058
+ #, c-format
+ msgid "   symbol vector offset: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6059
++#: vms-alpha.c:6060
+ #, c-format
+ msgid "   entry point: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6061
++#: vms-alpha.c:6062
+ #, c-format
+ msgid "   proc descr : 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6063
++#: vms-alpha.c:6064
+ #, c-format
+ msgid "   psect index: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6074
++#: vms-alpha.c:6075
+ #, c-format
+ msgid "SYMV - Vectored symbol definition\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6078
++#: vms-alpha.c:6079
+ #, c-format
+ msgid "   vector      : 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6080 vms-alpha.c:6099
++#: vms-alpha.c:6081 vms-alpha.c:6100
+ #, c-format
+ msgid "   psect offset: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6093
++#: vms-alpha.c:6094
+ #, c-format
+ msgid "SYMM - Global symbol definition with version\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6097
++#: vms-alpha.c:6098
+ #, c-format
+ msgid "   version mask: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6108
++#: vms-alpha.c:6109
+ #, c-format
+ msgid "unhandled egsd entry type %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6143
++#: vms-alpha.c:6144
+ #, c-format
+ msgid "    linkage index: %u, replacement insn: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6147
++#: vms-alpha.c:6148
+ #, c-format
+ msgid "    psect idx 1: %u, offset 1: 0x%08x %08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6152
++#: vms-alpha.c:6153
+ #, c-format
+ msgid "    psect idx 2: %u, offset 2: 0x%08x %08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6158
++#: vms-alpha.c:6159
+ #, c-format
+ msgid "    psect idx 3: %u, offset 3: 0x%08x %08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6163
++#: vms-alpha.c:6164
+ #, c-format
+ msgid "    global name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6174
++#: vms-alpha.c:6175
+ #, c-format
+ msgid "  %s (len=%u+%u):\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6196
++#: vms-alpha.c:6197
+ #, c-format
+ msgid "   (type: %3u, size: 4+%3u): "
+ msgstr ""
+ 
+-#: vms-alpha.c:6200
++#: vms-alpha.c:6201
+ #, c-format
+ msgid "STA_GBL (stack global) %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6204
++#: vms-alpha.c:6205
+ #, c-format
+ msgid "STA_LW (stack longword) 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6208
++#: vms-alpha.c:6209
+ #, c-format
+ msgid "STA_QW (stack quadword) 0x%08x %08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6213
++#: vms-alpha.c:6214
+ #, c-format
+ msgid "STA_PQ (stack psect base + offset)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6215
++#: vms-alpha.c:6216
+ #, c-format
+ msgid "    psect: %u, offset: 0x%08x %08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6221
++#: vms-alpha.c:6222
+ #, c-format
+ msgid "STA_LI (stack literal)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6224
++#: vms-alpha.c:6225
+ #, c-format
+ msgid "STA_MOD (stack module)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6227
++#: vms-alpha.c:6228
+ #, c-format
+ msgid "STA_CKARG (compare procedure argument)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6231
++#: vms-alpha.c:6232
+ #, c-format
+ msgid "STO_B (store byte)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6234
++#: vms-alpha.c:6235
+ #, c-format
+ msgid "STO_W (store word)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6237
++#: vms-alpha.c:6238
+ #, c-format
+ msgid "STO_LW (store longword)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6240
++#: vms-alpha.c:6241
+ #, c-format
+ msgid "STO_QW (store quadword)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6246
++#: vms-alpha.c:6247
+ #, c-format
+ msgid "STO_IMMR (store immediate repeat) %u bytes\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6253
++#: vms-alpha.c:6254
+ #, c-format
+ msgid "STO_GBL (store global) %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6257
++#: vms-alpha.c:6258
+ #, c-format
+ msgid "STO_CA (store code address) %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6261
++#: vms-alpha.c:6262
+ #, c-format
+ msgid "STO_RB (store relative branch)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6264
++#: vms-alpha.c:6265
+ #, c-format
+ msgid "STO_AB (store absolute branch)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6267
++#: vms-alpha.c:6268
+ #, c-format
+ msgid "STO_OFF (store offset to psect)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6273
++#: vms-alpha.c:6274
+ #, c-format
+ msgid "STO_IMM (store immediate) %u bytes\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6280
++#: vms-alpha.c:6281
+ #, c-format
+ msgid "STO_GBL_LW (store global longword) %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6284
++#: vms-alpha.c:6285
+ #, c-format
+ msgid "STO_OFF (store LP with procedure signature)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6287
++#: vms-alpha.c:6288
+ #, c-format
+ msgid "STO_BR_GBL (store branch global) *todo*\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6290
++#: vms-alpha.c:6291
+ #, c-format
+ msgid "STO_BR_PS (store branch psect + offset) *todo*\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6294
++#: vms-alpha.c:6295
+ #, c-format
+ msgid "OPR_NOP (no-operation)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6297
++#: vms-alpha.c:6298
+ #, c-format
+ msgid "OPR_ADD (add)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6300
++#: vms-alpha.c:6301
+ #, c-format
+ msgid "OPR_SUB (subtract)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6303
++#: vms-alpha.c:6304
+ #, c-format
+ msgid "OPR_MUL (multiply)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6306
++#: vms-alpha.c:6307
+ #, c-format
+ msgid "OPR_DIV (divide)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6309
++#: vms-alpha.c:6310
+ #, c-format
+ msgid "OPR_AND (logical and)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6312
++#: vms-alpha.c:6313
+ #, c-format
+ msgid "OPR_IOR (logical inclusive or)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6315
++#: vms-alpha.c:6316
+ #, c-format
+ msgid "OPR_EOR (logical exclusive or)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6318
++#: vms-alpha.c:6319
+ #, c-format
+ msgid "OPR_NEG (negate)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6321
++#: vms-alpha.c:6322
+ #, c-format
+ msgid "OPR_COM (complement)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6324
++#: vms-alpha.c:6325
+ #, c-format
+ msgid "OPR_INSV (insert field)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6327
++#: vms-alpha.c:6328
+ #, c-format
+ msgid "OPR_ASH (arithmetic shift)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6330
++#: vms-alpha.c:6331
+ #, c-format
+ msgid "OPR_USH (unsigned shift)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6333
++#: vms-alpha.c:6334
+ #, c-format
+ msgid "OPR_ROT (rotate)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6336
++#: vms-alpha.c:6337
+ #, c-format
+ msgid "OPR_SEL (select)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6339
++#: vms-alpha.c:6340
+ #, c-format
+ msgid "OPR_REDEF (redefine symbol to curr location)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6342
++#: vms-alpha.c:6343
+ #, c-format
+ msgid "OPR_REDEF (define a literal)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6346
++#: vms-alpha.c:6347
+ #, c-format
+ msgid "STC_LP (store cond linkage pair)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6350
++#: vms-alpha.c:6351
+ #, c-format
+ msgid "STC_LP_PSB (store cond linkage pair + signature)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6352
++#: vms-alpha.c:6353
+ #, c-format
+ msgid "   linkage index: %u, procedure: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6355
++#: vms-alpha.c:6356
+ #, c-format
+ msgid "   signature: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6358
++#: vms-alpha.c:6359
+ #, c-format
+ msgid "STC_GBL (store cond global)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6360
++#: vms-alpha.c:6361
+ #, c-format
+ msgid "   linkage index: %u, global: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6364
++#: vms-alpha.c:6365
+ #, c-format
+ msgid "STC_GCA (store cond code address)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6366
++#: vms-alpha.c:6367
+ #, c-format
+ msgid "   linkage index: %u, procedure name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6370
++#: vms-alpha.c:6371
+ #, c-format
+ msgid "STC_PS (store cond psect + offset)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6373
++#: vms-alpha.c:6374
+ #, c-format
+ msgid "   linkage index: %u, psect: %u, offset: 0x%08x %08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6380
++#: vms-alpha.c:6381
+ #, c-format
+ msgid "STC_NOP_GBL (store cond NOP at global addr)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6384
++#: vms-alpha.c:6385
+ #, c-format
+ msgid "STC_NOP_PS (store cond NOP at psect + offset)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6388
++#: vms-alpha.c:6389
+ #, c-format
+ msgid "STC_BSR_GBL (store cond BSR at global addr)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6392
++#: vms-alpha.c:6393
+ #, c-format
+ msgid "STC_BSR_PS (store cond BSR at psect + offset)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6396
++#: vms-alpha.c:6397
+ #, c-format
+ msgid "STC_LDA_GBL (store cond LDA at global addr)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6400
++#: vms-alpha.c:6401
+ #, c-format
+ msgid "STC_LDA_PS (store cond LDA at psect + offset)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6404
++#: vms-alpha.c:6405
+ #, c-format
+ msgid "STC_BOH_GBL (store cond BOH at global addr)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6408
++#: vms-alpha.c:6409
+ #, c-format
+ msgid "STC_BOH_PS (store cond BOH at psect + offset)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6413
++#: vms-alpha.c:6414
+ #, c-format
+ msgid "STC_NBH_GBL (store cond or hint at global addr)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6417
++#: vms-alpha.c:6418
+ #, c-format
+ msgid "STC_NBH_PS (store cond or hint at psect + offset)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6421
++#: vms-alpha.c:6422
+ #, c-format
+ msgid "CTL_SETRB (set relocation base)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6427
++#: vms-alpha.c:6428
+ #, c-format
+ msgid "CTL_AUGRB (augment relocation base) %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6431
++#: vms-alpha.c:6432
+ #, c-format
+ msgid "CTL_DFLOC (define location)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6434
++#: vms-alpha.c:6435
+ #, c-format
+ msgid "CTL_STLOC (set location)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6437
++#: vms-alpha.c:6438
+ #, c-format
+ msgid "CTL_STKDL (stack defined location)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6440 vms-alpha.c:6864 vms-alpha.c:6990
++#: vms-alpha.c:6441 vms-alpha.c:6865 vms-alpha.c:6991
+ #, c-format
+ msgid "*unhandled*\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6470 vms-alpha.c:6509
++#: vms-alpha.c:6471 vms-alpha.c:6510
+ #, c-format
+ msgid "cannot read GST record length\n"
+ msgstr ""
+ 
+ #. Ill-formed.
+-#: vms-alpha.c:6491
++#: vms-alpha.c:6492
+ #, c-format
+ msgid "cannot find EMH in first GST record\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6517
++#: vms-alpha.c:6518
+ #, c-format
+ msgid "cannot read GST record header\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6530
++#: vms-alpha.c:6531
+ #, c-format
+ msgid " corrupted GST\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6538
++#: vms-alpha.c:6539
+ #, c-format
+ msgid "cannot read GST record\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6567
++#: vms-alpha.c:6568
+ #, c-format
+ msgid " unhandled EOBJ record type %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6591
++#: vms-alpha.c:6592
+ #, c-format
+ msgid "  bitcount: %u, base addr: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6605
++#: vms-alpha.c:6606
+ #, c-format
+ msgid "   bitmap: 0x%08x (count: %u):\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6612
++#: vms-alpha.c:6613
+ #, c-format
+ msgid " %08x"
+ msgstr ""
+ 
+-#: vms-alpha.c:6638
++#: vms-alpha.c:6639
+ #, c-format
+ msgid "  image %u (%u entries)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6644
++#: vms-alpha.c:6645
+ #, c-format
+ msgid "   offset: 0x%08x, val: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6666
++#: vms-alpha.c:6667
+ #, c-format
+ msgid "  image %u (%u entries), offsets:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6673
++#: vms-alpha.c:6674
+ #, c-format
+ msgid " 0x%08x"
+ msgstr ""
+ 
+ #. 64 bits.
+-#: vms-alpha.c:6795
++#: vms-alpha.c:6796
+ #, c-format
+ msgid "64 bits *unhandled*\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6800
++#: vms-alpha.c:6801
+ #, c-format
+ msgid "class: %u, dtype: %u, length: %u, pointer: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6811
++#: vms-alpha.c:6812
+ #, c-format
+ msgid "non-contiguous array of %s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6816
++#: vms-alpha.c:6817
+ #, c-format
+ msgid "dimct: %u, aflags: 0x%02x, digits: %u, scale: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6821
++#: vms-alpha.c:6822
+ #, c-format
+ msgid "arsize: %u, a0: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6825
++#: vms-alpha.c:6826
+ #, c-format
+ msgid "Strides:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6835
++#: vms-alpha.c:6836
+ #, c-format
+ msgid "Bounds:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6841
++#: vms-alpha.c:6842
+ #, c-format
+ msgid "[%u]: Lower: %u, upper: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6853
++#: vms-alpha.c:6854
+ #, c-format
+ msgid "unaligned bit-string of %s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6858
++#: vms-alpha.c:6859
+ #, c-format
+ msgid "base: %u, pos: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6879
++#: vms-alpha.c:6880
+ #, c-format
+ msgid "vflags: 0x%02x, value: 0x%08x "
+ msgstr ""
+ 
+-#: vms-alpha.c:6885
++#: vms-alpha.c:6886
+ #, c-format
+ msgid "(no value)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6888
++#: vms-alpha.c:6889
+ #, c-format
+ msgid "(not active)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6891
++#: vms-alpha.c:6892
+ #, c-format
+ msgid "(not allocated)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6894
++#: vms-alpha.c:6895
+ #, c-format
+ msgid "(descriptor)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6898
++#: vms-alpha.c:6899
+ #, c-format
+ msgid "(trailing value)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6901
++#: vms-alpha.c:6902
+ #, c-format
+ msgid "(value spec follows)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6904
++#: vms-alpha.c:6905
+ #, c-format
+ msgid "(at bit offset %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6908
++#: vms-alpha.c:6909
+ #, c-format
+ msgid "(reg: %u, disp: %u, indir: %u, kind: "
+ msgstr ""
+ 
+-#: vms-alpha.c:6915
++#: vms-alpha.c:6916
+ msgid "literal"
+ msgstr ""
+ 
+-#: vms-alpha.c:6918
++#: vms-alpha.c:6919
+ msgid "address"
+ msgstr ""
+ 
+-#: vms-alpha.c:6921
++#: vms-alpha.c:6922
+ msgid "desc"
+ msgstr ""
+ 
+-#: vms-alpha.c:6924
++#: vms-alpha.c:6925
+ msgid "reg"
+ msgstr ""
+ 
+-#: vms-alpha.c:6941
++#: vms-alpha.c:6942
+ #, c-format
+ msgid "len: %2u, kind: %2u "
+ msgstr ""
+ 
+-#: vms-alpha.c:6947
++#: vms-alpha.c:6948
+ #, c-format
+ msgid "atomic, type=0x%02x %s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6951
++#: vms-alpha.c:6952
+ #, c-format
+ msgid "indirect, defined at 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6955
++#: vms-alpha.c:6956
+ #, c-format
+ msgid "typed pointer\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6959
++#: vms-alpha.c:6960
+ #, c-format
+ msgid "pointer\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6967
++#: vms-alpha.c:6968
+ #, c-format
+ msgid "array, dim: %u, bitmap: "
+ msgstr ""
+ 
+-#: vms-alpha.c:6974
++#: vms-alpha.c:6975
+ #, c-format
+ msgid "array descriptor:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6981
++#: vms-alpha.c:6982
+ #, c-format
+ msgid "type spec for element:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:6983
++#: vms-alpha.c:6984
+ #, c-format
+ msgid "type spec for subscript %u:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7001
++#: vms-alpha.c:7002
+ #, c-format
+ msgid "Debug symbol table:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7012
++#: vms-alpha.c:7013
+ #, c-format
+ msgid "cannot read DST header\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7018
++#: vms-alpha.c:7019
+ #, c-format
+ msgid " type: %3u, len: %3u (at 0x%08x): "
+ msgstr ""
+ 
+-#: vms-alpha.c:7032
++#: vms-alpha.c:7033
+ #, c-format
+ msgid "cannot read DST symbol\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7075
++#: vms-alpha.c:7076
+ #, c-format
+ msgid "standard data: %s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7078 vms-alpha.c:7166
++#: vms-alpha.c:7079 vms-alpha.c:7167
+ #, c-format
+ msgid "    name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7085
++#: vms-alpha.c:7086
+ #, c-format
+ msgid "modbeg\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7087
++#: vms-alpha.c:7088
+ #, c-format
+ msgid "   flags: %d, language: %u, major: %u, minor: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7093 vms-alpha.c:7367
++#: vms-alpha.c:7094 vms-alpha.c:7368
+ #, c-format
+ msgid "   module name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7096
++#: vms-alpha.c:7097
+ #, c-format
+ msgid "   compiler   : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7101
++#: vms-alpha.c:7102
+ #, c-format
+ msgid "modend\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7108
++#: vms-alpha.c:7109
+ msgid "rtnbeg\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7110
++#: vms-alpha.c:7111
+ #, c-format
+ msgid "    flags: %u, address: 0x%08x, pd-address: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7115
++#: vms-alpha.c:7116
+ #, c-format
+ msgid "    routine name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7123
++#: vms-alpha.c:7124
+ #, c-format
+ msgid "rtnend: size 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7131
++#: vms-alpha.c:7132
+ #, c-format
+ msgid "prolog: bkpt address 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7140
++#: vms-alpha.c:7141
+ #, c-format
+ msgid "epilog: flags: %u, count: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7150
++#: vms-alpha.c:7151
+ #, c-format
+ msgid "blkbeg: address: 0x%08x, name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7159
++#: vms-alpha.c:7160
+ #, c-format
+ msgid "blkend: size: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7165
++#: vms-alpha.c:7166
+ #, c-format
+ msgid "typspec (len: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7172
++#: vms-alpha.c:7173
+ #, c-format
+ msgid "septyp, name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7181
++#: vms-alpha.c:7182
+ #, c-format
+ msgid "recbeg: name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7183
++#: vms-alpha.c:7184
+ #, c-format
+ msgid "    len: %u bits\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7188
++#: vms-alpha.c:7189
+ #, c-format
+ msgid "recend\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7192
++#: vms-alpha.c:7193
+ #, c-format
+ msgid "enumbeg, len: %u, name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7196
++#: vms-alpha.c:7197
+ #, c-format
+ msgid "enumelt, name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7200
++#: vms-alpha.c:7201
+ #, c-format
+ msgid "enumend\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7205
++#: vms-alpha.c:7206
+ #, c-format
+ msgid "label, name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7207
++#: vms-alpha.c:7208
+ #, c-format
+ msgid "    address: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7217
++#: vms-alpha.c:7218
+ #, c-format
+ msgid "discontiguous range (nbr: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7220
++#: vms-alpha.c:7221
+ #, c-format
+ msgid "    address: 0x%08x, size: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7230
++#: vms-alpha.c:7231
+ #, c-format
+ msgid "line num  (len: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7247
++#: vms-alpha.c:7248
+ #, c-format
+ msgid "delta_pc_w %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7254
++#: vms-alpha.c:7255
+ #, c-format
+ msgid "incr_linum(b): +%u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7260
++#: vms-alpha.c:7261
+ #, c-format
+ msgid "incr_linum_w: +%u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7266
++#: vms-alpha.c:7267
+ #, c-format
+ msgid "incr_linum_l: +%u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7272
++#: vms-alpha.c:7273
+ #, c-format
+ msgid "set_line_num(w) %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7277
++#: vms-alpha.c:7278
+ #, c-format
+ msgid "set_line_num_b %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7282
++#: vms-alpha.c:7283
+ #, c-format
+ msgid "set_line_num_l %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7287
++#: vms-alpha.c:7288
+ #, c-format
+ msgid "set_abs_pc: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7291
++#: vms-alpha.c:7292
+ #, c-format
+ msgid "delta_pc_l: +0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7296
++#: vms-alpha.c:7297
+ #, c-format
+ msgid "term(b): 0x%02x"
+ msgstr ""
+ 
+-#: vms-alpha.c:7298
++#: vms-alpha.c:7299
+ #, c-format
+ msgid "        pc: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7303
++#: vms-alpha.c:7304
+ #, c-format
+ msgid "term_w: 0x%04x"
+ msgstr ""
+ 
+-#: vms-alpha.c:7305
++#: vms-alpha.c:7306
+ #, c-format
+ msgid "    pc: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7311
++#: vms-alpha.c:7312
+ #, c-format
+ msgid "delta pc +%-4d"
+ msgstr ""
+ 
+-#: vms-alpha.c:7315
++#: vms-alpha.c:7316
+ #, c-format
+ msgid "    pc: 0x%08x line: %5u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7320
++#: vms-alpha.c:7321
+ #, c-format
+ msgid "    *unhandled* cmd %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7335
++#: vms-alpha.c:7336
+ #, c-format
+ msgid "source (len: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7350
++#: vms-alpha.c:7351
+ #, c-format
+ msgid "   declfile: len: %u, flags: %u, fileid: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7355
++#: vms-alpha.c:7356
+ #, c-format
+ msgid "   rms: cdt: 0x%08x %08x, ebk: 0x%08x, ffb: 0x%04x, rfo: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7364
++#: vms-alpha.c:7365
+ #, c-format
+ msgid "   filename   : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7373
++#: vms-alpha.c:7374
+ #, c-format
+ msgid "   setfile %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7378 vms-alpha.c:7383
++#: vms-alpha.c:7379 vms-alpha.c:7384
+ #, c-format
+ msgid "   setrec %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7388 vms-alpha.c:7393
++#: vms-alpha.c:7389 vms-alpha.c:7394
+ #, c-format
+ msgid "   setlnum %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7398 vms-alpha.c:7403
++#: vms-alpha.c:7399 vms-alpha.c:7404
+ #, c-format
+ msgid "   deflines %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7407
++#: vms-alpha.c:7408
+ #, c-format
+ msgid "   formfeed\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7411
++#: vms-alpha.c:7412
+ #, c-format
+ msgid "   *unhandled* cmd %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7423
++#: vms-alpha.c:7424
+ #, c-format
+ msgid "*unhandled* dst type %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7455
++#: vms-alpha.c:7456
+ #, c-format
+ msgid "cannot read EIHD\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7459
++#: vms-alpha.c:7460
+ #, c-format
+ msgid "EIHD: (size: %u, nbr blocks: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7463
++#: vms-alpha.c:7464
+ #, c-format
+ msgid " majorid: %u, minorid: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7471
++#: vms-alpha.c:7472
+ msgid "executable"
+ msgstr ""
+ 
+-#: vms-alpha.c:7474
++#: vms-alpha.c:7475
+ msgid "linkable image"
+ msgstr ""
+ 
+-#: vms-alpha.c:7481
++#: vms-alpha.c:7482
+ #, c-format
+ msgid " image type: %u (%s)"
+ msgstr ""
+ 
+-#: vms-alpha.c:7487
++#: vms-alpha.c:7488
+ msgid "native"
+ msgstr ""
+ 
+-#: vms-alpha.c:7490
++#: vms-alpha.c:7491
+ msgid "CLI"
+ msgstr ""
+ 
+-#: vms-alpha.c:7497
++#: vms-alpha.c:7498
+ #, c-format
+ msgid ", subtype: %u (%s)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7504
++#: vms-alpha.c:7505
+ #, c-format
+ msgid " offsets: isd: %u, activ: %u, symdbg: %u, imgid: %u, patch: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7508
++#: vms-alpha.c:7509
+ #, c-format
+ msgid " fixup info rva: "
+ msgstr ""
+ 
+-#: vms-alpha.c:7510
++#: vms-alpha.c:7511
+ #, c-format
+ msgid ", symbol vector rva: "
+ msgstr ""
+ 
+-#: vms-alpha.c:7513
++#: vms-alpha.c:7514
+ #, c-format
+ msgid ""
+ "\n"
+ " version array off: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7518
++#: vms-alpha.c:7519
+ #, c-format
+ msgid " img I/O count: %u, nbr channels: %u, req pri: %08x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7524
++#: vms-alpha.c:7525
+ #, c-format
+ msgid " linker flags: %08x:"
+ msgstr ""
+ 
+-#: vms-alpha.c:7555
++#: vms-alpha.c:7556
+ #, c-format
+ msgid " ident: 0x%08x, sysver: 0x%08x, match ctrl: %u, symvect_size: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7561
++#: vms-alpha.c:7562
+ #, c-format
+ msgid " BPAGE: %u"
+ msgstr ""
+ 
+-#: vms-alpha.c:7568
++#: vms-alpha.c:7569
+ #, c-format
+ msgid ", ext fixup offset: %u, no_opt psect off: %u"
+ msgstr ""
+ 
+-#: vms-alpha.c:7571
++#: vms-alpha.c:7572
+ #, c-format
+ msgid ", alias: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7579
++#: vms-alpha.c:7580
+ #, c-format
+ msgid "system version array information:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7583
++#: vms-alpha.c:7584
+ #, c-format
+ msgid "cannot read EIHVN header\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7593
++#: vms-alpha.c:7594
+ #, c-format
+ msgid "cannot read EIHVN version\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7596
++#: vms-alpha.c:7597
+ #, c-format
+ msgid "   %02u "
+ msgstr ""
+ 
+-#: vms-alpha.c:7600
++#: vms-alpha.c:7601
+ msgid "BASE_IMAGE       "
+ msgstr ""
+ 
+-#: vms-alpha.c:7603
++#: vms-alpha.c:7604
+ msgid "MEMORY_MANAGEMENT"
+ msgstr ""
+ 
+-#: vms-alpha.c:7606
++#: vms-alpha.c:7607
+ msgid "IO               "
+ msgstr ""
+ 
+-#: vms-alpha.c:7609
++#: vms-alpha.c:7610
+ msgid "FILES_VOLUMES    "
+ msgstr ""
+ 
+-#: vms-alpha.c:7612
++#: vms-alpha.c:7613
+ msgid "PROCESS_SCHED    "
+ msgstr ""
+ 
+-#: vms-alpha.c:7615
++#: vms-alpha.c:7616
+ msgid "SYSGEN           "
+ msgstr ""
+ 
+-#: vms-alpha.c:7618
++#: vms-alpha.c:7619
+ msgid "CLUSTERS_LOCKMGR "
+ msgstr ""
+ 
+-#: vms-alpha.c:7621
++#: vms-alpha.c:7622
+ msgid "LOGICAL_NAMES    "
+ msgstr ""
+ 
+-#: vms-alpha.c:7624
++#: vms-alpha.c:7625
+ msgid "SECURITY         "
+ msgstr ""
+ 
+-#: vms-alpha.c:7627
++#: vms-alpha.c:7628
+ msgid "IMAGE_ACTIVATOR  "
+ msgstr ""
+ 
+-#: vms-alpha.c:7630
++#: vms-alpha.c:7631
+ msgid "NETWORKS         "
+ msgstr ""
+ 
+-#: vms-alpha.c:7633
++#: vms-alpha.c:7634
+ msgid "COUNTERS         "
+ msgstr ""
+ 
+-#: vms-alpha.c:7636
++#: vms-alpha.c:7637
+ msgid "STABLE           "
+ msgstr ""
+ 
+-#: vms-alpha.c:7639
++#: vms-alpha.c:7640
+ msgid "MISC             "
+ msgstr ""
+ 
+-#: vms-alpha.c:7642
++#: vms-alpha.c:7643
+ msgid "CPU              "
+ msgstr ""
+ 
+-#: vms-alpha.c:7645
++#: vms-alpha.c:7646
+ msgid "VOLATILE         "
+ msgstr ""
+ 
+-#: vms-alpha.c:7648
++#: vms-alpha.c:7649
+ msgid "SHELL            "
+ msgstr ""
+ 
+-#: vms-alpha.c:7651
++#: vms-alpha.c:7652
+ msgid "POSIX            "
+ msgstr ""
+ 
+-#: vms-alpha.c:7654
++#: vms-alpha.c:7655
+ msgid "MULTI_PROCESSING "
+ msgstr ""
+ 
+-#: vms-alpha.c:7657
++#: vms-alpha.c:7658
+ msgid "GALAXY           "
+ msgstr ""
+ 
+-#: vms-alpha.c:7660
++#: vms-alpha.c:7661
+ msgid "*unknown*        "
+ msgstr ""
+ 
+-#: vms-alpha.c:7676 vms-alpha.c:7951
++#: vms-alpha.c:7677 vms-alpha.c:7952
+ #, c-format
+ msgid "cannot read EIHA\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7679
++#: vms-alpha.c:7680
+ #, c-format
+ msgid "Image activation:  (size=%u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7682
++#: vms-alpha.c:7683
+ #, c-format
+ msgid " First address : 0x%08x 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7686
++#: vms-alpha.c:7687
+ #, c-format
+ msgid " Second address: 0x%08x 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7690
++#: vms-alpha.c:7691
+ #, c-format
+ msgid " Third address : 0x%08x 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7694
++#: vms-alpha.c:7695
+ #, c-format
+ msgid " Fourth address: 0x%08x 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7698
++#: vms-alpha.c:7699
+ #, c-format
+ msgid " Shared image  : 0x%08x 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7709
++#: vms-alpha.c:7710
+ #, c-format
+ msgid "cannot read EIHI\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7713
++#: vms-alpha.c:7714
+ #, c-format
+ msgid "Image identification: (major: %u, minor: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7716
++#: vms-alpha.c:7717
+ #, c-format
+ msgid " image name       : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7718
++#: vms-alpha.c:7719
+ #, c-format
+ msgid " link time        : %s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7720
++#: vms-alpha.c:7721
+ #, c-format
+ msgid " image ident      : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7722
++#: vms-alpha.c:7723
+ #, c-format
+ msgid " linker ident     : %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7724
++#: vms-alpha.c:7725
+ #, c-format
+ msgid " image build ident: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7734
++#: vms-alpha.c:7735
+ #, c-format
+ msgid "cannot read EIHS\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7738
++#: vms-alpha.c:7739
+ #, c-format
+ msgid "Image symbol & debug table: (major: %u, minor: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7744
++#: vms-alpha.c:7745
+ #, c-format
+ msgid " debug symbol table : vbn: %u, size: %u (0x%x)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7749
++#: vms-alpha.c:7750
+ #, c-format
+ msgid " global symbol table: vbn: %u, records: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7754
++#: vms-alpha.c:7755
+ #, c-format
+ msgid " debug module table : vbn: %u, size: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7767
++#: vms-alpha.c:7768
+ #, c-format
+ msgid "cannot read EISD\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7778
++#: vms-alpha.c:7779
+ #, c-format
+ msgid ""
+ "Image section descriptor: (major: %u, minor: %u, size: %u, offset: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7786
++#: vms-alpha.c:7787
+ #, c-format
+ msgid " section: base: 0x%08x%08x size: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7791
++#: vms-alpha.c:7792
+ #, c-format
+ msgid " flags: 0x%04x"
+ msgstr ""
+ 
+-#: vms-alpha.c:7829
++#: vms-alpha.c:7830
+ #, c-format
+ msgid " vbn: %u, pfc: %u, matchctl: %u type: %u ("
+ msgstr ""
+ 
+-#: vms-alpha.c:7835
++#: vms-alpha.c:7836
+ msgid "NORMAL"
+ msgstr ""
+ 
+-#: vms-alpha.c:7838
++#: vms-alpha.c:7839
+ msgid "SHRFXD"
+ msgstr ""
+ 
+-#: vms-alpha.c:7841
++#: vms-alpha.c:7842
+ msgid "PRVFXD"
+ msgstr ""
+ 
+-#: vms-alpha.c:7844
++#: vms-alpha.c:7845
+ msgid "SHRPIC"
+ msgstr ""
+ 
+-#: vms-alpha.c:7847
++#: vms-alpha.c:7848
+ msgid "PRVPIC"
+ msgstr ""
+ 
+-#: vms-alpha.c:7850
++#: vms-alpha.c:7851
+ msgid "USRSTACK"
+ msgstr ""
+ 
+-#: vms-alpha.c:7856
++#: vms-alpha.c:7857
+ msgid ")\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7859
++#: vms-alpha.c:7860
+ #, c-format
+ msgid " ident: 0x%08x, name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7869
++#: vms-alpha.c:7870
+ #, c-format
+ msgid "cannot read DMT\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7873
++#: vms-alpha.c:7874
+ #, c-format
+ msgid "Debug module table:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7882
++#: vms-alpha.c:7883
+ #, c-format
+ msgid "cannot read DMT header\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7888
++#: vms-alpha.c:7889
+ #, c-format
+ msgid " module offset: 0x%08x, size: 0x%08x, (%u psects)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7898
++#: vms-alpha.c:7899
+ #, c-format
+ msgid "cannot read DMT psect\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7902
++#: vms-alpha.c:7903
+ #, c-format
+ msgid "  psect start: 0x%08x, length: %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7915
++#: vms-alpha.c:7916
+ #, c-format
+ msgid "cannot read DST\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7925
++#: vms-alpha.c:7926
+ #, c-format
+ msgid "cannot read GST\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7929
++#: vms-alpha.c:7930
+ #, c-format
+ msgid "Global symbol table:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7958
++#: vms-alpha.c:7959
+ #, c-format
+ msgid "Image activator fixup: (major: %u, minor: %u)\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7962
++#: vms-alpha.c:7963
+ #, c-format
+ msgid "  iaflink : 0x%08x %08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7966
++#: vms-alpha.c:7967
+ #, c-format
+ msgid "  fixuplnk: 0x%08x %08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7969
++#: vms-alpha.c:7970
+ #, c-format
+ msgid "  size : %u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7971
++#: vms-alpha.c:7972
+ #, c-format
+ msgid "  flags: 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7976
++#: vms-alpha.c:7977
+ #, c-format
+ msgid "  qrelfixoff: %5u, lrelfixoff: %5u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7981
++#: vms-alpha.c:7982
+ #, c-format
+ msgid "  qdotadroff: %5u, ldotadroff: %5u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7986
++#: vms-alpha.c:7987
+ #, c-format
+ msgid "  codeadroff: %5u, lpfixoff  : %5u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7989
++#: vms-alpha.c:7990
+ #, c-format
+ msgid "  chgprtoff : %5u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7993
++#: vms-alpha.c:7994
+ #, c-format
+ msgid "  shlstoff  : %5u, shrimgcnt : %5u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7996
++#: vms-alpha.c:7997
+ #, c-format
+ msgid "  shlextra  : %5u, permctx   : %5u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:7999
++#: vms-alpha.c:8000
+ #, c-format
+ msgid "  base_va : 0x%08x\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8001
++#: vms-alpha.c:8002
+ #, c-format
+ msgid "  lppsbfixoff: %5u\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8009
++#: vms-alpha.c:8010
+ #, c-format
+ msgid " Shareable images:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8014
++#: vms-alpha.c:8015
+ #, c-format
+ msgid "  %u: size: %u, flags: 0x%02x, name: %.*s\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8021
++#: vms-alpha.c:8022
+ #, c-format
+ msgid " quad-word relocation fixups:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8026
++#: vms-alpha.c:8027
+ #, c-format
+ msgid " long-word relocation fixups:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8031
++#: vms-alpha.c:8032
+ #, c-format
+ msgid " quad-word .address reference fixups:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8036
++#: vms-alpha.c:8037
+ #, c-format
+ msgid " long-word .address reference fixups:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8041
++#: vms-alpha.c:8042
+ #, c-format
+ msgid " Code Address Reference Fixups:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8046
++#: vms-alpha.c:8047
+ #, c-format
+ msgid " Linkage Pairs Reference Fixups:\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8055
++#: vms-alpha.c:8056
+ #, c-format
+ msgid " Change Protection (%u entries):\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8061
++#: vms-alpha.c:8062
+ #, c-format
+ msgid "  base: 0x%08x %08x, size: 0x%08x, prot: 0x%08x "
+ msgstr ""
+ 
+ #. FIXME: we do not yet support relocatable link.  It is not obvious
+ #. how to do it for debug infos.
+-#: vms-alpha.c:8901
++#: vms-alpha.c:8902
+ msgid "%P: relocatable link is not supported\n"
+ msgstr ""
+ 
+-#: vms-alpha.c:8972
++#: vms-alpha.c:8973
+ #, c-format
+-msgid "%P: multiple entry points: in modules %B and %B\n"
++msgid "%P: multiple entry points: in modules %pB and %pB\n"
+ msgstr ""
+ 
+ #: vms-lib.c:1445
+@@ -8537,7 +8508,7 @@ msgstr ""
+ #: peigen.c:1906 peigen.c:2103 pepigen.c:1906 pepigen.c:2103 pex64igen.c:1906
+ #: pex64igen.c:2103
+ #, c-format
+-msgid "Warning, .pdata section size (%ld) is not a multiple of %d\n"
++msgid "warning, .pdata section size (%ld) is not a multiple of %d\n"
+ msgstr ""
+ 
+ #: peigen.c:1910 peigen.c:2107 pepigen.c:1910 pepigen.c:2107 pex64igen.c:1910
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-04-24  Nick Clifton  <nickc@redhat.com>
++
++       PR 23110
++       * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
++       a negative PE_DEBUG_DATA size before iterating over the debug data.
++
+ 2018-04-17  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 23065
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
new file mode 100644
index 0000000000..29b834337e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10535.patch
@@ -0,0 +1,63 @@
+From db0c309f4011ca94a4abc8458e27f3734dab92ac Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 24 Apr 2018 16:57:04 +0100
+Subject: [PATCH] Fix an illegal memory access when trying to copy an ELF
+ binary with corrupt section symbols.
+
+	PR 23113
+	* elf.c (ignore_section_sym): Check for the output_section pointer
+	being NULL before dereferencing it.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-10535
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 4 ++++
+ bfd/elf.c     | 9 ++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -3994,15 +3994,22 @@ ignore_section_sym (bfd *abfd, asymbol *
+ {
+   elf_symbol_type *type_ptr;
+ 
++  if (sym == NULL)
++    return FALSE;
++
+   if ((sym->flags & BSF_SECTION_SYM) == 0)
+     return FALSE;
+ 
++  if (sym->section == NULL)
++    return TRUE;
++
+   type_ptr = elf_symbol_from (abfd, sym);
+   return ((type_ptr != NULL
+ 	   && type_ptr->internal_elf_sym.st_shndx != 0
+ 	   && bfd_is_abs_section (sym->section))
+ 	  || !(sym->section->owner == abfd
+-	       || (sym->section->output_section->owner == abfd
++	       || (sym->section->output_section != NULL
++		   && sym->section->output_section->owner == abfd
+ 		   && sym->section->output_offset == 0)
+ 	       || bfd_is_abs_section (sym->section)));
+ }
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,10 @@
+ 2018-04-24  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 23113
++       * elf.c (ignore_section_sym): Check for the output_section pointer
++       being NULL before dereferencing it.
++
++2018-04-24  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 23110
+        * peXXigen.c (_bfd_XX_bfd_copy_private_bfd_data_common): Check for
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch
new file mode 100644
index 0000000000..3fa852c951
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-13033.patch
@@ -0,0 +1,71 @@
+From 95a6d23566165208853a68d9cd3c6eedca840ec6 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 8 May 2018 12:51:06 +0100
+Subject: [PATCH] Prevent a memory exhaustion failure when running objdump on a
+ fuzzed input file with corrupt string and attribute sections.
+
+	PR 22809
+	* elf.c (bfd_elf_get_str_section): Check for an excessively large
+	string section.
+	* elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
+	attribute section is larger than the size of the file.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-13033
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog   | 8 ++++++++
+ bfd/elf-attrs.c | 9 +++++++++
+ bfd/elf.c       | 1 +
+ 3 files changed, 18 insertions(+)
+
+Index: git/bfd/elf-attrs.c
+===================================================================
+--- git.orig/bfd/elf-attrs.c
++++ git/bfd/elf-attrs.c
+@@ -438,6 +438,15 @@ _bfd_elf_parse_attributes (bfd *abfd, El
+   /* PR 17512: file: 2844a11d.  */
+   if (hdr->sh_size == 0)
+     return;
++  if (hdr->sh_size > bfd_get_file_size (abfd))
++    {
++      /* xgettext:c-format */
++      _bfd_error_handler (_("%pB: error: attribute section '%pA' too big: %#llx"),
++			  abfd, hdr->bfd_section, (long long) hdr->sh_size);
++      bfd_set_error (bfd_error_invalid_operation);
++      return;
++    }
++
+   contents = (bfd_byte *) bfd_malloc (hdr->sh_size + 1);
+   if (!contents)
+     return;
+Index: git/bfd/elf.c
+===================================================================
+--- git.orig/bfd/elf.c
++++ git/bfd/elf.c
+@@ -297,6 +297,7 @@ bfd_elf_get_str_section (bfd *abfd, unsi
+       /* Allocate and clear an extra byte at the end, to prevent crashes
+ 	 in case the string table is not terminated.  */
+       if (shstrtabsize + 1 <= 1
++	  || shstrtabsize > bfd_get_file_size (abfd)
+ 	  || bfd_seek (abfd, offset, SEEK_SET) != 0
+ 	  || (shstrtab = (bfd_byte *) bfd_alloc (abfd, shstrtabsize + 1)) == NULL)
+ 	shstrtab = NULL;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,11 @@
++2018-05-08  Nick Clifton  <nickc@redhat.com>
++
++       PR 22809
++       * elf.c (bfd_elf_get_str_section): Check for an excessively large
++       string section.
++       * elf-attrs.c (_bfd_elf_parse_attributes): Issue an error if the
++       attribute section is larger than the size of the file.
++
+ 2018-04-24  Nick Clifton  <nickc@redhat.com>
+  
+        PR 23113
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch
new file mode 100644
index 0000000000..2c6b1b2427
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6323.patch
@@ -0,0 +1,55 @@
+From 38e64b0ecc7f4ee64a02514b8d532782ac057fa2 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 25 Jan 2018 21:47:41 +1030
+Subject: [PATCH] PR22746, crash when running 32-bit objdump on corrupted file
+
+Avoid unsigned int overflow by performing bfd_size_type multiplication.
+
+	PR 22746
+	* elfcode.h (elf_object_p): Avoid integer overflow.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2018-6323
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/elfcode.h | 4 ++--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+Index: git/bfd/elfcode.h
+===================================================================
+--- git.orig/bfd/elfcode.h
++++ git/bfd/elfcode.h
+@@ -680,7 +680,7 @@ elf_object_p (bfd *abfd)
+       if (i_ehdrp->e_shnum > ((bfd_size_type) -1) / sizeof (*i_shdrp))
+ 	goto got_wrong_format_error;
+ #endif
+-      amt = sizeof (*i_shdrp) * i_ehdrp->e_shnum;
++      amt = sizeof (*i_shdrp) * (bfd_size_type) i_ehdrp->e_shnum;
+       i_shdrp = (Elf_Internal_Shdr *) bfd_alloc (abfd, amt);
+       if (!i_shdrp)
+ 	goto got_no_match;
+@@ -776,7 +776,7 @@ elf_object_p (bfd *abfd)
+       if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
+ 	goto got_wrong_format_error;
+ #endif
+-      amt = i_ehdrp->e_phnum * sizeof (*i_phdr);
++      amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
+       elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
+       if (elf_tdata (abfd)->phdr == NULL)
+ 	goto got_no_match;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-01-25  Alan Modra  <amodra@gmail.com>
++
++       PR 22746
++       * elfcode.h (elf_object_p): Avoid integer overflow.
++
+ 2018-05-08  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22809
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch
new file mode 100644
index 0000000000..3b0e98a0a3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-6759.patch
@@ -0,0 +1,108 @@
+From 64e234d417d5685a4aec0edc618114d9991c031b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 6 Feb 2018 15:48:29 +0000
+Subject: [PATCH] Prevent attempts to call strncpy with a zero-length field by
+ chacking the size of debuglink sections.
+
+	PR 22794
+	* opncls.c (bfd_get_debug_link_info_1): Check the size of the
+	section before attempting to read it in.
+	(bfd_get_alt_debug_link_info): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-6759
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/opncls.c  | 22 +++++++++++++++++-----
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+Index: git/bfd/opncls.c
+===================================================================
+--- git.orig/bfd/opncls.c
++++ git/bfd/opncls.c
+@@ -1179,6 +1179,7 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+   bfd_byte *contents;
+   unsigned int crc_offset;
+   char *name;
++  bfd_size_type size;
+ 
+   BFD_ASSERT (abfd);
+   BFD_ASSERT (crc32_out);
+@@ -1188,6 +1189,12 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+   if (sect == NULL)
+     return NULL;
+ 
++  size = bfd_get_section_size (sect);
++
++  /* PR 22794: Make sure that the section has a reasonable size.  */
++  if (size < 8 || size >= bfd_get_size (abfd))
++    return NULL;
++
+   if (!bfd_malloc_and_get_section (abfd, sect, &contents))
+     {
+       if (contents != NULL)
+@@ -1197,10 +1204,10 @@ bfd_get_debug_link_info_1 (bfd *abfd, vo
+ 
+   /* CRC value is stored after the filename, aligned up to 4 bytes.  */
+   name = (char *) contents;
+-  /* PR 17597: avoid reading off the end of the buffer.  */
+-  crc_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
++  /* PR 17597: Avoid reading off the end of the buffer.  */
++  crc_offset = strnlen (name, size) + 1;
+   crc_offset = (crc_offset + 3) & ~3;
+-  if (crc_offset + 4 > bfd_get_section_size (sect))
++  if (crc_offset + 4 > size)
+     return NULL;
+ 
+   *crc32 = bfd_get_32 (abfd, contents + crc_offset);
+@@ -1261,6 +1268,7 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+   bfd_byte *contents;
+   unsigned int buildid_offset;
+   char *name;
++  bfd_size_type size;
+ 
+   BFD_ASSERT (abfd);
+   BFD_ASSERT (buildid_len);
+@@ -1271,6 +1279,10 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+   if (sect == NULL)
+     return NULL;
+ 
++  size = bfd_get_section_size (sect);
++  if (size < 8 || size >= bfd_get_size (abfd))
++    return NULL;
++
+   if (!bfd_malloc_and_get_section (abfd, sect, & contents))
+     {
+       if (contents != NULL)
+@@ -1280,11 +1292,11 @@ bfd_get_alt_debug_link_info (bfd * abfd,
+ 
+   /* BuildID value is stored after the filename.  */
+   name = (char *) contents;
+-  buildid_offset = strnlen (name, bfd_get_section_size (sect)) + 1;
++  buildid_offset = strnlen (name, size) + 1;
+   if (buildid_offset >= bfd_get_section_size (sect))
+     return NULL;
+ 
+-  *buildid_len = bfd_get_section_size (sect) - buildid_offset;
++  *buildid_len = size - buildid_offset;
+   *buildid_out = bfd_malloc (*buildid_len);
+   memcpy (*buildid_out, contents + buildid_offset, *buildid_len);
+ 
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2018-02-06  Nick Clifton  <nickc@redhat.com>
++
++       PR 22794
++       * opncls.c (bfd_get_debug_link_info_1): Check the size of the
++       section before attempting to read it in.
++       (bfd_get_alt_debug_link_info): Likewise.
++
+ 2018-01-25  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22746
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch
new file mode 100644
index 0000000000..7d78db7eb3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7208.patch
@@ -0,0 +1,47 @@
+From eb77f6a4621795367a39cdd30957903af9dbb815 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 27 Jan 2018 08:19:33 +1030
+Subject: [PATCH] PR22741, objcopy segfault on fuzzed COFF object
+
+	PR 22741
+	* coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
+	range before converting to a symbol table pointer.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7208
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/coffgen.c | 3 ++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+Index: git/bfd/coffgen.c
+===================================================================
+--- git.orig/bfd/coffgen.c
++++ git/bfd/coffgen.c
+@@ -1555,7 +1555,8 @@ coff_pointerize_aux (bfd *abfd,
+     }
+   /* A negative tagndx is meaningless, but the SCO 3.2v4 cc can
+      generate one, so we must be careful to ignore it.  */
+-  if (auxent->u.auxent.x_sym.x_tagndx.l > 0)
++  if ((unsigned long) auxent->u.auxent.x_sym.x_tagndx.l
++      < obj_raw_syment_count (abfd))
+     {
+       auxent->u.auxent.x_sym.x_tagndx.p =
+ 	table_base + auxent->u.auxent.x_sym.x_tagndx.l;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-01-29  Alan Modra  <amodra@gmail.com>
++
++       PR 22741
++       * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
++       range before converting to a symbol table pointer.
++
+ 2018-02-06  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22794
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch
new file mode 100644
index 0000000000..b014080a7e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p1.patch
@@ -0,0 +1,161 @@
+From 1da5c9a485f3dcac4c45e96ef4b7dae5948314b5 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 25 Sep 2017 20:20:38 +0930
+Subject: [PATCH] PR22202, buffer overflow in parse_die
+
+There was a complete lack of sanity checking in dwarf1.c
+
+	PR 22202
+	* dwarf1.c (parse_die): Sanity check pointer against section limit
+	before dereferencing.
+	(parse_line_table): Likewise.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7568 patch1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/dwarf1.c  | 56 ++++++++++++++++++++++++++++++++++++++------------------
+ 2 files changed, 45 insertions(+), 18 deletions(-)
+
+Index: git/bfd/dwarf1.c
+===================================================================
+--- git.orig/bfd/dwarf1.c
++++ git/bfd/dwarf1.c
+@@ -189,11 +189,14 @@ parse_die (bfd *             abfd,
+   memset (aDieInfo, 0, sizeof (* aDieInfo));
+ 
+   /* First comes the length.  */
+-  aDieInfo->length = bfd_get_32 (abfd, (bfd_byte *) xptr);
++  if (xptr + 4 > aDiePtrEnd)
++    return FALSE;
++  aDieInfo->length = bfd_get_32 (abfd, xptr);
+   xptr += 4;
+   if (aDieInfo->length == 0
+-      || (this_die + aDieInfo->length) >= aDiePtrEnd)
++      || this_die + aDieInfo->length > aDiePtrEnd)
+     return FALSE;
++  aDiePtrEnd = this_die + aDieInfo->length;
+   if (aDieInfo->length < 6)
+     {
+       /* Just padding bytes.  */
+@@ -202,18 +205,20 @@ parse_die (bfd *             abfd,
+     }
+ 
+   /* Then the tag.  */
+-  aDieInfo->tag = bfd_get_16 (abfd, (bfd_byte *) xptr);
++  if (xptr + 2 > aDiePtrEnd)
++    return FALSE;
++  aDieInfo->tag = bfd_get_16 (abfd, xptr);
+   xptr += 2;
+ 
+   /* Then the attributes.  */
+-  while (xptr < (this_die + aDieInfo->length))
++  while (xptr + 2 <= aDiePtrEnd)
+     {
+       unsigned short attr;
+ 
+       /* Parse the attribute based on its form.  This section
+          must handle all dwarf1 forms, but need only handle the
+ 	 actual attributes that we care about.  */
+-      attr = bfd_get_16 (abfd, (bfd_byte *) xptr);
++      attr = bfd_get_16 (abfd, xptr);
+       xptr += 2;
+ 
+       switch (FORM_FROM_ATTR (attr))
+@@ -223,12 +228,15 @@ parse_die (bfd *             abfd,
+ 	  break;
+ 	case FORM_DATA4:
+ 	case FORM_REF:
+-	  if (attr == AT_sibling)
+-	    aDieInfo->sibling = bfd_get_32 (abfd, (bfd_byte *) xptr);
+-	  else if (attr == AT_stmt_list)
++	  if (xptr + 4 <= aDiePtrEnd)
+ 	    {
+-	      aDieInfo->stmt_list_offset = bfd_get_32 (abfd, (bfd_byte *) xptr);
+-	      aDieInfo->has_stmt_list = 1;
++	      if (attr == AT_sibling)
++		aDieInfo->sibling = bfd_get_32 (abfd, xptr);
++	      else if (attr == AT_stmt_list)
++		{
++		  aDieInfo->stmt_list_offset = bfd_get_32 (abfd, xptr);
++		  aDieInfo->has_stmt_list = 1;
++		}
+ 	    }
+ 	  xptr += 4;
+ 	  break;
+@@ -236,22 +244,29 @@ parse_die (bfd *             abfd,
+ 	  xptr += 8;
+ 	  break;
+ 	case FORM_ADDR:
+-	  if (attr == AT_low_pc)
+-	    aDieInfo->low_pc = bfd_get_32 (abfd, (bfd_byte *) xptr);
+-	  else if (attr == AT_high_pc)
+-	    aDieInfo->high_pc = bfd_get_32 (abfd, (bfd_byte *) xptr);
++	  if (xptr + 4 <= aDiePtrEnd)
++	    {
++	      if (attr == AT_low_pc)
++		aDieInfo->low_pc = bfd_get_32 (abfd, xptr);
++	      else if (attr == AT_high_pc)
++		aDieInfo->high_pc = bfd_get_32 (abfd, xptr);
++	    }
+ 	  xptr += 4;
+ 	  break;
+ 	case FORM_BLOCK2:
+-	  xptr += 2 + bfd_get_16 (abfd, (bfd_byte *) xptr);
++	  if (xptr + 2 <= aDiePtrEnd)
++	    xptr += bfd_get_16 (abfd, xptr);
++	  xptr += 2;
+ 	  break;
+ 	case FORM_BLOCK4:
+-	  xptr += 4 + bfd_get_32 (abfd, (bfd_byte *) xptr);
++	  if (xptr + 4 <= aDiePtrEnd)
++	    xptr += bfd_get_32 (abfd, xptr);
++	  xptr += 4;
+ 	  break;
+ 	case FORM_STRING:
+ 	  if (attr == AT_name)
+ 	    aDieInfo->name = (char *) xptr;
+-	  xptr += strlen ((char *) xptr) + 1;
++	  xptr += strnlen ((char *) xptr, aDiePtrEnd - xptr) + 1;
+ 	  break;
+ 	}
+     }
+@@ -290,7 +305,7 @@ parse_line_table (struct dwarf1_debug* s
+     }
+ 
+   xptr = stash->line_section + aUnit->stmt_list_offset;
+-  if (xptr < stash->line_section_end)
++  if (xptr + 8 <= stash->line_section_end)
+     {
+       unsigned long eachLine;
+       bfd_byte *tblend;
+@@ -318,6 +333,11 @@ parse_line_table (struct dwarf1_debug* s
+ 
+       for (eachLine = 0; eachLine < aUnit->line_count; eachLine++)
+ 	{
++	  if (xptr + 10 > stash->line_section_end)
++	    {
++	      aUnit->line_count = eachLine;
++	      break;
++	    }
+ 	  /* A line number.  */
+ 	  aUnit->linenumber_table[eachLine].linenumber
+ 	    = bfd_get_32 (stash->abfd, (bfd_byte *) xptr);
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-09-25  Alan Modra  <amodra@gmail.com>
++
++       PR 22202
++       * dwarf1.c (parse_die): Sanity check pointer against section limit
++       before dereferencing.
++       (parse_line_table): Likewise.
++
+ 2018-01-29  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22741
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch
new file mode 100644
index 0000000000..b5511d7d8a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7568_p2.patch
@@ -0,0 +1,73 @@
+From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 28 Feb 2018 10:13:54 +0000
+Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1
+ debug information.
+
+	PR 22894
+	* dwarf1.c (parse_die): Check the length of form blocks before
+	advancing the data pointer.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7568 patch2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/dwarf1.c  | 17 +++++++++++++++--
+ 2 files changed, 21 insertions(+), 2 deletions(-)
+
+Index: git/bfd/dwarf1.c
+===================================================================
+--- git.orig/bfd/dwarf1.c
++++ git/bfd/dwarf1.c
+@@ -213,6 +213,7 @@ parse_die (bfd *             abfd,
+   /* Then the attributes.  */
+   while (xptr + 2 <= aDiePtrEnd)
+     {
++      unsigned int   block_len;
+       unsigned short attr;
+ 
+       /* Parse the attribute based on its form.  This section
+@@ -255,12 +256,24 @@ parse_die (bfd *             abfd,
+ 	  break;
+ 	case FORM_BLOCK2:
+ 	  if (xptr + 2 <= aDiePtrEnd)
+-	    xptr += bfd_get_16 (abfd, xptr);
++	    {
++	      block_len = bfd_get_16 (abfd, xptr);
++	      if (xptr + block_len > aDiePtrEnd
++		  || xptr + block_len < xptr)
++		return FALSE;
++	      xptr += block_len;
++	    }
+ 	  xptr += 2;
+ 	  break;
+ 	case FORM_BLOCK4:
+ 	  if (xptr + 4 <= aDiePtrEnd)
+-	    xptr += bfd_get_32 (abfd, xptr);
++	    {
++	      block_len = bfd_get_32 (abfd, xptr);
++	      if (xptr + block_len > aDiePtrEnd
++		  || xptr + block_len < xptr)
++		return FALSE;
++	      xptr += block_len;
++	    }
+ 	  xptr += 4;
+ 	  break;
+ 	case FORM_STRING:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-02-28  Nick Clifton  <nickc@redhat.com>
++
++       PR 22894
++       * dwarf1.c (parse_die): Check the length of form blocks before
++       advancing the data pointer.
++
+ 2017-09-25  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22202
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
new file mode 100644
index 0000000000..e77118bc13
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
@@ -0,0 +1,120 @@
+From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 28 Feb 2018 11:50:49 +0000
+Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF
+ FORM blocks.
+
+	PR 22895
+	PR 22893
+	* dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
+	pointer.  Drop unused abfd parameter.  Check the size of the block
+	before initialising the data field.  Return the end pointer if the
+	size is invalid.
+	(read_attribute_value): Adjust invocations of read_n_bytes.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7569
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  8 ++++++++
+ bfd/dwarf2.c  | 36 +++++++++++++++++++++---------------
+ 2 files changed, 29 insertions(+), 15 deletions(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -649,14 +649,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf,
+ }
+ 
+ static bfd_byte *
+-read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED,
+-	      bfd_byte *buf,
+-	      bfd_byte *end,
+-	      unsigned int size ATTRIBUTE_UNUSED)
+-{
+-  if (buf + size > end)
+-    return NULL;
+-  return buf;
++read_n_bytes (bfd_byte *           buf,
++	      bfd_byte *           end,
++	      struct dwarf_block * block)
++{
++  unsigned int  size = block->size;
++  bfd_byte *    block_end = buf + size;
++
++  if (block_end > end || block_end < buf)
++    {
++      block->data = NULL;
++      block->size = 0;
++      return end;
++    }
++  else
++    {
++      block->data = buf;
++      return block_end;
++    }
+ }
+ 
+ /* Scans a NUL terminated string starting at BUF, returning a pointer to it.
+@@ -1154,8 +1164,7 @@ read_attribute_value (struct attribute *
+ 	return NULL;
+       blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end);
+       info_ptr += 2;
+-      blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+-      info_ptr += blk->size;
++      info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+       attr->u.blk = blk;
+       break;
+     case DW_FORM_block4:
+@@ -1165,8 +1174,7 @@ read_attribute_value (struct attribute *
+ 	return NULL;
+       blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end);
+       info_ptr += 4;
+-      blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+-      info_ptr += blk->size;
++      info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+       attr->u.blk = blk;
+       break;
+     case DW_FORM_data2:
+@@ -1206,8 +1214,7 @@ read_attribute_value (struct attribute *
+       blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read,
+ 					 FALSE, info_ptr_end);
+       info_ptr += bytes_read;
+-      blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+-      info_ptr += blk->size;
++      info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+       attr->u.blk = blk;
+       break;
+     case DW_FORM_block1:
+@@ -1217,8 +1224,7 @@ read_attribute_value (struct attribute *
+ 	return NULL;
+       blk->size = read_1_byte (abfd, info_ptr, info_ptr_end);
+       info_ptr += 1;
+-      blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
+-      info_ptr += blk->size;
++      info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
+       attr->u.blk = blk;
+       break;
+     case DW_FORM_data1:
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,4 +1,14 @@
+ 2018-02-28  Nick Clifton  <nickc@redhat.com>
++ 
++       PR 22895
++       PR 22893
++       * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
++       pointer.  Drop unused abfd parameter.  Check the size of the block
++       before initialising the data field.  Return the end pointer if the
++       size is invalid.
++       (read_attribute_value): Adjust invocations of read_n_bytes.
++
++2018-02-28  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 22894
+        * dwarf1.c (parse_die): Check the length of form blocks before
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
new file mode 100644
index 0000000000..14b233e2c1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-7642.patch
@@ -0,0 +1,51 @@
+From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 28 Feb 2018 22:09:50 +1030
+Subject: [PATCH] PR22887, null pointer dereference in
+ aout_32_swap_std_reloc_out
+
+	PR 22887
+	* aoutx.h (swap_std_reloc_in): Correct r_index bound check.
+
+Upstream-Status: Backport
+Affects: <= 2.30
+CVE: CVE-2018-7642
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/aoutx.h   | 6 ++++--
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-02-28  Alan Modra  <amodra@gmail.com>
++
++	PR 22887
++	* aoutx.h (swap_std_reloc_in): Correct r_index bound check.
++
+ 2018-02-28  Nick Clifton  <nickc@redhat.com>
+  
+        PR 22895
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h
++++ git/bfd/aoutx.h
+@@ -2211,10 +2211,12 @@ NAME (aout, swap_ext_reloc_in) (bfd *abf
+       || r_type == (unsigned int) RELOC_BASE22)
+     r_extern = 1;
+ 
+-  if (r_extern && r_index > symcount)
++  if (r_extern && r_index >= symcount)
+     {
+       /* We could arrange to return an error, but it might be useful
+-         to see the file even if it is bad.  */
++        to see the file even if it is bad.  FIXME: Of course this
++        means that objdump -r *doesn't* see the actual reloc, and
++        objcopy silently writes a different reloc.  */
+       r_extern = 0;
+       r_index = N_ABS;
+     }
diff --git a/meta/recipes-devtools/binutils/binutils_2.29.bb b/meta/recipes-devtools/binutils/binutils_2.29.1.bb
index 51a9748906..51a9748906 100644
--- a/meta/recipes-devtools/binutils/binutils_2.29.bb
+++ b/meta/recipes-devtools/binutils/binutils_2.29.1.bb
diff --git a/meta/recipes-devtools/chrpath/chrpath_0.16.bb b/meta/recipes-devtools/chrpath/chrpath_0.16.bb
index b61eef9c8b..8de8850576 100644
--- a/meta/recipes-devtools/chrpath/chrpath_0.16.bb
+++ b/meta/recipes-devtools/chrpath/chrpath_0.16.bb
@@ -7,14 +7,12 @@ BUGTRACKER = "http://alioth.debian.org/tracker/?atid=412807&group_id=31052"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552"
 
-SRC_URI = "https://alioth.debian.org/frs/download.php/file/3979/chrpath-0.16.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/c/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://standarddoc.patch"
 
 SRC_URI[md5sum] = "2bf8d1d1ee345fc8a7915576f5649982"
 SRC_URI[sha256sum] = "bb0d4c54bac2990e1bdf8132f2c9477ae752859d523e141e72b3b11a12c26e7b"
 
-UPSTREAM_CHECK_URI = "http://alioth.debian.org/frs/?group_id=31052"
-
 inherit autotools
 
 # We don't have a staged chrpath-native for ensuring our binary is
diff --git a/meta/recipes-devtools/distcc/distcc_3.2.bb b/meta/recipes-devtools/distcc/distcc_3.2.bb
index b6da65a582..fe64c5b793 100644
--- a/meta/recipes-devtools/distcc/distcc_3.2.bb
+++ b/meta/recipes-devtools/distcc/distcc_3.2.bb
@@ -14,7 +14,7 @@ PACKAGECONFIG[popt] = "--without-included-popt,--with-included-popt,popt"
 
 RRECOMMENDS_${PN} = "avahi-daemon"
 
-SRC_URI = "git://github.com/distcc/distcc.git;branch=${PV} \
+SRC_URI = "git://github.com/akuster/distcc.git;branch=${PV} \
            file://separatebuilddir.patch \
            file://0001-zeroconf-Include-fcntl.h.patch \
            file://default \
@@ -41,7 +41,9 @@ INITSCRIPT_NAME = "distcc"
 SYSTEMD_PACKAGES = "${PN}"
 SYSTEMD_SERVICE_${PN} = "distcc.service"
 
-do_install_append() {
+do_install() {
+    # Improve reproducibility: compress w/o timestamps
+    oe_runmake 'DESTDIR=${D}'  "GZIP_BIN=gzip -n" install
     install -d ${D}${sysconfdir}/init.d/
     install -d ${D}${sysconfdir}/default
     install -m 0755 ${WORKDIR}/distcc ${D}${sysconfdir}/init.d/
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch
new file mode 100644
index 0000000000..308fe0e292
--- /dev/null
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-misc-rename-copy_file_range-to-copy_file_chunk.patch
@@ -0,0 +1,62 @@
+From 647353f7c3fd29e1ffd468d7ff56d9643047ab35 Mon Sep 17 00:00:00 2001
+From: Palmer Dabbelt <palmer@dabbelt.com>
+Date: Fri, 29 Dec 2017 10:19:51 -0800
+Subject: [PATCH] misc: rename copy_file_range to copy_file_chunk
+
+As of 2.27, glibc will have a copy_file_range library call to wrap the
+new copy_file_range system call.  This conflicts with the function in
+misc/create_inode.c, which this patch renames _copy_file_range.
+
+Signed-off-by: Palmer Dabbelt <palmer@dabbelt.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+
+Upstream-Status: Backport
+
+Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
+---
+ misc/create_inode.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/misc/create_inode.c b/misc/create_inode.c
+index 8ce3fafa..cd89146f 100644
+--- a/misc/create_inode.c
++++ b/misc/create_inode.c
+@@ -396,7 +396,7 @@ static ssize_t my_pread(int fd, void *buf, size_t count, off_t offset)
+ }
+ #endif /* !defined HAVE_PREAD64 && !defined HAVE_PREAD */
+ 
+-static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file,
++static errcode_t copy_file_chunk(ext2_filsys fs, int fd, ext2_file_t e2_file,
+ 				 off_t start, off_t end, char *buf,
+ 				 char *zerobuf)
+ {
+@@ -470,7 +470,7 @@ static errcode_t try_lseek_copy(ext2_filsys fs, int fd, struct stat *statbuf,
+ 
+ 		data_blk = data & ~(fs->blocksize - 1);
+ 		hole_blk = (hole + (fs->blocksize - 1)) & ~(fs->blocksize - 1);
+-		err = copy_file_range(fs, fd, e2_file, data_blk, hole_blk, buf,
++		err = copy_file_chunk(fs, fd, e2_file, data_blk, hole_blk, buf,
+ 				      zerobuf);
+ 		if (err)
+ 			return err;
+@@ -521,7 +521,7 @@ static errcode_t try_fiemap_copy(ext2_filsys fs, int fd, ext2_file_t e2_file,
+ 			goto out;
+ 		for (i = 0, ext = ext_buf; i < fiemap_buf->fm_mapped_extents;
+ 		     i++, ext++) {
+-			err = copy_file_range(fs, fd, e2_file, ext->fe_logical,
++			err = copy_file_chunk(fs, fd, e2_file, ext->fe_logical,
+ 					      ext->fe_logical + ext->fe_length,
+ 					      buf, zerobuf);
+ 			if (err)
+@@ -574,7 +574,7 @@ static errcode_t copy_file(ext2_filsys fs, int fd, struct stat *statbuf,
+ 		goto out;
+ #endif
+ 
+-	err = copy_file_range(fs, fd, e2_file, 0, statbuf->st_size, buf,
++	err = copy_file_chunk(fs, fd, e2_file, 0, statbuf->st_size, buf,
+ 			      zerobuf);
+ out:
+ 	ext2fs_free_mem(&zerobuf);
+-- 
+2.16.2
+
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.5.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.5.bb
index 00093cc20c..f1d7c08209 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.5.bb
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.43.5.bb
@@ -10,6 +10,7 @@ SRC_URI += "file://acinclude.m4 \
             file://mkdir_p.patch \
             file://reproducible-doc.patch \
             file://0001-misc-create_inode.c-set-dir-s-mode-correctly.patch \
+            file://0001-misc-rename-copy_file_range-to-copy_file_chunk.patch \
 "
 
 SRC_URI_append_class-native = " file://e2fsprogs-fix-missing-check-for-permission-denied.patch"
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0041-ssp_nonshared.patch b/meta/recipes-devtools/gcc/gcc-6.3/0041-ssp_nonshared.patch
deleted file mode 100644
index 0744529741..0000000000
--- a/meta/recipes-devtools/gcc/gcc-6.3/0041-ssp_nonshared.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 551a5db7acb56e085a101f1c222d51b2c1b039a4 Mon Sep 17 00:00:00 2001
-From: Szabolcs Nagy <nsz@port70.net>
-Date: Sat, 7 Nov 2015 14:58:40 +0000
-Subject: [PATCH 41/46] ssp_nonshared
-
----
-Upstream-Status: Inappropriate [OE Configuration]
-
- gcc/gcc.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/gcc/gcc.c b/gcc/gcc.c
-index 2812819..9de96ee 100644
---- a/gcc/gcc.c
-+++ b/gcc/gcc.c
-@@ -863,7 +863,8 @@ proper position among the other output files.  */
- #ifndef LINK_SSP_SPEC
- #ifdef TARGET_LIBC_PROVIDES_SSP
- #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
--		       "|fstack-protector-strong|fstack-protector-explicit:}"
-+		       "|fstack-protector-strong|fstack-protector-explicit" \
-+		       ":-lssp_nonshared}"
- #else
- #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
- 		       "|fstack-protector-strong|fstack-protector-explicit" \
--- 
-2.8.2
-
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0056-LRA-PR70904-relax-the-restriction-on-subreg-reload-f.patch b/meta/recipes-devtools/gcc/gcc-6.3/0056-LRA-PR70904-relax-the-restriction-on-subreg-reload-f.patch
deleted file mode 100644
index 231f147619..0000000000
--- a/meta/recipes-devtools/gcc/gcc-6.3/0056-LRA-PR70904-relax-the-restriction-on-subreg-reload-f.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From a582b0a53d1dc8604a201348b99ca8de48784e7e Mon Sep 17 00:00:00 2001
-From: jiwang <jiwang@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Thu, 12 May 2016 17:00:52 +0000
-Subject: [PATCH] [LRA] PR70904, relax the restriction on subreg reload for
- wide mode
-
-2016-05-12  Jiong Wang  <jiong.wang@arm.com>
-
-gcc/
-  PR rtl-optimization/70904
-  * lra-constraint.c (process_addr_reg): Relax the restriction on
-  subreg reload for wide mode.
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@236181 138bc75d-0d04-0410-961f-82ee72b054a4
----
-Upstream-Status: Backport
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
- gcc/lra-constraints.c | 16 +++++++++++++++-
- 1 file changed, 15 insertions(+), 1 deletion(-)
-
-diff --git a/gcc/lra-constraints.c b/gcc/lra-constraints.c
-index f96fd458e23..73fb72a2ea5 100644
---- a/gcc/lra-constraints.c
-+++ b/gcc/lra-constraints.c
-@@ -1326,7 +1326,21 @@ process_addr_reg (rtx *loc, bool check_only_p, rtx_insn **before, rtx_insn **aft
- 
-   subreg_p = GET_CODE (*loc) == SUBREG;
-   if (subreg_p)
--    loc = &SUBREG_REG (*loc);
-+    {
-+      reg = SUBREG_REG (*loc);
-+      mode = GET_MODE (reg);
-+
-+      /* For mode with size bigger than ptr_mode, there unlikely to be "mov"
-+	 between two registers with different classes, but there normally will
-+	 be "mov" which transfers element of vector register into the general
-+	 register, and this normally will be a subreg which should be reloaded
-+	 as a whole.  This is particularly likely to be triggered when
-+	 -fno-split-wide-types specified.  */
-+      if (in_class_p (reg, cl, &new_class)
-+	  || GET_MODE_SIZE (mode) <= GET_MODE_SIZE (ptr_mode))
-+       loc = &SUBREG_REG (*loc);
-+    }
-+
-   reg = *loc;
-   mode = GET_MODE (reg);
-   if (! REG_P (reg))
--- 
-2.14.2
-
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/ubsan-fix-check-empty-string.patch b/meta/recipes-devtools/gcc/gcc-6.3/ubsan-fix-check-empty-string.patch
deleted file mode 100644
index c0127198e0..0000000000
--- a/meta/recipes-devtools/gcc/gcc-6.3/ubsan-fix-check-empty-string.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 8db2cf6353c13f2a84cbe49b689654897906c499 Mon Sep 17 00:00:00 2001
-From: kyukhin <kyukhin@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Sat, 3 Sep 2016 10:57:05 +0000
-Subject: [PATCH] gcc/ 	* ubsan.c (ubsan_use_new_style_p): Fix check for empty
- string.
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239971 138bc75d-0d04-0410-961f-82ee72b054a4
-
-Upstream-Status: Backport
-Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
-
----
- gcc/ubsan.c   | 2 +-
- 2 files changed, 5 insertions(+), 1 deletion(-)
-
-Index: gcc-6.3.0/gcc/ubsan.c
-===================================================================
---- gcc-6.3.0.orig/gcc/ubsan.c
-+++ gcc-6.3.0/gcc/ubsan.c
-@@ -1471,7 +1471,7 @@ ubsan_use_new_style_p (location_t loc)
- 
-   expanded_location xloc = expand_location (loc);
-   if (xloc.file == NULL || strncmp (xloc.file, "\1", 2) == 0
--      || xloc.file == '\0' || xloc.file[0] == '\xff'
-+      || xloc.file[0] == '\0' || xloc.file[0] == '\xff'
-       || xloc.file[1] == '\xff')
-     return false;
- 
diff --git a/meta/recipes-devtools/gcc/gcc-6.3.inc b/meta/recipes-devtools/gcc/gcc-6.4.inc
index e569e0220b..42eabef651 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-6.4.inc
@@ -2,13 +2,13 @@ require gcc-common.inc
 
 # Third digit in PV should be incremented after a minor release
 
-PV = "6.3.0"
+PV = "6.4.0"
 
 # BINV should be incremented to a revision after a minor gcc release
 
-BINV = "6.3.0"
+BINV = "6.4.0"
 
-FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-6.3:${FILE_DIRNAME}/gcc-6.3/backport:"
+FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-6.4:${FILE_DIRNAME}/gcc-6.4/backport:"
 
 DEPENDS =+ "mpfr gmp libmpc zlib"
 NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native"
@@ -24,7 +24,7 @@ LIC_FILES_CHKSUM = "\
 "
 
 
-BASEURI ?= "${GNU_MIRROR}/gcc/gcc-${PV}/gcc-${PV}.tar.bz2"
+BASEURI ?= "${GNU_MIRROR}/gcc/gcc-${PV}/gcc-${PV}.tar.xz"
 #SRCREV = "bd9a826d5448db11d29d2ec5884e7e679066f140"
 #BASEURI ?= "git://github.com/gcc-mirror/gcc;branch=gcc-6-branch;protocol=git"
 #BASEURI ?= "ftp://sourceware.org/pub/gcc/snapshots/6.2.0-RC-20160815/gcc-6.2.0-RC-20160815.tar.bz2"
@@ -65,7 +65,7 @@ SRC_URI = "\
            file://0038-Search-target-sysroot-gcc-version-specific-dirs-with.patch \
            file://0039-Fix-various-_FOR_BUILD-and-related-variables.patch \
            file://0040-nios2-Define-MUSL_DYNAMIC_LINKER.patch \
-           file://0041-ssp_nonshared.patch \
+           file://0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch \
            file://0042-gcc-libcpp-support-ffile-prefix-map-old-new.patch \
            file://0043-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch \
            file://0044-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch \
@@ -75,15 +75,29 @@ SRC_URI = "\
            file://0048-sync-gcc-stddef.h-with-musl.patch \
            file://0054_all_nopie-all-flags.patch \
            file://0055-unwind_h-glibc26.patch \
-           file://0056-LRA-PR70904-relax-the-restriction-on-subreg-reload-f.patch \
            ${BACKPORTS} \
 "
 BACKPORTS = "\
            file://CVE-2016-6131.patch \
-           file://ubsan-fix-check-empty-string.patch \
+           file://0057-ARM-PR-82445-suppress-32-bit-aligned-ldrd-strd-peeph.patch \
+           file://0001-enable-FL_LPAE-flag-for-armv7ve-cores.patch \
+           file://0001-i386-Move-struct-ix86_frame-to-machine_function.patch \
+           file://0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.patch \
+           file://0003-i386-Use-const-reference-of-struct-ix86_frame-to-avo.patch \
+           file://0004-x86-Add-mindirect-branch.patch \
+           file://0005-x86-Add-mfunction-return.patch \
+           file://0006-x86-Add-mindirect-branch-register.patch \
+           file://0007-x86-Add-V-register-operand-modifier.patch \
+           file://0008-x86-Disallow-mindirect-branch-mfunction-return-with-.patch \
+           file://0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.patch \
+           file://0010-i386-Pass-INVALID_REGNUM-as-invalid-register-number.patch \
+           file://0011-i386-Update-mfunction-return-for-return-with-pop.patch \
+           file://0012-i386-Add-TARGET_INDIRECT_BRANCH_REGISTER.patch \
+           file://0013-gcc-sanitizers.patch \
 "
-SRC_URI[md5sum] = "677a7623c7ef6ab99881bc4e048debb6"
-SRC_URI[sha256sum] = "f06ae7f3f790fbf0f018f6d40e844451e6bc3b7bc96e128e63b09825c1f8b29f"
+
+SRC_URI[md5sum] = "11ba51a0cfb8471927f387c8895fe232"
+SRC_URI[sha256sum] = "850bf21eafdfe5cd5f6827148184c08c4a0852a37ccf36ce69855334d2c914d4"
 
 S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
 #S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/git"
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch b/meta/recipes-devtools/gcc/gcc-6.4/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch
index 415f091ee7..415f091ee7 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0008-missing-execinfo_h.patch b/meta/recipes-devtools/gcc/gcc-6.4/0008-missing-execinfo_h.patch
index 01e7c9549e..01e7c9549e 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0008-missing-execinfo_h.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0008-missing-execinfo_h.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0009-c99-snprintf.patch b/meta/recipes-devtools/gcc/gcc-6.4/0009-c99-snprintf.patch
index d62341ac65..d62341ac65 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0009-c99-snprintf.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0009-c99-snprintf.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0010-gcc-poison-system-directories.patch b/meta/recipes-devtools/gcc/gcc-6.4/0010-gcc-poison-system-directories.patch
index ac4cf442da..ac4cf442da 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0010-gcc-poison-system-directories.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0010-gcc-poison-system-directories.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0011-gcc-poison-dir-extend.patch b/meta/recipes-devtools/gcc/gcc-6.4/0011-gcc-poison-dir-extend.patch
index a1736aea12..a1736aea12 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0011-gcc-poison-dir-extend.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0011-gcc-poison-dir-extend.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0012-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch b/meta/recipes-devtools/gcc/gcc-6.4/0012-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch
index 939b0705f8..939b0705f8 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0012-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0012-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0013-64-bit-multilib-hack.patch b/meta/recipes-devtools/gcc/gcc-6.4/0013-64-bit-multilib-hack.patch
index e31cde4317..e31cde4317 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0013-64-bit-multilib-hack.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0013-64-bit-multilib-hack.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0014-optional-libstdc.patch b/meta/recipes-devtools/gcc/gcc-6.4/0014-optional-libstdc.patch
index 44b0cc7d6e..44b0cc7d6e 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0014-optional-libstdc.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0014-optional-libstdc.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0015-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch b/meta/recipes-devtools/gcc/gcc-6.4/0015-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch
index 6fc7346f6e..6fc7346f6e 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0015-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0015-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0016-COLLECT_GCC_OPTIONS.patch b/meta/recipes-devtools/gcc/gcc-6.4/0016-COLLECT_GCC_OPTIONS.patch
index c1548647c7..c1548647c7 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0016-COLLECT_GCC_OPTIONS.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0016-COLLECT_GCC_OPTIONS.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0017-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch b/meta/recipes-devtools/gcc/gcc-6.4/0017-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch
index 0dbabd9e93..0dbabd9e93 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0017-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0017-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0018-fortran-cross-compile-hack.patch b/meta/recipes-devtools/gcc/gcc-6.4/0018-fortran-cross-compile-hack.patch
index b43d89ea84..b43d89ea84 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0018-fortran-cross-compile-hack.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0018-fortran-cross-compile-hack.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0019-cpp-honor-sysroot.patch b/meta/recipes-devtools/gcc/gcc-6.4/0019-cpp-honor-sysroot.patch
index 417a5ede4d..417a5ede4d 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0019-cpp-honor-sysroot.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0019-cpp-honor-sysroot.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0020-MIPS64-Default-to-N64-ABI.patch b/meta/recipes-devtools/gcc/gcc-6.4/0020-MIPS64-Default-to-N64-ABI.patch
index ba612f5458..ba612f5458 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0020-MIPS64-Default-to-N64-ABI.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0020-MIPS64-Default-to-N64-ABI.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0021-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc-6.4/0021-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
index 6675ce34fa..6675ce34fa 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0021-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0021-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0022-gcc-Fix-argument-list-too-long-error.patch b/meta/recipes-devtools/gcc/gcc-6.4/0022-gcc-Fix-argument-list-too-long-error.patch
index fab6e4aeb7..fab6e4aeb7 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0022-gcc-Fix-argument-list-too-long-error.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0022-gcc-Fix-argument-list-too-long-error.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0023-Disable-sdt.patch b/meta/recipes-devtools/gcc/gcc-6.4/0023-Disable-sdt.patch
index 0efd890aa7..0efd890aa7 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0023-Disable-sdt.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0023-Disable-sdt.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0024-libtool.patch b/meta/recipes-devtools/gcc/gcc-6.4/0024-libtool.patch
index 1f73b5db5a..1f73b5db5a 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0024-libtool.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0024-libtool.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0025-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch b/meta/recipes-devtools/gcc/gcc-6.4/0025-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
index 3b7ee497f3..3b7ee497f3 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0025-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0025-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0026-Use-the-multilib-config-files-from-B-instead-of-usin.patch b/meta/recipes-devtools/gcc/gcc-6.4/0026-Use-the-multilib-config-files-from-B-instead-of-usin.patch
index be25be6162..be25be6162 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0026-Use-the-multilib-config-files-from-B-instead-of-usin.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0026-Use-the-multilib-config-files-from-B-instead-of-usin.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0027-Avoid-using-libdir-from-.la-which-usually-points-to-.patch b/meta/recipes-devtools/gcc/gcc-6.4/0027-Avoid-using-libdir-from-.la-which-usually-points-to-.patch
index d1bbebc0a8..d1bbebc0a8 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0027-Avoid-using-libdir-from-.la-which-usually-points-to-.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0027-Avoid-using-libdir-from-.la-which-usually-points-to-.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0028-export-CPP.patch b/meta/recipes-devtools/gcc/gcc-6.4/0028-export-CPP.patch
index c21253938c..c21253938c 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0028-export-CPP.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0028-export-CPP.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0029-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch b/meta/recipes-devtools/gcc/gcc-6.4/0029-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch
index 47b9c0d1b1..47b9c0d1b1 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0029-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0029-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0030-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch b/meta/recipes-devtools/gcc/gcc-6.4/0030-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch
index c09d0192ef..c09d0192ef 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0030-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0030-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0031-Ensure-target-gcc-headers-can-be-included.patch b/meta/recipes-devtools/gcc/gcc-6.4/0031-Ensure-target-gcc-headers-can-be-included.patch
index fb1cd0f169..fb1cd0f169 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0031-Ensure-target-gcc-headers-can-be-included.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0031-Ensure-target-gcc-headers-can-be-included.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0032-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch b/meta/recipes-devtools/gcc/gcc-6.4/0032-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch
index c0b001db51..c0b001db51 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0032-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0032-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0033-Don-t-search-host-directory-during-relink-if-inst_pr.patch b/meta/recipes-devtools/gcc/gcc-6.4/0033-Don-t-search-host-directory-during-relink-if-inst_pr.patch
index e425d71463..e425d71463 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0033-Don-t-search-host-directory-during-relink-if-inst_pr.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0033-Don-t-search-host-directory-during-relink-if-inst_pr.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0034-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch b/meta/recipes-devtools/gcc/gcc-6.4/0034-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch
index 922a8555b6..922a8555b6 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0034-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0034-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0035-aarch64-Add-support-for-musl-ldso.patch b/meta/recipes-devtools/gcc/gcc-6.4/0035-aarch64-Add-support-for-musl-ldso.patch
index 9dfc47276f..9dfc47276f 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0035-aarch64-Add-support-for-musl-ldso.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0035-aarch64-Add-support-for-musl-ldso.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0036-libcc1-fix-libcc1-s-install-path-and-rpath.patch b/meta/recipes-devtools/gcc/gcc-6.4/0036-libcc1-fix-libcc1-s-install-path-and-rpath.patch
index f89a8860f9..f89a8860f9 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0036-libcc1-fix-libcc1-s-install-path-and-rpath.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0036-libcc1-fix-libcc1-s-install-path-and-rpath.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0037-handle-sysroot-support-for-nativesdk-gcc.patch b/meta/recipes-devtools/gcc/gcc-6.4/0037-handle-sysroot-support-for-nativesdk-gcc.patch
index 15efcb12ed..15efcb12ed 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0037-handle-sysroot-support-for-nativesdk-gcc.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0037-handle-sysroot-support-for-nativesdk-gcc.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0038-Search-target-sysroot-gcc-version-specific-dirs-with.patch b/meta/recipes-devtools/gcc/gcc-6.4/0038-Search-target-sysroot-gcc-version-specific-dirs-with.patch
index 89ee79db89..89ee79db89 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0038-Search-target-sysroot-gcc-version-specific-dirs-with.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0038-Search-target-sysroot-gcc-version-specific-dirs-with.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0039-Fix-various-_FOR_BUILD-and-related-variables.patch b/meta/recipes-devtools/gcc/gcc-6.4/0039-Fix-various-_FOR_BUILD-and-related-variables.patch
index 0ce7aec790..0ce7aec790 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0039-Fix-various-_FOR_BUILD-and-related-variables.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0039-Fix-various-_FOR_BUILD-and-related-variables.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0040-nios2-Define-MUSL_DYNAMIC_LINKER.patch b/meta/recipes-devtools/gcc/gcc-6.4/0040-nios2-Define-MUSL_DYNAMIC_LINKER.patch
index c9a6fd0ebc..c9a6fd0ebc 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0040-nios2-Define-MUSL_DYNAMIC_LINKER.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0040-nios2-Define-MUSL_DYNAMIC_LINKER.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0040-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch b/meta/recipes-devtools/gcc/gcc-6.4/0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
index 29b7ce72d2..29b7ce72d2 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0040-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0041-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0042-gcc-libcpp-support-ffile-prefix-map-old-new.patch b/meta/recipes-devtools/gcc/gcc-6.4/0042-gcc-libcpp-support-ffile-prefix-map-old-new.patch
index 861f0fd7f1..861f0fd7f1 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0042-gcc-libcpp-support-ffile-prefix-map-old-new.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0042-gcc-libcpp-support-ffile-prefix-map-old-new.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0043-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch b/meta/recipes-devtools/gcc/gcc-6.4/0043-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch
index 0077f80e46..0077f80e46 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0043-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0043-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0044-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch b/meta/recipes-devtools/gcc/gcc-6.4/0044-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch
index 5d41af44a4..5d41af44a4 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0044-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0044-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0045-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch b/meta/recipes-devtools/gcc/gcc-6.4/0045-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch
index c62b727d6e..c62b727d6e 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0045-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0045-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0046-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch b/meta/recipes-devtools/gcc/gcc-6.4/0046-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch
index 390037f7b1..390037f7b1 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0046-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0046-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0047-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch b/meta/recipes-devtools/gcc/gcc-6.4/0047-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch
index 6b5da0254e..6b5da0254e 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0047-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0047-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0048-sync-gcc-stddef.h-with-musl.patch b/meta/recipes-devtools/gcc/gcc-6.4/0048-sync-gcc-stddef.h-with-musl.patch
index 30c158d7da..30c158d7da 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0048-sync-gcc-stddef.h-with-musl.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0048-sync-gcc-stddef.h-with-musl.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0054_all_nopie-all-flags.patch b/meta/recipes-devtools/gcc/gcc-6.4/0054_all_nopie-all-flags.patch
index 73ab9502dc..73ab9502dc 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0054_all_nopie-all-flags.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0054_all_nopie-all-flags.patch
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/0055-unwind_h-glibc26.patch b/meta/recipes-devtools/gcc/gcc-6.4/0055-unwind_h-glibc26.patch
index c266cfe21f..c266cfe21f 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/0055-unwind_h-glibc26.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0055-unwind_h-glibc26.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0051-ARM-PR-82445-suppress-32-bit-aligned-ldrd-strd-peeph.patch b/meta/recipes-devtools/gcc/gcc-6.4/0057-ARM-PR-82445-suppress-32-bit-aligned-ldrd-strd-peeph.patch
index 021250700d..0214ab83d9 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0051-ARM-PR-82445-suppress-32-bit-aligned-ldrd-strd-peeph.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/0057-ARM-PR-82445-suppress-32-bit-aligned-ldrd-strd-peeph.patch
@@ -1,6 +1,6 @@
-From 8c18b422211878ba02503462cb22a2cc25a0a325 Mon Sep 17 00:00:00 2001
+From ad5bf450aef2ffee6d57ed193fabc5f72f8eaa65 Mon Sep 17 00:00:00 2001
 From: rearnsha <rearnsha@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Thu, 19 Oct 2017 13:14:55 +0000
+Date: Thu, 19 Oct 2017 13:16:42 +0000
 Subject: [PATCH] [ARM] PR 82445 - suppress 32-bit aligned ldrd/strd peepholing
  with -mno-unaligned-access
 
@@ -37,7 +37,7 @@ testsuite:
 
 
 
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@253891 138bc75d-0d04-0410-961f-82ee72b054a4
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-6-branch@253892 138bc75d-0d04-0410-961f-82ee72b054a4
 ---
 Upstream-Status: Backport
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
@@ -54,10 +54,10 @@ Signed-off-by: Khem Raj <raj.khem@gmail.com>
  copy gcc/testsuite/gcc.target/arm/{peep-strd-1.c => peep-strd-2.c} (58%)
 
 diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c
-index 1ded0d2a17d..989957f048e 100644
+index 9c0813d598d..e3da9f77fb6 100644
 --- a/gcc/config/arm/arm.c
 +++ b/gcc/config/arm/arm.c
-@@ -15199,12 +15199,23 @@ operands_ok_ldrd_strd (rtx rt, rtx rt2, rtx rn, HOST_WIDE_INT offset,
+@@ -15926,12 +15926,23 @@ operands_ok_ldrd_strd (rtx rt, rtx rt2, rtx rn, HOST_WIDE_INT offset,
    return true;
  }
  
@@ -84,7 +84,7 @@ index 1ded0d2a17d..989957f048e 100644
  {
    rtx addr;
  
-@@ -15223,6 +15234,7 @@ mem_ok_for_ldrd_strd (rtx mem, rtx *base, rtx *offset)
+@@ -15950,6 +15961,7 @@ mem_ok_for_ldrd_strd (rtx mem, rtx *base, rtx *offset)
    gcc_assert (MEM_P (mem));
  
    *offset = const0_rtx;
@@ -92,7 +92,7 @@ index 1ded0d2a17d..989957f048e 100644
  
    addr = XEXP (mem, 0);
  
-@@ -15263,7 +15275,7 @@ gen_operands_ldrd_strd (rtx *operands, bool load,
+@@ -15990,7 +16002,7 @@ gen_operands_ldrd_strd (rtx *operands, bool load,
                          bool const_store, bool commute)
  {
    int nops = 2;
@@ -101,7 +101,7 @@ index 1ded0d2a17d..989957f048e 100644
    rtx base = NULL_RTX;
    rtx cur_base, cur_offset, tmp;
    int i, gap;
-@@ -15275,7 +15287,8 @@ gen_operands_ldrd_strd (rtx *operands, bool load,
+@@ -16002,7 +16014,8 @@ gen_operands_ldrd_strd (rtx *operands, bool load,
       registers, and the corresponding memory offsets.  */
    for (i = 0; i < nops; i++)
      {
@@ -111,7 +111,7 @@ index 1ded0d2a17d..989957f048e 100644
          return false;
  
        if (i == 0)
-@@ -15389,6 +15402,7 @@ gen_operands_ldrd_strd (rtx *operands, bool load,
+@@ -16114,6 +16127,7 @@ gen_operands_ldrd_strd (rtx *operands, bool load,
        /* Swap the instructions such that lower memory is accessed first.  */
        std::swap (operands[0], operands[1]);
        std::swap (operands[2], operands[3]);
@@ -119,7 +119,7 @@ index 1ded0d2a17d..989957f048e 100644
        if (const_store)
          std::swap (operands[4], operands[5]);
      }
-@@ -15402,6 +15416,9 @@ gen_operands_ldrd_strd (rtx *operands, bool load,
+@@ -16127,6 +16141,9 @@ gen_operands_ldrd_strd (rtx *operands, bool load,
    if (gap != 4)
      return false;
  
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0001-enable-FL_LPAE-flag-for-armv7ve-cores.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0001-enable-FL_LPAE-flag-for-armv7ve-cores.patch
new file mode 100644
index 0000000000..3f664c5885
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0001-enable-FL_LPAE-flag-for-armv7ve-cores.patch
@@ -0,0 +1,67 @@
+From 22fcc126fad61a8e9ddaaabbc8036644273642dc Mon Sep 17 00:00:00 2001
+From: ktkachov <ktkachov@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 9 Nov 2017 14:34:28 +0000
+Subject: [PATCH] enable FL_LPAE flag for armv7ve cores
+
+The following commit added the FL_LPAE flag to FL_FOR_ARCH7VE, but
+neglected to also add it to the armv7ve compatible cores defined in
+arm-cores.def.
+
+  https://github.com/gcc-mirror/gcc/commit/af2d9b9e58e8be576c53d94f30c48c68146b0c98
+
+The result is that gcc 6.4 now refuses to allow -march=armv7ve and
+-mcpu=XXX to be used together, even when -mcpu is set to an armv7ve
+compatible core:
+
+  arm-linux-gnueabi-gcc -march=armv7ve -mcpu=cortex-a7 -Werror ...
+  error: switch -mcpu=cortex-a7 conflicts with -march=armv7ve switch [-Werror]
+
+Fix by defining flags for armv7ve compatible cores directly from
+FL_FOR_ARCH7VE, rather than re-creating the armv7ve flags
+independently by combining FL_FOR_ARCH7A with the armv7ve specific
+FL_THUMB_DIV and FL_ARM_DIV flags.
+
+Upstream-Status: Backport
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-6-branch@254584 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ gcc/config/arm/arm-cores.def | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/gcc/config/arm/arm-cores.def b/gcc/config/arm/arm-cores.def
+index 829b839..ca37e6f 100644
+--- a/gcc/config/arm/arm-cores.def
++++ b/gcc/config/arm/arm-cores.def
+@@ -145,12 +145,12 @@ ARM_CORE("cortex-m0plus.small-multiply",cortexm0plussmallmultiply, cortexm0plus,
+ /* V7 Architecture Processors */
+ ARM_CORE("generic-armv7-a",	genericv7a, genericv7a,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7A), cortex)
+ ARM_CORE("cortex-a5",		cortexa5, cortexa5,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7A), cortex_a5)
+-ARM_CORE("cortex-a7",		cortexa7, cortexa7,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_THUMB_DIV | FL_ARM_DIV | FL_FOR_ARCH7A), cortex_a7)
++ARM_CORE("cortex-a7",		cortexa7, cortexa7,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7VE), cortex_a7)
+ ARM_CORE("cortex-a8",		cortexa8, cortexa8,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7A), cortex_a8)
+ ARM_CORE("cortex-a9",		cortexa9, cortexa9,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7A), cortex_a9)
+-ARM_CORE("cortex-a12",		cortexa12, cortexa17,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_THUMB_DIV | FL_ARM_DIV | FL_FOR_ARCH7A), cortex_a12)
+-ARM_CORE("cortex-a15",		cortexa15, cortexa15,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_THUMB_DIV | FL_ARM_DIV | FL_FOR_ARCH7A), cortex_a15)
+-ARM_CORE("cortex-a17",		cortexa17, cortexa17,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_THUMB_DIV | FL_ARM_DIV | FL_FOR_ARCH7A), cortex_a12)
++ARM_CORE("cortex-a12",		cortexa12, cortexa17,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7VE), cortex_a12)
++ARM_CORE("cortex-a15",		cortexa15, cortexa15,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7VE), cortex_a15)
++ARM_CORE("cortex-a17",		cortexa17, cortexa17,		7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7VE), cortex_a12)
+ ARM_CORE("cortex-r4",		cortexr4, cortexr4,		7R,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7R), cortex)
+ ARM_CORE("cortex-r4f",		cortexr4f, cortexr4f,		7R,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7R), cortex)
+ ARM_CORE("cortex-r5",		cortexr5, cortexr5,		7R,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_ARM_DIV | FL_FOR_ARCH7R), cortex)
+@@ -162,8 +162,8 @@ ARM_CORE("cortex-m3",		cortexm3, cortexm3,		7M,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED |
+ ARM_CORE("marvell-pj4",		marvell_pj4, marvell_pj4,	7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7A), marvell_pj4)
+ 
+ /* V7 big.LITTLE implementations */
+-ARM_CORE("cortex-a15.cortex-a7", cortexa15cortexa7, cortexa7,	7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_THUMB_DIV | FL_ARM_DIV | FL_FOR_ARCH7A), cortex_a15)
+-ARM_CORE("cortex-a17.cortex-a7", cortexa17cortexa7, cortexa7,	7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_THUMB_DIV | FL_ARM_DIV | FL_FOR_ARCH7A), cortex_a12)
++ARM_CORE("cortex-a15.cortex-a7", cortexa15cortexa7, cortexa7,	7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7VE), cortex_a15)
++ARM_CORE("cortex-a17.cortex-a7", cortexa17cortexa7, cortexa7,	7A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_FOR_ARCH7VE), cortex_a12)
+ 
+ /* V8 Architecture Processors */
+ ARM_CORE("cortex-a32",	cortexa32, cortexa53,	8A,	ARM_FSET_MAKE_CPU1 (FL_LDSCHED | FL_CRC32 | FL_FOR_ARCH8A), cortex_a35)
+-- 
+1.9.1
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0001-i386-Move-struct-ix86_frame-to-machine_function.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0001-i386-Move-struct-ix86_frame-to-machine_function.patch
new file mode 100644
index 0000000000..00b0ffd156
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0001-i386-Move-struct-ix86_frame-to-machine_function.patch
@@ -0,0 +1,247 @@
+From c2c7775c5587dc59b6756162d390d89d60971a16 Mon Sep 17 00:00:00 2001
+From: hjl <hjl@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 15 Jan 2018 11:27:24 +0000
+Subject: [PATCH 01/12] i386: Move struct ix86_frame to machine_function
+
+Make ix86_frame available to i386 code generation.  This is needed to
+backport the patch set of -mindirect-branch= to mitigate variant #2 of
+the speculative execution vulnerabilities on x86 processors identified
+by CVE-2017-5715, aka Spectre.
+
+	Backport from mainline
+	2017-06-01  Bernd Edlinger  <bernd.edlinger@hotmail.de>
+
+	* config/i386/i386.c (ix86_frame): Moved to ...
+	* config/i386/i386.h (ix86_frame): Here.
+	(machine_function): Add frame.
+	* config/i386/i386.c (ix86_compute_frame_layout): Repace the
+	frame argument with &cfun->machine->frame.
+	(ix86_can_use_return_insn_p): Don't pass &frame to
+	ix86_compute_frame_layout.  Copy frame from cfun->machine->frame.
+	(ix86_can_eliminate): Likewise.
+	(ix86_expand_prologue): Likewise.
+	(ix86_expand_epilogue): Likewise.
+	(ix86_expand_split_stack_prologue): Likewise.
+
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386.c | 68 ++++++++++----------------------------------------
+ gcc/config/i386/i386.h | 53 ++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 65 insertions(+), 56 deletions(-)
+
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 8b5faac..a1ff32b 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -2434,53 +2434,6 @@ struct GTY(()) stack_local_entry {
+   struct stack_local_entry *next;
+ };
+ 
+-/* Structure describing stack frame layout.
+-   Stack grows downward:
+-
+-   [arguments]
+-					<- ARG_POINTER
+-   saved pc
+-
+-   saved static chain			if ix86_static_chain_on_stack
+-
+-   saved frame pointer			if frame_pointer_needed
+-					<- HARD_FRAME_POINTER
+-   [saved regs]
+-					<- regs_save_offset
+-   [padding0]
+-
+-   [saved SSE regs]
+-					<- sse_regs_save_offset
+-   [padding1]          |
+-		       |		<- FRAME_POINTER
+-   [va_arg registers]  |
+-		       |
+-   [frame]	       |
+-		       |
+-   [padding2]	       | = to_allocate
+-					<- STACK_POINTER
+-  */
+-struct ix86_frame
+-{
+-  int nsseregs;
+-  int nregs;
+-  int va_arg_size;
+-  int red_zone_size;
+-  int outgoing_arguments_size;
+-
+-  /* The offsets relative to ARG_POINTER.  */
+-  HOST_WIDE_INT frame_pointer_offset;
+-  HOST_WIDE_INT hard_frame_pointer_offset;
+-  HOST_WIDE_INT stack_pointer_offset;
+-  HOST_WIDE_INT hfp_save_offset;
+-  HOST_WIDE_INT reg_save_offset;
+-  HOST_WIDE_INT sse_reg_save_offset;
+-
+-  /* When save_regs_using_mov is set, emit prologue using
+-     move instead of push instructions.  */
+-  bool save_regs_using_mov;
+-};
+-
+ /* Which cpu are we scheduling for.  */
+ enum attr_cpu ix86_schedule;
+ 
+@@ -2572,7 +2525,7 @@ static unsigned int ix86_function_arg_boundary (machine_mode,
+ 						const_tree);
+ static rtx ix86_static_chain (const_tree, bool);
+ static int ix86_function_regparm (const_tree, const_tree);
+-static void ix86_compute_frame_layout (struct ix86_frame *);
++static void ix86_compute_frame_layout (void);
+ static bool ix86_expand_vector_init_one_nonzero (bool, machine_mode,
+ 						 rtx, rtx, int);
+ static void ix86_add_new_builtins (HOST_WIDE_INT);
+@@ -10944,7 +10897,8 @@ ix86_can_use_return_insn_p (void)
+   if (crtl->args.pops_args && crtl->args.size >= 32768)
+     return 0;
+ 
+-  ix86_compute_frame_layout (&frame);
++  ix86_compute_frame_layout ();
++  frame = cfun->machine->frame;
+   return (frame.stack_pointer_offset == UNITS_PER_WORD
+ 	  && (frame.nregs + frame.nsseregs) == 0);
+ }
+@@ -11355,8 +11309,8 @@ ix86_can_eliminate (const int from, const int to)
+ HOST_WIDE_INT
+ ix86_initial_elimination_offset (int from, int to)
+ {
+-  struct ix86_frame frame;
+-  ix86_compute_frame_layout (&frame);
++  ix86_compute_frame_layout ();
++  struct ix86_frame frame = cfun->machine->frame;
+ 
+   if (from == ARG_POINTER_REGNUM && to == HARD_FRAME_POINTER_REGNUM)
+     return frame.hard_frame_pointer_offset;
+@@ -11395,8 +11349,9 @@ ix86_builtin_setjmp_frame_value (void)
+ /* Fill structure ix86_frame about frame of currently computed function.  */
+ 
+ static void
+-ix86_compute_frame_layout (struct ix86_frame *frame)
++ix86_compute_frame_layout (void)
+ {
++  struct ix86_frame *frame = &cfun->machine->frame;
+   unsigned HOST_WIDE_INT stack_alignment_needed;
+   HOST_WIDE_INT offset;
+   unsigned HOST_WIDE_INT preferred_alignment;
+@@ -12702,7 +12657,8 @@ ix86_expand_prologue (void)
+   m->fs.sp_offset = INCOMING_FRAME_SP_OFFSET;
+   m->fs.sp_valid = true;
+ 
+-  ix86_compute_frame_layout (&frame);
++  ix86_compute_frame_layout ();
++  frame = m->frame;
+ 
+   if (!TARGET_64BIT && ix86_function_ms_hook_prologue (current_function_decl))
+     {
+@@ -13379,7 +13335,8 @@ ix86_expand_epilogue (int style)
+   bool using_drap;
+ 
+   ix86_finalize_stack_realign_flags ();
+-  ix86_compute_frame_layout (&frame);
++  ix86_compute_frame_layout ();
++  frame = m->frame;
+ 
+   m->fs.sp_valid = (!frame_pointer_needed
+ 		    || (crtl->sp_is_unchanging
+@@ -13876,7 +13833,8 @@ ix86_expand_split_stack_prologue (void)
+   gcc_assert (flag_split_stack && reload_completed);
+ 
+   ix86_finalize_stack_realign_flags ();
+-  ix86_compute_frame_layout (&frame);
++  ix86_compute_frame_layout ();
++  frame = cfun->machine->frame;
+   allocate = frame.stack_pointer_offset - INCOMING_FRAME_SP_OFFSET;
+ 
+   /* This is the label we will branch to if we have enough stack
+diff --git a/gcc/config/i386/i386.h b/gcc/config/i386/i386.h
+index 8113f83..5414416 100644
+--- a/gcc/config/i386/i386.h
++++ b/gcc/config/i386/i386.h
+@@ -2427,9 +2427,56 @@ enum avx_u128_state
+ 
+ #define FASTCALL_PREFIX '@'
+ 
++#ifndef USED_FOR_TARGET
++/* Structure describing stack frame layout.
++   Stack grows downward:
++
++   [arguments]
++					<- ARG_POINTER
++   saved pc
++
++   saved static chain			if ix86_static_chain_on_stack
++
++   saved frame pointer			if frame_pointer_needed
++					<- HARD_FRAME_POINTER
++   [saved regs]
++					<- regs_save_offset
++   [padding0]
++
++   [saved SSE regs]
++					<- sse_regs_save_offset
++   [padding1]          |
++		       |		<- FRAME_POINTER
++   [va_arg registers]  |
++		       |
++   [frame]	       |
++		       |
++   [padding2]	       | = to_allocate
++					<- STACK_POINTER
++  */
++struct GTY(()) ix86_frame
++{
++  int nsseregs;
++  int nregs;
++  int va_arg_size;
++  int red_zone_size;
++  int outgoing_arguments_size;
++
++  /* The offsets relative to ARG_POINTER.  */
++  HOST_WIDE_INT frame_pointer_offset;
++  HOST_WIDE_INT hard_frame_pointer_offset;
++  HOST_WIDE_INT stack_pointer_offset;
++  HOST_WIDE_INT hfp_save_offset;
++  HOST_WIDE_INT reg_save_offset;
++  HOST_WIDE_INT sse_reg_save_offset;
++
++  /* When save_regs_using_mov is set, emit prologue using
++     move instead of push instructions.  */
++  bool save_regs_using_mov;
++};
++
+ /* Machine specific frame tracking during prologue/epilogue generation.  */
+ 
+-#ifndef USED_FOR_TARGET
+ struct GTY(()) machine_frame_state
+ {
+   /* This pair tracks the currently active CFA as reg+offset.  When reg
+@@ -2475,6 +2522,9 @@ struct GTY(()) machine_function {
+   int varargs_fpr_size;
+   int optimize_mode_switching[MAX_386_ENTITIES];
+ 
++  /* Cached initial frame layout for the current function.  */
++  struct ix86_frame frame;
++
+   /* Number of saved registers USE_FAST_PROLOGUE_EPILOGUE
+      has been computed for.  */
+   int use_fast_prologue_epilogue_nregs;
+@@ -2554,6 +2604,7 @@ struct GTY(()) machine_function {
+ #define ix86_current_function_calls_tls_descriptor \
+   (ix86_tls_descriptor_calls_expanded_in_cfun && df_regs_ever_live_p (SP_REG))
+ #define ix86_static_chain_on_stack (cfun->machine->static_chain_on_stack)
++#define ix86_red_zone_size (cfun->machine->frame.red_zone_size)
+ 
+ /* Control behavior of x86_file_start.  */
+ #define X86_FILE_START_VERSION_DIRECTIVE false
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.patch
new file mode 100644
index 0000000000..df65b08f93
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0002-i386-Use-reference-of-struct-ix86_frame-to-avoid-cop.patch
@@ -0,0 +1,74 @@
+From fe2b3be3f4b6ec6b3a6f89c26016a3983b7cb351 Mon Sep 17 00:00:00 2001
+From: hjl <hjl@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 15 Jan 2018 11:28:44 +0000
+Subject: [PATCH 02/12] i386: Use reference of struct ix86_frame to avoid copy
+
+When there is no need to make a copy of ix86_frame, we can use reference
+of struct ix86_frame to avoid copy.
+
+	Backport from mainline
+	2017-11-06  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/i386.c (ix86_can_use_return_insn_p): Use reference
+	of struct ix86_frame.
+	(ix86_initial_elimination_offset): Likewise.
+	(ix86_expand_split_stack_prologue): Likewise.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index a1ff32b..13ebf10 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -10887,7 +10887,6 @@ symbolic_reference_mentioned_p (rtx op)
+ bool
+ ix86_can_use_return_insn_p (void)
+ {
+-  struct ix86_frame frame;
+ 
+   if (! reload_completed || frame_pointer_needed)
+     return 0;
+@@ -10898,7 +10897,7 @@ ix86_can_use_return_insn_p (void)
+     return 0;
+ 
+   ix86_compute_frame_layout ();
+-  frame = cfun->machine->frame;
++  struct ix86_frame &frame = cfun->machine->frame;
+   return (frame.stack_pointer_offset == UNITS_PER_WORD
+ 	  && (frame.nregs + frame.nsseregs) == 0);
+ }
+@@ -11310,7 +11309,7 @@ HOST_WIDE_INT
+ ix86_initial_elimination_offset (int from, int to)
+ {
+   ix86_compute_frame_layout ();
+-  struct ix86_frame frame = cfun->machine->frame;
++  struct ix86_frame &frame = cfun->machine->frame;
+ 
+   if (from == ARG_POINTER_REGNUM && to == HARD_FRAME_POINTER_REGNUM)
+     return frame.hard_frame_pointer_offset;
+@@ -13821,7 +13820,6 @@ static GTY(()) rtx split_stack_fn_large;
+ void
+ ix86_expand_split_stack_prologue (void)
+ {
+-  struct ix86_frame frame;
+   HOST_WIDE_INT allocate;
+   unsigned HOST_WIDE_INT args_size;
+   rtx_code_label *label;
+@@ -13834,7 +13832,7 @@ ix86_expand_split_stack_prologue (void)
+ 
+   ix86_finalize_stack_realign_flags ();
+   ix86_compute_frame_layout ();
+-  frame = cfun->machine->frame;
++  struct ix86_frame &frame = cfun->machine->frame;
+   allocate = frame.stack_pointer_offset - INCOMING_FRAME_SP_OFFSET;
+ 
+   /* This is the label we will branch to if we have enough stack
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0003-i386-Use-const-reference-of-struct-ix86_frame-to-avo.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0003-i386-Use-const-reference-of-struct-ix86_frame-to-avo.patch
new file mode 100644
index 0000000000..a5ffd85d6f
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0003-i386-Use-const-reference-of-struct-ix86_frame-to-avo.patch
@@ -0,0 +1,131 @@
+From 82243732dc63e9b90396a5ae4ad99ca36af81355 Mon Sep 17 00:00:00 2001
+From: hjl <hjl@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Sat, 27 Jan 2018 13:10:24 +0000
+Subject: [PATCH 03/12] i386: Use const reference of struct ix86_frame to avoid
+ copy
+
+We can use const reference of struct ix86_frame to avoid making a local
+copy of ix86_frame.  ix86_expand_epilogue makes a local copy of struct
+ix86_frame and uses the reg_save_offset field as a local variable.  This
+patch uses a separate local variable for reg_save_offset.
+
+Tested on x86-64 with ada.
+
+	Backport from mainline
+	PR target/83905
+	* config/i386/i386.c (ix86_expand_prologue): Use cost reference
+	of struct ix86_frame.
+	(ix86_expand_epilogue): Likewise.  Add a local variable for
+	the reg_save_offset field in struct ix86_frame.
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@257123 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 13ebf10..6c98f75 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -12633,7 +12633,6 @@ ix86_expand_prologue (void)
+ {
+   struct machine_function *m = cfun->machine;
+   rtx insn, t;
+-  struct ix86_frame frame;
+   HOST_WIDE_INT allocate;
+   bool int_registers_saved;
+   bool sse_registers_saved;
+@@ -12657,7 +12656,7 @@ ix86_expand_prologue (void)
+   m->fs.sp_valid = true;
+ 
+   ix86_compute_frame_layout ();
+-  frame = m->frame;
++  const struct ix86_frame &frame = cfun->machine->frame;
+ 
+   if (!TARGET_64BIT && ix86_function_ms_hook_prologue (current_function_decl))
+     {
+@@ -13329,13 +13328,12 @@ ix86_expand_epilogue (int style)
+ {
+   struct machine_function *m = cfun->machine;
+   struct machine_frame_state frame_state_save = m->fs;
+-  struct ix86_frame frame;
+   bool restore_regs_via_mov;
+   bool using_drap;
+ 
+   ix86_finalize_stack_realign_flags ();
+   ix86_compute_frame_layout ();
+-  frame = m->frame;
++  const struct ix86_frame &frame = cfun->machine->frame;
+ 
+   m->fs.sp_valid = (!frame_pointer_needed
+ 		    || (crtl->sp_is_unchanging
+@@ -13377,11 +13375,13 @@ ix86_expand_epilogue (int style)
+ 				  + UNITS_PER_WORD);
+     }
+ 
++  HOST_WIDE_INT reg_save_offset = frame.reg_save_offset;
++
+   /* Special care must be taken for the normal return case of a function
+      using eh_return: the eax and edx registers are marked as saved, but
+      not restored along this path.  Adjust the save location to match.  */
+   if (crtl->calls_eh_return && style != 2)
+-    frame.reg_save_offset -= 2 * UNITS_PER_WORD;
++    reg_save_offset -= 2 * UNITS_PER_WORD;
+ 
+   /* EH_RETURN requires the use of moves to function properly.  */
+   if (crtl->calls_eh_return)
+@@ -13397,11 +13397,11 @@ ix86_expand_epilogue (int style)
+   else if (TARGET_EPILOGUE_USING_MOVE
+ 	   && cfun->machine->use_fast_prologue_epilogue
+ 	   && (frame.nregs > 1
+-	       || m->fs.sp_offset != frame.reg_save_offset))
++	       || m->fs.sp_offset != reg_save_offset))
+     restore_regs_via_mov = true;
+   else if (frame_pointer_needed
+ 	   && !frame.nregs
+-	   && m->fs.sp_offset != frame.reg_save_offset)
++	   && m->fs.sp_offset != reg_save_offset)
+     restore_regs_via_mov = true;
+   else if (frame_pointer_needed
+ 	   && TARGET_USE_LEAVE
+@@ -13439,7 +13439,7 @@ ix86_expand_epilogue (int style)
+       rtx t;
+ 
+       if (frame.nregs)
+-	ix86_emit_restore_regs_using_mov (frame.reg_save_offset, style == 2);
++	ix86_emit_restore_regs_using_mov (reg_save_offset, style == 2);
+ 
+       /* eh_return epilogues need %ecx added to the stack pointer.  */
+       if (style == 2)
+@@ -13529,19 +13529,19 @@ ix86_expand_epilogue (int style)
+ 	 epilogues.  */
+       if (!m->fs.sp_valid
+  	  || (TARGET_SEH
+-	      && (m->fs.sp_offset - frame.reg_save_offset
++	      && (m->fs.sp_offset - reg_save_offset
+ 		  >= SEH_MAX_FRAME_SIZE)))
+ 	{
+ 	  pro_epilogue_adjust_stack (stack_pointer_rtx, hard_frame_pointer_rtx,
+ 				     GEN_INT (m->fs.fp_offset
+-					      - frame.reg_save_offset),
++					      - reg_save_offset),
+ 				     style, false);
+ 	}
+-      else if (m->fs.sp_offset != frame.reg_save_offset)
++      else if (m->fs.sp_offset != reg_save_offset)
+ 	{
+ 	  pro_epilogue_adjust_stack (stack_pointer_rtx, stack_pointer_rtx,
+ 				     GEN_INT (m->fs.sp_offset
+-					      - frame.reg_save_offset),
++					      - reg_save_offset),
+ 				     style,
+ 				     m->fs.cfa_reg == stack_pointer_rtx);
+ 	}
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0004-x86-Add-mindirect-branch.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0004-x86-Add-mindirect-branch.patch
new file mode 100644
index 0000000000..a9d6e5ff2d
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0004-x86-Add-mindirect-branch.patch
@@ -0,0 +1,2154 @@
+From 6140c2c0bb2b61e69d0da84315e0433ff3520aaa Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 6 Jan 2018 22:29:55 -0800
+Subject: [PATCH 04/12] x86: Add -mindirect-branch=
+
+Add -mindirect-branch= option to convert indirect call and jump to call
+and return thunks.  The default is 'keep', which keeps indirect call and
+jump unmodified.  'thunk' converts indirect call and jump to call and
+return thunk.  'thunk-inline' converts indirect call and jump to inlined
+call and return thunk.  'thunk-extern' converts indirect call and jump to
+external call and return thunk provided in a separate object file.  You
+can control this behavior for a specific function by using the function
+attribute indirect_branch.
+
+2 kinds of thunks are geneated.  Memory thunk where the function address
+is at the top of the stack:
+
+__x86_indirect_thunk:
+	call L2
+L1:
+	pause
+	lfence
+	jmp L1
+L2:
+	lea 8(%rsp), %rsp|lea 4(%esp), %esp
+	ret
+
+Indirect jmp via memory, "jmp mem", is converted to
+
+	push memory
+	jmp __x86_indirect_thunk
+
+Indirect call via memory, "call mem", is converted to
+
+	jmp L2
+L1:
+	push [mem]
+	jmp __x86_indirect_thunk
+L2:
+	call L1
+
+Register thunk where the function address is in a register, reg:
+
+__x86_indirect_thunk_reg:
+	call	L2
+L1:
+	pause
+	lfence
+	jmp	L1
+L2:
+	movq	%reg, (%rsp)|movl    %reg, (%esp)
+	ret
+
+where reg is one of (r|e)ax, (r|e)dx, (r|e)cx, (r|e)bx, (r|e)si, (r|e)di,
+(r|e)bp, r8, r9, r10, r11, r12, r13, r14 and r15.
+
+Indirect jmp via register, "jmp reg", is converted to
+
+	jmp __x86_indirect_thunk_reg
+
+Indirect call via register, "call reg", is converted to
+
+	call __x86_indirect_thunk_reg
+
+gcc/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/i386-opts.h (indirect_branch): New.
+	* config/i386/i386-protos.h (ix86_output_indirect_jmp): Likewise.
+	* config/i386/i386.c (ix86_using_red_zone): Disallow red-zone
+	with local indirect jump when converting indirect call and jump.
+	(ix86_set_indirect_branch_type): New.
+	(ix86_set_current_function): Call ix86_set_indirect_branch_type.
+	(indirectlabelno): New.
+	(indirect_thunk_needed): Likewise.
+	(indirect_thunk_bnd_needed): Likewise.
+	(indirect_thunks_used): Likewise.
+	(indirect_thunks_bnd_used): Likewise.
+	(INDIRECT_LABEL): Likewise.
+	(indirect_thunk_name): Likewise.
+	(output_indirect_thunk): Likewise.
+	(output_indirect_thunk_function): Likewise.
+	(ix86_output_indirect_branch_via_reg): Likewise.
+	(ix86_output_indirect_branch_via_push): Likewise.
+	(ix86_output_indirect_branch): Likewise.
+	(ix86_output_indirect_jmp): Likewise.
+	(ix86_code_end): Call output_indirect_thunk_function if needed.
+	(ix86_output_call_insn): Call ix86_output_indirect_branch if
+	needed.
+	(ix86_handle_fndecl_attribute): Handle indirect_branch.
+	(ix86_attribute_table): Add indirect_branch.
+	* config/i386/i386.h (machine_function): Add indirect_branch_type
+	and has_local_indirect_jump.
+	* config/i386/i386.md (indirect_jump): Set has_local_indirect_jump
+	to true.
+	(tablejump): Likewise.
+	(*indirect_jump): Use ix86_output_indirect_jmp.
+	(*tablejump_1): Likewise.
+	(simple_return_indirect_internal): Likewise.
+	* config/i386/i386.opt (mindirect-branch=): New option.
+	(indirect_branch): New.
+	(keep): Likewise.
+	(thunk): Likewise.
+	(thunk-inline): Likewise.
+	(thunk-extern): Likewise.
+	* doc/extend.texi: Document indirect_branch function attribute.
+	* doc/invoke.texi: Document -mindirect-branch= option.
+
+gcc/testsuite/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* gcc.target/i386/indirect-thunk-1.c: New test.
+	* gcc.target/i386/indirect-thunk-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-8.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-7.c: Likewise.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386-opts.h                        |  13 +
+ gcc/config/i386/i386-protos.h                      |   1 +
+ gcc/config/i386/i386.c                             | 639 ++++++++++++++++++++-
+ gcc/config/i386/i386.h                             |   7 +
+ gcc/config/i386/i386.md                            |  26 +-
+ gcc/config/i386/i386.opt                           |  20 +
+ gcc/doc/extend.texi                                |  10 +
+ gcc/doc/invoke.texi                                |  13 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-1.c   |  20 +
+ gcc/testsuite/gcc.target/i386/indirect-thunk-2.c   |  20 +
+ gcc/testsuite/gcc.target/i386/indirect-thunk-3.c   |  21 +
+ gcc/testsuite/gcc.target/i386/indirect-thunk-4.c   |  21 +
+ gcc/testsuite/gcc.target/i386/indirect-thunk-5.c   |  17 +
+ gcc/testsuite/gcc.target/i386/indirect-thunk-6.c   |  18 +
+ gcc/testsuite/gcc.target/i386/indirect-thunk-7.c   |  44 ++
+ .../gcc.target/i386/indirect-thunk-attr-1.c        |  23 +
+ .../gcc.target/i386/indirect-thunk-attr-2.c        |  21 +
+ .../gcc.target/i386/indirect-thunk-attr-3.c        |  23 +
+ .../gcc.target/i386/indirect-thunk-attr-4.c        |  22 +
+ .../gcc.target/i386/indirect-thunk-attr-5.c        |  22 +
+ .../gcc.target/i386/indirect-thunk-attr-6.c        |  21 +
+ .../gcc.target/i386/indirect-thunk-attr-7.c        |  44 ++
+ .../gcc.target/i386/indirect-thunk-attr-8.c        |  42 ++
+ .../gcc.target/i386/indirect-thunk-bnd-1.c         |  20 +
+ .../gcc.target/i386/indirect-thunk-bnd-2.c         |  21 +
+ .../gcc.target/i386/indirect-thunk-bnd-3.c         |  19 +
+ .../gcc.target/i386/indirect-thunk-bnd-4.c         |  20 +
+ .../gcc.target/i386/indirect-thunk-extern-1.c      |  19 +
+ .../gcc.target/i386/indirect-thunk-extern-2.c      |  19 +
+ .../gcc.target/i386/indirect-thunk-extern-3.c      |  20 +
+ .../gcc.target/i386/indirect-thunk-extern-4.c      |  20 +
+ .../gcc.target/i386/indirect-thunk-extern-5.c      |  16 +
+ .../gcc.target/i386/indirect-thunk-extern-6.c      |  17 +
+ .../gcc.target/i386/indirect-thunk-extern-7.c      |  43 ++
+ .../gcc.target/i386/indirect-thunk-inline-1.c      |  20 +
+ .../gcc.target/i386/indirect-thunk-inline-2.c      |  20 +
+ .../gcc.target/i386/indirect-thunk-inline-3.c      |  21 +
+ .../gcc.target/i386/indirect-thunk-inline-4.c      |  21 +
+ .../gcc.target/i386/indirect-thunk-inline-5.c      |  17 +
+ .../gcc.target/i386/indirect-thunk-inline-6.c      |  18 +
+ .../gcc.target/i386/indirect-thunk-inline-7.c      |  44 ++
+ 41 files changed, 1486 insertions(+), 17 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-8.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+
+diff --git a/gcc/config/i386/i386-opts.h b/gcc/config/i386/i386-opts.h
+index b7f92e3..cc21152 100644
+--- a/gcc/config/i386/i386-opts.h
++++ b/gcc/config/i386/i386-opts.h
+@@ -99,4 +99,17 @@ enum stack_protector_guard {
+   SSP_GLOBAL    /* global canary */
+ };
+ 
++/* This is used to mitigate variant #2 of the speculative execution
++   vulnerabilities on x86 processors identified by CVE-2017-5715, aka
++   Spectre.  They convert indirect branches and function returns to
++   call and return thunks to avoid speculative execution via indirect
++   call, jmp and ret.  */
++enum indirect_branch {
++  indirect_branch_unset = 0,
++  indirect_branch_keep,
++  indirect_branch_thunk,
++  indirect_branch_thunk_inline,
++  indirect_branch_thunk_extern
++};
++
+ #endif
+diff --git a/gcc/config/i386/i386-protos.h b/gcc/config/i386/i386-protos.h
+index ff47bc1..eca4cbf 100644
+--- a/gcc/config/i386/i386-protos.h
++++ b/gcc/config/i386/i386-protos.h
+@@ -311,6 +311,7 @@ extern enum attr_cpu ix86_schedule;
+ #endif
+ 
+ extern const char * ix86_output_call_insn (rtx_insn *insn, rtx call_op);
++extern const char * ix86_output_indirect_jmp (rtx call_op, bool ret_p);
+ extern bool ix86_operands_ok_for_move_multiple (rtx *operands, bool load,
+ 						enum machine_mode mode);
+ 
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 6c98f75..0b9fc4d 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -3662,12 +3662,23 @@ make_pass_stv (gcc::context *ctxt)
+   return new pass_stv (ctxt);
+ }
+ 
+-/* Return true if a red-zone is in use.  */
++/* Return true if a red-zone is in use.  We can't use red-zone when
++   there are local indirect jumps, like "indirect_jump" or "tablejump",
++   which jumps to another place in the function, since "call" in the
++   indirect thunk pushes the return address onto stack, destroying
++   red-zone.
++
++   TODO: If we can reserve the first 2 WORDs, for PUSH and, another
++   for CALL, in red-zone, we can allow local indirect jumps with
++   indirect thunk.  */
+ 
+ bool
+ ix86_using_red_zone (void)
+ {
+-  return TARGET_RED_ZONE && !TARGET_64BIT_MS_ABI;
++  return (TARGET_RED_ZONE
++	  && !TARGET_64BIT_MS_ABI
++	  && (!cfun->machine->has_local_indirect_jump
++	      || cfun->machine->indirect_branch_type == indirect_branch_keep));
+ }
+ 
+ /* Return a string that documents the current -m options.  The caller is
+@@ -6350,6 +6361,37 @@ ix86_reset_previous_fndecl (void)
+   ix86_previous_fndecl = NULL_TREE;
+ }
+ 
++/* Set the indirect_branch_type field from the function FNDECL.  */
++
++static void
++ix86_set_indirect_branch_type (tree fndecl)
++{
++  if (cfun->machine->indirect_branch_type == indirect_branch_unset)
++    {
++      tree attr = lookup_attribute ("indirect_branch",
++				    DECL_ATTRIBUTES (fndecl));
++      if (attr != NULL)
++	{
++	  tree args = TREE_VALUE (attr);
++	  if (args == NULL)
++	    gcc_unreachable ();
++	  tree cst = TREE_VALUE (args);
++	  if (strcmp (TREE_STRING_POINTER (cst), "keep") == 0)
++	    cfun->machine->indirect_branch_type = indirect_branch_keep;
++	  else if (strcmp (TREE_STRING_POINTER (cst), "thunk") == 0)
++	    cfun->machine->indirect_branch_type = indirect_branch_thunk;
++	  else if (strcmp (TREE_STRING_POINTER (cst), "thunk-inline") == 0)
++	    cfun->machine->indirect_branch_type = indirect_branch_thunk_inline;
++	  else if (strcmp (TREE_STRING_POINTER (cst), "thunk-extern") == 0)
++	    cfun->machine->indirect_branch_type = indirect_branch_thunk_extern;
++	  else
++	    gcc_unreachable ();
++	}
++      else
++	cfun->machine->indirect_branch_type = ix86_indirect_branch;
++    }
++}
++
+ /* Establish appropriate back-end context for processing the function
+    FNDECL.  The argument might be NULL to indicate processing at top
+    level, outside of any function scope.  */
+@@ -6360,7 +6402,13 @@ ix86_set_current_function (tree fndecl)
+      several times in the course of compiling a function, and we don't want to
+      slow things down too much or call target_reinit when it isn't safe.  */
+   if (fndecl == ix86_previous_fndecl)
+-    return;
++    {
++      /* There may be 2 function bodies for the same function FNDECL,
++	 one is extern inline and one isn't.  */
++      if (fndecl != NULL_TREE)
++	ix86_set_indirect_branch_type (fndecl);
++      return;
++    }
+ 
+   tree old_tree;
+   if (ix86_previous_fndecl == NULL_TREE)
+@@ -6377,6 +6425,8 @@ ix86_set_current_function (tree fndecl)
+       return;
+     }
+ 
++  ix86_set_indirect_branch_type (fndecl);
++
+   tree new_tree = DECL_FUNCTION_SPECIFIC_TARGET (fndecl);
+   if (new_tree == NULL_TREE)
+     new_tree = target_option_default_node;
+@@ -10962,6 +11012,220 @@ ix86_setup_frame_addresses (void)
+ # endif
+ #endif
+ 
++/* Label count for call and return thunks.  It is used to make unique
++   labels in call and return thunks.  */
++static int indirectlabelno;
++
++/* True if call and return thunk functions are needed.  */
++static bool indirect_thunk_needed = false;
++/* True if call and return thunk functions with the BND prefix are
++   needed.  */
++static bool indirect_thunk_bnd_needed = false;
++
++/* Bit masks of integer registers, which contain branch target, used
++   by call and return thunks functions.  */
++static int indirect_thunks_used;
++/* Bit masks of integer registers, which contain branch target, used
++   by call and return thunks functions with the BND prefix.  */
++static int indirect_thunks_bnd_used;
++
++#ifndef INDIRECT_LABEL
++# define INDIRECT_LABEL "LIND"
++#endif
++
++/* Fills in the label name that should be used for the indirect thunk.  */
++
++static void
++indirect_thunk_name (char name[32], int regno, bool need_bnd_p)
++{
++  if (USE_HIDDEN_LINKONCE)
++    {
++      const char *bnd = need_bnd_p ? "_bnd" : "";
++      if (regno >= 0)
++	{
++	  const char *reg_prefix;
++	  if (LEGACY_INT_REGNO_P (regno))
++	    reg_prefix = TARGET_64BIT ? "r" : "e";
++	  else
++	    reg_prefix = "";
++	  sprintf (name, "__x86_indirect_thunk%s_%s%s",
++		   bnd, reg_prefix, reg_names[regno]);
++	}
++      else
++	sprintf (name, "__x86_indirect_thunk%s", bnd);
++    }
++  else
++    {
++      if (regno >= 0)
++	{
++	  if (need_bnd_p)
++	    ASM_GENERATE_INTERNAL_LABEL (name, "LITBR", regno);
++	  else
++	    ASM_GENERATE_INTERNAL_LABEL (name, "LITR", regno);
++	}
++      else
++	{
++	  if (need_bnd_p)
++	    ASM_GENERATE_INTERNAL_LABEL (name, "LITB", 0);
++	  else
++	    ASM_GENERATE_INTERNAL_LABEL (name, "LIT", 0);
++	}
++    }
++}
++
++/* Output a call and return thunk for indirect branch.  If BND_P is
++   true, the BND prefix is needed.   If REGNO != -1,  the function
++   address is in REGNO and the call and return thunk looks like:
++
++	call	L2
++   L1:
++	pause
++	jmp	L1
++   L2:
++	mov	%REG, (%sp)
++	ret
++
++   Otherwise, the function address is on the top of stack and the
++   call and return thunk looks like:
++
++	call L2
++  L1:
++	pause
++	jmp L1
++  L2:
++	lea WORD_SIZE(%sp), %sp
++	ret
++ */
++
++static void
++output_indirect_thunk (bool need_bnd_p, int regno)
++{
++  char indirectlabel1[32];
++  char indirectlabel2[32];
++
++  ASM_GENERATE_INTERNAL_LABEL (indirectlabel1, INDIRECT_LABEL,
++			       indirectlabelno++);
++  ASM_GENERATE_INTERNAL_LABEL (indirectlabel2, INDIRECT_LABEL,
++			       indirectlabelno++);
++
++  /* Call */
++  if (need_bnd_p)
++    fputs ("\tbnd call\t", asm_out_file);
++  else
++    fputs ("\tcall\t", asm_out_file);
++  assemble_name_raw (asm_out_file, indirectlabel2);
++  fputc ('\n', asm_out_file);
++
++  ASM_OUTPUT_INTERNAL_LABEL (asm_out_file, indirectlabel1);
++
++  /* Pause + lfence.  */
++  fprintf (asm_out_file, "\tpause\n\tlfence\n");
++
++  /* Jump.  */
++  fputs ("\tjmp\t", asm_out_file);
++  assemble_name_raw (asm_out_file, indirectlabel1);
++  fputc ('\n', asm_out_file);
++
++  ASM_OUTPUT_INTERNAL_LABEL (asm_out_file, indirectlabel2);
++
++  if (regno >= 0)
++    {
++      /* MOV.  */
++      rtx xops[2];
++      xops[0] = gen_rtx_MEM (word_mode, stack_pointer_rtx);
++      xops[1] = gen_rtx_REG (word_mode, regno);
++      output_asm_insn ("mov\t{%1, %0|%0, %1}", xops);
++    }
++  else
++    {
++      /* LEA.  */
++      rtx xops[2];
++      xops[0] = stack_pointer_rtx;
++      xops[1] = plus_constant (Pmode, stack_pointer_rtx, UNITS_PER_WORD);
++      output_asm_insn ("lea\t{%E1, %0|%0, %E1}", xops);
++    }
++
++  if (need_bnd_p)
++    fputs ("\tbnd ret\n", asm_out_file);
++  else
++    fputs ("\tret\n", asm_out_file);
++}
++
++/* Output a funtion with a call and return thunk for indirect branch.
++   If BND_P is true, the BND prefix is needed.   If REGNO != -1,  the
++   function address is in REGNO.  Otherwise, the function address is
++   on the top of stack.  */
++
++static void
++output_indirect_thunk_function (bool need_bnd_p, int regno)
++{
++  char name[32];
++  tree decl;
++
++  /* Create __x86_indirect_thunk/__x86_indirect_thunk_bnd.  */
++  indirect_thunk_name (name, regno, need_bnd_p);
++  decl = build_decl (BUILTINS_LOCATION, FUNCTION_DECL,
++		     get_identifier (name),
++		     build_function_type_list (void_type_node, NULL_TREE));
++  DECL_RESULT (decl) = build_decl (BUILTINS_LOCATION, RESULT_DECL,
++				   NULL_TREE, void_type_node);
++  TREE_PUBLIC (decl) = 1;
++  TREE_STATIC (decl) = 1;
++  DECL_IGNORED_P (decl) = 1;
++
++#if TARGET_MACHO
++  if (TARGET_MACHO)
++    {
++      switch_to_section (darwin_sections[picbase_thunk_section]);
++      fputs ("\t.weak_definition\t", asm_out_file);
++      assemble_name (asm_out_file, name);
++      fputs ("\n\t.private_extern\t", asm_out_file);
++      assemble_name (asm_out_file, name);
++      putc ('\n', asm_out_file);
++      ASM_OUTPUT_LABEL (asm_out_file, name);
++      DECL_WEAK (decl) = 1;
++    }
++  else
++#endif
++    if (USE_HIDDEN_LINKONCE)
++      {
++	cgraph_node::create (decl)->set_comdat_group (DECL_ASSEMBLER_NAME (decl));
++
++	targetm.asm_out.unique_section (decl, 0);
++	switch_to_section (get_named_section (decl, NULL, 0));
++
++	targetm.asm_out.globalize_label (asm_out_file, name);
++	fputs ("\t.hidden\t", asm_out_file);
++	assemble_name (asm_out_file, name);
++	putc ('\n', asm_out_file);
++	ASM_DECLARE_FUNCTION_NAME (asm_out_file, name, decl);
++      }
++    else
++      {
++	switch_to_section (text_section);
++	ASM_OUTPUT_LABEL (asm_out_file, name);
++      }
++
++  DECL_INITIAL (decl) = make_node (BLOCK);
++  current_function_decl = decl;
++  allocate_struct_function (decl, false);
++  init_function_start (decl);
++  /* We're about to hide the function body from callees of final_* by
++     emitting it directly; tell them we're a thunk, if they care.  */
++  cfun->is_thunk = true;
++  first_function_block_is_cold = false;
++  /* Make sure unwind info is emitted for the thunk if needed.  */
++  final_start_function (emit_barrier (), asm_out_file, 1);
++
++  output_indirect_thunk (need_bnd_p, regno);
++
++  final_end_function ();
++  init_insn_lengths ();
++  free_after_compilation (cfun);
++  set_cfun (NULL);
++  current_function_decl = NULL;
++}
++
+ static int pic_labels_used;
+ 
+ /* Fills in the label name that should be used for a pc thunk for
+@@ -10988,11 +11252,32 @@ ix86_code_end (void)
+   rtx xops[2];
+   int regno;
+ 
++  if (indirect_thunk_needed)
++    output_indirect_thunk_function (false, -1);
++  if (indirect_thunk_bnd_needed)
++    output_indirect_thunk_function (true, -1);
++
++  for (regno = FIRST_REX_INT_REG; regno <= LAST_REX_INT_REG; regno++)
++    {
++      int i = regno - FIRST_REX_INT_REG + LAST_INT_REG + 1;
++      if ((indirect_thunks_used & (1 << i)))
++	output_indirect_thunk_function (false, regno);
++
++      if ((indirect_thunks_bnd_used & (1 << i)))
++	output_indirect_thunk_function (true, regno);
++    }
++
+   for (regno = AX_REG; regno <= SP_REG; regno++)
+     {
+       char name[32];
+       tree decl;
+ 
++      if ((indirect_thunks_used & (1 << regno)))
++	output_indirect_thunk_function (false, regno);
++
++      if ((indirect_thunks_bnd_used & (1 << regno)))
++	output_indirect_thunk_function (true, regno);
++
+       if (!(pic_labels_used & (1 << regno)))
+ 	continue;
+ 
+@@ -27369,12 +27654,292 @@ ix86_nopic_noplt_attribute_p (rtx call_op)
+   return false;
+ }
+ 
++/* Output indirect branch via a call and return thunk.  CALL_OP is a
++   register which contains the branch target.  XASM is the assembly
++   template for CALL_OP.  Branch is a tail call if SIBCALL_P is true.
++   A normal call is converted to:
++
++	call __x86_indirect_thunk_reg
++
++   and a tail call is converted to:
++
++	jmp __x86_indirect_thunk_reg
++ */
++
++static void
++ix86_output_indirect_branch_via_reg (rtx call_op, bool sibcall_p)
++{
++  char thunk_name_buf[32];
++  char *thunk_name;
++  bool need_bnd_p = ix86_bnd_prefixed_insn_p (current_output_insn);
++  int regno = REGNO (call_op);
++
++  if (cfun->machine->indirect_branch_type
++      != indirect_branch_thunk_inline)
++    {
++      if (cfun->machine->indirect_branch_type == indirect_branch_thunk)
++	{
++	  int i = regno;
++	  if (i >= FIRST_REX_INT_REG)
++	    i -= (FIRST_REX_INT_REG - LAST_INT_REG - 1);
++	  if (need_bnd_p)
++	    indirect_thunks_bnd_used |= 1 << i;
++	  else
++	    indirect_thunks_used |= 1 << i;
++	}
++      indirect_thunk_name (thunk_name_buf, regno, need_bnd_p);
++      thunk_name = thunk_name_buf;
++    }
++  else
++    thunk_name = NULL;
++
++  if (sibcall_p)
++    {
++      if (thunk_name != NULL)
++	{
++	  if (need_bnd_p)
++	    fprintf (asm_out_file, "\tbnd jmp\t%s\n", thunk_name);
++	  else
++	    fprintf (asm_out_file, "\tjmp\t%s\n", thunk_name);
++	}
++      else
++	output_indirect_thunk (need_bnd_p, regno);
++    }
++  else
++    {
++      if (thunk_name != NULL)
++	{
++	  if (need_bnd_p)
++	    fprintf (asm_out_file, "\tbnd call\t%s\n", thunk_name);
++	  else
++	    fprintf (asm_out_file, "\tcall\t%s\n", thunk_name);
++	  return;
++	}
++
++      char indirectlabel1[32];
++      char indirectlabel2[32];
++
++      ASM_GENERATE_INTERNAL_LABEL (indirectlabel1,
++				   INDIRECT_LABEL,
++				   indirectlabelno++);
++      ASM_GENERATE_INTERNAL_LABEL (indirectlabel2,
++				   INDIRECT_LABEL,
++				   indirectlabelno++);
++
++      /* Jump.  */
++      if (need_bnd_p)
++	fputs ("\tbnd jmp\t", asm_out_file);
++      else
++	fputs ("\tjmp\t", asm_out_file);
++      assemble_name_raw (asm_out_file, indirectlabel2);
++      fputc ('\n', asm_out_file);
++
++      ASM_OUTPUT_INTERNAL_LABEL (asm_out_file, indirectlabel1);
++
++      if (thunk_name != NULL)
++	{
++	  if (need_bnd_p)
++	    fprintf (asm_out_file, "\tbnd jmp\t%s\n", thunk_name);
++	  else
++	    fprintf (asm_out_file, "\tjmp\t%s\n", thunk_name);
++	}
++      else
++	output_indirect_thunk (need_bnd_p, regno);
++
++      ASM_OUTPUT_INTERNAL_LABEL (asm_out_file, indirectlabel2);
++
++      /* Call.  */
++      if (need_bnd_p)
++	fputs ("\tbnd call\t", asm_out_file);
++      else
++	fputs ("\tcall\t", asm_out_file);
++      assemble_name_raw (asm_out_file, indirectlabel1);
++      fputc ('\n', asm_out_file);
++    }
++}
++
++/* Output indirect branch via a call and return thunk.  CALL_OP is
++   the branch target.  XASM is the assembly template for CALL_OP.
++   Branch is a tail call if SIBCALL_P is true.  A normal call is
++   converted to:
++
++	jmp L2
++   L1:
++	push CALL_OP
++	jmp __x86_indirect_thunk
++   L2:
++	call L1
++
++   and a tail call is converted to:
++
++	push CALL_OP
++	jmp __x86_indirect_thunk
++ */
++
++static void
++ix86_output_indirect_branch_via_push (rtx call_op, const char *xasm,
++				      bool sibcall_p)
++{
++  char thunk_name_buf[32];
++  char *thunk_name;
++  char push_buf[64];
++  bool need_bnd_p = ix86_bnd_prefixed_insn_p (current_output_insn);
++  int regno = -1;
++
++  if (cfun->machine->indirect_branch_type
++      != indirect_branch_thunk_inline)
++    {
++      if (cfun->machine->indirect_branch_type == indirect_branch_thunk)
++	{
++	  if (need_bnd_p)
++	    indirect_thunk_bnd_needed = true;
++	  else
++	    indirect_thunk_needed = true;
++	}
++      indirect_thunk_name (thunk_name_buf, regno, need_bnd_p);
++      thunk_name = thunk_name_buf;
++    }
++  else
++    thunk_name = NULL;
++
++  snprintf (push_buf, sizeof (push_buf), "push{%c}\t%s",
++	    TARGET_64BIT ? 'q' : 'l', xasm);
++
++  if (sibcall_p)
++    {
++      output_asm_insn (push_buf, &call_op);
++      if (thunk_name != NULL)
++	{
++	  if (need_bnd_p)
++	    fprintf (asm_out_file, "\tbnd jmp\t%s\n", thunk_name);
++	  else
++	    fprintf (asm_out_file, "\tjmp\t%s\n", thunk_name);
++	}
++      else
++	output_indirect_thunk (need_bnd_p, regno);
++    }
++  else
++    {
++      char indirectlabel1[32];
++      char indirectlabel2[32];
++
++      ASM_GENERATE_INTERNAL_LABEL (indirectlabel1,
++				   INDIRECT_LABEL,
++				   indirectlabelno++);
++      ASM_GENERATE_INTERNAL_LABEL (indirectlabel2,
++				   INDIRECT_LABEL,
++				   indirectlabelno++);
++
++      /* Jump.  */
++      if (need_bnd_p)
++	fputs ("\tbnd jmp\t", asm_out_file);
++      else
++	fputs ("\tjmp\t", asm_out_file);
++      assemble_name_raw (asm_out_file, indirectlabel2);
++      fputc ('\n', asm_out_file);
++
++      ASM_OUTPUT_INTERNAL_LABEL (asm_out_file, indirectlabel1);
++
++      /* An external function may be called via GOT, instead of PLT.  */
++      if (MEM_P (call_op))
++	{
++	  struct ix86_address parts;
++	  rtx addr = XEXP (call_op, 0);
++	  if (ix86_decompose_address (addr, &parts)
++	      && parts.base == stack_pointer_rtx)
++	    {
++	      /* Since call will adjust stack by -UNITS_PER_WORD,
++		 we must convert "disp(stack, index, scale)" to
++		 "disp+UNITS_PER_WORD(stack, index, scale)".  */
++	      if (parts.index)
++		{
++		  addr = gen_rtx_MULT (Pmode, parts.index,
++				       GEN_INT (parts.scale));
++		  addr = gen_rtx_PLUS (Pmode, stack_pointer_rtx,
++				       addr);
++		}
++	      else
++		addr = stack_pointer_rtx;
++
++	      rtx disp;
++	      if (parts.disp != NULL_RTX)
++		disp = plus_constant (Pmode, parts.disp,
++				      UNITS_PER_WORD);
++	      else
++		disp = GEN_INT (UNITS_PER_WORD);
++
++	      addr = gen_rtx_PLUS (Pmode, addr, disp);
++	      call_op = gen_rtx_MEM (GET_MODE (call_op), addr);
++	    }
++	}
++
++      output_asm_insn (push_buf, &call_op);
++
++      if (thunk_name != NULL)
++	{
++	  if (need_bnd_p)
++	    fprintf (asm_out_file, "\tbnd jmp\t%s\n", thunk_name);
++	  else
++	    fprintf (asm_out_file, "\tjmp\t%s\n", thunk_name);
++	}
++      else
++	output_indirect_thunk (need_bnd_p, regno);
++
++      ASM_OUTPUT_INTERNAL_LABEL (asm_out_file, indirectlabel2);
++
++      /* Call.  */
++      if (need_bnd_p)
++	fputs ("\tbnd call\t", asm_out_file);
++      else
++	fputs ("\tcall\t", asm_out_file);
++      assemble_name_raw (asm_out_file, indirectlabel1);
++      fputc ('\n', asm_out_file);
++    }
++}
++
++/* Output indirect branch via a call and return thunk.  CALL_OP is
++   the branch target.  XASM is the assembly template for CALL_OP.
++   Branch is a tail call if SIBCALL_P is true.   */
++
++static void
++ix86_output_indirect_branch (rtx call_op, const char *xasm,
++			     bool sibcall_p)
++{
++  if (REG_P (call_op))
++    ix86_output_indirect_branch_via_reg (call_op, sibcall_p);
++  else
++    ix86_output_indirect_branch_via_push (call_op, xasm, sibcall_p);
++}
++/* Output indirect jump.  CALL_OP is the jump target.  Jump is a
++   function return if RET_P is true.  */
++
++const char *
++ix86_output_indirect_jmp (rtx call_op, bool ret_p)
++{
++  if (cfun->machine->indirect_branch_type != indirect_branch_keep)
++    {
++      /* We can't have red-zone if this isn't a function return since
++	 "call" in the indirect thunk pushes the return address onto
++	 stack, destroying red-zone.  */
++      if (!ret_p && ix86_red_zone_size != 0)
++	gcc_unreachable ();
++
++      ix86_output_indirect_branch (call_op, "%0", true);
++      return "";
++    }
++  else
++    return "%!jmp\t%A0";
++}
++
+ /* Output the assembly for a call instruction.  */
+ 
+ const char *
+ ix86_output_call_insn (rtx_insn *insn, rtx call_op)
+ {
+   bool direct_p = constant_call_address_operand (call_op, VOIDmode);
++  bool output_indirect_p
++    = (!TARGET_SEH
++       && cfun->machine->indirect_branch_type != indirect_branch_keep);
+   bool seh_nop_p = false;
+   const char *xasm;
+ 
+@@ -27383,7 +27948,13 @@ ix86_output_call_insn (rtx_insn *insn, rtx call_op)
+       if (direct_p)
+ 	{
+ 	  if (ix86_nopic_noplt_attribute_p (call_op))
+-	    xasm = "%!jmp\t{*%p0@GOTPCREL(%%rip)|[QWORD PTR %p0@GOTPCREL[rip]]}";
++	    {
++	      direct_p = false;
++	      if (output_indirect_p)
++		xasm = "{%p0@GOTPCREL(%%rip)|[QWORD PTR %p0@GOTPCREL[rip]]}";
++	      else
++		xasm = "%!jmp\t{*%p0@GOTPCREL(%%rip)|[QWORD PTR %p0@GOTPCREL[rip]]}";
++	    }
+ 	  else
+ 	    xasm = "%!jmp\t%P0";
+ 	}
+@@ -27392,9 +27963,17 @@ ix86_output_call_insn (rtx_insn *insn, rtx call_op)
+       else if (TARGET_SEH)
+ 	xasm = "%!rex.W jmp\t%A0";
+       else
+-	xasm = "%!jmp\t%A0";
++	{
++	  if (output_indirect_p)
++	    xasm = "%0";
++	  else
++	    xasm = "%!jmp\t%A0";
++	}
+ 
+-      output_asm_insn (xasm, &call_op);
++      if (output_indirect_p && !direct_p)
++	ix86_output_indirect_branch (call_op, xasm, true);
++      else
++	output_asm_insn (xasm, &call_op);
+       return "";
+     }
+ 
+@@ -27431,14 +28010,28 @@ ix86_output_call_insn (rtx_insn *insn, rtx call_op)
+   if (direct_p)
+     {
+       if (ix86_nopic_noplt_attribute_p (call_op))
+-	xasm = "%!call\t{*%p0@GOTPCREL(%%rip)|[QWORD PTR %p0@GOTPCREL[rip]]}";
++	{
++	  direct_p = false;
++	  if (output_indirect_p)
++	    xasm = "{%p0@GOTPCREL(%%rip)|[QWORD PTR %p0@GOTPCREL[rip]]}";
++	  else
++	    xasm = "%!call\t{*%p0@GOTPCREL(%%rip)|[QWORD PTR %p0@GOTPCREL[rip]]}";
++	}
+       else
+ 	xasm = "%!call\t%P0";
+     }
+   else
+-    xasm = "%!call\t%A0";
++    {
++      if (output_indirect_p)
++	xasm = "%0";
++      else
++	xasm = "%!call\t%A0";
++    }
+ 
+-  output_asm_insn (xasm, &call_op);
++  if (output_indirect_p && !direct_p)
++    ix86_output_indirect_branch (call_op, xasm, false);
++  else
++    output_asm_insn (xasm, &call_op);
+ 
+   if (seh_nop_p)
+     return "nop";
+@@ -44836,7 +45429,7 @@ ix86_handle_struct_attribute (tree *node, tree name, tree, int,
+ }
+ 
+ static tree
+-ix86_handle_fndecl_attribute (tree *node, tree name, tree, int,
++ix86_handle_fndecl_attribute (tree *node, tree name, tree args, int,
+ 			      bool *no_add_attrs)
+ {
+   if (TREE_CODE (*node) != FUNCTION_DECL)
+@@ -44845,6 +45438,29 @@ ix86_handle_fndecl_attribute (tree *node, tree name, tree, int,
+                name);
+       *no_add_attrs = true;
+     }
++
++  if (is_attribute_p ("indirect_branch", name))
++    {
++      tree cst = TREE_VALUE (args);
++      if (TREE_CODE (cst) != STRING_CST)
++	{
++	  warning (OPT_Wattributes,
++		   "%qE attribute requires a string constant argument",
++		   name);
++	  *no_add_attrs = true;
++	}
++      else if (strcmp (TREE_STRING_POINTER (cst), "keep") != 0
++	       && strcmp (TREE_STRING_POINTER (cst), "thunk") != 0
++	       && strcmp (TREE_STRING_POINTER (cst), "thunk-inline") != 0
++	       && strcmp (TREE_STRING_POINTER (cst), "thunk-extern") != 0)
++	{
++	  warning (OPT_Wattributes,
++		   "argument to %qE attribute is not "
++		   "(keep|thunk|thunk-inline|thunk-extern)", name);
++	  *no_add_attrs = true;
++	}
++    }
++
+   return NULL_TREE;
+ }
+ 
+@@ -49072,6 +49688,9 @@ static const struct attribute_spec ix86_attribute_table[] =
+     false },
+   { "callee_pop_aggregate_return", 1, 1, false, true, true,
+     ix86_handle_callee_pop_aggregate_return, true },
++  { "indirect_branch", 1, 1, true, false, false,
++    ix86_handle_fndecl_attribute, false },
++
+   /* End element.  */
+   { NULL,        0, 0, false, false, false, NULL, false }
+ };
+diff --git a/gcc/config/i386/i386.h b/gcc/config/i386/i386.h
+index 5414416..9dccdb0 100644
+--- a/gcc/config/i386/i386.h
++++ b/gcc/config/i386/i386.h
+@@ -2572,6 +2572,13 @@ struct GTY(()) machine_function {
+   /* If true, it is safe to not save/restore DRAP register.  */
+   BOOL_BITFIELD no_drap_save_restore : 1;
+ 
++  /* How to generate indirec branch.  */
++  ENUM_BITFIELD(indirect_branch) indirect_branch_type : 3;
++
++  /* If true, the current function has local indirect jumps, like
++     "indirect_jump" or "tablejump".  */
++  BOOL_BITFIELD has_local_indirect_jump : 1;
++
+   /* If true, there is register available for argument passing.  This
+      is used only in ix86_function_ok_for_sibcall by 32-bit to determine
+      if there is scratch register available for indirect sibcall.  In
+diff --git a/gcc/config/i386/i386.md b/gcc/config/i386/i386.md
+index d2bfe31..153e162 100644
+--- a/gcc/config/i386/i386.md
++++ b/gcc/config/i386/i386.md
+@@ -11807,13 +11807,18 @@
+ {
+   if (TARGET_X32)
+     operands[0] = convert_memory_address (word_mode, operands[0]);
++  cfun->machine->has_local_indirect_jump = true;
+ })
+ 
+ (define_insn "*indirect_jump"
+   [(set (pc) (match_operand:W 0 "indirect_branch_operand" "rBw"))]
+   ""
+-  "%!jmp\t%A0"
+-  [(set_attr "type" "ibr")
++  "* return ix86_output_indirect_jmp (operands[0], false);"
++  [(set (attr "type")
++     (if_then_else (match_test "(cfun->machine->indirect_branch_type
++				 != indirect_branch_keep)")
++	(const_string "multi")
++	(const_string "ibr")))
+    (set_attr "length_immediate" "0")
+    (set_attr "maybe_prefix_bnd" "1")])
+ 
+@@ -11856,14 +11861,19 @@
+ 
+   if (TARGET_X32)
+     operands[0] = convert_memory_address (word_mode, operands[0]);
++  cfun->machine->has_local_indirect_jump = true;
+ })
+ 
+ (define_insn "*tablejump_1"
+   [(set (pc) (match_operand:W 0 "indirect_branch_operand" "rBw"))
+    (use (label_ref (match_operand 1)))]
+   ""
+-  "%!jmp\t%A0"
+-  [(set_attr "type" "ibr")
++  "* return ix86_output_indirect_jmp (operands[0], false);"
++  [(set (attr "type")
++     (if_then_else (match_test "(cfun->machine->indirect_branch_type
++				 != indirect_branch_keep)")
++	(const_string "multi")
++	(const_string "ibr")))
+    (set_attr "length_immediate" "0")
+    (set_attr "maybe_prefix_bnd" "1")])
+ 
+@@ -12520,8 +12530,12 @@
+   [(simple_return)
+    (use (match_operand:SI 0 "register_operand" "r"))]
+   "reload_completed"
+-  "%!jmp\t%A0"
+-  [(set_attr "type" "ibr")
++  "* return ix86_output_indirect_jmp (operands[0], true);"
++  [(set (attr "type")
++     (if_then_else (match_test "(cfun->machine->indirect_branch_type
++				 != indirect_branch_keep)")
++	(const_string "multi")
++	(const_string "ibr")))
+    (set_attr "length_immediate" "0")
+    (set_attr "maybe_prefix_bnd" "1")])
+ 
+diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
+index f304b62..5ffa334 100644
+--- a/gcc/config/i386/i386.opt
++++ b/gcc/config/i386/i386.opt
+@@ -897,3 +897,23 @@ Enum(stack_protector_guard) String(global) Value(SSP_GLOBAL)
+ mmitigate-rop
+ Target Var(flag_mitigate_rop) Init(0)
+ Attempt to avoid generating instruction sequences containing ret bytes.
++
++mindirect-branch=
++Target Report RejectNegative Joined Enum(indirect_branch) Var(ix86_indirect_branch) Init(indirect_branch_keep)
++Convert indirect call and jump to call and return thunks.
++
++Enum
++Name(indirect_branch) Type(enum indirect_branch)
++Known indirect branch choices (for use with the -mindirect-branch= option):
++
++EnumValue
++Enum(indirect_branch) String(keep) Value(indirect_branch_keep)
++
++EnumValue
++Enum(indirect_branch) String(thunk) Value(indirect_branch_thunk)
++
++EnumValue
++Enum(indirect_branch) String(thunk-inline) Value(indirect_branch_thunk_inline)
++
++EnumValue
++Enum(indirect_branch) String(thunk-extern) Value(indirect_branch_thunk_extern)
+diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
+index 8cc4f7e..8668dae 100644
+--- a/gcc/doc/extend.texi
++++ b/gcc/doc/extend.texi
+@@ -5419,6 +5419,16 @@ Specify which floating-point unit to use.  You must specify the
+ @code{target("fpmath=sse,387")} option as
+ @code{target("fpmath=sse+387")} because the comma would separate
+ different options.
++
++@item indirect_branch("@var{choice}")
++@cindex @code{indirect_branch} function attribute, x86
++On x86 targets, the @code{indirect_branch} attribute causes the compiler
++to convert indirect call and jump with @var{choice}.  @samp{keep}
++keeps indirect call and jump unmodified.  @samp{thunk} converts indirect
++call and jump to call and return thunk.  @samp{thunk-inline} converts
++indirect call and jump to inlined call and return thunk.
++@samp{thunk-extern} converts indirect call and jump to external call
++and return thunk provided in a separate object file.
+ @end table
+ 
+ On the x86, the inliner does not inline a
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+index b066f7b..ff9a194 100644
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -1169,7 +1169,7 @@ See RS/6000 and PowerPC Options.
+ -msse2avx -mfentry -mrecord-mcount -mnop-mcount -m8bit-idiv @gol
+ -mavx256-split-unaligned-load -mavx256-split-unaligned-store @gol
+ -malign-data=@var{type} -mstack-protector-guard=@var{guard} @gol
+--mmitigate-rop}
++-mmitigate-rop -mindirect-branch=@var{choice}}
+ 
+ @emph{x86 Windows Options}
+ @gccoptlist{-mconsole -mcygwin -mno-cygwin -mdll @gol
+@@ -24218,6 +24218,17 @@ opcodes, to mitigate against certain forms of attack. At the moment,
+ this option is limited in what it can do and should not be relied
+ on to provide serious protection.
+ 
++@item -mindirect-branch=@var{choice}
++@opindex -mindirect-branch
++Convert indirect call and jump with @var{choice}.  The default is
++@samp{keep}, which keeps indirect call and jump unmodified.
++@samp{thunk} converts indirect call and jump to call and return thunk.
++@samp{thunk-inline} converts indirect call and jump to inlined call
++and return thunk.  @samp{thunk-extern} converts indirect call and jump
++to external call and return thunk provided in a separate object file.
++You can control this behavior for a specific function by using the
++function attribute @code{indirect_branch}.  @xref{Function Attributes}.
++
+ @end table
+ 
+ These @samp{-m} switches are supported in addition to the above
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+new file mode 100644
+index 0000000..d983e1c
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+new file mode 100644
+index 0000000..58f09b4
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+new file mode 100644
+index 0000000..f20d35c
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+@@ -0,0 +1,21 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+new file mode 100644
+index 0000000..0eff8fb
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+@@ -0,0 +1,21 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+new file mode 100644
+index 0000000..a25b20d
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+@@ -0,0 +1,17 @@
++/* { dg-do compile { target *-*-linux* } } */
++/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk" } */
++
++extern void bar (void);
++
++void
++foo (void)
++{
++  bar ();
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+new file mode 100644
+index 0000000..cff114a
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+@@ -0,0 +1,18 @@
++/* { dg-do compile { target *-*-linux* } } */
++/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk" } */
++
++extern void bar (void);
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+new file mode 100644
+index 0000000..afdb600
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+@@ -0,0 +1,44 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++
++void func0 (void);
++void func1 (void);
++void func2 (void);
++void func3 (void);
++void func4 (void);
++void func4 (void);
++void func5 (void);
++
++void
++bar (int i)
++{
++  switch (i)
++    {
++    default:
++      func0 ();
++      break;
++    case 1:
++      func1 ();
++      break;
++    case 2:
++      func2 ();
++      break;
++    case 3:
++      func3 ();
++      break;
++    case 4:
++      func4 ();
++      break;
++    case 5:
++      func5 ();
++      break;
++    }
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+new file mode 100644
+index 0000000..d64d978
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+@@ -0,0 +1,23 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++extern void male_indirect_jump (long)
++  __attribute__ ((indirect_branch("thunk")));
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+new file mode 100644
+index 0000000..9306745
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+@@ -0,0 +1,21 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++__attribute__ ((indirect_branch("thunk")))
++void
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+new file mode 100644
+index 0000000..97744d6
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+@@ -0,0 +1,23 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++extern int male_indirect_jump (long)
++  __attribute__ ((indirect_branch("thunk-inline")));
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+new file mode 100644
+index 0000000..bfce3ea
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+@@ -0,0 +1,22 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++__attribute__ ((indirect_branch("thunk-inline")))
++int
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+new file mode 100644
+index 0000000..0833606
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+@@ -0,0 +1,22 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++extern int male_indirect_jump (long)
++  __attribute__ ((indirect_branch("thunk-extern")));
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+new file mode 100644
+index 0000000..2eba0fb
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+@@ -0,0 +1,21 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++__attribute__ ((indirect_branch("thunk-extern")))
++int
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+new file mode 100644
+index 0000000..f58427e
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+@@ -0,0 +1,44 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -fno-pic" } */
++
++void func0 (void);
++void func1 (void);
++void func2 (void);
++void func3 (void);
++void func4 (void);
++void func4 (void);
++void func5 (void);
++
++__attribute__ ((indirect_branch("thunk-extern")))
++void
++bar (int i)
++{
++  switch (i)
++    {
++    default:
++      func0 ();
++      break;
++    case 1:
++      func1 ();
++      break;
++    case 2:
++      func2 ();
++      break;
++    case 3:
++      func3 ();
++      break;
++    case 4:
++      func4 ();
++      break;
++    case 5:
++      func5 ();
++      break;
++    }
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-8.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-8.c
+new file mode 100644
+index 0000000..564ed39
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-8.c
+@@ -0,0 +1,42 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++
++void func0 (void);
++void func1 (void);
++void func2 (void);
++void func3 (void);
++void func4 (void);
++void func4 (void);
++void func5 (void);
++
++__attribute__ ((indirect_branch("keep")))
++void
++bar (int i)
++{
++  switch (i)
++    {
++    default:
++      func0 ();
++      break;
++    case 1:
++      func1 ();
++      break;
++    case 2:
++      func2 ();
++      break;
++    case 3:
++      func3 ();
++      break;
++    case 4:
++      func4 ();
++      break;
++    case 5:
++      func5 ();
++      break;
++    }
++}
++
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+new file mode 100644
+index 0000000..50fbee2
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile { target { ! x32 } } } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
++
++void (*dispatch) (char *);
++char buf[10];
++
++void
++foo (void)
++{
++  dispatch (buf);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "bnd call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "bnd ret" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+new file mode 100644
+index 0000000..2976e67
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+@@ -0,0 +1,21 @@
++/* { dg-do compile { target { ! x32 } } } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
++
++void (*dispatch) (char *);
++char buf[10];
++
++int
++foo (void)
++{
++  dispatch (buf);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd" } } */
++/* { dg-final { scan-assembler "bnd jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "bnd call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "bnd ret" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+new file mode 100644
+index 0000000..da4bc98
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+@@ -0,0 +1,19 @@
++/* { dg-do compile { target { *-*-linux* && { ! x32 } } } } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
++
++void bar (char *);
++char buf[10];
++
++void
++foo (void)
++{
++  bar (buf);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "bnd call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "bnd ret" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+new file mode 100644
+index 0000000..c64d12e
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile { target { *-*-linux* && { ! x32 } } } } */
++/* { dg-options "-O2 -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
++
++void bar (char *);
++char buf[10];
++
++int
++foo (void)
++{
++  bar (buf);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler "bnd jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-times "bnd call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler "bnd ret" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+new file mode 100644
+index 0000000..49f27b4
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+@@ -0,0 +1,19 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+new file mode 100644
+index 0000000..a1e3eb6
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+@@ -0,0 +1,19 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+new file mode 100644
+index 0000000..395634e
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+new file mode 100644
+index 0000000..fd3f633
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+new file mode 100644
+index 0000000..ba2f92b
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+@@ -0,0 +1,16 @@
++/* { dg-do compile { target *-*-linux* } } */
++/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk-extern" } */
++
++extern void bar (void);
++
++void
++foo (void)
++{
++  bar ();
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+new file mode 100644
+index 0000000..0c5a2d4
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+@@ -0,0 +1,17 @@
++/* { dg-do compile { target *-*-linux* } } */
++/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk-extern" } */
++
++extern void bar (void);
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+new file mode 100644
+index 0000000..6652523
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+@@ -0,0 +1,43 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++
++void func0 (void);
++void func1 (void);
++void func2 (void);
++void func3 (void);
++void func4 (void);
++void func4 (void);
++void func5 (void);
++
++void
++bar (int i)
++{
++  switch (i)
++    {
++    default:
++      func0 ();
++      break;
++    case 1:
++      func1 ();
++      break;
++    case 2:
++      func2 ();
++      break;
++    case 3:
++      func3 ();
++      break;
++    case 4:
++      func4 ();
++      break;
++    case 5:
++      func5 ();
++      break;
++    }
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+new file mode 100644
+index 0000000..68c0ff7
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+new file mode 100644
+index 0000000..e2da1fc
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+new file mode 100644
+index 0000000..244fec7
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+@@ -0,0 +1,21 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times {\tpause} 1 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 1 } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+new file mode 100644
+index 0000000..107ebe3
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+@@ -0,0 +1,21 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch[256];
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch[offset](offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times {\tpause} 1 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 1 } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+new file mode 100644
+index 0000000..17b04ef
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+@@ -0,0 +1,17 @@
++/* { dg-do compile { target *-*-linux* } } */
++/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk-inline" } */
++
++extern void bar (void);
++
++void
++foo (void)
++{
++  bar ();
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+new file mode 100644
+index 0000000..d9eb112
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+@@ -0,0 +1,18 @@
++/* { dg-do compile { target *-*-linux* } } */
++/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk-inline" } */
++
++extern void bar (void);
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler-times {\tpause} 1 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 1 } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+new file mode 100644
+index 0000000..d02b1dc
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+@@ -0,0 +1,44 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++
++void func0 (void);
++void func1 (void);
++void func2 (void);
++void func3 (void);
++void func4 (void);
++void func4 (void);
++void func5 (void);
++
++void
++bar (int i)
++{
++  switch (i)
++    {
++    default:
++      func0 ();
++      break;
++    case 1:
++      func1 ();
++      break;
++    case 2:
++      func2 ();
++      break;
++    case 3:
++      func3 ();
++      break;
++    case 4:
++      func4 ();
++      break;
++    case 5:
++      func5 ();
++      break;
++    }
++}
++
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0005-x86-Add-mfunction-return.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0005-x86-Add-mfunction-return.patch
new file mode 100644
index 0000000000..5354c77d6f
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0005-x86-Add-mfunction-return.patch
@@ -0,0 +1,1570 @@
+From e3270814b9e0caad63fbcdfd7ae9da2d52c97497 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 6 Jan 2018 22:29:56 -0800
+Subject: [PATCH 05/12] x86: Add -mfunction-return=
+
+Add -mfunction-return= option to convert function return to call and
+return thunks.  The default is 'keep', which keeps function return
+unmodified.  'thunk' converts function return to call and return thunk.
+'thunk-inline' converts function return to inlined call and return thunk.
+'thunk-extern' converts function return to external call and return
+thunk provided in a separate object file.  You can control this behavior
+for a specific function by using the function attribute function_return.
+
+Function return thunk is the same as memory thunk for -mindirect-branch=
+where the return address is at the top of the stack:
+
+__x86_return_thunk:
+	call L2
+L1:
+	pause
+	lfence
+	jmp L1
+L2:
+	lea 8(%rsp), %rsp|lea 4(%esp), %esp
+	ret
+
+and function return becomes
+
+	jmp __x86_return_thunk
+
+-mindirect-branch= tests are updated with -mfunction-return=keep to
+avoid false test failures when -mfunction-return=thunk is added to
+RUNTESTFLAGS for "make check".
+
+gcc/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/i386-protos.h (ix86_output_function_return): New.
+	* config/i386/i386.c (ix86_set_indirect_branch_type): Also
+	set function_return_type.
+	(indirect_thunk_name): Add ret_p to indicate thunk for function
+	return.
+	(output_indirect_thunk_function): Pass false to
+	indirect_thunk_name.
+	(ix86_output_indirect_branch_via_reg): Likewise.
+	(ix86_output_indirect_branch_via_push): Likewise.
+	(output_indirect_thunk_function): Create alias for function
+	return thunk if regno < 0.
+	(ix86_output_function_return): New function.
+	(ix86_handle_fndecl_attribute): Handle function_return.
+	(ix86_attribute_table): Add function_return.
+	* config/i386/i386.h (machine_function): Add
+	function_return_type.
+	* config/i386/i386.md (simple_return_internal): Use
+	ix86_output_function_return.
+	(simple_return_internal_long): Likewise.
+	* config/i386/i386.opt (mfunction-return=): New option.
+	(indirect_branch): Mention -mfunction-return=.
+	* doc/extend.texi: Document function_return function attribute.
+	* doc/invoke.texi: Document -mfunction-return= option.
+
+gcc/testsuite/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* gcc.target/i386/indirect-thunk-1.c (dg-options): Add
+	-mfunction-return=keep.
+	* gcc.target/i386/indirect-thunk-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-8.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-7.c: Likewise.
+	* gcc.target/i386/ret-thunk-1.c: New test.
+	* gcc.target/i386/ret-thunk-10.c: Likewise.
+	* gcc.target/i386/ret-thunk-11.c: Likewise.
+	* gcc.target/i386/ret-thunk-12.c: Likewise.
+	* gcc.target/i386/ret-thunk-13.c: Likewise.
+	* gcc.target/i386/ret-thunk-14.c: Likewise.
+	* gcc.target/i386/ret-thunk-15.c: Likewise.
+	* gcc.target/i386/ret-thunk-16.c: Likewise.
+	* gcc.target/i386/ret-thunk-2.c: Likewise.
+	* gcc.target/i386/ret-thunk-3.c: Likewise.
+	* gcc.target/i386/ret-thunk-4.c: Likewise.
+	* gcc.target/i386/ret-thunk-5.c: Likewise.
+	* gcc.target/i386/ret-thunk-6.c: Likewise.
+	* gcc.target/i386/ret-thunk-7.c: Likewise.
+	* gcc.target/i386/ret-thunk-8.c: Likewise.
+	* gcc.target/i386/ret-thunk-9.c: Likewise.
+
+i386: Don't use ASM_OUTPUT_DEF for TARGET_MACHO
+
+ASM_OUTPUT_DEF isn't defined for TARGET_MACHO.  Use ASM_OUTPUT_LABEL to
+generate the __x86_return_thunk label, instead of the set directive.
+Update testcase to remove the __x86_return_thunk label check.  Since
+-fno-pic is ignored on Darwin, update testcases to sscan or "push"
+only on Linux.
+
+gcc/
+
+	Backport from mainline
+	2018-01-15  H.J. Lu  <hongjiu.lu@intel.com>
+
+	PR target/83839
+	* config/i386/i386.c (output_indirect_thunk_function): Use
+	ASM_OUTPUT_LABEL, instead of ASM_OUTPUT_DEF, for TARGET_MACHO
+	for  __x86.return_thunk.
+
+gcc/testsuite/
+
+	Backport from mainline
+	2018-01-15  H.J. Lu  <hongjiu.lu@intel.com>
+
+	PR target/83839
+	* gcc.target/i386/indirect-thunk-1.c: Scan for "push" only on
+	Linux.
+	* gcc.target/i386/indirect-thunk-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-register-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-register-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-register-4.c: Likewise.
+	* gcc.target/i386/ret-thunk-10.c: Likewise.
+	* gcc.target/i386/ret-thunk-11.c: Likewise.
+	* gcc.target/i386/ret-thunk-12.c: Likewise.
+	* gcc.target/i386/ret-thunk-13.c: Likewise.
+	* gcc.target/i386/ret-thunk-14.c: Likewise.
+	* gcc.target/i386/ret-thunk-15.c: Likewise.
+	* gcc.target/i386/ret-thunk-9.c: Don't check the
+	__x86_return_thunk label.
+	Scan for "push" only for Linux.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386-protos.h                      |   1 +
+ gcc/config/i386/i386.c                             | 152 +++++++++++++++++++--
+ gcc/config/i386/i386.h                             |   3 +
+ gcc/config/i386/i386.md                            |   9 +-
+ gcc/config/i386/i386.opt                           |   6 +-
+ gcc/doc/extend.texi                                |   9 ++
+ gcc/doc/invoke.texi                                |  14 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-1.c   |   4 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-2.c   |   4 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-3.c   |   4 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-4.c   |   4 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-5.c   |   2 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-6.c   |   2 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-7.c   |   4 +-
+ .../gcc.target/i386/indirect-thunk-attr-1.c        |   4 +-
+ .../gcc.target/i386/indirect-thunk-attr-2.c        |   4 +-
+ .../gcc.target/i386/indirect-thunk-attr-3.c        |   4 +-
+ .../gcc.target/i386/indirect-thunk-attr-4.c        |   4 +-
+ .../gcc.target/i386/indirect-thunk-attr-5.c        |   4 +-
+ .../gcc.target/i386/indirect-thunk-attr-6.c        |   4 +-
+ .../gcc.target/i386/indirect-thunk-attr-7.c        |   4 +-
+ .../gcc.target/i386/indirect-thunk-attr-8.c        |   2 +-
+ .../gcc.target/i386/indirect-thunk-bnd-1.c         |   4 +-
+ .../gcc.target/i386/indirect-thunk-bnd-2.c         |   4 +-
+ .../gcc.target/i386/indirect-thunk-bnd-3.c         |   2 +-
+ .../gcc.target/i386/indirect-thunk-bnd-4.c         |   2 +-
+ .../gcc.target/i386/indirect-thunk-extern-1.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-extern-2.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-extern-3.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-extern-4.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-extern-5.c      |   2 +-
+ .../gcc.target/i386/indirect-thunk-extern-6.c      |   2 +-
+ .../gcc.target/i386/indirect-thunk-extern-7.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-inline-1.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-inline-2.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-inline-3.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-inline-4.c      |   4 +-
+ .../gcc.target/i386/indirect-thunk-inline-5.c      |   2 +-
+ .../gcc.target/i386/indirect-thunk-inline-6.c      |   2 +-
+ .../gcc.target/i386/indirect-thunk-inline-7.c      |   4 +-
+ gcc/testsuite/gcc.target/i386/ret-thunk-1.c        |  13 ++
+ gcc/testsuite/gcc.target/i386/ret-thunk-10.c       |  23 ++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-11.c       |  23 ++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-12.c       |  22 +++
+ gcc/testsuite/gcc.target/i386/ret-thunk-13.c       |  22 +++
+ gcc/testsuite/gcc.target/i386/ret-thunk-14.c       |  22 +++
+ gcc/testsuite/gcc.target/i386/ret-thunk-15.c       |  22 +++
+ gcc/testsuite/gcc.target/i386/ret-thunk-16.c       |  18 +++
+ gcc/testsuite/gcc.target/i386/ret-thunk-2.c        |  13 ++
+ gcc/testsuite/gcc.target/i386/ret-thunk-3.c        |  12 ++
+ gcc/testsuite/gcc.target/i386/ret-thunk-4.c        |  12 ++
+ gcc/testsuite/gcc.target/i386/ret-thunk-5.c        |  15 ++
+ gcc/testsuite/gcc.target/i386/ret-thunk-6.c        |  14 ++
+ gcc/testsuite/gcc.target/i386/ret-thunk-7.c        |  13 ++
+ gcc/testsuite/gcc.target/i386/ret-thunk-8.c        |  14 ++
+ gcc/testsuite/gcc.target/i386/ret-thunk-9.c        |  24 ++++
+ 56 files changed, 516 insertions(+), 74 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-10.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-11.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-12.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-13.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-14.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-15.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-16.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-3.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-4.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-5.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-6.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-7.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-8.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-9.c
+
+diff --git a/gcc/config/i386/i386-protos.h b/gcc/config/i386/i386-protos.h
+index eca4cbf..620d70e 100644
+--- a/gcc/config/i386/i386-protos.h
++++ b/gcc/config/i386/i386-protos.h
+@@ -312,6 +312,7 @@ extern enum attr_cpu ix86_schedule;
+ 
+ extern const char * ix86_output_call_insn (rtx_insn *insn, rtx call_op);
+ extern const char * ix86_output_indirect_jmp (rtx call_op, bool ret_p);
++extern const char * ix86_output_function_return (bool long_p);
+ extern bool ix86_operands_ok_for_move_multiple (rtx *operands, bool load,
+ 						enum machine_mode mode);
+ 
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 0b9fc4d..34e26a3 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -6390,6 +6390,31 @@ ix86_set_indirect_branch_type (tree fndecl)
+       else
+ 	cfun->machine->indirect_branch_type = ix86_indirect_branch;
+     }
++
++  if (cfun->machine->function_return_type == indirect_branch_unset)
++    {
++      tree attr = lookup_attribute ("function_return",
++				    DECL_ATTRIBUTES (fndecl));
++      if (attr != NULL)
++	{
++	  tree args = TREE_VALUE (attr);
++	  if (args == NULL)
++	    gcc_unreachable ();
++	  tree cst = TREE_VALUE (args);
++	  if (strcmp (TREE_STRING_POINTER (cst), "keep") == 0)
++	    cfun->machine->function_return_type = indirect_branch_keep;
++	  else if (strcmp (TREE_STRING_POINTER (cst), "thunk") == 0)
++	    cfun->machine->function_return_type = indirect_branch_thunk;
++	  else if (strcmp (TREE_STRING_POINTER (cst), "thunk-inline") == 0)
++	    cfun->machine->function_return_type = indirect_branch_thunk_inline;
++	  else if (strcmp (TREE_STRING_POINTER (cst), "thunk-extern") == 0)
++	    cfun->machine->function_return_type = indirect_branch_thunk_extern;
++	  else
++	    gcc_unreachable ();
++	}
++      else
++	cfun->machine->function_return_type = ix86_function_return;
++    }
+ }
+ 
+ /* Establish appropriate back-end context for processing the function
+@@ -11036,8 +11061,12 @@ static int indirect_thunks_bnd_used;
+ /* Fills in the label name that should be used for the indirect thunk.  */
+ 
+ static void
+-indirect_thunk_name (char name[32], int regno, bool need_bnd_p)
++indirect_thunk_name (char name[32], int regno, bool need_bnd_p,
++		     bool ret_p)
+ {
++  if (regno >= 0 && ret_p)
++    gcc_unreachable ();
++
+   if (USE_HIDDEN_LINKONCE)
+     {
+       const char *bnd = need_bnd_p ? "_bnd" : "";
+@@ -11052,7 +11081,10 @@ indirect_thunk_name (char name[32], int regno, bool need_bnd_p)
+ 		   bnd, reg_prefix, reg_names[regno]);
+ 	}
+       else
+-	sprintf (name, "__x86_indirect_thunk%s", bnd);
++	{
++	  const char *ret = ret_p ? "return" : "indirect";
++	  sprintf (name, "__x86_%s_thunk%s", ret, bnd);
++	}
+     }
+   else
+     {
+@@ -11065,10 +11097,20 @@ indirect_thunk_name (char name[32], int regno, bool need_bnd_p)
+ 	}
+       else
+ 	{
+-	  if (need_bnd_p)
+-	    ASM_GENERATE_INTERNAL_LABEL (name, "LITB", 0);
++	  if (ret_p)
++	    {
++	      if (need_bnd_p)
++		ASM_GENERATE_INTERNAL_LABEL (name, "LRTB", 0);
++	      else
++		ASM_GENERATE_INTERNAL_LABEL (name, "LRT", 0);
++	    }
+ 	  else
+-	    ASM_GENERATE_INTERNAL_LABEL (name, "LIT", 0);
++	    {
++	      if (need_bnd_p)
++		ASM_GENERATE_INTERNAL_LABEL (name, "LITB", 0);
++	      else
++		ASM_GENERATE_INTERNAL_LABEL (name, "LIT", 0);
++	    }
+ 	}
+     }
+ }
+@@ -11163,7 +11205,7 @@ output_indirect_thunk_function (bool need_bnd_p, int regno)
+   tree decl;
+ 
+   /* Create __x86_indirect_thunk/__x86_indirect_thunk_bnd.  */
+-  indirect_thunk_name (name, regno, need_bnd_p);
++  indirect_thunk_name (name, regno, need_bnd_p, false);
+   decl = build_decl (BUILTINS_LOCATION, FUNCTION_DECL,
+ 		     get_identifier (name),
+ 		     build_function_type_list (void_type_node, NULL_TREE));
+@@ -11206,6 +11248,36 @@ output_indirect_thunk_function (bool need_bnd_p, int regno)
+ 	ASM_OUTPUT_LABEL (asm_out_file, name);
+       }
+ 
++  if (regno < 0)
++    {
++      /* Create alias for __x86.return_thunk/__x86.return_thunk_bnd.  */
++      char alias[32];
++
++      indirect_thunk_name (alias, regno, need_bnd_p, true);
++#if TARGET_MACHO
++      if (TARGET_MACHO)
++	{
++	  fputs ("\t.weak_definition\t", asm_out_file);
++	  assemble_name (asm_out_file, alias);
++	  fputs ("\n\t.private_extern\t", asm_out_file);
++	  assemble_name (asm_out_file, alias);
++	  putc ('\n', asm_out_file);
++	  ASM_OUTPUT_LABEL (asm_out_file, alias);
++	}
++#else
++      ASM_OUTPUT_DEF (asm_out_file, alias, name);
++      if (USE_HIDDEN_LINKONCE)
++	{
++	  fputs ("\t.globl\t", asm_out_file);
++	  assemble_name (asm_out_file, alias);
++	  putc ('\n', asm_out_file);
++	  fputs ("\t.hidden\t", asm_out_file);
++	  assemble_name (asm_out_file, alias);
++	  putc ('\n', asm_out_file);
++	}
++#endif
++    }
++
+   DECL_INITIAL (decl) = make_node (BLOCK);
+   current_function_decl = decl;
+   allocate_struct_function (decl, false);
+@@ -27687,7 +27759,7 @@ ix86_output_indirect_branch_via_reg (rtx call_op, bool sibcall_p)
+ 	  else
+ 	    indirect_thunks_used |= 1 << i;
+ 	}
+-      indirect_thunk_name (thunk_name_buf, regno, need_bnd_p);
++      indirect_thunk_name (thunk_name_buf, regno, need_bnd_p, false);
+       thunk_name = thunk_name_buf;
+     }
+   else
+@@ -27796,7 +27868,7 @@ ix86_output_indirect_branch_via_push (rtx call_op, const char *xasm,
+ 	  else
+ 	    indirect_thunk_needed = true;
+ 	}
+-      indirect_thunk_name (thunk_name_buf, regno, need_bnd_p);
++      indirect_thunk_name (thunk_name_buf, regno, need_bnd_p, false);
+       thunk_name = thunk_name_buf;
+     }
+   else
+@@ -27931,6 +28003,46 @@ ix86_output_indirect_jmp (rtx call_op, bool ret_p)
+     return "%!jmp\t%A0";
+ }
+ 
++/* Output function return.  CALL_OP is the jump target.  Add a REP
++   prefix to RET if LONG_P is true and function return is kept.  */
++
++const char *
++ix86_output_function_return (bool long_p)
++{
++  if (cfun->machine->function_return_type != indirect_branch_keep)
++    {
++      char thunk_name[32];
++      bool need_bnd_p = ix86_bnd_prefixed_insn_p (current_output_insn);
++
++      if (cfun->machine->function_return_type
++	  != indirect_branch_thunk_inline)
++	{
++	  bool need_thunk = (cfun->machine->function_return_type
++			     == indirect_branch_thunk);
++	  indirect_thunk_name (thunk_name, -1, need_bnd_p, true);
++	  if (need_bnd_p)
++	    {
++	      indirect_thunk_bnd_needed |= need_thunk;
++	      fprintf (asm_out_file, "\tbnd jmp\t%s\n", thunk_name);
++	    }
++	  else
++	    {
++	      indirect_thunk_needed |= need_thunk;
++	      fprintf (asm_out_file, "\tjmp\t%s\n", thunk_name);
++	    }
++	}
++      else
++	output_indirect_thunk (need_bnd_p, -1);
++
++      return "";
++    }
++
++  if (!long_p || ix86_bnd_prefixed_insn_p (current_output_insn))
++    return "%!ret";
++
++  return "rep%; ret";
++}
++
+ /* Output the assembly for a call instruction.  */
+ 
+ const char *
+@@ -45461,6 +45573,28 @@ ix86_handle_fndecl_attribute (tree *node, tree name, tree args, int,
+ 	}
+     }
+ 
++  if (is_attribute_p ("function_return", name))
++    {
++      tree cst = TREE_VALUE (args);
++      if (TREE_CODE (cst) != STRING_CST)
++	{
++	  warning (OPT_Wattributes,
++		   "%qE attribute requires a string constant argument",
++		   name);
++	  *no_add_attrs = true;
++	}
++      else if (strcmp (TREE_STRING_POINTER (cst), "keep") != 0
++	       && strcmp (TREE_STRING_POINTER (cst), "thunk") != 0
++	       && strcmp (TREE_STRING_POINTER (cst), "thunk-inline") != 0
++	       && strcmp (TREE_STRING_POINTER (cst), "thunk-extern") != 0)
++	{
++	  warning (OPT_Wattributes,
++		   "argument to %qE attribute is not "
++		   "(keep|thunk|thunk-inline|thunk-extern)", name);
++	  *no_add_attrs = true;
++	}
++    }
++
+   return NULL_TREE;
+ }
+ 
+@@ -49690,6 +49824,8 @@ static const struct attribute_spec ix86_attribute_table[] =
+     ix86_handle_callee_pop_aggregate_return, true },
+   { "indirect_branch", 1, 1, true, false, false,
+     ix86_handle_fndecl_attribute, false },
++  { "function_return", 1, 1, true, false, false,
++    ix86_handle_fndecl_attribute, false },
+ 
+   /* End element.  */
+   { NULL,        0, 0, false, false, false, NULL, false }
+diff --git a/gcc/config/i386/i386.h b/gcc/config/i386/i386.h
+index 9dccdb0..b34bc11 100644
+--- a/gcc/config/i386/i386.h
++++ b/gcc/config/i386/i386.h
+@@ -2579,6 +2579,9 @@ struct GTY(()) machine_function {
+      "indirect_jump" or "tablejump".  */
+   BOOL_BITFIELD has_local_indirect_jump : 1;
+ 
++  /* How to generate function return.  */
++  ENUM_BITFIELD(indirect_branch) function_return_type : 3;
++
+   /* If true, there is register available for argument passing.  This
+      is used only in ix86_function_ok_for_sibcall by 32-bit to determine
+      if there is scratch register available for indirect sibcall.  In
+diff --git a/gcc/config/i386/i386.md b/gcc/config/i386/i386.md
+index 153e162..2da671e 100644
+--- a/gcc/config/i386/i386.md
++++ b/gcc/config/i386/i386.md
+@@ -12489,7 +12489,7 @@
+ (define_insn "simple_return_internal"
+   [(simple_return)]
+   "reload_completed"
+-  "%!ret"
++  "* return ix86_output_function_return (false);"
+   [(set_attr "length" "1")
+    (set_attr "atom_unit" "jeu")
+    (set_attr "length_immediate" "0")
+@@ -12503,12 +12503,7 @@
+   [(simple_return)
+    (unspec [(const_int 0)] UNSPEC_REP)]
+   "reload_completed"
+-{
+-  if (ix86_bnd_prefixed_insn_p (insn))
+-    return "%!ret";
+-
+-  return "rep%; ret";
+-}
++  "* return ix86_output_function_return (true);"
+   [(set_attr "length" "2")
+    (set_attr "atom_unit" "jeu")
+    (set_attr "length_immediate" "0")
+diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
+index 5ffa334..ad5916f 100644
+--- a/gcc/config/i386/i386.opt
++++ b/gcc/config/i386/i386.opt
+@@ -902,9 +902,13 @@ mindirect-branch=
+ Target Report RejectNegative Joined Enum(indirect_branch) Var(ix86_indirect_branch) Init(indirect_branch_keep)
+ Convert indirect call and jump to call and return thunks.
+ 
++mfunction-return=
++Target Report RejectNegative Joined Enum(indirect_branch) Var(ix86_function_return) Init(indirect_branch_keep)
++Convert function return to call and return thunk.
++
+ Enum
+ Name(indirect_branch) Type(enum indirect_branch)
+-Known indirect branch choices (for use with the -mindirect-branch= option):
++Known indirect branch choices (for use with the -mindirect-branch=/-mfunction-return= options):
+ 
+ EnumValue
+ Enum(indirect_branch) String(keep) Value(indirect_branch_keep)
+diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
+index 8668dae..2cb6bd1 100644
+--- a/gcc/doc/extend.texi
++++ b/gcc/doc/extend.texi
+@@ -5429,6 +5429,15 @@ call and jump to call and return thunk.  @samp{thunk-inline} converts
+ indirect call and jump to inlined call and return thunk.
+ @samp{thunk-extern} converts indirect call and jump to external call
+ and return thunk provided in a separate object file.
++
++@item function_return("@var{choice}")
++@cindex @code{function_return} function attribute, x86
++On x86 targets, the @code{function_return} attribute causes the compiler
++to convert function return with @var{choice}.  @samp{keep} keeps function
++return unmodified.  @samp{thunk} converts function return to call and
++return thunk.  @samp{thunk-inline} converts function return to inlined
++call and return thunk.  @samp{thunk-extern} converts function return to
++external call and return thunk provided in a separate object file.
+ @end table
+ 
+ On the x86, the inliner does not inline a
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+index ff9a194..fa63dc5 100644
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -1169,7 +1169,8 @@ See RS/6000 and PowerPC Options.
+ -msse2avx -mfentry -mrecord-mcount -mnop-mcount -m8bit-idiv @gol
+ -mavx256-split-unaligned-load -mavx256-split-unaligned-store @gol
+ -malign-data=@var{type} -mstack-protector-guard=@var{guard} @gol
+--mmitigate-rop -mindirect-branch=@var{choice}}
++-mmitigate-rop -mindirect-branch=@var{choice} @gol
++-mfunction-return=@var{choice}}
+ 
+ @emph{x86 Windows Options}
+ @gccoptlist{-mconsole -mcygwin -mno-cygwin -mdll @gol
+@@ -24229,6 +24230,17 @@ to external call and return thunk provided in a separate object file.
+ You can control this behavior for a specific function by using the
+ function attribute @code{indirect_branch}.  @xref{Function Attributes}.
+ 
++@item -mfunction-return=@var{choice}
++@opindex -mfunction-return
++Convert function return with @var{choice}.  The default is @samp{keep},
++which keeps function return unmodified.  @samp{thunk} converts function
++return to call and return thunk.  @samp{thunk-inline} converts function
++return to inlined call and return thunk.  @samp{thunk-extern} converts
++function return to external call and return thunk provided in a separate
++object file.  You can control this behavior for a specific function by
++using the function attribute @code{function_return}.
++@xref{Function Attributes}.
++
+ @end table
+ 
+ These @samp{-m} switches are supported in addition to the above
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+index d983e1c..e365ef5 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -11,7 +11,7 @@ male_indirect_jump (long offset)
+   dispatch(offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+index 58f09b4..05a51ad 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -11,7 +11,7 @@ male_indirect_jump (long offset)
+   dispatch[offset](offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+index f20d35c..3c0d4c3 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+index 0eff8fb..14d4ef6 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+index a25b20d..b4836c3 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk" } */
++/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+index cff114a..1f06bd1 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk" } */
++/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+index afdb600..bc6b47a 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+@@ -35,7 +35,7 @@ bar (int i)
+     }
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+index d64d978..2257be3 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -14,7 +14,7 @@ male_indirect_jump (long offset)
+   dispatch(offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+index 9306745..e9cfdc5 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   dispatch[offset](offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+index 97744d6..f938db0 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -14,7 +14,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+index bfce3ea..4e58599 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -13,7 +13,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+index 0833606..b8d5024 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -14,7 +14,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+index 2eba0fb..455adab 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -13,7 +13,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+index f58427e..4595b84 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+@@ -36,7 +36,7 @@ bar (int i)
+     }
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-8.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-8.c
+index 564ed39..d730d31 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-8.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-8.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+index 50fbee2..5e3e118 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { ! x32 } } } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
+ 
+ void (*dispatch) (char *);
+ char buf[10];
+@@ -10,7 +10,7 @@ foo (void)
+   dispatch (buf);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "pushq\[ \t\]%rax" { target x32 } } } */
+ /* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+index 2976e67..2801aa4 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { ! x32 } } } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
+ 
+ void (*dispatch) (char *);
+ char buf[10];
+@@ -11,7 +11,7 @@ foo (void)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "pushq\[ \t\]%rax" { target x32 } } } */
+ /* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd" } } */
+ /* { dg-final { scan-assembler "bnd jmp\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+index da4bc98..70b4fb3 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { *-*-linux* && { ! x32 } } } } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
+ 
+ void bar (char *);
+ char buf[10];
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+index c64d12e..3baf03e 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { *-*-linux* && { ! x32 } } } } */
+-/* { dg-options "-O2 -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
+ 
+ void bar (char *);
+ char buf[10];
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+index 49f27b4..edeb264 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -11,7 +11,7 @@ male_indirect_jump (long offset)
+   dispatch(offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+index a1e3eb6..1d00413 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -11,7 +11,7 @@ male_indirect_jump (long offset)
+   dispatch[offset](offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+index 395634e..06ebf1c 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+index fd3f633..1c8f944 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+index ba2f92b..21740ac 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk-extern" } */
++/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-extern" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+index 0c5a2d4..a77c1f4 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk-extern" } */
++/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-extern" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+index 6652523..86e9fd1 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+@@ -35,7 +35,7 @@ bar (int i)
+     }
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+index 68c0ff7..3ecde87 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -11,7 +11,7 @@ male_indirect_jump (long offset)
+   dispatch(offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+index e2da1fc..df32a19 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -11,7 +11,7 @@ male_indirect_jump (long offset)
+   dispatch[offset](offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+index 244fec7..9540996 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times {\tpause} 1 } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+index 107ebe3..f3db6e2 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times {\tpause} 1 } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+index 17b04ef..0f687c3 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk-inline" } */
++/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-inline" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+index d9eb112..b27c6fc 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -fpic -fno-plt -mindirect-branch=thunk-inline" } */
++/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-inline" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+index d02b1dc..764a375 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+@@ -35,7 +35,7 @@ bar (int i)
+     }
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-1.c b/gcc/testsuite/gcc.target/i386/ret-thunk-1.c
+new file mode 100644
+index 0000000..7223f67
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-1.c
+@@ -0,0 +1,13 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=thunk" } */
++
++void
++foo (void)
++{
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-10.c b/gcc/testsuite/gcc.target/i386/ret-thunk-10.c
+new file mode 100644
+index 0000000..3a6727b
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-10.c
+@@ -0,0 +1,23 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=thunk-inline -mindirect-branch=thunk -fno-pic" } */
++
++extern void (*bar) (void);
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-times {\tpause} 2 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 2 } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } }  } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk:" { target { ! x32 } }  } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" { target { x32 } }  } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-11.c b/gcc/testsuite/gcc.target/i386/ret-thunk-11.c
+new file mode 100644
+index 0000000..b8f6818
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-11.c
+@@ -0,0 +1,23 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=thunk-extern -mindirect-branch=thunk -fno-pic" } */
++
++extern void (*bar) (void);
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-times {\tpause} 1 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 1 } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk:" { target { ! x32 } }  } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" { target { x32 } }  } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-12.c b/gcc/testsuite/gcc.target/i386/ret-thunk-12.c
+new file mode 100644
+index 0000000..01b0a02
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-12.c
+@@ -0,0 +1,22 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
++
++extern void (*bar) (void);
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-times {\tpause} 1 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 1 } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk:" { target { ! x32 } }  } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" { target { x32 } }  } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-13.c b/gcc/testsuite/gcc.target/i386/ret-thunk-13.c
+new file mode 100644
+index 0000000..4b497b5
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-13.c
+@@ -0,0 +1,22 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
++
++extern void (*bar) (void);
++extern int foo (void) __attribute__ ((function_return("thunk")));
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-times {\tpause} 2 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 2 } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 3 } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 3 } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-14.c b/gcc/testsuite/gcc.target/i386/ret-thunk-14.c
+new file mode 100644
+index 0000000..4ae4c44
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-14.c
+@@ -0,0 +1,22 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
++
++extern void (*bar) (void);
++
++__attribute__ ((function_return("thunk-inline")))
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler-times {\tpause} 1 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 1 } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-15.c b/gcc/testsuite/gcc.target/i386/ret-thunk-15.c
+new file mode 100644
+index 0000000..5b5bc76
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-15.c
+@@ -0,0 +1,22 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=keep -fno-pic" } */
++
++extern void (*bar) (void);
++
++__attribute__ ((function_return("thunk-extern"), indirect_branch("thunk")))
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-times {\tpause} 1 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 1 } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-16.c b/gcc/testsuite/gcc.target/i386/ret-thunk-16.c
+new file mode 100644
+index 0000000..a16cad1
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-16.c
+@@ -0,0 +1,18 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=thunk-inline -mindirect-branch=thunk-extern -fno-pic" } */
++
++extern void (*bar) (void);
++
++__attribute__ ((function_return("keep"), indirect_branch("keep")))
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler-not "__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-2.c b/gcc/testsuite/gcc.target/i386/ret-thunk-2.c
+new file mode 100644
+index 0000000..c6659e3
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-2.c
+@@ -0,0 +1,13 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=thunk-inline" } */
++
++void
++foo (void)
++{
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-3.c b/gcc/testsuite/gcc.target/i386/ret-thunk-3.c
+new file mode 100644
+index 0000000..0f7f388
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-3.c
+@@ -0,0 +1,12 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=thunk-extern" } */
++
++void
++foo (void)
++{
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-4.c b/gcc/testsuite/gcc.target/i386/ret-thunk-4.c
+new file mode 100644
+index 0000000..9ae37e8
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-4.c
+@@ -0,0 +1,12 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=keep" } */
++
++void
++foo (void)
++{
++}
++
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-5.c b/gcc/testsuite/gcc.target/i386/ret-thunk-5.c
+new file mode 100644
+index 0000000..4bd0d2a
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-5.c
+@@ -0,0 +1,15 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=keep" } */
++
++extern void foo (void) __attribute__ ((function_return("thunk")));
++
++void
++foo (void)
++{
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-6.c b/gcc/testsuite/gcc.target/i386/ret-thunk-6.c
+new file mode 100644
+index 0000000..053841f
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-6.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=keep" } */
++
++__attribute__ ((function_return("thunk-inline")))
++void
++foo (void)
++{
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-7.c b/gcc/testsuite/gcc.target/i386/ret-thunk-7.c
+new file mode 100644
+index 0000000..262e678
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-7.c
+@@ -0,0 +1,13 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=keep" } */
++
++__attribute__ ((function_return("thunk-extern")))
++void
++foo (void)
++{
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-8.c b/gcc/testsuite/gcc.target/i386/ret-thunk-8.c
+new file mode 100644
+index 0000000..c1658e9
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-8.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=thunk-inline" } */
++
++extern void foo (void) __attribute__ ((function_return("keep")));
++
++void
++foo (void)
++{
++}
++
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-9.c b/gcc/testsuite/gcc.target/i386/ret-thunk-9.c
+new file mode 100644
+index 0000000..fa24a1f
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-9.c
+@@ -0,0 +1,24 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mfunction-return=thunk -mindirect-branch=thunk -fno-pic" } */
++
++extern void (*bar) (void);
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk:" } } */
++/* { dg-final { scan-assembler-times {\tpause} 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times {\tlfence} 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times {\tpause} 2 { target { x32 } } } } */
++/* { dg-final { scan-assembler-times {\tlfence} 2 { target { x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } } } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0006-x86-Add-mindirect-branch-register.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0006-x86-Add-mindirect-branch-register.patch
new file mode 100644
index 0000000000..ad736913cd
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0006-x86-Add-mindirect-branch-register.patch
@@ -0,0 +1,946 @@
+From 3f1c39fb543884d36e759a6dc196a8e914eb4f73 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 6 Jan 2018 22:29:56 -0800
+Subject: [PATCH 06/12] x86: Add -mindirect-branch-register
+
+Add -mindirect-branch-register to force indirect branch via register.
+This is implemented by disabling patterns of indirect branch via memory,
+similar to TARGET_X32.
+
+-mindirect-branch= and -mfunction-return= tests are updated with
+-mno-indirect-branch-register to avoid false test failures when
+-mindirect-branch-register is added to RUNTESTFLAGS for "make check".
+
+gcc/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/constraints.md (Bs): Disallow memory operand for
+	-mindirect-branch-register.
+	(Bw): Likewise.
+	* config/i386/predicates.md (indirect_branch_operand): Likewise.
+	(GOT_memory_operand): Likewise.
+	(call_insn_operand): Likewise.
+	(sibcall_insn_operand): Likewise.
+	(GOT32_symbol_operand): Likewise.
+	* config/i386/i386.md (indirect_jump): Call convert_memory_address
+	for -mindirect-branch-register.
+	(tablejump): Likewise.
+	(*sibcall_memory): Likewise.
+	(*sibcall_value_memory): Likewise.
+	Disallow peepholes of indirect call and jump via memory for
+	-mindirect-branch-register.
+	(*call_pop): Replace m with Bw.
+	(*call_value_pop): Likewise.
+	(*sibcall_pop_memory): Replace m with Bs.
+	* config/i386/i386.opt (mindirect-branch-register): New option.
+	* doc/invoke.texi: Document -mindirect-branch-register option.
+
+gcc/testsuite/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* gcc.target/i386/indirect-thunk-1.c (dg-options): Add
+	-mno-indirect-branch-register.
+	* gcc.target/i386/indirect-thunk-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-7.c: Likewise.
+	* gcc.target/i386/ret-thunk-10.c: Likewise.
+	* gcc.target/i386/ret-thunk-11.c: Likewise.
+	* gcc.target/i386/ret-thunk-12.c: Likewise.
+	* gcc.target/i386/ret-thunk-13.c: Likewise.
+	* gcc.target/i386/ret-thunk-14.c: Likewise.
+	* gcc.target/i386/ret-thunk-15.c: Likewise.
+	* gcc.target/i386/ret-thunk-9.c: Likewise.
+	* gcc.target/i386/indirect-thunk-register-1.c: New test.
+	* gcc.target/i386/indirect-thunk-register-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-register-3.c: Likewise.
+
+i386: Rename to ix86_indirect_branch_register
+
+Rename the variable for -mindirect-branch-register to
+ix86_indirect_branch_register to match the command-line option name.
+
+	Backport from mainline
+	2018-01-15  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/constraints.md (Bs): Replace
+	ix86_indirect_branch_thunk_register with
+	ix86_indirect_branch_register.
+	(Bw): Likewise.
+	* config/i386/i386.md (indirect_jump): Likewise.
+	(tablejump): Likewise.
+	(*sibcall_memory): Likewise.
+	(*sibcall_value_memory): Likewise.
+	Peepholes of indirect call and jump via memory: Likewise.
+	* config/i386/i386.opt: Likewise.
+	* config/i386/predicates.md (indirect_branch_operand): Likewise.
+	(GOT_memory_operand): Likewise.
+	(call_insn_operand): Likewise.
+	(sibcall_insn_operand): Likewise.
+	(GOT32_symbol_operand): Likewise.
+
+x86: Rewrite ix86_indirect_branch_register logic
+
+Rewrite ix86_indirect_branch_register logic with
+
+(and (not (match_test "ix86_indirect_branch_register"))
+     (original condition before r256662))
+
+	Backport from mainline
+	2018-01-15  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/predicates.md (constant_call_address_operand):
+	Rewrite ix86_indirect_branch_register logic.
+	(sibcall_insn_operand): Likewise.
+
+Don't check ix86_indirect_branch_register for GOT operand
+
+Since GOT_memory_operand and GOT32_symbol_operand are simple pattern
+matches, don't check ix86_indirect_branch_register here.  If needed,
+-mindirect-branch= will convert indirect branch via GOT slot to a call
+and return thunk.
+
+	Backport from mainline
+	2018-01-15  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/constraints.md (Bs): Update
+	ix86_indirect_branch_register check.  Don't check
+	ix86_indirect_branch_register with GOT_memory_operand.
+	(Bw): Likewise.
+	* config/i386/predicates.md (GOT_memory_operand): Don't check
+	ix86_indirect_branch_register here.
+	(GOT32_symbol_operand): Likewise.
+
+i386: Rewrite indirect_branch_operand logic
+
+	Backport from mainline
+	2018-01-15  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/predicates.md (indirect_branch_operand): Rewrite
+	ix86_indirect_branch_register logic.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/constraints.md                     |  6 ++--
+ gcc/config/i386/i386.md                            | 34 ++++++++++++++--------
+ gcc/config/i386/i386.opt                           |  4 +++
+ gcc/config/i386/predicates.md                      | 21 +++++++------
+ gcc/doc/invoke.texi                                |  6 +++-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-1.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-2.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-3.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-4.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-5.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-6.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/indirect-thunk-7.c   |  2 +-
+ .../gcc.target/i386/indirect-thunk-attr-1.c        |  2 +-
+ .../gcc.target/i386/indirect-thunk-attr-2.c        |  2 +-
+ .../gcc.target/i386/indirect-thunk-attr-3.c        |  2 +-
+ .../gcc.target/i386/indirect-thunk-attr-4.c        |  2 +-
+ .../gcc.target/i386/indirect-thunk-attr-5.c        |  2 +-
+ .../gcc.target/i386/indirect-thunk-attr-6.c        |  2 +-
+ .../gcc.target/i386/indirect-thunk-attr-7.c        |  2 +-
+ .../gcc.target/i386/indirect-thunk-bnd-1.c         |  2 +-
+ .../gcc.target/i386/indirect-thunk-bnd-2.c         |  2 +-
+ .../gcc.target/i386/indirect-thunk-bnd-3.c         |  2 +-
+ .../gcc.target/i386/indirect-thunk-bnd-4.c         |  2 +-
+ .../gcc.target/i386/indirect-thunk-extern-1.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-extern-2.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-extern-3.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-extern-4.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-extern-5.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-extern-6.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-extern-7.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-1.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-2.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-3.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-4.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-5.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-6.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-7.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-register-1.c    | 22 ++++++++++++++
+ .../gcc.target/i386/indirect-thunk-register-2.c    | 20 +++++++++++++
+ .../gcc.target/i386/indirect-thunk-register-3.c    | 19 ++++++++++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-10.c       |  2 +-
+ gcc/testsuite/gcc.target/i386/ret-thunk-11.c       |  2 +-
+ gcc/testsuite/gcc.target/i386/ret-thunk-12.c       |  2 +-
+ gcc/testsuite/gcc.target/i386/ret-thunk-13.c       |  2 +-
+ gcc/testsuite/gcc.target/i386/ret-thunk-14.c       |  2 +-
+ gcc/testsuite/gcc.target/i386/ret-thunk-15.c       |  2 +-
+ gcc/testsuite/gcc.target/i386/ret-thunk-9.c        |  2 +-
+ 47 files changed, 147 insertions(+), 63 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-register-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-register-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-register-3.c
+
+diff --git a/gcc/config/i386/constraints.md b/gcc/config/i386/constraints.md
+index 1a4c701..9204c8e 100644
+--- a/gcc/config/i386/constraints.md
++++ b/gcc/config/i386/constraints.md
+@@ -172,14 +172,16 @@
+ 
+ (define_constraint "Bs"
+   "@internal Sibcall memory operand."
+-  (ior (and (not (match_test "TARGET_X32"))
++  (ior (and (not (match_test "ix86_indirect_branch_register"))
++	    (not (match_test "TARGET_X32"))
+ 	    (match_operand 0 "sibcall_memory_operand"))
+        (and (match_test "TARGET_X32 && Pmode == DImode")
+ 	    (match_operand 0 "GOT_memory_operand"))))
+ 
+ (define_constraint "Bw"
+   "@internal Call memory operand."
+-  (ior (and (not (match_test "TARGET_X32"))
++  (ior (and (not (match_test "ix86_indirect_branch_register"))
++	    (not (match_test "TARGET_X32"))
+ 	    (match_operand 0 "memory_operand"))
+        (and (match_test "TARGET_X32 && Pmode == DImode")
+ 	    (match_operand 0 "GOT_memory_operand"))))
+diff --git a/gcc/config/i386/i386.md b/gcc/config/i386/i386.md
+index 2da671e..05a88ff 100644
+--- a/gcc/config/i386/i386.md
++++ b/gcc/config/i386/i386.md
+@@ -11805,7 +11805,7 @@
+   [(set (pc) (match_operand 0 "indirect_branch_operand"))]
+   ""
+ {
+-  if (TARGET_X32)
++  if (TARGET_X32 || ix86_indirect_branch_register)
+     operands[0] = convert_memory_address (word_mode, operands[0]);
+   cfun->machine->has_local_indirect_jump = true;
+ })
+@@ -11859,7 +11859,7 @@
+ 					 OPTAB_DIRECT);
+     }
+ 
+-  if (TARGET_X32)
++  if (TARGET_X32 || ix86_indirect_branch_register)
+     operands[0] = convert_memory_address (word_mode, operands[0]);
+   cfun->machine->has_local_indirect_jump = true;
+ })
+@@ -12048,7 +12048,7 @@
+   [(call (mem:QI (match_operand:W 0 "memory_operand" "m"))
+ 	 (match_operand 1))
+    (unspec [(const_int 0)] UNSPEC_PEEPSIB)]
+-  "!TARGET_X32"
++  "!TARGET_X32 && !ix86_indirect_branch_register"
+   "* return ix86_output_call_insn (insn, operands[0]);"
+   [(set_attr "type" "call")])
+ 
+@@ -12057,7 +12057,9 @@
+ 	(match_operand:W 1 "memory_operand"))
+    (call (mem:QI (match_dup 0))
+ 	 (match_operand 3))]
+-  "!TARGET_X32 && SIBLING_CALL_P (peep2_next_insn (1))
++  "!TARGET_X32
++   && !ix86_indirect_branch_register
++   && SIBLING_CALL_P (peep2_next_insn (1))
+    && !reg_mentioned_p (operands[0],
+ 			CALL_INSN_FUNCTION_USAGE (peep2_next_insn (1)))"
+   [(parallel [(call (mem:QI (match_dup 1))
+@@ -12070,7 +12072,9 @@
+    (unspec_volatile [(const_int 0)] UNSPECV_BLOCKAGE)
+    (call (mem:QI (match_dup 0))
+ 	 (match_operand 3))]
+-  "!TARGET_X32 && SIBLING_CALL_P (peep2_next_insn (2))
++  "!TARGET_X32
++   && !ix86_indirect_branch_register
++   && SIBLING_CALL_P (peep2_next_insn (2))
+    && !reg_mentioned_p (operands[0],
+ 			CALL_INSN_FUNCTION_USAGE (peep2_next_insn (2)))"
+   [(unspec_volatile [(const_int 0)] UNSPECV_BLOCKAGE)
+@@ -12092,7 +12096,7 @@
+ })
+ 
+ (define_insn "*call_pop"
+-  [(call (mem:QI (match_operand:SI 0 "call_insn_operand" "lmBz"))
++  [(call (mem:QI (match_operand:SI 0 "call_insn_operand" "lBwBz"))
+ 	 (match_operand 1))
+    (set (reg:SI SP_REG)
+ 	(plus:SI (reg:SI SP_REG)
+@@ -12112,7 +12116,7 @@
+   [(set_attr "type" "call")])
+ 
+ (define_insn "*sibcall_pop_memory"
+-  [(call (mem:QI (match_operand:SI 0 "memory_operand" "m"))
++  [(call (mem:QI (match_operand:SI 0 "memory_operand" "Bs"))
+ 	 (match_operand 1))
+    (set (reg:SI SP_REG)
+ 	(plus:SI (reg:SI SP_REG)
+@@ -12166,7 +12170,9 @@
+   [(set (match_operand:W 0 "register_operand")
+         (match_operand:W 1 "memory_operand"))
+    (set (pc) (match_dup 0))]
+-  "!TARGET_X32 && peep2_reg_dead_p (2, operands[0])"
++  "!TARGET_X32
++   && !ix86_indirect_branch_register
++   && peep2_reg_dead_p (2, operands[0])"
+   [(set (pc) (match_dup 1))])
+ 
+ ;; Call subroutine, returning value in operand 0
+@@ -12244,7 +12250,7 @@
+  	(call (mem:QI (match_operand:W 1 "memory_operand" "m"))
+ 	      (match_operand 2)))
+    (unspec [(const_int 0)] UNSPEC_PEEPSIB)]
+-  "!TARGET_X32"
++  "!TARGET_X32 && !ix86_indirect_branch_register"
+   "* return ix86_output_call_insn (insn, operands[1]);"
+   [(set_attr "type" "callv")])
+ 
+@@ -12254,7 +12260,9 @@
+    (set (match_operand 2)
+    (call (mem:QI (match_dup 0))
+ 		 (match_operand 3)))]
+-  "!TARGET_X32 && SIBLING_CALL_P (peep2_next_insn (1))
++  "!TARGET_X32
++   && !ix86_indirect_branch_register
++   && SIBLING_CALL_P (peep2_next_insn (1))
+    && !reg_mentioned_p (operands[0],
+ 			CALL_INSN_FUNCTION_USAGE (peep2_next_insn (1)))"
+   [(parallel [(set (match_dup 2)
+@@ -12269,7 +12277,9 @@
+    (set (match_operand 2)
+ 	(call (mem:QI (match_dup 0))
+ 	      (match_operand 3)))]
+-  "!TARGET_X32 && SIBLING_CALL_P (peep2_next_insn (2))
++  "!TARGET_X32
++   && !ix86_indirect_branch_register
++   && SIBLING_CALL_P (peep2_next_insn (2))
+    && !reg_mentioned_p (operands[0],
+ 			CALL_INSN_FUNCTION_USAGE (peep2_next_insn (2)))"
+   [(unspec_volatile [(const_int 0)] UNSPECV_BLOCKAGE)
+@@ -12294,7 +12304,7 @@
+ 
+ (define_insn "*call_value_pop"
+   [(set (match_operand 0)
+-	(call (mem:QI (match_operand:SI 1 "call_insn_operand" "lmBz"))
++	(call (mem:QI (match_operand:SI 1 "call_insn_operand" "lBwBz"))
+ 	      (match_operand 2)))
+    (set (reg:SI SP_REG)
+ 	(plus:SI (reg:SI SP_REG)
+diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
+index ad5916f..a97f84f 100644
+--- a/gcc/config/i386/i386.opt
++++ b/gcc/config/i386/i386.opt
+@@ -921,3 +921,7 @@ Enum(indirect_branch) String(thunk-inline) Value(indirect_branch_thunk_inline)
+ 
+ EnumValue
+ Enum(indirect_branch) String(thunk-extern) Value(indirect_branch_thunk_extern)
++
++mindirect-branch-register
++Target Report Var(ix86_indirect_branch_register) Init(0)
++Force indirect call and jump via register.
+diff --git a/gcc/config/i386/predicates.md b/gcc/config/i386/predicates.md
+index 93dda7b..d1f0a7d 100644
+--- a/gcc/config/i386/predicates.md
++++ b/gcc/config/i386/predicates.md
+@@ -593,7 +593,8 @@
+ ;; Test for a valid operand for indirect branch.
+ (define_predicate "indirect_branch_operand"
+   (ior (match_operand 0 "register_operand")
+-       (and (not (match_test "TARGET_X32"))
++       (and (not (match_test "ix86_indirect_branch_register"))
++	    (not (match_test "TARGET_X32"))
+ 	    (match_operand 0 "memory_operand"))))
+ 
+ ;; Return true if OP is a memory operands that can be used in sibcalls.
+@@ -636,20 +637,22 @@
+   (ior (match_test "constant_call_address_operand
+ 		     (op, mode == VOIDmode ? mode : Pmode)")
+        (match_operand 0 "call_register_no_elim_operand")
+-       (ior (and (not (match_test "TARGET_X32"))
+-		 (match_operand 0 "memory_operand"))
+-	    (and (match_test "TARGET_X32 && Pmode == DImode")
+-		 (match_operand 0 "GOT_memory_operand")))))
++       (and (not (match_test "ix86_indirect_branch_register"))
++	    (ior (and (not (match_test "TARGET_X32"))
++		      (match_operand 0 "memory_operand"))
++		 (and (match_test "TARGET_X32 && Pmode == DImode")
++		      (match_operand 0 "GOT_memory_operand"))))))
+ 
+ ;; Similarly, but for tail calls, in which we cannot allow memory references.
+ (define_special_predicate "sibcall_insn_operand"
+   (ior (match_test "constant_call_address_operand
+ 		     (op, mode == VOIDmode ? mode : Pmode)")
+        (match_operand 0 "register_no_elim_operand")
+-       (ior (and (not (match_test "TARGET_X32"))
+-		 (match_operand 0 "sibcall_memory_operand"))
+-	    (and (match_test "TARGET_X32 && Pmode == DImode")
+-		 (match_operand 0 "GOT_memory_operand")))))
++       (and (not (match_test "ix86_indirect_branch_register"))
++	    (ior (and (not (match_test "TARGET_X32"))
++		      (match_operand 0 "sibcall_memory_operand"))
++		 (and (match_test "TARGET_X32 && Pmode == DImode")
++		      (match_operand 0 "GOT_memory_operand"))))))
+ 
+ ;; Return true if OP is a 32-bit GOT symbol operand.
+ (define_predicate "GOT32_symbol_operand"
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+index fa63dc5..ad9f295 100644
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -1170,7 +1170,7 @@ See RS/6000 and PowerPC Options.
+ -mavx256-split-unaligned-load -mavx256-split-unaligned-store @gol
+ -malign-data=@var{type} -mstack-protector-guard=@var{guard} @gol
+ -mmitigate-rop -mindirect-branch=@var{choice} @gol
+--mfunction-return=@var{choice}}
++-mfunction-return=@var{choice} -mindirect-branch-register}
+ 
+ @emph{x86 Windows Options}
+ @gccoptlist{-mconsole -mcygwin -mno-cygwin -mdll @gol
+@@ -24241,6 +24241,10 @@ object file.  You can control this behavior for a specific function by
+ using the function attribute @code{function_return}.
+ @xref{Function Attributes}.
+ 
++@item -mindirect-branch-register
++@opindex -mindirect-branch-register
++Force indirect call and jump via register.
++
+ @end table
+ 
+ These @samp{-m} switches are supported in addition to the above
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+index e365ef5..60d0988 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+index 05a51ad..aac7516 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+index 3c0d4c3..9e24a38 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+index 14d4ef6..127b5d9 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+index b4836c3..fcaa18d 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+index 1f06bd1..e464928 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+index bc6b47a..17c2d0f 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+index 2257be3..9194ccf 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+index e9cfdc5..e51f261 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+index f938db0..4aeec18 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+index 4e58599..ac0e599 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+index b8d5024..573cf1e 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+index 455adab..b2b37fc 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+index 4595b84..4a43e19 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+index 5e3e118..ac84ab6 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { ! x32 } } } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
+ 
+ void (*dispatch) (char *);
+ char buf[10];
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+index 2801aa4..ce655e8 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { ! x32 } } } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
+ 
+ void (*dispatch) (char *);
+ char buf[10];
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+index 70b4fb3..d34485a 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { *-*-linux* && { ! x32 } } } } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
+ 
+ void bar (char *);
+ char buf[10];
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+index 3baf03e..0e19830 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { *-*-linux* && { ! x32 } } } } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fcheck-pointer-bounds -mmpx -fpic -fno-plt" } */
+ 
+ void bar (char *);
+ char buf[10];
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+index edeb264..579441f 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+index 1d00413..c92e6f2 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+index 06ebf1c..d9964c2 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+index 1c8f944..d4dca4d 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+index 21740ac..5c07e02 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-extern" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-extern" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+index a77c1f4..3eb4406 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-extern" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-extern" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+index 86e9fd1..aece938 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+index 3ecde87..3aba5e8 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+index df32a19..0f0181d 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+index 9540996..2eef6f3 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+index f3db6e2..e825a10 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ typedef void (*dispatch_t)(long offset);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+index 0f687c3..c6d77e1 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-inline" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-inline" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+index b27c6fc..6454827 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target *-*-linux* } } */
+-/* { dg-options "-O2 -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-inline" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -fpic -fno-plt -mindirect-branch=thunk-inline" } */
+ 
+ extern void bar (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+index 764a375..c67066c 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ void func0 (void);
+ void func1 (void);
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-register-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-register-1.c
+new file mode 100644
+index 0000000..7d396a3
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-register-1.c
+@@ -0,0 +1,22 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -mindirect-branch-register -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "mov\[ \t\](%eax|%rax), \\((%esp|%rsp)\\)" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler-not "push(?:l|q)\[ \t\]*_?dispatch"  } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk\n" } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk_bnd\n" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-register-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-register-2.c
+new file mode 100644
+index 0000000..e7e616b
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-register-2.c
+@@ -0,0 +1,20 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-inline -mindirect-branch-register -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "mov\[ \t\](%eax|%rax), \\((%esp|%rsp)\\)" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler-not "push(?:l|q)\[ \t\]*_?dispatch"  } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
++/* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-register-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-register-3.c
+new file mode 100644
+index 0000000..5320e92
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-register-3.c
+@@ -0,0 +1,19 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -mindirect-branch-register -fno-pic" } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++void
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler-not "push(?:l|q)\[ \t\]*_?dispatch"  } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
++/* { dg-final { scan-assembler-not {\t(pause|pause|nop)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-10.c b/gcc/testsuite/gcc.target/i386/ret-thunk-10.c
+index 3a6727b..e6fea84 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-10.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-10.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=thunk-inline -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=thunk-inline -mindirect-branch=thunk -fno-pic" } */
+ 
+ extern void (*bar) (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-11.c b/gcc/testsuite/gcc.target/i386/ret-thunk-11.c
+index b8f6818..e239ec4 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-11.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-11.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=thunk-extern -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=thunk-extern -mindirect-branch=thunk -fno-pic" } */
+ 
+ extern void (*bar) (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-12.c b/gcc/testsuite/gcc.target/i386/ret-thunk-12.c
+index 01b0a02..fa31813 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-12.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-12.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk -fno-pic" } */
+ 
+ extern void (*bar) (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-13.c b/gcc/testsuite/gcc.target/i386/ret-thunk-13.c
+index 4b497b5..fd5b41f 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-13.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-13.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-inline -fno-pic" } */
+ 
+ extern void (*bar) (void);
+ extern int foo (void) __attribute__ ((function_return("thunk")));
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-14.c b/gcc/testsuite/gcc.target/i386/ret-thunk-14.c
+index 4ae4c44..d606373 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-14.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-14.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -fno-pic" } */
+ 
+ extern void (*bar) (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-15.c b/gcc/testsuite/gcc.target/i386/ret-thunk-15.c
+index 5b5bc76..75e45e2 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-15.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-15.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=keep -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=keep -fno-pic" } */
+ 
+ extern void (*bar) (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-9.c b/gcc/testsuite/gcc.target/i386/ret-thunk-9.c
+index fa24a1f..d1db41c 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-9.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-9.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mfunction-return=thunk -mindirect-branch=thunk -fno-pic" } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mno-indirect-branch-register -mfunction-return=thunk -mindirect-branch=thunk -fno-pic" } */
+ 
+ extern void (*bar) (void);
+ 
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0007-x86-Add-V-register-operand-modifier.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0007-x86-Add-V-register-operand-modifier.patch
new file mode 100644
index 0000000000..cec84fefb2
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0007-x86-Add-V-register-operand-modifier.patch
@@ -0,0 +1,139 @@
+From 8f0efd692eb8db06d6c00b759c872bd2170b7f7b Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 6 Jan 2018 22:29:56 -0800
+Subject: [PATCH 07/12] x86: Add 'V' register operand modifier
+
+Add 'V', a special modifier which prints the name of the full integer
+register without '%'.  For
+
+extern void (*func_p) (void);
+
+void
+foo (void)
+{
+  asm ("call __x86_indirect_thunk_%V0" : : "a" (func_p));
+}
+
+it generates:
+
+foo:
+	movq	func_p(%rip), %rax
+	call	__x86_indirect_thunk_rax
+	ret
+
+gcc/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/i386.c (print_reg): Print the name of the full
+	integer register without '%'.
+	(ix86_print_operand): Handle 'V'.
+	 * doc/extend.texi: Document 'V' modifier.
+
+gcc/testsuite/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* gcc.target/i386/indirect-thunk-register-4.c: New test.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386.c                                    | 13 ++++++++++++-
+ gcc/doc/extend.texi                                       |  3 +++
+ gcc/testsuite/gcc.target/i386/indirect-thunk-register-4.c | 13 +++++++++++++
+ 3 files changed, 28 insertions(+), 1 deletion(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-register-4.c
+
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 34e26a3..eeca7e5 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -16869,6 +16869,7 @@ put_condition_code (enum rtx_code code, machine_mode mode, bool reverse,
+    If CODE is 'h', pretend the reg is the 'high' byte register.
+    If CODE is 'y', print "st(0)" instead of "st", if the reg is stack op.
+    If CODE is 'd', duplicate the operand for AVX instruction.
++   If CODE is 'V', print naked full integer register name without %.
+  */
+ 
+ void
+@@ -16879,7 +16880,7 @@ print_reg (rtx x, int code, FILE *file)
+   unsigned int regno;
+   bool duplicated;
+ 
+-  if (ASSEMBLER_DIALECT == ASM_ATT)
++  if (ASSEMBLER_DIALECT == ASM_ATT && code != 'V')
+     putc ('%', file);
+ 
+   if (x == pc_rtx)
+@@ -16922,6 +16923,14 @@ print_reg (rtx x, int code, FILE *file)
+ 	      && regno != FPSR_REG
+ 	      && regno != FPCR_REG);
+ 
++  if (code == 'V')
++    {
++      if (GENERAL_REGNO_P (regno))
++	msize = GET_MODE_SIZE (word_mode);
++      else
++	error ("'V' modifier on non-integer register");
++    }
++
+   duplicated = code == 'd' && TARGET_AVX;
+ 
+   switch (msize)
+@@ -17035,6 +17044,7 @@ print_reg (rtx x, int code, FILE *file)
+    & -- print some in-use local-dynamic symbol name.
+    H -- print a memory address offset by 8; used for sse high-parts
+    Y -- print condition for XOP pcom* instruction.
++   V -- print naked full integer register name without %.
+    + -- print a branch hint as 'cs' or 'ds' prefix
+    ; -- print a semicolon (after prefixes due to bug in older gas).
+    ~ -- print "i" if TARGET_AVX2, "f" otherwise.
+@@ -17259,6 +17269,7 @@ ix86_print_operand (FILE *file, rtx x, int code)
+ 	case 'X':
+ 	case 'P':
+ 	case 'p':
++	case 'V':
+ 	  break;
+ 
+ 	case 's':
+diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
+index 2cb6bd1..76ba1d4 100644
+--- a/gcc/doc/extend.texi
++++ b/gcc/doc/extend.texi
+@@ -8511,6 +8511,9 @@ The table below shows the list of supported modifiers and their effects.
+ @tab @code{2}
+ @end multitable
+ 
++@code{V} is a special modifier which prints the name of the full integer
++register without @code{%}.
++
+ @anchor{x86floatingpointasmoperands}
+ @subsubsection x86 Floating-Point @code{asm} Operands
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-register-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-register-4.c
+new file mode 100644
+index 0000000..f0cd9b7
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-register-4.c
+@@ -0,0 +1,13 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=keep -fno-pic" } */
++
++extern void (*func_p) (void);
++
++void
++foo (void)
++{
++  asm("call __x86_indirect_thunk_%V0" : : "a" (func_p));
++}
++
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_eax" { target ia32 } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_rax" { target { ! ia32 } } } } */
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0008-x86-Disallow-mindirect-branch-mfunction-return-with-.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0008-x86-Disallow-mindirect-branch-mfunction-return-with-.patch
new file mode 100644
index 0000000000..d8a581013a
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0008-x86-Disallow-mindirect-branch-mfunction-return-with-.patch
@@ -0,0 +1,304 @@
+From 8e0d9bf93e2e2ec03c544572aef4b03a8e7090f3 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 13 Jan 2018 18:01:54 -0800
+Subject: [PATCH 08/12] x86: Disallow -mindirect-branch=/-mfunction-return=
+ with -mcmodel=large
+
+Since the thunk function may not be reachable in large code model,
+-mcmodel=large is incompatible with -mindirect-branch=thunk,
+-mindirect-branch=thunk-extern, -mfunction-return=thunk and
+-mfunction-return=thunk-extern.  Issue an error when they are used with
+-mcmodel=large.
+
+gcc/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* config/i386/i386.c (ix86_set_indirect_branch_type): Disallow
+	-mcmodel=large with -mindirect-branch=thunk,
+	-mindirect-branch=thunk-extern, -mfunction-return=thunk and
+	-mfunction-return=thunk-extern.
+	* doc/invoke.texi: Document -mcmodel=large is incompatible with
+	-mindirect-branch=thunk, -mindirect-branch=thunk-extern,
+	-mfunction-return=thunk and -mfunction-return=thunk-extern.
+
+gcc/testsuite/
+
+	Backport from mainline
+	2018-01-14  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* gcc.target/i386/indirect-thunk-10.c: New test.
+	* gcc.target/i386/indirect-thunk-8.c: Likewise.
+	* gcc.target/i386/indirect-thunk-9.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-10.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-11.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-9.c: Likewise.
+	* gcc.target/i386/ret-thunk-17.c: Likewise.
+	* gcc.target/i386/ret-thunk-18.c: Likewise.
+	* gcc.target/i386/ret-thunk-19.c: Likewise.
+	* gcc.target/i386/ret-thunk-20.c: Likewise.
+	* gcc.target/i386/ret-thunk-21.c: Likewise.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386.c                             | 26 ++++++++++++++++++++++
+ gcc/doc/invoke.texi                                | 11 +++++++++
+ gcc/testsuite/gcc.target/i386/indirect-thunk-10.c  |  7 ++++++
+ gcc/testsuite/gcc.target/i386/indirect-thunk-8.c   |  7 ++++++
+ gcc/testsuite/gcc.target/i386/indirect-thunk-9.c   |  7 ++++++
+ .../gcc.target/i386/indirect-thunk-attr-10.c       |  9 ++++++++
+ .../gcc.target/i386/indirect-thunk-attr-11.c       |  9 ++++++++
+ .../gcc.target/i386/indirect-thunk-attr-9.c        |  9 ++++++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-17.c       |  7 ++++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-18.c       |  8 +++++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-19.c       |  8 +++++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-20.c       |  9 ++++++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-21.c       |  9 ++++++++
+ 13 files changed, 126 insertions(+)
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-10.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-8.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-9.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-10.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-11.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-attr-9.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-17.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-18.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-19.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-20.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-21.c
+
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index eeca7e5..9c038be 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -6389,6 +6389,19 @@ ix86_set_indirect_branch_type (tree fndecl)
+ 	}
+       else
+ 	cfun->machine->indirect_branch_type = ix86_indirect_branch;
++
++      /* -mcmodel=large is not compatible with -mindirect-branch=thunk
++	 nor -mindirect-branch=thunk-extern.  */
++      if ((ix86_cmodel == CM_LARGE || ix86_cmodel == CM_LARGE_PIC)
++	  && ((cfun->machine->indirect_branch_type
++	       == indirect_branch_thunk_extern)
++	      || (cfun->machine->indirect_branch_type
++		  == indirect_branch_thunk)))
++	error ("%<-mindirect-branch=%s%> and %<-mcmodel=large%> are not "
++	       "compatible",
++	       ((cfun->machine->indirect_branch_type
++		 == indirect_branch_thunk_extern)
++		? "thunk-extern" : "thunk"));
+     }
+ 
+   if (cfun->machine->function_return_type == indirect_branch_unset)
+@@ -6414,6 +6427,19 @@ ix86_set_indirect_branch_type (tree fndecl)
+ 	}
+       else
+ 	cfun->machine->function_return_type = ix86_function_return;
++
++      /* -mcmodel=large is not compatible with -mfunction-return=thunk
++	 nor -mfunction-return=thunk-extern.  */
++      if ((ix86_cmodel == CM_LARGE || ix86_cmodel == CM_LARGE_PIC)
++	  && ((cfun->machine->function_return_type
++	       == indirect_branch_thunk_extern)
++	      || (cfun->machine->function_return_type
++		  == indirect_branch_thunk)))
++	error ("%<-mfunction-return=%s%> and %<-mcmodel=large%> are not "
++	       "compatible",
++	       ((cfun->machine->function_return_type
++		 == indirect_branch_thunk_extern)
++		? "thunk-extern" : "thunk"));
+     }
+ }
+ 
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+index ad9f295..48e827f 100644
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -24230,6 +24230,11 @@ to external call and return thunk provided in a separate object file.
+ You can control this behavior for a specific function by using the
+ function attribute @code{indirect_branch}.  @xref{Function Attributes}.
+ 
++Note that @option{-mcmodel=large} is incompatible with
++@option{-mindirect-branch=thunk} nor
++@option{-mindirect-branch=thunk-extern} since the thunk function may
++not be reachable in large code model.
++
+ @item -mfunction-return=@var{choice}
+ @opindex -mfunction-return
+ Convert function return with @var{choice}.  The default is @samp{keep},
+@@ -24241,6 +24246,12 @@ object file.  You can control this behavior for a specific function by
+ using the function attribute @code{function_return}.
+ @xref{Function Attributes}.
+ 
++Note that @option{-mcmodel=large} is incompatible with
++@option{-mfunction-return=thunk} nor
++@option{-mfunction-return=thunk-extern} since the thunk function may
++not be reachable in large code model.
++
++
+ @item -mindirect-branch-register
+ @opindex -mindirect-branch-register
+ Force indirect call and jump via register.
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-10.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-10.c
+new file mode 100644
+index 0000000..a0674bd
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-10.c
+@@ -0,0 +1,7 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mindirect-branch=thunk-inline -mfunction-return=keep -mcmodel=large" } */
++
++void
++bar (void)
++{
++}
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-8.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-8.c
+new file mode 100644
+index 0000000..7a80a89
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-8.c
+@@ -0,0 +1,7 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mindirect-branch=thunk -mfunction-return=keep -mcmodel=large" } */
++
++void
++bar (void)
++{ /* { dg-error "'-mindirect-branch=thunk' and '-mcmodel=large' are not compatible" } */
++}
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-9.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-9.c
+new file mode 100644
+index 0000000..d4d45c5
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-9.c
+@@ -0,0 +1,7 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -mfunction-return=keep -mcmodel=large" } */
++
++void
++bar (void)
++{ /* { dg-error "'-mindirect-branch=thunk-extern' and '-mcmodel=large' are not compatible" } */
++}
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-10.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-10.c
+new file mode 100644
+index 0000000..3a2aead
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-10.c
+@@ -0,0 +1,9 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mindirect-branch=keep -mfunction-return=keep -mcmodel=large" } */
++/* { dg-additional-options "-fPIC" { target fpic } } */
++
++__attribute__ ((indirect_branch("thunk-extern")))
++void
++bar (void)
++{ /* { dg-error "'-mindirect-branch=thunk-extern' and '-mcmodel=large' are not compatible" } */
++}
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-11.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-11.c
+new file mode 100644
+index 0000000..8e52f03
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-11.c
+@@ -0,0 +1,9 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mindirect-branch=keep -mfunction-return=keep -mcmodel=large" } */
++/* { dg-additional-options "-fPIC" { target fpic } } */
++
++__attribute__ ((indirect_branch("thunk-inline")))
++void
++bar (void)
++{
++}
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-9.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-9.c
+new file mode 100644
+index 0000000..bdaa4f6
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-9.c
+@@ -0,0 +1,9 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mindirect-branch=keep -mfunction-return=keep -mcmodel=large" } */
++/* { dg-additional-options "-fPIC" { target fpic } } */
++
++__attribute__ ((indirect_branch("thunk")))
++void
++bar (void)
++{ /* { dg-error "'-mindirect-branch=thunk' and '-mcmodel=large' are not compatible" } */
++}
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-17.c b/gcc/testsuite/gcc.target/i386/ret-thunk-17.c
+new file mode 100644
+index 0000000..0605e2c
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-17.c
+@@ -0,0 +1,7 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mfunction-return=thunk -mindirect-branch=keep -mcmodel=large" } */
++
++void
++bar (void)
++{ /* { dg-error "'-mfunction-return=thunk' and '-mcmodel=large' are not compatible" } */
++}
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-18.c b/gcc/testsuite/gcc.target/i386/ret-thunk-18.c
+new file mode 100644
+index 0000000..307019d
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-18.c
+@@ -0,0 +1,8 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mfunction-return=thunk-extern -mindirect-branch=keep -mcmodel=large" } */
++/* { dg-additional-options "-fPIC" { target fpic } } */
++
++void
++bar (void)
++{ /* { dg-error "'-mfunction-return=thunk-extern' and '-mcmodel=large' are not compatible" } */
++}
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-19.c b/gcc/testsuite/gcc.target/i386/ret-thunk-19.c
+new file mode 100644
+index 0000000..772617f
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-19.c
+@@ -0,0 +1,8 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=keep -mcmodel=large" } */
++
++__attribute__ ((function_return("thunk")))
++void
++bar (void)
++{ /* { dg-error "'-mfunction-return=thunk' and '-mcmodel=large' are not compatible" } */
++}
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-20.c b/gcc/testsuite/gcc.target/i386/ret-thunk-20.c
+new file mode 100644
+index 0000000..1e9f9bd
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-20.c
+@@ -0,0 +1,9 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=keep -mcmodel=large" } */
++/* { dg-additional-options "-fPIC" { target fpic } } */
++
++__attribute__ ((function_return("thunk-extern")))
++void
++bar (void)
++{ /* { dg-error "'-mfunction-return=thunk-extern' and '-mcmodel=large' are not compatible" } */
++}
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-21.c b/gcc/testsuite/gcc.target/i386/ret-thunk-21.c
+new file mode 100644
+index 0000000..eea07f7
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-21.c
+@@ -0,0 +1,9 @@
++/* { dg-do compile { target { lp64 } } } */
++/* { dg-options "-O2 -mfunction-return=keep -mindirect-branch=keep -mcmodel=large" } */
++/* { dg-additional-options "-fPIC" { target fpic } } */
++
++__attribute__ ((function_return("thunk-inline")))
++void
++bar (void)
++{
++}
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.patch
new file mode 100644
index 0000000000..7364a2c36a
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0009-Use-INVALID_REGNUM-in-indirect-thunk-processing.patch
@@ -0,0 +1,126 @@
+From 3eff2adada2b1667b0e76496fa559e0c248ecd84 Mon Sep 17 00:00:00 2001
+From: uros <uros@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 25 Jan 2018 19:39:01 +0000
+Subject: [PATCH 09/12] Use INVALID_REGNUM in indirect thunk processing
+
+	Backport from mainline
+	2018-01-17  Uros Bizjak  <ubizjak@gmail.com>
+
+	* config/i386/i386.c (indirect_thunk_name): Declare regno
+	as unsigned int.  Compare regno with INVALID_REGNUM.
+	(output_indirect_thunk): Ditto.
+	(output_indirect_thunk_function): Ditto.
+	(ix86_code_end): Declare regno as unsigned int.  Use INVALID_REGNUM
+	in the call to output_indirect_thunk_function.
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@257067 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386.c | 30 +++++++++++++++---------------
+ 1 file changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 9c038be..4012657 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -11087,16 +11087,16 @@ static int indirect_thunks_bnd_used;
+ /* Fills in the label name that should be used for the indirect thunk.  */
+ 
+ static void
+-indirect_thunk_name (char name[32], int regno, bool need_bnd_p,
+-		     bool ret_p)
++indirect_thunk_name (char name[32], unsigned int regno,
++		     bool need_bnd_p, bool ret_p)
+ {
+-  if (regno >= 0 && ret_p)
++  if (regno != INVALID_REGNUM && ret_p)
+     gcc_unreachable ();
+ 
+   if (USE_HIDDEN_LINKONCE)
+     {
+       const char *bnd = need_bnd_p ? "_bnd" : "";
+-      if (regno >= 0)
++      if (regno != INVALID_REGNUM)
+ 	{
+ 	  const char *reg_prefix;
+ 	  if (LEGACY_INT_REGNO_P (regno))
+@@ -11114,7 +11114,7 @@ indirect_thunk_name (char name[32], int regno, bool need_bnd_p,
+     }
+   else
+     {
+-      if (regno >= 0)
++      if (regno != INVALID_REGNUM)
+ 	{
+ 	  if (need_bnd_p)
+ 	    ASM_GENERATE_INTERNAL_LABEL (name, "LITBR", regno);
+@@ -11166,7 +11166,7 @@ indirect_thunk_name (char name[32], int regno, bool need_bnd_p,
+  */
+ 
+ static void
+-output_indirect_thunk (bool need_bnd_p, int regno)
++output_indirect_thunk (bool need_bnd_p, unsigned int regno)
+ {
+   char indirectlabel1[32];
+   char indirectlabel2[32];
+@@ -11196,7 +11196,7 @@ output_indirect_thunk (bool need_bnd_p, int regno)
+ 
+   ASM_OUTPUT_INTERNAL_LABEL (asm_out_file, indirectlabel2);
+ 
+-  if (regno >= 0)
++  if (regno != INVALID_REGNUM)
+     {
+       /* MOV.  */
+       rtx xops[2];
+@@ -11220,12 +11220,12 @@ output_indirect_thunk (bool need_bnd_p, int regno)
+ }
+ 
+ /* Output a funtion with a call and return thunk for indirect branch.
+-   If BND_P is true, the BND prefix is needed.   If REGNO != -1,  the
+-   function address is in REGNO.  Otherwise, the function address is
++   If BND_P is true, the BND prefix is needed.  If REGNO != INVALID_REGNUM,
++   the function address is in REGNO.  Otherwise, the function address is
+    on the top of stack.  */
+ 
+ static void
+-output_indirect_thunk_function (bool need_bnd_p, int regno)
++output_indirect_thunk_function (bool need_bnd_p, unsigned int regno)
+ {
+   char name[32];
+   tree decl;
+@@ -11274,7 +11274,7 @@ output_indirect_thunk_function (bool need_bnd_p, int regno)
+ 	ASM_OUTPUT_LABEL (asm_out_file, name);
+       }
+ 
+-  if (regno < 0)
++  if (regno == INVALID_REGNUM)
+     {
+       /* Create alias for __x86.return_thunk/__x86.return_thunk_bnd.  */
+       char alias[32];
+@@ -11348,16 +11348,16 @@ static void
+ ix86_code_end (void)
+ {
+   rtx xops[2];
+-  int regno;
++  unsigned int regno;
+ 
+   if (indirect_thunk_needed)
+-    output_indirect_thunk_function (false, -1);
++    output_indirect_thunk_function (false, INVALID_REGNUM);
+   if (indirect_thunk_bnd_needed)
+-    output_indirect_thunk_function (true, -1);
++    output_indirect_thunk_function (true, INVALID_REGNUM);
+ 
+   for (regno = FIRST_REX_INT_REG; regno <= LAST_REX_INT_REG; regno++)
+     {
+-      int i = regno - FIRST_REX_INT_REG + LAST_INT_REG + 1;
++      unsigned int i = regno - FIRST_REX_INT_REG + LAST_INT_REG + 1;
+       if ((indirect_thunks_used & (1 << i)))
+ 	output_indirect_thunk_function (false, regno);
+ 
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0010-i386-Pass-INVALID_REGNUM-as-invalid-register-number.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0010-i386-Pass-INVALID_REGNUM-as-invalid-register-number.patch
new file mode 100644
index 0000000000..080d741983
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0010-i386-Pass-INVALID_REGNUM-as-invalid-register-number.patch
@@ -0,0 +1,46 @@
+From c4300d9ad683e693c90d02d4f1b13183bf2d4acc Mon Sep 17 00:00:00 2001
+From: hjl <hjl@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Fri, 2 Feb 2018 16:47:02 +0000
+Subject: [PATCH 10/12] i386: Pass INVALID_REGNUM as invalid register number
+
+	Backport from mainline
+	* config/i386/i386.c (ix86_output_function_return): Pass
+	INVALID_REGNUM, instead of -1, as invalid register number to
+	indirect_thunk_name and output_indirect_thunk.
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@257341 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 4012657..66502ee 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -28056,7 +28056,8 @@ ix86_output_function_return (bool long_p)
+ 	{
+ 	  bool need_thunk = (cfun->machine->function_return_type
+ 			     == indirect_branch_thunk);
+-	  indirect_thunk_name (thunk_name, -1, need_bnd_p, true);
++	  indirect_thunk_name (thunk_name, INVALID_REGNUM, need_bnd_p,
++			       true);
+ 	  if (need_bnd_p)
+ 	    {
+ 	      indirect_thunk_bnd_needed |= need_thunk;
+@@ -28069,7 +28070,7 @@ ix86_output_function_return (bool long_p)
+ 	    }
+ 	}
+       else
+-	output_indirect_thunk (need_bnd_p, -1);
++	output_indirect_thunk (need_bnd_p, INVALID_REGNUM);
+ 
+       return "";
+     }
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0011-i386-Update-mfunction-return-for-return-with-pop.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0011-i386-Update-mfunction-return-for-return-with-pop.patch
new file mode 100644
index 0000000000..3b036fbe18
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0011-i386-Update-mfunction-return-for-return-with-pop.patch
@@ -0,0 +1,453 @@
+From b3a2269c7884378a9afd394ac7e669aab0443b57 Mon Sep 17 00:00:00 2001
+From: hjl <hjl@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 26 Feb 2018 15:29:30 +0000
+Subject: [PATCH 11/12] i386: Update -mfunction-return= for return with pop
+
+When -mfunction-return= is used, simple_return_pop_internal should pop
+return address into ECX register, adjust stack by bytes to pop from stack
+and jump to the return thunk via ECX register.
+
+Revision 257992 removed the bool argument from ix86_output_indirect_jmp.
+Update comments to reflect it.
+
+Tested on i686 and x86-64.
+
+	Backport from mainline
+	* config/i386/i386.c (ix86_output_indirect_jmp): Update comments.
+
+	PR target/84530
+	* config/i386/i386-protos.h (ix86_output_indirect_jmp): Remove
+	the bool argument.
+	(ix86_output_indirect_function_return): New prototype.
+	(ix86_split_simple_return_pop_internal): Likewise.
+	* config/i386/i386.c (indirect_return_via_cx): New.
+	(indirect_return_via_cx_bnd): Likewise.
+	(indirect_thunk_name): Handle return va CX_REG.
+	(output_indirect_thunk_function): Create alias for
+	__x86_return_thunk_[re]cx and __x86_return_thunk_[re]cx_bnd.
+	(ix86_output_indirect_jmp): Remove the bool argument.
+	(ix86_output_indirect_function_return): New function.
+	(ix86_split_simple_return_pop_internal): Likewise.
+	* config/i386/i386.md (*indirect_jump): Don't pass false
+	to ix86_output_indirect_jmp.
+	(*tablejump_1): Likewise.
+	(simple_return_pop_internal): Change it to define_insn_and_split.
+	Call ix86_split_simple_return_pop_internal to split it for
+	-mfunction-return=.
+	(simple_return_indirect_internal): Call
+	ix86_output_indirect_function_return instead of
+	ix86_output_indirect_jmp.
+
+gcc/testsuite/
+
+	Backport from mainline
+	PR target/84530
+	* gcc.target/i386/ret-thunk-22.c: New test.
+	* gcc.target/i386/ret-thunk-23.c: Likewise.
+	* gcc.target/i386/ret-thunk-24.c: Likewise.
+	* gcc.target/i386/ret-thunk-25.c: Likewise.
+	* gcc.target/i386/ret-thunk-26.c: Likewise.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/i386-protos.h                |   4 +-
+ gcc/config/i386/i386.c                       | 127 +++++++++++++++++++++++----
+ gcc/config/i386/i386.md                      |  11 ++-
+ gcc/testsuite/gcc.target/i386/ret-thunk-22.c |  15 ++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-23.c |  15 ++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-24.c |  15 ++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-25.c |  15 ++++
+ gcc/testsuite/gcc.target/i386/ret-thunk-26.c |  40 +++++++++
+ 8 files changed, 222 insertions(+), 20 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-22.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-23.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-24.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-25.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/ret-thunk-26.c
+
+diff --git a/gcc/config/i386/i386-protos.h b/gcc/config/i386/i386-protos.h
+index 620d70e..c7a0ccb5 100644
+--- a/gcc/config/i386/i386-protos.h
++++ b/gcc/config/i386/i386-protos.h
+@@ -311,8 +311,10 @@ extern enum attr_cpu ix86_schedule;
+ #endif
+ 
+ extern const char * ix86_output_call_insn (rtx_insn *insn, rtx call_op);
+-extern const char * ix86_output_indirect_jmp (rtx call_op, bool ret_p);
++extern const char * ix86_output_indirect_jmp (rtx call_op);
+ extern const char * ix86_output_function_return (bool long_p);
++extern const char * ix86_output_indirect_function_return (rtx ret_op);
++extern void ix86_split_simple_return_pop_internal (rtx);
+ extern bool ix86_operands_ok_for_move_multiple (rtx *operands, bool load,
+ 						enum machine_mode mode);
+ 
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 66502ee..21c3c18 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -11080,6 +11080,12 @@ static int indirect_thunks_used;
+    by call and return thunks functions with the BND prefix.  */
+ static int indirect_thunks_bnd_used;
+ 
++/* True if return thunk function via CX is needed.  */
++static bool indirect_return_via_cx;
++/* True if return thunk function via CX with the BND prefix is
++   needed.  */
++static bool indirect_return_via_cx_bnd;
++
+ #ifndef INDIRECT_LABEL
+ # define INDIRECT_LABEL "LIND"
+ #endif
+@@ -11090,12 +11096,13 @@ static void
+ indirect_thunk_name (char name[32], unsigned int regno,
+ 		     bool need_bnd_p, bool ret_p)
+ {
+-  if (regno != INVALID_REGNUM && ret_p)
++  if (regno != INVALID_REGNUM && regno != CX_REG && ret_p)
+     gcc_unreachable ();
+ 
+   if (USE_HIDDEN_LINKONCE)
+     {
+       const char *bnd = need_bnd_p ? "_bnd" : "";
++      const char *ret = ret_p ? "return" : "indirect";
+       if (regno != INVALID_REGNUM)
+ 	{
+ 	  const char *reg_prefix;
+@@ -11103,14 +11110,11 @@ indirect_thunk_name (char name[32], unsigned int regno,
+ 	    reg_prefix = TARGET_64BIT ? "r" : "e";
+ 	  else
+ 	    reg_prefix = "";
+-	  sprintf (name, "__x86_indirect_thunk%s_%s%s",
+-		   bnd, reg_prefix, reg_names[regno]);
++	  sprintf (name, "__x86_%s_thunk%s_%s%s",
++		   ret, bnd, reg_prefix, reg_names[regno]);
+ 	}
+       else
+-	{
+-	  const char *ret = ret_p ? "return" : "indirect";
+-	  sprintf (name, "__x86_%s_thunk%s", ret, bnd);
+-	}
++	sprintf (name, "__x86_%s_thunk%s", ret, bnd);
+     }
+   else
+     {
+@@ -11274,9 +11278,23 @@ output_indirect_thunk_function (bool need_bnd_p, unsigned int regno)
+ 	ASM_OUTPUT_LABEL (asm_out_file, name);
+       }
+ 
++  /* Create alias for __x86_return_thunk/__x86_return_thunk_bnd or
++     __x86_return_thunk_ecx/__x86_return_thunk_ecx_bnd.  */
++  bool need_alias;
+   if (regno == INVALID_REGNUM)
++    need_alias = true;
++  else if (regno == CX_REG)
++    {
++      if (need_bnd_p)
++	need_alias = indirect_return_via_cx_bnd;
++      else
++	need_alias = indirect_return_via_cx;
++    }
++  else
++    need_alias = false;
++
++  if (need_alias)
+     {
+-      /* Create alias for __x86.return_thunk/__x86.return_thunk_bnd.  */
+       char alias[32];
+ 
+       indirect_thunk_name (alias, regno, need_bnd_p, true);
+@@ -28019,18 +28037,17 @@ ix86_output_indirect_branch (rtx call_op, const char *xasm,
+   else
+     ix86_output_indirect_branch_via_push (call_op, xasm, sibcall_p);
+ }
+-/* Output indirect jump.  CALL_OP is the jump target.  Jump is a
+-   function return if RET_P is true.  */
++
++/* Output indirect jump.  CALL_OP is the jump target.  */
+ 
+ const char *
+-ix86_output_indirect_jmp (rtx call_op, bool ret_p)
++ix86_output_indirect_jmp (rtx call_op)
+ {
+   if (cfun->machine->indirect_branch_type != indirect_branch_keep)
+     {
+-      /* We can't have red-zone if this isn't a function return since
+-	 "call" in the indirect thunk pushes the return address onto
+-	 stack, destroying red-zone.  */
+-      if (!ret_p && ix86_red_zone_size != 0)
++      /* We can't have red-zone since "call" in the indirect thunk
++         pushes the return address onto stack, destroying red-zone.  */
++      if (ix86_red_zone_size != 0)
+ 	gcc_unreachable ();
+ 
+       ix86_output_indirect_branch (call_op, "%0", true);
+@@ -28081,6 +28098,86 @@ ix86_output_function_return (bool long_p)
+   return "rep%; ret";
+ }
+ 
++/* Output indirect function return.  RET_OP is the function return
++   target.  */
++
++const char *
++ix86_output_indirect_function_return (rtx ret_op)
++{
++  if (cfun->machine->function_return_type != indirect_branch_keep)
++    {
++      char thunk_name[32];
++      bool need_bnd_p = ix86_bnd_prefixed_insn_p (current_output_insn);
++      unsigned int regno = REGNO (ret_op);
++      gcc_assert (regno == CX_REG);
++
++      if (cfun->machine->function_return_type
++	  != indirect_branch_thunk_inline)
++	{
++	  bool need_thunk = (cfun->machine->function_return_type
++			     == indirect_branch_thunk);
++	  indirect_thunk_name (thunk_name, regno, need_bnd_p, true);
++	  if (need_bnd_p)
++	    {
++	      if (need_thunk)
++		{
++		  indirect_return_via_cx_bnd = true;
++		  indirect_thunks_bnd_used |= 1 << CX_REG;
++		}
++	      fprintf (asm_out_file, "\tbnd jmp\t%s\n", thunk_name);
++	    }
++	  else
++	    {
++	      if (need_thunk)
++		{
++		  indirect_return_via_cx = true;
++		  indirect_thunks_used |= 1 << CX_REG;
++		}
++	      fprintf (asm_out_file, "\tjmp\t%s\n", thunk_name);
++	    }
++	}
++      else
++	output_indirect_thunk (need_bnd_p, regno);
++
++      return "";
++    }
++  else
++    return "%!jmp\t%A0";
++}
++
++/* Split simple return with popping POPC bytes from stack to indirect
++   branch with stack adjustment .  */
++
++void
++ix86_split_simple_return_pop_internal (rtx popc)
++{
++  struct machine_function *m = cfun->machine;
++  rtx ecx = gen_rtx_REG (SImode, CX_REG);
++  rtx_insn *insn;
++
++  /* There is no "pascal" calling convention in any 64bit ABI.  */
++  gcc_assert (!TARGET_64BIT);
++
++  insn = emit_insn (gen_pop (ecx));
++  m->fs.cfa_offset -= UNITS_PER_WORD;
++  m->fs.sp_offset -= UNITS_PER_WORD;
++
++  rtx x = plus_constant (Pmode, stack_pointer_rtx, UNITS_PER_WORD);
++  x = gen_rtx_SET (stack_pointer_rtx, x);
++  add_reg_note (insn, REG_CFA_ADJUST_CFA, x);
++  add_reg_note (insn, REG_CFA_REGISTER, gen_rtx_SET (ecx, pc_rtx));
++  RTX_FRAME_RELATED_P (insn) = 1;
++
++  x = gen_rtx_PLUS (Pmode, stack_pointer_rtx, popc);
++  x = gen_rtx_SET (stack_pointer_rtx, x);
++  insn = emit_insn (x);
++  add_reg_note (insn, REG_CFA_ADJUST_CFA, x);
++  RTX_FRAME_RELATED_P (insn) = 1;
++
++  /* Now return address is in ECX.  */
++  emit_jump_insn (gen_simple_return_indirect_internal (ecx));
++}
++
+ /* Output the assembly for a call instruction.  */
+ 
+ const char *
+diff --git a/gcc/config/i386/i386.md b/gcc/config/i386/i386.md
+index 05a88ff..857466a 100644
+--- a/gcc/config/i386/i386.md
++++ b/gcc/config/i386/i386.md
+@@ -11813,7 +11813,7 @@
+ (define_insn "*indirect_jump"
+   [(set (pc) (match_operand:W 0 "indirect_branch_operand" "rBw"))]
+   ""
+-  "* return ix86_output_indirect_jmp (operands[0], false);"
++  "* return ix86_output_indirect_jmp (operands[0]);"
+   [(set (attr "type")
+      (if_then_else (match_test "(cfun->machine->indirect_branch_type
+ 				 != indirect_branch_keep)")
+@@ -11868,7 +11868,7 @@
+   [(set (pc) (match_operand:W 0 "indirect_branch_operand" "rBw"))
+    (use (label_ref (match_operand 1)))]
+   ""
+-  "* return ix86_output_indirect_jmp (operands[0], false);"
++  "* return ix86_output_indirect_jmp (operands[0]);"
+   [(set (attr "type")
+      (if_then_else (match_test "(cfun->machine->indirect_branch_type
+ 				 != indirect_branch_keep)")
+@@ -12520,11 +12520,14 @@
+    (set_attr "prefix_rep" "1")
+    (set_attr "modrm" "0")])
+ 
+-(define_insn "simple_return_pop_internal"
++(define_insn_and_split "simple_return_pop_internal"
+   [(simple_return)
+    (use (match_operand:SI 0 "const_int_operand"))]
+   "reload_completed"
+   "%!ret\t%0"
++  "&& cfun->machine->function_return_type != indirect_branch_keep"
++  [(const_int 0)]
++  "ix86_split_simple_return_pop_internal (operands[0]); DONE;"
+   [(set_attr "length" "3")
+    (set_attr "atom_unit" "jeu")
+    (set_attr "length_immediate" "2")
+@@ -12535,7 +12538,7 @@
+   [(simple_return)
+    (use (match_operand:SI 0 "register_operand" "r"))]
+   "reload_completed"
+-  "* return ix86_output_indirect_jmp (operands[0], true);"
++  "* return ix86_output_indirect_function_return (operands[0]);"
+   [(set (attr "type")
+      (if_then_else (match_test "(cfun->machine->indirect_branch_type
+ 				 != indirect_branch_keep)")
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-22.c b/gcc/testsuite/gcc.target/i386/ret-thunk-22.c
+new file mode 100644
+index 0000000..89e086d
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-22.c
+@@ -0,0 +1,15 @@
++/* PR target/r84530 */
++/* { dg-do compile { target ia32 } } */
++/* { dg-options "-O2 -mfunction-return=thunk" } */
++
++struct s { _Complex unsigned short x; };
++struct s gs = { 100 + 200i };
++struct s __attribute__((noinline)) foo (void) { return gs; }
++
++/* { dg-final { scan-assembler-times "popl\[\\t \]*%ecx" 1 } } */
++/* { dg-final { scan-assembler "lea\[l\]?\[\\t \]*4\\(%esp\\), %esp" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk_ecx" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-23.c b/gcc/testsuite/gcc.target/i386/ret-thunk-23.c
+new file mode 100644
+index 0000000..43f0cca
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-23.c
+@@ -0,0 +1,15 @@
++/* PR target/r84530 */
++/* { dg-do compile { target ia32 } } */
++/* { dg-options "-O2 -mfunction-return=thunk-extern" } */
++
++struct s { _Complex unsigned short x; };
++struct s gs = { 100 + 200i };
++struct s __attribute__((noinline)) foo (void) { return gs; }
++
++/* { dg-final { scan-assembler-times "popl\[\\t \]*%ecx" 1 } } */
++/* { dg-final { scan-assembler "lea\[l\]?\[\\t \]*4\\(%esp\\), %esp" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk_ecx" } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not {\tpause} } } */
++/* { dg-final { scan-assembler-not {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-24.c b/gcc/testsuite/gcc.target/i386/ret-thunk-24.c
+new file mode 100644
+index 0000000..8729e35
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-24.c
+@@ -0,0 +1,15 @@
++/* PR target/r84530 */
++/* { dg-do compile { target ia32 } } */
++/* { dg-options "-O2 -mfunction-return=thunk-inline" } */
++
++struct s { _Complex unsigned short x; };
++struct s gs = { 100 + 200i };
++struct s __attribute__((noinline)) foo (void) { return gs; }
++
++/* { dg-final { scan-assembler-times "popl\[\\t \]*%ecx" 1 } } */
++/* { dg-final { scan-assembler "lea\[l\]?\[\\t \]*4\\(%esp\\), %esp" } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk_ecx" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-25.c b/gcc/testsuite/gcc.target/i386/ret-thunk-25.c
+new file mode 100644
+index 0000000..f73553c
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-25.c
+@@ -0,0 +1,15 @@
++/* PR target/r84530 */
++/* { dg-do compile { target ia32 } } */
++/* { dg-options "-O2 -mfunction-return=thunk -fcheck-pointer-bounds -mmpx -fno-pic" } */
++
++struct s { _Complex unsigned short x; };
++struct s gs = { 100 + 200i };
++struct s __attribute__((noinline)) foo (void) { return gs; }
++
++/* { dg-final { scan-assembler-times "popl\[\\t \]*%ecx" 1 } } */
++/* { dg-final { scan-assembler "lea\[l\]?\[\\t \]*4\\(%esp\\), %esp" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk_bnd_ecx" } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler {\tpause} } } */
++/* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-26.c b/gcc/testsuite/gcc.target/i386/ret-thunk-26.c
+new file mode 100644
+index 0000000..9144e98
+--- /dev/null
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-26.c
+@@ -0,0 +1,40 @@
++/* PR target/r84530 */
++/* { dg-do run } */
++/* { dg-options "-Os -mfunction-return=thunk" } */
++
++struct S { int i; };
++__attribute__((const, noinline, noclone))
++struct S foo (int x)
++{
++  struct S s;
++  s.i = x;
++  return s;
++}
++
++int a[2048], b[2048], c[2048], d[2048];
++struct S e[2048];
++
++__attribute__((noinline, noclone)) void
++bar (void)
++{
++  int i;
++  for (i = 0; i < 1024; i++)
++    {
++      e[i] = foo (i);
++      a[i+2] = a[i] + a[i+1];
++      b[10] = b[10] + i;
++      c[i] = c[2047 - i];
++      d[i] = d[i + 1];
++    }
++}
++
++int
++main ()
++{
++  int i;
++  bar ();
++  for (i = 0; i < 1024; i++)
++    if (e[i].i != i)
++      __builtin_abort ();
++  return 0;
++}
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0012-i386-Add-TARGET_INDIRECT_BRANCH_REGISTER.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0012-i386-Add-TARGET_INDIRECT_BRANCH_REGISTER.patch
new file mode 100644
index 0000000000..b50ac5cb02
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0012-i386-Add-TARGET_INDIRECT_BRANCH_REGISTER.patch
@@ -0,0 +1,1004 @@
+From 7ba192d11a43d24ce427a3dfce0ad0592bd52830 Mon Sep 17 00:00:00 2001
+From: hjl <hjl@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 26 Feb 2018 17:00:46 +0000
+Subject: [PATCH 12/12] i386: Add TARGET_INDIRECT_BRANCH_REGISTER
+
+For
+
+---
+struct C {
+  virtual ~C();
+  virtual void f();
+};
+
+void
+f (C *p)
+{
+  p->f();
+  p->f();
+}
+---
+
+-mindirect-branch=thunk-extern -O2 on x86-64 GNU/Linux generates:
+
+_Z1fP1C:
+.LFB0:
+        .cfi_startproc
+        pushq   %rbx
+        .cfi_def_cfa_offset 16
+        .cfi_offset 3, -16
+        movq    (%rdi), %rax
+        movq    %rdi, %rbx
+        jmp     .LIND1
+.LIND0:
+        pushq   16(%rax)
+        jmp     __x86_indirect_thunk
+.LIND1:
+        call    .LIND0
+        movq    (%rbx), %rax
+        movq    %rbx, %rdi
+        popq    %rbx
+        .cfi_def_cfa_offset 8
+        movq    16(%rax), %rax
+        jmp     __x86_indirect_thunk_rax
+        .cfi_endproc
+
+x86-64 is supposed to have asynchronous unwind tables by default, but
+there is nothing that reflects the change in the (relative) frame
+address after .LIND0.  That region really has to be moved outside of
+the .cfi_startproc/.cfi_endproc bracket.
+
+This patch adds TARGET_INDIRECT_BRANCH_REGISTER to force indirect
+branch via register whenever -mindirect-branch= is used.  Now,
+-mindirect-branch=thunk-extern -O2 on x86-64 GNU/Linux generates:
+
+_Z1fP1C:
+.LFB0:
+	.cfi_startproc
+	pushq	%rbx
+	.cfi_def_cfa_offset 16
+	.cfi_offset 3, -16
+	movq	(%rdi), %rax
+	movq	%rdi, %rbx
+	movq	16(%rax), %rax
+	call	__x86_indirect_thunk_rax
+	movq	(%rbx), %rax
+	movq	%rbx, %rdi
+	popq	%rbx
+	.cfi_def_cfa_offset 8
+	movq	16(%rax), %rax
+	jmp	__x86_indirect_thunk_rax
+	.cfi_endproc
+
+so that "-mindirect-branch=thunk-extern" is equivalent to
+"-mindirect-branch=thunk-extern -mindirect-branch-register", which is
+used by Linux kernel.
+
+gcc/
+
+	Backport from mainline
+	PR target/84039
+	* config/i386/constraints.md (Bs): Replace
+	ix86_indirect_branch_register with
+	TARGET_INDIRECT_BRANCH_REGISTER.
+	(Bw): Likewise.
+	* config/i386/i386.md (indirect_jump): Likewise.
+	(tablejump): Likewise.
+	(*sibcall_memory): Likewise.
+	(*sibcall_value_memory): Likewise.
+	Peepholes of indirect call and jump via memory: Likewise.
+	(*sibcall_GOT_32): Disallowed for TARGET_INDIRECT_BRANCH_REGISTER.
+	(*sibcall_value_GOT_32): Likewise.
+	* config/i386/predicates.md (indirect_branch_operand): Likewise.
+	(GOT_memory_operand): Likewise.
+	(call_insn_operand): Likewise.
+	(sibcall_insn_operand): Likewise.
+	(GOT32_symbol_operand): Likewise.
+	* config/i386/i386.h (TARGET_INDIRECT_BRANCH_REGISTER): New.
+
+gcc/testsuite/
+
+	Backport from mainline
+	PR target/84039
+	* gcc.target/i386/indirect-thunk-1.c: Updated.
+	* gcc.target/i386/indirect-thunk-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-attr-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-bnd-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-1.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-2.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-3.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-4.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-5.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-6.c: Likewise.
+	* gcc.target/i386/indirect-thunk-inline-7.c: Likewise.
+	* gcc.target/i386/ret-thunk-9.c: Likewise.
+	* gcc.target/i386/ret-thunk-10.c: Likewise.
+	* gcc.target/i386/ret-thunk-11.c: Likewise.
+	* gcc.target/i386/ret-thunk-12.c: Likewise.
+	* gcc.target/i386/ret-thunk-13.c: Likewise.
+	* gcc.target/i386/ret-thunk-14.c: Likewise.
+	* gcc.target/i386/ret-thunk-15.c: Likewise.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/i386/constraints.md                     |  4 ++--
+ gcc/config/i386/i386.h                             |  5 ++++
+ gcc/config/i386/i386.md                            | 28 +++++++++++++---------
+ gcc/config/i386/predicates.md                      |  6 ++---
+ gcc/testsuite/gcc.target/i386/indirect-thunk-1.c   |  5 ++--
+ gcc/testsuite/gcc.target/i386/indirect-thunk-2.c   |  5 ++--
+ gcc/testsuite/gcc.target/i386/indirect-thunk-3.c   |  5 ++--
+ gcc/testsuite/gcc.target/i386/indirect-thunk-4.c   |  5 ++--
+ gcc/testsuite/gcc.target/i386/indirect-thunk-5.c   |  6 +++--
+ gcc/testsuite/gcc.target/i386/indirect-thunk-6.c   | 12 ++++++----
+ gcc/testsuite/gcc.target/i386/indirect-thunk-7.c   |  5 ++--
+ .../gcc.target/i386/indirect-thunk-attr-1.c        |  5 ++--
+ .../gcc.target/i386/indirect-thunk-attr-2.c        |  5 ++--
+ .../gcc.target/i386/indirect-thunk-attr-3.c        |  3 +--
+ .../gcc.target/i386/indirect-thunk-attr-4.c        |  3 +--
+ .../gcc.target/i386/indirect-thunk-attr-5.c        |  9 ++++---
+ .../gcc.target/i386/indirect-thunk-attr-6.c        |  9 ++++---
+ .../gcc.target/i386/indirect-thunk-attr-7.c        |  5 ++--
+ .../gcc.target/i386/indirect-thunk-bnd-1.c         |  6 ++---
+ .../gcc.target/i386/indirect-thunk-bnd-2.c         |  6 ++---
+ .../gcc.target/i386/indirect-thunk-bnd-3.c         |  5 ++--
+ .../gcc.target/i386/indirect-thunk-bnd-4.c         |  7 +++---
+ .../gcc.target/i386/indirect-thunk-extern-1.c      |  5 ++--
+ .../gcc.target/i386/indirect-thunk-extern-2.c      |  5 ++--
+ .../gcc.target/i386/indirect-thunk-extern-3.c      |  9 ++++---
+ .../gcc.target/i386/indirect-thunk-extern-4.c      |  6 ++---
+ .../gcc.target/i386/indirect-thunk-extern-5.c      |  6 +++--
+ .../gcc.target/i386/indirect-thunk-extern-6.c      |  8 +++----
+ .../gcc.target/i386/indirect-thunk-extern-7.c      |  5 ++--
+ .../gcc.target/i386/indirect-thunk-inline-1.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-2.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-3.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-4.c      |  2 +-
+ .../gcc.target/i386/indirect-thunk-inline-5.c      |  3 ++-
+ .../gcc.target/i386/indirect-thunk-inline-6.c      |  3 ++-
+ .../gcc.target/i386/indirect-thunk-inline-7.c      |  4 ++--
+ gcc/testsuite/gcc.target/i386/ret-thunk-10.c       |  9 +++----
+ gcc/testsuite/gcc.target/i386/ret-thunk-11.c       |  9 +++----
+ gcc/testsuite/gcc.target/i386/ret-thunk-12.c       |  8 +++----
+ gcc/testsuite/gcc.target/i386/ret-thunk-13.c       |  5 ++--
+ gcc/testsuite/gcc.target/i386/ret-thunk-14.c       |  7 +++---
+ gcc/testsuite/gcc.target/i386/ret-thunk-15.c       |  7 +++---
+ gcc/testsuite/gcc.target/i386/ret-thunk-9.c        | 13 ++++------
+ 43 files changed, 128 insertions(+), 141 deletions(-)
+
+diff --git a/gcc/config/i386/constraints.md b/gcc/config/i386/constraints.md
+index 9204c8e..ef684a9 100644
+--- a/gcc/config/i386/constraints.md
++++ b/gcc/config/i386/constraints.md
+@@ -172,7 +172,7 @@
+ 
+ (define_constraint "Bs"
+   "@internal Sibcall memory operand."
+-  (ior (and (not (match_test "ix86_indirect_branch_register"))
++  (ior (and (not (match_test "TARGET_INDIRECT_BRANCH_REGISTER"))
+ 	    (not (match_test "TARGET_X32"))
+ 	    (match_operand 0 "sibcall_memory_operand"))
+        (and (match_test "TARGET_X32 && Pmode == DImode")
+@@ -180,7 +180,7 @@
+ 
+ (define_constraint "Bw"
+   "@internal Call memory operand."
+-  (ior (and (not (match_test "ix86_indirect_branch_register"))
++  (ior (and (not (match_test "TARGET_INDIRECT_BRANCH_REGISTER"))
+ 	    (not (match_test "TARGET_X32"))
+ 	    (match_operand 0 "memory_operand"))
+        (and (match_test "TARGET_X32 && Pmode == DImode")
+diff --git a/gcc/config/i386/i386.h b/gcc/config/i386/i386.h
+index b34bc11..1816d71 100644
+--- a/gcc/config/i386/i386.h
++++ b/gcc/config/i386/i386.h
+@@ -2676,6 +2676,11 @@ extern void debug_dispatch_window (int);
+ #define TARGET_RECIP_VEC_DIV	((recip_mask & RECIP_MASK_VEC_DIV) != 0)
+ #define TARGET_RECIP_VEC_SQRT	((recip_mask & RECIP_MASK_VEC_SQRT) != 0)
+ 
++
++#define TARGET_INDIRECT_BRANCH_REGISTER \
++  (ix86_indirect_branch_register \
++   || cfun->machine->indirect_branch_type != indirect_branch_keep)
++
+ #define IX86_HLE_ACQUIRE (1 << 16)
+ #define IX86_HLE_RELEASE (1 << 17)
+ 
+diff --git a/gcc/config/i386/i386.md b/gcc/config/i386/i386.md
+index 857466a..6a6dc26 100644
+--- a/gcc/config/i386/i386.md
++++ b/gcc/config/i386/i386.md
+@@ -11805,7 +11805,7 @@
+   [(set (pc) (match_operand 0 "indirect_branch_operand"))]
+   ""
+ {
+-  if (TARGET_X32 || ix86_indirect_branch_register)
++  if (TARGET_X32 || TARGET_INDIRECT_BRANCH_REGISTER)
+     operands[0] = convert_memory_address (word_mode, operands[0]);
+   cfun->machine->has_local_indirect_jump = true;
+ })
+@@ -11859,7 +11859,7 @@
+ 					 OPTAB_DIRECT);
+     }
+ 
+-  if (TARGET_X32 || ix86_indirect_branch_register)
++  if (TARGET_X32 || TARGET_INDIRECT_BRANCH_REGISTER)
+     operands[0] = convert_memory_address (word_mode, operands[0]);
+   cfun->machine->has_local_indirect_jump = true;
+ })
+@@ -12029,7 +12029,10 @@
+ 		     (match_operand:SI 0 "register_no_elim_operand" "U")
+ 		     (match_operand:SI 1 "GOT32_symbol_operand"))))
+ 	 (match_operand 2))]
+-  "!TARGET_MACHO && !TARGET_64BIT && SIBLING_CALL_P (insn)"
++  "!TARGET_MACHO
++  && !TARGET_64BIT
++  && !TARGET_INDIRECT_BRANCH_REGISTER
++  && SIBLING_CALL_P (insn)"
+ {
+   rtx fnaddr = gen_rtx_PLUS (Pmode, operands[0], operands[1]);
+   fnaddr = gen_const_mem (Pmode, fnaddr);
+@@ -12048,7 +12051,7 @@
+   [(call (mem:QI (match_operand:W 0 "memory_operand" "m"))
+ 	 (match_operand 1))
+    (unspec [(const_int 0)] UNSPEC_PEEPSIB)]
+-  "!TARGET_X32 && !ix86_indirect_branch_register"
++  "!TARGET_X32 && !TARGET_INDIRECT_BRANCH_REGISTER"
+   "* return ix86_output_call_insn (insn, operands[0]);"
+   [(set_attr "type" "call")])
+ 
+@@ -12058,7 +12061,7 @@
+    (call (mem:QI (match_dup 0))
+ 	 (match_operand 3))]
+   "!TARGET_X32
+-   && !ix86_indirect_branch_register
++   && !TARGET_INDIRECT_BRANCH_REGISTER
+    && SIBLING_CALL_P (peep2_next_insn (1))
+    && !reg_mentioned_p (operands[0],
+ 			CALL_INSN_FUNCTION_USAGE (peep2_next_insn (1)))"
+@@ -12073,7 +12076,7 @@
+    (call (mem:QI (match_dup 0))
+ 	 (match_operand 3))]
+   "!TARGET_X32
+-   && !ix86_indirect_branch_register
++   && !TARGET_INDIRECT_BRANCH_REGISTER
+    && SIBLING_CALL_P (peep2_next_insn (2))
+    && !reg_mentioned_p (operands[0],
+ 			CALL_INSN_FUNCTION_USAGE (peep2_next_insn (2)))"
+@@ -12171,7 +12174,7 @@
+         (match_operand:W 1 "memory_operand"))
+    (set (pc) (match_dup 0))]
+   "!TARGET_X32
+-   && !ix86_indirect_branch_register
++   && !TARGET_INDIRECT_BRANCH_REGISTER
+    && peep2_reg_dead_p (2, operands[0])"
+   [(set (pc) (match_dup 1))])
+ 
+@@ -12229,7 +12232,10 @@
+ 			  (match_operand:SI 1 "register_no_elim_operand" "U")
+ 			  (match_operand:SI 2 "GOT32_symbol_operand"))))
+ 	 (match_operand 3)))]
+-  "!TARGET_MACHO && !TARGET_64BIT && SIBLING_CALL_P (insn)"
++  "!TARGET_MACHO
++   && !TARGET_64BIT
++   && !TARGET_INDIRECT_BRANCH_REGISTER
++   && SIBLING_CALL_P (insn)"
+ {
+   rtx fnaddr = gen_rtx_PLUS (Pmode, operands[1], operands[2]);
+   fnaddr = gen_const_mem (Pmode, fnaddr);
+@@ -12250,7 +12256,7 @@
+  	(call (mem:QI (match_operand:W 1 "memory_operand" "m"))
+ 	      (match_operand 2)))
+    (unspec [(const_int 0)] UNSPEC_PEEPSIB)]
+-  "!TARGET_X32 && !ix86_indirect_branch_register"
++  "!TARGET_X32 && !TARGET_INDIRECT_BRANCH_REGISTER"
+   "* return ix86_output_call_insn (insn, operands[1]);"
+   [(set_attr "type" "callv")])
+ 
+@@ -12261,7 +12267,7 @@
+    (call (mem:QI (match_dup 0))
+ 		 (match_operand 3)))]
+   "!TARGET_X32
+-   && !ix86_indirect_branch_register
++   && !TARGET_INDIRECT_BRANCH_REGISTER
+    && SIBLING_CALL_P (peep2_next_insn (1))
+    && !reg_mentioned_p (operands[0],
+ 			CALL_INSN_FUNCTION_USAGE (peep2_next_insn (1)))"
+@@ -12278,7 +12284,7 @@
+ 	(call (mem:QI (match_dup 0))
+ 	      (match_operand 3)))]
+   "!TARGET_X32
+-   && !ix86_indirect_branch_register
++   && !TARGET_INDIRECT_BRANCH_REGISTER
+    && SIBLING_CALL_P (peep2_next_insn (2))
+    && !reg_mentioned_p (operands[0],
+ 			CALL_INSN_FUNCTION_USAGE (peep2_next_insn (2)))"
+diff --git a/gcc/config/i386/predicates.md b/gcc/config/i386/predicates.md
+index d1f0a7d..5f8a98f 100644
+--- a/gcc/config/i386/predicates.md
++++ b/gcc/config/i386/predicates.md
+@@ -593,7 +593,7 @@
+ ;; Test for a valid operand for indirect branch.
+ (define_predicate "indirect_branch_operand"
+   (ior (match_operand 0 "register_operand")
+-       (and (not (match_test "ix86_indirect_branch_register"))
++       (and (not (match_test "TARGET_INDIRECT_BRANCH_REGISTER"))
+ 	    (not (match_test "TARGET_X32"))
+ 	    (match_operand 0 "memory_operand"))))
+ 
+@@ -637,7 +637,7 @@
+   (ior (match_test "constant_call_address_operand
+ 		     (op, mode == VOIDmode ? mode : Pmode)")
+        (match_operand 0 "call_register_no_elim_operand")
+-       (and (not (match_test "ix86_indirect_branch_register"))
++       (and (not (match_test "TARGET_INDIRECT_BRANCH_REGISTER"))
+ 	    (ior (and (not (match_test "TARGET_X32"))
+ 		      (match_operand 0 "memory_operand"))
+ 		 (and (match_test "TARGET_X32 && Pmode == DImode")
+@@ -648,7 +648,7 @@
+   (ior (match_test "constant_call_address_operand
+ 		     (op, mode == VOIDmode ? mode : Pmode)")
+        (match_operand 0 "register_no_elim_operand")
+-       (and (not (match_test "ix86_indirect_branch_register"))
++       (and (not (match_test "TARGET_INDIRECT_BRANCH_REGISTER"))
+ 	    (ior (and (not (match_test "TARGET_X32"))
+ 		      (match_operand 0 "sibcall_memory_operand"))
+ 		 (and (match_test "TARGET_X32 && Pmode == DImode")
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+index 60d0988..6e94d2c 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-1.c
+@@ -11,9 +11,8 @@ male_indirect_jump (long offset)
+   dispatch(offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+index aac7516..3c46707 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-2.c
+@@ -11,9 +11,8 @@ male_indirect_jump (long offset)
+   dispatch[offset](offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+index 9e24a38..2c7fb52 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-3.c
+@@ -12,9 +12,8 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+index 127b5d9..0d3f895 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-4.c
+@@ -12,9 +12,8 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+index fcaa18d..fb26c00 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-5.c
+@@ -9,8 +9,10 @@ foo (void)
+   bar ();
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*bar@GOT" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+index e464928..aa03fbd 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-6.c
+@@ -10,9 +10,13 @@ foo (void)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
+-/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+-/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target x32 } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 { target x32 } } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*bar@GOT" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
++/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+ /* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+index 17c2d0f..3c72036 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-7.c
+@@ -35,9 +35,8 @@ bar (int i)
+     }
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+index 9194ccf..7106407 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-1.c
+@@ -14,9 +14,8 @@ male_indirect_jump (long offset)
+   dispatch(offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+index e51f261..27c7e5b 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-2.c
+@@ -12,9 +12,8 @@ male_indirect_jump (long offset)
+   dispatch[offset](offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+index 4aeec18..89a2bac 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-3.c
+@@ -14,10 +14,9 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+ /* { dg-final { scan-assembler {\tlfence} } } */
+ /* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+index ac0e599..3eb83c3 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-4.c
+@@ -13,10 +13,9 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+ /* { dg-final { scan-assembler {\tlfence} } } */
+ /* { dg-final { scan-assembler-not "__x86_indirect_thunk" } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+index 573cf1e..0098dd1 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-5.c
+@@ -14,9 +14,8 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+index b2b37fc..ece8de1 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-6.c
+@@ -13,9 +13,8 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+index 4a43e19..d53fc88 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
+@@ -36,9 +36,8 @@ bar (int i)
+     }
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+ /* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+index ac84ab6..73d16ba 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-1.c
+@@ -10,9 +10,9 @@ foo (void)
+   dispatch (buf);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "pushq\[ \t\]%rax" { target x32 } } } */
+-/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd" } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd_rax" { target lp64 } } } */
++/* { dg-final { scan-assembler "bnd call\[ \t\]*__x86_indirect_thunk_bnd_eax" { target ia32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "bnd call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "bnd ret" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+index ce655e8..856751a 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-2.c
+@@ -11,10 +11,8 @@ foo (void)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "pushq\[ \t\]%rax" { target x32 } } } */
+-/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd" } } */
+-/* { dg-final { scan-assembler "bnd jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "bnd call\[ \t\]*__x86_indirect_thunk_bnd_(r|e)ax" } } */
+ /* { dg-final { scan-assembler "bnd call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "bnd ret" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+index d34485a..42312f6 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-3.c
+@@ -10,8 +10,9 @@ foo (void)
+   bar (buf);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
+-/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd" } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk_bnd_rax" { target lp64 } } } */
++/* { dg-final { scan-assembler "bnd call\[ \t\]*__x86_indirect_thunk_bnd_eax" { target ia32 } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "bnd call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "bnd ret" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+index 0e19830..c8ca102 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-bnd-4.c
+@@ -11,10 +11,9 @@ foo (void)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
+-/* { dg-final { scan-assembler "bnd jmp\[ \t\]*__x86_indirect_thunk" } } */
+-/* { dg-final { scan-assembler "bnd jmp\[ \t\]*\.LIND" } } */
+-/* { dg-final { scan-assembler-times "bnd call\[ \t\]*\.LIND" 2 } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "bnd call\[ \t\]*__x86_indirect_thunk_bnd_(r|e)ax" } } */
++/* { dg-final { scan-assembler-times "bnd call\[ \t\]*\.LIND" 1 } } */
+ /* { dg-final { scan-assembler "bnd ret" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+ /* { dg-final { scan-assembler {\tlfence} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+index 579441f..c09dd0a 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-1.c
+@@ -11,9 +11,8 @@ male_indirect_jump (long offset)
+   dispatch(offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+ /* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+index c92e6f2..826425a 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-2.c
+@@ -11,9 +11,8 @@ male_indirect_jump (long offset)
+   dispatch[offset](offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+ /* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+index d9964c2..3856268 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-3.c
+@@ -12,9 +12,8 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
++/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+index d4dca4d..1ae49b1 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-4.c
+@@ -12,9 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+index 5c07e02..5328239 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-5.c
+@@ -9,8 +9,10 @@ foo (void)
+   bar ();
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*bar@GOT" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+ /* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+index 3eb4406..8ae4348 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-6.c
+@@ -10,8 +10,8 @@ foo (void)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
+-/* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 1 } } */
+-/* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 1 } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*bar@GOT" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+index aece938..2b9a33e 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
+@@ -35,9 +35,8 @@ bar (int i)
+     }
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+ /* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
+ /* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+index 3aba5e8..869d904 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-1.c
+@@ -11,7 +11,7 @@ male_indirect_jump (long offset)
+   dispatch(offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+index 0f0181d..c5c16ed 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-2.c
+@@ -11,7 +11,7 @@ male_indirect_jump (long offset)
+   dispatch[offset](offset);
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+index 2eef6f3..4a63ebe 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-3.c
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times {\tpause} 1 } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+index e825a10..a395ffc 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-4.c
+@@ -12,7 +12,7 @@ male_indirect_jump (long offset)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?dispatch" { target { { ! x32 } && *-*-linux* } } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?dispatch" { target *-*-linux* } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times {\tpause} 1 } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+index c6d77e1..21cbfd3 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-5.c
+@@ -9,7 +9,8 @@ foo (void)
+   bar ();
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*bar@GOT" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+index 6454827..d1300f1 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-6.c
+@@ -10,7 +10,8 @@ foo (void)
+   return 0;
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" } } */
++/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*bar@GOT" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*bar@GOT" { target { ! x32 } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 2 } } */
+ /* { dg-final { scan-assembler-times {\tpause} 1 } } */
+diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+index c67066c..ea00924 100644
+--- a/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
++++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-inline-7.c
+@@ -35,8 +35,8 @@ bar (int i)
+     }
+ }
+ 
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%(r|e)ax" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler {\tpause} } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-10.c b/gcc/testsuite/gcc.target/i386/ret-thunk-10.c
+index e6fea84..af9023a 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-10.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-10.c
+@@ -15,9 +15,6 @@ foo (void)
+ /* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
+ /* { dg-final { scan-assembler-times {\tpause} 2 } } */
+ /* { dg-final { scan-assembler-times {\tlfence} 2 } } */
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } }  } } */
+-/* { dg-final { scan-assembler "__x86_indirect_thunk:" { target { ! x32 } }  } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
+-/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" { target { x32 } }  } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-11.c b/gcc/testsuite/gcc.target/i386/ret-thunk-11.c
+index e239ec4..ba467c5 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-11.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-11.c
+@@ -15,9 +15,6 @@ foo (void)
+ /* { dg-final { scan-assembler-times {\tlfence} 1 } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "__x86_indirect_thunk:" { target { ! x32 } }  } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
+-/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" { target { x32 } }  } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-12.c b/gcc/testsuite/gcc.target/i386/ret-thunk-12.c
+index fa31813..43e57ca 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-12.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-12.c
+@@ -15,8 +15,6 @@ foo (void)
+ /* { dg-final { scan-assembler-times {\tlfence} 1 } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "__x86_indirect_thunk:" { target { ! x32 } }  } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
+-/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" { target { x32 } }  } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler "__x86_indirect_thunk_(r|e)ax:" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-13.c b/gcc/testsuite/gcc.target/i386/ret-thunk-13.c
+index fd5b41f..55f156c 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-13.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-13.c
+@@ -14,9 +14,8 @@ foo (void)
+ /* { dg-final { scan-assembler "jmp\[ \t\]*__x86_return_thunk" } } */
+ /* { dg-final { scan-assembler-times {\tpause} 2 } } */
+ /* { dg-final { scan-assembler-times {\tlfence} 2 } } */
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
+ /* { dg-final { scan-assembler-times "jmp\[ \t\]*\.LIND" 3 } } */
+ /* { dg-final { scan-assembler-times "call\[ \t\]*\.LIND" 3 } } */
+ /* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_indirect_thunk" } } */
+-/* { dg-final { scan-assembler-not "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler-not "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-14.c b/gcc/testsuite/gcc.target/i386/ret-thunk-14.c
+index d606373..1c79043 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-14.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-14.c
+@@ -16,7 +16,6 @@ foo (void)
+ /* { dg-final { scan-assembler-not "jmp\[ \t\]*__x86_return_thunk" } } */
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } }  } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?bar" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-15.c b/gcc/testsuite/gcc.target/i386/ret-thunk-15.c
+index 75e45e2..58aba31 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-15.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-15.c
+@@ -16,7 +16,6 @@ foo (void)
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler-times {\tpause} 1 } } */
+ /* { dg-final { scan-assembler-times {\tlfence} 1 } } */
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target x32 } } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?bar" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
+diff --git a/gcc/testsuite/gcc.target/i386/ret-thunk-9.c b/gcc/testsuite/gcc.target/i386/ret-thunk-9.c
+index d1db41c..d2df8b8 100644
+--- a/gcc/testsuite/gcc.target/i386/ret-thunk-9.c
++++ b/gcc/testsuite/gcc.target/i386/ret-thunk-9.c
+@@ -14,11 +14,8 @@ foo (void)
+ /* { dg-final { scan-assembler "jmp\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "call\[ \t\]*\.LIND" } } */
+ /* { dg-final { scan-assembler "__x86_indirect_thunk:" } } */
+-/* { dg-final { scan-assembler-times {\tpause} 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler-times {\tlfence} 1 { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler "push(?:l|q)\[ \t\]*_?bar" { target { { ! x32 } && *-*-linux* } } } } */
+-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk" { target { ! x32 } } } } */
+-/* { dg-final { scan-assembler-times {\tpause} 2 { target { x32 } } } } */
+-/* { dg-final { scan-assembler-times {\tlfence} 2 { target { x32 } } } } */
+-/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" { target { x32 } } } } */
+-/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" { target x32 } } } */
++/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*_?bar" { target *-*-linux* } } } */
++/* { dg-final { scan-assembler-times {\tpause} 2 } } */
++/* { dg-final { scan-assembler-times {\tlfence} 2 } } */
++/* { dg-final { scan-assembler "call\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler-not "pushq\[ \t\]%rax" } } */
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/gcc/gcc-6.4/backport/0013-gcc-sanitizers.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/0013-gcc-sanitizers.patch
new file mode 100644
index 0000000000..47bcd8ebd4
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/0013-gcc-sanitizers.patch
@@ -0,0 +1,90 @@
+From 0fa7102d76376b27ae4bbc10848600aac6ed71d2 Mon Sep 17 00:00:00 2001
+From: jakub <jakub@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 17 Jul 2017 19:41:08 +0000
+Subject: [PATCH] 	Backported from mainline 	2017-07-14  Jakub
+ Jelinek  <jakub@redhat.com>
+
+	PR sanitizer/81066
+	* sanitizer_common/sanitizer_linux.h: Cherry-pick upstream r307969.
+	* sanitizer_common/sanitizer_linux.cc: Likewise.
+	* sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc: Likewise.
+	* tsan/tsan_platform_linux.cc: Likewise.
+
+[Romain cherry-pick on gcc-6-branch from gcc-7-branch]
+Signed-off-by: Romain Naour <romain.naour@gmail.com>
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-7-branch@250287 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Backport
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+---
+ libsanitizer/sanitizer_common/sanitizer_linux.cc                      | 3 +--
+ libsanitizer/sanitizer_common/sanitizer_linux.h                       | 4 +---
+ libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc | 2 +-
+ libsanitizer/tsan/tsan_platform_linux.cc                              | 2 +-
+ 4 files changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/libsanitizer/sanitizer_common/sanitizer_linux.cc b/libsanitizer/sanitizer_common/sanitizer_linux.cc
+index 2cefa20..223d9c6 100644
+--- a/libsanitizer/sanitizer_common/sanitizer_linux.cc
++++ b/libsanitizer/sanitizer_common/sanitizer_linux.cc
+@@ -546,8 +546,7 @@ uptr internal_prctl(int option, uptr arg2, uptr arg3, uptr arg4, uptr arg5) {
+ }
+ #endif
+ 
+-uptr internal_sigaltstack(const struct sigaltstack *ss,
+-                         struct sigaltstack *oss) {
++uptr internal_sigaltstack(const void *ss, void *oss) {
+   return internal_syscall(SYSCALL(sigaltstack), (uptr)ss, (uptr)oss);
+ }
+ 
+diff --git a/libsanitizer/sanitizer_common/sanitizer_linux.h b/libsanitizer/sanitizer_common/sanitizer_linux.h
+index 4497702..1594058 100644
+--- a/libsanitizer/sanitizer_common/sanitizer_linux.h
++++ b/libsanitizer/sanitizer_common/sanitizer_linux.h
+@@ -19,7 +19,6 @@
+ #include "sanitizer_platform_limits_posix.h"
+ 
+ struct link_map;  // Opaque type returned by dlopen().
+-struct sigaltstack;
+ 
+ namespace __sanitizer {
+ // Dirent structure for getdents(). Note that this structure is different from
+@@ -28,8 +27,7 @@ struct linux_dirent;
+ 
+ // Syscall wrappers.
+ uptr internal_getdents(fd_t fd, struct linux_dirent *dirp, unsigned int count);
+-uptr internal_sigaltstack(const struct sigaltstack* ss,
+-                          struct sigaltstack* oss);
++uptr internal_sigaltstack(const void* ss, void* oss);
+ uptr internal_sigprocmask(int how, __sanitizer_sigset_t *set,
+     __sanitizer_sigset_t *oldset);
+ void internal_sigfillset(__sanitizer_sigset_t *set);
+diff --git a/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc b/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc
+index c919e4f..014162af 100644
+--- a/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc
++++ b/libsanitizer/sanitizer_common/sanitizer_stoptheworld_linux_libcdep.cc
+@@ -267,7 +267,7 @@ static int TracerThread(void* argument) {
+ 
+   // Alternate stack for signal handling.
+   InternalScopedBuffer<char> handler_stack_memory(kHandlerStackSize);
+-  struct sigaltstack handler_stack;
++  stack_t handler_stack;
+   internal_memset(&handler_stack, 0, sizeof(handler_stack));
+   handler_stack.ss_sp = handler_stack_memory.data();
+   handler_stack.ss_size = kHandlerStackSize;
+diff --git a/libsanitizer/tsan/tsan_platform_linux.cc b/libsanitizer/tsan/tsan_platform_linux.cc
+index 09cec5f..908f4fe 100644
+--- a/libsanitizer/tsan/tsan_platform_linux.cc
++++ b/libsanitizer/tsan/tsan_platform_linux.cc
+@@ -291,7 +291,7 @@ bool IsGlobalVar(uptr addr) {
+ int ExtractResolvFDs(void *state, int *fds, int nfd) {
+ #if SANITIZER_LINUX
+   int cnt = 0;
+-  __res_state *statp = (__res_state*)state;
++  struct __res_state *statp = (struct __res_state*)state;
+   for (int i = 0; i < MAXNS && cnt < nfd; i++) {
+     if (statp->_u._ext.nsaddrs[i] && statp->_u._ext.nssocks[i] != -1)
+       fds[cnt++] = statp->_u._ext.nssocks[i];
+-- 
+2.9.4
diff --git a/meta/recipes-devtools/gcc/gcc-6.3/CVE-2016-6131.patch b/meta/recipes-devtools/gcc/gcc-6.4/backport/CVE-2016-6131.patch
index e873cc6e85..3cdbb2d171 100644
--- a/meta/recipes-devtools/gcc/gcc-6.3/CVE-2016-6131.patch
+++ b/meta/recipes-devtools/gcc/gcc-6.4/backport/CVE-2016-6131.patch
@@ -37,35 +37,10 @@ Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
  libiberty/testsuite/demangle-expected | 18 ++++++++
  3 files changed, 108 insertions(+), 5 deletions(-)
 
-diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
-index 240138f..adf1d72 100644
---- a/libiberty/ChangeLog
-+++ b/libiberty/ChangeLog
-@@ -1,3 +1,20 @@
-+2016-08-04  Marcel Böhme  <boehme.marcel@gmail.com>
-+
-+	PR c++/71696
-+	* cplus-dem.c: Prevent infinite recursion when there is a cycle
-+	in the referencing of remembered mangled types.
-+	(work_stuff): New stack to keep track of the remembered mangled
-+	types that are currently being processed.
-+	(push_processed_type): New method to push currently processed
-+	remembered type onto the stack.
-+	(pop_processed_type): New method to pop currently processed
-+	remembered type from the stack.
-+	(work_stuff_copy_to_from): Copy values of new variables.
-+	(delete_non_B_K_work_stuff): Free stack memory.
-+	(demangle_args): Push/Pop currently processed remembered type.
-+	(do_type): Do not demangle a cyclic reference and push/pop
-+	referenced remembered type.
-+
- 2016-12-21  Release Manager
- 
- 	* GCC 6.3.0 released.
-diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c
-index 7514e57..f21e630 100644
---- a/libiberty/cplus-dem.c
-+++ b/libiberty/cplus-dem.c
+Index: gcc-6.4.0/libiberty/cplus-dem.c
+===================================================================
+--- gcc-6.4.0.orig/libiberty/cplus-dem.c
++++ gcc-6.4.0/libiberty/cplus-dem.c
 @@ -144,6 +144,9 @@ struct work_stuff
    string* previous_argument; /* The last function argument demangled.  */
    int nrepeats;         /* The number of times to repeat the previous
@@ -76,7 +51,7 @@ index 7514e57..f21e630 100644
  };
  
  #define PRINT_ANSI_QUALIFIERS (work -> options & DMGL_ANSI)
-@@ -435,6 +438,10 @@ iterate_demangle_function (struct work_stuff *,
+@@ -435,6 +438,10 @@ iterate_demangle_function (struct work_s
  
  static void remember_type (struct work_stuff *, const char *, int);
  
@@ -87,7 +62,7 @@ index 7514e57..f21e630 100644
  static void remember_Btype (struct work_stuff *, const char *, int, int);
  
  static int register_Btype (struct work_stuff *);
-@@ -1301,6 +1308,10 @@ work_stuff_copy_to_from (struct work_stuff *to, struct work_stuff *from)
+@@ -1301,6 +1308,10 @@ work_stuff_copy_to_from (struct work_stu
        memcpy (to->btypevec[i], from->btypevec[i], len);
      }
  
@@ -98,7 +73,7 @@ index 7514e57..f21e630 100644
    if (from->ntmpl_args)
      to->tmpl_argvec = XNEWVEC (char *, from->ntmpl_args);
  
-@@ -1329,11 +1340,17 @@ delete_non_B_K_work_stuff (struct work_stuff *work)
+@@ -1329,11 +1340,17 @@ delete_non_B_K_work_stuff (struct work_s
    /* Discard the remembered types, if any.  */
  
    forget_types (work);
@@ -129,7 +104,7 @@ index 7514e57..f21e630 100644
    int done;
    int success;
    string decl;
-@@ -3564,6 +3583,7 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
+@@ -3564,6 +3583,7 @@ do_type (struct work_stuff *work, const
  
    done = 0;
    success = 1;
@@ -137,7 +112,7 @@ index 7514e57..f21e630 100644
    while (success && !done)
      {
        int member;
-@@ -3616,8 +3636,15 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
+@@ -3616,8 +3636,15 @@ do_type (struct work_stuff *work, const
  	      success = 0;
  	    }
  	  else
@@ -154,7 +129,7 @@ index 7514e57..f21e630 100644
  	      mangled = &remembered_type;
  	    }
  	  break;
-@@ -3840,6 +3867,9 @@ do_type (struct work_stuff *work, const char **mangled, string *result)
+@@ -3840,6 +3867,9 @@ do_type (struct work_stuff *work, const
      string_delete (result);
    string_delete (&decl);
  
@@ -164,7 +139,7 @@ index 7514e57..f21e630 100644
    if (success)
      /* Assume an integral type, if we're not sure.  */
      return (int) ((tk == tk_none) ? tk_integral : tk);
-@@ -4252,6 +4282,41 @@ do_arg (struct work_stuff *work, const char **mangled, string *result)
+@@ -4252,6 +4282,41 @@ do_arg (struct work_stuff *work, const c
  }
  
  static void
@@ -206,7 +181,7 @@ index 7514e57..f21e630 100644
  remember_type (struct work_stuff *work, const char *start, int len)
  {
    char *tem;
-@@ -4515,10 +4580,13 @@ demangle_args (struct work_stuff *work, const char **mangled,
+@@ -4515,10 +4580,13 @@ demangle_args (struct work_stuff *work,
  		{
  		  string_append (declp, ", ");
  		}
@@ -220,11 +195,11 @@ index 7514e57..f21e630 100644
  	      if (PRINT_ARG_TYPES)
  		{
  		  string_appends (declp, &arg);
-diff --git a/libiberty/testsuite/demangle-expected b/libiberty/testsuite/demangle-expected
-index 157d2ee..8793a0b 100644
---- a/libiberty/testsuite/demangle-expected
-+++ b/libiberty/testsuite/demangle-expected
-@@ -4491,3 +4491,21 @@ void eat<int*, Foo()::{lambda(auto:1*, auto:2*)#6}>(int*&, Foo()::{lambda(auto:1
+Index: gcc-6.4.0/libiberty/testsuite/demangle-expected
+===================================================================
+--- gcc-6.4.0.orig/libiberty/testsuite/demangle-expected
++++ gcc-6.4.0/libiberty/testsuite/demangle-expected
+@@ -4491,3 +4491,21 @@ void eat<int*, Foo()::{lambda(auto:1*, a
  
  _Z3eatIPiZ3BarIsEvvEUlPsPT_PT0_E0_EvRS3_RS5_
  void eat<int*, void Bar<short>()::{lambda(short*, auto:1*, auto:2*)#2}>(int*&, void Bar<short>()::{lambda(short*, auto:1*, auto:2*)#2}&)
@@ -246,6 +221,3 @@ index 157d2ee..8793a0b 100644
 +
 +__10%0__S4_0T0T0
 +%0<>::%0(%0<>)
--- 
-2.9.3
-
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0001-PR-rtl-optimization-81803.patch b/meta/recipes-devtools/gcc/gcc-7.2/0001-PR-rtl-optimization-81803.patch
deleted file mode 100644
index 292e734a2f..0000000000
--- a/meta/recipes-devtools/gcc/gcc-7.2/0001-PR-rtl-optimization-81803.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 5cbb8e6b1122092b3eaabd4270b2f316aa40407c Mon Sep 17 00:00:00 2001
-From: ebotcazou <ebotcazou@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Tue, 31 Oct 2017 18:27:52 +0000
-Subject: [PATCH] 	PR rtl-optimization/81803 	* lra-constraints.c
- (curr_insn_transform): Also reload the whole 	register for a strict subreg
- no wider than a word if this is for 	a WORD_REGISTER_OPERATIONS target.
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@254275 138bc75d-0d04-0410-961f-82ee72b054a4
-
-Upstream-Status: Backport
-
-This patch removes changes to Changelog from the original patch upstream. This is
-because we are backporting a patch to a stable version, making changes to Changelog,
-especially up '* GCC 7.2.0 released.', feels a little weird.
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- gcc/lra-constraints.c | 11 ++++++++---
- 2 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/gcc/lra-constraints.c b/gcc/lra-constraints.c
-index a423f069836..3758409bb9c 100644
---- a/gcc/lra-constraints.c
-+++ b/gcc/lra-constraints.c
-@@ -4207,8 +4207,9 @@ curr_insn_transform (bool check_only_p)
- 	      reg = SUBREG_REG (*loc);
- 	      byte = SUBREG_BYTE (*loc);
- 	      if (REG_P (reg)
--		  /* Strict_low_part requires reload the register not
--		     the sub-register.	*/
-+		  /* Strict_low_part requires reloading the register and not
-+		     just the subreg.  Likewise for a strict subreg no wider
-+		     than a word for WORD_REGISTER_OPERATIONS targets.  */
- 		  && (curr_static_id->operand[i].strict_low
- 		      || (!paradoxical_subreg_p (mode, GET_MODE (reg))
- 			  && (hard_regno
-@@ -4219,7 +4220,11 @@ curr_insn_transform (bool check_only_p)
- 			  && (goal_alt[i] == NO_REGS
- 			      || (simplify_subreg_regno
- 				  (ira_class_hard_regs[goal_alt[i]][0],
--				   GET_MODE (reg), byte, mode) >= 0)))))
-+				   GET_MODE (reg), byte, mode) >= 0)))
-+		      || (GET_MODE_PRECISION (mode)
-+			  < GET_MODE_PRECISION (GET_MODE (reg))
-+			  && GET_MODE_SIZE (GET_MODE (reg)) <= UNITS_PER_WORD
-+			  && WORD_REGISTER_OPERATIONS)))
- 		{
- 		  /* An OP_INOUT is required when reloading a subreg of a
- 		     mode wider than a word to ensure that data beyond the
--- 
-2.13.0
-
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0046-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch b/meta/recipes-devtools/gcc/gcc-7.2/0046-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch
deleted file mode 100644
index f6b2829364..0000000000
--- a/meta/recipes-devtools/gcc/gcc-7.2/0046-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From c7bce03a625fe2215a13f520850604178103ddd7 Mon Sep 17 00:00:00 2001
-From: Szabolcs Nagy <nsz@port70.net>
-Date: Sat, 24 Oct 2015 20:09:53 +0000
-Subject: [PATCH 46/47] libgcc_s: Use alias for __cpu_indicator_init instead of
- symver
-
-Adapter from
-
-https://gcc.gnu.org/ml/gcc-patches/2015-05/msg00899.html
-
-This fix was debated but hasnt been applied gcc upstream since
-they expect musl to support '@' in symbol versioning which is
-a sun/gnu versioning extention. This patch however avoids the
-need for the '@' symbols at all
-
-libgcc/Changelog:
-
-2015-05-11  Szabolcs Nagy  <szabolcs.nagy@arm.com>
-
-	* config/i386/cpuinfo.c (__cpu_indicator_init_local): Add.
-	(__cpu_indicator_init@GCC_4.8.0, __cpu_model@GCC_4.8.0): Remove.
-
-	* config/i386/t-linux (HOST_LIBGCC2_CFLAGS): Remove -DUSE_ELF_SYMVER.
-
-gcc/Changelog:
-
-2015-05-11  Szabolcs Nagy  <szabolcs.nagy@arm.com>
-
-	* config/i386/i386.c (ix86_expand_builtin): Make __builtin_cpu_init
-	call __cpu_indicator_init_local instead of __cpu_indicator_init.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- gcc/config/i386/i386.c       | 4 ++--
- libgcc/config/i386/cpuinfo.c | 6 +++---
- libgcc/config/i386/t-linux   | 2 +-
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
-index dec3aee0048..0452dcfcb8d 100644
---- a/gcc/config/i386/i386.c
-+++ b/gcc/config/i386/i386.c
-@@ -36918,10 +36918,10 @@ ix86_expand_builtin (tree exp, rtx target, rtx subtarget,
-     {
-     case IX86_BUILTIN_CPU_INIT:
-       {
--	/* Make it call __cpu_indicator_init in libgcc. */
-+	/* Make it call __cpu_indicator_init_local in libgcc.a. */
- 	tree call_expr, fndecl, type;
-         type = build_function_type_list (integer_type_node, NULL_TREE); 
--	fndecl = build_fn_decl ("__cpu_indicator_init", type);
-+	fndecl = build_fn_decl ("__cpu_indicator_init_local", type);
- 	call_expr = build_call_expr (fndecl, 0); 
- 	return expand_expr (call_expr, target, mode, EXPAND_NORMAL);
-       }
-diff --git a/libgcc/config/i386/cpuinfo.c b/libgcc/config/i386/cpuinfo.c
-index a1dc011525f..dac5e889abf 100644
---- a/libgcc/config/i386/cpuinfo.c
-+++ b/libgcc/config/i386/cpuinfo.c
-@@ -391,7 +391,7 @@ __cpu_indicator_init (void)
-   return 0;
- }
- 
--#if defined SHARED && defined USE_ELF_SYMVER
--__asm__ (".symver __cpu_indicator_init, __cpu_indicator_init@GCC_4.8.0");
--__asm__ (".symver __cpu_model, __cpu_model@GCC_4.8.0");
-+#ifndef SHARED
-+int __cpu_indicator_init_local (void)
-+  __attribute__ ((weak, alias ("__cpu_indicator_init")));
- #endif
-diff --git a/libgcc/config/i386/t-linux b/libgcc/config/i386/t-linux
-index 11bb46e0ee4..4f47f7bfa59 100644
---- a/libgcc/config/i386/t-linux
-+++ b/libgcc/config/i386/t-linux
-@@ -3,4 +3,4 @@
- # t-slibgcc-elf-ver and t-linux
- SHLIB_MAPFILES = libgcc-std.ver $(srcdir)/config/i386/libgcc-glibc.ver
- 
--HOST_LIBGCC2_CFLAGS += -mlong-double-80 -DUSE_ELF_SYMVER
-+HOST_LIBGCC2_CFLAGS += -mlong-double-80
--- 
-2.12.2
-
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0048-gcc-Enable-static-PIE.patch b/meta/recipes-devtools/gcc/gcc-7.2/0048-gcc-Enable-static-PIE.patch
deleted file mode 100644
index 879e360cf3..0000000000
--- a/meta/recipes-devtools/gcc/gcc-7.2/0048-gcc-Enable-static-PIE.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 44ef80688b56beea85c0070840dea1e2a4e34aed Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 13 Jun 2017 12:12:52 -0700
-Subject: [PATCH 49/49] gcc: Enable static PIE
-
-Static PIE support in GCC
-see
-https://gcc.gnu.org/ml/gcc/2015-06/msg00008.html
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- gcc/config/gnu-user.h | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/gcc/config/gnu-user.h b/gcc/config/gnu-user.h
-index 2787a3d16be..ee7b781319e 100644
---- a/gcc/config/gnu-user.h
-+++ b/gcc/config/gnu-user.h
-@@ -51,10 +51,10 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
- #if defined HAVE_LD_PIE
- #define GNU_USER_TARGET_STARTFILE_SPEC \
-   "%{!shared: %{pg|p|profile:gcrt1.o%s;: \
--    %{" PIE_SPEC ":Scrt1.o%s} %{" NO_PIE_SPEC ":crt1.o%s}}} \
--   crti.o%s %{static:crtbeginT.o%s;: %{shared:crtbeginS.o%s} \
-+    %{" PIE_SPEC ":%{static:rcrt1.o%s;:Scrt1.o%s}} %{" NO_PIE_SPEC ":crt1.o%s}}} \
-+   crti.o%s %{shared:crtbeginS.o%s;: \
- 	      %{" PIE_SPEC ":crtbeginS.o%s} \
--	      %{" NO_PIE_SPEC ":crtbegin.o%s}} \
-+	      %{" NO_PIE_SPEC ":%{static:crtbeginT.o%s;:crtbegin.o%s}}} \
-    %{fvtable-verify=none:%s; \
-      fvtable-verify=preinit:vtv_start_preinit.o%s; \
-      fvtable-verify=std:vtv_start.o%s} \
--- 
-2.13.1
-
diff --git a/meta/recipes-devtools/gcc/gcc-7.2.inc b/meta/recipes-devtools/gcc/gcc-7.3.inc
index 1d40cba731..2dc3db8579 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-7.3.inc
@@ -2,13 +2,13 @@ require gcc-common.inc
 
 # Third digit in PV should be incremented after a minor release
 
-PV = "7.2.0"
+PV = "7.3.0"
 
 # BINV should be incremented to a revision after a minor gcc release
 
-BINV = "7.2.0"
+BINV = "7.3.0"
 
-FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-7.2:${FILE_DIRNAME}/gcc-7.2/backport:"
+FILESEXTRAPATHS =. "${FILE_DIRNAME}/gcc-7.3:${FILE_DIRNAME}/gcc-7.3/backport:"
 
 DEPENDS =+ "mpfr gmp libmpc zlib"
 NATIVEDEPS = "mpfr-native gmp-native libmpc-native zlib-native"
@@ -70,19 +70,19 @@ SRC_URI = "\
            file://0043-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch \
            file://0044-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch \
            file://0045-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch \
-           file://0046-libgcc_s-Use-alias-for-__cpu_indicator_init-instead-.patch \
            file://0047-sync-gcc-stddef.h-with-musl.patch \
            file://0048-gcc-Enable-static-PIE.patch \
            file://fix-segmentation-fault-precompiled-hdr.patch \
            file://0050-RISC-V-Handle-non-legitimate-address-in-riscv_legiti.patch \
+           file://no-sse-fix-test-case-failures.patch \
            ${BACKPORTS} \
 "
 BACKPORTS = "\
-           file://0051-ARM-PR-82445-suppress-32-bit-aligned-ldrd-strd-peeph.patch \
-           file://0001-PR-rtl-optimization-81803.patch \
+           file://0001-Fix-internal-compiler-error-in-testcase.patch \
 "
-SRC_URI[md5sum] = "ff370482573133a7fcdd96cd2f552292"
-SRC_URI[sha256sum] = "1cf7adf8ff4b5aa49041c8734bbcf1ad18cc4c94d0029aae0f4e48841088479a"
+
+SRC_URI[md5sum] = "be2da21680f27624f3a87055c4ba5af2"
+SRC_URI[sha256sum] = "832ca6ae04636adbb430e865a1451adf6979ab44ca1c8374f61fba65645ce15c"
 
 S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
 #S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/git"
diff --git a/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-internal-compiler-error-in-testcase.patch b/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-internal-compiler-error-in-testcase.patch
new file mode 100644
index 0000000000..45cc0eeecd
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0001-Fix-internal-compiler-error-in-testcase.patch
@@ -0,0 +1,212 @@
+From d3cdd96a300f9003a1cc242541605169aacdc811 Mon Sep 17 00:00:00 2001
+From: willschm <willschm@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Mon, 25 Sep 2017 14:35:02 +0000
+Subject: [PATCH] [gcc]
+
+2017-09-25  Will Schmidt  <will_schmidt@vnet.ibm.com>
+
+	* config/rs6000/rs6000.c (rs6000_gimple_fold_builtin): Add handling
+	for early folding of vector stores (ALTIVEC_BUILTIN_ST_*).
+	(rs6000_builtin_valid_without_lhs): New helper function.
+	* config/rs6000/rs6000-c.c (altivec_resolve_overloaded_builtin):
+	Remove obsoleted code for handling ALTIVEC_BUILTIN_VEC_ST.
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@253152 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Fix internal compiler error for testcase gcc.dg/vmx/7d-02.c
+
+Upstream commit: d3cdd96a300f9003a1cc242541605169aacdc811
+
+Backport by Kaushik Phatak <Kaushik.Phatak@kpit.com>
+
+This patch removes changes to Changelog from the original upstream patch.
+This will help us avoid conflicts.
+
+Upstream-Status: Backport
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+---
+ gcc/ChangeLog                |  8 +++++
+ gcc/config/rs6000/rs6000-c.c | 72 -------------------------------------------
+ gcc/config/rs6000/rs6000.c   | 73 ++++++++++++++++++++++++++++++++++++++++++--
+ 3 files changed, 78 insertions(+), 75 deletions(-)
+
+diff --git a/gcc/config/rs6000/rs6000-c.c b/gcc/config/rs6000/rs6000-c.c
+index a49db97..4a363a1 100644
+--- a/gcc/config/rs6000/rs6000-c.c
++++ b/gcc/config/rs6000/rs6000-c.c
+@@ -6279,70 +6279,6 @@ altivec_resolve_overloaded_builtin (loca
+ 	}
+     }
+ 
+-  /* Similarly for stvx.  */
+-  if (fcode == ALTIVEC_BUILTIN_VEC_ST
+-      && (BYTES_BIG_ENDIAN || !VECTOR_ELT_ORDER_BIG)
+-      && nargs == 3)
+-    {
+-      tree arg0 = (*arglist)[0];
+-      tree arg1 = (*arglist)[1];
+-      tree arg2 = (*arglist)[2];
+-
+-      /* Construct the masked address.  Let existing error handling take
+-	 over if we don't have a constant offset.  */
+-      arg1 = fold (arg1);
+-
+-      if (TREE_CODE (arg1) == INTEGER_CST)
+-	{
+-	  if (!ptrofftype_p (TREE_TYPE (arg1)))
+-	    arg1 = build1 (NOP_EXPR, sizetype, arg1);
+-
+-	  tree arg2_type = TREE_TYPE (arg2);
+-	  if (TREE_CODE (arg2_type) == ARRAY_TYPE && c_dialect_cxx ())
+-	    {
+-	      /* Force array-to-pointer decay for C++.  */
+-	      arg2 = default_conversion (arg2);
+-	      arg2_type = TREE_TYPE (arg2);
+-	    }
+-
+-	  /* Find the built-in to make sure a compatible one exists; if not
+-	     we fall back to default handling to get the error message.  */
+-	  for (desc = altivec_overloaded_builtins;
+-	       desc->code && desc->code != fcode; desc++)
+-	    continue;
+-
+-	  for (; desc->code == fcode; desc++)
+-	    if (rs6000_builtin_type_compatible (TREE_TYPE (arg0), desc->op1)
+-		&& rs6000_builtin_type_compatible (TREE_TYPE (arg1), desc->op2)
+-		&& rs6000_builtin_type_compatible (TREE_TYPE (arg2),
+-						   desc->op3))
+-	      {
+-		tree addr = fold_build2_loc (loc, POINTER_PLUS_EXPR, arg2_type,
+-					     arg2, arg1);
+-		tree aligned
+-		  = fold_build2_loc (loc, BIT_AND_EXPR, arg2_type,
+-				     addr, build_int_cst (arg2_type, -16));
+-
+-		tree arg0_type = TREE_TYPE (arg0);
+-		if (TYPE_MODE (arg0_type) == V2DImode)
+-		  /* Type-based aliasing analysis thinks vector long
+-		     and vector long long are different and will put them
+-		     in distinct alias classes.  Force our address type
+-		     to be a may-alias type to avoid this.  */
+-		  arg0_type
+-		    = build_pointer_type_for_mode (arg0_type, Pmode,
+-						   true/*can_alias_all*/);
+-		else
+-		  arg0_type = build_pointer_type (arg0_type);
+-		aligned = build1 (NOP_EXPR, arg0_type, aligned);
+-		tree stg = build_indirect_ref (loc, aligned, RO_NULL);
+-		tree retval = build2 (MODIFY_EXPR, TREE_TYPE (stg), stg,
+-				      convert (TREE_TYPE (stg), arg0));
+-		return retval;
+-	      }
+-	}
+-    }
+-
+   for (n = 0;
+        !VOID_TYPE_P (TREE_VALUE (fnargs)) && n < nargs;
+        fnargs = TREE_CHAIN (fnargs), n++)
+diff --git a/gcc/config/rs6000/rs6000.c b/gcc/config/rs6000/rs6000.c
+index a49db97..4a363a1 100644
+--- a/gcc/config/rs6000/rs6000.c
++++ b/gcc/config/rs6000/rs6000.c
+@@ -55,6 +55,7 @@
+ #include "reload.h"
+ #include "sched-int.h"
+ #include "gimplify.h"
++#include "gimple-fold.h"
+ #include "gimple-iterator.h"
+ #include "gimple-ssa.h"
+ #include "gimple-walk.h"
+@@ -17089,6 +17090,25 @@ rs6000_fold_builtin (tree fndecl, int n_
+ #endif
+ }
+ 
++/*  Helper function to sort out which built-ins may be valid without having
++    a LHS.  */
++bool
++rs6000_builtin_valid_without_lhs (enum rs6000_builtins fn_code)
++{
++  switch (fn_code)
++    {
++    case ALTIVEC_BUILTIN_STVX_V16QI:
++    case ALTIVEC_BUILTIN_STVX_V8HI:
++    case ALTIVEC_BUILTIN_STVX_V4SI:
++    case ALTIVEC_BUILTIN_STVX_V4SF:
++    case ALTIVEC_BUILTIN_STVX_V2DI:
++    case ALTIVEC_BUILTIN_STVX_V2DF:
++      return true;
++    default:
++      return false;
++    }
++}
++
+ /* Fold a machine-dependent built-in in GIMPLE.  (For folding into
+    a constant, use rs6000_fold_builtin.)  */
+ 
+@@ -17102,6 +17122,10 @@ rs6000_gimple_fold_builtin (gimple_stmt_
+     = (enum rs6000_builtins) DECL_FUNCTION_CODE (fndecl);
+   tree arg0, arg1, lhs;
+ 
++  /* Prevent gimple folding for code that does not have a LHS, unless it is
++     allowed per the rs6000_builtin_valid_without_lhs helper function.  */
++  if (!gimple_call_lhs (stmt) && !rs6000_builtin_valid_without_lhs (fn_code))
++     return false;
+   switch (fn_code)
+     {
+     /* Flavors of vec_add.  We deliberately don't expand
+@@ -17169,6 +17193,54 @@ rs6000_gimple_fold_builtin (gimple_stmt_
+ 	gsi_replace (gsi, g, true);
+ 	return true;
+       }
++    /* Vector stores.  */
++    case ALTIVEC_BUILTIN_STVX_V16QI:
++    case ALTIVEC_BUILTIN_STVX_V8HI:
++    case ALTIVEC_BUILTIN_STVX_V4SI:
++    case ALTIVEC_BUILTIN_STVX_V4SF:
++    case ALTIVEC_BUILTIN_STVX_V2DI:
++    case ALTIVEC_BUILTIN_STVX_V2DF:
++      {
++	 /* Do not fold for -maltivec=be on LE targets.  */
++	 if (VECTOR_ELT_ORDER_BIG && !BYTES_BIG_ENDIAN)
++	    return false;
++	 arg0 = gimple_call_arg (stmt, 0); /* Value to be stored.  */
++	 arg1 = gimple_call_arg (stmt, 1); /* Offset.  */
++	 tree arg2 = gimple_call_arg (stmt, 2); /* Store-to address.  */
++	 location_t loc = gimple_location (stmt);
++	 tree arg0_type = TREE_TYPE (arg0);
++	 /* Use ptr_type_node (no TBAA) for the arg2_type.
++	  FIXME: (Richard)  "A proper fix would be to transition this type as
++	  seen from the frontend to GIMPLE, for example in a similar way we
++	  do for MEM_REFs by piggy-backing that on an extra argument, a
++	  constant zero pointer of the alias pointer type to use (which would
++	  also serve as a type indicator of the store itself).  I'd use a
++	  target specific internal function for this (not sure if we can have
++	  those target specific, but I guess if it's folded away then that's
++	  fine) and get away with the overload set."
++	  */
++	 tree arg2_type = ptr_type_node;
++	 /* POINTER_PLUS_EXPR wants the offset to be of type 'sizetype'.  Create
++	    the tree using the value from arg0.  The resulting type will match
++	    the type of arg2.  */
++	 gimple_seq stmts = NULL;
++	 tree temp_offset = gimple_convert (&stmts, loc, sizetype, arg1);
++	 tree temp_addr = gimple_build (&stmts, loc, POINTER_PLUS_EXPR,
++				       arg2_type, arg2, temp_offset);
++	 /* Mask off any lower bits from the address.  */
++	 tree aligned_addr = gimple_build (&stmts, loc, BIT_AND_EXPR,
++					  arg2_type, temp_addr,
++					  build_int_cst (arg2_type, -16));
++	 gsi_insert_seq_before (gsi, stmts, GSI_SAME_STMT);
++	/* The desired gimple result should be similar to:
++	 MEM[(__vector floatD.1407 *)_1] = vf1D.2697;  */
++	 gimple *g;
++	 g = gimple_build_assign (build2 (MEM_REF, arg0_type, aligned_addr,
++					   build_int_cst (arg2_type, 0)), arg0);
++	 gimple_set_location (g, loc);
++	 gsi_replace (gsi, g, true);
++	 return true;
++      }
+ 
+     default:
+       break;
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch b/meta/recipes-devtools/gcc/gcc-7.3/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch
index 1af1c74e61..1af1c74e61 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0001-gcc-4.3.1-ARCH_FLAGS_FOR_TARGET.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0008-c99-snprintf.patch b/meta/recipes-devtools/gcc/gcc-7.3/0008-c99-snprintf.patch
index ebd562b63f..ebd562b63f 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0008-c99-snprintf.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0008-c99-snprintf.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0009-gcc-poison-system-directories.patch b/meta/recipes-devtools/gcc/gcc-7.3/0009-gcc-poison-system-directories.patch
index 4d4e987ca5..fe13ed6e2d 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0009-gcc-poison-system-directories.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0009-gcc-poison-system-directories.patch
@@ -138,16 +138,16 @@ index 68a558e9992..060cd7169c6 100644
  @opindex Wfloat-equal
  @opindex Wno-float-equal
 diff --git a/gcc/gcc.c b/gcc/gcc.c
-index 120c5c0792a..6315aa0dd16 100644
+index c48178f..f63d53d 100644
 --- a/gcc/gcc.c
 +++ b/gcc/gcc.c
-@@ -1035,6 +1035,8 @@ proper position among the other output files.  */
+@@ -1029,6 +1029,8 @@ proper position among the other output files.  */
     "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
     "%X %{o*} %{e*} %{N} %{n} %{r}\
      %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} \
 +    %{Wno-poison-system-directories:--no-poison-system-directories} \
 +    %{Werror=poison-system-directories:--error-poison-system-directories} \
-     %{static:} %{L*} %(mfwrap) %(link_libgcc) " \
+     %{static|no-pie:} %{L*} %(mfwrap) %(link_libgcc) " \
      VTABLE_VERIFICATION_SPEC " " SANITIZER_EARLY_SPEC " %o " CHKP_SPEC " \
      %{fopenacc|fopenmp|%:gt(%{ftree-parallelize-loops=*:%*} 1):\
 diff --git a/gcc/incpath.c b/gcc/incpath.c
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0010-gcc-poison-dir-extend.patch b/meta/recipes-devtools/gcc/gcc-7.3/0010-gcc-poison-dir-extend.patch
index 4e06aa2f6a..4e06aa2f6a 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0010-gcc-poison-dir-extend.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0010-gcc-poison-dir-extend.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0011-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch b/meta/recipes-devtools/gcc/gcc-7.3/0011-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch
index b39ff1ec22..b39ff1ec22 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0011-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0011-gcc-4.3.3-SYSROOT_CFLAGS_FOR_TARGET.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0012-64-bit-multilib-hack.patch b/meta/recipes-devtools/gcc/gcc-7.3/0012-64-bit-multilib-hack.patch
index f3b39120b7..f3b39120b7 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0012-64-bit-multilib-hack.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0012-64-bit-multilib-hack.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0013-optional-libstdc.patch b/meta/recipes-devtools/gcc/gcc-7.3/0013-optional-libstdc.patch
index 3439bf67d0..3439bf67d0 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0013-optional-libstdc.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0013-optional-libstdc.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0014-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch b/meta/recipes-devtools/gcc/gcc-7.3/0014-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch
index f92b5fbaaf..f92b5fbaaf 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0014-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0014-gcc-disable-MASK_RELAX_PIC_CALLS-bit.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0015-COLLECT_GCC_OPTIONS.patch b/meta/recipes-devtools/gcc/gcc-7.3/0015-COLLECT_GCC_OPTIONS.patch
index 6e62945e55..6e62945e55 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0015-COLLECT_GCC_OPTIONS.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0015-COLLECT_GCC_OPTIONS.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0016-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch b/meta/recipes-devtools/gcc/gcc-7.3/0016-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch
index 1991251c27..1991251c27 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0016-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0016-Use-the-defaults.h-in-B-instead-of-S-and-t-oe-in-B.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0017-fortran-cross-compile-hack.patch b/meta/recipes-devtools/gcc/gcc-7.3/0017-fortran-cross-compile-hack.patch
index e2830c59d0..e2830c59d0 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0017-fortran-cross-compile-hack.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0017-fortran-cross-compile-hack.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0018-cpp-honor-sysroot.patch b/meta/recipes-devtools/gcc/gcc-7.3/0018-cpp-honor-sysroot.patch
index 555907417a..555907417a 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0018-cpp-honor-sysroot.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0018-cpp-honor-sysroot.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0019-MIPS64-Default-to-N64-ABI.patch b/meta/recipes-devtools/gcc/gcc-7.3/0019-MIPS64-Default-to-N64-ABI.patch
index 742a4012a5..742a4012a5 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0019-MIPS64-Default-to-N64-ABI.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0019-MIPS64-Default-to-N64-ABI.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0020-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch b/meta/recipes-devtools/gcc/gcc-7.3/0020-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
index de7b4df572..de7b4df572 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0020-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0020-Define-GLIBC_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0021-gcc-Fix-argument-list-too-long-error.patch b/meta/recipes-devtools/gcc/gcc-7.3/0021-gcc-Fix-argument-list-too-long-error.patch
index 4e562144e3..4e562144e3 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0021-gcc-Fix-argument-list-too-long-error.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0021-gcc-Fix-argument-list-too-long-error.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0022-Disable-sdt.patch b/meta/recipes-devtools/gcc/gcc-7.3/0022-Disable-sdt.patch
index 871f195c94..871f195c94 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0022-Disable-sdt.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0022-Disable-sdt.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0023-libtool.patch b/meta/recipes-devtools/gcc/gcc-7.3/0023-libtool.patch
index 27dfb1fdd1..27dfb1fdd1 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0023-libtool.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0023-libtool.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0024-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch b/meta/recipes-devtools/gcc/gcc-7.3/0024-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
index aa1e1bb8b1..aa1e1bb8b1 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0024-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0024-gcc-armv4-pass-fix-v4bx-to-linker-to-support-EABI.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0025-Use-the-multilib-config-files-from-B-instead-of-usin.patch b/meta/recipes-devtools/gcc/gcc-7.3/0025-Use-the-multilib-config-files-from-B-instead-of-usin.patch
index b234132317..b234132317 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0025-Use-the-multilib-config-files-from-B-instead-of-usin.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0025-Use-the-multilib-config-files-from-B-instead-of-usin.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0026-Avoid-using-libdir-from-.la-which-usually-points-to-.patch b/meta/recipes-devtools/gcc/gcc-7.3/0026-Avoid-using-libdir-from-.la-which-usually-points-to-.patch
index fe24713474..fe24713474 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0026-Avoid-using-libdir-from-.la-which-usually-points-to-.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0026-Avoid-using-libdir-from-.la-which-usually-points-to-.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0027-export-CPP.patch b/meta/recipes-devtools/gcc/gcc-7.3/0027-export-CPP.patch
index 4f9e1f0b2e..4f9e1f0b2e 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0027-export-CPP.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0027-export-CPP.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0028-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch b/meta/recipes-devtools/gcc/gcc-7.3/0028-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch
index b903349d5d..b903349d5d 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0028-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0028-Enable-SPE-AltiVec-generation-on-powepc-linux-target.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0029-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch b/meta/recipes-devtools/gcc/gcc-7.3/0029-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch
index 7306a282b5..7306a282b5 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0029-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0029-Disable-the-MULTILIB_OSDIRNAMES-and-other-multilib-o.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0030-Ensure-target-gcc-headers-can-be-included.patch b/meta/recipes-devtools/gcc/gcc-7.3/0030-Ensure-target-gcc-headers-can-be-included.patch
index 568ba95ea6..568ba95ea6 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0030-Ensure-target-gcc-headers-can-be-included.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0030-Ensure-target-gcc-headers-can-be-included.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0031-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch b/meta/recipes-devtools/gcc/gcc-7.3/0031-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch
index 0184010f04..0184010f04 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0031-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0031-gcc-4.8-won-t-build-with-disable-dependency-tracking.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0032-Don-t-search-host-directory-during-relink-if-inst_pr.patch b/meta/recipes-devtools/gcc/gcc-7.3/0032-Don-t-search-host-directory-during-relink-if-inst_pr.patch
index e8905f5255..e8905f5255 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0032-Don-t-search-host-directory-during-relink-if-inst_pr.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0032-Don-t-search-host-directory-during-relink-if-inst_pr.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0033-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch b/meta/recipes-devtools/gcc/gcc-7.3/0033-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch
index c0b8df3e71..c0b8df3e71 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0033-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0033-Use-SYSTEMLIBS_DIR-replacement-instead-of-hardcoding.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0034-aarch64-Add-support-for-musl-ldso.patch b/meta/recipes-devtools/gcc/gcc-7.3/0034-aarch64-Add-support-for-musl-ldso.patch
index 7d866d9064..7d866d9064 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0034-aarch64-Add-support-for-musl-ldso.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0034-aarch64-Add-support-for-musl-ldso.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0035-libcc1-fix-libcc1-s-install-path-and-rpath.patch b/meta/recipes-devtools/gcc/gcc-7.3/0035-libcc1-fix-libcc1-s-install-path-and-rpath.patch
index e2c1956d1d..e2c1956d1d 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0035-libcc1-fix-libcc1-s-install-path-and-rpath.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0035-libcc1-fix-libcc1-s-install-path-and-rpath.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0036-handle-sysroot-support-for-nativesdk-gcc.patch b/meta/recipes-devtools/gcc/gcc-7.3/0036-handle-sysroot-support-for-nativesdk-gcc.patch
index aa0b108275..aa0b108275 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0036-handle-sysroot-support-for-nativesdk-gcc.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0036-handle-sysroot-support-for-nativesdk-gcc.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0037-Search-target-sysroot-gcc-version-specific-dirs-with.patch b/meta/recipes-devtools/gcc/gcc-7.3/0037-Search-target-sysroot-gcc-version-specific-dirs-with.patch
index 6c85a03f44..6c85a03f44 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0037-Search-target-sysroot-gcc-version-specific-dirs-with.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0037-Search-target-sysroot-gcc-version-specific-dirs-with.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0038-Fix-various-_FOR_BUILD-and-related-variables.patch b/meta/recipes-devtools/gcc/gcc-7.3/0038-Fix-various-_FOR_BUILD-and-related-variables.patch
index a226d10d06..a226d10d06 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0038-Fix-various-_FOR_BUILD-and-related-variables.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0038-Fix-various-_FOR_BUILD-and-related-variables.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0039-nios2-Define-MUSL_DYNAMIC_LINKER.patch b/meta/recipes-devtools/gcc/gcc-7.3/0039-nios2-Define-MUSL_DYNAMIC_LINKER.patch
index a7aeccdf03..a7aeccdf03 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0039-nios2-Define-MUSL_DYNAMIC_LINKER.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0039-nios2-Define-MUSL_DYNAMIC_LINKER.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.3/0040-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch b/meta/recipes-devtools/gcc/gcc-7.3/0040-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
new file mode 100644
index 0000000000..29b7ce72d2
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0040-Add-ssp_nonshared-to-link-commandline-for-musl-targe.patch
@@ -0,0 +1,87 @@
+From 210f6b3b82084cc756e02b8bc12f909a43b14ee8 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 27 Jun 2017 18:10:54 -0700
+Subject: [PATCH 40/49] Add ssp_nonshared to link commandline for musl targets
+
+when -fstack-protector options are enabled we need to
+link with ssp_shared on musl since it does not provide
+the __stack_chk_fail_local() so essentially it provides
+libssp but not libssp_nonshared something like
+TARGET_LIBC_PROVIDES_SSP_BUT_NOT_SSP_NONSHARED
+ where-as for glibc the needed symbols
+are already present in libc_nonshared library therefore
+we do not need any library helper on glibc based systems
+but musl needs the libssp_noshared from gcc
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gcc/config/linux.h          |  7 +++++++
+ gcc/config/rs6000/linux.h   | 10 ++++++++++
+ gcc/config/rs6000/linux64.h | 10 ++++++++++
+ 3 files changed, 27 insertions(+)
+
+diff --git a/gcc/config/linux.h b/gcc/config/linux.h
+index 2e683d0c430..1b4df798671 100644
+--- a/gcc/config/linux.h
++++ b/gcc/config/linux.h
+@@ -182,6 +182,13 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
+     { GCC_INCLUDE_DIR, "GCC", 0, 1, 0, 0 },		\
+     { 0, 0, 0, 0, 0, 0 }				\
+   }
++#ifdef TARGET_LIBC_PROVIDES_SSP
++#undef LINK_SSP_SPEC
++#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
++		       "|fstack-protector-strong|fstack-protector-explicit" \
++		       ":-lssp_nonshared}"
++#endif
++
+ #endif
+ 
+ #if (DEFAULT_LIBC == LIBC_UCLIBC) && defined (SINGLE_LIBC) /* uClinux */
+diff --git a/gcc/config/rs6000/linux.h b/gcc/config/rs6000/linux.h
+index 684afd6c190..22cfa391b89 100644
+--- a/gcc/config/rs6000/linux.h
++++ b/gcc/config/rs6000/linux.h
+@@ -91,6 +91,16 @@
+ 					 " -m elf32ppclinux")
+ #endif
+ 
++/* link libssp_nonshared.a with musl */
++#if DEFAULT_LIBC == LIBC_MUSL
++#ifdef TARGET_LIBC_PROVIDES_SSP
++#undef LINK_SSP_SPEC
++#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
++		       "|fstack-protector-strong|fstack-protector-explicit" \
++		       ":-lssp_nonshared}"
++#endif
++#endif
++
+ #undef LINK_OS_LINUX_SPEC
+ #define LINK_OS_LINUX_SPEC LINK_OS_LINUX_EMUL " %{!shared: %{!static: \
+   %{rdynamic:-export-dynamic} \
+diff --git a/gcc/config/rs6000/linux64.h b/gcc/config/rs6000/linux64.h
+index 3b00ec0fcf0..8371f8d7b6b 100644
+--- a/gcc/config/rs6000/linux64.h
++++ b/gcc/config/rs6000/linux64.h
+@@ -465,6 +465,16 @@ extern int dot_symbols;
+ 					   " -m elf64ppc")
+ #endif
+ 
++/* link libssp_nonshared.a with musl */
++#if DEFAULT_LIBC == LIBC_MUSL
++#ifdef TARGET_LIBC_PROVIDES_SSP
++#undef LINK_SSP_SPEC
++#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
++		       "|fstack-protector-strong|fstack-protector-explicit" \
++		       ":-lssp_nonshared}"
++#endif
++#endif
++
+ #define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " %{!shared: %{!static: \
+   %{rdynamic:-export-dynamic} \
+   -dynamic-linker " GNU_USER_DYNAMIC_LINKER32 "}} \
+-- 
+2.13.2
+
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0041-gcc-libcpp-support-ffile-prefix-map-old-new.patch b/meta/recipes-devtools/gcc/gcc-7.3/0041-gcc-libcpp-support-ffile-prefix-map-old-new.patch
index 5260e363d2..5260e363d2 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0041-gcc-libcpp-support-ffile-prefix-map-old-new.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0041-gcc-libcpp-support-ffile-prefix-map-old-new.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0042-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch b/meta/recipes-devtools/gcc/gcc-7.3/0042-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch
index 524716790f..524716790f 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0042-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0042-Reuse-fdebug-prefix-map-to-replace-ffile-prefix-map.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0043-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch b/meta/recipes-devtools/gcc/gcc-7.3/0043-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch
index 74a5c86446..74a5c86446 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0043-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0043-gcc-final.c-fdebug-prefix-map-support-to-remap-sourc.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0044-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch b/meta/recipes-devtools/gcc/gcc-7.3/0044-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch
index e39af9b1aa..e39af9b1aa 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0044-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0044-libgcc-Add-knob-to-use-ldbl-128-on-ppc.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0045-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch b/meta/recipes-devtools/gcc/gcc-7.3/0045-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch
index 3aa038c913..3aa038c913 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0045-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0045-Link-libgcc-using-LDFLAGS-not-just-SHLIB_LDFLAGS.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0047-sync-gcc-stddef.h-with-musl.patch b/meta/recipes-devtools/gcc/gcc-7.3/0047-sync-gcc-stddef.h-with-musl.patch
index 65d22f169c..65d22f169c 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0047-sync-gcc-stddef.h-with-musl.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0047-sync-gcc-stddef.h-with-musl.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.3/0048-gcc-Enable-static-PIE.patch b/meta/recipes-devtools/gcc/gcc-7.3/0048-gcc-Enable-static-PIE.patch
new file mode 100644
index 0000000000..a96e91339b
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0048-gcc-Enable-static-PIE.patch
@@ -0,0 +1,46 @@
+From 44ef80688b56beea85c0070840dea1e2a4e34aed Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 13 Jun 2017 12:12:52 -0700
+Subject: [PATCH 49/49] gcc: Enable static PIE
+
+Static PIE support in GCC
+see
+https://gcc.gnu.org/ml/gcc/2015-06/msg00008.html
+
+startfiles before patch:
+ -static -> crt1.o crti.o crtbeginT.o
+ -static -PIE -> crt1.o crti.o crtbeginT.o
+ 
+after patch:
+ -static -> crt1.o crti.o crtbeginT.o
+ -static -PIE -> rcrt1.o crti.o crtbeginS.o
+ 
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+---
+ gcc/config/gnu-user.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/gcc/config/gnu-user.h b/gcc/config/gnu-user.h
+index de605b0..b035bbe 100644
+--- a/gcc/config/gnu-user.h
++++ b/gcc/config/gnu-user.h
+@@ -52,11 +52,11 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
+ #define GNU_USER_TARGET_STARTFILE_SPEC \
+   "%{shared:; \
+      pg|p|profile:gcrt1.o%s; \
+-     static:crt1.o%s; \
++     static: %{" PIE_SPEC ": rcrt1.o%s; :crt1.o%s}; \
+      " PIE_SPEC ":Scrt1.o%s; \
+      :crt1.o%s} \
+    crti.o%s \
+-   %{static:crtbeginT.o%s; \
++   %{static: %{" PIE_SPEC ": crtbeginS.o%s; :crtbeginT.o%s}; \
+      shared|" PIE_SPEC ":crtbeginS.o%s; \
+      :crtbegin.o%s} \
+    %{fvtable-verify=none:%s; \
+
+2.13.1
+
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/0050-RISC-V-Handle-non-legitimate-address-in-riscv_legiti.patch b/meta/recipes-devtools/gcc/gcc-7.3/0050-RISC-V-Handle-non-legitimate-address-in-riscv_legiti.patch
index 5a14d04b6f..5a14d04b6f 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/0050-RISC-V-Handle-non-legitimate-address-in-riscv_legiti.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/0050-RISC-V-Handle-non-legitimate-address-in-riscv_legiti.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.2/fix-segmentation-fault-precompiled-hdr.patch b/meta/recipes-devtools/gcc/gcc-7.3/fix-segmentation-fault-precompiled-hdr.patch
index c0adef6f2f..c0adef6f2f 100644
--- a/meta/recipes-devtools/gcc/gcc-7.2/fix-segmentation-fault-precompiled-hdr.patch
+++ b/meta/recipes-devtools/gcc/gcc-7.3/fix-segmentation-fault-precompiled-hdr.patch
diff --git a/meta/recipes-devtools/gcc/gcc-7.3/no-sse-fix-test-case-failures.patch b/meta/recipes-devtools/gcc/gcc-7.3/no-sse-fix-test-case-failures.patch
new file mode 100644
index 0000000000..cb87c5ab7e
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-7.3/no-sse-fix-test-case-failures.patch
@@ -0,0 +1,259 @@
+From f22830da2ba64577deb6f717d05d86c03dd2e50d Mon Sep 17 00:00:00 2001
+From: RAGHUNATH LOLUR <raghunath.lolur@kpit.com>
+Date: Wed, 6 Dec 2017 22:52:26 -0800
+Subject: [PATCH] Fix for testsuite failure
+
+2017-11-16  Raghunath Lolur  <raghunath.lolur@kpit.com>
+
+	* gcc.dg/pr56275.c: If SSE is disabled, ensure that
+	"-mfpmath" is not set to use SSE. Set "-mfpmath=387".
+	* gcc.dg/pr68306.c: Likewise
+	* gcc.dg/pr68306-2.c: Likewise
+	* gcc.dg/pr68306-3.c: Likewise
+	* gcc.dg/pr69634.c: Likewise
+	* gcc.target/i386/amd64-abi-1.c: Likewise
+	* gcc.target/i386/funcspec-6.c: Likewise
+	* gcc.target/i386/interrupt-387-err-1.c: Likewise
+	* gcc.target/i386/isa-14.c: Likewise
+	* gcc.target/i386/pr44948-2b.c: Likewise
+	* gcc.target/i386/pr53425-1.c: Likewise
+	* gcc.target/i386/pr53425-2.c: Likewise
+	* gcc.target/i386/pr55247.c: Likewise
+	* gcc.target/i386/pr59644.c: Likewise
+	* gcc.target/i386/pr62120.c: Likewise
+	* gcc.target/i386/pr70467-1.c: Likewise
+	* gcc.target/i386/warn-vect-op-1.c: Likewise
+
+If -Wall, -Werror are used during compilation various test cases fail
+to compile.
+
+If SSE is disabled, be sure to -mfpmath=387 to resolve this.
+
+This patch removes the changes to Changelog from the original patch.
+This will help us avoid conflicts.
+
+Upstream-Status: Pending
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+---
+ gcc/testsuite/ChangeLog                   | 21 +++++++++++++++++++++
+ gcc/testsuite/gcc.dg/pr56275.c            |  2 +-
+ gcc/testsuite/gcc.dg/pr68306-2.c          |  2 +-
+ gcc/testsuite/gcc.dg/pr68306-3.c          |  2 +-
+ gcc/testsuite/gcc.dg/pr68306.c            |  2 +-
+ gcc/testsuite/gcc.dg/pr69634.c            |  2 +-
+ .../gcc/testsuite/gcc.target/i386/amd64-abi-1.c     |  2 +-
+ .../gcc/testsuite/gcc.target/i386/funcspec-6.c      |  1 +
+ .../testsuite/gcc.target/i386/interrupt-387-err-1.c |  2 +-
+ gcc/testsuite/gcc.target/i386/isa-14.c    |  2 +-
+ .../gcc/testsuite/gcc.target/i386/pr44948-2b.c      |  2 +-
+ gcc/testsuite/gcc.target/i386/pr53425-1.c |  2 +-
+ gcc/testsuite/gcc.target/i386/pr53425-2.c |  2 +-
+ gcc/testsuite/gcc.target/i386/pr55247.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/pr59644.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/pr62120.c   |  2 +-
+ gcc/testsuite/gcc.target/i386/pr70467-1.c |  2 +-
+ .../gcc/testsuite/gcc.target/i386/warn-vect-op-1.c  |  2 +-
+ 18 files changed, 38 insertions(+), 16 deletions(-)
+
+diff --git a/gcc/testsuite/gcc.dg/pr56275.c b/gcc/testsuite/gcc.dg/pr56275.c
+index b901bb2..a4f6c95 100644
+--- a/gcc/testsuite/gcc.dg/pr56275.c
++++ b/gcc/testsuite/gcc.dg/pr56275.c
+@@ -1,6 +1,6 @@
+ /* { dg-do compile } */
+ /* { dg-options "-O2" } */
+-/* { dg-additional-options "-mno-sse" { target { i?86-*-* x86_64-*-* } } } */
++/* { dg-additional-options "-mno-sse -mfpmath=387" { target { i?86-*-* x86_64-*-* } } } */
+ 
+ typedef long long v2tw __attribute__ ((vector_size (2 * sizeof (long long))));
+ 
+diff --git a/gcc/testsuite/gcc.dg/pr68306-2.c b/gcc/testsuite/gcc.dg/pr68306-2.c
+index 4672ebe..2a368c4 100644
+--- a/gcc/testsuite/gcc.dg/pr68306-2.c
++++ b/gcc/testsuite/gcc.dg/pr68306-2.c
+@@ -1,6 +1,6 @@
+ /* { dg-do compile } */
+ /* { dg-options "-O3" } */
+-/* { dg-additional-options "-mno-sse -mno-mmx" { target i?86-*-* x86_64-*-* } } */
++/* { dg-additional-options "-mno-sse -mno-mmx -mfpmath=387" { target i?86-*-* x86_64-*-* } } */
+ 
+ struct {
+     int tz_minuteswest;
+diff --git a/gcc/testsuite/gcc.dg/pr68306-3.c b/gcc/testsuite/gcc.dg/pr68306-3.c
+index f5a8c10..df3390c 100644
+--- a/gcc/testsuite/gcc.dg/pr68306-3.c
++++ b/gcc/testsuite/gcc.dg/pr68306-3.c
+@@ -1,6 +1,6 @@
+ /* { dg-do compile } */
+ /* { dg-options "-O3" } */
+-/* { dg-additional-options "-mno-sse -mno-mmx" { target i?86-*-* x86_64-*-* } } */
++/* { dg-additional-options "-mno-sse -mno-mmx -mfpmath=387" { target i?86-*-* x86_64-*-* } } */
+ /* { dg-additional-options "-mno-altivec -mno-vsx" { target powerpc*-*-* } } */
+ 
+ extern void fn2();
+diff --git a/gcc/testsuite/gcc.dg/pr68306.c b/gcc/testsuite/gcc.dg/pr68306.c
+index 54e5b40..0813389 100644
+--- a/gcc/testsuite/gcc.dg/pr68306.c
++++ b/gcc/testsuite/gcc.dg/pr68306.c
+@@ -1,6 +1,6 @@
+ /* { dg-do compile } */
+ /* { dg-options "-O3" } */
+-/* { dg-additional-options "-mno-sse -mno-mmx" { target i?86-*-* x86_64-*-* } } */
++/* { dg-additional-options "-mno-sse -mno-mmx -mfpmath=387" { target i?86-*-* x86_64-*-* } } */
+ 
+ enum powerpc_pmc_type { PPC_PMC_IBM };
+ struct {
+diff --git a/gcc/testsuite/gcc.dg/pr69634.c b/gcc/testsuite/gcc.dg/pr69634.c
+index 60a5614..bcc23f9 100644
+--- a/gcc/testsuite/gcc.dg/pr69634.c
++++ b/gcc/testsuite/gcc.dg/pr69634.c
+@@ -1,6 +1,6 @@
+ /* { dg-do compile } */
+ /* { dg-options "-O2 -fno-dce -fschedule-insns -fno-tree-vrp -fcompare-debug -Wno-psabi" } */
+-/* { dg-additional-options "-mno-sse" { target i?86-*-* x86_64-*-* } } */
++/* { dg-additional-options "-mno-sse -mfpmath=387" { target i?86-*-* x86_64-*-* } } */
+ /* { dg-require-effective-target scheduling } */
+ 
+ typedef unsigned short u16;
+diff --git a/gcc/testsuite/gcc.target/i386/amd64-abi-1.c b/gcc/testsuite/gcc.target/i386/amd64-abi-1.c
+index 69fde57..7f1f1c0 100644
+--- a/gcc/testsuite/gcc.target/i386/amd64-abi-1.c
++++ b/gcc/testsuite/gcc.target/i386/amd64-abi-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { ! ia32 } } } */
+-/* { dg-options "-mno-sse" } */
++/* { dg-options "-mno-sse -mfpmath=387" } */
+ /* { dg-additional-options "-mabi=sysv" { target *-*-mingw* } } */
+ 
+ double foo(void) { return 0; }	/* { dg-error "SSE disabled" } */
+diff --git a/gcc/testsuite/gcc.target/i386/funcspec-6.c b/gcc/testsuite/gcc.target/i386/funcspec-6.c
+index ea896b7..bf15569 100644
+--- a/gcc/testsuite/gcc.target/i386/funcspec-6.c
++++ b/gcc/testsuite/gcc.target/i386/funcspec-6.c
+@@ -1,6 +1,7 @@
+ /* Test whether all of the 64-bit function specific options are accepted
+    without error.  */
+ /* { dg-do compile { target { ! ia32 } } } */
++/* { dg-additional-options "-mfpmath=387" } */
+ 
+ #include "funcspec-56.inc"
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/interrupt-387-err-1.c b/gcc/testsuite/gcc.target/i386/interrupt-387-err-1.c
+index 3fbdc88..6b4d9d1 100644
+--- a/gcc/testsuite/gcc.target/i386/interrupt-387-err-1.c
++++ b/gcc/testsuite/gcc.target/i386/interrupt-387-err-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mgeneral-regs-only -mno-cld -mno-iamcu -m80387" } */
++/* { dg-options "-O2 -mgeneral-regs-only -mno-cld -mno-iamcu -m80387 -mfpmath=387" } */
+ 
+ typedef unsigned int uword_t __attribute__ ((mode (__word__)));
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/isa-14.c b/gcc/testsuite/gcc.target/i386/isa-14.c
+index 5d49e6e..1de2db9 100644
+--- a/gcc/testsuite/gcc.target/i386/isa-14.c
++++ b/gcc/testsuite/gcc.target/i386/isa-14.c
+@@ -1,5 +1,5 @@
+ /* { dg-do run } */
+-/* { dg-options "-march=x86-64 -msse4a -mfma4 -mno-sse" } */
++/* { dg-options "-march=x86-64 -msse4a -mfma4 -mno-sse -mfpmath=387" } */
+ 
+ extern void abort (void);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/pr44948-2b.c b/gcc/testsuite/gcc.target/i386/pr44948-2b.c
+index fa1769b..f79fb12 100644
+--- a/gcc/testsuite/gcc.target/i386/pr44948-2b.c
++++ b/gcc/testsuite/gcc.target/i386/pr44948-2b.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-O -mno-sse -Wno-psabi -mtune=generic" } */
++/* { dg-options "-O -mno-sse -Wno-psabi -mtune=generic -mfpmath=387" } */
+ 
+ struct A
+ { 
+diff --git a/gcc/testsuite/gcc.target/i386/pr53425-1.c b/gcc/testsuite/gcc.target/i386/pr53425-1.c
+index 2e89ff7..6339bf6 100644
+--- a/gcc/testsuite/gcc.target/i386/pr53425-1.c
++++ b/gcc/testsuite/gcc.target/i386/pr53425-1.c
+@@ -1,6 +1,6 @@
+ /* PR target/53425 */
+ /* { dg-do compile { target { ! ia32 } } } */
+-/* { dg-options "-O2 -mno-sse" } */
++/* { dg-options "-O2 -mno-sse -mfpmath=387" } */
+ /* { dg-skip-if "no SSE vector" { x86_64-*-mingw* } } */
+ 
+ typedef double __v2df __attribute__ ((__vector_size__ (16)));
+diff --git a/gcc/testsuite/gcc.target/i386/pr53425-2.c b/gcc/testsuite/gcc.target/i386/pr53425-2.c
+index 61f6283..2c5a55f 100644
+--- a/gcc/testsuite/gcc.target/i386/pr53425-2.c
++++ b/gcc/testsuite/gcc.target/i386/pr53425-2.c
+@@ -1,6 +1,6 @@
+ /* PR target/53425 */
+ /* { dg-do compile { target { ! ia32 } } } */
+-/* { dg-options "-O2 -mno-sse" } */
++/* { dg-options "-O2 -mno-sse -mfpmath=387" } */
+ /* { dg-skip-if "no SSE vector" { x86_64-*-mingw* } } */
+ 
+ typedef float __v2sf __attribute__ ((__vector_size__ (8)));
+diff --git a/gcc/testsuite/gcc.target/i386/pr55247.c b/gcc/testsuite/gcc.target/i386/pr55247.c
+index 23366d0..9810e3a 100644
+--- a/gcc/testsuite/gcc.target/i386/pr55247.c
++++ b/gcc/testsuite/gcc.target/i386/pr55247.c
+@@ -1,6 +1,6 @@
+ /* { dg-do compile { target { ! ia32 } } } */
+ /* { dg-require-effective-target maybe_x32 } */
+-/* { dg-options "-O2 -mno-sse -mno-mmx -mx32 -maddress-mode=long" } */
++/* { dg-options "-O2 -mno-sse -mno-mmx -mx32 -maddress-mode=long -mfpmath=387" } */
+ 
+ typedef unsigned int uint32_t;
+ typedef uint32_t Elf32_Word;
+diff --git a/gcc/testsuite/gcc.target/i386/pr59644.c b/gcc/testsuite/gcc.target/i386/pr59644.c
+index 96006b3..4287e45 100644
+--- a/gcc/testsuite/gcc.target/i386/pr59644.c
++++ b/gcc/testsuite/gcc.target/i386/pr59644.c
+@@ -1,6 +1,6 @@
+ /* PR target/59644 */
+ /* { dg-do run { target lp64 } } */
+-/* { dg-options "-O2 -ffreestanding -mno-sse -mpreferred-stack-boundary=3 -maccumulate-outgoing-args -mno-red-zone" } */
++/* { dg-options "-O2 -ffreestanding -mno-sse -mpreferred-stack-boundary=3 -maccumulate-outgoing-args -mno-red-zone -mfpmath=387" } */
+ 
+ /* This test uses __builtin_trap () instead of e.g. abort,
+    because due to -mpreferred-stack-boundary=3 it should not call
+diff --git a/gcc/testsuite/gcc.target/i386/pr62120.c b/gcc/testsuite/gcc.target/i386/pr62120.c
+index bfb8c47..ed04cf1 100644
+--- a/gcc/testsuite/gcc.target/i386/pr62120.c
++++ b/gcc/testsuite/gcc.target/i386/pr62120.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile } */
+-/* { dg-options "-mno-sse" } */
++/* { dg-options "-mno-sse -mfpmath=387" } */
+ 
+ void foo ()
+ {
+diff --git a/gcc/testsuite/gcc.target/i386/pr70467-1.c b/gcc/testsuite/gcc.target/i386/pr70467-1.c
+index 4e112c8..bcfb396 100644
+--- a/gcc/testsuite/gcc.target/i386/pr70467-1.c
++++ b/gcc/testsuite/gcc.target/i386/pr70467-1.c
+@@ -1,6 +1,6 @@
+ /* PR rtl-optimization/70467 */
+ /* { dg-do compile } */
+-/* { dg-options "-O2 -mno-sse" } */
++/* { dg-options "-O2 -mno-sse -mfpmath=387" } */
+ 
+ void foo (unsigned long long *);
+ 
+diff --git a/gcc/testsuite/gcc.target/i386/warn-vect-op-1.c b/gcc/testsuite/gcc.target/i386/warn-vect-op-1.c
+index 6cda153..26e37f5 100644
+--- a/gcc/testsuite/gcc.target/i386/warn-vect-op-1.c
++++ b/gcc/testsuite/gcc.target/i386/warn-vect-op-1.c
+@@ -1,5 +1,5 @@
+ /* { dg-do compile { target { ! ia32 } } }  */
+-/* { dg-options "-mno-sse -Wvector-operation-performance" }  */
++/* { dg-options "-mno-sse -Wvector-operation-performance -mfpmath=387" }  */
+ #define vector(elcount, type)  \
+ __attribute__((vector_size((elcount)*sizeof(type)))) type
+ 
+-- 
+1.8.5.6
+
diff --git a/meta/recipes-devtools/gcc/gcc-common.inc b/meta/recipes-devtools/gcc/gcc-common.inc
index b5975b5a3b..aa3b53e64c 100644
--- a/meta/recipes-devtools/gcc/gcc-common.inc
+++ b/meta/recipes-devtools/gcc/gcc-common.inc
@@ -105,6 +105,7 @@ gcclibdir = "${libdir}/gcc"
 BINV = "${PV}"
 #S = "${WORKDIR}/gcc-${PV}"
 S = "${TMPDIR}/work-shared/gcc-${PV}-${PR}/gcc-${PV}"
+
 B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}"
 
 target_includedir ?= "${includedir}"
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_6.3.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_6.4.bb
index bf53c5cd78..bf53c5cd78 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-canadian_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross-canadian_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross-canadian_7.2.bb b/meta/recipes-devtools/gcc/gcc-cross-canadian_7.3.bb
index bf53c5cd78..bf53c5cd78 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-canadian_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross-canadian_7.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross-initial_6.3.bb b/meta/recipes-devtools/gcc/gcc-cross-initial_6.4.bb
index 4c73e5ce61..4c73e5ce61 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-initial_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross-initial_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross-initial_7.2.bb b/meta/recipes-devtools/gcc/gcc-cross-initial_7.3.bb
index 4c73e5ce61..4c73e5ce61 100644
--- a/meta/recipes-devtools/gcc/gcc-cross-initial_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross-initial_7.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross_6.3.bb b/meta/recipes-devtools/gcc/gcc-cross_6.4.bb
index b43cca0c52..b43cca0c52 100644
--- a/meta/recipes-devtools/gcc/gcc-cross_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-cross_7.2.bb b/meta/recipes-devtools/gcc/gcc-cross_7.3.bb
index b43cca0c52..b43cca0c52 100644
--- a/meta/recipes-devtools/gcc/gcc-cross_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc-cross_7.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk-initial_6.3.bb b/meta/recipes-devtools/gcc/gcc-crosssdk-initial_6.4.bb
index fd90e1140f..fd90e1140f 100644
--- a/meta/recipes-devtools/gcc/gcc-crosssdk-initial_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-crosssdk-initial_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk-initial_7.2.bb b/meta/recipes-devtools/gcc/gcc-crosssdk-initial_7.3.bb
index fd90e1140f..fd90e1140f 100644
--- a/meta/recipes-devtools/gcc/gcc-crosssdk-initial_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc-crosssdk-initial_7.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_6.3.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_6.4.bb
index 40a6c4feff..40a6c4feff 100644
--- a/meta/recipes-devtools/gcc/gcc-crosssdk_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-crosssdk_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-crosssdk_7.2.bb b/meta/recipes-devtools/gcc/gcc-crosssdk_7.3.bb
index 40a6c4feff..40a6c4feff 100644
--- a/meta/recipes-devtools/gcc/gcc-crosssdk_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc-crosssdk_7.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc
index ee08529a5f..d3d4bd36a8 100644
--- a/meta/recipes-devtools/gcc/gcc-runtime.inc
+++ b/meta/recipes-devtools/gcc/gcc-runtime.inc
@@ -20,6 +20,8 @@ RUNTIMELIBITM = "libitm"
 RUNTIMELIBITM_mipsarch = ""
 RUNTIMELIBITM_nios2 = ""
 RUNTIMELIBITM_microblaze = ""
+RUNTIMELIBITM_riscv32 = ""
+RUNTIMELIBITM_riscv64 = ""
 
 RUNTIMETARGET = "libssp libstdc++-v3 libgomp libatomic ${RUNTIMELIBITM} \
     ${@bb.utils.contains_any('FORTRAN', [',fortran',',f77'], 'libquadmath', '', d)} \
diff --git a/meta/recipes-devtools/gcc/gcc-runtime_6.3.bb b/meta/recipes-devtools/gcc/gcc-runtime_6.4.bb
index 8f31e7792e..8f31e7792e 100644
--- a/meta/recipes-devtools/gcc/gcc-runtime_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-runtime_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-runtime_7.2.bb b/meta/recipes-devtools/gcc/gcc-runtime_7.3.bb
index 8f31e7792e..8f31e7792e 100644
--- a/meta/recipes-devtools/gcc/gcc-runtime_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc-runtime_7.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_6.3.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_6.4.bb
index 601f666023..601f666023 100644
--- a/meta/recipes-devtools/gcc/gcc-sanitizers_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-sanitizers_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-sanitizers_7.2.bb b/meta/recipes-devtools/gcc/gcc-sanitizers_7.3.bb
index 601f666023..601f666023 100644
--- a/meta/recipes-devtools/gcc/gcc-sanitizers_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc-sanitizers_7.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc-source_6.3.bb b/meta/recipes-devtools/gcc/gcc-source_6.4.bb
index b890fa33ea..b890fa33ea 100644
--- a/meta/recipes-devtools/gcc/gcc-source_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc-source_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc-source_7.2.bb b/meta/recipes-devtools/gcc/gcc-source_7.3.bb
index b890fa33ea..b890fa33ea 100644
--- a/meta/recipes-devtools/gcc/gcc-source_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc-source_7.3.bb
diff --git a/meta/recipes-devtools/gcc/gcc_6.3.bb b/meta/recipes-devtools/gcc/gcc_6.4.bb
index 2c618dfb93..2c618dfb93 100644
--- a/meta/recipes-devtools/gcc/gcc_6.3.bb
+++ b/meta/recipes-devtools/gcc/gcc_6.4.bb
diff --git a/meta/recipes-devtools/gcc/gcc_7.2.bb b/meta/recipes-devtools/gcc/gcc_7.3.bb
index ab208e7026..ab208e7026 100644
--- a/meta/recipes-devtools/gcc/gcc_7.2.bb
+++ b/meta/recipes-devtools/gcc/gcc_7.3.bb
diff --git a/meta/recipes-devtools/gcc/libgcc-initial_6.3.bb b/meta/recipes-devtools/gcc/libgcc-initial_6.4.bb
index 19f253fce8..19f253fce8 100644
--- a/meta/recipes-devtools/gcc/libgcc-initial_6.3.bb
+++ b/meta/recipes-devtools/gcc/libgcc-initial_6.4.bb
diff --git a/meta/recipes-devtools/gcc/libgcc-initial_7.2.bb b/meta/recipes-devtools/gcc/libgcc-initial_7.3.bb
index 19f253fce8..19f253fce8 100644
--- a/meta/recipes-devtools/gcc/libgcc-initial_7.2.bb
+++ b/meta/recipes-devtools/gcc/libgcc-initial_7.3.bb
diff --git a/meta/recipes-devtools/gcc/libgcc_6.3.bb b/meta/recipes-devtools/gcc/libgcc_6.4.bb
index a5152f28e9..a5152f28e9 100644
--- a/meta/recipes-devtools/gcc/libgcc_6.3.bb
+++ b/meta/recipes-devtools/gcc/libgcc_6.4.bb
diff --git a/meta/recipes-devtools/gcc/libgcc_7.2.bb b/meta/recipes-devtools/gcc/libgcc_7.3.bb
index a5152f28e9..a5152f28e9 100644
--- a/meta/recipes-devtools/gcc/libgcc_7.2.bb
+++ b/meta/recipes-devtools/gcc/libgcc_7.3.bb
diff --git a/meta/recipes-devtools/gcc/libgfortran_6.3.bb b/meta/recipes-devtools/gcc/libgfortran_6.4.bb
index 71dd8b4bdc..71dd8b4bdc 100644
--- a/meta/recipes-devtools/gcc/libgfortran_6.3.bb
+++ b/meta/recipes-devtools/gcc/libgfortran_6.4.bb
diff --git a/meta/recipes-devtools/gcc/libgfortran_7.2.bb b/meta/recipes-devtools/gcc/libgfortran_7.3.bb
index 71dd8b4bdc..71dd8b4bdc 100644
--- a/meta/recipes-devtools/gcc/libgfortran_7.2.bb
+++ b/meta/recipes-devtools/gcc/libgfortran_7.3.bb
diff --git a/meta/recipes-devtools/gdb/gdb-8.0.inc b/meta/recipes-devtools/gdb/gdb-8.0.inc
index fba32ce12c..227abd9e04 100644
--- a/meta/recipes-devtools/gdb/gdb-8.0.inc
+++ b/meta/recipes-devtools/gdb/gdb-8.0.inc
@@ -16,6 +16,7 @@ SRC_URI = "http://ftp.gnu.org/gnu/gdb/gdb-${PV}.tar.xz \
            file://0009-Change-order-of-CFLAGS.patch \
            file://0010-resolve-restrict-keyword-conflict.patch \
            file://package_devel_gdb_patches_120-sigprocmask-invalid-call.patch \
+           file://gdb-Fix-ia64-defining-TRAP_HWBKPT-before-including-g.patch \
 "
 SRC_URI[md5sum] = "c3d35cd949084be53b92cc1e03485f88"
 SRC_URI[sha256sum] = "f6a24ffe4917e67014ef9273eb8b547cb96a13e5ca74895b06d683b391f3f4ee"
diff --git a/meta/recipes-devtools/gdb/gdb/gdb-Fix-ia64-defining-TRAP_HWBKPT-before-including-g.patch b/meta/recipes-devtools/gdb/gdb/gdb-Fix-ia64-defining-TRAP_HWBKPT-before-including-g.patch
new file mode 100644
index 0000000000..ef97de7772
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/gdb-Fix-ia64-defining-TRAP_HWBKPT-before-including-g.patch
@@ -0,0 +1,56 @@
+From b033a9663053eed87cb572397176747b88e9a699 Mon Sep 17 00:00:00 2001
+From: James Clarke <jrtc27@jrtc27.com>
+Date: Fri, 19 Jan 2018 17:22:49 +0000
+Subject: [PATCH] gdb: Fix ia64 defining TRAP_HWBKPT before including
+ gdb_wait.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On ia64, gdb_wait.h eventually includes siginfo-consts-arch.h, which
+contains an enum with TRAP_HWBKPT, along with a #define. Thus we cannot
+define TRAP_HWBKPT to 4 beforehand, and so gdb_wait.h must be included
+earlier; include it from linux-ptrace.h so it can never come afterwards.
+
+gdb/ChangeLog:
+
+	* nat/linux-ptrace.c: Remove unnecessary reinclusion of
+	gdb_ptrace.h, and move including gdb_wait.h ...
+	* nat/linux-ptrace.h: ... to here.
+
+Upstream-Status: Accepted [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=5a6c3296a7a90694ad4042f6256f3da6d4fa4ee8]
+
+Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
+---
+ gdb/nat/linux-ptrace.c | 2 --
+ gdb/nat/linux-ptrace.h | 1 +
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/gdb/nat/linux-ptrace.c b/gdb/nat/linux-ptrace.c
+index 3265b16..559c2de 100644
+--- a/gdb/nat/linux-ptrace.c
++++ b/gdb/nat/linux-ptrace.c
+@@ -21,8 +21,6 @@
+ #include "linux-procfs.h"
+ #include "linux-waitpid.h"
+ #include "buffer.h"
+-#include "gdb_wait.h"
+-#include "gdb_ptrace.h"
+ #ifdef HAVE_SYS_PROCFS_H
+ #include <sys/procfs.h>
+ #endif
+diff --git a/gdb/nat/linux-ptrace.h b/gdb/nat/linux-ptrace.h
+index 5954945..6faa89b 100644
+--- a/gdb/nat/linux-ptrace.h
++++ b/gdb/nat/linux-ptrace.h
+@@ -21,6 +21,7 @@
+ struct buffer;
+ 
+ #include "nat/gdb_ptrace.h"
++#include "gdb_wait.h"
+ 
+ #ifdef __UCLIBC__
+ #if !(defined(__UCLIBC_HAS_MMU__) || defined(__ARCH_HAS_MMU__))
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/go/go-1.9.inc b/meta/recipes-devtools/go/go-1.9.inc
index 7f12241dc1..2823304b7c 100644
--- a/meta/recipes-devtools/go/go-1.9.inc
+++ b/meta/recipes-devtools/go/go-1.9.inc
@@ -1,6 +1,9 @@
 require go-common.inc
 
 GO_BASEVERSION = "1.9"
+GO_MINOR = ".4"
+PV .= "${GO_MINOR}"
+
 FILESEXTRAPATHS_prepend := "${FILE_DIRNAME}/go-${GO_BASEVERSION}:"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
@@ -19,5 +22,5 @@ SRC_URI += "\
 "
 SRC_URI_append_libc-musl = " file://set-external-linker.patch"
 
-SRC_URI[main.md5sum] = "da2d44ea384076efec43ee1f8b7d45d2"
-SRC_URI[main.sha256sum] = "a4ab229028ed167ba1986825751463605264e44868362ca8e7accc8be057e993"
+SRC_URI[main.md5sum] = "6816441fd6680c63865cdd5cb8bc1960"
+SRC_URI[main.sha256sum] = "0573a8df33168977185aa44173305e5a0450f55213600e94541604b75d46dc06"
diff --git a/meta/recipes-devtools/make/make.inc b/meta/recipes-devtools/make/make.inc
index 849b74299c..b8905bc6d3 100644
--- a/meta/recipes-devtools/make/make.inc
+++ b/meta/recipes-devtools/make/make.inc
@@ -5,7 +5,10 @@ called the makefile, which lists each of the non-source files and how to compute
 HOMEPAGE = "http://www.gnu.org/software/make/"
 SECTION = "devel"
 
-SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2"
+SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2 \
+           file://0001-glob-Do-not-assume-glibc-glob-internals.patch \
+           file://0002-glob-Do-not-assume-glibc-glob-internals.patch \
+           "
 
 inherit autotools gettext pkgconfig texinfo
 
diff --git a/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch b/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch
new file mode 100644
index 0000000000..2b6e4d40c3
--- /dev/null
+++ b/meta/recipes-devtools/make/make/0001-glob-Do-not-assume-glibc-glob-internals.patch
@@ -0,0 +1,70 @@
+From c90a7dda6c572f79b8e78da44b6ebf8704edef65 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun, 24 Sep 2017 09:12:58 -0400
+Subject: [PATCH 1/2] glob: Do not assume glibc glob internals.
+
+It has been proposed that glibc glob start using gl_lstat,
+which the API allows it to do.  GNU 'make' should not get in
+the way of this.  See:
+https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html
+
+* dir.c (local_lstat): New function, like local_stat.
+(dir_setup_glob): Use it to initialize gl_lstat too, as the API
+requires.
+---
+Upstream-Status: Backport
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+ dir.c | 29 +++++++++++++++++++++++++++--
+ 1 file changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/dir.c b/dir.c
+index f34bbf5..12eef30 100644
+--- a/dir.c
++++ b/dir.c
+@@ -1299,15 +1299,40 @@ local_stat (const char *path, struct stat *buf)
+ }
+ #endif
+ 
++/* Similarly for lstat.  */
++#if !defined(lstat) && !defined(WINDOWS32) || defined(VMS)
++# ifndef VMS
++#  ifndef HAVE_SYS_STAT_H
++int lstat (const char *path, struct stat *sbuf);
++#  endif
++# else
++    /* We are done with the fake lstat.  Go back to the real lstat */
++#   ifdef lstat
++#     undef lstat
++#   endif
++# endif
++# define local_lstat lstat
++#elif defined(WINDOWS32)
++/* Windows doesn't support lstat().  */
++# define local_lstat local_stat
++#else
++static int
++local_lstat (const char *path, struct stat *buf)
++{
++  int e;
++  EINTRLOOP (e, lstat (path, buf));
++  return e;
++}
++#endif
++
+ void
+ dir_setup_glob (glob_t *gl)
+ {
+   gl->gl_opendir = open_dirstream;
+   gl->gl_readdir = read_dirstream;
+   gl->gl_closedir = free;
++  gl->gl_lstat = local_lstat;
+   gl->gl_stat = local_stat;
+-  /* We don't bother setting gl_lstat, since glob never calls it.
+-     The slot is only there for compatibility with 4.4 BSD.  */
+ }
+ 
+ void
+-- 
+2.16.1
+
diff --git a/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch b/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch
new file mode 100644
index 0000000000..d49acd9f6e
--- /dev/null
+++ b/meta/recipes-devtools/make/make/0002-glob-Do-not-assume-glibc-glob-internals.patch
@@ -0,0 +1,38 @@
+From 9858702dbd1e137262c06765919937660879f63c Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun, 24 Sep 2017 09:12:58 -0400
+Subject: [PATCH 2/2] glob: Do not assume glibc glob internals.
+
+It has been proposed that glibc glob start using gl_lstat,
+which the API allows it to do.  GNU 'make' should not get in
+the way of this.  See:
+https://sourceware.org/ml/libc-alpha/2017-09/msg00409.html
+
+* dir.c (local_lstat): New function, like local_stat.
+(dir_setup_glob): Use it to initialize gl_lstat too, as the API
+requires.
+---
+Upstream-Status: Backport
+
+ configure.ac | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 64ec870..e87901c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -399,10 +399,9 @@ AC_CACHE_CHECK([if system libc has GNU glob], [make_cv_sys_gnu_glob],
+ #include <glob.h>
+ #include <fnmatch.h>
+ 
+-#define GLOB_INTERFACE_VERSION 1
+ #if !defined _LIBC && defined __GNU_LIBRARY__ && __GNU_LIBRARY__ > 1
+ # include <gnu-versions.h>
+-# if _GNU_GLOB_INTERFACE_VERSION == GLOB_INTERFACE_VERSION
++if _GNU_GLOB_INTERFACE_VERSION == 1 || _GNU_GLOB_INTERFACE_VERSION == 2
+    gnu glob
+ # endif
+ #endif],
+-- 
+2.16.1
+
diff --git a/meta/recipes-devtools/mtd/mtd-utils_git.bb b/meta/recipes-devtools/mtd/mtd-utils_git.bb
index 4fbc54f8f4..48ba2ee07a 100644
--- a/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -5,7 +5,7 @@ LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
                     file://include/common.h;beginline=1;endline=17;md5=ba05b07912a44ea2bf81ce409380049c"
 
-inherit autotools pkgconfig
+inherit autotools pkgconfig update-alternatives
 
 DEPENDS = "zlib lzo e2fsprogs util-linux"
 
@@ -30,6 +30,11 @@ PACKAGECONFIG[xattr] = ",,acl,"
 
 EXTRA_OEMAKE = "'CC=${CC}' 'RANLIB=${RANLIB}' 'AR=${AR}' 'CFLAGS=${CFLAGS} ${@bb.utils.contains('PACKAGECONFIG', 'xattr', '', '-DWITHOUT_XATTR', d)} -I${S}/include' 'BUILDDIR=${S}'"
 
+ALTERNATIVE_${PN} = "flash_eraseall"
+ALTERNATIVE_LINK_NAME[flash_eraseall] = "${sbindir}/flash_eraseall"
+# Use higher priority than busybox's flash_eraseall (created when built with CONFIG_FLASH_ERASEALL)
+ALTERNATIVE_PRIORITY[flash_eraseall] = "100"
+
 do_install () {
 	oe_runmake install DESTDIR=${D} SBINDIR=${sbindir} MANDIR=${mandir} INCLUDEDIR=${includedir}
 }
diff --git a/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch b/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch
new file mode 100644
index 0000000000..049149eb9e
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0001-Fix-swapping-fake-lines-in-pch_swap.patch
@@ -0,0 +1,36 @@
+From 9c986353e420ead6e706262bf204d6e03322c300 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 17 Aug 2018 13:35:40 +0200
+Subject: [PATCH] Fix swapping fake lines in pch_swap
+
+* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
+blank line in the middle of a context-diff hunk: that empty line stays
+in the middle of the hunk and isn't swapped.
+
+Fixes: https://savannah.gnu.org/bugs/index.php?53133
+Signed-off-by: Andreas Gruenbacher <agruen@gnu.org>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/git/patch.git]
+CVE: CVE-2018-6952
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
+---
+ src/pch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index e92bc64..a500ad9 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2122,7 +2122,7 @@ pch_swap (void)
+     }
+     if (p_efake >= 0) {			/* fix non-freeable ptr range */
+ 	if (p_efake <= i)
+-	    n = p_end - i + 1;
++	    n = p_end - p_ptrn_lines;
+ 	else
+ 	    n = -i;
+ 	p_efake += n;
+-- 
+2.10.2
+
diff --git a/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch
new file mode 100644
index 0000000000..b0bd6fa83a
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0002-Fix-segfault-with-mangled-rename-patch.patch
@@ -0,0 +1,35 @@
+From f290f48a621867084884bfff87f8093c15195e6a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 12 Feb 2018 16:48:24 +0100
+Subject: [PATCH] Fix segfault with mangled rename patch
+
+http://savannah.gnu.org/bugs/?53132
+* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+for renames and copies (fix the existing check).
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a]
+CVE: CVE-2018-6951
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+
+---
+ src/pch.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+     if ((pch_rename () || pch_copy ())
+ 	&& ! inname
+ 	&& ! ((i == OLD || i == NEW) &&
+-	      p_name[! reverse] &&
++	      p_name[reverse] && p_name[! reverse] &&
++	      name_is_valid (p_name[reverse]) &&
+ 	      name_is_valid (p_name[! reverse])))
+       {
+ 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch b/meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch
new file mode 100644
index 0000000000..2a09d0c03b
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch
@@ -0,0 +1,38 @@
+From b5a91a01e5d0897facdd0f49d64b76b0f02b43e1 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 11:34:51 +0200
+Subject: [PATCH] Allow input files to be missing for ed-style patches
+
+* src/pch.c (do_ed_script): Allow input files to be missing so that new
+files will be created as with non-ed-style patches.
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1]
+CVE: CVE-2018-1000156
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ src/pch.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..0c5cc26 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
+ 
+     if (! dry_run && ! skip_rest_of_patch) {
+ 	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	assert (! inerrno);
+-	*outname_needs_removal = true;
+-	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	if (inerrno != ENOENT)
++	  {
++	    *outname_needs_removal = true;
++	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	  }
+ 	sprintf (buf, "%s %s%s", editor_program,
+ 		 verbosity == VERBOSE ? "" : "- ",
+ 		 outname);
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch b/meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
new file mode 100644
index 0000000000..d74c2f182e
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch/0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
@@ -0,0 +1,215 @@
+From 123eaff0d5d1aebe128295959435b9ca5909c26d Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 12:14:49 +0200
+Subject: [PATCH] Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)
+
+* src/pch.c (do_ed_script): Write ed script to a temporary file instead
+of piping it to ed: this will cause ed to abort on invalid commands
+instead of rejecting them and carrying on.
+* tests/ed-style: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+
+Upstream-Status: Backport [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d]
+CVE: CVE-2018-1000156
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ src/pch.c         | 91 ++++++++++++++++++++++++++++++++++++++++---------------
+ tests/Makefile.am |  1 +
+ tests/ed-style    | 41 +++++++++++++++++++++++++
+ 3 files changed, 108 insertions(+), 25 deletions(-)
+ create mode 100644 tests/ed-style
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include <io.h>
+ #endif
+ #include <safe.h>
++#include <sys/wait.h>
+ 
+ #define INITHUNKMAX 125			/* initial dynamic allocation size */
+ 
+@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
+     static char const editor_program[] = EDITOR_PROGRAM;
+ 
+     file_offset beginning_of_this_line;
+-    FILE *pipefp = 0;
+     size_t chars_read;
++    FILE *tmpfp = 0;
++    char const *tmpname;
++    int tmpfd;
++    pid_t pid;
++
++    if (! dry_run && ! skip_rest_of_patch)
++      {
++	/* Write ed script to a temporary file.  This causes ed to abort on
++	   invalid commands such as when line numbers or ranges exceed the
++	   number of available lines.  When ed reads from a pipe, it rejects
++	   invalid commands and treats the next line as a new command, which
++	   can lead to arbitrary command execution.  */
++
++	tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++	if (tmpfd == -1)
++	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
++	tmpfp = fdopen (tmpfd, "w+b");
++	if (! tmpfp)
++	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
++      }
+ 
+-    if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	if (inerrno != ENOENT)
+-	  {
+-	    *outname_needs_removal = true;
+-	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	  }
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+-	fflush (stdout);
+-	pipefp = popen(buf, binary_transput ? "wb" : "w");
+-	if (!pipefp)
+-	  pfatal ("Can't open pipe to %s", quotearg (buf));
+-    }
+     for (;;) {
+ 	char ed_command_letter;
+ 	beginning_of_this_line = file_tell (pfp);
+@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
+ 	}
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+-	    if (pipefp)
+-		if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++	    if (tmpfp)
++		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 		    write_fatal ();
+ 	    if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ 	        p_pass_comments_through = true;
+ 		while ((chars_read = get_line ()) != 0) {
+-		    if (pipefp)
+-			if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++		    if (tmpfp)
++			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 			    write_fatal ();
+ 		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
+ 			break;
+@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
+ 	    break;
+ 	}
+     }
+-    if (!pipefp)
++    if (!tmpfp)
+       return;
+-    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
+-	|| fflush (pipefp) != 0)
++    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++	|| fflush (tmpfp) != 0)
+       write_fatal ();
+-    if (pclose (pipefp) != 0)
+-      fatal ("%s FAILED", editor_program);
++
++    if (lseek (tmpfd, 0, SEEK_SET) == -1)
++      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++
++    if (! dry_run && ! skip_rest_of_patch) {
++	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++	*outname_needs_removal = true;
++	if (inerrno != ENOENT)
++	  {
++	    *outname_needs_removal = true;
++	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	  }
++	sprintf (buf, "%s %s%s", editor_program,
++		 verbosity == VERBOSE ? "" : "- ",
++		 outname);
++	fflush (stdout);
++
++	pid = fork();
++	if (pid == -1)
++	  pfatal ("Can't fork");
++	else if (pid == 0)
++	  {
++	    dup2 (tmpfd, 0);
++	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++	    _exit (2);
++	  }
++	else
++	  {
++	    int wstatus;
++	    if (waitpid (pid, &wstatus, 0) == -1
++	        || ! WIFEXITED (wstatus)
++		|| WEXITSTATUS (wstatus) != 0)
++	      fatal ("%s FAILED", editor_program);
++	  }
++    }
++
++    fclose (tmpfp);
++    safe_unlink (tmpname);
+ 
+     if (ofp)
+       {
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 6b6df63..16f8693 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -32,6 +32,7 @@ TESTS = \
+ 	crlf-handling \
+ 	dash-o-append \
+ 	deep-directories \
++	ed-style \
+ 	empty-files \
+ 	false-match \
+ 	fifo \
+diff --git a/tests/ed-style b/tests/ed-style
+new file mode 100644
+index 0000000..d8c0689
+--- /dev/null
++++ b/tests/ed-style
+@@ -0,0 +1,41 @@
++# Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require cat
++use_local_patch
++use_tmpdir
++
++# ==============================================================
++
++cat > ed1.diff <<EOF
++0a
++foo
++.
++EOF
++
++check 'patch -e foo -i ed1.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
++
++cat > ed2.diff <<EOF
++1337a
++r !echo bar
++,p
++EOF
++
++check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
++?
++Status: 2
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/patch/patch_2.7.5.bb b/meta/recipes-devtools/patch/patch_2.7.5.bb
deleted file mode 100644
index 151f021b2c..0000000000
--- a/meta/recipes-devtools/patch/patch_2.7.5.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-require patch.inc
-LICENSE = "GPLv3"
-
-SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch"
-
-SRC_URI[md5sum] = "ed4d5674ef4543b4eb463db168886dc7"
-SRC_URI[sha256sum] = "7436f5a19f93c3ca83153ce9c5cbe4847e97c5d956e57a220121e741f6e7968f"
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-
-acpaths = "-I ${S}/m4 "
-
-PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)}"
-PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
-
diff --git a/meta/recipes-devtools/patch/patch_2.7.6.bb b/meta/recipes-devtools/patch/patch_2.7.6.bb
new file mode 100644
index 0000000000..85b0db7333
--- /dev/null
+++ b/meta/recipes-devtools/patch/patch_2.7.6.bb
@@ -0,0 +1,20 @@
+require patch.inc
+LICENSE = "GPLv3"
+
+SRC_URI += "file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
+            file://0002-Fix-segfault-with-mangled-rename-patch.patch \
+            file://0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch \
+            file://0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch \
+            file://0001-Fix-swapping-fake-lines-in-pch_swap.patch \
+"
+
+SRC_URI[md5sum] = "4c68cee989d83c87b00a3860bcd05600"
+SRC_URI[sha256sum] = "8cf86e00ad3aaa6d26aca30640e86b0e3e1f395ed99f189b06d4c9f74bc58a4e"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
+
+acpaths = "-I ${S}/m4 "
+
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'xattr', d)}"
+PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr,"
+
diff --git a/meta/recipes-devtools/pax-utils/pax-utils_1.2.2.bb b/meta/recipes-devtools/pax-utils/pax-utils_1.2.2.bb
index c6c49e9b2d..9635a5e708 100644
--- a/meta/recipes-devtools/pax-utils/pax-utils_1.2.2.bb
+++ b/meta/recipes-devtools/pax-utils/pax-utils_1.2.2.bb
@@ -7,13 +7,9 @@ HOMEPAGE = "http://www.gentoo.org/proj/en/hardened/pax-utils.xml"
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a"
 
-SRC_URI = "http://gentoo.osuosl.org/distfiles/pax-utils-${PV}.tar.xz \
-"
-
+SRC_URI = "https://dev.gentoo.org/~vapier/dist/pax-utils-${PV}.tar.xz"
 SRC_URI[md5sum] = "a580468318f0ff42edf4a8cd314cc942"
 SRC_URI[sha256sum] = "7f4a7f8db6b4743adde7582fa48992ad01776796fcde030683732f56221337d9"
-UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/p/pax-utils/"
-UPSTREAM_CHECK_REGEX = "pax-utils_(?P<pver>\d+(\.\d+)+)\.orig\.tar"
 
 RDEPENDS_${PN} += "bash"
 
diff --git a/meta/recipes-devtools/perl/perl-native_5.24.1.bb b/meta/recipes-devtools/perl/perl-native_5.24.1.bb
index 6c56a7d701..2f5dffd65b 100644
--- a/meta/recipes-devtools/perl/perl-native_5.24.1.bb
+++ b/meta/recipes-devtools/perl/perl-native_5.24.1.bb
@@ -16,6 +16,7 @@ SRC_URI += "\
            file://dynaloaderhack.patch \
            file://perl-PathTools-don-t-filter-out-blib-from-INC.patch \
            file://0001-Configure-Remove-fstack-protector-strong-for-native-.patch \
+           file://perl-5.26.1-guard_old_libcrypt_fix.patch \
           "
 
 SRC_URI[md5sum] = "af6a84c7c3e2b8b269c105a5db2f6d53"
diff --git a/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch b/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch
new file mode 100644
index 0000000000..c5db1b7060
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch
@@ -0,0 +1,126 @@
+From ba6733216202523a95b0b7ee2e534b8e30b6d7df Mon Sep 17 00:00:00 2001
+From: Dominic Hargreaves <dom@earth.li>
+Date: Sat, 14 Oct 2017 16:27:53 +0200
+Subject: [PATCH] Skip various tests if PERL_BUILD_PACKAGING is set
+
+These are tests which tend not to be useful for downstream packagers
+
+t/porting/customized.t change originally from Todd Rinaldo
+
+Upstream-Status: Backport[https://perl5.git.perl.org/perl.git/ba6733216202523a95b0b7ee2e534b8e30b6d7df]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ INSTALL                |  3 ++-
+ MANIFEST               |  1 +
+ PACKAGING              | 30 ++++++++++++++++++++++++++++++
+ regen/lib_cleanup.pl   |  5 +++++
+ t/porting/customized.t |  1 +
+ t/test.pl              |  3 +++
+ 6 files changed, 42 insertions(+), 1 deletion(-)
+ create mode 100644 PACKAGING
+
+diff --git a/INSTALL b/INSTALL
+index 636f4bd52f..1285fc69a2 100644
+--- a/INSTALL
++++ b/INSTALL
+@@ -2714,4 +2714,5 @@ This document is part of the Perl package and may be distributed under
+ the same terms as perl itself, with the following additional request:
+ If you are distributing a modified version of perl (perhaps as part of
+ a larger package) please B<do> modify these installation instructions
+-and the contact information to match your distribution.
++and the contact information to match your distribution. Additional
++information for packagers is in F<PACKAGING>.
+diff --git a/MANIFEST b/MANIFEST
+index b3207030a9..32de824ca1 100644
+--- a/MANIFEST
++++ b/MANIFEST
+@@ -4932,6 +4932,7 @@ os2/perlrexx.c			Support perl interpreter embedded in REXX
+ os2/perlrexx.cmd		Test perl interpreter embedded in REXX
+ overload.h			generated overload enum (public)
+ overload.inc			generated overload name table (implementation)
++PACKAGING			notes and best practice for packaging perl 5
+ packsizetables.inc		The generated packprops array used in pp_pack.c
+ pad.c				Scratchpad functions
+ pad.h				Scratchpad headers
+diff --git a/PACKAGING b/PACKAGING
+new file mode 100644
+index 0000000000..0c69b87ba6
+--- /dev/null
++++ b/PACKAGING
+@@ -0,0 +1,30 @@
++If you read this file _as_is_, just ignore the funny characters you
++see.  It is written in the POD format (see pod/perlpod.pod) which is
++specifically designed to be readable as is.
++
++=head1 NAME
++
++PACKAGING - notes and best practice for packaging perl 5
++
++=head1 SYNOPSIS
++
++This document is aimed at anyone who is producing their own version of
++perl for distribution to other users. It is intended as a collection
++of useful tips, advice and best practice, rather than being a complete
++packaging manual. The starting point for installing perl remains
++F<INSTALL>.
++
++=head1 Customizing test running
++
++A small number of porting tests (those in t/porting) are not well suited
++to typical distribution packaging scenarios. For example, they assume
++they are working in a git clone of the upstream Perl repository, or
++enforce rules which are not relevant to downstream packagers. These can
++be skipped by setting the environment variable PERL_BUILD_PACKAGING.
++A complete list of tests which this applied to can be found by searching
++the codebase for this string.
++
++An alternative strategy would be to skip all porting tests, but many of
++them are useful if additional patches might be applied.
++
++=cut
+diff --git a/regen/lib_cleanup.pl b/regen/lib_cleanup.pl
+index 5e40b405a4..6caf74a563 100644
+--- a/regen/lib_cleanup.pl
++++ b/regen/lib_cleanup.pl
+@@ -164,6 +164,11 @@ if ($TAP && !-d '.git' && !-f 'lib/.gitignore') {
+     exit 0;
+ }
+ 
++if ($ENV{'PERL_BUILD_PACKAGING'}) {
++    print "ok # skip explicitly disabled git tests by PERL_BUILD_PACKAGING\n";
++    exit 0;
++}
++
+ $fh = open_new('lib/.gitignore', '>',
+                { by => $0,
+                  from => 'MANIFEST and parsing files in cpan/ dist/ and ext/'});
+diff --git a/t/porting/customized.t b/t/porting/customized.t
+index 45fcafb100..5c3739198c 100644
+--- a/t/porting/customized.t
++++ b/t/porting/customized.t
+@@ -13,6 +13,7 @@ BEGIN {
+     @INC = qw(lib Porting t);
+     require 'test.pl';
+     skip_all("pre-computed SHA1 won't match under EBCDIC") if $::IS_EBCDIC;
++    skip_all("This distro may have modified some files in cpan/. Skipping validation.") if $ENV{'PERL_BUILD_PACKAGING'};
+ }
+ 
+ use strict;
+diff --git a/t/test.pl b/t/test.pl
+index 79e6e25e95..1782dcf73c 100644
+--- a/t/test.pl
++++ b/t/test.pl
+@@ -212,6 +212,9 @@ sub find_git_or_skip {
+     } else {
+ 	$reason = 'not being run from a git checkout';
+     }
++    if ($ENV{'PERL_BUILD_PACKAGING'}) {
++	$reason = 'PERL_BUILD_PACKAGING is set';
++    }
+     skip_all($reason) if $_[0] && $_[0] eq 'all';
+     skip($reason, @_);
+ }
+-- 
+2.17.1
+
diff --git a/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch b/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch
new file mode 100644
index 0000000000..0b59fcda3e
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2017-12837.patch
@@ -0,0 +1,32 @@
+From 73d7247ecab863ef26b5687a37ccc75d6144ad0f Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Tue, 17 Oct 2017 13:49:14 +0800
+Subject: [PATCH] fix CVE-2017-12837
+
+Signed-off-by: Karl Williamson <khw@cpan.org>
+Signed-off-by: Steve Hay <steve.m.hay@googlemail.com>
+
+CVE: CVE-2017-12837
+Upstream-Status: Backport
+https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ regcomp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 5498d14..31ec383 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -13021,6 +13021,7 @@ S_regatom(pTHX_ RExC_state_t *pRExC_state, I32 *flagp, U32 depth)
+                             goto loopdone;
+                         }
+                         p = RExC_parse;
++                        RExC_parse = parse_start;
+                         if (ender > 0xff) {
+                             REQUIRE_UTF8(flagp);
+                         }
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch
new file mode 100644
index 0000000000..5c1805f9e7
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/CVE-2017-12883.patch
@@ -0,0 +1,44 @@
+From 40b3cdad3649334585cee8f4630ec9a025e62be6 Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Fri, 25 Aug 2017 11:33:58 -0600
+Subject: [PATCH] PATCH: [perl #131598]
+
+The cause of this is that the vFAIL macro uses RExC_parse, and that
+variable has just been changed in preparation for code after the vFAIL.
+The solution is to not change RExC_parse until after the vFAIL.
+
+This is a case where the macro hides stuff that can bite you.
+
+(cherry picked from commit 2be4edede4ae226e2eebd4eff28cedd2041f300f)
+
+Upstream-Status: Backport
+CVE: CVE-2017-12833
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ regcomp.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+Index: perl-5.24.1/regcomp.c
+===================================================================
+--- perl-5.24.1.orig/regcomp.c
++++ perl-5.24.1/regcomp.c
+@@ -11918,14 +11918,16 @@ S_grok_bslash_N(pTHX_ RExC_state_t *pREx
+ 	}
+         sv_catpv(substitute_parse, ")");
+ 
+-        RExC_parse = RExC_start = RExC_adjusted_start = SvPV(substitute_parse,
+-                                                             len);
++        len = SvCUR(substitute_parse);
+ 
+ 	/* Don't allow empty number */
+ 	if (len < (STRLEN) 8) {
+             RExC_parse = endbrace;
+ 	    vFAIL("Invalid hexadecimal number in \\N{U+...}");
+ 	}
++
++        RExC_parse = RExC_start = RExC_adjusted_start
++                                              = SvPV_nolen(substitute_parse);
+ 	RExC_end = RExC_parse + len;
+ 
+         /* The values are Unicode, and therefore not subject to recoding, but
diff --git a/meta/recipes-devtools/perl/perl/perl-5.26.1-guard_old_libcrypt_fix.patch b/meta/recipes-devtools/perl/perl/perl-5.26.1-guard_old_libcrypt_fix.patch
new file mode 100644
index 0000000000..bb6c573c9a
--- /dev/null
+++ b/meta/recipes-devtools/perl/perl/perl-5.26.1-guard_old_libcrypt_fix.patch
@@ -0,0 +1,28 @@
+commit 13e70b397dcb0d1bf4a869b670f041c1d7b730d0
+Author: Bjรถrn Esser <besser82@fedoraproject.org>
+Date:   Sat Jan 20 20:22:53 2018 +0100
+
+    pp: Guard fix for really old bug in glibc libcrypt
+
+Upstream-Status: Pending
+Signed-off-by Richard Purdie <richard.purdie@linuxfoundation.org>
+
+diff --git a/pp.c b/pp.c
+index d50ad7ddbf..6510c7b15c 100644
+--- a/pp.c
++++ b/pp.c
+@@ -3650,8 +3650,12 @@ PP(pp_crypt)
+ #if defined(__GLIBC__) || defined(__EMX__)
+ 	if (PL_reentrant_buffer->_crypt_struct_buffer) {
+ 	    PL_reentrant_buffer->_crypt_struct_buffer->initialized = 0;
+-	    /* work around glibc-2.2.5 bug */
++#if (defined(__GLIBC__) && __GLIBC__ == 2) && \
++    (defined(__GLIBC_MINOR__) && __GLIBC_MINOR__ >= 2 && __GLIBC_MINOR__ < 4)
++	    /* work around glibc-2.2.5 bug, has been fixed at some
++	     * time in glibc-2.3.X */
+ 	    PL_reentrant_buffer->_crypt_struct_buffer->current_saltbits = 0;
++#endif
+ 	}
+ #endif
+     }
+
diff --git a/meta/recipes-devtools/perl/perl/perl-test-customized.patch b/meta/recipes-devtools/perl/perl/perl-test-customized.patch
deleted file mode 100644
index 90e4dcd5fb..0000000000
--- a/meta/recipes-devtools/perl/perl/perl-test-customized.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 64df09205b6ccb5a434a4e53e8e0a32377ab634f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal.limon@linux.intel.com>
-Date: Thu, 24 Nov 2016 10:49:55 -0600
-Subject: [PATCH] The OE core recipies customize some ExtUtils-MakeMaker
- modules, which causes their MD5 sum to mismatch the provided table and the
- corresponding tests to fail. Also, we patch several test files with a
- backported patch. Update list of hashes to reflect the patched files.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Bill Randle <william.c.randle@intel.com>
-Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
----
- t/porting/customized.dat | 16 ++++++++--------
- 1 file changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/t/porting/customized.dat b/t/porting/customized.dat
-index defeae1..b5d3c46 100644
---- a/t/porting/customized.dat
-+++ b/t/porting/customized.dat
-@@ -18,12 +18,12 @@ Encode cpan/Encode/bin/unidump 715f47c2fcc661268f3c6cd3de0d27c72b745cd2
- Encode cpan/Encode/Encode.pm e146861ff2e6aaa62defa4887eade68dd7b17c8e
- Encode cpan/Encode/encoding.pm 51c19efc9bfe8467d6ae12a4654f6e7f980715bf
- ExtUtils::Constant cpan/ExtUtils-Constant/t/Constant.t a0369c919e216fb02767a637666bb4577ad79b02
--ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 5bc04a0173b8b787f465271b6186220326ae8eef
-+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/bin/instmodsh 2070fe968fa344d89aea1bdc6a8dbb0c467d0612
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command.pm e3a372e07392179711ea9972087c1105a2780fad
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Command/MM.pm b72721bd6aa9bf7ec328bda99a8fdb63cac6114d
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist.pm 0e1e4c25eddb999fec6c4dc66593f76db34cfd16
--ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm bfd2aa00ca4ed251f342e1d1ad704abbaf5a615e
--ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm 5529ae3064365eafd99536621305d52f4ab31b45
-+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Liblist/Kid.pm d593d8fdc5c0ebcb6d3701c70fc6640c50d93455
-+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm bf9174c70a0e50ff2fee4552c7df89b37d292da1
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Config.pm bc88b275af73b8faac6abd59a9aad3f625925810
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/FAQ.pod 062e5d14a803fbbec8d61803086a3d7997e8a473
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker/Tutorial.pod a8a9cab7d67922ed3d6883c864e1fe29aaa6ad89
-@@ -33,7 +33,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mkbootstrap.pm 412e95c3
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/Mksymlists.pm 8559ef191b4371d0c381472464856a8a73825b2a
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM.pm 09d579ed9daea95c3bf47de2e0b8fe3aa0ff6447
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_AIX.pm f720c13748293b792f7073aa96e7daecb590b183
--ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm 243649a399d293ae7ad0f26b7eab2668aa864ce8
-+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Any.pm ec39f68802a6fee8daaa914fc7131f40533cfc23
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_BeOS.pm b63c90129303b2c17d084fb828aa2c02a2ad85b8
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Cygwin.pm cabd1c97eaa427067811d92807e34c17940c7350
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Darwin.pm 6a185d897a600c34615a6073f4de0ac2f54fef3e
-@@ -42,7 +42,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_MacOS.pm 1f5eb772eed
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_NW5.pm de777d7809c0d73e5d4622a29921731c7e5dff48
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_OS2.pm 01e8f08a82b5304009574e3ac0892b4066ff7639
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_QNX.pm 5340052b58557a6764f5ac9f8b807fefec404a06
--ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 3c3b93f431b0a51b9592b3d69624dbf5409f6f74
-+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Unix.pm 0d6ed5e4bdcdcd28e968e8629a592fdd0cc84818
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_UWIN.pm 40397f4cd2d49700b80b4ef490da98add24c5b37
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VMS.pm 147e97fbabb74841f0733dbd5d1b9f3fa51f87c1
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_VOS.pm 3f13ed7045ff3443bcb4dd6c95c98b9bd705820f
-@@ -51,7 +51,7 @@ ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MM_Win95.pm 48e8a2fe176
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/MY.pm 6fefe99045b64459905d4721f3a494d8d50f7ab9
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/lib/ExtUtils/testlib.pm 172778ad21c065a89cd270668eb9f99a7364b41c
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/cd.t 0a71fbd646a7be8358b07b6f64f838243cc0aef4
--ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 37aec8f794c52e037540757eb5b2556f79419ff7
-+ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/echo.t 1a93dd8834e4bb0e5facf08204e782807567b2eb
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/lib/MakeMaker/Test/NoXS.pm 371cdff1b2375017907cfbc9c8f4a31f5ad10582
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/prereq.t 53bda2c549fd13a6b6c13a070ca6bc79883081c0
- ExtUtils::MakeMaker cpan/ExtUtils-MakeMaker/t/vstrings.t 90035a2bdbf45f15b9c3196d072d7cba7e662871
-@@ -165,7 +165,7 @@ bignum cpan/bignum/lib/bigrat.pm 7fccc9df30e43dbbae6e5ea91b26c8046545c9a9
- bignum cpan/bignum/lib/Math/BigFloat/Trace.pm a6b4b995e18f4083252e6dc72e9bef69671893dd
- bignum cpan/bignum/lib/Math/BigInt/Trace.pm d9596963673760cae3eeeb752c1eeeec50bb2290
- libnet cpan/libnet/lib/Net/Cmd.pm a44a10c939a4c35f923c4638054178c32f1d283a
--libnet cpan/libnet/lib/Net/Config.pm 9bd49bf4de0dc438bceee0ef4baf8ba7a6633327
-+libnet cpan/libnet/lib/Net/Config.pm 2873da5efbffed67934dd297ef6f360b3558cb0b
- libnet cpan/libnet/lib/Net/Domain.pm 1bbed50f70fd1ff3e1cdf087b19a9349cddfaced
- libnet cpan/libnet/lib/Net/FTP.pm 40dba553c8d44e1530daec2d07a6e50910401f2e
- libnet cpan/libnet/lib/Net/FTP/A.pm c570b10730b168990034dcf9cb00e305a100f336
-@@ -176,6 +176,6 @@ libnet cpan/libnet/lib/Net/FTP/L.pm ac1599c775faee0474710e4f75051c8949f13df2
- libnet cpan/libnet/lib/Net/Netrc.pm 009cfc08f8a5bf247257acb64a21e1b6ad8b2c9c
- libnet cpan/libnet/lib/Net/NNTP.pm 6325fc05fd9ef81dc8d461a77b2a3f56ad1ae114
- libnet cpan/libnet/lib/Net/POP3.pm 2d8065646df80061dae5a9e3465a36a6557165fd
--libnet cpan/libnet/lib/Net/SMTP.pm f3ed7a177b49ee0ba65ac1c414de797cdbbe6886
-+libnet cpan/libnet/lib/Net/SMTP.pm f1beb42bfbef4333ed24ad63d5dd1aa5c67b20c7
- libnet cpan/libnet/lib/Net/Time.pm b3df8bbaa3bc253fbf77e8386c59a1b2aae13627
- version cpan/version/lib/version.pm ff75e2076be10bd4c05133cd979fda0b38ca8653
--- 
-2.1.4
-
diff --git a/meta/recipes-devtools/perl/perl/run-ptest b/meta/recipes-devtools/perl/perl/run-ptest
index 1e2dd1b66d..dad4d42916 100644
--- a/meta/recipes-devtools/perl/perl/run-ptest
+++ b/meta/recipes-devtools/perl/perl/run-ptest
@@ -1,2 +1,2 @@
 #!/bin/sh
-cd t && ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|'
+cd t && PERL_BUILD_PACKAGING=1 ./TEST | sed -u -e 's|\(.*\) .* ok$|PASS: \1|' -e 's|\(.*\) .* skipped|SKIP: \1|' -e 's|\(.*\) \.\(.*\)|FAIL: \1|'
diff --git a/meta/recipes-devtools/perl/perl_5.24.1.bb b/meta/recipes-devtools/perl/perl_5.24.1.bb
index b55d2223e2..1a9b8d1c3e 100644
--- a/meta/recipes-devtools/perl/perl_5.24.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.24.1.bb
@@ -64,13 +64,16 @@ SRC_URI += " \
         file://perl-PathTools-don-t-filter-out-blib-from-INC.patch \
         file://perl-errno-generation-gcc5.patch \
         file://perl-fix-conflict-between-skip_all-and-END.patch \
-        file://perl-test-customized.patch \
+        file://perl-5.26.1-guard_old_libcrypt_fix.patch \
+        file://CVE-2017-12883.patch \
+        file://CVE-2017-12837.patch \
 "
 
 # Fix test case issues
 SRC_URI_append_class-target = " \
             file://test/dist-threads-t-join.t-adjust-ps-option.patch \
             file://test/ext-DynaLoader-t-DynaLoader.t-fix-calling-dl_findfil.patch \
+            file://0001-Skip-various-tests-if-PERL_BUILD_PACKAGING-is-set.patch \
            "
 
 SRC_URI[md5sum] = "af6a84c7c3e2b8b269c105a5db2f6d53"
diff --git a/meta/recipes-devtools/python/python-3.5-manifest.inc b/meta/recipes-devtools/python/python-3.5-manifest.inc
index 0260e87e75..710b22eaa3 100644
--- a/meta/recipes-devtools/python/python-3.5-manifest.inc
+++ b/meta/recipes-devtools/python/python-3.5-manifest.inc
@@ -194,7 +194,7 @@ FILES_${PN}-readline="${libdir}/python3.5/lib-dynload/readline.*.so ${libdir}/py
 
 SUMMARY_${PN}-reprlib="Python alternate repr() implementation"
 RDEPENDS_${PN}-reprlib="${PN}-core"
-FILES_${PN}-reprlib="${libdir}/python3.5/reprlib.py ${libdir}/python3.5/__pycache__/reprlib.py "
+FILES_${PN}-reprlib="${libdir}/python3.5/reprlib.* ${libdir}/python3.5/__pycache__/reprlib.* "
 
 SUMMARY_${PN}-resource="Python resource control interface"
 RDEPENDS_${PN}-resource="${PN}-core"
diff --git a/meta/recipes-devtools/python/python-native_2.7.13.bb b/meta/recipes-devtools/python/python-native_2.7.14.bb
index 7edf153489..5373ce6690 100644
--- a/meta/recipes-devtools/python/python-native_2.7.13.bb
+++ b/meta/recipes-devtools/python/python-native_2.7.14.bb
@@ -1,7 +1,7 @@
 require python.inc
 
 EXTRANATIVEPATH += "bzip2-native"
-DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native"
+DEPENDS = "openssl-native bzip2-replacement-native zlib-native readline-native sqlite3-native expat-native gdbm-native db-native"
 PR = "${INC_PR}.1"
 
 SRC_URI += "\
@@ -17,6 +17,7 @@ SRC_URI += "\
             file://builddir.patch \
             file://parallel-makeinst-create-bindir.patch \
             file://revert_use_of_sysconfigdata.patch \
+            file://fix-gc-alignment.patch \
            "
 
 S = "${WORKDIR}/Python-${PV}"
@@ -39,6 +40,12 @@ do_configure_append() {
 	autoreconf --verbose --install --force --exclude=autopoint ../Python-${PV}/Modules/_ctypes/libffi
 }
 
+# Regenerate all of the generated files
+# This ensures that pgen and friends get created during the compile phase
+do_compile_prepend() {
+    oe_runmake regen-all
+}
+
 do_install() {
 	oe_runmake 'DESTDIR=${D}' install
 	install -d ${D}${bindir}/${PN}
diff --git a/meta/recipes-devtools/python/python-setuptools_36.2.7.bb b/meta/recipes-devtools/python/python-setuptools_36.2.7.bb
index 526474c7ea..0efacc137a 100644
--- a/meta/recipes-devtools/python/python-setuptools_36.2.7.bb
+++ b/meta/recipes-devtools/python/python-setuptools_36.2.7.bb
@@ -5,9 +5,7 @@ PROVIDES = "python-distribute"
 DEPENDS += "python"
 DEPENDS_class-native += "python-native"
 
-inherit distutils
-
-DISTUTILS_INSTALL_ARGS += "--install-lib=${D}${PYTHON_SITEPACKAGES_DIR}"
+inherit setuptools
 
 RDEPENDS_${PN} = "\
   python-stringold \
diff --git a/meta/recipes-devtools/python/python.inc b/meta/recipes-devtools/python/python.inc
index b40f551ab3..979b601bf1 100644
--- a/meta/recipes-devtools/python/python.inc
+++ b/meta/recipes-devtools/python/python.inc
@@ -5,12 +5,12 @@ SECTION = "devel/python"
 # bump this on every change in contrib/python/generate-manifest-2.7.py
 INC_PR = "r1"
 
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6b60258130e4ed10d3101517eb5b9385"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f741e51de91d4eeea5930b9c3c7fa69d"
 
 SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz"
 
-SRC_URI[md5sum] = "53b43534153bb2a0363f08bae8b9d990"
-SRC_URI[sha256sum] = "35d543986882f78261f97787fd3e06274bfa6df29fac9b4a94f73930ff98f731"
+SRC_URI[md5sum] = "1f6db41ad91d9eb0a6f0c769b8613c5b"
+SRC_URI[sha256sum] = "71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66"
 
 # python recipe is actually python 2.x
 # also, exclude pre-releases for both python 2.x and 3.x
diff --git a/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch b/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch
index 366ce3e400..e795a74b91 100644
--- a/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch
+++ b/meta/recipes-devtools/python/python/01-use-proper-tools-for-cross-build.patch
@@ -9,6 +9,9 @@ Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
 Rebased for python-2.7.9
 Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
 
+Rebased for python-2.7.14
+Signed-off-by: Derek Straka <derek@asterius.io>
+
 Index: Python-2.7.13/Makefile.pre.in
 ===================================================================
 --- Python-2.7.13.orig/Makefile.pre.in
@@ -30,14 +33,14 @@ Index: Python-2.7.13/Makefile.pre.in
  
  # Create build directory and generate the sysconfig build-time data there.
  # pybuilddir.txt contains the name of the build dir and is used for
-@@ -681,7 +682,7 @@ Modules/pwdmodule.o: $(srcdir)/Modules/p
- 
- $(GRAMMAR_H): @GENERATED_COMMENT@ $(GRAMMAR_INPUT) $(PGEN)
+@@ -663,7 +663,7 @@
+ 	# Regenerate Include/graminit.h and Python/graminit.c
+ 	# from Grammar/Grammar using pgen
  	@$(MKDIR_P) Include
--	$(PGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C)
-+	$(HOSTPGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C)
- $(GRAMMAR_C): @GENERATED_COMMENT@ $(GRAMMAR_H)
- 	touch $(GRAMMAR_C)
+-	$(PGEN) $(srcdir)/Grammar/Grammar \
++	$(HOSTPGEN) $(srcdir)/Grammar/Grammar \
+ 		$(srcdir)/Include/graminit.h \
+ 		$(srcdir)/Python/graminit.c
  
 @@ -1121,27 +1122,27 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
  			$(DESTDIR)$(LIBDEST)/distutils/tests ; \
diff --git a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch b/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch
deleted file mode 100644
index 38e53778dc..0000000000
--- a/meta/recipes-devtools/python/python/Don-t-use-getentropy-on-Linux.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
-
-From 905d1b30ac7cb0e31c57cec0533825c8f170b942 Mon Sep 17 00:00:00 2001
-From: Victor Stinner <victor.stinner@gmail.com>
-Date: Mon, 9 Jan 2017 11:10:41 +0100
-Subject: [PATCH] Don't use getentropy() on Linux
-
-Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
-read from /dev/urandom to get random bytes, for example in os.urandom().  On
-Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
-os.urandom() should not block.
-
-(cherry picked from commit 2687486756721e39164fa9f597e468c35d495227)
----
- Python/random.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/Python/random.c b/Python/random.c
-index b4bc1f3..f3f5d14 100644
---- a/Python/random.c
-+++ b/Python/random.c
-@@ -94,8 +94,15 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
- }
- 
- /* Issue #25003: Don't use getentropy() on Solaris (available since
-- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
--#elif defined(HAVE_GETENTROPY) && !defined(sun)
-+   Solaris 11.3), it is blocking whereas os.urandom() should not block.
-+
-+   Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
-+   implements it with the getrandom() syscall which can fail with ENOSYS,
-+   and this error is not supported in py_getentropy() and getrandom() is called
-+   with flags=0 which blocks until system urandom is initialized, which is not
-+   the desired behaviour to seed the Python hash secret nor for os.urandom():
-+   see the PEP 524 which was only implemented in Python 3.6. */
-+#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
- #define PY_GETENTROPY 1
- 
- /* Fill buffer with size pseudo-random bytes generated by getentropy().
diff --git a/meta/recipes-devtools/python/python/fix-gc-alignment.patch b/meta/recipes-devtools/python/python/fix-gc-alignment.patch
new file mode 100644
index 0000000000..b63cd08747
--- /dev/null
+++ b/meta/recipes-devtools/python/python/fix-gc-alignment.patch
@@ -0,0 +1,43 @@
+Upstream-Status: Submitted
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+Fix for over-aligned GC info
+Patch by Florian Weimer
+
+See: https://bugzilla.redhat.com/show_bug.cgi?id=1540316
+Upstream discussion: https://mail.python.org/pipermail/python-dev/2018-January/152000.html
+
+diff --git a/Include/objimpl.h b/Include/objimpl.h
+index 55e83eced6..aa906144dc 100644
+--- a/Include/objimpl.h
++++ b/Include/objimpl.h
+@@ -248,6 +248,18 @@ PyAPI_FUNC(PyVarObject *) _PyObject_GC_Resize(PyVarObject *, Py_ssize_t);
+ /* for source compatibility with 2.2 */
+ #define _PyObject_GC_Del PyObject_GC_Del
+ 
++/* Former over-aligned definition of PyGC_Head, used to compute the
++   size of the padding for the new version below. */
++union _gc_head;
++union _gc_head_old {
++    struct {
++        union _gc_head *gc_next;
++        union _gc_head *gc_prev;
++        Py_ssize_t gc_refs;
++    } gc;
++    long double dummy;
++};
++
+ /* GC information is stored BEFORE the object structure. */
+ typedef union _gc_head {
+     struct {
+@@ -255,7 +267,8 @@ typedef union _gc_head {
+         union _gc_head *gc_prev;
+         Py_ssize_t gc_refs;
+     } gc;
+-    long double dummy;  /* force worst-case alignment */
++    double dummy;  /* force worst-case alignment */
++    char dummy_padding[sizeof(union _gc_head_old)];
+ } PyGC_Head;
+ 
+ extern PyGC_Head *_PyGC_generation0;
+ 
\ No newline at end of file
diff --git a/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch b/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch
index 669112dab0..90dcd57c04 100644
--- a/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch
+++ b/meta/recipes-devtools/python/python/fix-makefile-for-ptest.patch
@@ -15,7 +15,7 @@ diff -ruN a/Makefile.pre.in b/Makefile.pre.in
 +TESTOPTS=	-l -v $(EXTRATESTOPTS)
  TESTPROG=	$(srcdir)/Lib/test/regrtest.py
 -TESTPYTHON=	$(RUNSHARED) ./$(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS)
--test:		all platform
+-test:		@DEF_MAKE_RULE@ platform
 -		-find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f
 +TESTPYTHON=	$(RUNSHARED) $(BUILDPYTHON) -Wd -3 -E -tt $(TESTPYTHONOPTS)
 +test:		build-test
@@ -26,8 +26,8 @@ diff -ruN a/Makefile.pre.in b/Makefile.pre.in
  		-$(TESTPYTHON) $(TESTPROG) $(TESTOPTS)
  		$(TESTPYTHON) $(TESTPROG) $(TESTOPTS)
  
-+build-test:	all platform
++build-test:	@DEF_MAKE_RULE@ platform
 +
- testall:	all platform
+ testall:	@DEF_MAKE_RULE@ platform
  		-find $(srcdir)/Lib -name '*.py[co]' -print | xargs rm -f
  		$(TESTPYTHON) $(srcdir)/Lib/compileall.py
diff --git a/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch b/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch
index 951cb466ff..abab41e957 100644
--- a/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch
+++ b/meta/recipes-devtools/python/python/parallel-makeinst-create-bindir.patch
@@ -8,12 +8,12 @@ Upstream-Status: Pending
 
 --- Python-2.7.3.orig/Makefile.pre.in
 +++ Python-2.7.3/Makefile.pre.in
-@@ -1008,7 +1008,7 @@ LIBPL=		$(LIBP)/config
+@@ -1187,7 +1187,7 @@
  LIBPC=		$(LIBDIR)/pkgconfig
-
- libainstall:	all python-config
+ 
+ libainstall:	@DEF_MAKE_RULE@ python-config
 -	@for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC); \
 +	@for i in $(LIBDIR) $(LIBP) $(LIBPL) $(LIBPC) $(BINDIR); \
-	do \
-		if test ! -d $(DESTDIR)$$i; then \
-			echo "Creating directory $$i"; \
+ 	do \
+ 		if test ! -d $(DESTDIR)$$i; then \
+ 			echo "Creating directory $$i"; \
diff --git a/meta/recipes-devtools/python/python3-native_3.5.3.bb b/meta/recipes-devtools/python/python3-native_3.5.3.bb
index 8cd9c88a82..1da87ca4e4 100644
--- a/meta/recipes-devtools/python/python3-native_3.5.3.bb
+++ b/meta/recipes-devtools/python/python3-native_3.5.3.bb
@@ -45,7 +45,7 @@ inherit native
 require python-native-${PYTHON_MAJMIN}-manifest.inc
 
 # uninative may be used on pre glibc 2.25 systems which don't have getentropy
-EXTRA_OECONF_append = " --bindir=${bindir}/${PN} --without-ensurepip ac_cv_func_getentropy=no"
+EXTRA_OECONF_append = " --bindir=${bindir}/${PN} --without-ensurepip"
 
 EXTRA_OEMAKE = '\
   LIBC="" \
diff --git a/meta/recipes-devtools/python/python3-setuptools_36.2.7.bb b/meta/recipes-devtools/python/python3-setuptools_36.2.7.bb
index 63f241809e..a7bca97402 100644
--- a/meta/recipes-devtools/python/python3-setuptools_36.2.7.bb
+++ b/meta/recipes-devtools/python/python3-setuptools_36.2.7.bb
@@ -4,15 +4,10 @@ DEPENDS += "python3"
 DEPENDS_class-native += "python3-native"
 DEPENDS_class-nativesdk += "nativesdk-python3"
 
-inherit distutils3
+inherit setuptools3
 
-DISTUTILS_INSTALL_ARGS += "--install-lib=${D}${PYTHON_SITEPACKAGES_DIR}"
-
-# The installer puts the wrong path in the setuptools.pth file.  Correct it.
 do_install_append() {
-    rm ${D}${PYTHON_SITEPACKAGES_DIR}/setuptools.pth
     mv ${D}${bindir}/easy_install ${D}${bindir}/easy3_install
-    echo "./${SRCNAME}-${PV}-py${PYTHON_BASEVERSION}.egg" > ${D}${PYTHON_SITEPACKAGES_DIR}/setuptools.pth
 }
 
 RDEPENDS_${PN}_class-native = "\
diff --git a/meta/recipes-devtools/python/python_2.7.13.bb b/meta/recipes-devtools/python/python_2.7.14.bb
index 754c029097..35b6324970 100644
--- a/meta/recipes-devtools/python/python_2.7.13.bb
+++ b/meta/recipes-devtools/python/python_2.7.14.bb
@@ -26,9 +26,9 @@ SRC_URI += "\
   file://parallel-makeinst-create-bindir.patch \
   file://use_sysroot_ncurses_instead_of_host.patch \
   file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \
-  file://Don-t-use-getentropy-on-Linux.patch \
   file://pass-missing-libraries-to-Extension-for-mul.patch \
   file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
+  file://fix-gc-alignment.patch \
 "
 
 S = "${WORKDIR}/Python-${PV}"
diff --git a/meta/recipes-devtools/qemu/qemu/memfd.patch b/meta/recipes-devtools/qemu/qemu/memfd.patch
new file mode 100644
index 0000000000..62e8d3800b
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/memfd.patch
@@ -0,0 +1,57 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 28 Nov 2017 11:51:27 +0100
+Subject: [PATCH] memfd: fix configure test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Recent glibc added memfd_create in sys/mman.h.  This conflicts with
+the definition in util/memfd.c:
+
+    /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration
+
+Fix the configure test, and remove the sys/memfd.h inclusion since the
+file actually does not exist---it is a typo in the memfd_create(2) man
+page.
+
+Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ configure    | 2 +-
+ util/memfd.c | 4 +---
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/configure b/configure
+index 9c8aa5a98b..99ccc1725a 100755
+--- a/configure
++++ b/configure
+@@ -3923,7 +3923,7 @@ fi
+ # check if memfd is supported
+ memfd=no
+ cat > $TMPC << EOF
+-#include <sys/memfd.h>
++#include <sys/mman.h>
+ 
+ int main(void)
+ {
+diff --git a/util/memfd.c b/util/memfd.c
+index 4571d1aba8..412e94a405 100644
+--- a/util/memfd.c
++++ b/util/memfd.c
+@@ -31,9 +31,7 @@
+ 
+ #include "qemu/memfd.h"
+ 
+-#ifdef CONFIG_MEMFD
+-#include <sys/memfd.h>
+-#elif defined CONFIG_LINUX
++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD
+ #include <sys/syscall.h>
+ #include <asm/unistd.h>
+ 
+-- 
+2.11.0
diff --git a/meta/recipes-devtools/qemu/qemu_2.10.0.bb b/meta/recipes-devtools/qemu/qemu_2.10.0.bb
index a9b4939b04..bdf6c21f87 100644
--- a/meta/recipes-devtools/qemu/qemu_2.10.0.bb
+++ b/meta/recipes-devtools/qemu/qemu_2.10.0.bb
@@ -29,6 +29,7 @@ SRC_URI = "http://wiki.qemu-project.org/download/${BP}.tar.bz2 \
            file://CVE-2017-13672.patch \
            file://CVE-2017-14167.patch \
            file://ppc_locking.patch \
+           file://memfd.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+\..*)\.tar"
 
@@ -60,4 +61,3 @@ do_install_ptest() {
 
 	cp ${S}/tests/Makefile.include ${D}${PTEST_PATH}/tests
 }
-
diff --git a/meta/recipes-devtools/rsync/rsync_3.1.2.bb b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
index 103198487b..84a02586be 100644
--- a/meta/recipes-devtools/rsync/rsync_3.1.2.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.1.3.bb
@@ -2,8 +2,8 @@ require rsync.inc
 
 SRC_URI += "file://makefile-no-rebuild.patch"
 
-SRC_URI[md5sum] = "0f758d7e000c0f7f7d3792610fad70cb"
-SRC_URI[sha256sum] = "ecfa62a7fa3c4c18b9eccd8c16eaddee4bd308a76ea50b5c02a5840f09c0a1c2"
+SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"
+SRC_URI[sha256sum] = "55cc554efec5fdaad70de921cd5a5eeb6c29a95524c715f3bbf849235b0800c0"
 
 # GPLv2+ (<< 3.0.0), GPLv3+ (>= 3.0.0)
 LICENSE = "GPLv3+"
diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc
index d71989889e..9a52a6965f 100644
--- a/meta/recipes-devtools/ruby/ruby.inc
+++ b/meta/recipes-devtools/ruby/ruby.inc
@@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "\
     file://LEGAL;md5=daf349ad59dd19bd8c919171bff3c5d6 \
 "
 
-DEPENDS = "ruby-native zlib openssl tcl libyaml db gdbm readline"
+DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline"
 DEPENDS_class-native = "openssl-native libyaml-native"
 
 SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}"
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch
deleted file mode 100644
index 88e693c94e..0000000000
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
-From: Florian Frank <flori@ping.de>
-Date: Thu, 2 Mar 2017 12:12:33 +0100
-Subject: [PATCH] Fix arbitrary heap exposure problem
-
-Upstream-Status: Backport
-CVE: CVE-2017-14064
-
-Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
----
- ext/json/generator/generator.c | 12 ++++++------
- ext/json/generator/generator.h |  1 -
- 2 files changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c
-index ef85bb7..c88818c 100644
---- a/ext/json/generator/generator.c
-+++ b/ext/json/generator/generator.c
-@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {
-   char *result;
-   if (len <= 0) return NULL;
-   result = ALLOC_N(char, len);
--  memccpy(result, ptr, 0, len);
-+  memcpy(result, ptr, len);
-   return result;
- }
- 
-@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
-         }
-     } else {
-         if (state->indent) ruby_xfree(state->indent);
--        state->indent = strdup(RSTRING_PTR(indent));
-+        state->indent = fstrndup(RSTRING_PTR(indent), len);
-         state->indent_len = len;
-     }
-     return Qnil;
-@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
-         }
-     } else {
-         if (state->space) ruby_xfree(state->space);
--        state->space = strdup(RSTRING_PTR(space));
-+        state->space = fstrndup(RSTRING_PTR(space), len);
-         state->space_len = len;
-     }
-     return Qnil;
-@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)
-         }
-     } else {
-         if (state->space_before) ruby_xfree(state->space_before);
--        state->space_before = strdup(RSTRING_PTR(space_before));
-+        state->space_before = fstrndup(RSTRING_PTR(space_before), len);
-         state->space_before_len = len;
-     }
-     return Qnil;
-@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)
-         }
-     } else {
-         if (state->object_nl) ruby_xfree(state->object_nl);
--        state->object_nl = strdup(RSTRING_PTR(object_nl));
-+        state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
-         state->object_nl_len = len;
-     }
-     return Qnil;
-@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)
-         }
-     } else {
-         if (state->array_nl) ruby_xfree(state->array_nl);
--        state->array_nl = strdup(RSTRING_PTR(array_nl));
-+        state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
-         state->array_nl_len = len;
-     }
-     return Qnil;
-diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h
-index 900b4d5..c367a62 100644
---- a/ext/json/generator/generator.h
-+++ b/ext/json/generator/generator.h
-@@ -1,7 +1,6 @@
- #ifndef _GENERATOR_H_
- #define _GENERATOR_H_
- 
--#include <string.h>
- #include <math.h>
- #include <ctype.h>
- 
--- 
-2.10.2
-
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.4.bb
index 7d27ac84ec..61fcedbf82 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.4.bb
@@ -6,11 +6,10 @@ SRC_URI += " \
            file://ruby-CVE-2017-9227.patch \
            file://ruby-CVE-2017-9228.patch \
            file://ruby-CVE-2017-9229.patch \
-           file://ruby-CVE-2017-14064.patch \
            "
 
-SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677"
-SRC_URI[sha256sum] = "a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250"
+SRC_URI[md5sum] = "d50e00ccc1c9cf450f837b92d3ed3e88"
+SRC_URI[sha256sum] = "254f1c1a79e4cc814d1e7320bc5bdd995dc57e08727d30a767664619a9c8ae5a"
 
 # it's unknown to configure script, but then passed to extconf.rb
 # maybe it's not really needed as we're hardcoding the result with
@@ -21,7 +20,7 @@ PACKAGECONFIG ??= ""
 PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
 
 PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind"
-PACKAGECONFIG[gpm] = "--with-gmp=yes, --with-gmp=no, gmp"
+PACKAGECONFIG[gmp] = "--with-gmp=yes, --with-gmp=no, gmp"
 PACKAGECONFIG[ipv6] = ",--enable-wide-getaddrinfo,"
 
 EXTRA_AUTORECONF += "--exclude=aclocal"
diff --git a/meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch b/meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch
new file mode 100644
index 0000000000..6eee6748f9
--- /dev/null
+++ b/meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch
@@ -0,0 +1,37 @@
+From c7a2a65d6c2a433312540c207860740d6e4e7629 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 11 Mar 2018 17:32:54 -0700
+Subject: [PATCH] daemon.c: Libtirpc porting fixes
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+Upstream-Status: Pending
+
+ daemon.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/daemon.c b/daemon.c
+index 22f30f6..028a181 100644
+--- a/daemon.c
++++ b/daemon.c
+@@ -117,7 +117,7 @@ void logmsg(int prio, const char *fmt, ...)
+  */
+ struct in_addr get_remote(struct svc_req *rqstp)
+ {
+-    return (svc_getcaller(rqstp->rq_xprt))->sin_addr;
++    return ((struct sockaddr_in*)svc_getcaller(rqstp->rq_xprt))->sin_addr;
+ }
+ 
+ /*
+@@ -125,7 +125,7 @@ struct in_addr get_remote(struct svc_req *rqstp)
+  */
+ short get_port(struct svc_req *rqstp)
+ {
+-    return (svc_getcaller(rqstp->rq_xprt))->sin_port;
++    return ((struct sockaddr_in*)svc_getcaller(rqstp->rq_xprt))->sin_port;
+ }
+ 
+ /*
+-- 
+2.16.2
+
diff --git a/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb b/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
index cebc8660d0..8127e4a10b 100644
--- a/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
+++ b/meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb
@@ -9,9 +9,11 @@ RECIPE_UPSTREAM_DATE = "Oct 08, 2015"
 CHECK_DATE = "Dec 10, 2015"
 
 DEPENDS = "flex-native bison-native flex"
-DEPENDS_append_libc-musl = " libtirpc"
+DEPENDS += "libtirpc"
 DEPENDS_append_class-nativesdk = " flex-nativesdk"
 
+ASNEEDED = ""
+
 MOD_PV = "497"
 S = "${WORKDIR}/trunk"
 # Only subversion url left in OE-Core, use a mirror tarball instead since
@@ -26,7 +28,8 @@ SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/unfs3-0.9.22.r497.ta
            file://rename_fh_cache.patch \
            file://relative_max_socket_path_len.patch \
            file://tcp_no_delay.patch \
-          "
+           file://0001-daemon.c-Libtirpc-porting-fixes.patch \
+           "
 SRC_URI[md5sum] = "2e43e471c77ade0331901c40b8f8e9a3"
 SRC_URI[sha256sum] = "21009468a9ba07b72ea93780d025a63ab4e55bf8fc3127803c296f0900fe1bac"
 
@@ -34,7 +37,8 @@ BBCLASSEXTEND = "native nativesdk"
 
 inherit autotools
 EXTRA_OECONF_append_class-native = " --sbindir=${bindir}"
-CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc"
+CFLAGS_append = " -I${STAGING_INCDIR}/tirpc"
+LDFLAGS_append = " -ltirpc"
 
 # Turn off these header detects else the inode search
 # will walk entire file systems and this is a real problem
diff --git a/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch b/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch
new file mode 100644
index 0000000000..39b624d9f6
--- /dev/null
+++ b/meta/recipes-devtools/valgrind/valgrind/0001-fix-opcode-not-supported-on-mips32-linux.patch
@@ -0,0 +1,82 @@
+From fb5362f205b37c5060fcd764a7ed393abe4f2f3d Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Fri, 27 Jul 2018 17:39:37 +0800
+Subject: [PATCH 1/2] fix opcode not supported on mips32-linux
+
+While build tests(`make check') on mips32-linux, there are
+serial failures such as:
+[snip]
+| mips-wrsmllib32-linux-gcc  -meb -mabi=32 -mhard-float -c
+-o atomic_incs-atomic_incs.o `test -f 'atomic_incs.c' || echo
+'../../../valgrind-3.13.0/memcheck/tests/'`atomic_incs.c
+| /tmp/ccqrmINN.s: Assembler messages:
+| /tmp/ccqrmINN.s:247: Error: opcode not supported on this
+processor: mips1 (mips1) `ll $t3,0($t1)'
+| /tmp/ccqrmINN.s:249: Error: opcode not supported on this
+processor: mips1 (mips1) `sc $t3,0($t1)'
+[snip]
+
+Since the following commit applied, it defines CLFAGS for mips32,
+but missed to pass them to tests which caused the above failure
+...
+3e344c57f Merge in a port for mips32-linux
+...
+
+Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396905]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ helgrind/tests/Makefile.am    | 5 +++++
+ memcheck/tests/Makefile.am    | 5 +++++
+ none/tests/mips32/Makefile.am | 4 ++++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/helgrind/tests/Makefile.am b/helgrind/tests/Makefile.am
+index ad1af191a..6209d35a7 100644
+--- a/helgrind/tests/Makefile.am
++++ b/helgrind/tests/Makefile.am
+@@ -214,6 +214,11 @@ check_PROGRAMS += annotate_rwlock
+ endif
+ 
+ AM_CFLAGS   += $(AM_FLAG_M3264_PRI)
++
++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX
++AM_CFLAGS   += $(AM_CFLAGS_MIPS32_LINUX)
++endif
++
+ AM_CXXFLAGS += $(AM_FLAG_M3264_PRI)
+ 
+ LDADD = -lpthread
+diff --git a/memcheck/tests/Makefile.am b/memcheck/tests/Makefile.am
+index 84e49405f..aff861a32 100644
+--- a/memcheck/tests/Makefile.am
++++ b/memcheck/tests/Makefile.am
+@@ -443,6 +443,11 @@ check_PROGRAMS += reach_thread_register
+ endif
+ 
+ AM_CFLAGS   += $(AM_FLAG_M3264_PRI)
++
++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX
++AM_CFLAGS   += $(AM_CFLAGS_MIPS32_LINUX)
++endif
++
+ AM_CXXFLAGS += $(AM_FLAG_M3264_PRI)
+ 
+ if VGCONF_PLATFORMS_INCLUDE_ARM_LINUX
+diff --git a/none/tests/mips32/Makefile.am b/none/tests/mips32/Makefile.am
+index d11591d45..602cd26f6 100644
+--- a/none/tests/mips32/Makefile.am
++++ b/none/tests/mips32/Makefile.am
+@@ -99,6 +99,10 @@ check_PROGRAMS = \
+ 	round_fpu64 \
+ 	fpu_branches
+ 
++if VGCONF_PLATFORMS_INCLUDE_MIPS32_LINUX
++AM_CFLAGS   += $(AM_CFLAGS_MIPS32_LINUX)
++endif
++
+ AM_CFLAGS    += @FLAG_M32@
+ AM_CXXFLAGS  += @FLAG_M32@
+ AM_CCASFLAGS += @FLAG_M32@
+-- 
+2.17.1
+
diff --git a/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch b/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch
new file mode 100644
index 0000000000..6df295f8a2
--- /dev/null
+++ b/meta/recipes-devtools/valgrind/valgrind/0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch
@@ -0,0 +1,47 @@
+From 63ce36396348e7c4c021cffa652d2e3d20f7963a Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Fri, 27 Jul 2018 17:51:54 +0800
+Subject: [PATCH 2/2] fix broken inline asm in tests on mips32-linux
+
+While build tests(`make check') with gcc 8.1.0 on mips32-linux,
+there is a failure
+[snip]
+|mips-wrsmllib32-linux-gcc  -meb -mabi=32 -mhard-float -march=mips32
+-c -o tc08_hbl2-tc08_hbl2.o `test -f 'tc08_hbl2.c' || echo '../../../
+valgrind-3.13.0/helgrind/tests/'`tc08_hbl2.c
+|/tmp/cc37aJxQ.s: Assembler messages:
+|/tmp/cc37aJxQ.s:275: Error: symbol `L1xyzzy1main' is already defined
+|Makefile:1323: recipe for target 'tc08_hbl2-tc08_hbl2.o' failed
+[snip]
+
+Remove the duplicated L1xyzzy1main, and use local symbol to replace.
+http://tigcc.ticalc.org/doc/gnuasm.html#SEC46
+
+Upstream-Status: Submitted [https://bugs.kde.org/show_bug.cgi?id=396906]
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ helgrind/tests/tc08_hbl2.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/helgrind/tests/tc08_hbl2.c b/helgrind/tests/tc08_hbl2.c
+index 2a757a008..f660d82dd 100644
+--- a/helgrind/tests/tc08_hbl2.c
++++ b/helgrind/tests/tc08_hbl2.c
+@@ -121,12 +121,12 @@
+ #elif defined(PLAT_mips32_linux) || defined(PLAT_mips64_linux)
+ #  define INC(_lval,_lqual)                         \
+      __asm__ __volatile__ (                         \
+-      "L1xyzzy1" _lqual":\n"                        \
++      "1:\n"                                        \
+       "        move  $t0, %0\n"                     \
+       "        ll    $t1, 0($t0)\n"                 \
+       "        addiu $t1, $t1, 1\n"                 \
+       "        sc    $t1, 0($t0)\n"                 \
+-      "        beqz  $t1, L1xyzzy1" _lqual          \
++      "        beqz  $t1, 1b\n"                     \
+       : /*out*/ : /*in*/ "r"(&(_lval))              \
+       : /*trash*/ "t0", "t1", "memory"              \
+         )
+-- 
+2.17.1
+
diff --git a/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch b/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch
deleted file mode 100644
index e9112da0cb..0000000000
--- a/meta/recipes-devtools/valgrind/valgrind/0002-remove-rpath.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From f96cf1f4eaa72860ab8b5e18ad10fdc704d78c5f Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex.kanavin@gmail.com>
-Date: Tue, 15 Dec 2015 15:01:34 +0200
-Subject: [PATCH 2/5] remove rpath
-
-Upstream-Status: Inappropriate [embedded config]
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
----
- none/tests/Makefile.am | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/none/tests/Makefile.am b/none/tests/Makefile.am
-index 54f2a7e..25b0f49 100644
---- a/none/tests/Makefile.am
-+++ b/none/tests/Makefile.am
-@@ -326,7 +326,6 @@ threadederrno_CFLAGS	+= --std=c99
- endif
- tls_SOURCES		= tls.c tls2.c
- tls_DEPENDENCIES	= tls.so tls2.so
--tls_LDFLAGS		= -Wl,-rpath,$(abs_top_builddir)/none/tests
- tls_LDADD		= tls.so tls2.so -lpthread
- tls_so_SOURCES		= tls_so.c
- tls_so_DEPENDENCIES	= tls2.so
-@@ -334,7 +333,7 @@ if VGCONF_OS_IS_DARWIN
-  tls_so_LDFLAGS		= -dynamic -dynamiclib -all_load -fpic
-  tls_so_LDADD		= `pwd`/tls2.so
- else
-- tls_so_LDFLAGS		= -Wl,-rpath,$(abs_top_builddir)/none/tests -shared -fPIC
-+ tls_so_LDFLAGS		= -shared -fPIC
-  tls_so_LDADD		= tls2.so
- endif
- tls_so_CFLAGS		= $(AM_CFLAGS) -fPIC
--- 
-2.6.2
-
diff --git a/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch b/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch
new file mode 100644
index 0000000000..89a95b82fe
--- /dev/null
+++ b/meta/recipes-devtools/valgrind/valgrind/mask-CPUID-support-in-HWCAP-on-aarch64.patch
@@ -0,0 +1,36 @@
+Fix runtime Valgrind failure
+
+This patch is derived from
+https://bugzilla.redhat.com/show_bug.cgi?id=1464211
+
+At runtime it will fails like this:
+
+ARM64 front end: branch_etc
+disInstr(arm64): unhandled instruction 0xD5380001
+disInstr(arm64): 1101'0101 0011'1000 0000'0000 0000'0001 ==2082==
+valgrind: Unrecognised instruction at address 0x4014e64.
+
+This patch is a workaround by masking all HWCAP
+
+Upstream-Status: Pending
+
+Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com>
+
+Index: valgrind-3.13.0/coregrind/m_initimg/initimg-linux.c
+===================================================================
+
+--- valgrind-3.13.0.orig/coregrind/m_initimg/initimg-linux.c   2018-03-04 22:22:17.698572675 -0800
++++ valgrind-3.13.0/coregrind/m_initimg/initimg-linux.c        2018-03-04 22:23:25.727815624 -0800
+@@ -703,6 +703,12 @@
+                   (and anything above) are not supported by Valgrind. */
+                auxv->u.a_val &= VKI_HWCAP_S390_TE - 1;
+             }
++#           elif defined(VGP_arm64_linux)
++            {
++               /* Linux 4.11 started populating this for arm64, but we
++                  currently don't support any. */
++               auxv->u.a_val = 0;
++            }
+ #           endif
+             break;
+ #        if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
diff --git a/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch b/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch
index 51259db001..4b531b42ea 100644
--- a/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch
+++ b/meta/recipes-devtools/valgrind/valgrind/ppc-headers.patch
@@ -12,6 +12,11 @@ The #ifdef HAS_VSX guard is wrongly placed. It makes the standard
 include headers not be used. Causing a build failure. Fix by moving
 the #ifdef HAS_VSX after the standard includes.
 
+[v2 changes]
+- Add #ifdef HAS_VSX guard correctly for ppc64 test_isa_2_06_partx.c 
+  test cases. The changes are similar to what was done for ppc32.
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
 Index: none/tests/ppc32/test_isa_2_06_part3.c
 ===================================================================
 --- a/none/tests/ppc32/test_isa_2_06_part3.c	(revision 16449)
@@ -85,3 +90,76 @@ Index: none/tests/ppc32/test_isa_2_06_part2.c
  #ifndef __powerpc64__
  typedef uint32_t HWord_t;
  #else
+Index: none/tests/ppc64/test_isa_2_06_part3.c
+===================================================================
+--- a/none/tests/ppc64/test_isa_2_06_part3.c	(revision 16449)
++++ b/none/tests/ppc64/test_isa_2_06_part3.c	(revision 16450)
+@@ -20,17 +20,18 @@
+  The GNU General Public License is contained in the file COPYING.
+  */
+ 
+-#ifdef HAS_VSX
+-
+ #include <stdio.h>
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <malloc.h>
+-#include <altivec.h>
+ #include <math.h>
+ #include <unistd.h>    // getopt
+ 
++#ifdef HAS_VSX
++
++#include <altivec.h>
++
+ #ifndef __powerpc64__
+ typedef uint32_t HWord_t;
+ #else
+Index: none/tests/ppc64/test_isa_2_06_part1.c
+===================================================================
+--- a/none/tests/ppc64/test_isa_2_06_part1.c	(revision 16449)
++++ b/none/tests/ppc64/test_isa_2_06_part1.c	(revision 16450)
+@@ -20,13 +20,14 @@
+  The GNU General Public License is contained in the file COPYING.
+  */
+ 
+-#ifdef HAS_VSX
+-
+ #include <stdio.h>
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <malloc.h>
++
++#ifdef HAS_VSX
++
+ #include <altivec.h>
+ 
+ #ifndef __powerpc64__
+Index: none/tests/ppc64/test_isa_2_06_part2.c
+===================================================================
+--- a/none/tests/ppc64/test_isa_2_06_part2.c	(revision 16449)
++++ b/none/tests/ppc64/test_isa_2_06_part2.c	(revision 16450)
+@@ -20,17 +20,18 @@
+  The GNU General Public License is contained in the file COPYING.
+  */
+ 
+-#ifdef HAS_VSX
+-
+ #include <stdio.h>
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <malloc.h>
+-#include <altivec.h>
+ #include <math.h>
+ #include <unistd.h>    // getopt
+ 
++#ifdef HAS_VSX
++
++#include <altivec.h>
++
+ #ifndef __powerpc64__
+ typedef uint32_t HWord_t;
+ #else
diff --git a/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb b/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb
index 25b412662a..39ec6f5cc8 100644
--- a/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb
+++ b/meta/recipes-devtools/valgrind/valgrind_3.13.0.bb
@@ -16,7 +16,6 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \
            file://fixed-perl-path.patch \
            file://Added-support-for-PPC-instructions-mfatbu-mfatbl.patch \
            file://run-ptest \
-           file://0002-remove-rpath.patch \
            file://0004-Fix-out-of-tree-builds.patch \
            file://0005-Modify-vg_test-wrapper-to-support-PTEST-formats.patch \
            file://0001-Remove-tests-that-fail-to-build-on-some-PPC32-config.patch \
@@ -37,6 +36,9 @@ SRC_URI = "ftp://sourceware.org/pub/valgrind/valgrind-${PV}.tar.bz2 \
            file://0003-tests-seg_override-Replace-__modify_ldt-with-syscall.patch \
            file://link-gz-tests.patch \
            file://ppc-headers.patch \
+           file://mask-CPUID-support-in-HWCAP-on-aarch64.patch \
+           file://0001-fix-opcode-not-supported-on-mips32-linux.patch \
+           file://0002-fix-broken-inline-asm-in-tests-on-mips32-linux.patch \
            "
 SRC_URI[md5sum] = "817dd08f1e8a66336b9ff206400a5369"
 SRC_URI[sha256sum] = "d76680ef03f00cd5e970bbdcd4e57fb1f6df7d2e2c071635ef2be74790190c3b"
@@ -54,10 +56,9 @@ COMPATIBLE_HOST_linux-gnux32 = 'null'
 COMPATIBLE_HOST_linux-muslx32 = 'null'
 
 # Disable for some MIPS variants
-COMPATIBLE_HOST_mipsarchn32 = 'null'
 COMPATIBLE_HOST_mipsarchr6 = 'null'
 
-inherit autotools ptest
+inherit autotools ptest multilib_header
 
 EXTRA_OECONF = "--enable-tls --without-mpicc"
 EXTRA_OECONF += "${@['--enable-only32bit','--enable-only64bit'][d.getVar('SITEINFO_BITS') != '32']}"
@@ -86,10 +87,13 @@ def get_mcpu(d):
 
 do_configure_prepend () {
     rm -rf ${S}/config.h
+    sed -i -e 's:$(abs_top_builddir):$(pkglibdir)/ptest:g' ${S}/none/tests/Makefile.am
+    sed -i -e 's:$(top_builddir):$(pkglibdir)/ptest:g' ${S}/memcheck/tests/Makefile.am
 }
 
 do_install_append () {
     install -m 644 ${B}/default.supp ${D}/${libdir}/valgrind/
+    oe_multilib_header valgrind/config.h
 }
 
 TUNE = "${@strip_mcpu(d)}"
diff --git a/meta/recipes-extended/acpica/acpica_20170303.bb b/meta/recipes-extended/acpica/acpica_20170303.bb
index e712ca008d..868505b7d8 100644
--- a/meta/recipes-extended/acpica/acpica_20170303.bb
+++ b/meta/recipes-extended/acpica/acpica_20170303.bb
@@ -20,6 +20,7 @@ SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix2-${PV}.tar.gz \
     file://no-werror.patch \
     file://rename-yy_scan_string-manually.patch \
     file://manipulate-fds-instead-of-FILE.patch;striplevel=2 \
+    file://0001-Linux-add-support-for-X32-ABI-compilation.patch \
     "
 SRC_URI[md5sum] = "48ef4314fb4ffdd0c96f14dcf20544e1"
 SRC_URI[sha256sum] = "b2d81e84107ac9a02be86ea43cbea7afa8fd4b4150270bc88c2d4c9fea0b8aad"
diff --git a/meta/recipes-extended/acpica/files/0001-Linux-add-support-for-X32-ABI-compilation.patch b/meta/recipes-extended/acpica/files/0001-Linux-add-support-for-X32-ABI-compilation.patch
new file mode 100644
index 0000000000..df74200068
--- /dev/null
+++ b/meta/recipes-extended/acpica/files/0001-Linux-add-support-for-X32-ABI-compilation.patch
@@ -0,0 +1,31 @@
+From d22241efc0708c9799f17a20eabb52a48d6d6ea1 Mon Sep 17 00:00:00 2001
+From: Anuj Mittal <anuj.mittal@intel.com>
+Date: Tue, 2 Jan 2018 12:35:32 +0800
+Subject: [PATCH] Linux: add support for X32 ABI compilation
+
+X32 follows ILP32 model. Check for ILP32 as well when checking for
+x86_64 to ensure the defines are correct for X32 ABI.
+
+Upstream-Status: Submitted [https://github.com/acpica/acpica/pull/348]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ source/include/platform/aclinux.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source/include/platform/aclinux.h b/source/include/platform/aclinux.h
+index 75b1d82..6b8ff73 100644
+--- a/source/include/platform/aclinux.h
++++ b/source/include/platform/aclinux.h
+@@ -315,7 +315,7 @@
+ #define ACPI_FLUSH_CPU_CACHE()
+ #define ACPI_CAST_PTHREAD_T(Pthread) ((ACPI_THREAD_ID) (Pthread))
+ 
+-#if defined(__ia64__)    || defined(__x86_64__) ||\
++#if defined(__ia64__)    || (defined(__x86_64__) && !defined(__ILP32__)) ||\
+     defined(__aarch64__) || defined(__PPC64__) ||\
+     defined(__s390x__)
+ #define ACPI_MACHINE_WIDTH          64
+-- 
+2.7.4
+
diff --git a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
index de668d6d2b..acbf80a685 100644
--- a/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
+++ b/meta/recipes-extended/bzip2/bzip2_1.0.6.bb
@@ -2,13 +2,13 @@ SUMMARY = "Very high-quality data compression program"
 DESCRIPTION = "bzip2 compresses files using the Burrows-Wheeler block-sorting text compression algorithm, and \
 Huffman coding. Compression is generally considerably better than that achieved by more conventional \
 LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors."
-HOMEPAGE = "http://www.bzip.org/"
+HOMEPAGE = "https://sourceware.org/bzip2/"
 SECTION = "console/utils"
 LICENSE = "bzip2"
 LIC_FILES_CHKSUM = "file://LICENSE;beginline=8;endline=37;md5=40d9d1eb05736d1bfc86cfdd9106e6b2"
 PR = "r5"
 
-SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \
+SRC_URI = "http://downloads.yoctoproject.org/mirror/sources/${BP}.tar.gz \
            file://fix-bunzip2-qt-returns-0-for-corrupt-archives.patch \
            file://configure.ac;subdir=${BP} \
            file://Makefile.am;subdir=${BP} \
@@ -19,7 +19,7 @@ SRC_URI = "http://www.bzip.org/${PV}/${BP}.tar.gz \
 SRC_URI[md5sum] = "00b516f4704d4a7cb50a1d97e6e8e15b"
 SRC_URI[sha256sum] = "a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd"
 
-UPSTREAM_CHECK_URI = "http://www.bzip.org/downloads.html"
+UPSTREAM_CHECK_URI = "https://www.sourceware.org/bzip2/"
 
 PACKAGES =+ "libbz2"
 
diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.2.bb b/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
index 5eded35c64..5daca2731e 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.3.2.bb
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed99aca006bc346974bb745a35336425"
 
 DEPENDS = "e2fsprogs-native"
 
-PACKAGECONFIG ?= "zlib bz2"
+PACKAGECONFIG ?= "zlib bz2 xz lzo"
 
 PACKAGECONFIG_append_class-target = "\
 	libxml2 \
diff --git a/meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch b/meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
index 1fe9833afe..7e3e2f86ad 100644
--- a/meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
+++ b/meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
@@ -1,17 +1,15 @@
-From b80d3b573c1dade2b29b22f8acc3b9e2c7ddefd7 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 20 May 2017 13:36:43 -0700
-Subject: [PATCH] include stdint.h for uintptr_t
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
 
-Fixes
-| ../../libtirpc-1.0.1/src/xdr_sizeof.c:93:13: error: 'uintptr_t' undeclared (first use in this function); did you mean '__intptr_t'?
-|   if (len < (uintptr_t)xdrs->x_base) {
-|              ^~~~~~~~~
+From acb9a37977cf0a9630eac74af9adebf35e38e719 Mon Sep 17 00:00:00 2001
+From: Thorsten Kukuk <kukuk@thkukuk.de>
+Date: Tue, 14 Nov 2017 10:39:08 -0500
+Subject: [PATCH] Include stdint.h from xdr_sizeof.c to avoid missing
+ declaration errors.
 
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Thorsten Kukuk <kukuk@suse.de>
+Signed-off-by: Steve Dickson <steved@redhat.com>
 ---
-Upstream-Status: Pending
-
  src/xdr_sizeof.c | 1 +
  1 file changed, 1 insertion(+)
 
@@ -28,5 +26,4 @@ index d23fbd1..79d6707 100644
  
  /* ARGSUSED */
 -- 
-2.13.0
-
+1.8.3.1
diff --git a/meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch b/meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
index d2b4da6ae2..7ae19cb319 100644
--- a/meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
+++ b/meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
@@ -1,17 +1,39 @@
-From 20badc3e3608953fb5b36bb2e16fa51bd731aebc Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 18 Apr 2017 09:35:35 -0700
-Subject: [PATCH] replace __bzero() with memset() API
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
 
-memset is available across all libc implementation
+From 5356b63005e9d8169e0399cb76f26fbd29a78dee Mon Sep 17 00:00:00 2001
+From: Joshua Kinard <kumba@gentoo.org>
+Date: Wed, 23 Aug 2017 14:31:36 -0400
+Subject: [PATCH] Replace bzero() calls with equivalent memset() calls
 
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
+As annotated in the bzero(3) man page, bzero() was marked as LEGACY in
+POSIX.1-2001 and removed in POSIX.1-2008, and should be replaced with
+memset() calls to write zeros to a memory region.  The attached patch
+replaces two bzero() calls and one __bzero() call in libtirpc with
+equivalent memset() calls.  The latter replacement fixes a compile error
+under uclibc-ng, which lacks a definition for __bzero()
 
- src/des_impl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+Signed-off-by: Joshua Kinard <kumba@gentoo.org>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/auth_time.c    | 2 +-
+ src/des_impl.c     | 2 +-
+ src/svc_auth_des.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
 
+diff --git a/src/auth_time.c b/src/auth_time.c
+index 7f83ab4..69400bc 100644
+--- a/src/auth_time.c
++++ b/src/auth_time.c
+@@ -317,7 +317,7 @@ __rpc_get_time_offset(td, srv, thost, uaddr, netid)
+ 	sprintf(ipuaddr, "%d.%d.%d.%d.0.111", a1, a2, a3, a4);
+ 	useua = &ipuaddr[0];
+ 
+-	bzero((char *)&sin, sizeof(sin));
++	memset(&sin, 0, sizeof(sin));
+ 	if (uaddr_to_sockaddr(useua, &sin)) {
+ 		msg("unable to translate uaddr to sockaddr.");
+ 		if (needfree)
 diff --git a/src/des_impl.c b/src/des_impl.c
 index 9dbccaf..15bec2a 100644
 --- a/src/des_impl.c
@@ -25,6 +47,18 @@ index 9dbccaf..15bec2a 100644
  
    return (1);
  }
+diff --git a/src/svc_auth_des.c b/src/svc_auth_des.c
+index 2e90146..19a7c60 100644
+--- a/src/svc_auth_des.c
++++ b/src/svc_auth_des.c
+@@ -356,7 +356,7 @@ cache_init()
+ 
+ 	authdes_cache = (struct cache_entry *)
+ 		mem_alloc(sizeof(struct cache_entry) * AUTHDES_CACHESZ);	
+-	bzero((char *)authdes_cache, 
++	memset(authdes_cache, 0,
+ 		sizeof(struct cache_entry) * AUTHDES_CACHESZ);
+ 
+ 	authdes_lru = (short *)mem_alloc(sizeof(short) * AUTHDES_CACHESZ);
 -- 
-2.12.2
-
+1.8.3.1
diff --git a/meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch b/meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
index a276ba27a5..d7f4968669 100644
--- a/meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
+++ b/meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
@@ -1,18 +1,23 @@
-Add key_secretkey_is_set to exported symbols map
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@intel.com>
 
-key_secret_is_set is a typo in libtirpc map
-Patch taken from
+From e51d67549b516b2dac6c71d92c8499f6e67125ad Mon Sep 17 00:00:00 2001
+From: Thorsten Kukuk <kukuk@thkukuk.de>
+Date: Tue, 14 Nov 2017 10:43:53 -0500
+Subject: [PATCH] Fix typo in src/libtirpc.map
 
-https://sourceforge.net/p/libtirpc/discussion/637321/thread/fd73d431/
+Which prevents that key_secretkey_is_set will be exported.
 
-Upstream-Status: Pending
+Signed-off-by: Thorsten Kukuk <kukuk@suse.de>
+Signed-off-by: Steve Dickson <steved@redhat.com>
+---
+ src/libtirpc.map | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: libtirpc-1.0.1/src/libtirpc.map
-===================================================================
---- libtirpc-1.0.1.orig/src/libtirpc.map
-+++ libtirpc-1.0.1/src/libtirpc.map
+diff --git a/src/libtirpc.map b/src/libtirpc.map
+index f385de5..21d6065 100644
+--- a/src/libtirpc.map
++++ b/src/libtirpc.map
 @@ -298,7 +298,7 @@ TIRPC_0.3.2 {
      key_gendes;
      key_get_conv;
@@ -22,3 +27,5 @@ Index: libtirpc-1.0.1/src/libtirpc.map
      key_setnet;
      netname2host;
      netname2user;
+-- 
+1.8.3.1
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
index f9718c576b..99212600e0 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.0.2.bb
@@ -9,8 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f835cce8852481e4b2bbbdd23b5e47f3 \
 
 PROVIDES = "virtual/librpc"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2;name=libtirpc \
-           ${GENTOO_MIRROR}/${BPN}-glibc-nfs.tar.xz;name=glibc-nfs \
+SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BP}.tar.bz2 \
            file://export_key_secretkey_is_set.patch \
            file://0001-replace-__bzero-with-memset-API.patch \
            file://0001-include-stdint.h-for-uintptr_t.patch \
@@ -20,19 +19,15 @@ SRC_URI_append_libc-musl = " \
                              file://Use-netbsd-queue.h.patch \
                            "
 
-SRC_URI[libtirpc.md5sum] = "d5a37f1dccec484f9cabe2b97e54e9a6"
-SRC_URI[libtirpc.sha256sum] = "723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5"
-SRC_URI[glibc-nfs.md5sum] = "5ae500b9d0b6b72cb875bc04944b9445"
-SRC_URI[glibc-nfs.sha256sum] = "2677cfedf626f3f5a8f6e507aed5bb8f79a7453b589d684dbbc086e755170d83"
+SRC_URI[md5sum] = "d5a37f1dccec484f9cabe2b97e54e9a6"
+SRC_URI[sha256sum] = "723c5ce92706cbb601a8db09110df1b4b69391643158f20ff587e20e7c5f90f5"
 
 inherit autotools pkgconfig
 
 EXTRA_OECONF = "--disable-gssapi"
 
-do_configure_prepend () {
-        cp -r ${WORKDIR}/tirpc ${S}
-}
-
 do_install_append() {
         chown root:root ${D}${sysconfdir}/netconfig
 }
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-extended/lsb/lsbinitscripts_9.72.bb b/meta/recipes-extended/lsb/lsbinitscripts_9.72.bb
index f1b53feef3..2d74a6f9d3 100644
--- a/meta/recipes-extended/lsb/lsbinitscripts_9.72.bb
+++ b/meta/recipes-extended/lsb/lsbinitscripts_9.72.bb
@@ -4,7 +4,9 @@ SECTION = "base"
 LICENSE = "GPLv2"
 DEPENDS = "popt glib-2.0"
 
+RPROVIDES_${PN} += "initd-functions"
 RDEPENDS_${PN} += "util-linux"
+RCONFLICTS_${PN} = "initscripts-functions"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=ebf4e8b49780ab187d51bd26aaa022c6"
 
@@ -17,12 +19,6 @@ SRC_URI = "http://pkgs.fedoraproject.org/repo/pkgs/initscripts/initscripts-${PV}
 SRC_URI[md5sum] = "d6c798f40dceb117e12126d94cb25a9a"
 SRC_URI[sha256sum] = "1793677bdd1f7ee4cb00878ce43346196374f848a4c8e4559e086040fc7487db"
 
-inherit update-alternatives
-
-ALTERNATIVE_PRIORITY = "100"
-ALTERNATIVE_${PN} = "functions"
-ALTERNATIVE_LINK_NAME[functions] = "${sysconfdir}/init.d/functions"
-
 # Since we are only taking the patched version of functions, no need to
 # configure or compile anything so do not execute these
 do_configure[noexec] = "1" 
diff --git a/meta/recipes-extended/lsb/lsbtest/packages_list b/meta/recipes-extended/lsb/lsbtest/packages_list
index 959f931504..1a6c11699a 100644
--- a/meta/recipes-extended/lsb/lsbtest/packages_list
+++ b/meta/recipes-extended/lsb/lsbtest/packages_list
@@ -1,7 +1,7 @@
 LSB_RELEASE="released-5.0"
 LSB_ARCH="lsbarch"
 
-BASE_PACKAGES_LIST="lsb-setup-4.1.0-1.noarch.rpm"
+BASE_PACKAGES_LIST="lsb-setup-5.0.0-2.noarch.rpm"
 
 RUNTIME_BASE_PACKAGES_LIST="lsb-dist-checker-5.0.0.1-1.targetarch.rpm \
 	lsb-tet3-lite-3.7-27.lsb5.targetarch.rpm \
diff --git a/meta/recipes-extended/lsof/lsof_4.89.bb b/meta/recipes-extended/lsof/lsof_4.89.bb
index 14546db23c..b58b8281f9 100644
--- a/meta/recipes-extended/lsof/lsof_4.89.bb
+++ b/meta/recipes-extended/lsof/lsof_4.89.bb
@@ -11,12 +11,12 @@ LIC_FILES_CHKSUM = "file://00README;beginline=645;endline=679;md5=964df275d26429
 # https://people.freebsd.org/~abe/ ). http://www.mirrorservice.org seems to be
 # the most commonly used alternative.
 
-SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_${PV}.tar.bz2 \
+SRC_URI = "http://www.mirrorservice.org/sites/lsof.itap.purdue.edu/pub/tools/unix/lsof/OLD/lsof_${PV}.tar.gz \
            file://lsof-remove-host-information.patch \
           "
 
-SRC_URI[md5sum] = "1b9cd34f3fb86856a125abbf2be3a386"
-SRC_URI[sha256sum] = "81ac2fc5fdc944793baf41a14002b6deb5a29096b387744e28f8c30a360a3718"
+SRC_URI[md5sum] = "8afbaff3ee308edc130bdc5df0801c8f"
+SRC_URI[sha256sum] = "5d08da7ebe049c9d9a6472d6afb81aa5af54c4733a3f8822cbc22b57867633c9"
 
 LOCALSRC = "file://${WORKDIR}/lsof_${PV}/lsof_${PV}_src.tar"
 
diff --git a/meta/recipes-extended/minicom/minicom_2.7.1.bb b/meta/recipes-extended/minicom/minicom_2.7.1.bb
index 1a31a872d6..78edffaf4c 100644
--- a/meta/recipes-extended/minicom/minicom_2.7.1.bb
+++ b/meta/recipes-extended/minicom/minicom_2.7.1.bb
@@ -7,7 +7,7 @@ LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=420477abc567404debca0a2a1cb6b645 \
                     file://src/minicom.h;beginline=1;endline=12;md5=a58838cb709f0db517f4e42730c49e81"
 
-SRC_URI = "https://alioth.debian.org/frs/download.php/latestfile/3/${BP}.tar.gz \
+SRC_URI = "${DEBIAN_MIRROR}/main/m/${BPN}/${BPN}_${PV}.orig.tar.gz \
            file://allow.to.disable.lockdev.patch \
            file://0001-fix-minicom-h-v-return-value-is-not-0.patch \
            file://0001-Fix-build-issus-surfaced-due-to-musl.patch \
diff --git a/meta/recipes-extended/net-tools/net-tools_1.60-26.bb b/meta/recipes-extended/net-tools/net-tools_1.60-26.bb
index 69c9af317d..5657fd8c5b 100644
--- a/meta/recipes-extended/net-tools/net-tools_1.60-26.bb
+++ b/meta/recipes-extended/net-tools/net-tools_1.60-26.bb
@@ -37,7 +37,7 @@ UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/net-tools/"
 
 inherit gettext
 
-do_patch[depends] = "quilt-native:do_populate_sysroot"
+do_patch[depends] += "quilt-native:do_populate_sysroot"
 
 # The Makefile is lame, no parallel build
 PARALLEL_MAKE = ""
diff --git a/meta/recipes-extended/shadow/files/CVE-2016-6252.patch b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
new file mode 100644
index 0000000000..bdaba5eecd
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/CVE-2016-6252.patch
@@ -0,0 +1,48 @@
+From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
+From: Sebastian Krahmer <krahmer@suse.com>
+Date: Wed, 3 Aug 2016 11:51:07 -0500
+Subject: [PATCH] Simplify getulong
+
+Use strtoul to read an unsigned long, rather than reading
+a signed long long and casting it.
+
+https://bugzilla.suse.com/show_bug.cgi?id=979282
+
+Upstream-Status: Backport
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ lib/getulong.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/lib/getulong.c b/lib/getulong.c
+index 61579ca..08d2c1a 100644
+--- a/lib/getulong.c
++++ b/lib/getulong.c
+@@ -44,22 +44,19 @@
+  */
+ int getulong (const char *numstr, /*@out@*/unsigned long int *result)
+ {
+-	long long int val;
++	unsigned long int val;
+ 	char *endptr;
+ 
+ 	errno = 0;
+-	val = strtoll (numstr, &endptr, 0);
++	val = strtoul (numstr, &endptr, 0);
+ 	if (    ('\0' == *numstr)
+ 	     || ('\0' != *endptr)
+ 	     || (ERANGE == errno)
+-	     /*@+ignoresigns@*/
+-	     || (val != (unsigned long int)val)
+-	     /*@=ignoresigns@*/
+ 	   ) {
+ 		return 0;
+ 	}
+ 
+-	*result = (unsigned long int)val;
++	*result = val;
+ 	return 1;
+ }
+ 
+-- 
+1.9.1
diff --git a/meta/recipes-extended/shadow/files/CVE-2017-2616.patch b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
new file mode 100644
index 0000000000..ee728f0952
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/CVE-2017-2616.patch
@@ -0,0 +1,64 @@
+shadow-4.2.1: Fix CVE-2017-2616
+
+[No upstream tracking] -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855943
+
+su: properly clear child PID
+
+If su is compiled with PAM support, it is possible for any local user
+to send SIGKILL to other processes with root privileges. There are
+only two conditions. First, the user must be able to perform su with
+a successful login. This does NOT have to be the root user, even using
+su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
+can only be sent to processes which were executed after the su process.
+It is not possible to send SIGKILL to processes which were already
+running. I consider this as a security vulnerability, because I was
+able to write a proof of concept which unlocked a screen saver of
+another user this way.
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686]
+CVE: CVE-2017-2616
+bug: 855943
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/src/su.c b/src/su.c
+index 3704217..1efcd61 100644
+--- a/src/su.c
++++ b/src/su.c
+@@ -363,20 +363,35 @@ static void prepare_pam_close_session (void)
+ 				/* wake child when resumed */
+ 				kill (pid, SIGCONT);
+ 				stop = false;
++			} else {
++				pid_child = 0;
+ 			}
+ 		} while (!stop);
+ 	}
+ 
+-	if (0 != caught) {
++	if (0 != caught && 0 != pid_child) {
+ 		(void) fputs ("\n", stderr);
+ 		(void) fputs (_("Session terminated, terminating shell..."),
+ 		              stderr);
+ 		(void) kill (-pid_child, caught);
+ 
+ 		(void) signal (SIGALRM, kill_child);
++		(void) signal (SIGCHLD, catch_signals);
+ 		(void) alarm (2);
+ 
+-		(void) wait (&status);
++		sigemptyset (&ourset);
++		if ((sigaddset (&ourset, SIGALRM) != 0)
++		    || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
++			fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
++			kill_child (0);
++		} else {
++			while (0 == waitpid (pid_child, &status, WNOHANG)) {
++				sigsuspend (&ourset);
++			}
++			pid_child = 0;
++			(void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
++		}
++
+ 		(void) fputs (_(" ...terminated.\n"), stderr);
+ 	}
+ 
diff --git a/meta/recipes-extended/shadow/files/CVE-2018-7169.patch b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch
new file mode 100644
index 0000000000..36887d44ee
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/CVE-2018-7169.patch
@@ -0,0 +1,186 @@
+From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Thu, 15 Feb 2018 23:49:40 +1100
+Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group
+
+This is necessary to match the kernel-side policy of "self-mapping in a
+user namespace is fine, but you cannot drop groups" -- a policy that was
+created in order to stop user namespaces from allowing trivial privilege
+escalation by dropping supplementary groups that were "blacklisted" from
+certain paths.
+
+This is the simplest fix for the underlying issue, and effectively makes
+it so that unless a user has a valid mapping set in /etc/subgid (which
+only administrators can modify) -- and they are currently trying to use
+that mapping -- then /proc/$pid/setgroups will be set to deny. This
+workaround is only partial, because ideally it should be possible to set
+an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
+administrators to further restrict newgidmap(1).
+
+We also don't write anything in the "allow" case because "allow" is the
+default, and users may have already written "deny" even if they
+technically are allowed to use setgroups. And we don't write anything if
+the setgroups policy is already "deny".
+
+Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
+Fixes: CVE-2018-7169
+
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0]
+Reported-by: Craig Furman <craig.furman89@gmail.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/newgidmap.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 80 insertions(+), 9 deletions(-)
+
+diff --git a/src/newgidmap.c b/src/newgidmap.c
+index b1e33513..59a2e75c 100644
+--- a/src/newgidmap.c
++++ b/src/newgidmap.c
+@@ -46,32 +46,37 @@
+  */
+ const char *Prog;
+ 
+-static bool verify_range(struct passwd *pw, struct map_range *range)
++
++static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
+ {
+ 	/* An empty range is invalid */
+ 	if (range->count == 0)
+ 		return false;
+ 
+-	/* Test /etc/subgid */
+-	if (have_sub_gids(pw->pw_name, range->lower, range->count))
++	/* Test /etc/subgid. If the mapping is valid then we allow setgroups. */
++	if (have_sub_gids(pw->pw_name, range->lower, range->count)) {
++		*allow_setgroups = true;
+ 		return true;
++	}
+ 
+-	/* Allow a process to map it's own gid */
+-	if ((range->count == 1) && (pw->pw_gid == range->lower))
++	/* Allow a process to map its own gid. */
++	if ((range->count == 1) && (pw->pw_gid == range->lower)) {
++		/* noop -- if setgroups is enabled already we won't disable it. */
+ 		return true;
++	}
+ 
+ 	return false;
+ }
+ 
+ static void verify_ranges(struct passwd *pw, int ranges,
+-	struct map_range *mappings)
++	struct map_range *mappings, bool *allow_setgroups)
+ {
+ 	struct map_range *mapping;
+ 	int idx;
+ 
+ 	mapping = mappings;
+ 	for (idx = 0; idx < ranges; idx++, mapping++) {
+-		if (!verify_range(pw, mapping)) {
++		if (!verify_range(pw, mapping, allow_setgroups)) {
+ 			fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"),
+ 				Prog,
+ 				mapping->upper,
+@@ -89,6 +94,70 @@ static void usage(void)
+ 	exit(EXIT_FAILURE);
+ }
+ 
++void write_setgroups(int proc_dir_fd, bool allow_setgroups)
++{
++	int setgroups_fd;
++	char *policy, policy_buffer[4096];
++
++	/*
++	 * Default is "deny", and any "allow" will out-rank a "deny". We don't
++	 * forcefully write an "allow" here because the process we are writing
++	 * mappings for may have already set themselves to "deny" (and "allow"
++	 * is the default anyway). So allow_setgroups == true is a noop.
++	 */
++	policy = "deny\n";
++	if (allow_setgroups)
++		return;
++
++	setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC);
++	if (setgroups_fd < 0) {
++		/*
++		 * If it's an ENOENT then we are on too old a kernel for the setgroups
++		 * code to exist. Emit a warning and bail on this.
++		 */
++		if (ENOENT == errno) {
++			fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog);
++			goto out;
++		}
++		fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++
++	/*
++	 * Check whether the policy is already what we want. /proc/self/setgroups
++	 * is write-once, so attempting to write after it's already written to will
++	 * fail.
++	 */
++	if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) {
++		fprintf(stderr, _("%s: failed to read setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++	if (!strncmp(policy_buffer, policy, strlen(policy)))
++		goto out;
++
++	/* Write the policy. */
++	if (lseek(setgroups_fd, 0, SEEK_SET) < 0) {
++		fprintf(stderr, _("%s: failed to seek setgroups: %s\n"),
++			Prog,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++	if (dprintf(setgroups_fd, "%s", policy) < 0) {
++		fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"),
++			Prog,
++			policy,
++			strerror(errno));
++		exit(EXIT_FAILURE);
++	}
++
++out:
++	close(setgroups_fd);
++}
++
+ /*
+  * newgidmap - Set the gid_map for the specified process
+  */
+@@ -103,6 +172,7 @@ int main(int argc, char **argv)
+ 	struct stat st;
+ 	struct passwd *pw;
+ 	int written;
++	bool allow_setgroups = false;
+ 
+ 	Prog = Basename (argv[0]);
+ 
+@@ -145,7 +215,7 @@ int main(int argc, char **argv)
+ 				(unsigned long) getuid ()));
+ 		return EXIT_FAILURE;
+ 	}
+-	
++
+ 	/* Get the effective uid and effective gid of the target process */
+ 	if (fstat(proc_dir_fd, &st) < 0) {
+ 		fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
+@@ -177,8 +247,9 @@ int main(int argc, char **argv)
+ 	if (!mappings)
+ 		usage();
+ 
+-	verify_ranges(pw, ranges, mappings);
++	verify_ranges(pw, ranges, mappings, &allow_setgroups);
+ 
++	write_setgroups(proc_dir_fd, allow_setgroups);
+ 	write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
+ 	sub_gid_close();
+ 
+-- 
+2.13.3
+
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index cc189649b2..f3f5bf6f07 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -9,7 +9,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
 DEPENDS_class-native = ""
 DEPENDS_class-nativesdk = ""
 
-SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
+UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases"
+
+SRC_URI = "https://downloads.yoctoproject.org/mirror/sources/${BP}.tar.xz \
            file://shadow-4.1.3-dots-in-usernames.patch \
            file://usermod-fix-compilation-failure-with-subids-disabled.patch \
            file://fix-installation-failure-with-subids-disabled.patch \
@@ -17,7 +19,10 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
            file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
            file://0001-useradd-copy-extended-attributes-of-home.patch \
            file://0001-shadow-CVE-2017-12424 \
+           file://CVE-2017-2616.patch \
            ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://CVE-2018-7169.patch \
+           file://CVE-2016-6252.patch \
            "
 
 SRC_URI_append_class-target = " \
@@ -128,7 +133,8 @@ do_install_append() {
 	# Ensure that the image has as a /var/spool/mail dir so shadow can
 	# put mailboxes there if the user reconfigures shadow to its
 	# defaults (see sed below).
-	install -d ${D}${localstatedir}/spool/mail
+	install -m 0775 -d ${D}${localstatedir}/spool/mail
+	chown root:mail ${D}${localstatedir}/spool/mail
 
 	if [ -e ${WORKDIR}/pam.d ]; then
 		install -d ${D}${sysconfdir}/pam.d/
diff --git a/meta/recipes-extended/sysklogd/sysklogd.inc b/meta/recipes-extended/sysklogd/sysklogd.inc
index e9a4a02192..1a537fabf4 100644
--- a/meta/recipes-extended/sysklogd/sysklogd.inc
+++ b/meta/recipes-extended/sysklogd/sysklogd.inc
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b \
                     file://klogd.c;beginline=2;endline=19;md5=7e87ed0ae6142de079bce738c10c899d \
                    "
 
-inherit update-rc.d update-alternatives systemd
+inherit update-rc.d systemd
 
 SRC_URI = "http://www.infodrom.org/projects/sysklogd/download/sysklogd-${PV}.tar.gz \
            file://no-strip-install.patch \
@@ -58,16 +58,6 @@ do_install () {
 
 FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/sysklogd.conf', '', d)}"
 
-ALTERNATIVE_PRIORITY = "100"
-
-ALTERNATIVE_${PN} = "syslogd klogd"
-
-ALTERNATIVE_${PN}-doc = "syslogd.8"
-ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
-
-ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd"
-ALTERNATIVE_LINK_NAME[klogd] = "${base_sbindir}/klogd"
-
 pkg_prerm_${PN} () {
 	if test "x$D" = "x"; then
 	if test "$1" = "upgrade" -o "$1" = "remove"; then
diff --git a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch b/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch
deleted file mode 100644
index e49fa09647..0000000000
--- a/meta/recipes-extended/tzcode/files/0001-Fix-Makefile-quoting-bug.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-From b520d20b8122a783f99f088758b78d928f70ee34 Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@cs.ucla.edu>
-Date: Mon, 23 Oct 2017 11:42:45 -0700
-Subject: [PATCH] Fix Makefile quoting bug
-
-Problem with INSTALLARGS reported by Zefram in:
-https://mm.icann.org/pipermail/tz/2017-October/025360.html
-Fix similar problems too.
-* Makefile (ZIC_INSTALL, VALIDATE_ENV, CC, install)
-(INSTALL, version, INSTALLARGS, right_posix, posix_right)
-(check_public): Use apostrophes to prevent undesirable
-interpretation of names by the shell.  We still do not support
-directory names containing apostrophes or newlines, but this is
-good enough.
-
-Upstream-Status: Backport
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-* NEWS: Mention this.
----
- Makefile | 64 ++++++++++++++++++++++++++++++++--------------------------------
- NEWS     |  8 ++++++++
- 2 files changed, 40 insertions(+), 32 deletions(-)
-
-diff --git a/Makefile b/Makefile
-index c92edc0..97649ca 100644
---- a/Makefile
-+++ b/Makefile
-@@ -313,7 +313,7 @@ ZFLAGS=
- 
- # How to use zic to install tz binary files.
- 
--ZIC_INSTALL=	$(ZIC) -d $(DESTDIR)$(TZDIR) $(LEAPSECONDS)
-+ZIC_INSTALL=	$(ZIC) -d '$(DESTDIR)$(TZDIR)' $(LEAPSECONDS)
- 
- # The name of a Posix-compliant 'awk' on your system.
- AWK=		awk
-@@ -341,8 +341,8 @@ SGML_CATALOG_FILES= \
- VALIDATE = nsgmls
- VALIDATE_FLAGS = -s -B -wall -wno-unused-param
- VALIDATE_ENV = \
--  SGML_CATALOG_FILES=$(SGML_CATALOG_FILES) \
--  SGML_SEARCH_PATH=$(SGML_SEARCH_PATH) \
-+  SGML_CATALOG_FILES='$(SGML_CATALOG_FILES)' \
-+  SGML_SEARCH_PATH='$(SGML_SEARCH_PATH)' \
-   SP_CHARSET_FIXED=YES \
-   SP_ENCODING=UTF-8
- 
-@@ -396,7 +396,7 @@ GZIPFLAGS=	-9n
- #MAKE=		make
- 
- cc=		cc
--CC=		$(cc) -DTZDIR=\"$(TZDIR)\"
-+CC=		$(cc) -DTZDIR='"$(TZDIR)"'
- 
- AR=		ar
- 
-@@ -473,29 +473,29 @@ all:		tzselect yearistype zic zdump libtz.a $(TABDATA)
- ALL:		all date $(ENCHILADA)
- 
- install:	all $(DATA) $(REDO) $(MANS)
--		mkdir -p $(DESTDIR)$(ETCDIR) $(DESTDIR)$(TZDIR) \
--			$(DESTDIR)$(LIBDIR) \
--			$(DESTDIR)$(MANDIR)/man3 $(DESTDIR)$(MANDIR)/man5 \
--			$(DESTDIR)$(MANDIR)/man8
-+		mkdir -p '$(DESTDIR)$(ETCDIR)' '$(DESTDIR)$(TZDIR)' \
-+			'$(DESTDIR)$(LIBDIR)' \
-+			'$(DESTDIR)$(MANDIR)/man3' '$(DESTDIR)$(MANDIR)/man5' \
-+			'$(DESTDIR)$(MANDIR)/man8'
- 		$(ZIC_INSTALL) -l $(LOCALTIME) -p $(POSIXRULES)
--		cp -f $(TABDATA) $(DESTDIR)$(TZDIR)/.
--		cp tzselect zic zdump $(DESTDIR)$(ETCDIR)/.
--		cp libtz.a $(DESTDIR)$(LIBDIR)/.
--		$(RANLIB) $(DESTDIR)$(LIBDIR)/libtz.a
--		cp -f newctime.3 newtzset.3 $(DESTDIR)$(MANDIR)/man3/.
--		cp -f tzfile.5 $(DESTDIR)$(MANDIR)/man5/.
--		cp -f tzselect.8 zdump.8 zic.8 $(DESTDIR)$(MANDIR)/man8/.
-+		cp -f $(TABDATA) '$(DESTDIR)$(TZDIR)/.'
-+		cp tzselect zic zdump '$(DESTDIR)$(ETCDIR)/.'
-+		cp libtz.a '$(DESTDIR)$(LIBDIR)/.'
-+		$(RANLIB) '$(DESTDIR)$(LIBDIR)/libtz.a'
-+		cp -f newctime.3 newtzset.3 '$(DESTDIR)$(MANDIR)/man3/.'
-+		cp -f tzfile.5 '$(DESTDIR)$(MANDIR)/man5/.'
-+		cp -f tzselect.8 zdump.8 zic.8 '$(DESTDIR)$(MANDIR)/man8/.'
- 
- INSTALL:	ALL install date.1
--		mkdir -p $(DESTDIR)$(BINDIR) $(DESTDIR)$(MANDIR)/man1
--		cp date $(DESTDIR)$(BINDIR)/.
--		cp -f date.1 $(DESTDIR)$(MANDIR)/man1/.
-+		mkdir -p '$(DESTDIR)$(BINDIR)' '$(DESTDIR)$(MANDIR)/man1'
-+		cp date '$(DESTDIR)$(BINDIR)/.'
-+		cp -f date.1 '$(DESTDIR)$(MANDIR)/man1/.'
- 
- version:	$(VERSION_DEPS)
- 		{ (type git) >/dev/null 2>&1 && \
- 		  V=`git describe --match '[0-9][0-9][0-9][0-9][a-z]*' \
- 				--abbrev=7 --dirty` || \
--		  V=$(VERSION); } && \
-+		  V='$(VERSION)'; } && \
- 		printf '%s\n' "$$V" >$@.out
- 		mv $@.out $@
- 
-@@ -529,12 +529,12 @@ leapseconds:	$(LEAP_DEPS)
- # Arguments to pass to submakes of install_data.
- # They can be overridden by later submake arguments.
- INSTALLARGS = \
-- BACKWARD=$(BACKWARD) \
-- DESTDIR=$(DESTDIR) \
-+ BACKWARD='$(BACKWARD)' \
-+ DESTDIR='$(DESTDIR)' \
-  LEAPSECONDS='$(LEAPSECONDS)' \
-  PACKRATDATA='$(PACKRATDATA)' \
-- TZDIR=$(TZDIR) \
-- YEARISTYPE=$(YEARISTYPE) \
-+ TZDIR='$(TZDIR)' \
-+ YEARISTYPE='$(YEARISTYPE)' \
-  ZIC='$(ZIC)'
- 
- # 'make install_data' installs one set of tz binary files.
-@@ -558,16 +558,16 @@ right_only:
- # You must replace all of $(TZDIR) to switch from not using leap seconds
- # to using them, or vice versa.
- right_posix:	right_only
--		rm -fr $(DESTDIR)$(TZDIR)-leaps
--		ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-leaps || \
--		  $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only
--		$(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only
-+		rm -fr '$(DESTDIR)$(TZDIR)-leaps'
-+		ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-leaps' || \
-+		  $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only
-+		$(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only
- 
- posix_right:	posix_only
--		rm -fr $(DESTDIR)$(TZDIR)-posix
--		ln -s $(TZDIR_BASENAME) $(DESTDIR)$(TZDIR)-posix || \
--		  $(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-posix posix_only
--		$(MAKE) $(INSTALLARGS) TZDIR=$(TZDIR)-leaps right_only
-+		rm -fr '$(DESTDIR)$(TZDIR)-posix'
-+		ln -s '$(TZDIR_BASENAME)' '$(DESTDIR)$(TZDIR)-posix' || \
-+		  $(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-posix' posix_only
-+		$(MAKE) $(INSTALLARGS) TZDIR='$(TZDIR)-leaps' right_only
- 
- # This obsolescent rule is present for backwards compatibility with
- # tz releases 2014g through 2015g.  It should go away eventually.
-@@ -764,7 +764,7 @@ set-timestamps.out: $(ENCHILADA)
- 
- check_public:
- 		$(MAKE) maintainer-clean
--		$(MAKE) "CFLAGS=$(GCC_DEBUG_FLAGS)" ALL
-+		$(MAKE) CFLAGS='$(GCC_DEBUG_FLAGS)' ALL
- 		mkdir -p public.dir
- 		for i in $(TDATA) tzdata.zi; do \
- 		  $(zic) -v -d public.dir $$i 2>&1 || exit; \
-diff --git a/NEWS b/NEWS
-index bd2bec2..75ab095 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,5 +1,13 @@
- News for the tz database
- 
-+Unreleased, experimental changes
-+
-+  Changes to build procedure
-+
-+    The Makefile now quotes values like BACKWARD more carefully when
-+    passing them to the shell.  (Problem reported by Zefram.)
-+
-+
- Release 2017c - 2017-10-20 14:49:34 -0700
- 
-   Briefly:
--- 
-2.7.4
-
diff --git a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch b/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch
deleted file mode 100644
index 87afe47694..0000000000
--- a/meta/recipes-extended/tzcode/files/0002-Port-zdump-to-C90-snprintf.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From e231da4fb2beb17c60b4b1a5c276366d6a6e433f Mon Sep 17 00:00:00 2001
-From: Paul Eggert <eggert@cs.ucla.edu>
-Date: Mon, 23 Oct 2017 17:58:36 -0700
-Subject: [PATCH] Port zdump to C90 + snprintf
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Problem reported by Jon Skeet in:
-https://mm.icann.org/pipermail/tz/2017-October/025362.html
-* NEWS: Mention this.
-* zdump.c (my_snprintf): New macro or function.  If a macro, it is
-just snprintf.  If a function, it is the same as the old snprintf
-static function, with an ATTRIBUTE_FORMAT to pacify modern GCC.
-All uses of snprintf changed to use my_snprintf.  This way,
-installers don’t need to specify -DHAVE_SNPRINTF if they are using
-a pre-C99 compiler with a library that has snprintf.
-
-Upstream-Status: Backport
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- NEWS    |  4 ++++
- zdump.c | 29 ++++++++++++++++-------------
- 2 files changed, 20 insertions(+), 13 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 75ab095..dea08b8 100644
---- a/NEWS
-+++ b/NEWS
-@@ -7,6 +7,10 @@ Unreleased, experimental changes
-     The Makefile now quotes values like BACKWARD more carefully when
-     passing them to the shell.  (Problem reported by Zefram.)
- 
-+    Builders no longer need to specify -DHAVE_SNPRINTF on platforms
-+    that have snprintf and use pre-C99 compilers.  (Problem reported
-+    by Jon Skeet.)
-+
- 
- Release 2017c - 2017-10-20 14:49:34 -0700
- 
-diff --git a/zdump.c b/zdump.c
-index 8e3bf3e..d4e6084 100644
---- a/zdump.c
-+++ b/zdump.c
-@@ -795,12 +795,14 @@ show(timezone_t tz, char *zone, time_t t, bool v)
- 		abbrok(abbr(tmp), zone);
- }
- 
--#if !HAVE_SNPRINTF
-+#if HAVE_SNPRINTF
-+# define my_snprintf snprintf
-+#else
- # include <stdarg.h>
- 
- /* A substitute for snprintf that is good enough for zdump.  */
--static int
--snprintf(char *s, size_t size, char const *format, ...)
-+static int ATTRIBUTE_FORMAT((printf, 3, 4))
-+my_snprintf(char *s, size_t size, char const *format, ...)
- {
-   int n;
-   va_list args;
-@@ -839,10 +841,10 @@ format_local_time(char *buf, size_t size, struct tm const *tm)
- {
-   int ss = tm->tm_sec, mm = tm->tm_min, hh = tm->tm_hour;
-   return (ss
--	  ? snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss)
-+	  ? my_snprintf(buf, size, "%02d:%02d:%02d", hh, mm, ss)
- 	  : mm
--	  ? snprintf(buf, size, "%02d:%02d", hh, mm)
--	  : snprintf(buf, size, "%02d", hh));
-+	  ? my_snprintf(buf, size, "%02d:%02d", hh, mm)
-+	  : my_snprintf(buf, size, "%02d", hh));
- }
- 
- /* Store into BUF, of size SIZE, a formatted UTC offset for the
-@@ -877,10 +879,10 @@ format_utc_offset(char *buf, size_t size, struct tm const *tm, time_t t)
-   mm = off / 60 % 60;
-   hh = off / 60 / 60;
-   return (ss || 100 <= hh
--	  ? snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss)
-+	  ? my_snprintf(buf, size, "%c%02ld%02d%02d", sign, hh, mm, ss)
- 	  : mm
--	  ? snprintf(buf, size, "%c%02ld%02d", sign, hh, mm)
--	  : snprintf(buf, size, "%c%02ld", sign, hh));
-+	  ? my_snprintf(buf, size, "%c%02ld%02d", sign, hh, mm)
-+	  : my_snprintf(buf, size, "%c%02ld", sign, hh));
- }
- 
- /* Store into BUF (of size SIZE) a quoted string representation of P.
-@@ -983,15 +985,16 @@ istrftime(char *buf, size_t size, char const *time_fmt,
- 	    for (abp = ab; is_alpha(*abp); abp++)
- 	      continue;
- 	    len = (!*abp && *ab
--		   ? snprintf(b, s, "%s", ab)
-+		   ? my_snprintf(b, s, "%s", ab)
- 		   : format_quoted_string(b, s, ab));
- 	    if (s <= len)
- 	      return false;
- 	    b += len, s -= len;
- 	  }
--	  formatted_len = (tm->tm_isdst
--			   ? snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst)
--			   : 0);
-+	  formatted_len
-+	    = (tm->tm_isdst
-+	       ? my_snprintf(b, s, &"\t\t%d"[show_abbr], tm->tm_isdst)
-+	       : 0);
- 	}
- 	break;
-       }
--- 
-2.7.4
-
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2017c.bb b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb
index aeaef726bc..816e34d00f 100644
--- a/meta/recipes-extended/tzcode/tzcode-native_2017c.bb
+++ b/meta/recipes-extended/tzcode/tzcode-native_2018f.bb
@@ -7,15 +7,14 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
 
 SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
            http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata \
-           file://0001-Fix-Makefile-quoting-bug.patch \
-           file://0002-Port-zdump-to-C90-snprintf.patch"
+           "
 
 UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
 
-SRC_URI[tzcode.md5sum] = "2fe6986231db5182c61d565021a0cd7b"
-SRC_URI[tzcode.sha256sum] = "81e8b4bc23e60906640c266bbff3789661e22f0fa29fe61b96ec7c2816c079b7"
-SRC_URI[tzdata.md5sum] = "1e751e7e08f8b68530674f04619d894d"
-SRC_URI[tzdata.sha256sum] = "d6543f92a929826318e2f44ff3a7611ce5f565a43e10250b42599d0ba4cbd90b"
+SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15"
+SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2"
+SRC_URI[tzcode.md5sum] = "011d394b70e6ee3823fd77010b99737f"
+SRC_URI[tzcode.sha256sum] = "4ec74f8a84372570135ea4be16a042442fafe100f5598cb1017bfd30af6aaa70"
 
 S = "${WORKDIR}"
 
diff --git a/meta/recipes-extended/tzdata/tzdata_2017c.bb b/meta/recipes-extended/tzdata/tzdata_2018f.bb
index 9e5b929e99..b167540608 100644
--- a/meta/recipes-extended/tzdata/tzdata_2017c.bb
+++ b/meta/recipes-extended/tzdata/tzdata_2018f.bb
@@ -9,8 +9,8 @@ DEPENDS = "tzcode-native"
 SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata"
 UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones"
 
-SRC_URI[tzdata.md5sum] = "1e751e7e08f8b68530674f04619d894d"
-SRC_URI[tzdata.sha256sum] = "d6543f92a929826318e2f44ff3a7611ce5f565a43e10250b42599d0ba4cbd90b"
+SRC_URI[tzdata.md5sum] = "e5e84f00f9d18bd6ebc8b1affec91b15"
+SRC_URI[tzdata.sha256sum] = "0af6a85fc4ea95832f76524f35696a61abb3992fd3f8db33e5a1f95653e043f2"
 
 inherit allarch
 
@@ -171,7 +171,7 @@ FILES_${PN} += "${datadir}/zoneinfo/Pacific/Honolulu     \
                 ${datadir}/zoneinfo/Asia/Dubai           \
                 ${datadir}/zoneinfo/Asia/Karachi         \
                 ${datadir}/zoneinfo/Asia/Dhaka           \
-                ${datadir}/zoneinfo/Asia/Bankok          \
+                ${datadir}/zoneinfo/Asia/Bangkok         \
                 ${datadir}/zoneinfo/Asia/Hong_Kong       \
                 ${datadir}/zoneinfo/Asia/Tokyo           \
                 ${datadir}/zoneinfo/Australia/Darwin     \
diff --git a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb
index c71ab1165d..9d8fb28281 100644
--- a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb
+++ b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb
@@ -5,7 +5,7 @@ DESCRIPTION = "The Cantarell font typeface is designed as a \
                on-screen reading; in particular, reading web pages on an \
                HTC Dream mobile phone."
 
-HOMEPAGE = "https://git.gnome.org/browse/cantarell-fonts/"
+HOMEPAGE = "https://gitlab.gnome.org/GNOME/cantarell-fonts/"
 SECTION = "fonts"
 LICENSE = "OFL-1.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d"
@@ -13,7 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d"
 PV = "0.0.24"
 
 SRCREV = "07b6ea2cbbebfc360aa4668612a376be5e214eaa"
-SRC_URI = "git://git.gnome.org/cantarell-fonts;protocol=git;branch=master"
+SRC_URI = "git://gitlab.gnome.org/GNOME/cantarell-fonts;protocol=https;branch=master"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>(?!0\.13)(?!0\.10\.1)\d+\.\d+(\.\d+)+)"
 
 S = "${WORKDIR}/git"
diff --git a/meta/recipes-graphics/eglinfo/eglinfo-fb_1.0.0.bb b/meta/recipes-graphics/eglinfo/eglinfo-fb_1.0.0.bb
index dc2820cda7..cccdd2073d 100644
--- a/meta/recipes-graphics/eglinfo/eglinfo-fb_1.0.0.bb
+++ b/meta/recipes-graphics/eglinfo/eglinfo-fb_1.0.0.bb
@@ -4,3 +4,4 @@ EGLINFO_BINARY_NAME ?= "eglinfo-fb"
 require eglinfo.inc
 
 SUMMARY += "(Framebuffer version)"
+CXXFLAGS += "-DMESA_EGL_NO_X11_HEADERS=1"
diff --git a/meta/recipes-graphics/libepoxy/libepoxy/Add-fallback-definition-for-EGL-CAST.patch b/meta/recipes-graphics/libepoxy/libepoxy/Add-fallback-definition-for-EGL-CAST.patch
new file mode 100644
index 0000000000..b9297257dc
--- /dev/null
+++ b/meta/recipes-graphics/libepoxy/libepoxy/Add-fallback-definition-for-EGL-CAST.patch
@@ -0,0 +1,33 @@
+Add fallback definition for EGL_CAST
+
+The EGL API update from d11104f introduced a dependency on the
+EGL_CAST() macro, provided by an updated eglplatform.h. Given that we
+don't provide eglplatform.h, add a fallback definition for if we're
+building against Mesa 17.0.x or similar.
+
+https://bugs.gentoo.org/show_bug.cgi?id=623926
+
+Upstream-Status: Backport [https://github.com/anholt/libepoxy/commit/ebe3a53db1c0bb34e1ca963b95d1f222115f93f8]
+
+Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
+
+Index: libepoxy-1.4.3/src/gen_dispatch.py
+===================================================================
+--- libepoxy-1.4.3.orig/src/gen_dispatch.py	2017-06-06 04:24:13.000000000 -0500
++++ libepoxy-1.4.3/src/gen_dispatch.py	2017-11-06 12:45:43.594966473 -0600
+@@ -491,6 +491,15 @@
+             self.outln('#include "epoxy/gl.h"')
+             if self.target == "egl":
+                 self.outln('#include "EGL/eglplatform.h"')
++                # Account for older eglplatform.h, which doesn't define
++                # the EGL_CAST macro.
++                self.outln('#ifndef EGL_CAST')
++                self.outln('#if defined(__cplusplus)')
++                self.outln('#define EGL_CAST(type, value) (static_cast<type>(value))')
++                self.outln('#else')
++                self.outln('#define EGL_CAST(type, value) ((type) (value))')
++                self.outln('#endif')
++                self.outln('#endif')
+         else:
+             # Add some ridiculous inttypes.h redefinitions that are
+             # from khrplatform.h and not included in the XML.  We
diff --git a/meta/recipes-graphics/libepoxy/libepoxy_1.4.3.bb b/meta/recipes-graphics/libepoxy/libepoxy_1.4.3.bb
index c8b398f176..0172322b92 100644
--- a/meta/recipes-graphics/libepoxy/libepoxy_1.4.3.bb
+++ b/meta/recipes-graphics/libepoxy/libepoxy_1.4.3.bb
@@ -5,7 +5,8 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=58ef4c80d401e07bd9ee8b6b58cf464b"
 
-SRC_URI = "https://github.com/anholt/${BPN}/releases/download/${PV}/${BP}.tar.xz"
+SRC_URI = "https://github.com/anholt/${BPN}/releases/download/${PV}/${BP}.tar.xz \
+           file://Add-fallback-definition-for-EGL-CAST.patch"
 SRC_URI[md5sum] = "af4c3ce0fb1143bdc4e43f85695a9bed"
 SRC_URI[sha256sum] = "0b808a06c9685a62fca34b680abb8bc7fb2fda074478e329b063c1f872b826f6"
 UPSTREAM_CHECK_URI = "https://github.com/anholt/libepoxy/releases"
diff --git a/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch b/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch
new file mode 100644
index 0000000000..9a1b12e4f4
--- /dev/null
+++ b/meta/recipes-graphics/xorg-lib/libxcursor/CVE-2017-16612.patch
@@ -0,0 +1,75 @@
+From 4794b5dd34688158fb51a2943032569d3780c4b8 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sat, 21 Oct 2017 23:47:52 +0200
+Subject: Fix heap overflows when parsing malicious files. (CVE-2017-16612)
+
+It is possible to trigger heap overflows due to an integer overflow
+while parsing images and a signedness issue while parsing comments.
+
+The integer overflow occurs because the chosen limit 0x10000 for
+dimensions is too large for 32 bit systems, because each pixel takes
+4 bytes. Properly chosen values allow an overflow which in turn will
+lead to less allocated memory than needed for subsequent reads.
+
+The signedness bug is triggered by reading the length of a comment
+as unsigned int, but casting it to int when calling the function
+XcursorCommentCreate. Turning length into a negative value allows the
+check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
+addition of sizeof (XcursorComment) + 1 makes it possible to allocate
+less memory than needed for subsequent reads.
+
+Upstream-Status: Backport from v1.1.15
+CVE: CVE-2017-16612
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ src/file.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/file.c b/src/file.c
+index 43163c2..da16277 100644
+--- a/src/file.c
++++ b/src/file.c
+@@ -29,6 +29,11 @@ XcursorImageCreate (int width, int height)
+ {
+     XcursorImage    *image;
+ 
++    if (width < 0 || height < 0)
++       return NULL;
++    if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
++       return NULL;
++
+     image = malloc (sizeof (XcursorImage) +
+ 		    width * height * sizeof (XcursorPixel));
+     if (!image)
+@@ -101,7 +106,7 @@ XcursorCommentCreate (XcursorUInt comment_type, int length)
+ {
+     XcursorComment  *comment;
+ 
+-    if (length > XCURSOR_COMMENT_MAX_LEN)
++    if (length < 0 || length > XCURSOR_COMMENT_MAX_LEN)
+ 	return NULL;
+ 
+     comment = malloc (sizeof (XcursorComment) + length + 1);
+@@ -448,7 +453,8 @@ _XcursorReadImage (XcursorFile		*file,
+     if (!_XcursorReadUInt (file, &head.delay))
+ 	return NULL;
+     /* sanity check data */
+-    if (head.width >= 0x10000 || head.height > 0x10000)
++    if (head.width > XCURSOR_IMAGE_MAX_SIZE  ||
++	head.height > XCURSOR_IMAGE_MAX_SIZE)
+ 	return NULL;
+     if (head.width == 0 || head.height == 0)
+ 	return NULL;
+@@ -457,6 +463,8 @@ _XcursorReadImage (XcursorFile		*file,
+ 
+     /* Create the image and initialize it */
+     image = XcursorImageCreate (head.width, head.height);
++    if (image == NULL)
++	return NULL;
+     if (chunkHeader.version < image->version)
+ 	image->version = chunkHeader.version;
+     image->size = chunkHeader.subtype;
+-- 
+cgit v1.1
+
diff --git a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb
index 17629047b7..ccc4347820 100644
--- a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb
+++ b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb
@@ -16,6 +16,8 @@ BBCLASSEXTEND = "native nativesdk"
 
 PE = "1"
 
+SRC_URI += "file://CVE-2017-16612.patch"
+
 XORG_PN = "libXcursor"
 
 SRC_URI[md5sum] = "1e7c17afbbce83e2215917047c57d1b3"
diff --git a/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb b/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
index 552eb6abaa..6052650c95 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
+++ b/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
@@ -9,6 +9,8 @@ DEPENDS += "cryptodev-linux"
 
 SRC_URI += " \
 file://0001-Disable-installing-header-file-provided-by-another-p.patch \
+file://0001-ioctl.c-Fix-build-with-linux-4.13.patch \
+file://0001-ioctl.c-Fix-build-with-linux-4.17.patch \
 "
 
 EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
diff --git a/meta/recipes-kernel/cryptodev/cryptodev.inc b/meta/recipes-kernel/cryptodev/cryptodev.inc
index 50366e7202..ab15bc1d97 100644
--- a/meta/recipes-kernel/cryptodev/cryptodev.inc
+++ b/meta/recipes-kernel/cryptodev/cryptodev.inc
@@ -3,11 +3,9 @@ HOMEPAGE = "http://cryptodev-linux.org/"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
-SRC_URI = "http://nwl.cc/pub/cryptodev-linux/cryptodev-linux-${PV}.tar.gz"
+SRC_URI = "git://github.com/cryptodev-linux/cryptodev-linux"
+SRCREV = "87d959d9a279c055b361de8e730fab6a7144edd7"
 
-SRC_URI[md5sum] = "cb4e0ed9e5937716c7c8a7be84895b6d"
-SRC_URI[sha256sum] = "9f4c0b49b30e267d776f79455d09c70cc9c12c86eee400a0d0a0cd1d8e467950"
-
-S = "${WORKDIR}/cryptodev-linux-${PV}"
+S = "${WORKDIR}/git"
 
 CLEANBROKEN = "1"
diff --git a/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch b/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch
index 3f0298b0b0..84fd27e681 100644
--- a/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch
+++ b/meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch
@@ -14,37 +14,37 @@ Upstream-Status: Pending
  tests/Makefile |    8 ++++++++
  2 files changed, 14 insertions(+), 0 deletions(-)
 
-diff --git a/Makefile b/Makefile
-index 31c4b3f..2ecf2a9 100644
---- a/Makefile
-+++ b/Makefile
-@@ -34,6 +34,9 @@ modules_install:
- 	@echo "Installing cryptodev.h in $(PREFIX)/usr/include/crypto ..."
- 	@install -D crypto/cryptodev.h $(PREFIX)/usr/include/crypto/cryptodev.h
+Index: git/Makefile
+===================================================================
+--- git.orig/Makefile
++++ git/Makefile
+@@ -35,6 +35,9 @@ modules_install:
+ 	$(MAKE) $(KERNEL_MAKE_OPTS) modules_install
+ 	install -m 644 -D crypto/cryptodev.h $(DESTDIR)/$(includedir)/crypto/cryptodev.h
  
 +install_tests:
 +	make -C tests install DESTDIR=$(PREFIX)
 +
  clean:
- 	make -C $(KERNEL_DIR) SUBDIRS=`pwd` clean
+ 	$(MAKE) $(KERNEL_MAKE_OPTS) clean
  	rm -f $(hostprogs) *~
-@@ -42,6 +45,9 @@ clean:
+@@ -43,6 +46,9 @@ clean:
  check:
- 	CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) make -C tests check
+ 	CFLAGS=$(CRYPTODEV_CFLAGS) KERNEL_DIR=$(KERNEL_DIR) $(MAKE) -C tests check
  
 +testprogs:
 +	KERNEL_DIR=$(KERNEL_DIR) make -C tests testprogs
 +
  CPOPTS =
- ifneq (${SHOW_TYPES},)
+ ifneq ($(SHOW_TYPES),)
  CPOPTS += --show-types
-diff --git a/tests/Makefile b/tests/Makefile
-index c9f04e8..cd202af 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -19,6 +19,12 @@ example-async-hmac-objs := async_hmac.o
- example-async-speed-objs := async_speed.o
- example-hashcrypt-speed-objs := hashcrypt_speed.c
+Index: git/tests/Makefile
+===================================================================
+--- git.orig/tests/Makefile
++++ git/tests/Makefile
+@@ -23,6 +23,12 @@ bindir = $(execprefix)/bin
+ 
+ all: $(hostprogs)
  
 +install:
 +	install -d  $(DESTDIR)/usr/bin/tests_cryptodev
@@ -55,9 +55,9 @@ index c9f04e8..cd202af 100644
  check: $(hostprogs)
  	./cipher
  	./hmac
-@@ -28,6 +34,8 @@ check: $(hostprogs)
- 	./cipher-gcm
- 	./cipher-aead
+@@ -38,6 +44,8 @@ install:
+ 		install -m 755 $$prog $(DESTDIR)/$(bindir); \
+ 	done
  
 +testprogs: $(hostprogs)
 +
diff --git a/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch
new file mode 100644
index 0000000000..a41efacdd9
--- /dev/null
+++ b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.13.patch
@@ -0,0 +1,49 @@
+From f0d69774afb27ffc62bf353465fba145e70cb85a Mon Sep 17 00:00:00 2001
+From: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
+Date: Mon, 4 Sep 2017 11:05:08 +0200
+Subject: [PATCH] ioctl.c: Fix build with linux 4.13
+
+git/ioctl.c:1127:3: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init]
+   {0, },
+    ^
+note: (near initialization for 'verbosity_ctl_dir[1]')
+git/ioctl.c:1136:3: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init]
+   {0, },
+    ^
+
+Linux kernel has added -Werror=designated-init around 4.11 (c834f0e8a8b)
+triggering build errors with gcc 5 and 6 (but not with gcc 4)
+
+Upstream-Status: Backport
+
+Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+---
+ ioctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 0385203..8d4a162 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -1124,7 +1124,7 @@ static struct ctl_table verbosity_ctl_dir[] = {
+ 		.mode           = 0644,
+ 		.proc_handler   = proc_dointvec,
+ 	},
+-	{0, },
++	{},
+ };
+ 
+ static struct ctl_table verbosity_ctl_root[] = {
+@@ -1133,7 +1133,7 @@ static struct ctl_table verbosity_ctl_root[] = {
+ 		.mode           = 0555,
+ 		.child          = verbosity_ctl_dir,
+ 	},
+-	{0, },
++	{},
+ };
+ static struct ctl_table_header *verbosity_sysctl_header;
+ static int __init init_cryptodev(void)
+-- 
+2.7.4
+
diff --git a/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch
new file mode 100644
index 0000000000..5881d1c4ee
--- /dev/null
+++ b/meta/recipes-kernel/cryptodev/files/0001-ioctl.c-Fix-build-with-linux-4.17.patch
@@ -0,0 +1,43 @@
+From f60aa08c63fc02780554a0a12180a478ca27d49f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
+Date: Wed, 23 May 2018 18:43:39 +0300
+Subject: [PATCH] ioctl.c: Fix build with linux 4.17
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since kernel 4.17-rc1, sys_* syscalls can no longer be called directly:
+819671ff849b ("syscalls: define and explain goal to not call syscalls in the kernel")
+
+Since cryptodev uses sys_close() - and this has been removed in commit:
+2ca2a09d6215 ("fs: add ksys_close() wrapper; remove in-kernel calls to sys_close()")
+cryptodev has to be updated to use the ksys_close() wrapper.
+
+Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
+
+Upstream-Status: Backport
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+---
+ ioctl.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ioctl.c b/ioctl.c
+index d831b0c..2571034 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -828,7 +828,11 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ 		fd = clonefd(filp);
+ 		ret = put_user(fd, p);
+ 		if (unlikely(ret)) {
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0))
+ 			sys_close(fd);
++#else
++			ksys_close(fd);
++#endif
+ 			return ret;
+ 		}
+ 		return ret;
+-- 
+2.7.4
+
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
index 5e2b8c7623..2c3f8cd323 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_git.bb
@@ -37,6 +37,7 @@ LICENSE = "\
     & Firmware-ath9k-htc \
     & Firmware-phanfw \
     & Firmware-qat \
+    & Firmware-qcom \
     & Firmware-qla1280 \
     & Firmware-qla2xxx \
     & Firmware-qualcommAthos_ar3k \
@@ -90,12 +91,13 @@ LIC_FILES_CHKSUM = "\
     file://LICENCE.Marvell;md5=9ddea1734a4baf3c78d845151f42a37a \
     file://LICENCE.moxa;md5=1086614767d8ccf744a923289d3d4261 \
     file://LICENCE.myri10ge_firmware;md5=42e32fb89f6b959ca222e25ac8df8fed \
-    file://LICENCE.Netronome;md5=cd2a3e6effe3cdf42731575b8e9477ed \
+    file://LICENCE.Netronome;md5=4add08f2577086d44447996503cddf5f \
     file://LICENCE.nvidia;md5=4428a922ed3ba2ceec95f076a488ce07 \
     file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
     file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
     file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
     file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
+    file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
     file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
     file://LICENCE.qla2xxx;md5=505855e921b75f1be4a437ad9b79dff0 \
     file://LICENSE.QualcommAtheros_ar3k;md5=b5fe244fb2b532311de1472a3bc06da5 \
@@ -116,7 +118,7 @@ LIC_FILES_CHKSUM = "\
     file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
     file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
     file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
-    file://WHENCE;md5=08f6d4371353cac5f6fc271d5407c63e \
+    file://WHENCE;md5=6f46986f4e913ef16b765c2319cc5141 \
 "
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -156,6 +158,7 @@ NO_GENERIC_LICENSE[Firmware-OLPC] = "LICENCE.OLPC"
 NO_GENERIC_LICENSE[Firmware-ath9k-htc] = "LICENCE.open-ath9k-htc-firmware"
 NO_GENERIC_LICENSE[Firmware-phanfw] = "LICENCE.phanfw"
 NO_GENERIC_LICENSE[Firmware-qat] = "LICENCE.qat_firmware"
+NO_GENERIC_LICENSE[Firmware-qcom] = "LICENSE.qcom"
 NO_GENERIC_LICENSE[Firmware-qla1280] = "LICENCE.qla1280"
 NO_GENERIC_LICENSE[Firmware-qla2xxx] = "LICENCE.qla2xxx"
 NO_GENERIC_LICENSE[Firmware-qualcommAthos_ar3k] = "LICENSE.QualcommAtheros_ar3k"
@@ -178,7 +181,7 @@ NO_GENERIC_LICENSE[Firmware-xc5000] = "LICENCE.xc5000"
 NO_GENERIC_LICENSE[Firmware-xc5000c] = "LICENCE.xc5000c"
 NO_GENERIC_LICENSE[WHENCE] = "WHENCE"
 
-SRCREV = "a61ac5cf8374edbfe692d12f805a1b194f7fead2"
+SRCREV = "8fc2d4e55685bf73b6f7752383da9067404a74bb"
 PE = "1"
 PV = "0.0+git${SRCPV}"
 
@@ -229,6 +232,7 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-ti-connectivity-license ${PN}-wl12xx ${PN}-wl18xx \
              ${PN}-vt6656-license ${PN}-vt6656 \
              ${PN}-rtl-license ${PN}-rtl8188 ${PN}-rtl8192cu ${PN}-rtl8192ce ${PN}-rtl8192su ${PN}-rtl8723 ${PN}-rtl8821 \
+             ${PN}-rtl8168 \
              ${PN}-broadcom-license \
              ${PN}-bcm4329 ${PN}-bcm4330 ${PN}-bcm4334 ${PN}-bcm43340 \
              ${PN}-bcm43362 ${PN}-bcm4339 ${PN}-bcm43430 ${PN}-bcm4354 \
@@ -249,13 +253,19 @@ PACKAGES =+ "${PN}-ralink-license ${PN}-ralink \
              ${PN}-iwlwifi-7260 \
              ${PN}-iwlwifi-7265 \
              ${PN}-iwlwifi-7265d ${PN}-iwlwifi-8000c ${PN}-iwlwifi-8265 \
+             ${PN}-iwlwifi-9000 \
              ${PN}-iwlwifi-misc \
              ${PN}-ibt-license ${PN}-ibt ${PN}-ibt-misc \
              ${PN}-ibt-11-5 ${PN}-ibt-12-16 ${PN}-ibt-hw-37-7 ${PN}-ibt-hw-37-8 \
+             ${PN}-ibt-17 \
              ${PN}-i915-license ${PN}-i915 \
              ${PN}-adsp-sst-license ${PN}-adsp-sst \
              ${PN}-bnx2-mips \
              ${PN}-netronome-license ${PN}-netronome \
+             ${PN}-qat ${PN}-qat-license \
+             ${PN}-qcom-license \
+             ${PN}-qcom-venus-1.8 ${PN}-qcom-venus-4.2 \
+             ${PN}-qcom-adreno-a3xx ${PN}-qcom-adreno-a530 \
              ${PN}-whence-license \
              ${PN}-license \
              "
@@ -431,6 +441,7 @@ LICENSE_${PN}-rtl8192su = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl8723 = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl8821 = "Firmware-rtlwifi_firmware"
 LICENSE_${PN}-rtl-license = "Firmware-rtlwifi_firmware"
+LICENSE_${PN}-rtl8168 = "WHENCE"
 
 FILES_${PN}-rtl-license = " \
   ${nonarch_base_libdir}/firmware/LICENCE.rtlwifi_firmware.txt \
@@ -453,6 +464,9 @@ FILES_${PN}-rtl8723 = " \
 FILES_${PN}-rtl8821 = " \
   ${nonarch_base_libdir}/firmware/rtlwifi/rtl8821*.bin \
 "
+FILES_${PN}-rtl8168 = " \
+  ${nonarch_base_libdir}/firmware/rtl_nic/rtl8168*.fw \
+"
 
 RDEPENDS_${PN}-rtl8188 += "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8192ce += "${PN}-rtl-license"
@@ -460,6 +474,7 @@ RDEPENDS_${PN}-rtl8192cu += "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8192su = "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8723 += "${PN}-rtl-license"
 RDEPENDS_${PN}-rtl8821 += "${PN}-rtl-license"
+RDEPENDS_${PN}-rtl8168 += "${PN}-whence-license"
 
 # For ti-connectivity
 LICENSE_${PN}-wl12xx = "Firmware-ti-connectivity"
@@ -595,6 +610,7 @@ LICENSE_${PN}-iwlwifi-7265      = "Firmware-iwlwifi_firmware"
 LICENSE_${PN}-iwlwifi-7265d     = "Firmware-iwlwifi_firmware"
 LICENSE_${PN}-iwlwifi-8000c     = "Firmware-iwlwifi_firmware"
 LICENSE_${PN}-iwlwifi-8265      = "Firmware-iwlwifi_firmware"
+LICENSE_${PN}-iwlwifi-9000      = "Firmware-iwlwifi_firmware"
 LICENSE_${PN}-iwlwifi-misc      = "Firmware-iwlwifi_firmware"
 LICENSE_${PN}-iwlwifi-license   = "Firmware-iwlwifi_firmware"
 
@@ -621,6 +637,7 @@ FILES_${PN}-iwlwifi-7265   = "${nonarch_base_libdir}/firmware/iwlwifi-7265-*.uco
 FILES_${PN}-iwlwifi-7265d   = "${nonarch_base_libdir}/firmware/iwlwifi-7265D-*.ucode"
 FILES_${PN}-iwlwifi-8000c   = "${nonarch_base_libdir}/firmware/iwlwifi-8000C-*.ucode"
 FILES_${PN}-iwlwifi-8265   = "${nonarch_base_libdir}/firmware/iwlwifi-8265-*.ucode"
+FILES_${PN}-iwlwifi-9000   = "${nonarch_base_libdir}/firmware/iwlwifi-9000-*.ucode"
 FILES_${PN}-iwlwifi-misc   = "${nonarch_base_libdir}/firmware/iwlwifi-*.ucode"
 
 RDEPENDS_${PN}-iwlwifi-135-6     = "${PN}-iwlwifi-license"
@@ -644,6 +661,7 @@ RDEPENDS_${PN}-iwlwifi-7265      = "${PN}-iwlwifi-license"
 RDEPENDS_${PN}-iwlwifi-7265d     = "${PN}-iwlwifi-license"
 RDEPENDS_${PN}-iwlwifi-8000c     = "${PN}-iwlwifi-license"
 RDEPENDS_${PN}-iwlwifi-8265      = "${PN}-iwlwifi-license"
+RDEPENDS_${PN}-iwlwifi-9000      = "${PN}-iwlwifi-license"
 RDEPENDS_${PN}-iwlwifi-misc      = "${PN}-iwlwifi-license"
 
 # -iwlwifi-misc is a "catch all" package that includes all the iwlwifi
@@ -669,6 +687,7 @@ LICENSE_${PN}-ibt-hw-37-7 = "Firmware-ibt_firmware"
 LICENSE_${PN}-ibt-hw-37-8 = "Firmware-ibt_firmware"
 LICENSE_${PN}-ibt-11-5    = "Firmware-ibt_firmware"
 LICENSE_${PN}-ibt-12-16   = "Firmware-ibt_firmware"
+LICENSE_${PN}-ibt-17 = "Firmware-ibt_firmware"
 LICENSE_${PN}-ibt-misc    = "Firmware-ibt_firmware"
 
 FILES_${PN}-ibt-license = "${nonarch_base_libdir}/firmware/LICENCE.ibt_firmware"
@@ -676,12 +695,14 @@ FILES_${PN}-ibt-hw-37-7 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.7*.bs
 FILES_${PN}-ibt-hw-37-8 = "${nonarch_base_libdir}/firmware/intel/ibt-hw-37.8*.bseq"
 FILES_${PN}-ibt-11-5    = "${nonarch_base_libdir}/firmware/intel/ibt-11-5.sfi /lib/firmware/intel/ibt-11-5.ddc"
 FILES_${PN}-ibt-12-16   = "${nonarch_base_libdir}/firmware/intel/ibt-12-16.sfi /lib/firmware/intel/ibt-12-16.ddc"
+FILES_${PN}-ibt-17 = "${nonarch_base_libdir}/firmware/intel/ibt-17-*.sfi /lib/firmware/intel/ibt-17-*.ddc"
 FILES_${PN}-ibt-misc    = "${nonarch_base_libdir}/firmware/ibt-*"
 
 RDEPENDS_${PN}-ibt-hw-37-7 = "${PN}-ibt-license"
 RDEPENDS_${PN}-ibt-hw-37.8 = "${PN}-ibt-license"
 RDEPENDS_${PN}-ibt-11-5    = "${PN}-ibt-license"
 RDEPENDS_${PN}-ibt-12-16   = "${PN}-ibt-license"
+RDEPENDS_${PN}-ibt-17 = "${PN}-ibt-license"
 RDEPENDS_${PN}-ibt-misc    = "${PN}-ibt-license"
 
 ALLOW_EMPTY_${PN}-ibt= "1"
@@ -699,6 +720,25 @@ LICENSE_${PN}-adsp-sst-license    = "Firmware-adsp_sst"
 FILES_${PN}-adsp-sst              = "${nonarch_base_libdir}/firmware/intel/dsp_fw*"
 RDEPENDS_${PN}-adsp-sst           = "${PN}-adsp-sst-license"
 
+# For QAT
+LICENSE_${PN}-qat         = "Firmware-qat"
+LICENSE_${PN}-qat-license = "Firmware-qat"
+FILES_${PN}-qat-license   = "${nonarch_base_libdir}/firmware/LICENCE.qat_firmware"
+FILES_${PN}-qat           = "${nonarch_base_libdir}/firmware/qat*.bin"
+RDEPENDS_${PN}-qat        = "${PN}-qat-license"
+
+# For QCOM VPU/GPU
+LICENSE_${PN}-qcom-license = "Firmware-qcom"
+FILES_${PN}-qcom-license   = "${nonarch_base_libdir}/firmware/LICENSE.qcom ${nonarch_base_libdir}/firmware/qcom/NOTICE.txt"
+FILES_${PN}-qcom-venus-1.8 = "${nonarch_base_libdir}/firmware/qcom/venus-1.8/*"
+FILES_${PN}-qcom-venus-4.2 = "${nonarch_base_libdir}/firmware/qcom/venus-4.2/*"
+FILES_${PN}-qcom-adreno-a3xx = "${nonarch_base_libdir}/firmware/qcom/a300_*.fw ${nonarch_base_libdir}/firmware/a300_*.fw"
+FILES_${PN}-qcom-adreno-a530 = "${nonarch_base_libdir}/firmware/qcom/a530*.*"
+RDEPENDS_${PN}-qcom-venus-1.8 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-venus-4.2 = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a3xx = "${PN}-qcom-license"
+RDEPENDS_${PN}-qcom-adreno-a530 = "${PN}-qcom-license"
+
 # For other firmwares
 # Maybe split out to separate packages when needed.
 LICENSE_${PN} = "\
@@ -729,6 +769,7 @@ LICENSE_${PN} = "\
     & Firmware-ath9k-htc \
     & Firmware-phanfw \
     & Firmware-qat \
+    & Firmware-qcom \
     & Firmware-qla1280 \
     & Firmware-qla2xxx \
     & Firmware-r8a779x_usb3 \
diff --git a/meta/recipes-kernel/linux/kernel-devsrc.bb b/meta/recipes-kernel/linux/kernel-devsrc.bb
index c1b5b7786d..8bbfa23e4b 100644
--- a/meta/recipes-kernel/linux/kernel-devsrc.bb
+++ b/meta/recipes-kernel/linux/kernel-devsrc.bb
@@ -69,6 +69,13 @@ do_install() {
                 cp ${B}/arch/powerpc/lib/crtsavres.o $kerneldir/arch/powerpc/lib/crtsavres.o
         fi
 
+        # Remove fixdep/objtool as they won't be target binaries
+        for i in fixdep objtool; do
+                if [ -e $kerneldir/tools/objtool/$i ]; then
+                        rm -rf $kerneldir/tools/objtool/$i
+                fi
+        done
+
         chown -R root:root ${D}
 }
 # Ensure we don't race against "make scripts" during cpio
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb
index f93d9530eb..fd31bf986c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.10.bb
@@ -12,7 +12,7 @@ python () {
 }
 
 SRCREV_machine ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
-SRCREV_meta ?= "40ee48ac099c04f60d2c132031d9625a4e0c4c9e"
+SRCREV_meta ?= "1d9a8200184af22f8981fa24b0e82af49c7988dd"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.10.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
index 983c1cc758..e6061f7293 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.12.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "2143b758ad622a73c7c0b3fc8890b81000187635"
-SRCREV_meta ?= "cebe198870d781829bd997a188cc34d9f7a61023"
+SRCREV_machine ?= "ef88c3326f62cec4b98340324ddbe7f7f7704fd5"
+SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.12.14"
+LINUX_VERSION ?= "4.12.28"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
index c1cbf35a25..cd6e0aa17b 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "2c13d27d73b9fddd38fd407326e82240a494d803"
-SRCREV_meta ?= "ae0119a2ff737b8c14bdf904b4c6eb790a7792cb"
+SRCREV_machine ?= "515e72c4bbb5d99964669052220fe459177b7329"
+SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.4.93"
+LINUX_VERSION ?= "4.4.162"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb
index b6c98a5bb3..539865cae7 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.9.bb
@@ -11,13 +11,13 @@ python () {
         raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "3039bc8f8f7e84de15c5823783c067c3e50fa7b6"
-SRCREV_meta ?= "cdbd35c54b6a62e4fd543164f1dcdf92c85cff2d"
+SRCREV_machine ?= "3ba839d695fd3681e6920373fc260a2a3f812b8f"
+SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;branch=${KBRANCH};name=machine \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.9.57"
+LINUX_VERSION ?= "4.9.113"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb
index edaf853027..b223497693 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.10.bb
@@ -10,7 +10,7 @@ KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
-SRCREV_meta ?= "40ee48ac099c04f60d2c132031d9625a4e0c4c9e"
+SRCREV_meta ?= "1d9a8200184af22f8981fa24b0e82af49c7988dd"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
index 658ecc0d6d..cb4ef3a659 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.12.bb
@@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "4.12.14"
+LINUX_VERSION ?= "4.12.28"
 
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "9cc6b0ae1aad7312e85ac4134398f81c0140de33"
-SRCREV_meta ?= "cebe198870d781829bd997a188cc34d9f7a61023"
+SRCREV_machine ?= "e562267bae5b518acca880c929fbbdf6be047e0a"
+SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
index dd380955b5..fcf0c6a68c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb
@@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "4.4.93"
+LINUX_VERSION ?= "4.4.162"
 
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "f070447fb60b5b939c94583d7c05f55ec2b37acd"
-SRCREV_meta ?= "ae0119a2ff737b8c14bdf904b4c6eb790a7792cb"
+SRCREV_machine ?= "a575843cceb539c7b0514e7d74b7936ca104b623"
+SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb
index 79b8bfdfc8..78b2a9640e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.9.bb
@@ -4,13 +4,13 @@ KCONFIG_MODE = "--allnoconfig"
 
 require recipes-kernel/linux/linux-yocto.inc
 
-LINUX_VERSION ?= "4.9.57"
+LINUX_VERSION ?= "4.9.113"
 
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "cd8f9254aaaacbfa7f45fcc0bf2bb307615a174b"
-SRCREV_meta ?= "cdbd35c54b6a62e4fd543164f1dcdf92c85cff2d"
+SRCREV_machine ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07"
+SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.10.bb b/meta/recipes-kernel/linux/linux-yocto_4.10.bb
index 7fcc753a70..1fe3cca2ab 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.10.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
 SRCREV_machine_qemux86-64 ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
 SRCREV_machine_qemumips64 ?= "8bb135e71037c46175bbcc7acf387309b2e17133"
 SRCREV_machine ?= "c1d8c4408b8aedd88eeb6ccc89ce834dd41b3f09"
-SRCREV_meta ?= "40ee48ac099c04f60d2c132031d9625a4e0c4c9e"
+SRCREV_meta ?= "1d9a8200184af22f8981fa24b0e82af49c7988dd"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.10.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.10;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.12.bb b/meta/recipes-kernel/linux/linux-yocto_4.12.bb
index a7dd763513..0aea05b83f 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.12.bb
@@ -11,20 +11,22 @@ KBRANCH_qemux86  ?= "standard/base"
 KBRANCH_qemux86-64 ?= "standard/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "03489013c6844bf3f911e51c5b8cd3bd5c1dc6e9"
-SRCREV_machine_qemuarm64 ?= "9cc6b0ae1aad7312e85ac4134398f81c0140de33"
-SRCREV_machine_qemumips ?= "c22264e2e3340eb8affa9a9fc0b86decb2be26c6"
-SRCREV_machine_qemuppc ?= "9cc6b0ae1aad7312e85ac4134398f81c0140de33"
-SRCREV_machine_qemux86 ?= "9cc6b0ae1aad7312e85ac4134398f81c0140de33"
-SRCREV_machine_qemux86-64 ?= "9cc6b0ae1aad7312e85ac4134398f81c0140de33"
-SRCREV_machine_qemumips64 ?= "ead3f1c16e85d1b1074acdd13084b5cdf1104e23"
-SRCREV_machine ?= "9cc6b0ae1aad7312e85ac4134398f81c0140de33"
-SRCREV_meta ?= "cebe198870d781829bd997a188cc34d9f7a61023"
+SRCREV_machine_qemuarm ?= "b84ecefc243a6ed67d8b6020394963de1240a9f0"
+SRCREV_machine_qemuarm64 ?= "e562267bae5b518acca880c929fbbdf6be047e0a"
+SRCREV_machine_qemumips ?= "15b1ab68f73fa60dd95a74c640e87e05fad1716d"
+SRCREV_machine_qemuppc ?= "e562267bae5b518acca880c929fbbdf6be047e0a"
+SRCREV_machine_qemux86 ?= "e562267bae5b518acca880c929fbbdf6be047e0a"
+SRCREV_machine_qemux86-64 ?= "e562267bae5b518acca880c929fbbdf6be047e0a"
+SRCREV_machine_qemumips64 ?= "57a3f72a020fc84f2da5b0b4c5de4cdbc22b3284"
+SRCREV_machine ?= "e562267bae5b518acca880c929fbbdf6be047e0a"
+SRCREV_meta ?= "2ae65226f64ed5c888d60eef76b6249db678d060"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.12.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.12;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.12.14"
+DEPENDS += "openssl-native util-linux-native"
+
+LINUX_VERSION ?= "4.12.28"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.4.bb b/meta/recipes-kernel/linux/linux-yocto_4.4.bb
index 4d8d3da84a..9d0724712a 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.4.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86  ?= "standard/base"
 KBRANCH_qemux86-64 ?= "standard/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "5f3e5944108bc43f8ad657be259569b15e16b0f7"
-SRCREV_machine_qemuarm64 ?= "f070447fb60b5b939c94583d7c05f55ec2b37acd"
-SRCREV_machine_qemumips ?= "5827dccb88b14a64dbe6ee78efb07735236ce8ea"
-SRCREV_machine_qemuppc ?= "f070447fb60b5b939c94583d7c05f55ec2b37acd"
-SRCREV_machine_qemux86 ?= "f070447fb60b5b939c94583d7c05f55ec2b37acd"
-SRCREV_machine_qemux86-64 ?= "f070447fb60b5b939c94583d7c05f55ec2b37acd"
-SRCREV_machine_qemumips64 ?= "b8bcb7ea6836c9373f03fec69438d0c7225125f8"
-SRCREV_machine ?= "f070447fb60b5b939c94583d7c05f55ec2b37acd"
-SRCREV_meta ?= "ae0119a2ff737b8c14bdf904b4c6eb790a7792cb"
+SRCREV_machine_qemuarm ?= "a68a73dbd3c37ec21239dd97060eef308f1ff958"
+SRCREV_machine_qemuarm64 ?= "a575843cceb539c7b0514e7d74b7936ca104b623"
+SRCREV_machine_qemumips ?= "3c0e62ea8803a1757e389dcd6233e3d6acba8d2c"
+SRCREV_machine_qemuppc ?= "a575843cceb539c7b0514e7d74b7936ca104b623"
+SRCREV_machine_qemux86 ?= "a575843cceb539c7b0514e7d74b7936ca104b623"
+SRCREV_machine_qemux86-64 ?= "a575843cceb539c7b0514e7d74b7936ca104b623"
+SRCREV_machine_qemumips64 ?= "eaed2a94a20c7f65afa342d9243f19337f63b434"
+SRCREV_machine ?= "a575843cceb539c7b0514e7d74b7936ca104b623"
+SRCREV_meta ?= "69ebea34250696ebe2d8c87c553480974e56d922"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.4.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.4;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.4.93"
+LINUX_VERSION ?= "4.4.162"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.9.bb b/meta/recipes-kernel/linux/linux-yocto_4.9.bb
index 24867928d9..5826ba6e2a 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.9.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.9.bb
@@ -11,20 +11,20 @@ KBRANCH_qemux86  ?= "standard/base"
 KBRANCH_qemux86-64 ?= "standard/base"
 KBRANCH_qemumips64 ?= "standard/mti-malta64"
 
-SRCREV_machine_qemuarm ?= "d5283083c827e18c5500d80c25b0a5eb76f64607"
-SRCREV_machine_qemuarm64 ?= "cd8f9254aaaacbfa7f45fcc0bf2bb307615a174b"
-SRCREV_machine_qemumips ?= "46f372c4c36868dd3546984efa408c2fe41c8fba"
-SRCREV_machine_qemuppc ?= "cd8f9254aaaacbfa7f45fcc0bf2bb307615a174b"
-SRCREV_machine_qemux86 ?= "cd8f9254aaaacbfa7f45fcc0bf2bb307615a174b"
-SRCREV_machine_qemux86-64 ?= "cd8f9254aaaacbfa7f45fcc0bf2bb307615a174b"
-SRCREV_machine_qemumips64 ?= "b88c2da88e31179a9cf7c22651e69adefcaa250f"
-SRCREV_machine ?= "cd8f9254aaaacbfa7f45fcc0bf2bb307615a174b"
-SRCREV_meta ?= "cdbd35c54b6a62e4fd543164f1dcdf92c85cff2d"
+SRCREV_machine_qemuarm ?= "cd831469d8eb4d900fe65985921d2003c59f3a86"
+SRCREV_machine_qemuarm64 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07"
+SRCREV_machine_qemumips ?= "24b020741e8762ec8aeb5be95f842332083b2028"
+SRCREV_machine_qemuppc ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07"
+SRCREV_machine_qemux86 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07"
+SRCREV_machine_qemux86-64 ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07"
+SRCREV_machine_qemumips64 ?= "100a1682529e34d118d5552c9db773635cd2c621"
+SRCREV_machine ?= "1b742cf55fc29d0ffc9d651520ad7d59145bbc07"
+SRCREV_meta ?= "5e993963afb54bdc82a02077c29ecdbc0b12368e"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.9.git;name=machine;branch=${KBRANCH}; \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.9;destsuffix=${KMETA}"
 
-LINUX_VERSION ?= "4.9.57"
+LINUX_VERSION ?= "4.9.113"
 
 PV = "${LINUX_VERSION}+git${SRCPV}"
 
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.9.5.bb b/meta/recipes-kernel/lttng/lttng-modules_2.10.5.bb
index 61d97442d5..370b78aae1 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.9.5.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.10.5.bb
@@ -2,9 +2,10 @@ SECTION = "devel"
 SUMMARY = "Linux Trace Toolkit KERNEL MODULE"
 DESCRIPTION = "The lttng-modules 2.0 package contains the kernel tracer modules"
 LICENSE = "LGPLv2.1 & GPLv2 & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=362844633a08753bd96ab322a6c7f9f6 \
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c4613d1f8a9587bd7b366191830364b3 \
                     file://gpl-2.0.txt;md5=751419260aa954499f7abaabaa882bbe \
-                    file://lgpl-2.1.txt;md5=243b725d71bb5df4a1e5920b344b86ad"
+                    file://lgpl-2.1.txt;md5=243b725d71bb5df4a1e5920b344b86ad \
+                    "
 
 inherit module
 
@@ -15,8 +16,8 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://BUILD_RUNTIME_BUG_ON-vs-gcc7.patch \
 "
 
-SRC_URI[md5sum] = "af97aaaf86133fd783bb9937dc3b4d59"
-SRC_URI[sha256sum] = "3f4e82ceb1c3c1875ec1fe89fba08294ed7feec2161339a5a71a066b27fc3e22"
+SRC_URI[md5sum] = "4aaabaafd15d9455c83972e26ccfbca7"
+SRC_URI[sha256sum] = "b8dbbbee45a673c381f51b99c555e36655c3c2c7a5477aab927591cc7f003a1f"
 
 export INSTALL_MOD_DIR="kernel/lttng-modules"
 
diff --git a/meta/recipes-kernel/lttng/lttng-ust_2.9.1.bb b/meta/recipes-kernel/lttng/lttng-ust_2.10.1.bb
index 03da4ca609..d79a47931c 100644
--- a/meta/recipes-kernel/lttng/lttng-ust_2.9.1.bb
+++ b/meta/recipes-kernel/lttng/lttng-ust_2.10.1.bb
@@ -23,8 +23,8 @@ PE = "2"
 SRC_URI = "https://lttng.org/files/lttng-ust/lttng-ust-${PV}.tar.bz2 \
            file://lttng-ust-doc-examples-disable.patch \
           "
-SRC_URI[md5sum] = "5a5636fc3d9aa370f65b25a802a79e6e"
-SRC_URI[sha256sum] = "b891d267cdbbbd11cf34751f66c21c4a7fdc0eec3c1b53be2c40dca073b7daa4"
+SRC_URI[md5sum] = "4863cc2f9f0a070b42438bb646bbba06"
+SRC_URI[sha256sum] = "07cc3c0b71e7b77f1913d5b7f340a78a9af414440e4662712aef2d635b88ee9d"
 
 CVE_PRODUCT = "ust"
 
diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index b79b973947..6fd23d63e3 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -22,6 +22,9 @@ PACKAGECONFIG[libnuma] = ",NO_LIBNUMA=1"
 PACKAGECONFIG[systemtap] = ",NO_SDT=1,systemtap"
 PACKAGECONFIG[jvmti] = ",NO_JVMTI=1"
 
+# libaudit support would need scripting to be enabled
+PACKAGECONFIG[audit] = ",NO_LIBAUDIT=1,audit"
+
 DEPENDS = " \
     virtual/${MLPREFIX}libc \
     ${MLPREFIX}elfutils \
@@ -56,7 +59,7 @@ export PERL_ARCHLIB = "${STAGING_LIBDIR}${PERL_OWN_DIR}/perl/${@get_perl_version
 
 inherit kernelsrc
 
-B = "${WORKDIR}/${BPN}-${PV}"
+S = "${WORKDIR}/${BP}"
 SPDX_S = "${S}/tools/perf"
 
 # The LDFLAGS is required or some old kernels fails due missing
@@ -92,6 +95,24 @@ EXTRA_OEMAKE += "\
     'infodir=${@os.path.relpath(infodir, prefix)}' \
 "
 
+# During do_configure, we might run a 'make clean'. That often breaks
+# when done in parallel, so disable parallelism for do_configure. Note
+# that it has to be done this way rather than by passing -j1, since
+# perf's build system by default ignores any -j argument, but does
+# honour a JOBS variable.
+EXTRA_OEMAKE_append_task-configure = " JOBS=1"
+
+PERF_SRC ?= "Makefile \
+             include \
+             tools/arch \
+             tools/build \
+             tools/include \
+             tools/lib \
+             tools/Makefile \
+             tools/perf \
+             tools/scripts \
+"
+
 PERF_EXTRA_LDFLAGS = ""
 
 # MIPS N32
@@ -114,11 +135,22 @@ do_install() {
 	fi
 }
 
-do_configure_prepend () {
-    # Fix for rebuilding
-    rm -rf ${B}/
-    mkdir -p ${B}/
+do_configure[prefuncs] += "copy_perf_source_from_kernel"
+python copy_perf_source_from_kernel() {
+    sources = (d.getVar("PERF_SRC") or "").split()
+    src_dir = d.getVar("STAGING_KERNEL_DIR")
+    dest_dir = d.getVar("S")
+    bb.utils.mkdirhier(dest_dir)
+    for s in sources:
+        src = oe.path.join(src_dir, s)
+        dest = oe.path.join(dest_dir, s)
+        if os.path.isdir(src):
+            oe.path.copyhardlinktree(src, dest)
+        else:
+            bb.utils.copyfile(src, dest)
+}
 
+do_configure_prepend () {
     # If building a multlib based perf, the incorrect library path will be
     # detected by perf, since it triggers via: ifeq ($(ARCH),x86_64). In a 32 bit
     # build, with a 64 bit multilib, the arch won't match and the detection of a 
@@ -214,7 +246,7 @@ PACKAGES =+ "${PN}-archive ${PN}-tests ${PN}-perl ${PN}-python"
 RDEPENDS_${PN} += "elfutils bash"
 RDEPENDS_${PN}-doc += "man"
 RDEPENDS_${PN}-archive =+ "bash"
-RDEPENDS_${PN}-python =+ "bash python python-modules"
+RDEPENDS_${PN}-python =+ "bash python python-modules ${@bb.utils.contains('PACKAGECONFIG', 'audit', 'audit-python', '', d)}"
 RDEPENDS_${PN}-perl =+ "bash perl perl-modules"
 RDEPENDS_${PN}-tests =+ "python"
 
diff --git a/meta/recipes-multimedia/lame/lame/CVE-2017-13712.patch b/meta/recipes-multimedia/lame/lame/CVE-2017-13712.patch
deleted file mode 100644
index f9ec7665ff..0000000000
--- a/meta/recipes-multimedia/lame/lame/CVE-2017-13712.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-Upstream-Status: Backport [http://lame.cvs.sourceforge.net/viewvc/lame/lame/libmp3lame/id3tag.c?r1=1.79&r2=1.80]
-
-Backport patch to fix CVE-2017-13712 for lame.
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
---- a/libmp3lame/id3tag.c	2017/08/22 19:44:05	1.79
-+++ b/libmp3lame/id3tag.c	2017/08/28 15:39:51	1.80
-@@ -194,7 +194,11 @@
- }
- #endif
- 
--
-+static int
-+is_lame_internal_flags_null(lame_t gfp)
-+{
-+    return (gfp && gfp->internal_flags) ? 0 : 1;
-+}
- 
- static int
- id3v2_add_ucs2_lng(lame_t gfp, uint32_t frame_id, unsigned short const *desc, unsigned short const *text);
-@@ -238,8 +242,7 @@
- static void
- id3v2AddAudioDuration(lame_t gfp, double ms)
- {
--    lame_internal_flags *gfc = gfp != 0 ? gfp->internal_flags : 0;
--    SessionConfig_t const *const cfg = &gfc->cfg;
-+    SessionConfig_t const *const cfg = &gfp->internal_flags->cfg; /* caller checked pointers */
-     char    buffer[1024];
-     double const max_ulong = MAX_U_32_NUM;
-     unsigned long playlength_ms;
-@@ -280,7 +283,12 @@
- void
- id3tag_init(lame_t gfp)
- {
--    lame_internal_flags *gfc = gfp->internal_flags;
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return;
-+    }
-+    gfc = gfp->internal_flags;
-     free_id3tag(gfc);
-     memset(&gfc->tag_spec, 0, sizeof gfc->tag_spec);
-     gfc->tag_spec.genre_id3v1 = GENRE_NUM_UNKNOWN;
-@@ -293,7 +301,12 @@
- void
- id3tag_add_v2(lame_t gfp)
- {
--    lame_internal_flags *gfc = gfp->internal_flags;
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return;
-+    }
-+    gfc = gfp->internal_flags;
-     gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
-     gfc->tag_spec.flags |= ADD_V2_FLAG;
- }
-@@ -301,7 +314,12 @@
- void
- id3tag_v1_only(lame_t gfp)
- {
--    lame_internal_flags *gfc = gfp->internal_flags;
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return;
-+    }
-+    gfc = gfp->internal_flags;
-     gfc->tag_spec.flags &= ~(ADD_V2_FLAG | V2_ONLY_FLAG);
-     gfc->tag_spec.flags |= V1_ONLY_FLAG;
- }
-@@ -309,7 +327,12 @@
- void
- id3tag_v2_only(lame_t gfp)
- {
--    lame_internal_flags *gfc = gfp->internal_flags;
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return;
-+    }
-+    gfc = gfp->internal_flags;
-     gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
-     gfc->tag_spec.flags |= V2_ONLY_FLAG;
- }
-@@ -317,7 +340,12 @@
- void
- id3tag_space_v1(lame_t gfp)
- {
--    lame_internal_flags *gfc = gfp->internal_flags;
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return;
-+    }
-+    gfc = gfp->internal_flags;
-     gfc->tag_spec.flags &= ~V2_ONLY_FLAG;
-     gfc->tag_spec.flags |= SPACE_V1_FLAG;
- }
-@@ -331,7 +359,12 @@
- void
- id3tag_set_pad(lame_t gfp, size_t n)
- {
--    lame_internal_flags *gfc = gfp->internal_flags;
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return;
-+    }
-+    gfc = gfp->internal_flags;
-     gfc->tag_spec.flags &= ~V1_ONLY_FLAG;
-     gfc->tag_spec.flags |= PAD_V2_FLAG;
-     gfc->tag_spec.flags |= ADD_V2_FLAG;
-@@ -583,22 +616,29 @@
- int
- id3tag_set_albumart(lame_t gfp, const char *image, size_t size)
- {
--    int     mimetype = 0;
--    unsigned char const *data = (unsigned char const *) image;
--    lame_internal_flags *gfc = gfp->internal_flags;
--
--    /* determine MIME type from the actual image data */
--    if (2 < size && data[0] == 0xFF && data[1] == 0xD8) {
--        mimetype = MIMETYPE_JPEG;
--    }
--    else if (4 < size && data[0] == 0x89 && strncmp((const char *) &data[1], "PNG", 3) == 0) {
--        mimetype = MIMETYPE_PNG;
--    }
--    else if (4 < size && strncmp((const char *) data, "GIF8", 4) == 0) {
--        mimetype = MIMETYPE_GIF;
-+    int     mimetype = MIMETYPE_NONE;
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-     }
--    else {
--        return -1;
-+    gfc = gfp->internal_flags;
-+
-+    if (image != 0) {
-+        unsigned char const *data = (unsigned char const *) image;
-+        /* determine MIME type from the actual image data */
-+        if (2 < size && data[0] == 0xFF && data[1] == 0xD8) {
-+            mimetype = MIMETYPE_JPEG;
-+        }
-+        else if (4 < size && data[0] == 0x89 && strncmp((const char *) &data[1], "PNG", 3) == 0) {
-+            mimetype = MIMETYPE_PNG;
-+        }
-+        else if (4 < size && strncmp((const char *) data, "GIF8", 4) == 0) {
-+            mimetype = MIMETYPE_GIF;
-+        }
-+        else {
-+            return -1;
-+        }
-     }
-     if (gfc->tag_spec.albumart != 0) {
-         free(gfc->tag_spec.albumart);
-@@ -606,7 +646,7 @@
-         gfc->tag_spec.albumart_size = 0;
-         gfc->tag_spec.albumart_mimetype = MIMETYPE_NONE;
-     }
--    if (size < 1) {
-+    if (size < 1 || mimetype == MIMETYPE_NONE) {
-         return 0;
-     }
-     gfc->tag_spec.albumart = lame_calloc(unsigned char, size);
-@@ -959,6 +999,9 @@
-     if (frame_id == 0) {
-         return -1;
-     }
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-     if (text == 0) {
-         return 0;
-     }
-@@ -1008,6 +1051,9 @@
-     if (frame_id == 0) {
-         return -1;
-     }
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-     if (text == 0) {
-         return 0;
-     }
-@@ -1037,6 +1083,9 @@
- int
- id3tag_set_comment_latin1(lame_t gfp, char const *lang, char const *desc, char const *text)
- {
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-     return id3v2_add_latin1(gfp, ID_COMMENT, lang, desc, text);
- }
- 
-@@ -1044,6 +1093,9 @@
- int
- id3tag_set_comment_utf16(lame_t gfp, char const *lang, unsigned short const *desc, unsigned short const *text)
- {
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-     return id3v2_add_ucs2(gfp, ID_COMMENT, lang, desc, text);
- }
- 
-@@ -1054,6 +1106,9 @@
- int
- id3tag_set_comment_ucs2(lame_t gfp, char const *lang, unsigned short const *desc, unsigned short const *text)
- {
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-     return id3tag_set_comment_utf16(gfp, lang, desc, text);
- }
- 
-@@ -1244,9 +1299,9 @@
- int
- id3tag_set_genre(lame_t gfp, const char *genre)
- {
--    lame_internal_flags *gfc = gfp->internal_flags;
-+    lame_internal_flags *gfc = gfp != 0 ? gfp->internal_flags : 0;
-     int     ret = 0;
--    if (genre && *genre) {
-+    if (gfc && genre && *genre) {
-         int const num = lookupGenre(genre);
-         if (num == -1) return num;
-         gfc->tag_spec.flags |= CHANGED_FLAG;
-@@ -1539,6 +1594,9 @@
- int
- id3tag_set_fieldvalue(lame_t gfp, const char *fieldvalue)
- {
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-     if (fieldvalue && *fieldvalue) {
-         if (strlen(fieldvalue) < 5 || fieldvalue[4] != '=') {
-             return -1;
-@@ -1551,6 +1609,9 @@
- int
- id3tag_set_fieldvalue_utf16(lame_t gfp, const unsigned short *fieldvalue)
- {
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-     if (fieldvalue && *fieldvalue) {
-         size_t dx = hasUcs2ByteOrderMarker(fieldvalue[0]);
-         unsigned short const separator = fromLatin1Char(fieldvalue, '=');
-@@ -1581,20 +1642,21 @@
- int
- id3tag_set_fieldvalue_ucs2(lame_t gfp, const unsigned short *fieldvalue)
- {
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-     return id3tag_set_fieldvalue_utf16(gfp, fieldvalue);
- }
- 
- size_t
- lame_get_id3v2_tag(lame_t gfp, unsigned char *buffer, size_t size)
- {
--    lame_internal_flags *gfc;
--    if (gfp == 0) {
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-         return 0;
-     }
-     gfc = gfp->internal_flags;
--    if (gfc == 0) {
--        return 0;
--    }
-     if (test_tag_spec_flags(gfc, V1_ONLY_FLAG)) {
-         return 0;
-     }
-@@ -1736,7 +1798,12 @@
- int
- id3tag_write_v2(lame_t gfp)
- {
--    lame_internal_flags *gfc = gfp->internal_flags;
-+    lame_internal_flags *gfc = 0;
-+
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-+    gfc = gfp->internal_flags;
- #if 0
-     debug_tag_spec_flags(gfc, "write v2");
- #endif
-@@ -1837,10 +1904,15 @@
- int
- id3tag_write_v1(lame_t gfp)
- {
--    lame_internal_flags *const gfc = gfp->internal_flags;
-+    lame_internal_flags* gfc = 0;
-     size_t  i, n, m;
-     unsigned char tag[128];
- 
-+    if (is_lame_internal_flags_null(gfp)) {
-+        return 0;
-+    }
-+    gfc = gfp->internal_flags;
-+
-     m = sizeof(tag);
-     n = lame_get_id3v1_tag(gfp, tag, m);
-     if (n > m) {
diff --git a/meta/recipes-multimedia/lame/lame_3.99.5.bb b/meta/recipes-multimedia/lame/lame_3.99.5.bb
index e5321bb9d8..047761153d 100644
--- a/meta/recipes-multimedia/lame/lame_3.99.5.bb
+++ b/meta/recipes-multimedia/lame/lame_3.99.5.bb
@@ -14,9 +14,7 @@ PR = "r1"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/lame/lame-${PV}.tar.gz \
            file://no-gtk1.patch \
-           file://lame-3.99.5_fix_for_automake-1.12.x.patch \
-           file://CVE-2017-13712.patch \
-           "
+           file://lame-3.99.5_fix_for_automake-1.12.x.patch "
 
 SRC_URI[md5sum] = "84835b313d4a8b68f5349816d33e07ce"
 SRC_URI[sha256sum] = "24346b4158e4af3bd9f2e194bb23eb473c75fb7377011523353196b19b9a23ff"
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb
index cb91baa607..ebee6f808f 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb
@@ -20,7 +20,7 @@ SRC_URI[sha256sum] = "59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390d
 # exclude betas
 UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 
-inherit autotools
+inherit autotools multilib_header
 
 CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"
 
@@ -51,4 +51,8 @@ PACKAGES =+ "tiffxx tiff-utils"
 FILES_tiffxx = "${libdir}/libtiffxx.so.*"
 FILES_tiff-utils = "${bindir}/*"
 
+do_install_append() {
+    oe_multilib_header tiffconf.h
+}
+
 BBCLASSEXTEND = "native"
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
new file mode 100644
index 0000000000..7564d92879
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch
@@ -0,0 +1,33 @@
+From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Wed, 9 May 2018 14:56:59 -0700
+Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
+
+CVE: CVE-2017-14160
+CVE: CVE-2018-10393
+Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
+
+Signed-off-by: Thomas Daede <daede003@umn.edu>
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/psy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1..1310123 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+   for (i = 0, x = 0.f;; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+-    if( lo>=0 ) break;
+     hi = b[i] & 0xffff;
++    if( lo>=0 ) break;
++    if( hi>=n ) break;
+ 
+     tN = N[hi] + N[-lo];
+     tX = X[hi] - X[-lo];
+-- 
+2.7.4
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch
new file mode 100644
index 0000000000..4036b966fe
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch
@@ -0,0 +1,62 @@
+From 39704ce16835e5c019bb03f6a94dc1f0677406c5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Wed, 15 Nov 2017 18:22:59 +0100
+Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb
+ if not initialized
+
+If the number of channels is not within the allowed range
+we call oggback_writeclear altough it's not initialized yet.
+
+This fixes
+
+    =23371== Invalid free() / delete / delete[] / realloc()
+    ==23371==    at 0x4C2CE1B: free (vg_replace_malloc.c:530)
+    ==23371==    by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
+    ==23371==    by 0x84B96EE: vorbis_analysis_headerout (info.c:652)
+    ==23371==    by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
+    ==23371==    by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+    ==23371==    by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+    ==23371==    by 0x10D82A: open_output_file (sox.c:1556)
+    ==23371==    by 0x10D82A: process (sox.c:1753)
+    ==23371==    by 0x10D82A: main (sox.c:3012)
+    ==23371==  Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd
+    ==23371==    at 0x4C2BB1F: malloc (vg_replace_malloc.c:298)
+    ==23371==    by 0x4C2DE9F: realloc (vg_replace_malloc.c:785)
+    ==23371==    by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+    ==23371==    by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
+    ==23371==    by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+    ==23371==    by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+    ==23371==    by 0x10D82A: open_output_file (sox.c:1556)
+    ==23371==    by 0x10D82A: process (sox.c:1753)
+    ==23371==    by 0x10D82A: main (sox.c:3012)
+
+as seen when using the testcase from CVE-2017-11333 with
+008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was
+there before.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14632
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=c1c2831fc7306d5fbd7bc800324efd12b28d327f
+
+Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
+---
+ lib/info.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/info.c b/lib/info.c
+index 81b7557..4d82568 100644
+--- a/lib/info.c
++++ b/lib/info.c
+@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
+   private_state *b=v->backend_state;
+ 
+   if(!b||vi->channels<=0||vi->channels>256){
++    b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;
+   }
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
new file mode 100644
index 0000000000..9c9e688d43
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
@@ -0,0 +1,42 @@
+From 07eda55f336e5c44dfc0e4a1e21628faed7255fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Tue, 31 Oct 2017 18:32:46 +0100
+Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels
+
+Otherwise
+
+ for(i=0;i<vi->channels;i++){
+      /* the encoder setup assumes that all the modes used by any
+         specific bitrate tweaking use the same floor */
+      int submap=info->chmuxlist[i];
+
+overreads later in mapping0_forward since chmuxlist is a fixed array of
+256 elements max.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14633
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
+
+Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
+---
+ lib/info.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/info.c b/lib/info.c
+index e447a0c..81b7557 100644
+--- a/lib/info.c
++++ b/lib/info.c
+@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
++  if(!b||vi->channels<=0||vi->channels>256){
+     ret=OV_EFAULT;
+     goto err_out;
+   }
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch
new file mode 100644
index 0000000000..f1ef6fb9c7
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch
@@ -0,0 +1,29 @@
+From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Thu, 17 May 2018 16:19:19 -0700
+Subject: [PATCH] Sanity check number of channels in setup.
+
+Fixes #2335.
+CVE: CVE-2018-10392
+Upstream-Status: Backport [https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b]
+
+Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
+---
+ lib/vorbisenc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index 4fc7b62..64a51b5 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+   if(ci==NULL)return(OV_EINVAL);
++  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
+   if(!hi->impulse_block_p)i0=1;
+ 
+   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
+-- 
+2.13.3
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch
new file mode 100644
index 0000000000..6d4052a872
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch
@@ -0,0 +1,100 @@
+From 3a017f591457bf6e80231b563bf83ee583fdbca8 Mon Sep 17 00:00:00 2001
+From: Thomas Daede <daede003@umn.edu>
+Date: Thu, 15 Mar 2018 14:15:31 -0700
+Subject: [PATCH] CVE-2018-5146: Prevent out-of-bounds write in codebook
+ decoding.
+
+Codebooks that are not an exact divisor of the partition size are now
+truncated to fit within the partition.
+
+Upstream-Status: Backport
+CVE: CVE-2018-5146
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
+
+Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
+---
+ lib/codebook.c | 48 ++++++++++--------------------------------------
+ 1 file changed, 10 insertions(+), 38 deletions(-)
+
+diff --git a/lib/codebook.c b/lib/codebook.c
+index 8b766e8..7022fd2 100644
+--- a/lib/codebook.c
++++ b/lib/codebook.c
+@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *book,float *a,oggpack_buffer *b,int n){
+       t[i] = book->valuelist+entry[i]*book->dim;
+     }
+     for(i=0,o=0;i<book->dim;i++,o+=step)
+-      for (j=0;j<step;j++)
++      for (j=0;o+j<n && j<step;j++)
+         a[o+j]+=t[j][i];
+   }
+   return(0);
+@@ -399,41 +399,12 @@ long vorbis_book_decodev_add(codebook *book,float *a,oggpack_buffer *b,int n){
+     int i,j,entry;
+     float *t;
+ 
+-    if(book->dim>8){
+-      for(i=0;i<n;){
+-        entry = decode_packed_entry_number(book,b);
+-        if(entry==-1)return(-1);
+-        t     = book->valuelist+entry*book->dim;
+-        for (j=0;j<book->dim;)
+-          a[i++]+=t[j++];
+-      }
+-    }else{
+-      for(i=0;i<n;){
+-        entry = decode_packed_entry_number(book,b);
+-        if(entry==-1)return(-1);
+-        t     = book->valuelist+entry*book->dim;
+-        j=0;
+-        switch((int)book->dim){
+-        case 8:
+-          a[i++]+=t[j++];
+-        case 7:
+-          a[i++]+=t[j++];
+-        case 6:
+-          a[i++]+=t[j++];
+-        case 5:
+-          a[i++]+=t[j++];
+-        case 4:
+-          a[i++]+=t[j++];
+-        case 3:
+-          a[i++]+=t[j++];
+-        case 2:
+-          a[i++]+=t[j++];
+-        case 1:
+-          a[i++]+=t[j++];
+-        case 0:
+-          break;
+-        }
+-      }
++    for(i=0;i<n;){
++      entry = decode_packed_entry_number(book,b);
++      if(entry==-1)return(-1);
++      t     = book->valuelist+entry*book->dim;
++      for(j=0;i<n && j<book->dim;)
++        a[i++]+=t[j++];
+     }
+   }
+   return(0);
+@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *book,float **a,long offset,int ch,
+   long i,j,entry;
+   int chptr=0;
+   if(book->used_entries>0){
+-    for(i=offset/ch;i<(offset+n)/ch;){
++    int m=(offset+n)/ch;
++    for(i=offset/ch;i<m;){
+       entry = decode_packed_entry_number(book,b);
+       if(entry==-1)return(-1);
+       {
+         const float *t = book->valuelist+entry*book->dim;
+-        for (j=0;j<book->dim;j++){
++        for (j=0;i<m && j<book->dim;j++){
+           a[chptr++][i]+=t[j];
+           if(chptr==ch){
+             chptr=0;
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 56c5b0a9cb..615b53963b 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -9,9 +9,15 @@ LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \
                     file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb"
 DEPENDS = "libogg"
+PR = "r1"
 
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
            file://0001-configure-Check-for-clang.patch \
+           file://CVE-2017-14633.patch \
+           file://CVE-2017-14632.patch \
+           file://CVE-2018-5146.patch \
+           file://CVE-2017-14160.patch \
+           file://CVE-2018-10392.patch \
           "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = "54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch
new file mode 100644
index 0000000000..7cc4514fcc
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch
@@ -0,0 +1,77 @@
+From 415e31bd5444fa360af58b069f1b9db6607fca7d Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Fri, 6 Oct 2017 17:00:08 +0300
+Subject: [PATCH] Fix build with musl
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ Source/JavaScriptCore/runtime/MachineContext.h | 10 +++++-----
+ Source/WTF/wtf/Platform.h                      |  2 +-
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/Source/JavaScriptCore/runtime/MachineContext.h b/Source/JavaScriptCore/runtime/MachineContext.h
+index 95080b9..2bb689c 100644
+--- a/Source/JavaScriptCore/runtime/MachineContext.h
++++ b/Source/JavaScriptCore/runtime/MachineContext.h
+@@ -146,7 +146,7 @@ inline void*& stackPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+ 
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+ 
+ #if CPU(X86)
+     return reinterpret_cast<void*&>((uintptr_t&) machineContext.gregs[REG_ESP]);
+@@ -251,7 +251,7 @@ inline void*& framePointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+ 
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+ 
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -354,7 +354,7 @@ inline void*& instructionPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+ 
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+ 
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -466,7 +466,7 @@ inline void*& argumentPointer<1>(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+ 
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+ 
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+@@ -583,7 +583,7 @@ inline void*& llintInstructionPointer(mcontext_t& machineContext)
+ #error Unknown Architecture
+ #endif
+ 
+-#elif defined(__GLIBC__)
++#elif defined(__linux__)
+ 
+ // The following sequence depends on glibc's sys/ucontext.h.
+ #if CPU(X86)
+diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h
+index 5a2863b..b36c3ff 100644
+--- a/Source/WTF/wtf/Platform.h
++++ b/Source/WTF/wtf/Platform.h
+@@ -680,7 +680,7 @@
+ #define HAVE_CFNETWORK_STORAGE_PARTITIONING 1
+ #endif
+ 
+-#if OS(DARWIN) || ((OS(FREEBSD) || defined(__GLIBC__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
++#if OS(DARWIN) || ((OS(FREEBSD) || defined(__linux__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
+ #define HAVE_MACHINE_CONTEXT 1
+ #endif
+ 
+-- 
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
index 615fe4f402..896890b433 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch
@@ -1,19 +1,20 @@
-From 5760d346b42807b596f479c81f7a6b42eb36065e Mon Sep 17 00:00:00 2001
+From b7f40eceef0f23bf88090789d4c5845c35f048ae Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Mon, 29 Aug 2016 16:38:11 +0300
-Subject: [PATCH] Fix racy parallel build of WebKit2-4.0.gir
+Subject: [PATCH 4/9] Fix racy parallel build of WebKit2-4.0.gir
 
 Upstream-Status: Pending
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
 ---
- Source/WebKit2/PlatformGTK.cmake | 9 +++++----
+ Source/WebKit/PlatformGTK.cmake | 9 +++++----
  1 file changed, 5 insertions(+), 4 deletions(-)
 
-diff --git a/Source/WebKit2/PlatformGTK.cmake b/Source/WebKit2/PlatformGTK.cmake
-index adaa010..f18cf8a 100644
---- a/Source/WebKit2/PlatformGTK.cmake
-+++ b/Source/WebKit2/PlatformGTK.cmake
-@@ -906,8 +906,9 @@ endif ()
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index a33c6a86..d83a2e77 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1122,8 +1122,9 @@ endif ()
  string(REGEX MATCHALL "-L[^ ]*"
      INTROSPECTION_ADDITIONAL_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS}")
  
@@ -25,7 +26,7 @@ index adaa010..f18cf8a 100644
      DEPENDS WebKit2
      DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
      COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=-Wno-deprecated-declarations\ ${CMAKE_C_FLAGS} LDFLAGS=
-@@ -950,7 +951,7 @@ add_custom_command(
+@@ -1168,7 +1169,7 @@ add_custom_command(
  add_custom_command(
      OUTPUT ${CMAKE_BINARY_DIR}/WebKit2WebExtension-${WEBKITGTK_API_VERSION}.gir
      DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
@@ -34,7 +35,7 @@ index adaa010..f18cf8a 100644
      COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=-Wno-deprecated-declarations\ ${CMAKE_C_FLAGS}
          LDFLAGS="${INTROSPECTION_ADDITIONAL_LDFLAGS}"
          ${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
-@@ -1004,7 +1005,7 @@ add_custom_command(
+@@ -1225,7 +1226,7 @@ add_custom_command(
  
  add_custom_command(
      OUTPUT ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.typelib
@@ -44,5 +45,5 @@ index adaa010..f18cf8a 100644
  )
  
 -- 
-2.9.3
+2.14.1
 
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch b/meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
index 586dd2375c..83fd5129a0 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch
@@ -1,8 +1,8 @@
-From 4eeeaec775e190cf3f5885d7c6717acebd0201a8 Mon Sep 17 00:00:00 2001
+From 9b09974003097c9a408bbeea568996768efe705b Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Thu, 11 Aug 2016 17:13:51 +0300
-Subject: [PATCH] Tweak gtkdoc settings so that gtkdoc generation works under
- OpenEmbedded build system
+Subject: [PATCH 05/10] Tweak gtkdoc settings so that gtkdoc generation works
+ under OpenEmbedded build system
 
 This requires setting a few environment variables so that the transient
 binary is build and linked correctly, and disabling the tweaks to RUN
@@ -10,26 +10,27 @@ variable from gtkdoc.py script so that our qemu wrapper is taken into use.
 
 Upstream-Status: Inappropriate [oe-specific]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
 ---
  Source/PlatformGTK.cmake | 2 +-
  Tools/gtk/gtkdoc.py      | 4 ++--
  2 files changed, 3 insertions(+), 3 deletions(-)
 
 diff --git a/Source/PlatformGTK.cmake b/Source/PlatformGTK.cmake
-index af4d2e3..b7b93c7 100644
+index 50b5393..7a31db5 100644
 --- a/Source/PlatformGTK.cmake
 +++ b/Source/PlatformGTK.cmake
-@@ -25,7 +25,7 @@ macro(ADD_GTKDOC_GENERATOR _stamp_name _extra_args)
+@@ -24,7 +24,7 @@ macro(ADD_GTKDOC_GENERATOR _stamp_name _extra_args)
      add_custom_command(
          OUTPUT "${CMAKE_BINARY_DIR}/${_stamp_name}"
          DEPENDS ${DocumentationDependencies}
--        COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=${CMAKE_C_FLAGS} ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
-+        COMMAND CC=${CMAKE_C_COMPILER} CFLAGS=${CMAKE_C_FLAGS} LD=${CMAKE_C_COMPILER} LDFLAGS=${CMAKE_C_LINK_FLAGS} RUN=${CMAKE_BINARY_DIR}/gtkdoc-qemuwrapper GIR_EXTRA_LIBS_PATH=${CMAKE_BINARY_DIR}/lib ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
+-        COMMAND ${CMAKE_COMMAND} -E env "CC=${CMAKE_C_COMPILER}" "CFLAGS=${CMAKE_C_FLAGS} -Wno-unused-parameter" ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc ${_extra_args}
++        COMMAND ${CMAKE_COMMAND} -E env "CC=${CMAKE_C_COMPILER}" "CFLAGS=${CMAKE_C_FLAGS} -Wno-unused-parameter" "LD=${CMAKE_C_COMPILER}" "LDFLAGS=${CMAKE_C_LINK_FLAGS}" "RUN=${CMAKE_BINARY_DIR}/gtkdoc-qemuwrapper" ${CMAKE_SOURCE_DIR}/Tools/gtk/generate-gtkdoc -v ${_extra_args}
          COMMAND touch ${_stamp_name}
          WORKING_DIRECTORY "${CMAKE_BINARY_DIR}"
-     )
+         VERBATIM
 diff --git a/Tools/gtk/gtkdoc.py b/Tools/gtk/gtkdoc.py
-index 4c8237b..c0205f0 100644
+index 03c8e8e..34fbaff 100644
 --- a/Tools/gtk/gtkdoc.py
 +++ b/Tools/gtk/gtkdoc.py
 @@ -318,9 +318,9 @@ class GTKDoc(object):
@@ -38,12 +39,12 @@ index 4c8237b..c0205f0 100644
              current_ld_library_path = env.get('LD_LIBRARY_PATH')
 -            if current_ld_library_path:
 +            if current_ld_library_path and 'RUN' not in env:
-                 env['RUN'] = 'LD_LIBRARY_PATH="%s:%s" ' % (self.library_path, current_ld_library_path)
+                 env['LD_LIBRARY_PATH'] = '%s:%s' % (self.library_path, current_ld_library_path)
 -            else:
 +            elif 'RUN' not in env:
-                 env['RUN'] = 'LD_LIBRARY_PATH="%s" ' % self.library_path
+                 env['LD_LIBRARY_PATH'] = self.library_path
  
          if ldflags:
 -- 
-2.8.1
+2.15.1
 
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch b/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
index d6f0ce3cd6..dfdc116018 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
@@ -1,7 +1,7 @@
-From 53a00058184cd710c6f4375f4daab49d7e885a30 Mon Sep 17 00:00:00 2001
+From ef832a115b40861c08df333339b1366da49e5393 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Sun, 17 Apr 2016 12:35:41 -0700
-Subject: [PATCH] WebKitMacros: Append to -I and not to -isystem
+Subject: [PATCH 9/9] WebKitMacros: Append to -I and not to -isystem
 
 gcc-6 has now introduced stdlib.h in libstdc++ for better
 compliance and its including the C library stdlib.h using
@@ -15,68 +15,34 @@ and ends up with compile errors e.g.
 /usr/include/c++/6.0.0/cstdlib:75:25: fatal error: stdlib.h: No such file or directory
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
 
- Source/cmake/WebKitMacros.cmake | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+---
+ Source/JavaScriptCore/shell/CMakeLists.txt | 2 +-
+ Source/WebCore/PlatformGTK.cmake           | 6 +++---
+ Source/WebKit/PlatformGTK.cmake            | 2 +-
+ Source/cmake/WebKitMacros.cmake            | 2 +-
+ Tools/MiniBrowser/gtk/CMakeLists.txt       | 2 +-
+ Tools/TestWebKitAPI/PlatformGTK.cmake      | 2 +-
+ 6 files changed, 8 insertions(+), 8 deletions(-)
 
-Index: webkitgtk-2.16.5/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-===================================================================
---- webkitgtk-2.16.5.orig/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-+++ webkitgtk-2.16.5/Tools/DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt
-@@ -42,7 +42,7 @@ set(WebKitTestNetscapePlugIn_SYSTEM_INCL
- )
- 
- include_directories(${WebKitTestNetscapePlugIn_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebKitTestNetscapePlugIn_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebKitTestNetscapePlugIn_SYSTEM_INCLUDE_DIRECTORIES})
- 
- set(WebKitTestNetscapePlugIn_LIBRARIES
-     ${X11_LIBRARIES}
-Index: webkitgtk-2.16.5/Tools/ImageDiff/CMakeLists.txt
-===================================================================
---- webkitgtk-2.16.5.orig/Tools/ImageDiff/CMakeLists.txt
-+++ webkitgtk-2.16.5/Tools/ImageDiff/CMakeLists.txt
-@@ -9,6 +9,6 @@ set(IMAGE_DIFF_LIBRARIES
- WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
- 
- include_directories(${IMAGE_DIFF_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${IMAGE_DIFF_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${IMAGE_DIFF_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(ImageDiff ${IMAGE_DIFF_SOURCES})
- target_link_libraries(ImageDiff ${IMAGE_DIFF_LIBRARIES})
-Index: webkitgtk-2.16.5/Tools/MiniBrowser/gtk/CMakeLists.txt
-===================================================================
---- webkitgtk-2.16.5.orig/Tools/MiniBrowser/gtk/CMakeLists.txt
-+++ webkitgtk-2.16.5/Tools/MiniBrowser/gtk/CMakeLists.txt
-@@ -57,7 +57,7 @@ endif ()
- add_definitions(-DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_6)
- 
- include_directories(${MiniBrowser_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(MiniBrowser ${MiniBrowser_SOURCES})
- target_link_libraries(MiniBrowser ${MiniBrowser_LIBRARIES})
- 
-Index: webkitgtk-2.16.5/Tools/WebKitTestRunner/CMakeLists.txt
-===================================================================
---- webkitgtk-2.16.5.orig/Tools/WebKitTestRunner/CMakeLists.txt
-+++ webkitgtk-2.16.5/Tools/WebKitTestRunner/CMakeLists.txt
-@@ -106,7 +106,7 @@ GENERATE_BINDINGS(WebKitTestRunnerBindin
- WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
- 
- include_directories(${WebKitTestRunner_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${WebKitTestRunner_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${WebKitTestRunner_SYSTEM_INCLUDE_DIRECTORIES})
+diff --git a/Source/JavaScriptCore/shell/CMakeLists.txt b/Source/JavaScriptCore/shell/CMakeLists.txt
+index bc37dd31..4e49871f 100644
+--- a/Source/JavaScriptCore/shell/CMakeLists.txt
++++ b/Source/JavaScriptCore/shell/CMakeLists.txt
+@@ -35,7 +35,7 @@ WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
+ WEBKIT_WRAP_SOURCELIST(${JSC_SOURCES})
+ WEBKIT_WRAP_SOURCELIST(${TESTAPI_SOURCES})
+ include_directories(./ ${JavaScriptCore_INCLUDE_DIRECTORIES})
+-include_directories(SYSTEM ${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
++include_directories(${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
+ add_executable(jsc ${JSC_SOURCES})
+ target_link_libraries(jsc ${JSC_LIBRARIES})
  
- add_library(TestRunnerInjectedBundle SHARED ${WebKitTestRunnerInjectedBundle_SOURCES})
- target_link_libraries(TestRunnerInjectedBundle ${WebKitTestRunner_LIBRARIES})
-Index: webkitgtk-2.16.5/Source/WebCore/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.16.5.orig/Source/WebCore/PlatformGTK.cmake
-+++ webkitgtk-2.16.5/Source/WebCore/PlatformGTK.cmake
-@@ -321,7 +321,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
+diff --git a/Source/WebCore/PlatformGTK.cmake b/Source/WebCore/PlatformGTK.cmake
+index 73506c74..8eb8b415 100644
+--- a/Source/WebCore/PlatformGTK.cmake
++++ b/Source/WebCore/PlatformGTK.cmake
+@@ -281,7 +281,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
          ${GTK2_INCLUDE_DIRS}
          ${GDK2_INCLUDE_DIRS}
      )
@@ -85,7 +51,7 @@ Index: webkitgtk-2.16.5/Source/WebCore/PlatformGTK.cmake
          ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
      )
      target_link_libraries(WebCorePlatformGTK2
-@@ -346,7 +346,7 @@ WEBKIT_SET_EXTRA_COMPILER_FLAGS(WebCoreP
+@@ -305,7 +305,7 @@ add_dependencies(WebCorePlatformGTK WebCore)
  target_include_directories(WebCorePlatformGTK PRIVATE
      ${WebCore_INCLUDE_DIRECTORIES}
  )
@@ -94,7 +60,7 @@ Index: webkitgtk-2.16.5/Source/WebCore/PlatformGTK.cmake
      ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
      ${GTK_INCLUDE_DIRS}
      ${GDK_INCLUDE_DIRS}
-@@ -362,7 +362,7 @@ include_directories(
+@@ -321,7 +321,7 @@ include_directories(
      "${WEBCORE_DIR}/bindings/gobject/"
  )
  
@@ -103,37 +69,11 @@ Index: webkitgtk-2.16.5/Source/WebCore/PlatformGTK.cmake
      ${WebCore_SYSTEM_INCLUDE_DIRECTORIES}
  )
  
-Index: webkitgtk-2.16.5/Tools/TestWebKitAPI/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.16.5.orig/Tools/TestWebKitAPI/PlatformGTK.cmake
-+++ webkitgtk-2.16.5/Tools/TestWebKitAPI/PlatformGTK.cmake
-@@ -20,7 +20,7 @@ include_directories(
-     ${WEBKIT2_DIR}/UIProcess/API/gtk
- )
- 
--include_directories(SYSTEM
-+include_directories(
-     ${GDK3_INCLUDE_DIRS}
-     ${GLIB_INCLUDE_DIRS}
-     ${GTK3_INCLUDE_DIRS}
-Index: webkitgtk-2.16.5/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-===================================================================
---- webkitgtk-2.16.5.orig/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-+++ webkitgtk-2.16.5/Tools/TestWebKitAPI/Tests/WebKit2Gtk/CMakeLists.txt
-@@ -21,7 +21,7 @@ include_directories(
-     ${TOOLS_DIR}/TestWebKitAPI/gtk/WebKit2Gtk
- )
- 
--include_directories(SYSTEM
-+include_directories(
-     ${ATSPI_INCLUDE_DIRS}
-     ${GLIB_INCLUDE_DIRS}
-     ${GSTREAMER_INCLUDE_DIRS}
-Index: webkitgtk-2.16.5/Source/WebKit2/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.16.5.orig/Source/WebKit2/PlatformGTK.cmake
-+++ webkitgtk-2.16.5/Source/WebKit2/PlatformGTK.cmake
-@@ -1156,7 +1156,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index d83a2e77..401246f4 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1050,7 +1050,7 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
      target_include_directories(WebKitPluginProcess2 PRIVATE
          ${WebKit2CommonIncludeDirectories}
      )
@@ -142,29 +82,45 @@ Index: webkitgtk-2.16.5/Source/WebKit2/PlatformGTK.cmake
           ${WebKit2CommonSystemIncludeDirectories}
           ${GTK2_INCLUDE_DIRS}
           ${GDK2_INCLUDE_DIRS}
-Index: webkitgtk-2.16.5/Source/JavaScriptCore/shell/CMakeLists.txt
-===================================================================
---- webkitgtk-2.16.5.orig/Source/JavaScriptCore/shell/CMakeLists.txt
-+++ webkitgtk-2.16.5/Source/JavaScriptCore/shell/CMakeLists.txt
-@@ -20,7 +20,7 @@ WEBKIT_INCLUDE_CONFIG_FILES_IF_EXISTS()
- 
- WEBKIT_WRAP_SOURCELIST(${JSC_SOURCES})
- include_directories(./ ${JavaScriptCore_INCLUDE_DIRECTORIES})
--include_directories(SYSTEM ${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
-+include_directories(${JavaScriptCore_SYSTEM_INCLUDE_DIRECTORIES})
- add_executable(jsc ${JSC_SOURCES})
- target_link_libraries(jsc ${JSC_LIBRARIES})
- 
-Index: webkitgtk-2.16.5/Source/cmake/WebKitMacros.cmake
-===================================================================
---- webkitgtk-2.16.5.orig/Source/cmake/WebKitMacros.cmake
-+++ webkitgtk-2.16.5/Source/cmake/WebKitMacros.cmake
-@@ -277,7 +277,7 @@ macro(WEBKIT_WRAP_SOURCELIST)
+diff --git a/Source/cmake/WebKitMacros.cmake b/Source/cmake/WebKitMacros.cmake
+index 7bc89543..d9818fa4 100644
+--- a/Source/cmake/WebKitMacros.cmake
++++ b/Source/cmake/WebKitMacros.cmake
+@@ -78,7 +78,7 @@ macro(WEBKIT_FRAMEWORK_DECLARE _target)
  endmacro()
  
  macro(WEBKIT_FRAMEWORK _target)
 -    include_directories(SYSTEM ${${_target}_SYSTEM_INCLUDE_DIRECTORIES})
 +    include_directories(${${_target}_SYSTEM_INCLUDE_DIRECTORIES})
-     add_library(${_target} ${${_target}_LIBRARY_TYPE}
+     target_sources(${_target} PRIVATE
          ${${_target}_HEADERS}
          ${${_target}_SOURCES}
+diff --git a/Tools/MiniBrowser/gtk/CMakeLists.txt b/Tools/MiniBrowser/gtk/CMakeLists.txt
+index e832a86d..ce92c864 100644
+--- a/Tools/MiniBrowser/gtk/CMakeLists.txt
++++ b/Tools/MiniBrowser/gtk/CMakeLists.txt
+@@ -57,7 +57,7 @@ endif ()
+ add_definitions(-DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_6)
+ 
+ include_directories(${MiniBrowser_INCLUDE_DIRECTORIES})
+-include_directories(SYSTEM ${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
++include_directories(${MiniBrowser_SYSTEM_INCLUDE_DIRECTORIES})
+ add_executable(MiniBrowser ${MiniBrowser_SOURCES})
+ target_link_libraries(MiniBrowser ${MiniBrowser_LIBRARIES})
+ 
+diff --git a/Tools/TestWebKitAPI/PlatformGTK.cmake b/Tools/TestWebKitAPI/PlatformGTK.cmake
+index 1be3dd52..7bdddf37 100644
+--- a/Tools/TestWebKitAPI/PlatformGTK.cmake
++++ b/Tools/TestWebKitAPI/PlatformGTK.cmake
+@@ -20,7 +20,7 @@ include_directories(
+     ${WEBKIT2_DIR}/UIProcess/API/gtk
+ )
+ 
+-include_directories(SYSTEM
++include_directories(
+     ${GDK3_INCLUDE_DIRS}
+     ${GLIB_INCLUDE_DIRS}
+     ${GTK3_INCLUDE_DIRS}
+-- 
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch b/meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
index 3f71297f50..fb4c4dc932 100644
--- a/meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch
@@ -1,23 +1,24 @@
-From bae9f73b2c693b5aa156fed717d6481b60682786 Mon Sep 17 00:00:00 2001
+From 98b1359a0cd87bbdb22cef98ba594440f4c57d92 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex.kanavin@gmail.com>
 Date: Wed, 28 Oct 2015 14:18:57 +0200
-Subject: [PATCH] When building introspection files, add CMAKE_C_FLAGS to the
- compiler flags.
+Subject: [PATCH 2/9] When building introspection files, add CMAKE_C_FLAGS to
+ the compiler flags.
 
 g-ir-compiler is using a C compiler internally, so it needs to set
 the proper flags for it.
 
 Upstream-Status: Pending [review on oe-core list]
 Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
 ---
- Source/WebKit2/PlatformGTK.cmake | 4 ++--
+ Source/WebKit/PlatformGTK.cmake | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
-Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
-===================================================================
---- webkitgtk-2.12.1.orig/Source/WebKit2/PlatformGTK.cmake
-+++ webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
-@@ -910,7 +910,7 @@ add_custom_command(
+diff --git a/Source/WebKit/PlatformGTK.cmake b/Source/WebKit/PlatformGTK.cmake
+index 7f92ae72..a33c6a86 100644
+--- a/Source/WebKit/PlatformGTK.cmake
++++ b/Source/WebKit/PlatformGTK.cmake
+@@ -1126,7 +1126,7 @@ add_custom_command(
      OUTPUT ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
      DEPENDS WebKit2
      DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
@@ -26,7 +27,7 @@ Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
          ${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
          ${INTROSPECTION_SCANNER}
          --quiet
-@@ -951,7 +951,7 @@ add_custom_command(
+@@ -1169,7 +1169,7 @@ add_custom_command(
      OUTPUT ${CMAKE_BINARY_DIR}/WebKit2WebExtension-${WEBKITGTK_API_VERSION}.gir
      DEPENDS ${CMAKE_BINARY_DIR}/JavaScriptCore-${WEBKITGTK_API_VERSION}.gir
      DEPENDS ${CMAKE_BINARY_DIR}/WebKit2-${WEBKITGTK_API_VERSION}.gir
@@ -35,3 +36,6 @@ Index: webkitgtk-2.12.1/Source/WebKit2/PlatformGTK.cmake
          LDFLAGS="${INTROSPECTION_ADDITIONAL_LDFLAGS}"
          ${LOADER_LIBRARY_PATH_VAR}="${INTROSPECTION_ADDITIONAL_LIBRARY_PATH}"
          ${INTROSPECTION_SCANNER}
+-- 
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch b/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
index 12836f28f2..c6157e1037 100644
--- a/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
+++ b/meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
@@ -1,22 +1,31 @@
+From 0b3811771ae6385503f2d949f9433d8f810d2ff9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 17 May 2017 22:34:24 -0700
+Subject: [PATCH 8/9] webkitgtk: Fix build for armv5
+
 Taken from
 https://bugs.webkit.org/show_bug.cgi?id=161900
 
 Upstream-Status: Pending
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
 
-Index: webkitgtk-2.16.1/Source/WTF/wtf/CMakeLists.txt
-===================================================================
---- webkitgtk-2.16.1.orig/Source/WTF/wtf/CMakeLists.txt
-+++ webkitgtk-2.16.1/Source/WTF/wtf/CMakeLists.txt
-@@ -182,7 +182,6 @@ set(WTF_HEADERS
+---
+ Source/WTF/wtf/CMakeLists.txt | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/Source/WTF/wtf/CMakeLists.txt b/Source/WTF/wtf/CMakeLists.txt
+index 6b5e45b9..46ee3c22 100644
+--- a/Source/WTF/wtf/CMakeLists.txt
++++ b/Source/WTF/wtf/CMakeLists.txt
+@@ -205,7 +205,6 @@ set(WTF_HEADERS
  
  set(WTF_SOURCES
      Assertions.cpp
 -    Atomics.cpp
      AutomaticThread.cpp
      BitVector.cpp
-     ClockType.cpp
-@@ -301,6 +300,15 @@ if (NOT USE_SYSTEM_MALLOC)
+     CPUTime.cpp
+@@ -336,6 +335,15 @@ if (NOT USE_SYSTEM_MALLOC)
      list(APPEND WTF_LIBRARIES bmalloc)
  endif ()
  
@@ -32,3 +41,6 @@ Index: webkitgtk-2.16.1/Source/WTF/wtf/CMakeLists.txt
  list(APPEND WTF_SOURCES
      unicode/icu/CollatorICU.cpp
  )
+-- 
+2.14.1
+
diff --git a/meta/recipes-sato/webkit/webkitgtk/fix-configure-failure-aarch64.patch b/meta/recipes-sato/webkit/webkitgtk/fix-configure-failure-aarch64.patch
new file mode 100644
index 0000000000..4a6ab544b2
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/fix-configure-failure-aarch64.patch
@@ -0,0 +1,29 @@
+Fix configure failure for aarch64
+
+| -- Performing Test CXX_COMPILER_SUPPORTS_-fcolor-diagnostics - Failed
+| -- Performing Test CXX_COMPILER_SUPPORTS_-fdiagnostics-color=always
+| -- Performing Test CXX_COMPILER_SUPPORTS_-fdiagnostics-color=always - Success
+| CMake Error at Source/cmake/OptionsCommon.cmake:42 (WEBKIT_PREPEND_GLOBAL_COMPILER_FLAG):
+|   Unknown CMake command "WEBKIT_PREPEND_GLOBAL_COMPILER_FLAG".
+| Call Stack (most recent call first):
+|   Source/cmake/WebKitCommon.cmake:58 (include)
+|   CMakeLists.txt:166 (include)
+|
+
+Upstream-Status: Pending
+
+Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com>
+
+Index: webkitgtk-2.14.6/Source/cmake/OptionsCommon.cmake
+===================================================================
+--- webkitgtk-2.14.6.orig/Source/cmake/OptionsCommon.cmake     2018-02-15 18:56:29.315238564 -0800
++++ webkitgtk-2.14.6/Source/cmake/OptionsCommon.cmake  2018-02-15 18:54:57.469518064 -0800
+@@ -39,7 +39,7 @@
+     if (NOT WTF_CPU_ARM64)
+         message(FATAL_ERROR "WTF_CPU_ARM64_CORTEXA53 set without WTF_CPU_ARM64")
+     endif ()
+-    WEBKIT_PREPEND_GLOBAL_COMPILER_FLAG(-mfix-cortex-a53-835769)
++    WEBKIT_PREPEND_GLOBAL_COMPILER_FLAGS(-mfix-cortex-a53-835769)
+ endif ()
+
+ EXPOSE_VARIABLE_TO_BUILD(WTF_CPU_ARM64_CORTEXA53)
diff --git a/meta/recipes-sato/webkit/webkitgtk/gcc7.patch b/meta/recipes-sato/webkit/webkitgtk/gcc7.patch
deleted file mode 100644
index aee29a9a72..0000000000
--- a/meta/recipes-sato/webkit/webkitgtk/gcc7.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Imported from
-https://src.fedoraproject.org/cgit/rpms/webkitgtk4.git/plain/gcc7.patch
-
-Add to CXX flags since webkitgtk uses c++ compiler by default
-Fixes
-Source/JavaScriptCore/runtime/JSGenericTypedArrayView.h:119:67: error: no matching function for call to 'JSC::JSGenericTypedArrayView<Adaptor>::vector() const'
-|          return bitwise_cast<const typename Adaptor::Type*>(vector());
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com
-Upstream-Status: Pending
-
-diff -up webkitgtk-2.15.90/Source/cmake/OptionsCommon.cmake.gcc7 webkitgtk-2.15.90/Source/cmake/OptionsCommon.cmake
---- webkitgtk-2.15.90/Source/cmake/OptionsCommon.cmake.gcc7	2017-02-21 09:57:13.168916004 +0100
-+++ webkitgtk-2.15.90/Source/cmake/OptionsCommon.cmake	2017-02-21 09:58:12.811563156 +0100
-@@ -41,6 +41,8 @@ if (COMPILER_IS_GCC_OR_CLANG)
-     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-exceptions -fno-strict-aliasing")
-     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-exceptions -fno-strict-aliasing -fno-rtti")
-     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++1y")
-+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-expansion-to-defined")
-+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-expansion-to-defined")
- endif ()
- 
- if (COMPILER_IS_CLANG AND CMAKE_GENERATOR STREQUAL "Ninja")
diff --git a/meta/recipes-sato/webkit/webkitgtk/musl-fixes.patch b/meta/recipes-sato/webkit/webkitgtk/musl-fixes.patch
deleted file mode 100644
index 4fdd56fea0..0000000000
--- a/meta/recipes-sato/webkit/webkitgtk/musl-fixes.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-Replace __GLIBC__ with __linux__ since musl also supports it
-so checking __linux__ is more accomodating
-
-See http://git.alpinelinux.org/cgit/aports/tree/community/webkit2gtk/musl-fixes.patch?id=219435d86d7e8fac9474344a7431c62bd2525184
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: webkitgtk-2.12.1/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-===================================================================
---- webkitgtk-2.12.1.orig/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-+++ webkitgtk-2.12.1/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-@@ -566,7 +566,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
- 
--#elif defined(__GLIBC__) && ENABLE(JIT)
-+#elif defined(__linux__) && ENABLE(JIT)
- 
- #if CPU(X86)
-     return reinterpret_cast<void*>((uintptr_t) regs.machineContext.gregs[REG_ESP]);
-@@ -665,7 +665,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
- 
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
- 
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -747,7 +747,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
- 
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
- 
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -838,7 +838,7 @@ void* MachineThreads::Thread::Registers:
- #error Unknown Architecture
- #endif
- 
--#elif defined(__GLIBC__)
-+#elif defined(__linux__) // glibc and musl
- 
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
diff --git a/meta/recipes-sato/webkit/webkitgtk/ppc-musl-fix.patch b/meta/recipes-sato/webkit/webkitgtk/ppc-musl-fix.patch
deleted file mode 100644
index a1ad248aac..0000000000
--- a/meta/recipes-sato/webkit/webkitgtk/ppc-musl-fix.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-ucontext structure is different between musl and glibc for ppc
-therefore its not enough just to check for arch alone, we also
-need to check for libc type.
-
-Fixes errors like
-
-Source/JavaScriptCore/heap/MachineStackMarker.cpp:90:65: error: 'struct mcontext_t' has no member named 'uc_regs'; did you mean 'gregs'?
-     thread->suspendedMachineContext = *userContext->uc_mcontext.uc_regs;
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: webkitgtk-2.16.3/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-===================================================================
---- webkitgtk-2.16.3.orig/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-+++ webkitgtk-2.16.3/Source/JavaScriptCore/heap/MachineStackMarker.cpp
-@@ -88,7 +88,7 @@ static void pthreadSignalHandlerSuspendR
-     }
- 
-     ucontext_t* userContext = static_cast<ucontext_t*>(ucontext);
--#if CPU(PPC)
-+#if CPU(PPC) && defined(__GLIBC__)
-     threadData->suspendedMachineContext = *userContext->uc_mcontext.uc_regs;
- #else
-     threadData->suspendedMachineContext = userContext->uc_mcontext;
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.16.6.bb b/meta/recipes-sato/webkit/webkitgtk_2.18.6.bb
index 0f126cba81..9fac044441 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.16.6.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.18.6.bb
@@ -13,19 +13,18 @@ SRC_URI = "http://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
            file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \
            file://0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch \
            file://0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch \
-           file://musl-fixes.patch \
-           file://ppc-musl-fix.patch \
            file://0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch \
            file://0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch \
            file://x32_support.patch \
            file://cross-compile.patch \
-           file://gcc7.patch \
            file://detect-atomics-during-configure.patch \
            file://0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch \
+           file://0001-Fix-build-with-musl.patch \
+           file://fix-configure-failure-aarch64.patch \
            "
 
-SRC_URI[md5sum] = "0e2d142a586e4ff79cf0324f4fdbf20c"
-SRC_URI[sha256sum] = "fc23650df953123c59b9c0edf3855e7bd55bd107820997fc72375811e1ea4b21"
+SRC_URI[md5sum] = "c1a548595135ee75ad3bf2e18ac83112"
+SRC_URI[sha256sum] = "93912cc2f40f12e452be1ca4babdbdaac0ec4f828d441257a6b06c2963bbac3c"
 
 inherit cmake pkgconfig gobject-introspection perlnative distro_features_check upstream-version-is-even gtk-doc
 
@@ -37,7 +36,7 @@ DEPENDS = "zlib libsoup-2.4 curl libxml2 cairo libxslt libxt libidn libgcrypt \
 	   pango icu bison-native gawk intltool-native libwebp \
 	   atk udev harfbuzz jpeg libpng pulseaudio librsvg libtheora libvorbis libxcomposite libxtst \
 	   ruby-native libnotify gstreamer1.0-plugins-bad \
-	   gettext-native glib-2.0 glib-2.0-native \
+	   gettext-native glib-2.0 glib-2.0-native libtasn1 \
           "
 
 PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', 'wayland' ,d)} \
@@ -66,6 +65,10 @@ EXTRA_OECMAKE = " \
                 -DPYTHON_EXECUTABLE=`which python` \
 		"
 
+# GL/GLES header clash: both define the same thing, differently, on 32 bit x86
+EXTRA_OECMAKE_append_x86 = " -DUSE_GSTREAMER_GL=OFF "
+EXTRA_OECMAKE_append_x86-x32 = " -DUSE_GSTREAMER_GL=OFF "
+
 # Javascript JIT is not supported on powerpc
 EXTRA_OECMAKE_append_powerpc = " -DENABLE_JIT=OFF "
 EXTRA_OECMAKE_append_powerpc64 = " -DENABLE_JIT=OFF "
@@ -91,7 +94,7 @@ EXTRA_OECMAKE_append_mipsarch = " -DENABLE_JIT=OFF "
 # An attempt was made to upstream JIT support for x32 in
 # https://bugs.webkit.org/show_bug.cgi?id=100450, but this was closed as
 # unresolved due to limited X32 adoption.
-EXTRA_OECMAKE_append_linux-gnux32 = " -DENABLE_JIT=OFF"
+EXTRA_OECMAKE_append_x86-x32 = " -DENABLE_JIT=OFF "
 
 SECURITY_CFLAGS_remove_aarch64 = "-fpie"
 SECURITY_CFLAGS_append_aarch64 = " -fPIE"
diff --git a/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb b/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
index 7454f9db75..70b6e91347 100644
--- a/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
+++ b/meta/recipes-support/bmap-tools/bmap-tools_3.4.bb
@@ -9,12 +9,12 @@ SECTION = "console/utils"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263"
 
-SRC_URI = "git://github.com/01org/bmap-tools.git"
+SRC_URI = "git://github.com/intel/bmap-tools.git"
 SRCREV = "9dad724104df265442226972a1e310813f9ffcba"
 
 S = "${WORKDIR}/git"
 
-RDEPENDS_${PN} = "python-core python-compression python-mmap"
+RDEPENDS_${PN} = "python3-core python3-compression python3-mmap python3-setuptools"
 
 inherit python3native
 inherit setuptools3
diff --git a/meta/recipes-support/boost/boost.inc b/meta/recipes-support/boost/boost.inc
index f4ecc10a55..41fc90fb21 100644
--- a/meta/recipes-support/boost/boost.inc
+++ b/meta/recipes-support/boost/boost.inc
@@ -169,7 +169,7 @@ BJAM_OPTS    = '${BOOST_PARALLEL_MAKE} -d+2 -q \
 BJAM_OPTS_append_class-native = ' -sNO_BZIP2=1'
 
 # Adjust the build for x32
-BJAM_OPTS_append_linux-gnux32 = " abi=x32 address-model=64"
+BJAM_OPTS_append_x86-x32 = " abi=x32 address-model=64"
 
 do_configure() {
 	cp -f ${S}/boost/config/platform/linux.hpp ${S}/boost/config/platform/linux-gnueabi.hpp
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20170717.bb b/meta/recipes-support/ca-certificates/ca-certificates_20170717.bb
index 7d59fa6374..b92ece9663 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20170717.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20170717.bb
@@ -16,7 +16,7 @@ PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
 SRCREV = "34b8e19e541b8af4076616b2e170c7a70cdaded0"
 
-SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
+SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
            file://0002-update-ca-certificates-use-SYSROOT.patch \
            file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
            file://update-ca-certificates-support-Toybox.patch \
@@ -64,13 +64,14 @@ do_install_append_class-target () {
         ${D}${mandir}/man8/update-ca-certificates.8
 }
 
-pkg_postinst_${PN} () {
+pkg_postinst_${PN}_class-target () {
     SYSROOT="$D" $D${sbindir}/update-ca-certificates
 }
 
 CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
 
-# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
+# Rather than make a postinst script that works for both target and nativesdk,
+# we just run update-ca-certificate from do_install() for nativesdk.
 CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
 do_install_append_class-nativesdk () {
     SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch b/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
deleted file mode 100644
index 96ff1b064b..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2017-1000099.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Tue, 1 Aug 2017 17:17:06 +0200
-Subject: [PATCH] file: output the correct buffer to the user
-
-Regression brought by 7c312f84ea930d8 (April 2017)
-
-CVE: CVE-2017-1000099
-
-Bug: https://curl.haxx.se/docs/adv_20170809C.html
-
-Credit to OSS-Fuzz for the discovery
-
-Upstream-Status: Backport
-https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
----
- lib/file.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/file.c b/lib/file.c
-index bd426eac2..666cbe75b 100644
---- a/lib/file.c
-+++ b/lib/file.c
-@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
-              Curl_month[tm->tm_mon],
-              tm->tm_year + 1900,
-              tm->tm_hour,
-              tm->tm_min,
-              tm->tm_sec);
--    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
-+    result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
-     if(!result)
-       /* set the file size to make it available post transfer */
-       Curl_pgrsSetDownloadSize(data, expected_size);
-     return result;
-   }
--- 
-2.13.3
-
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch b/meta/recipes-support/curl/curl/CVE-2017-1000100.patch
deleted file mode 100644
index f74f1dd896..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 358b2b131ad6c095696f20dcfa62b8305263f898 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 1 Aug 2017 17:16:46 +0200
-Subject: [PATCH] tftp: reject file name lengths that don't fit
-
-... and thereby avoid telling send() to send off more bytes than the
-size of the buffer!
-
-CVE: CVE-2017-1000100
-
-Bug: https://curl.haxx.se/docs/adv_20170809B.html
-Reported-by: Even Rouault
-
-Credit to OSS-Fuzz for the discovery
-
-Upstream-Status: Backport
-https://github.com/curl/curl/commit/358b2b131ad6c095696f20dcfa62b8305263f898
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
----
- lib/tftp.c |    7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/lib/tftp.c b/lib/tftp.c
-index 02bd842..f6f4bce 100644
---- a/lib/tftp.c
-+++ b/lib/tftp.c
-@@ -5,7 +5,7 @@
-  *                            | (__| |_| |  _ <| |___
-  *                             \___|\___/|_| \_\_____|
-  *
-- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
-+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
-  *
-  * This software is licensed as described in the file COPYING, which
-  * you should have received as part of this distribution. The terms
-@@ -491,6 +491,11 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
-     if(result)
-       return result;
- 
-+    if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
-+      failf(data, "TFTP file name too long\n");
-+      return CURLE_TFTP_ILLEGAL; /* too long file name field */
-+    }
-+
-     snprintf((char *)state->spacket.data+2,
-              state->blksize,
-              "%s%c%s%c", filename, '\0',  mode, '\0');
--- 
-1.7.9.5
-
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
deleted file mode 100644
index c300fff00c..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Tue, 1 Aug 2017 17:16:07 +0200
-Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
- range
-
-Added test 1289 to verify.
-
-CVE: CVE-2017-1000101
-
-Bug: https://curl.haxx.se/docs/adv_20170809A.html
-Reported-by: Brian Carpenter
-
-Upstream-Status: Backport
-https://github.com/curl/curl/commit/453e7a7a03a2cec749abd3878a48e728c515cca7
-
-Rebase the tests/data/Makefile.inc changes for curl 7.54.1.
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
----
- src/tool_urlglob.c      |  5 ++++-
- tests/data/Makefile.inc |  2 +-
- tests/data/test1289     | 35 +++++++++++++++++++++++++++++++++++
- 3 files changed, 40 insertions(+), 2 deletions(-)
- create mode 100644 tests/data/test1289
-
-diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
-index 6b1ece0..d56dcd9 100644
---- a/src/tool_urlglob.c
-+++ b/src/tool_urlglob.c
-@@ -273,7 +273,10 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
-         }
-         errno = 0;
-         max_n = strtoul(pattern, &endp, 10);
--        if(errno || (*endp == ':')) {
-+        if(errno)
-+          /* overflow */
-+          endp = NULL;
-+        else if(*endp == ':') {
-           pattern = endp+1;
-           errno = 0;
-           step_n = strtoul(pattern, &endp, 10);
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 155320a..7adbee6 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -132,7 +132,7 @@ test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
- test1260 test1261 test1262 \
- \
- test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
--test1288 \
-+test1288 test1289 \
- \
- test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
- test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \
-diff --git a/tests/data/test1289 b/tests/data/test1289
-new file mode 100644
-index 0000000..d679cc0
---- /dev/null
-+++ b/tests/data/test1289
-@@ -0,0 +1,35 @@
-+<testcase>
-+<info>
-+<keywords>
-+HTTP
-+HTTP GET
-+globbing
-+</keywords>
-+</info>
-+
-+#
-+# Server-side
-+<reply>
-+</reply>
-+
-+# Client-side
-+<client>
-+<server>
-+http
-+</server>
-+<name>
-+globbing with overflow and bad syntxx
-+</name>
-+<command>
-+http://ur%20[0-60000000000000000000
-+</command>
-+</client>
-+
-+# Verify data after the test has been "shot"
-+<verify>
-+# curl: (3) [globbing] bad range in column 
-+<errorcode>
-+3
-+</errorcode>
-+</verify>
-+</testcase>
--- 
-2.11.0
-
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000254.patch b/meta/recipes-support/curl/curl/CVE-2017-1000254.patch
deleted file mode 100644
index 2b0798b929..0000000000
--- a/meta/recipes-support/curl/curl/CVE-2017-1000254.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-From 1b2eba6f9745c064f7283e0ada8f46df9d9d6e42 Mon Sep 17 00:00:00 2001
-From: Li Zhou <li.zhou@windriver.com>
-Date: Mon, 23 Oct 2017 00:26:50 -0700
-Subject: [PATCH] FTP: zero terminate the entry path even on bad input
-
-... a single double quote could leave the entry path buffer without a zero
-terminating byte. CVE-2017-1000254
-
-Test 1152 added to verify.
-
-Reported-by: Max Dymond
-Bug: https://curl.haxx.se/docs/adv_20171004.html
-
-Upstream-Status: Backport
-CVE: CVE-2017-1000254
-Signed-off-by: Li Zhou <li.zhou@windriver.com>
----
- lib/ftp.c               |  7 ++++--
- tests/data/Makefile.inc |  2 ++
- tests/data/test1152     | 61 +++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 68 insertions(+), 2 deletions(-)
- create mode 100644 tests/data/test1152
-
-diff --git a/lib/ftp.c b/lib/ftp.c
-index 5edec37..493dbf9 100644
---- a/lib/ftp.c
-+++ b/lib/ftp.c
-@@ -2826,6 +2826,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
-         const size_t buf_size = data->set.buffer_size;
-         char *dir;
-         char *store;
-+        bool entry_extracted = FALSE;
- 
-         dir = malloc(nread + 1);
-         if(!dir)
-@@ -2857,7 +2858,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
-               }
-               else {
-                 /* end of path */
--                *store = '\0'; /* zero terminate */
-+                entry_extracted = TRUE;
-                 break; /* get out of this loop */
-               }
-             }
-@@ -2866,7 +2867,9 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
-             store++;
-             ptr++;
-           }
--
-+          *store = '\0'; /* zero terminate */
-+        }
-+        if(entry_extracted) {
-           /* If the path name does not look like an absolute path (i.e.: it
-              does not start with a '/'), we probably need some server-dependent
-              adjustments. For example, this is the case when connecting to
-diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
-index 7adbee6..5284654 100644
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -121,6 +121,8 @@ test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 \
- test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \
- test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \
- test1144 test1145 test1146 \
-+test1152 \
-+\
- test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
- test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
- test1216 test1217 test1218 test1219 \
-diff --git a/tests/data/test1152 b/tests/data/test1152
-new file mode 100644
-index 0000000..aa8c0a7
---- /dev/null
-+++ b/tests/data/test1152
-@@ -0,0 +1,61 @@
-+<testcase>
-+<info>
-+<keywords>
-+FTP
-+PASV
-+LIST
-+</keywords>
-+</info>
-+#
-+# Server-side
-+<reply>
-+<servercmd>
-+REPLY PWD 257 "just one
-+</servercmd>
-+
-+# When doing LIST, we get the default list output hard-coded in the test
-+# FTP server
-+<data mode="text">
-+total 20
-+drwxr-xr-x   8 98       98           512 Oct 22 13:06 .
-+drwxr-xr-x   8 98       98           512 Oct 22 13:06 ..
-+drwxr-xr-x   2 98       98           512 May  2  1996 curl-releases
-+-r--r--r--   1 0        1             35 Jul 16  1996 README
-+lrwxrwxrwx   1 0        1              7 Dec  9  1999 bin -> usr/bin
-+dr-xr-xr-x   2 0        1            512 Oct  1  1997 dev
-+drwxrwxrwx   2 98       98           512 May 29 16:04 download.html
-+dr-xr-xr-x   2 0        1            512 Nov 30  1995 etc
-+drwxrwxrwx   2 98       1            512 Oct 30 14:33 pub
-+dr-xr-xr-x   5 0        1            512 Oct  1  1997 usr
-+</data>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+ftp
-+</server>
-+ <name>
-+FTP with uneven quote in PWD response
-+ </name>
-+ <command>
-+ftp://%HOSTIP:%FTPPORT/test-1152/
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+<protocol>
-+USER anonymous
-+PASS ftp@example.com
-+PWD
-+CWD test-1152
-+EPSV
-+TYPE A
-+LIST
-+QUIT
-+</protocol>
-+</verify>
-+</testcase>
--- 
-2.11.0
-
diff --git a/meta/recipes-support/curl/curl/reproducible-mkhelp.patch b/meta/recipes-support/curl/curl/reproducible-mkhelp.patch
deleted file mode 100644
index 268bbebf09..0000000000
--- a/meta/recipes-support/curl/curl/reproducible-mkhelp.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 1fe92fd3dd64c7228f6ff41e3fc16c4f2392471a Mon Sep 17 00:00:00 2001
-From: Juro Bystricky <juro.bystricky@intel.com>
-Date: Fri, 27 Oct 2017 08:28:25 -0700
-Subject: mkhelp.pl: support reproducible build
-
-Do not generate line with the current date, such as:
-
-* Generation time: Tue Oct-24 18:01:41 2017
-
-This will improve reproducibility. The generated string is only
-part of a comment, so there should be no adverse consequences.
-
-Upstream-Status: Submitted [ https://github.com/curl/curl/pull/2026 ]
-
-Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
-
-diff --git a/src/mkhelp.pl b/src/mkhelp.pl
-index 270daa2..757f024 100755
---- a/src/mkhelp.pl
-+++ b/src/mkhelp.pl
-@@ -102,11 +102,9 @@ while(<READ>) {
- }
- close(READ);
- 
--$now = localtime;
- print <<HEAD
- /*
-  * NEVER EVER edit this manually, fix the mkhelp.pl script instead!
-- * Generation time: $now
-  */
- #ifdef USE_MANUAL
- #include "tool_hugehelp.h"
diff --git a/meta/recipes-support/curl/curl_7.54.1.bb b/meta/recipes-support/curl/curl_7.58.0.bb
index 58f05316fe..d2d0180268 100644
--- a/meta/recipes-support/curl/curl_7.54.1.bb
+++ b/meta/recipes-support/curl/curl_7.58.0.bb
@@ -7,23 +7,16 @@ LIC_FILES_CHKSUM = "file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e66
 
 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://0001-replace-krb5-config-with-pkg-config.patch \
-           file://CVE-2017-1000099.patch \
-           file://CVE-2017-1000100.patch \
-           file://CVE-2017-1000101.patch \
-           file://CVE-2017-1000254.patch \
 "
 
-SRC_URI_append_class-target = " \
-           file://reproducible-mkhelp.patch \
-"
 
 # curl likes to set -g0 in CFLAGS, so we stop it
 # from mucking around with debug options
 #
 SRC_URI += " file://configure_ac.patch"
 
-SRC_URI[md5sum] = "6b6eb722f512e7a24855ff084f54fe55"
-SRC_URI[sha256sum] = "fdfc4df2d001ee0c44ec071186e770046249263c491fcae48df0e1a3ca8f25a0"
+SRC_URI[md5sum] = "fa049f9f90c1ae473a2a7bcfa14de976"
+SRC_URI[sha256sum] = "1cb081f97807c01e3ed747b6e1c9fee7a01cb10048f1cd0b5f56cfe0209de731"
 
 CVE_PRODUCT = "libcurl"
 inherit autotools pkgconfig binconfig multilib_header
@@ -41,7 +34,7 @@ PACKAGECONFIG[imap] = "--enable-imap,--disable-imap,"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 PACKAGECONFIG[ldap] = "--enable-ldap,--disable-ldap,"
 PACKAGECONFIG[ldaps] = "--enable-ldaps,--disable-ldaps,"
-PACKAGECONFIG[libidn] = "--with-libidn,--without-libidn,libidn"
+PACKAGECONFIG[libidn] = "--with-libidn2,--without-libidn2,libidn2"
 PACKAGECONFIG[libssh2] = "--with-libssh2,--without-libssh2,libssh2"
 PACKAGECONFIG[pop3] = "--enable-pop3,--disable-pop3,"
 PACKAGECONFIG[proxy] = "--enable-proxy,--disable-proxy,"
@@ -64,9 +57,6 @@ EXTRA_OECONF = " \
     --without-libpsl \
 "
 
-do_install_append() {
-	oe_multilib_header curl/curlbuild.h
-}
 
 do_install_append_class-target() {
 	# cleanup buildpaths from curl-config
diff --git a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch
index 5a178e2ef1..19c524b0ac 100644
--- a/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch
+++ b/meta/recipes-support/gnome-desktop-testing/gnome-desktop-testing/update-output-syntax.patch
@@ -3,7 +3,7 @@ The terms `FAIL` instead of `FAILED` and `SKIP` instead of `SKIPPED`
 match what Automake does
 
 Upstream-Status: Accepted
-[ https://git.gnome.org/browse/gnome-desktop-testing/commit/?id=048850731a640532ef55a61df7357fcc6d2ad501 ]
+[ https://gitlab.gnome.org/GNOME/gnome-desktop-testing/commit/048850731a640532ef55a61df7357fcc6d2ad501 ]
 
 Signed-off-by: Maxin B. John <maxin.john@intel.com>
 ---
diff --git a/meta/recipes-support/libmpc/libmpc_1.0.3.bb b/meta/recipes-support/libmpc/libmpc_1.0.3.bb
index 4f1f5242fb..58813244ef 100644
--- a/meta/recipes-support/libmpc/libmpc_1.0.3.bb
+++ b/meta/recipes-support/libmpc/libmpc_1.0.3.bb
@@ -3,7 +3,7 @@ require libmpc.inc
 DEPENDS = "gmp mpfr"
 
 LIC_FILES_CHKSUM = "file://COPYING.LESSER;md5=e6a600fd5e1d9cbde2d983680233ad02"
-SRC_URI = "http://www.multiprecision.org/mpc/download/mpc-${PV}.tar.gz"
+SRC_URI = "https://ftp.gnu.org/gnu/mpc/mpc-${PV}.tar.gz"
 
 SRC_URI[md5sum] = "d6a1d5f8ddea3abd2cc3e98f58352d26"
 SRC_URI[sha256sum] = "617decc6ea09889fb08ede330917a00b16809b8db88c29c31bfbb49cbf88ecc3"
diff --git a/meta/recipes-support/libnl/libnl/lib-check-for-integer-overflow-in-nlmsg_reserve.patch b/meta/recipes-support/libnl/libnl/lib-check-for-integer-overflow-in-nlmsg_reserve.patch
new file mode 100644
index 0000000000..594dd0616a
--- /dev/null
+++ b/meta/recipes-support/libnl/libnl/lib-check-for-integer-overflow-in-nlmsg_reserve.patch
@@ -0,0 +1,43 @@
+From 3e18948f17148e6a3c4255bdeaaf01ef6081ceeb Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Mon, 6 Feb 2017 22:23:52 +0100
+Subject: [PATCH] lib: check for integer-overflow in nlmsg_reserve()
+
+In general, libnl functions are not robust against calling with
+invalid arguments. Thus, never call libnl functions with invalid
+arguments. In case of nlmsg_reserve() this means never provide
+a @len argument that causes overflow.
+
+Still, add an additional safeguard to avoid exploiting such bugs.
+
+Assume that @pad is a trusted, small integer.
+Assume that n->nm_size is a valid number of allocated bytes (and thus
+much smaller then SIZE_T_MAX).
+Assume, that @len may be set to an untrusted value. Then the patch
+avoids an integer overflow resulting in reserving too few bytes.
+
+Upstream-Status: Backport [https://github.com/thom311/libnl/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb]
+CVE: CVE-2017-0553
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+---
+ lib/msg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/msg.c b/lib/msg.c
+index 9af3f3a..3e27d4e 100644
+--- a/lib/msg.c
++++ b/lib/msg.c
+@@ -411,6 +411,9 @@ void *nlmsg_reserve(struct nl_msg *n, size_t len, int pad)
+ 	size_t nlmsg_len = n->nm_nlh->nlmsg_len;
+ 	size_t tlen;
+ 
++	if (len > n->nm_size)
++		return NULL;
++
+ 	tlen = pad ? ((len + (pad - 1)) & ~(pad - 1)) : len;
+ 
+ 	if ((tlen + nlmsg_len) > n->nm_size)
+-- 
+1.9.1
+
diff --git a/meta/recipes-support/libnl/libnl_3.2.29.bb b/meta/recipes-support/libnl/libnl_3.2.29.bb
index 7d4839ba50..4ce80e871b 100644
--- a/meta/recipes-support/libnl/libnl_3.2.29.bb
+++ b/meta/recipes-support/libnl/libnl_3.2.29.bb
@@ -12,7 +12,9 @@ DEPENDS = "flex-native bison-native"
 SRC_URI = "https://github.com/thom311/${BPN}/releases/download/${BPN}${@d.getVar('PV').replace('.','_')}/${BP}.tar.gz \
            file://fix-pktloc_syntax_h-race.patch \
            file://fix-pc-file.patch \
+           file://lib-check-for-integer-overflow-in-nlmsg_reserve.patch \
 "
+
 UPSTREAM_CHECK_URI = "https://github.com/thom311/${BPN}/releases"
 
 SRC_URI[md5sum] = "a8ba62a5c4f883f4e493a46d1f3733fe"
diff --git a/meta/recipes-support/libpcre/libpcre_8.41.bb b/meta/recipes-support/libpcre/libpcre_8.41.bb
index 0eaed1808a..0187c08f50 100644
--- a/meta/recipes-support/libpcre/libpcre_8.41.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.41.bb
@@ -80,4 +80,8 @@ do_install_ptest() {
 	for i in RunTest RunGrepTest test-driver; \
 	  do cp ${S}/$i $t; \
 	done
+	# Skip the fr_FR locale test. If the locale fr_FR is found, it is tested.
+	# If not found, the test is skipped. The test program assumes fr_FR is non-UTF-8
+	# locale so the test fails if fr_FR is UTF-8 locale.
+	sed -i -e 's:do3=yes:do3=no:g' ${D}${PTEST_PATH}/RunTest 
 }
diff --git a/meta/recipes-support/libunwind/libunwind.inc b/meta/recipes-support/libunwind/libunwind.inc
index fc33786b9e..b9c532d3ad 100644
--- a/meta/recipes-support/libunwind/libunwind.inc
+++ b/meta/recipes-support/libunwind/libunwind.inc
@@ -5,14 +5,19 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;beginline=3;md5=3fced11d6df719b47505837a51c16ae5"
 DEPENDS += "libatomic-ops"
 
-inherit autotools
+inherit autotools multilib_header
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[lzma] = "--enable-minidebuginfo,--disable-minidebuginfo,xz"
+PACKAGECONFIG[latexdocs] = "--enable-documentation, --disable-documentation, latex2man-native"
 
 EXTRA_OECONF_arm = "--enable-debug-frame"
 EXTRA_OECONF_aarch64 = "--enable-debug-frame"
 
 SECURITY_LDFLAGS_append_libc-musl = " -lssp_nonshared -lssp"
 
+do_install_append () {
+	oe_multilib_header libunwind.h
+}
+
 BBCLASSEXTEND = "native"
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.29.bb b/meta/recipes-support/libxslt/libxslt_1.1.29.bb
index d27c706602..5b11bc2287 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.29.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.29.bb
@@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://Copyright;md5=0cd9a07afbeb24026c9b03aecfeba458"
 SECTION = "libs"
 DEPENDS = "libxml2"
 
-SRC_URI = "ftp://xmlsoft.org/libxslt/libxslt-${PV}.tar.gz \
+SRC_URI = "http://xmlsoft.org/sources/libxslt-${PV}.tar.gz \
            file://pkgconfig_fix.patch \
            file://0001-Use-pkg-config-to-find-gcrypt-and-libxml2.patch \
            file://0001-Link-libraries-with-libm.patch \
diff --git a/meta/recipes-support/lz4/lz4_1.7.4.bb b/meta/recipes-support/lz4/lz4_1.7.4.bb
index 1e98c1bd4d..86a1ab9ab9 100644
--- a/meta/recipes-support/lz4/lz4_1.7.4.bb
+++ b/meta/recipes-support/lz4/lz4_1.7.4.bb
@@ -14,21 +14,14 @@ SRC_URI = "git://github.com/lz4/lz4.git \
            file://0001-tests-Makefile-don-t-use-LIBDIR-as-variable.patch \
            file://run-ptest \
 "
+UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>.*)"
 
 S = "${WORKDIR}/git"
-inherit ptest
 
-EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}" 
+EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir}"
 
 do_install() {
 	oe_runmake install
 }
 
-do_install_ptest () {
-	install -d ${D}${PTEST_PATH}/testsuite
-	cp -rf ${S}/* ${D}${PTEST_PATH}/testsuite
-}
-
-RDEPENDS_${PN}-ptest += "make python3"
-
 BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/mpfr/mpfr_3.1.5.bb b/meta/recipes-support/mpfr/mpfr_3.1.5.bb
index 2d59c4a1be..1b56f2c066 100644
--- a/meta/recipes-support/mpfr/mpfr_3.1.5.bb
+++ b/meta/recipes-support/mpfr/mpfr_3.1.5.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
 		    file://COPYING.LESSER;md5=6a6a8e020838b23406c81b19c1d46df6"
 DEPENDS = "gmp"
 
-SRC_URI = "http://www.mpfr.org/mpfr-${PV}/mpfr-${PV}.tar.xz \
+SRC_URI = "https://ftp.gnu.org/gnu/${BPN}/mpfr-${PV}.tar.xz \
            file://long-long-thumb.patch \
            "
 SRC_URI[md5sum] = "c4ac246cf9795a4491e7766002cd528f"
diff --git a/meta/recipes-support/p11-kit/p11-kit/0001-LINGUAS-drop-the-languages-for-which-upstream-does-n.patch b/meta/recipes-support/p11-kit/p11-kit/0001-LINGUAS-drop-the-languages-for-which-upstream-does-n.patch
new file mode 100644
index 0000000000..2fda9dfbb8
--- /dev/null
+++ b/meta/recipes-support/p11-kit/p11-kit/0001-LINGUAS-drop-the-languages-for-which-upstream-does-n.patch
@@ -0,0 +1,32 @@
+From c3aa4aae5e9f4adafd9e10d9466f1bc481e0aae6 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Wed, 31 Jan 2018 16:47:44 +0200
+Subject: [PATCH] LINGUAS: drop the languages for which upstream does not
+ supply .po files
+
+Regenerating them proved to be too painful.
+Upstream has been notified: https://github.com/p11-glue/p11-kit/issues/127
+
+Upstream-Status: Inappropriate [missing upstream distribution files]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ po/LINGUAS | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/po/LINGUAS b/po/LINGUAS
+index 1fc4d53..e9cc5a7 100644
+--- a/po/LINGUAS
++++ b/po/LINGUAS
+@@ -11,9 +11,7 @@ cy
+ da
+ de
+ el
+-en@boldquot
+ en_GB
+-en@quot
+ eo
+ es
+ es_CL
+-- 
+2.15.1
+
diff --git a/meta/recipes-support/p11-kit/p11-kit_0.22.1.bb b/meta/recipes-support/p11-kit/p11-kit_0.22.1.bb
index 38fa09bf9a..57798f4020 100644
--- a/meta/recipes-support/p11-kit/p11-kit_0.22.1.bb
+++ b/meta/recipes-support/p11-kit/p11-kit_0.22.1.bb
@@ -2,14 +2,19 @@ SUMMARY = "Provides a way to load and enumerate PKCS#11 modules"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=02933887f609807fbb57aa4237d14a50"
 
-inherit autotools gettext pkgconfig upstream-version-is-even gtk-doc
+inherit autotools gettext pkgconfig gtk-doc
 
 DEPENDS = "libtasn1 libffi"
 
-SRC_URI = "http://p11-glue.freedesktop.org/releases/${BP}.tar.gz"
-SRC_URI[md5sum] = "4e9bea1106628ffb820bdad24a819fac"
-SRC_URI[sha256sum] = "ef3a339fcf6aa0e32c8c23f79ba7191e57312be2bda8b24e6d121c2670539a5c"
+SRC_URI = "git://github.com/p11-glue/p11-kit \
+           file://0001-LINGUAS-drop-the-languages-for-which-upstream-does-n.patch \
+           "
+SRCREV = "bfb3bd47aa48983f5349479bca598403097ff81c"
+S = "${WORKDIR}/git"
+# exclude odd minor versions, which are development releases
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.(\d*[02468])+(\.\d+)+)"
 
+AUTOTOOLS_AUXDIR = "${S}/build/litter"
 EXTRA_OECONF = "--without-trust-paths"
 
 # This recipe does not use the standard gtk-doc m4 macros, and so the ./configure flags
diff --git a/meta/recipes-support/popt/popt_1.16.bb b/meta/recipes-support/popt/popt_1.16.bb
index 478288f9bf..377d108449 100644
--- a/meta/recipes-support/popt/popt_1.16.bb
+++ b/meta/recipes-support/popt/popt_1.16.bb
@@ -8,7 +8,7 @@ PR = "r3"
 
 DEPENDS = "virtual/libiconv"
 
-SRC_URI = "http://rpm5.org/files/popt/popt-${PV}.tar.gz \
+SRC_URI = "https://fossies.org/linux/misc/popt-${PV}.tar.gz \
            file://pkgconfig_fix.patch \
            file://popt_fix_for_automake-1.12.patch \
            file://disable_tests.patch \
diff --git a/scripts/contrib/python/generate-manifest-3.5.py b/scripts/contrib/python/generate-manifest-3.5.py
index 6352f8f120..750d4fc754 100755
--- a/scripts/contrib/python/generate-manifest-3.5.py
+++ b/scripts/contrib/python/generate-manifest-3.5.py
@@ -371,7 +371,7 @@ if __name__ == "__main__":
     "lib-dynload/readline.*.so rlcompleter.*" )
 
     m.addPackage( "${PN}-reprlib", "Python alternate repr() implementation", "${PN}-core",
-    "reprlib.py" )
+    "reprlib.*" )
 
     m.addPackage( "${PN}-resource", "Python resource control interface", "${PN}-core",
     "lib-dynload/resource.*.so" )
diff --git a/scripts/lib/checklayer/__init__.py b/scripts/lib/checklayer/__init__.py
index 63952616ba..288c457822 100644
--- a/scripts/lib/checklayer/__init__.py
+++ b/scripts/lib/checklayer/__init__.py
@@ -42,8 +42,8 @@ def _get_layer_collections(layer_path, lconf=None, data=None):
     ldata.setVar('LAYERDIR', layer_path)
     try:
         ldata = bb.parse.handle(lconf, ldata, include=True)
-    except BaseException as exc:
-        raise LayerError(exc)
+    except:
+        raise RuntimeError("Parsing of layer.conf from layer: %s failed" % layer_path)
     ldata.expandVarref('LAYERDIR')
 
     collections = (ldata.getVar('BBFILE_COLLECTIONS') or '').split()
diff --git a/scripts/lib/devtool/sdk.py b/scripts/lib/devtool/sdk.py
index f46577c2ab..4616753797 100644
--- a/scripts/lib/devtool/sdk.py
+++ b/scripts/lib/devtool/sdk.py
@@ -145,6 +145,9 @@ def sdk_update(args, config, basepath, workspace):
         # Fetch manifest from server
         tmpmanifest = os.path.join(tmpsdk_dir, 'conf', 'sdk-conf-manifest')
         ret = subprocess.call("wget -q -O %s %s/conf/sdk-conf-manifest" % (tmpmanifest, updateserver), shell=True)
+        if ret != 0:
+            logger.error("Cannot dowload files from %s" % updateserver)
+            return ret
         changedfiles = check_manifest(tmpmanifest, basepath)
         if not changedfiles:
             logger.info("Already up-to-date")
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 055bdef436..5bf939efcb 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -477,7 +477,6 @@ def create_recipe(args):
         if tag:
             # Keep a copy of tag and append nobranch=1 then remove tag from URL.
             # Bitbake fetcher unable to fetch when {AUTOREV} and tag is set at the same time.
-            # We will re-introduce tag argument after bitbake fetcher process is complete.
             storeTagName = params['tag']
             params['nobranch'] = '1'
             del params['tag']
@@ -549,13 +548,11 @@ def create_recipe(args):
 
         # Since we might have a value in srcbranch, we need to
         # recontruct the srcuri to include 'branch' in params.
+        scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(srcuri)
         if srcbranch:
-            scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(srcuri)
             params['branch'] = srcbranch
-            srcuri = bb.fetch2.encodeurl((scheme, network, path, user, passwd, params))
 
         if storeTagName and scheme in ['git', 'gitsm']:
-            # Re-introduced tag variable from storeTagName
             # Check srcrev using tag and check validity of the tag
             cmd = ('git rev-parse --verify %s' % (storeTagName))
             try:
@@ -565,6 +562,9 @@ def create_recipe(args):
                 logger.error(str(err))
                 logger.error("Possibly wrong tag name is provided")
                 sys.exit(1)
+            # Drop tag from srcuri as it will have conflicts with SRCREV during recipe parse.
+            del params['tag']
+        srcuri = bb.fetch2.encodeurl((scheme, network, path, user, passwd, params))
 
         if os.path.exists(os.path.join(srctree, '.gitmodules')) and srcuri.startswith('git://'):
             srcuri = 'gitsm://' + srcuri[6:]
diff --git a/scripts/lib/wic/filemap.py b/scripts/lib/wic/filemap.py
index 77e32b9add..a72fa09ef5 100644
--- a/scripts/lib/wic/filemap.py
+++ b/scripts/lib/wic/filemap.py
@@ -37,7 +37,15 @@ def get_block_size(file_obj):
     # Get the block size of the host file-system for the image file by calling
     # the FIGETBSZ ioctl (number 2).
     binary_data = fcntl.ioctl(file_obj, 2, struct.pack('I', 0))
-    return struct.unpack('I', binary_data)[0]
+    bsize = struct.unpack('I', binary_data)[0]
+    if not bsize:
+        import os
+        stat = os.fstat(file_obj.fileno())
+        if hasattr(stat, 'st_blksize'):
+            bsize = stat.st_blksize
+        else:
+            raise IOError("Unable to determine block size")
+    return bsize
 
 class ErrorNotSupp(Exception):
     """
diff --git a/scripts/lib/wic/partition.py b/scripts/lib/wic/partition.py
index 66e61ba70c..84fe85d62b 100644
--- a/scripts/lib/wic/partition.py
+++ b/scripts/lib/wic/partition.py
@@ -206,7 +206,7 @@ class Partition():
         """
         p_prefix = os.environ.get("PSEUDO_PREFIX", "%s/usr" % native_sysroot)
         p_localstatedir = os.environ.get("PSEUDO_LOCALSTATEDIR",
-                                         "%s/../pseudo" % rootfs_dir)
+                                         "%s/../pseudo" %  get_bitbake_var("IMAGE_ROOTFS"))
         p_passwd = os.environ.get("PSEUDO_PASSWD", rootfs_dir)
         p_nosymlinkexp = os.environ.get("PSEUDO_NOSYMLINKEXP", "1")
         pseudo = "export PSEUDO_PREFIX=%s;" % p_prefix
diff --git a/scripts/lib/wic/plugins/source/rawcopy.py b/scripts/lib/wic/plugins/source/rawcopy.py
index 424ed26ed6..e86398ac8f 100644
--- a/scripts/lib/wic/plugins/source/rawcopy.py
+++ b/scripts/lib/wic/plugins/source/rawcopy.py
@@ -32,6 +32,25 @@ class RawCopyPlugin(SourcePlugin):
 
     name = 'rawcopy'
 
+    @staticmethod
+    def do_image_label(fstype, dst, label):
+        if fstype.startswith('ext'):
+            cmd = 'tune2fs -L %s %s' % (label, dst)
+        elif fstype in ('msdos', 'vfat'):
+            cmd = 'dosfslabel %s %s' % (dst, label)
+        elif fstype == 'btrfs':
+            cmd = 'btrfs filesystem label %s %s' % (dst, label)
+        elif fstype == 'swap':
+            cmd = 'mkswap -L %s %s' % (label, dst)
+        elif fstype == 'squashfs':
+            raise WicError("It's not possible to update a squashfs "
+                           "filesystem label '%s'" % (label))
+        else:
+            raise WicError("Cannot update filesystem label: "
+                           "Unknown fstype: '%s'" % (fstype))
+
+        exec_cmd(cmd)
+
     @classmethod
     def do_prepare_partition(cls, part, source_params, cr, cr_workdir,
                              oe_builddir, bootimg_dir, kernel_dir,
@@ -66,4 +85,7 @@ class RawCopyPlugin(SourcePlugin):
         if filesize > part.size:
             part.size = filesize
 
+        if part.label:
+            RawCopyPlugin.do_image_label(part.fstype, dst, part.label)
+
         part.source_file = dst
diff --git a/scripts/multilib_header_wrapper.h b/scripts/multilib_header_wrapper.h
index f516673b63..9660225fdd 100644
--- a/scripts/multilib_header_wrapper.h
+++ b/scripts/multilib_header_wrapper.h
@@ -22,7 +22,9 @@
  */
 
 
-#if defined (__arm__)
+#if defined (__bpf__)
+#define __MHWORDSIZE			64
+#elif defined (__arm__)
 #define __MHWORDSIZE			32
 #elif defined (__aarch64__) && defined ( __LP64__)
 #define __MHWORDSIZE			64
diff --git a/scripts/oe-build-perf-report b/scripts/oe-build-perf-report
index ac88f0fce5..dc999c45c1 100755
--- a/scripts/oe-build-perf-report
+++ b/scripts/oe-build-perf-report
@@ -639,10 +639,6 @@ def main(argv=None):
         data.append(AggregateTestData(aggregate_metadata(raw_m),
                                       aggregate_data(raw_d)))
 
-    # Re-map list indexes to the new table starting from index 0
-    index_r = index_r - index_0
-    index_l = index_l - index_0
-
     # Read buildstats only when needed
     buildstats = None
     if args.dump_buildstats or args.html:
@@ -653,10 +649,11 @@ def main(argv=None):
 
     # Print report
     if not args.html:
-        print_diff_report(data[index_l].metadata, data[index_l].results,
-                          data[index_r].metadata, data[index_r].results)
+        print_diff_report(data[0].metadata, data[0].results,
+                          data[1].metadata, data[1].results)
     else:
-        print_html_report(data, index_l, buildstats)
+        # Re-map 'left' list index to the data table where index_0 maps to 0
+        print_html_report(data, index_l - index_0, buildstats)
 
     return 0
 
diff --git a/scripts/runqemu b/scripts/runqemu
index 0b6daf2cf2..0ed1eec2d3 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -508,6 +508,11 @@ class BaseConfig(object):
 
         if os.access(dev_kvm, os.W_OK|os.R_OK):
             self.qemu_opt_script += ' -enable-kvm'
+            if self.get('MACHINE') == "qemux86":
+                # Workaround for broken APIC window on pre 4.15 host kernels which causes boot hangs
+                # See YOCTO #12301
+                # On 64 bit we use x2apic
+                self.kernel_cmdline_script += " clocksource=kvm-clock hpet=disable noapic nolapic"
         else:
             logger.error("You have no read or write permission on /dev/kvm.")
             logger.error("Please change the ownership of this file as described at:")
diff --git a/scripts/test-dependencies.sh b/scripts/test-dependencies.sh
deleted file mode 100755
index 0b94de8608..0000000000
--- a/scripts/test-dependencies.sh
+++ /dev/null
@@ -1,286 +0,0 @@
-#!/bin/bash
-
-# Author: Martin Jansa <martin.jansa@gmail.com>
-#
-# Copyright (c) 2013 Martin Jansa <Martin.Jansa@gmail.com>
-
-# Used to detect missing dependencies or automagically
-# enabled dependencies which aren't explicitly enabled
-# or disabled. Using bash to have PIPESTATUS variable.
-
-# It does 3 builds of <target>
-# 1st to populate sstate-cache directory and sysroot
-# 2nd to rebuild each recipe with every possible
-#     dependency found in sysroot (which stays populated
-#     from 1st build
-# 3rd to rebuild each recipe only with dependencies defined
-#     in DEPENDS
-# 4th (optional) repeat build like 3rd to make sure that
-#     minimal versions of dependencies defined in DEPENDS
-#     is also enough
-
-# Global vars
-tmpdir=
-targets=
-recipes=
-buildhistory=
-buildtype=
-default_targets="world"
-default_buildhistory="buildhistory"
-default_buildtype="1 2 3 c"
-
-usage () {
-  cat << EOF
-Welcome to utility to detect missing or autoenabled dependencies.
-WARNING: this utility will completely remove your tmpdir (make sure
-         you don't have important buildhistory or persistent dir there).
-$0 <OPTION>
-
-Options:
-  -h, --help
-        Display this help and exit.
-
-  --tmpdir=<tmpdir>
-        Specify tmpdir, will use the environment variable TMPDIR if it is not specified.
-        Something like /OE/oe-core/tmp-eglibc (no / at the end).
-
-  --targets=<targets>
-        List of targets separated by space, will use the environment variable TARGETS if it is not specified.
-        It will run "bitbake <targets>" to populate sysroots.
-        Default value is "world".
-
-  --recipes=<recipes>
-        File with list of recipes we want to rebuild with minimal and maximal sysroot.
-        Will use the environment variable RECIPES if it is not specified.
-        Default value will use all packages ever recorded in buildhistory directory.
-
-  --buildhistory=<buildhistory>
-        Path to buildhistory directory, it needs to be enabled in your config,
-        because it's used to detect different dependencies and to create list
-        of recipes to rebuild when it's not specified.
-        Will use the environment variable BUILDHISTORY if it is not specified.
-        Default value is "buildhistory"
-
-  --buildtype=<buildtype>
-        There are 4 types of build:
-          1: build to populate sstate-cache directory and sysroot
-          2: build to rebuild each recipe with every possible dep
-          3: build to rebuild each recipe with minimal dependencies
-          4: build to rebuild each recipe again with minimal dependencies
-          c: compare buildhistory directories from build 2 and 3
-        Will use the environment variable BUILDTYPE if it is not specified.
-        Default value is "1 2 3 c", order is important, type 4 is optional.
-EOF
-}
-
-# Print error information and exit.
-echo_error () {
-  echo "ERROR: $1" >&2
-  exit 1
-}
-
-while [ -n "$1" ]; do
-  case $1 in
-    --tmpdir=*)
-      tmpdir=`echo $1 | sed -e 's#^--tmpdir=##' | xargs readlink -e`
-      [ -d "$tmpdir" ] || echo_error "Invalid argument to --tmpdir"
-      shift
-        ;;
-    --targets=*)
-      targets=`echo $1 | sed -e 's#^--targets="*\([^"]*\)"*#\1#'`
-      shift
-        ;;
-    --recipes=*)
-      recipes=`echo $1 | sed -e 's#^--recipes="*\([^"]*\)"*#\1#'`
-      shift
-        ;;
-    --buildhistory=*)
-      buildhistory=`echo $1 | sed -e 's#^--buildhistory="*\([^"]*\)"*#\1#'`
-      shift
-        ;;
-    --buildtype=*)
-      buildtype=`echo $1 | sed -e 's#^--buildtype="*\([^"]*\)"*#\1#'`
-      shift
-        ;;
-    --help|-h)
-      usage
-      exit 0
-        ;;
-    *)
-      echo "Invalid arguments $*"
-      echo_error "Try '$0 -h' for more information."
-        ;;
-  esac
-done
-
-# tmpdir directory, use environment variable TMPDIR
-# if it was not specified, otherwise, error.
-[ -n "$tmpdir" ] || tmpdir=$TMPDIR
-[ -n "$tmpdir" ] || echo_error "No tmpdir found!"
-[ -d "$tmpdir" ] || echo_error "Invalid tmpdir \"$tmpdir\""
-[ -n "$targets" ] || targets=$TARGETS
-[ -n "$targets" ] || targets=$default_targets
-[ -n "$recipes" ] || recipes=$RECIPES
-[ -n "$recipes" -a ! -f "$recipes" ] && echo_error "Invalid file with list of recipes to rebuild"
-[ -n "$recipes" ] || echo "All packages ever recorded in buildhistory directory will be rebuilt"
-[ -n "$buildhistory" ] || buildhistory=$BUILDHISTORY
-[ -n "$buildhistory" ] || buildhistory=$default_buildhistory
-[ -d "$buildhistory" ] || echo_error "Invalid buildhistory directory \"$buildhistory\""
-[ -n "$buildtype" ] || buildtype=$BUILDTYPE
-[ -n "$buildtype" ] || buildtype=$default_buildtype
-echo "$buildtype" | grep -v '^[1234c ]*$' && echo_error "Invalid buildtype \"$buildtype\", only some combination of 1, 2, 3, 4, c separated by space is allowed"
-
-OUTPUT_BASE=test-dependencies/`date "+%s"`
-declare -i RESULT=0
-
-build_all() {
-  echo "===== 1st build to populate sstate-cache directory and sysroot ====="
-  OUTPUT1=${OUTPUT_BASE}/${TYPE}_all
-  mkdir -p ${OUTPUT1}
-  echo "Logs will be stored in ${OUTPUT1} directory"
-  bitbake -k $targets 2>&1 | tee -a ${OUTPUT1}/complete.log
-  RESULT+=${PIPESTATUS[0]}
-  grep "ERROR: Task.*failed" ${OUTPUT1}/complete.log > ${OUTPUT1}/failed-tasks.log
-  cat ${OUTPUT1}/failed-tasks.log | sed 's@.*/@@g; s@_.*@@g; s@\.bb, .*@@g; s@\.bb:.*@@g' | sort -u > ${OUTPUT1}/failed-recipes.log
-}
-
-build_every_recipe() {
-  if [ "${TYPE}" = "2" ] ; then
-    echo "===== 2nd build to rebuild each recipe with every possible dep ====="
-    OUTPUT_MAX=${OUTPUT_BASE}/${TYPE}_max
-    OUTPUTB=${OUTPUT_MAX}
-  else
-    echo "===== 3rd or 4th build to rebuild each recipe with minimal dependencies ====="
-    OUTPUT_MIN=${OUTPUT_BASE}/${TYPE}_min
-    OUTPUTB=${OUTPUT_MIN}
-  fi
-
-  mkdir -p ${OUTPUTB} ${OUTPUTB}/failed ${OUTPUTB}/ok
-  echo "Logs will be stored in ${OUTPUTB} directory"
-  if [ -z "$recipes" ]; then
-    ls -d $buildhistory/packages/*/* | xargs -n 1 basename | sort -u > ${OUTPUTB}/recipe.list
-    recipes=${OUTPUTB}/recipe.list
-  fi
-  if [ "${TYPE}" != "2" ] ; then
-    echo "!!!Removing tmpdir \"$tmpdir\"!!!"
-    rm -rf $tmpdir/deploy $tmpdir/pkgdata $tmpdir/sstate-control $tmpdir/stamps $tmpdir/sysroots $tmpdir/work $tmpdir/work-shared 2>/dev/null
-  fi
-  i=1
-  count=`cat $recipes ${OUTPUT1}/failed-recipes.log | sort -u | wc -l`
-  for recipe in `cat $recipes ${OUTPUT1}/failed-recipes.log | sort -u`; do
-    echo "Building recipe: ${recipe} ($i/$count)"
-    declare -i RECIPE_RESULT=0
-    bitbake -c cleansstate ${recipe} > ${OUTPUTB}/${recipe}.log 2>&1;
-    RECIPE_RESULT+=$?
-    bitbake ${recipe} >> ${OUTPUTB}/${recipe}.log 2>&1;
-    RECIPE_RESULT+=$?
-    if [ "${RECIPE_RESULT}" != "0" ] ; then
-      RESULT+=${RECIPE_RESULT}
-      mv ${OUTPUTB}/${recipe}.log ${OUTPUTB}/failed/
-      grep "ERROR: Task.*failed"  ${OUTPUTB}/failed/${recipe}.log | tee -a ${OUTPUTB}/failed-tasks.log
-      grep "ERROR: Task.*failed"  ${OUTPUTB}/failed/${recipe}.log | sed 's@.*/@@g; s@_.*@@g; s@\.bb, .*@@g; s@\.bb:.*@@g' >> ${OUTPUTB}/failed-recipes.log
-      # and append also ${recipe} in case the failed task was from some dependency
-      echo ${recipe} >> ${OUTPUTB}/failed-recipes.log
-    else
-      mv ${OUTPUTB}/${recipe}.log ${OUTPUTB}/ok/
-    fi
-    if [ "${TYPE}" != "2" ] ; then
-      rm -rf $tmpdir/deploy $tmpdir/pkgdata $tmpdir/sstate-control $tmpdir/stamps $tmpdir/sysroots $tmpdir/work $tmpdir/work-shared 2>/dev/null
-    fi
-    i=`expr $i + 1`
-  done
-  echo "Copying buildhistory/packages to ${OUTPUTB}"
-  cp -ra $buildhistory/packages ${OUTPUTB}
-  # This will be usefull to see which library is pulling new dependency
-  echo "Copying do_package logs to ${OUTPUTB}/do_package/"
-  mkdir ${OUTPUTB}/do_package
-  find $tmpdir/work/ -name log.do_package 2>/dev/null| while read f; do
-    # pn is 3 levels back, but we don't know if there is just one log per pn (only one arch and version)
-    # dest=`echo $f | sed 's#^.*/\([^/]*\)/\([^/]*\)/\([^/]*\)/log.do_package#\1#g'`
-    dest=`echo $f | sed "s#$tmpdir/work/##g; s#/#_#g"`
-    cp $f ${OUTPUTB}/do_package/$dest
-  done
-}
-
-compare_deps() {
-  # you can run just compare task with command like this
-  # OUTPUT_BASE=test-dependencies/1373140172 \
-  # OUTPUT_MAX=${OUTPUT_BASE}/2_max \
-  # OUTPUT_MIN=${OUTPUT_BASE}/3_min \
-  # openembedded-core/scripts/test-dependencies.sh --tmpdir=tmp-eglibc --targets=glib-2.0 --recipes=recipe_list --buildtype=c
-  echo "===== Compare dependencies recorded in \"${OUTPUT_MAX}\" and \"${OUTPUT_MIN}\" ====="
-  [ -n "${OUTPUTC}" ] || OUTPUTC=${OUTPUT_BASE}/comp
-  mkdir -p ${OUTPUTC}
-  OUTPUT_FILE=${OUTPUTC}/dependency-changes
-  echo "Differences will be stored in ${OUTPUT_FILE}, dot is shown for every 100 of checked packages"
-  echo > ${OUTPUT_FILE}
-
-  [ -d ${OUTPUT_MAX} ] || echo_error "Directory with output from build 2 \"${OUTPUT_MAX}\" does not exist"
-  [ -d ${OUTPUT_MIN} ] || echo_error "Directory with output from build 3 \"${OUTPUT_MIN}\" does not exist"
-  [ -d ${OUTPUT_MAX}/packages/ ] || echo_error "Directory with packages from build 2 \"${OUTPUT_MAX}/packages/\" does not exist"
-  [ -d ${OUTPUT_MIN}/packages/ ] || echo_error "Directory with packages from build 3 \"${OUTPUT_MIN}/packages/\" does not exist"
-  i=0
-  find ${OUTPUT_MAX}/packages/ -name latest | sed "s#${OUTPUT_MAX}/##g" | while read pkg; do
-    max_pkg=${OUTPUT_MAX}/${pkg}
-    min_pkg=${OUTPUT_MIN}/${pkg}
-    # pkg=packages/armv5te-oe-linux-gnueabi/libungif/libungif/latest
-    recipe=`echo "${pkg}" | sed 's#packages/[^/]*/\([^/]*\)/\([^/]*\)/latest#\1#g'`
-    package=`echo "${pkg}" | sed 's#packages/[^/]*/\([^/]*\)/\([^/]*\)/latest#\2#g'`
-    if [ ! -f "${min_pkg}" ] ; then
-      echo "ERROR: ${recipe}: ${package} package isn't created when building with minimal dependencies?" | tee -a ${OUTPUT_FILE}
-      echo ${recipe} >> ${OUTPUTC}/failed-recipes.log
-      continue
-    fi
-    # strip version information in parenthesis
-    max_deps=`grep "^RDEPENDS = " ${max_pkg} | sed 's/^RDEPENDS = / /g; s/$/ /g; s/([^(]*)//g'`
-    min_deps=`grep "^RDEPENDS = " ${min_pkg} | sed 's/^RDEPENDS = / /g; s/$/ /g; s/([^(]*)//g'`
-    if [ "$i" = 100 ] ; then
-      echo -n "." # cheap progressbar
-      i=0
-    fi
-    if [ "${max_deps}" = "${min_deps}" ] ; then
-      # it's annoying long, but at least it's showing some progress, warnings are grepped at the end
-      echo "NOTE: ${recipe}: ${package} rdepends weren't changed" >> ${OUTPUT_FILE}
-    else
-      missing_deps=
-      for dep in ${max_deps}; do
-        if ! echo "${min_deps}" | grep -q " ${dep} " ; then
-          missing_deps="${missing_deps} ${dep}"
-          echo # to get rid of dots on last line
-          echo "WARN: ${recipe}: ${package} rdepends on ${dep}, but it isn't a build dependency?" | tee -a ${OUTPUT_FILE}
-        fi
-      done
-      if [ -n "${missing_deps}" ] ; then
-        echo ${recipe} >> ${OUTPUTC}/failed-recipes.log
-      fi
-    fi
-    i=`expr $i + 1`
-  done
-  echo # to get rid of dots on last line
-  echo "Found differences: "
-  grep "^WARN: " ${OUTPUT_FILE} | tee ${OUTPUT_FILE}.warn.log
-  echo "Found errors: "
-  grep "^ERROR: " ${OUTPUT_FILE} | tee ${OUTPUT_FILE}.error.log
-  RESULT+=`cat ${OUTPUT_FILE}.warn.log | wc -l`
-  RESULT+=`cat ${OUTPUT_FILE}.error.log | wc -l`
-}
-
-for TYPE in $buildtype; do
-  case ${TYPE} in
-    1) build_all;;
-    2) build_every_recipe;;
-    3) build_every_recipe;;
-    4) build_every_recipe;;
-    c) compare_deps;;
-    *) echo_error "Invalid buildtype \"$TYPE\""
-  esac
-done
-
-cat ${OUTPUT_BASE}/*/failed-recipes.log | sort -u >> ${OUTPUT_BASE}/failed-recipes.log
-
-if [ "${RESULT}" != "0" ] ; then
-  echo "ERROR: ${RESULT} issues were found in these recipes: `cat ${OUTPUT_BASE}/failed-recipes.log | xargs`"
-fi
-
-echo "INFO: Output written in: ${OUTPUT_BASE}"
-exit ${RESULT}