213 files changed, 2925 insertions, 15123 deletions

diff --git a/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb b/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
deleted file mode 100644
index a77653bf55..0000000000
--- a/meta/recipes-connectivity/avahi/avahi-ui_0.7.bb
+++ /dev/null
@@ -1,48 +0,0 @@
-require avahi.inc
-
-inherit distro_features_check
-ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
-
-DEPENDS += "avahi"
-
-AVAHI_GTK = "gtk3"
-
-S = "${WORKDIR}/avahi-${PV}"
-
-PACKAGES += "${PN}-utils avahi-discover"
-
-FILES_${PN} = "${libdir}/libavahi-ui*.so.*"
-FILES_${PN}-utils = "${bindir}/b* ${datadir}/applications/b*"
-FILES_avahi-discover = "${datadir}/applications/avahi-discover.desktop \
-                        ${datadir}/avahi/interfaces/avahi-discover.ui \
-                        ${bindir}/avahi-discover-standalone \
-                        "
-
-do_install_append () {
-	rm ${D}${sysconfdir} -rf
-	rm ${D}${base_libdir} -rf
-	rm ${D}${systemd_unitdir} -rf
-	# The ${systemd_unitdir} is /lib/systemd, so we need rmdir /lib,
-	# but not ${base_libdir} here. And the /lib may not exist
-	# whithout systemd.
-	[ ! -d ${D}/lib ] || rmdir ${D}/lib --ignore-fail-on-non-empty
-	rm ${D}${bindir}/avahi-b*
-	rm ${D}${bindir}/avahi-p*
-	rm ${D}${bindir}/avahi-r*
-	rm ${D}${bindir}/avahi-s*
-	rm ${D}${includedir}/avahi-c* -rf
-	rm ${D}${includedir}/avahi-g* -rf
-	rm ${D}${libdir}/libavahi-c*
-	rm ${D}${libdir}/libavahi-g*
-	rm ${D}${libdir}/pkgconfig/avahi-c*
-	rm ${D}${libdir}/pkgconfig/avahi-g*
-	rm ${D}${sbindir} -rf
-	rm ${D}${datadir}/avahi/a*
-	rm ${D}${datadir}/locale/ -rf
-	rm ${D}${datadir}/dbus* -rf
-	rm ${D}${mandir}/man1/a*
-	rm ${D}${mandir}/man5 -rf
-	rm ${D}${mandir}/man8 -rf
-        rm ${D}${libdir}/girepository-1.0/ -rf
-        rm ${D}${datadir}/gir-1.0/ -rf
-}
diff --git a/meta/recipes-connectivity/avahi/avahi.inc b/meta/recipes-connectivity/avahi/avahi.inc
deleted file mode 100644
index 11846849f0..0000000000
--- a/meta/recipes-connectivity/avahi/avahi.inc
+++ /dev/null
@@ -1,77 +0,0 @@
-SUMMARY = "Avahi IPv4LL network address configuration daemon"
-DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \
-allows programs to publish and discover services and hosts running on a local network \
-with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \
-IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \
-configuration from the link-local 169.254.0.0/16 range without the need for a central \
-server.'
-AUTHOR = "Lennart Poettering <lennart@poettering.net>"
-HOMEPAGE = "http://avahi.org"
-BUGTRACKER = "https://github.com/lathiat/avahi/issues"
-SECTION = "network"
-
-# major part is under LGPLv2.1+, but several .dtd, .xsl, initscripts and
-# python scripts are under GPLv2+
-LICENSE = "GPLv2+ & LGPLv2.1+"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
-                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
-                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
-                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
-                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
-
-SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz"
-
-UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
-SRC_URI[md5sum] = "d76c59d0882ac6c256d70a2a585362a6"
-SRC_URI[sha256sum] = "57a99b5dfe7fdae794e3d1ee7a62973a368e91e414bd0dfa5d84434de5b14804"
-
-DEPENDS = "expat libcap libdaemon glib-2.0 intltool-native"
-
-# For gtk related PACKAGECONFIGs: gtk, gtk3
-AVAHI_GTK ?= ""
-
-PACKAGECONFIG ??= "dbus ${AVAHI_GTK}"
-PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
-PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+"
-PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3"
-
-inherit autotools pkgconfig gettext gobject-introspection
-
-EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
-             --disable-stack-protector \
-             --disable-gdbm \
-             --disable-mono \
-             --disable-monodoc \
-             --disable-qt3 \
-             --disable-qt4 \
-             --disable-python \
-             --disable-doxygen-doc \
-             --enable-manpages \
-             ${EXTRA_OECONF_SYSVINIT} \
-             ${EXTRA_OECONF_SYSTEMD} \
-           "
-
-# The distro choice determines what init scripts are installed
-EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
-EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_unitdir}/system/','--without-systemdsystemunitdir',d)}"
-
-do_configure_prepend() {
-    sed 's:AM_CHECK_PYMOD:echo "no pymod" #AM_CHECK_PYMOD:g' -i ${S}/configure.ac
-
-    # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes
-    rm "${S}/common/introspection.m4" || true
-}
-
-do_compile_prepend() {
-    export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
-}
-
-RRECOMMENDS_${PN}_append_libc-glibc = " libnss-mdns"
-
-do_install() {
-	autotools_do_install
-	rm -rf ${D}/run
-	rm -rf ${D}${datadir}/dbus-1/interfaces
-	test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
-	rm -rf ${D}${libdir}/avahi
-}
diff --git a/meta/recipes-connectivity/avahi/avahi_0.7.bb b/meta/recipes-connectivity/avahi/avahi_0.7.bb
deleted file mode 100644
index 2e04d304c7..0000000000
--- a/meta/recipes-connectivity/avahi/avahi_0.7.bb
+++ /dev/null
@@ -1,81 +0,0 @@
-require avahi.inc
-
-SRC_URI += "file://00avahi-autoipd \
-           file://99avahi-autoipd \
-           file://initscript.patch \
-           file://0001-Fix-opening-etc-resolv.conf-error.patch \
-           "
-
-inherit update-rc.d systemd useradd
-
-PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils"
-
-# As avahi doesn't put any files into PN, clear the files list to avoid problems
-# if extra libraries appear.
-FILES_${PN} = ""
-FILES_avahi-autoipd = "${sbindir}/avahi-autoipd \
-                       ${sysconfdir}/avahi/avahi-autoipd.action \
-                       ${sysconfdir}/dhcp/*/avahi-autoipd \
-                       ${sysconfdir}/udhcpc.d/00avahi-autoipd \
-                       ${sysconfdir}/udhcpc.d/99avahi-autoipd"
-FILES_libavahi-common = "${libdir}/libavahi-common.so.*"
-FILES_libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib"
-FILES_avahi-daemon = "${sbindir}/avahi-daemon \
-                      ${sysconfdir}/avahi/avahi-daemon.conf \
-                      ${sysconfdir}/avahi/hosts \
-                      ${sysconfdir}/avahi/services \
-                      ${sysconfdir}/dbus-1 \
-                      ${sysconfdir}/init.d/avahi-daemon \
-                      ${datadir}/avahi/introspection/*.introspect \
-                      ${datadir}/avahi/avahi-service.dtd \
-                      ${datadir}/avahi/service-types \
-                      ${datadir}/dbus-1/system-services"
-FILES_libavahi-client = "${libdir}/libavahi-client.so.*"
-FILES_avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
-                        ${sysconfdir}/avahi/avahi-dnsconfd.action \
-                        ${sysconfdir}/init.d/avahi-dnsconfd"
-FILES_libavahi-glib = "${libdir}/libavahi-glib.so.*"
-FILES_libavahi-gobject = "${libdir}/libavahi-gobject.so.*  ${libdir}/girepository-1.0/Avahi*.typelib"
-FILES_avahi-utils = "${bindir}/avahi-*"
-
-RDEPENDS_${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})"
-RDEPENDS_${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}"
-
-RRECOMMENDS_avahi-daemon_append_libc-glibc = " libnss-mdns"
-
-CONFFILES_avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
-
-USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
-USERADD_PARAM_avahi-daemon = "--system --home /run/avahi-daemon \
-                              --no-create-home --shell /bin/false \
-                              --user-group avahi"
-
-USERADD_PARAM_avahi-autoipd = "--system --home /run/avahi-autoipd \
-                              --no-create-home --shell /bin/false \
-                              --user-group \
-                              -c \"Avahi autoip daemon\" \
-                              avahi-autoipd"
-
-INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
-INITSCRIPT_NAME_avahi-daemon = "avahi-daemon"
-INITSCRIPT_PARAMS_avahi-daemon = "defaults 21 19"
-INITSCRIPT_NAME_avahi-dnsconfd = "avahi-dnsconfd"
-INITSCRIPT_PARAMS_avahi-dnsconfd = "defaults 22 19"
-
-SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
-SYSTEMD_SERVICE_${PN}-daemon = "avahi-daemon.service"
-SYSTEMD_SERVICE_${PN}-dnsconfd = "avahi-dnsconfd.service"
-
-do_install_append() {
-	install -d ${D}${sysconfdir}/udhcpc.d
-	install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
-	install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
-}
-
-# At the time the postinst runs, dbus might not be setup so only restart if running 
-# Don't exit early, because update-rc.d needs to run subsequently.
-pkg_postinst_avahi-daemon () {
-if [ -z "$D" ]; then
-	killall -q -HUP dbus-daemon || true
-fi
-}
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
new file mode 100644
index 0000000000..9bb5e5861e
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -0,0 +1,192 @@
+SUMMARY = "Avahi IPv4LL network address configuration daemon"
+DESCRIPTION = 'Avahi is a fully LGPL framework for Multicast DNS Service Discovery. It \
+allows programs to publish and discover services and hosts running on a local network \
+with no specific configuration. This tool implements IPv4LL, "Dynamic Configuration of \
+IPv4 Link-Local Addresses" (IETF RFC3927), a protocol for automatic IP address \
+configuration from the link-local 169.254.0.0/16 range without the need for a central \
+server.'
+AUTHOR = "Lennart Poettering <lennart@poettering.net>"
+HOMEPAGE = "http://avahi.org"
+BUGTRACKER = "https://github.com/lathiat/avahi/issues"
+SECTION = "network"
+
+# major part is under LGPL-2.1-or-later, but several .dtd, .xsl, initscripts and
+# python scripts are under GPL-2.0-or-later
+LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1 \
+                    file://avahi-common/address.h;endline=25;md5=b1d1d2cda1c07eb848ea7d6215712d9d \
+                    file://avahi-core/dns.h;endline=23;md5=6fe82590b81aa0ddea5095b548e2fdcb \
+                    file://avahi-daemon/main.c;endline=21;md5=9ee77368c5407af77caaef1b07285969 \
+                    file://avahi-client/client.h;endline=23;md5=f4ac741a25c4f434039ba3e18c8674cf"
+
+SRC_URI = "https://github.com/lathiat/avahi/releases/download/v${PV}/avahi-${PV}.tar.gz \
+           file://00avahi-autoipd \
+           file://99avahi-autoipd \
+           file://initscript.patch \
+           file://0001-Fix-opening-etc-resolv.conf-error.patch \
+           file://handle-hup.patch \
+           file://local-ping.patch \
+           "
+
+UPSTREAM_CHECK_URI = "https://github.com/lathiat/avahi/releases/"
+SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
+SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
+
+# Issue only affects Debian/SUSE, not us
+CVE_CHECK_IGNORE += "CVE-2021-26720"
+
+DEPENDS = "expat libcap libdaemon glib-2.0"
+
+# For gtk related PACKAGECONFIGs: gtk, gtk3
+AVAHI_GTK ?= ""
+
+PACKAGECONFIG ??= "dbus ${@bb.utils.contains_any('DISTRO_FEATURES','x11 wayland','${AVAHI_GTK}','',d)}"
+PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
+PACKAGECONFIG[gtk] = "--enable-gtk,--disable-gtk,gtk+"
+PACKAGECONFIG[gtk3] = "--enable-gtk3,--disable-gtk3,gtk+3"
+PACKAGECONFIG[libdns_sd] = "--enable-compat-libdns_sd --enable-dbus,,dbus"
+PACKAGECONFIG[libevent] = "--enable-libevent,--disable-libevent,libevent"
+PACKAGECONFIG[qt5] = "--enable-qt5,--disable-qt5,qtbase"
+
+inherit autotools pkgconfig gettext gobject-introspection
+
+EXTRA_OECONF = "--with-avahi-priv-access-group=adm \
+             --disable-stack-protector \
+             --disable-gdbm \
+             --disable-dbm \
+             --disable-mono \
+             --disable-monodoc \
+             --disable-qt3 \
+             --disable-qt4 \
+             --disable-python \
+             --disable-doxygen-doc \
+             --enable-manpages \
+             ${EXTRA_OECONF_SYSVINIT} \
+             ${EXTRA_OECONF_SYSTEMD} \
+           "
+
+# The distro choice determines what init scripts are installed
+EXTRA_OECONF_SYSVINIT = "${@bb.utils.contains('DISTRO_FEATURES','sysvinit','--with-distro=debian','--with-distro=none',d)}"
+EXTRA_OECONF_SYSTEMD = "${@bb.utils.contains('DISTRO_FEATURES','systemd','--with-systemdsystemunitdir=${systemd_system_unitdir}/','--without-systemdsystemunitdir',d)}"
+
+do_configure:prepend() {
+    # This m4 file will get in the way of our introspection.m4 with special cross-compilation fixes
+    rm "${S}/common/introspection.m4" || true
+}
+
+do_compile:prepend() {
+    export GIR_EXTRA_LIBS_PATH="${B}/avahi-gobject/.libs:${B}/avahi-common/.libs:${B}/avahi-client/.libs:${B}/avahi-glib/.libs"
+}
+
+RRECOMMENDS:${PN}:append:libc-glibc = " libnss-mdns"
+
+do_install() {
+	autotools_do_install
+	rm -rf ${D}/run
+	rm -rf ${D}${datadir}/dbus-1/interfaces
+	test -d ${D}${datadir}/dbus-1 && rmdir --ignore-fail-on-non-empty ${D}${datadir}/dbus-1
+	rm -rf ${D}${libdir}/avahi
+
+	# Move example service files out of /etc/avahi/services so we don't
+	# advertise ssh & sftp-ssh by default
+	install -d ${D}${docdir}/avahi
+	mv ${D}${sysconfdir}/avahi/services/* ${D}${docdir}/avahi
+}
+
+PACKAGES =+ "${@bb.utils.contains("PACKAGECONFIG", "libdns_sd", "libavahi-compat-libdnssd", "", d)}"
+
+FILES:libavahi-compat-libdnssd = "${libdir}/libdns_sd.so.*"
+
+RPROVIDES:libavahi-compat-libdnssd = "libdns-sd"
+
+inherit update-rc.d systemd useradd
+
+PACKAGES =+ "libavahi-gobject avahi-daemon libavahi-common libavahi-core libavahi-client avahi-dnsconfd libavahi-glib avahi-autoipd avahi-utils avahi-discover avahi-ui"
+
+FILES:avahi-ui = "${libdir}/libavahi-ui*.so.*"
+FILES:avahi-discover = "${datadir}/applications/avahi-discover.desktop \
+                        ${datadir}/avahi/interfaces/avahi-discover.ui \
+                        ${bindir}/avahi-discover-standalone \
+                        "
+
+LICENSE:libavahi-gobject = "LGPL-2.1-or-later"
+LICENSE:avahi-daemon = "LGPL-2.1-or-later"
+LICENSE:libavahi-common = "LGPL-2.1-or-later"
+LICENSE:libavahi-core = "LGPL-2.1-or-later"
+LICENSE:libavahi-client = "LGPL-2.1-or-later"
+LICENSE:avahi-dnsconfd = "LGPL-2.1-or-later"
+LICENSE:libavahi-glib = "LGPL-2.1-or-later"
+LICENSE:avahi-autoipd = "LGPL-2.1-or-later"
+LICENSE:avahi-utils = "LGPL-2.1-or-later"
+
+# As avahi doesn't put any files into PN, clear the files list to avoid problems
+# if extra libraries appear.
+FILES:${PN} = ""
+FILES:avahi-autoipd = "${sbindir}/avahi-autoipd \
+                       ${sysconfdir}/avahi/avahi-autoipd.action \
+                       ${sysconfdir}/dhcp/*/avahi-autoipd \
+                       ${sysconfdir}/udhcpc.d/00avahi-autoipd \
+                       ${sysconfdir}/udhcpc.d/99avahi-autoipd"
+FILES:libavahi-common = "${libdir}/libavahi-common.so.*"
+FILES:libavahi-core = "${libdir}/libavahi-core.so.* ${libdir}/girepository-1.0/AvahiCore*.typelib"
+FILES:avahi-daemon = "${sbindir}/avahi-daemon \
+                      ${sysconfdir}/avahi/avahi-daemon.conf \
+                      ${sysconfdir}/avahi/hosts \
+                      ${sysconfdir}/avahi/services \
+                      ${sysconfdir}/dbus-1 \
+                      ${sysconfdir}/init.d/avahi-daemon \
+                      ${datadir}/avahi/introspection/*.introspect \
+                      ${datadir}/avahi/avahi-service.dtd \
+                      ${datadir}/avahi/service-types \
+                      ${datadir}/dbus-1/system-services"
+FILES:libavahi-client = "${libdir}/libavahi-client.so.*"
+FILES:avahi-dnsconfd = "${sbindir}/avahi-dnsconfd \
+                        ${sysconfdir}/avahi/avahi-dnsconfd.action \
+                        ${sysconfdir}/init.d/avahi-dnsconfd"
+FILES:libavahi-glib = "${libdir}/libavahi-glib.so.*"
+FILES:libavahi-gobject = "${libdir}/libavahi-gobject.so.*  ${libdir}/girepository-1.0/Avahi*.typelib"
+FILES:avahi-utils = "${bindir}/avahi-* ${bindir}/b* ${datadir}/applications/b*"
+
+RDEPENDS:${PN}-dev = "avahi-daemon (= ${EXTENDPKGV}) libavahi-core (= ${EXTENDPKGV})"
+RDEPENDS:${PN}-dev += "${@["", " libavahi-client (= ${EXTENDPKGV})"][bb.utils.contains('PACKAGECONFIG', 'dbus', 1, 0, d)]}"
+RDEPENDS:${PN}-dnsconfd = "${PN}-daemon"
+
+RRECOMMENDS:avahi-daemon:append:libc-glibc = " libnss-mdns"
+
+CONFFILES:avahi-daemon = "${sysconfdir}/avahi/avahi-daemon.conf"
+
+USERADD_PACKAGES = "avahi-daemon avahi-autoipd"
+USERADD_PARAM:avahi-daemon = "--system --home /run/avahi-daemon \
+                              --no-create-home --shell /bin/false \
+                              --user-group avahi"
+
+USERADD_PARAM:avahi-autoipd = "--system --home /run/avahi-autoipd \
+                              --no-create-home --shell /bin/false \
+                              --user-group \
+                              -c \"Avahi autoip daemon\" \
+                              avahi-autoipd"
+
+INITSCRIPT_PACKAGES = "avahi-daemon avahi-dnsconfd"
+INITSCRIPT_NAME:avahi-daemon = "avahi-daemon"
+INITSCRIPT_PARAMS:avahi-daemon = "defaults 21 19"
+INITSCRIPT_NAME:avahi-dnsconfd = "avahi-dnsconfd"
+INITSCRIPT_PARAMS:avahi-dnsconfd = "defaults 22 19"
+
+SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-dnsconfd"
+SYSTEMD_SERVICE:${PN}-daemon = "avahi-daemon.service"
+SYSTEMD_SERVICE:${PN}-dnsconfd = "avahi-dnsconfd.service"
+
+do_install:append() {
+	install -d ${D}${sysconfdir}/udhcpc.d
+	install ${WORKDIR}/00avahi-autoipd ${D}${sysconfdir}/udhcpc.d
+	install ${WORKDIR}/99avahi-autoipd ${D}${sysconfdir}/udhcpc.d
+}
+
+# At the time the postinst runs, dbus might not be setup so only restart if running 
+# Don't exit early, because update-rc.d needs to run subsequently.
+pkg_postinst:avahi-daemon () {
+if [ -z "$D" ]; then
+	killall -q -HUP dbus-daemon || true
+fi
+}
+
diff --git a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
index 11e7e8a9bc..cb8b83fd23 100644
--- a/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
+++ b/meta/recipes-connectivity/avahi/files/0001-Fix-opening-etc-resolv.conf-error.patch
@@ -19,6 +19,11 @@ is marked as OE specific.
 Upstream-Status: Inappropriate [OE Specific]
 
 Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+When connman installed to image, /etc/resolv.conf is link to
+/etc/resolv-conf.connman. So launch avahi-daemon after connman too.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
 ---
  avahi-daemon/avahi-daemon.service.in | 1 +
  1 file changed, 1 insertion(+)
@@ -31,7 +36,7 @@ index 548c834..63e28e4 100644
  [Unit]
  Description=Avahi mDNS/DNS-SD Stack
  Requires=avahi-daemon.socket
-+After=systemd-resolved.service
++After=systemd-resolved.service connman.service
  
  [Service]
  Type=dbus
diff --git a/meta/recipes-connectivity/avahi/files/handle-hup.patch b/meta/recipes-connectivity/avahi/files/handle-hup.patch
new file mode 100644
index 0000000000..26632e5443
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/handle-hup.patch
@@ -0,0 +1,41 @@
+CVE: CVE-2021-3468
+Upstream-Status: Submitted [https://github.com/lathiat/avahi/pull/330]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 447affe29991ee99c6b9732fc5f2c1048a611d3b Mon Sep 17 00:00:00 2001
+From: Riccardo Schirone <sirmy15@gmail.com>
+Date: Fri, 26 Mar 2021 11:50:24 +0100
+Subject: [PATCH] Avoid infinite-loop in avahi-daemon by handling HUP event in
+ client_work
+
+If a client fills the input buffer, client_work() disables the
+AVAHI_WATCH_IN event, thus preventing the function from executing the
+`read` syscall the next times it is called. However, if the client then
+terminates the connection, the socket file descriptor receives a HUP
+event, which is not handled, thus the kernel keeps marking the HUP event
+as occurring. While iterating over the file descriptors that triggered
+an event, the client file descriptor will keep having the HUP event and
+the client_work() function is always called with AVAHI_WATCH_HUP but
+without nothing being done, thus entering an infinite loop.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938
+---
+ avahi-daemon/simple-protocol.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/avahi-daemon/simple-protocol.c b/avahi-daemon/simple-protocol.c
+index 3e0ebb11..6c0274d6 100644
+--- a/avahi-daemon/simple-protocol.c
++++ b/avahi-daemon/simple-protocol.c
+@@ -424,6 +424,11 @@ static void client_work(AvahiWatch *watch, AVAHI_GCC_UNUSED int fd, AvahiWatchEv
+         }
+     }
+ 
++    if (events & AVAHI_WATCH_HUP) {
++        client_free(c);
++        return;
++    }
++
+     c->server->poll_api->watch_update(
+         watch,
+         (c->outbuf_length > 0 ? AVAHI_WATCH_OUT : 0) |
diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch
new file mode 100644
index 0000000000..29c192d296
--- /dev/null
+++ b/meta/recipes-connectivity/avahi/files/local-ping.patch
@@ -0,0 +1,153 @@
+CVE: CVE-2021-36217
+CVE: CVE-2021-3502
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 9d31939e55280a733d930b15ac9e4dda4497680c Mon Sep 17 00:00:00 2001
+From: Tommi Rantala <tommi.t.rantala@nokia.com>
+Date: Mon, 8 Feb 2021 11:04:43 +0200
+Subject: [PATCH] Fix NULL pointer crashes from #175
+
+avahi-daemon is crashing when running "ping .local".
+The crash is due to failing assertion from NULL pointer.
+Add missing NULL pointer checks to fix it.
+
+Introduced in #175 - merge commit 8f75a045709a780c8cf92a6a21e9d35b593bdecd
+---
+ avahi-core/browse-dns-server.c   | 5 ++++-
+ avahi-core/browse-domain.c       | 5 ++++-
+ avahi-core/browse-service-type.c | 3 +++
+ avahi-core/browse-service.c      | 3 +++
+ avahi-core/browse.c              | 3 +++
+ avahi-core/resolve-address.c     | 5 ++++-
+ avahi-core/resolve-host-name.c   | 5 ++++-
+ avahi-core/resolve-service.c     | 5 ++++-
+ 8 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/avahi-core/browse-dns-server.c b/avahi-core/browse-dns-server.c
+index 049752e9..c2d914fa 100644
+--- a/avahi-core/browse-dns-server.c
++++ b/avahi-core/browse-dns-server.c
+@@ -343,7 +343,10 @@ AvahiSDNSServerBrowser *avahi_s_dns_server_browser_new(
+         AvahiSDNSServerBrowser* b;
+ 
+         b = avahi_s_dns_server_browser_prepare(server, interface, protocol, domain, type, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_dns_server_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-domain.c b/avahi-core/browse-domain.c
+index f145d56a..06fa70c0 100644
+--- a/avahi-core/browse-domain.c
++++ b/avahi-core/browse-domain.c
+@@ -253,7 +253,10 @@ AvahiSDomainBrowser *avahi_s_domain_browser_new(
+         AvahiSDomainBrowser *b;
+ 
+         b = avahi_s_domain_browser_prepare(server, interface, protocol, domain, type, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_domain_browser_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/browse-service-type.c b/avahi-core/browse-service-type.c
+index fdd22dcd..b1fc7af8 100644
+--- a/avahi-core/browse-service-type.c
++++ b/avahi-core/browse-service-type.c
+@@ -171,6 +171,9 @@ AvahiSServiceTypeBrowser *avahi_s_service_type_browser_new(
+         AvahiSServiceTypeBrowser *b;
+ 
+         b = avahi_s_service_type_browser_prepare(server, interface, protocol, domain, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_type_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse-service.c b/avahi-core/browse-service.c
+index 5531360c..63e0275a 100644
+--- a/avahi-core/browse-service.c
++++ b/avahi-core/browse-service.c
+@@ -184,6 +184,9 @@ AvahiSServiceBrowser *avahi_s_service_browser_new(
+         AvahiSServiceBrowser *b;
+ 
+         b = avahi_s_service_browser_prepare(server, interface, protocol, service_type, domain, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_browser_start(b);
+ 
+         return b;
+diff --git a/avahi-core/browse.c b/avahi-core/browse.c
+index 2941e579..e8a915e9 100644
+--- a/avahi-core/browse.c
++++ b/avahi-core/browse.c
+@@ -634,6 +634,9 @@ AvahiSRecordBrowser *avahi_s_record_browser_new(
+         AvahiSRecordBrowser *b;
+ 
+         b = avahi_s_record_browser_prepare(server, interface, protocol, key, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_record_browser_start_query(b);
+ 
+         return b;
+diff --git a/avahi-core/resolve-address.c b/avahi-core/resolve-address.c
+index ac0b29b1..e61dd242 100644
+--- a/avahi-core/resolve-address.c
++++ b/avahi-core/resolve-address.c
+@@ -286,7 +286,10 @@ AvahiSAddressResolver *avahi_s_address_resolver_new(
+         AvahiSAddressResolver *b;
+ 
+         b = avahi_s_address_resolver_prepare(server, interface, protocol, address, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_address_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-host-name.c b/avahi-core/resolve-host-name.c
+index 808b0e72..4e8e5973 100644
+--- a/avahi-core/resolve-host-name.c
++++ b/avahi-core/resolve-host-name.c
+@@ -318,7 +318,10 @@ AvahiSHostNameResolver *avahi_s_host_name_resolver_new(
+         AvahiSHostNameResolver *b;
+ 
+         b = avahi_s_host_name_resolver_prepare(server, interface, protocol, host_name, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_host_name_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
+diff --git a/avahi-core/resolve-service.c b/avahi-core/resolve-service.c
+index 66bf3cae..43771763 100644
+--- a/avahi-core/resolve-service.c
++++ b/avahi-core/resolve-service.c
+@@ -519,7 +519,10 @@ AvahiSServiceResolver *avahi_s_service_resolver_new(
+         AvahiSServiceResolver *b;
+ 
+         b = avahi_s_service_resolver_prepare(server, interface, protocol, name, type, domain, aprotocol, flags, callback, userdata);
++        if (!b)
++            return NULL;
++
+         avahi_s_service_resolver_start(b);
+ 
+         return b;
+-}
+\ No newline at end of file
++}
diff --git a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.16.26/0001-avoid-start-failure-with-bind-user.patch
index 8db96ec049..ec1bc7b567 100644
--- a/meta/recipes-connectivity/bind/bind/0001-avoid-start-failure-with-bind-user.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/0001-avoid-start-failure-with-bind-user.patch
@@ -17,7 +17,7 @@ index b2eec60..6e03936 100644
 @@ -57,6 +57,7 @@ case "$1" in
  	modprobe capability >/dev/null 2>&1 || true
  	if [ ! -f /etc/bind/rndc.key ]; then
- 	    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+ 	    /usr/sbin/rndc-confgen -a -b 512
 +	    chown root:bind /etc/bind/rndc.key >/dev/null 2>&1 || true
  	    chmod 0640 /etc/bind/rndc.key
  	fi
diff --git a/meta/recipes-connectivity/bind/bind-9.16.26/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.16.26/0001-named-lwresd-V-and-start-log-hide-build-options.patch
new file mode 100644
index 0000000000..4dc6a5a2ae
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/0001-named-lwresd-V-and-start-log-hide-build-options.patch
@@ -0,0 +1,37 @@
+From f5761bbaf743d291f3e7e859e69ebe61a1718cbf Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Mon, 27 Aug 2018 21:24:20 +0800
+Subject: [PATCH] `named/lwresd -V' and start log hide build options
+
+The build options expose build path directories, so hide them.
+[snip]
+$ named -V
+|built by make with *** (options are hidden)
+[snip]
+
+Upstream-Status: Inappropriate [oe-core specific]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
+Refreshed for 9.16.0
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bin/named/include/named/globals.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
+index 0572154..3147e04 100644
+--- a/bin/named/include/named/globals.h
++++ b/bin/named/include/named/globals.h
+@@ -69,7 +69,7 @@ EXTERN const char *named_g_version	  INIT(VERSION);
+ EXTERN const char *named_g_product	  INIT(PRODUCT);
+ EXTERN const char *named_g_description	  INIT(DESCRIPTION);
+ EXTERN const char *named_g_srcid	  INIT(SRCID);
+-EXTERN const char *named_g_configargs	  INIT(CONFIGARGS);
++EXTERN const char *named_g_configargs	  INIT("*** (options are hidden)");
+ EXTERN const char *named_g_builder	  INIT(BUILDER);
+ EXTERN in_port_t named_g_port		  INIT(0);
+ EXTERN isc_dscp_t named_g_dscp		  INIT(-1);
+-- 
+2.20.1
+
diff --git a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.16.26/bind-ensure-searching-for-json-headers-searches-sysr.patch
index 37e210e6da..f9cdc7ca4d 100644
--- a/meta/recipes-connectivity/bind/bind/bind-ensure-searching-for-json-headers-searches-sysr.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/bind-ensure-searching-for-json-headers-searches-sysr.patch
@@ -1,4 +1,4 @@
-From 9473d29843579802e96b0293a3e953fed93de82c Mon Sep 17 00:00:00 2001
+From edda20fb5a6e88548f85e39d34d6c074306e15bc Mon Sep 17 00:00:00 2001
 From: Paul Gortmaker <paul.gortmaker@windriver.com>
 Date: Tue, 9 Jun 2015 11:22:00 -0400
 Subject: [PATCH] bind: ensure searching for json headers searches sysroot
@@ -27,20 +27,21 @@ to make use of the combination some day.
 
 Upstream-Status: Inappropriate [OE Specific]
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
+
 ---
- configure.in | 2 +-
+ configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-Index: bind-9.11.3/configure.in
+Index: bind-9.16.4/configure.ac
 ===================================================================
---- bind-9.11.3.orig/configure.in
-+++ bind-9.11.3/configure.in
-@@ -2574,7 +2574,7 @@ case "$use_libjson" in
- 		libjson_libs=""
+--- bind-9.16.4.orig/configure.ac
++++ bind-9.16.4/configure.ac
+@@ -1232,7 +1232,7 @@ case "$use_lmdb" in
+ 		LMDB_LIBS=""
  		;;
  	auto|yes)
 -		for d in /usr /usr/local /opt/local
 +		for d in "${STAGING_INCDIR}"
  		do
- 			if test -f "${d}/include/json/json.h"
+ 			if test -f "${d}/include/lmdb.h"
  			then
diff --git a/meta/recipes-connectivity/bind/bind/bind9 b/meta/recipes-connectivity/bind/bind-9.16.26/bind9
index 968679ff7f..968679ff7f 100644
--- a/meta/recipes-connectivity/bind/bind/bind9
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/bind9
diff --git a/meta/recipes-connectivity/bind/bind/conf.patch b/meta/recipes-connectivity/bind/bind-9.16.26/conf.patch
index aad345f9fc..aa3642acec 100644
--- a/meta/recipes-connectivity/bind/bind/conf.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/conf.patch
@@ -276,7 +276,7 @@ diff -urN bind-9.3.1.orig/init.d bind-9.3.1/init.d
 +
 +	modprobe capability >/dev/null 2>&1 || true
 +	if [ ! -f /etc/bind/rndc.key ]; then
-+	    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
++	    /usr/sbin/rndc-confgen -a -b 512
 +	    chmod 0640 /etc/bind/rndc.key
 +	fi
 +	if [ -f /var/run/named/named.pid ]; then
diff --git a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.16.26/generate-rndc-key.sh
index ef915c0ae5..633e29c0e6 100644
--- a/meta/recipes-connectivity/bind/bind/generate-rndc-key.sh
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/generate-rndc-key.sh
@@ -2,7 +2,7 @@
 
 if [ ! -s /etc/bind/rndc.key ]; then
     echo -n "Generating /etc/bind/rndc.key:"
-    /usr/sbin/rndc-confgen -a -b 512 -r /dev/urandom
+    /usr/sbin/rndc-confgen -a -b 512
     chown root:bind /etc/bind/rndc.key
     chmod 0640 /etc/bind/rndc.key
 fi
diff --git a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.16.26/init.d-add-support-for-read-only-rootfs.patch
index 11db95ede1..11db95ede1 100644
--- a/meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.16.26/make-etc-initd-bind-stop-work.patch
index 146f3e35db..146f3e35db 100644
--- a/meta/recipes-connectivity/bind/bind/make-etc-initd-bind-stop-work.patch
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind/named.service b/meta/recipes-connectivity/bind/bind-9.16.26/named.service
index cda56ef015..cda56ef015 100644
--- a/meta/recipes-connectivity/bind/bind/named.service
+++ b/meta/recipes-connectivity/bind/bind-9.16.26/named.service
diff --git a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch b/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
deleted file mode 100644
index 871bb2a5f6..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-useless-L-use_openssl-lib.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Mon, 27 Aug 2018 15:00:51 +0800
-Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib'
-
-Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind recipe,
-the `-L$use_openssl/lib' has a hardcoded suffix, removing it is harmless
-and helpful for clean up host build path in isc-config.sh
-
-Upstream-Status: Inappropriate [oe-core specific]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- configure.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.in b/configure.in
-index 54efc55..76ac0eb 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-openssl])
- 				fi
- 				;;
- 			*)
--				DST_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
-+				DST_OPENSSL_LIBS="-lcrypto"
- 				;;
- 			esac
- 		fi
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch b/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
deleted file mode 100644
index a8d601dcaa..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Pending
-
-Subject: gen.c: extend DIRNAMESIZE from 256 to 512
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- lib/dns/gen.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: bind-9.11.3/lib/dns/gen.c
-===================================================================
---- bind-9.11.3.orig/lib/dns/gen.c
-+++ bind-9.11.3/lib/dns/gen.c
-@@ -130,7 +130,7 @@ static const char copyright[] =
- #define TYPECLASSBUF (TYPECLASSLEN + 1)
- #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
- #define ATTRIBUTESIZE 256
--#define DIRNAMESIZE 256
-+#define DIRNAMESIZE 512
- 
- static struct cc {
- 	struct cc *next;
diff --git a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch b/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
deleted file mode 100644
index 01874a4407..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-lib-dns-gen.c-fix-too-long-error.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 5bc3167a8b714ec0c4a3f1c7f3b9411296ec0a23 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Wed, 16 Sep 2015 20:23:47 -0700
-Subject: [PATCH] lib/dns/gen.c: fix too long error
-
-The 512 is a little short when build in deep dir, and cause "too long"
-error, use PATH_MAX if defined.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- lib/dns/gen.c |    4 ++++
- 1 file changed, 4 insertions(+)
-
-Index: bind-9.11.3/lib/dns/gen.c
-===================================================================
---- bind-9.11.3.orig/lib/dns/gen.c
-+++ bind-9.11.3/lib/dns/gen.c
-@@ -130,7 +130,11 @@ static const char copyright[] =
- #define TYPECLASSBUF (TYPECLASSLEN + 1)
- #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
- #define ATTRIBUTESIZE 256
-+#ifdef PATH_MAX
-+#define DIRNAMESIZE PATH_MAX
-+#else
- #define DIRNAMESIZE 512
-+#endif
- 
- static struct cc {
- 	struct cc *next;
diff --git a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
deleted file mode 100644
index 75908aa638..0000000000
--- a/meta/recipes-connectivity/bind/bind/0001-named-lwresd-V-and-start-log-hide-build-options.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a3af4a405baf5ff582e82aaba392dd9667d94bdc Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Mon, 27 Aug 2018 21:24:20 +0800
-Subject: [PATCH] `named/lwresd -V' and start log hide build options
-
-The build options expose build path directories, so hide them.
-[snip]
-$ named -V
-|built by make with *** (options are hidden)
-[snip]
-
-Upstream-Status: Inappropriate [oe-core specific]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- bin/named/include/named/globals.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
-index ba3457e..7741da7 100644
---- a/bin/named/include/named/globals.h
-+++ b/bin/named/include/named/globals.h
-@@ -68,7 +68,7 @@ EXTERN const char *		ns_g_version		INIT(VERSION);
- EXTERN const char *		ns_g_product		INIT(PRODUCT);
- EXTERN const char *		ns_g_description	INIT(DESCRIPTION);
- EXTERN const char *		ns_g_srcid		INIT(SRCID);
--EXTERN const char *		ns_g_configargs		INIT(CONFIGARGS);
-+EXTERN const char *		ns_g_configargs		INIT("*** (options are hidden)");
- EXTERN const char *		ns_g_builder		INIT(BUILDER);
- EXTERN in_port_t		ns_g_port		INIT(0);
- EXTERN isc_dscp_t		ns_g_dscp		INIT(-1);
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/bind/bind_9.11.5.bb b/meta/recipes-connectivity/bind/bind_9.16.26.bb
index 21e979fd9c..aa64a11b9c 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.5.bb
+++ b/meta/recipes-connectivity/bind/bind_9.16.26.bb
@@ -1,13 +1,14 @@
 SUMMARY = "ISC Internet Domain Name Server"
-HOMEPAGE = "http://www.isc.org/sw/bind/"
+HOMEPAGE = "https://www.isc.org/bind/"
+DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
 SECTION = "console/network"
 
-LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=6ba7c9fe0c888a943c79c93e6de744fb"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=4e7b3c52170a348459a4ff3f5ce95e37"
 
-DEPENDS = "openssl libcap zlib"
+DEPENDS = "openssl libcap zlib libuv"
 
-SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
+SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
            file://conf.patch \
            file://named.service \
            file://bind9 \
@@ -15,68 +16,52 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://make-etc-initd-bind-stop-work.patch \
            file://init.d-add-support-for-read-only-rootfs.patch \
            file://bind-ensure-searching-for-json-headers-searches-sysr.patch \
-           file://0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch \
-           file://0001-lib-dns-gen.c-fix-too-long-error.patch \
-           file://0001-configure.in-remove-useless-L-use_openssl-lib.patch \
            file://0001-named-lwresd-V-and-start-log-hide-build-options.patch \
            file://0001-avoid-start-failure-with-bind-user.patch \
-"
+           "
 
-SRC_URI[md5sum] = "17a0d02102117c9a221e857cf2cc8157"
-SRC_URI[sha256sum] = "a4cae11dad954bdd4eb592178f875bfec09fcc7e29fe0f6b7a4e5b5c6bc61322"
+SRC_URI[sha256sum] = "70b39a5eb71650358ec9ba41da3050d32aeac0aeb4a466684b23f35affa7fb45"
 
 UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
-UPSTREAM_CHECK_REGEX = "(?P<pver>9(\.\d+)+(-P\d+)*)/"
-RECIPE_NO_UPDATE_REASON = "9.11 is LTS 2021"
+# follow the ESV versions divisible by 2
+UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/"
 
-inherit autotools update-rc.d systemd useradd pkgconfig multilib_script
+# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
+# so the issue doesn't affect us.
+CVE_CHECK_IGNORE += "CVE-2019-6470"
 
-MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh"
+inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
 
 # PACKAGECONFIGs readline and libedit should NOT be set at same time
 PACKAGECONFIG ?= "readline"
 PACKAGECONFIG[httpstats] = "--with-libxml2=${STAGING_DIR_HOST}${prefix},--without-libxml2,libxml2"
 PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
 PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
-PACKAGECONFIG[urandom] = "--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,,"
-PACKAGECONFIG[python3] = "--with-python=${PYTHON} --with-python-install-dir=${D}/${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
-
-ENABLE_IPV6 = "--enable-ipv6=${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'yes', 'no', d)}"
-EXTRA_OECONF = " ${ENABLE_IPV6} --with-libtool --enable-threads \
-                 --disable-devpoll --enable-epoll --with-gost=no \
-                 --with-gssapi=no --with-ecdsa=yes --with-eddsa=no \
-                 --with-lmdb=no \
+PACKAGECONFIG[python3] = "--with-python=yes --with-python-install-dir=${PYTHON_SITEPACKAGES_DIR} , --without-python, python3-ply-native,"
+
+EXTRA_OECONF = " --with-libtool --disable-devpoll --disable-auto-validation --enable-epoll \
+                 --with-gssapi=no --with-lmdb=no --with-zlib \
                  --sysconfdir=${sysconfdir}/bind \
                  --with-openssl=${STAGING_DIR_HOST}${prefix} \
                "
+LDFLAGS:append = " -lz"
 
-inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native distutils3-base', '', d)}
+inherit ${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3native setuptools3-base', '', d)}
 
 # dhcp needs .la so keep them
 REMOVE_LIBTOOL_LA = "0"
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
+USERADD_PARAM:${PN} = "--system --home ${localstatedir}/cache/bind --no-create-home \
                        --user-group bind"
 
 INITSCRIPT_NAME = "bind"
 INITSCRIPT_PARAMS = "defaults"
 
-SYSTEMD_SERVICE_${PN} = "named.service"
-
-do_install_prepend() {
-	# clean host path in isc-config.sh before the hardlink created
-	# by "make install":
-	#   bind9-config -> isc-config.sh
-	sed -i -e "s,${STAGING_LIBDIR},${libdir}," ${B}/isc-config.sh
-}
+SYSTEMD_SERVICE:${PN} = "named.service"
 
-do_install_append() {
+do_install:append() {
 
-	rm "${D}${bindir}/nslookup"
-	rm "${D}${mandir}/man1/nslookup.1"
-	rmdir "${D}${localstatedir}/run"
-	rmdir --ignore-fail-on-non-empty "${D}${localstatedir}"
 	install -d -o bind "${D}${localstatedir}/cache/bind"
 	install -d "${D}${sysconfdir}/bind"
 	install -d "${D}${sysconfdir}/init.d"
@@ -92,11 +77,11 @@ do_install_append() {
 	# Install systemd related files
 	install -d ${D}${sbindir}
 	install -m 755 ${WORKDIR}/generate-rndc-key.sh ${D}${sbindir}
-	install -d ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/named.service ${D}${systemd_unitdir}/system
+	install -d ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/named.service ${D}${systemd_system_unitdir}
 	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
 	       -e 's,@SBINDIR@,${sbindir},g' \
-	       ${D}${systemd_unitdir}/system/named.service
+	       ${D}${systemd_system_unitdir}/named.service
 
 	install -d ${D}${sysconfdir}/default
 	install -m 0644 ${WORKDIR}/bind9 ${D}${sysconfdir}/default
@@ -105,9 +90,11 @@ do_install_append() {
 		install -d ${D}${sysconfdir}/tmpfiles.d
 		echo "d /run/named 0755 bind bind - -" > ${D}${sysconfdir}/tmpfiles.d/bind.conf
 	fi
+
+    oe_multilib_header isc/platform.h
 }
 
-CONFFILES_${PN} = " \
+CONFFILES:${PN} = " \
 	${sysconfdir}/bind/named.conf \
 	${sysconfdir}/bind/named.conf.local \
 	${sysconfdir}/bind/named.conf.options \
@@ -118,20 +105,25 @@ CONFFILES_${PN} = " \
 	${sysconfdir}/bind/db.root \
 	"
 
+ALTERNATIVE:${PN}-utils = "nslookup"
+ALTERNATIVE_LINK_NAME[nslookup] = "${bindir}/nslookup"
+ALTERNATIVE_PRIORITY = "100"
+
 PACKAGE_BEFORE_PN += "${PN}-utils"
-FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig"
-FILES_${PN}-dev += "${bindir}/isc-config.h"
-FILES_${PN} += "${sbindir}/generate-rndc-key.sh"
+FILES:${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/mdig ${bindir}/nslookup ${bindir}/nsupdate"
+FILES:${PN}-dev += "${bindir}/isc-config.h"
+FILES:${PN} += "${sbindir}/generate-rndc-key.sh"
 
 PACKAGE_BEFORE_PN += "${PN}-libs"
-FILES_${PN}-libs = "${libdir}/*.so*"
-FILES_${PN}-staticdev += "${libdir}/*.la"
+# special arrangement below due to
+# https://github.com/isc-projects/bind9/commit/0e25af628cd776f98c04fc4cc59048f5448f6c88
+FILES_SOLIBSDEV = "${libdir}/*[!0-9].so ${libdir}/libbind9.so"
+FILES:${PN}-libs = "${libdir}/named/*.so* ${libdir}/*-${PV}.so"
+FILES:${PN}-staticdev += "${libdir}/*.la"
 
 PACKAGE_BEFORE_PN += "${@bb.utils.contains('PACKAGECONFIG', 'python3', 'python3-bind', '', d)}"
-FILES_python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \
+FILES:python3-bind = "${sbindir}/dnssec-coverage ${sbindir}/dnssec-checkds \
                 ${sbindir}/dnssec-keymgr ${PYTHON_SITEPACKAGES_DIR}"
 
-RDEPENDS_${PN} = "bash"
-RDEPENDS_${PN}-utils = "bash"
-RDEPENDS_${PN}-dev = ""
-RDEPENDS_python3-bind = "python3-core python3-ply"
+RDEPENDS:${PN}-dev = ""
+RDEPENDS:python3-bind = "python3-core python3-ply"
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 6d62f52459..79d4645ca8 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -2,15 +2,15 @@ SUMMARY = "Linux Bluetooth Stack Userland V5"
 DESCRIPTION = "Linux Bluetooth stack V5 userland components.  These include a system configurations, daemons, tools and system libraries."
 HOMEPAGE = "http://www.bluez.org"
 SECTION = "libs"
-LICENSE = "GPLv2+ & LGPLv2.1+"
+LICENSE = "GPL-2.0-or-later & LGPL-2.1-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
                     file://COPYING.LIB;md5=fb504b67c50331fc78734fed90fb0e09 \
-                    file://src/main.c;beginline=1;endline=24;md5=9bc54b93cd7e17bf03f52513f39f926e"
-DEPENDS = "udev dbus-glib glib-2.0"
+                    file://src/main.c;beginline=1;endline=24;md5=0ad83ca0dc37ab08af448777c581e7ac"
+DEPENDS = "dbus glib-2.0"
 PROVIDES += "bluez-hcidump"
-RPROVIDES_${PN} += "bluez-hcidump"
+RPROVIDES:${PN} += "bluez-hcidump"
 
-RCONFLICTS_${PN} = "bluez4"
+RCONFLICTS:${PN} = "bluez4"
 
 PACKAGECONFIG ??= "obex-profiles \
     readline \
@@ -22,6 +22,7 @@ PACKAGECONFIG ??= "obex-profiles \
     hog-profiles \
     tools \
     deprecated \
+    udev \
 "
 PACKAGECONFIG[obex-profiles] = "--enable-obex,--disable-obex,libical"
 PACKAGECONFIG[readline] = "--enable-client,--disable-client,readline,"
@@ -41,29 +42,29 @@ PACKAGECONFIG[sixaxis] = "--enable-sixaxis,--disable-sixaxis"
 PACKAGECONFIG[tools] = "--enable-tools,--disable-tools"
 PACKAGECONFIG[threads] = "--enable-threads,--disable-threads"
 PACKAGECONFIG[deprecated] = "--enable-deprecated,--disable-deprecated"
-PACKAGECONFIG[mesh] = "--enable-mesh,--disable-mesh, json-c ell"
-PACKAGECONFIG[btpclient] = "--enable-btpclient,--disable-btpclient, ell"
-
-SRC_URI = "\
-    ${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
-    file://out-of-tree.patch \
-    file://init \
-    file://run-ptest \
-    ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
-    file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
-    file://0001-test-gatt-Fix-hung-issue.patch \
-    file://0001-Makefile.am-Fix-a-race-issue-for-tools.patch \
-"
+PACKAGECONFIG[mesh] = "--enable-mesh --enable-external-ell,--disable-mesh, json-c ell"
+PACKAGECONFIG[btpclient] = "--enable-btpclient --enable-external-ell,--disable-btpclient, ell"
+PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,udev"
+PACKAGECONFIG[manpages] = "--enable-manpages,--disable-manpages,python3-docutils-native"
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
+           file://init \
+           file://run-ptest \
+           ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
+           file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
+           file://0001-test-gatt-Fix-hung-issue.patch \
+           "
 S = "${WORKDIR}/bluez-${PV}"
 
 CVE_PRODUCT = "bluez"
 
-inherit autotools pkgconfig systemd update-rc.d distro_features_check ptest gobject-introspection-data
+inherit autotools pkgconfig systemd update-rc.d ptest gobject-introspection-data
 
 EXTRA_OECONF = "\
   --enable-test \
   --enable-datafiles \
   --enable-library \
+  --without-zsh-completion-dir \
 "
 
 # bluez5 builds a large number of useful utilities but does not
@@ -77,7 +78,7 @@ NOINST_TOOLS = " \
     ${@bb.utils.contains('PACKAGECONFIG', 'tools', '${NOINST_TOOLS_BT}', '', d)} \
 "
 
-do_install_append() {
+do_install:append() {
 	install -d ${D}${INIT_D_DIR}
 	install -m 0755 ${WORKDIR}/init ${D}${INIT_D_DIR}/bluetooth
 
@@ -105,22 +106,25 @@ do_install_append() {
 
 PACKAGES =+ "${PN}-testtools ${PN}-obex ${PN}-noinst-tools"
 
-FILES_${PN} += " \
+FILES:${PN} += " \
     ${libdir}/bluetooth/plugins/*.so \
     ${systemd_unitdir}/ ${datadir}/dbus-1 \
     ${libdir}/cups \
 "
-FILES_${PN}-dev += " \
+FILES:${PN}-dev += " \
     ${libdir}/bluetooth/plugins/*.la \
 "
 
-FILES_${PN}-obex = "${libexecdir}/bluetooth/obexd \
+FILES:${PN}-obex = "${libexecdir}/bluetooth/obexd \
                     ${exec_prefix}/lib/systemd/user/obex.service \
+                    ${systemd_system_unitdir}/obex.service \
+                    ${sysconfdir}/systemd/system/multi-user.target.wants/obex.service \
                     ${datadir}/dbus-1/services/org.bluez.obex.service \
+                    ${sysconfdir}/dbus-1/system.d/obexd.conf \
                    "
-SYSTEMD_SERVICE_${PN}-obex = "obex.service"
+SYSTEMD_SERVICE:${PN}-obex = "obex.service"
 
-FILES_${PN}-testtools = "${libdir}/bluez/test/*"
+FILES:${PN}-testtools = "${libdir}/bluez/test/*"
 
 def get_noinst_tools_paths (d, bb, tools):
     s = list()
@@ -130,14 +134,14 @@ def get_noinst_tools_paths (d, bb, tools):
         s.append("%s/%s" % (bindir, f))
     return "\n".join(s)
 
-FILES_${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}"
+FILES:${PN}-noinst-tools = "${@get_noinst_tools_paths(d, bb, d.getVar('NOINST_TOOLS'))}"
 
-RDEPENDS_${PN}-testtools += "python3 python3-dbus"
-RDEPENDS_${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
+RDEPENDS:${PN}-testtools += "python3-core python3-dbus"
+RDEPENDS:${PN}-testtools += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
 
-SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
+SYSTEMD_SERVICE:${PN} = "${@bb.utils.contains('PACKAGECONFIG', 'systemd', 'bluetooth.service', '', d)}"
 INITSCRIPT_PACKAGES = "${PN}"
-INITSCRIPT_NAME_${PN} = "bluetooth"
+INITSCRIPT_NAME:${PN} = "bluetooth"
 
 do_compile_ptest() {
 	oe_runmake buildtests
@@ -147,3 +151,5 @@ do_install_ptest() {
 	cp -r ${B}/unit/ ${D}${PTEST_PATH}
 	rm -f ${D}${PTEST_PATH}/unit/*.o
 }
+
+RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-utf-16"
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
index da7140922d..618ed734a9 100644
--- a/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
+++ b/meta/recipes-connectivity/bluez5/bluez5/0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
@@ -1,4 +1,4 @@
-From 99ccdbe155028c4c789803a429072675b87d0c3a Mon Sep 17 00:00:00 2001
+From f74eb97c9fb3c0ee2895742e773ac6a3c41c999c Mon Sep 17 00:00:00 2001
 From: Giovanni Campagna <gcampagna-cNUdlRotFMnNLxjTenLetw@public.gmane.org>
 Date: Sat, 12 Oct 2013 17:45:25 +0200
 Subject: [PATCH] Allow using obexd without systemd in the user session
@@ -17,22 +17,22 @@ http://thread.gmane.org/gmane.linux.bluez.kernel/38725/focus=38843
 Signed-off-by: Javier Viguera <javier.viguera@digi.com>
 
 ---
- Makefile.obexd                                                  | 4 ++--
- obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +-
+ Makefile.obexd                                                | 4 ++--
+ .../src/{org.bluez.obex.service => org.bluez.obex.service.in} | 2 +-
  2 files changed, 3 insertions(+), 3 deletions(-)
  rename obexd/src/{org.bluez.obex.service => org.bluez.obex.service.in} (76%)
 
 diff --git a/Makefile.obexd b/Makefile.obexd
-index c462692..0325f66 100644
+index de59d29..73004a3 100644
 --- a/Makefile.obexd
 +++ b/Makefile.obexd
 @@ -1,12 +1,12 @@
  if SYSTEMD
- systemduserunitdir = @SYSTEMD_USERUNITDIR@
+ systemduserunitdir = $(SYSTEMD_USERUNITDIR)
  systemduserunit_DATA = obexd/src/obex.service
 +endif
  
- dbussessionbusdir = @DBUS_SESSIONBUSDIR@
+ dbussessionbusdir = $(DBUS_SESSIONBUSDIR)
  dbussessionbus_DATA = obexd/src/org.bluez.obex.service
 -endif
  
diff --git a/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch b/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
deleted file mode 100644
index 3c227a8ea2..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/0001-Makefile.am-Fix-a-race-issue-for-tools.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 048e1844092cb4b3afd23f16fc2cc70dd2e122b7 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 24 Dec 2018 17:57:14 -0800
-Subject: [PATCH] Makefile.am: Fix a race issue for tools
-
-Fixed:
-cp ../bluez-5.50/tools/hid2hci.rules tools/97-hid2hci.rules
-cp: cannot create regular file tools/97-hid2hci.rules: No such file or directory
-make[1]: *** [tools/97-hid2hci.rules] Error 1
-
-Upstream-Status: Submitted[https://www.spinics.net/lists/linux-bluetooth/msg78361.html]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- Makefile.am | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Makefile.am b/Makefile.am
-index 6d1ff11..35a01f2 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -504,6 +504,7 @@ src/builtin.h: src/genbuiltin $(builtin_sources)
- 	$(AM_V_GEN)$(srcdir)/src/genbuiltin $(builtin_modules) > $@
- 
- tools/%.rules:
-+	[ -e tools ] || $(MKDIR_P) tools
- 	$(AM_V_GEN)cp $(srcdir)/$(subst 97-,,$@) $@
- 
- $(lib_libbluetooth_la_OBJECTS): $(local_headers)
--- 
-2.10.2
-
diff --git a/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch b/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
deleted file mode 100644
index 3ee79d7047..0000000000
--- a/meta/recipes-connectivity/bluez5/bluez5/out-of-tree.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From ed55b49a226ca3909f52416be2ae5ce1c5ca2cb2 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Fri, 22 Apr 2016 15:40:37 +0100
-Subject: [PATCH] Makefile.obexd: add missing mkdir in builtin.h generation
-
-In parallel out-of-tree builds it's possible that obexd/src/builtin.h is
-generated before the target directory has been implicitly created. Solve this by
-creating the directory before writing into it.
-
-Upstream-Status: Submitted
-Signed-off-by: Ross Burton <ross.burton@intel.com>
----
- Makefile.obexd | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Makefile.obexd b/Makefile.obexd
-index 2e33cbc..c8286f0 100644
---- a/Makefile.obexd
-+++ b/Makefile.obexd
-@@ -105,2 +105,3 @@ obexd/src/plugin.$(OBJEXT): obexd/src/builtin.h
- obexd/src/builtin.h: obexd/src/genbuiltin $(obexd_builtin_sources)
-+	$(AM_V_at)$(MKDIR_P) $(dir $@)
- 	$(AM_V_GEN)$(srcdir)/obexd/src/genbuiltin $(obexd_builtin_modules) > $@
--- 
-2.8.0.rc3
-
diff --git a/meta/recipes-connectivity/bluez5/bluez5/run-ptest b/meta/recipes-connectivity/bluez5/bluez5/run-ptest
index 21df00c327..0335e68e48 100644
--- a/meta/recipes-connectivity/bluez5/bluez5/run-ptest
+++ b/meta/recipes-connectivity/bluez5/bluez5/run-ptest
@@ -6,7 +6,7 @@ failed=0
 all=0
 
 for f in test-*; do
-    "./$f"
+    "./$f" -q
     case "$?" in
         0)
             echo "PASS: $f"
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.50.bb b/meta/recipes-connectivity/bluez5/bluez5_5.63.bb
index 66271432fe..a9ee29135d 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.50.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.63.bb
@@ -1,9 +1,9 @@
 require bluez5.inc
 
-REQUIRED_DISTRO_FEATURES = "bluez5"
+SRC_URI[sha256sum] = "9349e11e8160bb3d720835d271250d8a7424d3690f5289e6db6fe07cc66c6d76"
 
-SRC_URI[md5sum] = "8e35c67c81a55d3ad4c9f22280dae178"
-SRC_URI[sha256sum] = "5ffcaae18bbb6155f1591be8c24898dc12f062075a40b538b745bfd477481911"
+# These issues have kernel fixes rather than bluez fixes so exclude here
+CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490"
 
 # noinst programs in Makefile.tools that are conditional on READLINE
 # support
diff --git a/meta/recipes-connectivity/connman/connman-conf.bb b/meta/recipes-connectivity/connman/connman-conf.bb
index 9a519ec866..6b9207c4cb 100644
--- a/meta/recipes-connectivity/connman/connman-conf.bb
+++ b/meta/recipes-connectivity/connman/connman-conf.bb
@@ -1,36 +1,19 @@
-SUMMARY = "Connman config to setup wired interface on qemu machines"
-DESCRIPTION = "This is the ConnMan configuration to set up a Wired \
-network interface for a qemu machine."
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6"
+SUMMARY = "Connman config to ignore wired interface on qemu machines"
+DESCRIPTION = "This is the ConnMan configuration to avoid touching wired \
+network interface inside qemu machines."
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6"
 
-inherit systemd
-
-SRC_URI_append_qemuall = " file://wired.config \
-                           file://wired-setup \
-                           file://wired-connection.service \
-"
 PR = "r2"
 
 S = "${WORKDIR}"
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-FILES_${PN} = "${localstatedir}/* ${datadir}/*"
+FILES:${PN} = "${sysconfdir}/*"
 
-do_install() {
-    #Configure Wired network interface in case of qemu* machines
-    if test -e ${WORKDIR}/wired.config &&
-       test -e ${WORKDIR}/wired-setup &&
-       test -e ${WORKDIR}/wired-connection.service; then
-        install -d ${D}${localstatedir}/lib/connman
-        install -m 0644 ${WORKDIR}/wired.config ${D}${localstatedir}/lib/connman
-        install -d ${D}${datadir}/connman
-        install -m 0755 ${WORKDIR}/wired-setup ${D}${datadir}/connman
-        install -d ${D}${systemd_system_unitdir}
-        install -m 0644 ${WORKDIR}/wired-connection.service ${D}${systemd_system_unitdir}
-        sed -i -e 's|@SCRIPTDIR@|${datadir}/connman|g' ${D}${systemd_system_unitdir}/wired-connection.service
-    fi
+# Kernel IP-Config is perfectly capable of setting up networking passed in via ip=
+do_install:append:qemuall() {
+    mkdir -p ${D}${sysconfdir}/default
+    echo "export EXTRA_PARAM=\"-I eth0\"" > ${D}${sysconfdir}/default/connman
 }
-
-SYSTEMD_SERVICE_${PN}_qemuall = "wired-connection.service"
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service
deleted file mode 100644
index 48adfc08ac..0000000000
--- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-connection.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=Setup a wired interface
-Before=connman.service
-
-[Service]
-Type=oneshot
-ExecStart=@SCRIPTDIR@/wired-setup
-
-[Install]
-WantedBy=network.target
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup
deleted file mode 100644
index c46899ef32..0000000000
--- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired-setup
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-CONFIGF=/var/lib/connman/wired.config
-
-# Extract wired network config from /proc/cmdline
-NET_CONF=`cat /proc/cmdline |sed -ne 's/^.*ip=\([^ ]*\):\([^ ]*\):\([^ ]*\):\([^ ]*\).*$/\1\/\4\/\3/p'`
-
-# Check if eth0 is already set via kernel cmdline
-if [ "x$NET_CONF" = "x" ]; then
-	# Wired interface is not configured via kernel cmdline
-	# Remove connman config file template
-	rm -f ${CONFIGF}
-else
-	# Setup a connman config accordingly
-	sed -i -e "s|^IPv4 =.*|IPv4 = ${NET_CONF}|" ${CONFIGF}
-fi
diff --git a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config b/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config
deleted file mode 100644
index 42998ce897..0000000000
--- a/meta/recipes-connectivity/connman/connman-conf/qemuall/wired.config
+++ /dev/null
@@ -1,9 +0,0 @@
-[global]
-Name = Wired
-Description = Wired network configuration
-
-[service_ethernet]
-Type = ethernet
-IPv4 =
-MAC = 52:54:00:12:34:56
-Nameservers = 8.8.8.8
diff --git a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
index a56bd3751f..fcd154b4b0 100644
--- a/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
+++ b/meta/recipes-connectivity/connman/connman-gnome_0.7.bb
@@ -1,7 +1,7 @@
 SUMMARY = "GTK+ frontend for the ConnMan network connection manager"
 HOMEPAGE = "http://connman.net/"
 SECTION = "libs/network"
-LICENSE = "GPLv2 & LGPLv2.1"
+LICENSE = "GPL-2.0-only & LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                     file://properties/main.c;beginline=1;endline=20;md5=50c77c81871308b033ab7a1504626afb \
                     file://common/connman-dbus.c;beginline=1;endline=20;md5=de6b485c0e717a0236402d220187717a"
@@ -10,21 +10,21 @@ DEPENDS = "gtk+3 dbus-glib dbus-glib-native intltool-native gettext-native"
 
 # 0.7 tag
 SRCREV = "cf3c325b23dae843c5499a113591cfbc98acb143"
-SRC_URI = "git://github.com/connectivity/connman-gnome.git \
+SRC_URI = "git://github.com/connectivity/connman-gnome.git;branch=master;protocol=https \
            file://0001-Removed-icon-from-connman-gnome-about-applet.patch \
            file://null_check_for_ipv4_config.patch \
-           file://images/* \
+           file://images/ \
            file://connman-gnome-fix-dbus-interface-name.patch \
            file://0001-Port-to-Gtk3.patch \
           "
 
 S = "${WORKDIR}/git"
 
-inherit autotools-brokensep gtk-icon-cache pkgconfig distro_features_check
+inherit autotools-brokensep gtk-icon-cache pkgconfig features_check
 ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}"
 
-RDEPENDS_${PN} = "connman"
+RDEPENDS:${PN} = "connman"
 
-do_install_append() {
+do_install:append() {
     install -m 0644 ${WORKDIR}/images/* ${D}/usr/share/icons/hicolor/22x22/apps/
 }
diff --git a/meta/recipes-connectivity/connman/connman.inc b/meta/recipes-connectivity/connman/connman.inc
index 0a117e44a4..5880ecd5d4 100644
--- a/meta/recipes-connectivity/connman/connman.inc
+++ b/meta/recipes-connectivity/connman/connman.inc
@@ -9,15 +9,15 @@ configuration methods, like DHCP and domain name resolving, are \
 implemented using plug-ins."
 HOMEPAGE = "http://connman.net/"
 BUGTRACKER = "https://01.org/jira/browse/CM"
-LICENSE  = "GPLv2"
+LICENSE  = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
                     file://src/main.c;beginline=1;endline=20;md5=486a279a6ab0c8d152bcda3a5b5edc36"
 
-inherit autotools pkgconfig systemd update-rc.d bluetooth update-alternatives
+inherit autotools pkgconfig systemd update-rc.d update-alternatives
 
-DEPENDS  = "dbus glib-2.0 ppp readline"
+CVE_PRODUCT = "connman connection_manager"
 
-INC_PR = "r20"
+DEPENDS  = "dbus glib-2.0 ppp"
 
 EXTRA_OECONF += "\
     ac_cv_path_WPASUPPLICANT=${sbindir}/wpa_supplicant \
@@ -27,22 +27,20 @@ EXTRA_OECONF += "\
     --enable-ethernet \
     --enable-tools \
     --disable-polkit \
-    --enable-client \
 "
 
-PACKAGECONFIG ??= "wispr \
+PACKAGECONFIG ??= "wispr iptables client\
                    ${@bb.utils.filter('DISTRO_FEATURES', '3g systemd wifi', d)} \
                    ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
-                   iptables \
 "
 
 # If you want ConnMan to support VPN, add following statement into
 # local.conf or distro config
-# PACKAGECONFIG_append_pn-connman = " openvpn vpnc l2tp pptp"
+# PACKAGECONFIG:append:pn-connman = " openvpn vpnc l2tp pptp"
 
-PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''"
+PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/ --with-tmpfilesdir=${sysconfdir}/tmpfiles.d/,--with-systemdunitdir='' --with-tmpfilesdir=''"
 PACKAGECONFIG[wifi] = "--enable-wifi, --disable-wifi, wpa-supplicant, wpa-supplicant"
-PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}, ${BLUEZ}"
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5, bluez5"
 PACKAGECONFIG[3g] = "--enable-ofono, --disable-ofono, ofono, ofono"
 PACKAGECONFIG[tist] = "--enable-tist,--disable-tist,"
 PACKAGECONFIG[openvpn] = "--enable-openvpn --with-openvpn=${sbindir}/openvpn,--disable-openvpn,,openvpn"
@@ -51,30 +49,33 @@ PACKAGECONFIG[l2tp] = "--enable-l2tp --with-l2tp=${sbindir}/xl2tpd,--disable-l2t
 PACKAGECONFIG[pptp] = "--enable-pptp --with-pptp=${sbindir}/pptp,--disable-pptp,,pptp-linux"
 # WISPr support for logging into hotspots, requires TLS
 PACKAGECONFIG[wispr] = "--enable-wispr,--disable-wispr,gnutls,"
-PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables-ipv4 kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-meta kernel-module-nft-masq-ipv4 kernel-module-nft-nat"
+PACKAGECONFIG[nftables] = "--with-firewall=nftables ,,libmnl libnftnl,,kernel-module-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft-masq-ipv4 kernel-module-nft-nat"
 PACKAGECONFIG[iptables] = "--with-firewall=iptables ,,iptables,iptables"
+PACKAGECONFIG[nfc] = "--enable-neard, --disable-neard, neard, neard"
+PACKAGECONFIG[client] = "--enable-client,--disable-client,readline"
+PACKAGECONFIG[wireguard] = "--enable-wireguard,--disable-wireguard,libmnl"
 
 INITSCRIPT_NAME = "connman"
 INITSCRIPT_PARAMS = "start 05 5 2 3 . stop 22 0 1 6 ."
 
 python __anonymous () {
-    systemd_packages = "${PN}"
+    systemd_packages = "${PN} ${PN}-wait-online"
     pkgconfig = d.getVar('PACKAGECONFIG')
     if ('openvpn' or 'vpnc' or 'l2tp' or 'pptp') in pkgconfig.split():
         systemd_packages += " ${PN}-vpn"
     d.setVar('SYSTEMD_PACKAGES', systemd_packages)
 }
 
-SYSTEMD_SERVICE_${PN} = "connman.service"
-SYSTEMD_SERVICE_${PN}-vpn = "connman-vpn.service"
-SYSTEMD_SERVICE_${PN}-wait-online = "connman-wait-online.service"
+SYSTEMD_SERVICE:${PN} = "connman.service"
+SYSTEMD_SERVICE:${PN}-vpn = "connman-vpn.service"
+SYSTEMD_SERVICE:${PN}-wait-online = "connman-wait-online.service"
 
 ALTERNATIVE_PRIORITY = "100"
-ALTERNATIVE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
+ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
 ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.connman','',d)}"
 ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
 
-do_install_append() {
+do_install:append() {
 	if ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','true','false',d)}; then
 		install -d ${D}${sysconfdir}/init.d
 		install -m 0755 ${WORKDIR}/connman ${D}${sysconfdir}/init.d/connman
@@ -86,7 +87,6 @@ do_install_append() {
 	if [ -e ${B}/tools/wispr ]; then
 		install -m 0755 ${B}/tools/wispr ${D}${bindir}
 	fi
-	install -m 0755 ${B}/client/connmanctl ${D}${bindir}
 
 	# We don't need to package an empty directory
 	rmdir --ignore-fail-on-non-empty ${D}${libdir}/connman/scripts
@@ -102,7 +102,7 @@ do_install_append() {
 }
 
 # These used to be plugins, but now they are core
-RPROVIDES_${PN} = "\
+RPROVIDES:${PN} = "\
 	connman-plugin-loopback \
 	connman-plugin-ethernet \
 	${@bb.utils.contains('PACKAGECONFIG', 'bluetooth','connman-plugin-bluetooth', '', d)} \
@@ -110,7 +110,7 @@ RPROVIDES_${PN} = "\
 	${@bb.utils.contains('PACKAGECONFIG', '3g','connman-plugin-ofono', '', d)} \
 	"
 
-RDEPENDS_${PN} = "\
+RDEPENDS:${PN} = "\
 	dbus \
 	"
 
@@ -121,11 +121,11 @@ def add_rdepends(bb, d, file, pkg, depmap, multilib_prefix, add_insane_skip):
     if plugintype in depmap:
         rdepends = map(lambda x: multilib_prefix + x, \
                        depmap[plugintype].split())
-        d.setVar("RDEPENDS_%s" % pkg, " ".join(rdepends))
+        d.setVar("RDEPENDS:%s" % pkg, " ".join(rdepends))
     if add_insane_skip:
-        d.appendVar("INSANE_SKIP_%s" % pkg, "dev-so")
+        d.appendVar("INSANE_SKIP:%s" % pkg, "dev-so")
 
-python populate_packages_prepend() {
+python populate_packages:prepend() {
     depmap = dict(pppd="ppp")
     multilib_prefix = (d.getVar("MLPREFIX") or "")
 
@@ -146,71 +146,72 @@ python populate_packages_prepend() {
 
 PACKAGES =+ "${PN}-tools ${PN}-tests ${PN}-client"
 
-FILES_${PN}-tools = "${bindir}/wispr"
-RDEPENDS_${PN}-tools ="${PN}"
+FILES:${PN}-tools = "${bindir}/wispr"
+RDEPENDS:${PN}-tools ="${PN}"
 
-FILES_${PN}-tests = "${bindir}/*-test"
+FILES:${PN}-tests = "${bindir}/*-test"
 
-FILES_${PN}-client = "${bindir}/connmanctl"
-RDEPENDS_${PN}-client ="${PN}"
+FILES:${PN}-client = "${bindir}/connmanctl"
+RDEPENDS:${PN}-client ="${PN}"
 
-FILES_${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
+FILES:${PN} = "${bindir}/* ${sbindir}/* ${libexecdir}/* ${libdir}/lib*.so.* \
             ${libdir}/connman/plugins \
             ${sysconfdir} ${sharedstatedir} ${localstatedir} ${datadir} \
             ${base_bindir}/* ${base_sbindir}/* ${base_libdir}/*.so* ${datadir}/${PN} \
             ${datadir}/dbus-1/system-services/* \
             ${sysconfdir}/tmpfiles.d/connman_resolvconf.conf"
 
-FILES_${PN}-dev += "${libdir}/connman/*/*.la"
+FILES:${PN}-dev += "${libdir}/connman/*/*.la"
 
 PACKAGES =+ "${PN}-vpn ${PN}-wait-online"
 
-SUMMARY_${PN}-vpn = "A daemon for managing VPN connections within embedded devices"
-DESCRIPTION_${PN}-vpn = "The ConnMan VPN provides a daemon for \
+SUMMARY:${PN}-vpn = "A daemon for managing VPN connections within embedded devices"
+DESCRIPTION:${PN}-vpn = "The ConnMan VPN provides a daemon for \
 managing VPN connections within embedded devices running the Linux \
 operating system.  The connman-vpnd handles all the VPN connections \
 and starts/stops VPN client processes when necessary. The connman-vpnd \
 provides a DBus API for managing VPN connections. All the different \
 VPN technogies are implemented using plug-ins."
-FILES_${PN}-vpn += "${sbindir}/connman-vpnd \
+FILES:${PN}-vpn += "${sbindir}/connman-vpnd \
                     ${sysconfdir}/dbus-1/system.d/connman-vpn-dbus.conf \
                     ${datadir}/dbus-1/system-services/net.connman.vpn.service \
-                    ${systemd_unitdir}/system/connman-vpn.service"
+                    ${systemd_system_unitdir}/connman-vpn.service"
 
-SUMMARY_${PN}-wait-online = "A program that will return once ConnMan has connected to a network"
-DESCRIPTION_${PN}-wait-online = "A service that can be enabled so that \
+SUMMARY:${PN}-wait-online = "A program that will return once ConnMan has connected to a network"
+DESCRIPTION:${PN}-wait-online = "A service that can be enabled so that \
 the system waits until a network connection is established."
-FILES_${PN}-wait-online += "${sbindir}/connmand-wait-online \
-                            ${systemd_unitdir}/system/connman-wait-online.service"
+FILES:${PN}-wait-online += "${sbindir}/connmand-wait-online \
+                            ${systemd_system_unitdir}/connman-wait-online.service"
 
-SUMMARY_${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN"
-DESCRIPTION_${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \
+SUMMARY:${PN}-plugin-vpn-openvpn = "An OpenVPN plugin for ConnMan VPN"
+DESCRIPTION:${PN}-plugin-vpn-openvpn = "The ConnMan OpenVPN plugin uses openvpn client \
 to create a VPN connection to OpenVPN server."
-FILES_${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \
+FILES:${PN}-plugin-vpn-openvpn += "${libdir}/connman/scripts/openvpn-script \
                                    ${libdir}/connman/plugins-vpn/openvpn.so"
-RDEPENDS_${PN}-plugin-vpn-openvpn += "${PN}-vpn"
-RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}"
+RDEPENDS:${PN}-plugin-vpn-openvpn += "${PN}-vpn"
+RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','openvpn','${PN}-plugin-vpn-openvpn', '', d)}"
 
-SUMMARY_${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN"
-DESCRIPTION_${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \
+SUMMARY:${PN}-plugin-vpn-vpnc = "A vpnc plugin for ConnMan VPN"
+DESCRIPTION:${PN}-plugin-vpn-vpnc = "The ConnMan vpnc plugin uses vpnc client \
 to create a VPN connection to Cisco3000 VPN Concentrator."
-FILES_${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \
-                                ${libdir}/connman/plugins-vpn/vpnc.so"
-RDEPENDS_${PN}-plugin-vpn-vpnc += "${PN}-vpn"
-RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}"
-
-SUMMARY_${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN"
-DESCRIPTION_${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \
+FILES:${PN}-plugin-vpn-vpnc += "${libdir}/connman/scripts/openconnect-script \
+                                ${libdir}/connman/plugins-vpn/vpnc.so \
+                                ${libdir}/connman/scripts/vpn-script"
+RDEPENDS:${PN}-plugin-vpn-vpnc += "${PN}-vpn"
+RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','vpnc','${PN}-plugin-vpn-vpnc', '', d)}"
+
+SUMMARY:${PN}-plugin-vpn-l2tp = "A L2TP plugin for ConnMan VPN"
+DESCRIPTION:${PN}-plugin-vpn-l2tp = "The ConnMan L2TP plugin uses xl2tpd daemon \
 to create a VPN connection to L2TP server."
-FILES_${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \
+FILES:${PN}-plugin-vpn-l2tp += "${libdir}/connman/scripts/libppp-plugin.so* \
                                 ${libdir}/connman/plugins-vpn/l2tp.so"
-RDEPENDS_${PN}-plugin-vpn-l2tp += "${PN}-vpn"
-RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}"
+RDEPENDS:${PN}-plugin-vpn-l2tp += "${PN}-vpn"
+RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','l2tp','${PN}-plugin-vpn-l2tp', '', d)}"
 
-SUMMARY_${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN"
-DESCRIPTION_${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \
+SUMMARY:${PN}-plugin-vpn-pptp = "A PPTP plugin for ConnMan VPN"
+DESCRIPTION:${PN}-plugin-vpn-pptp = "The ConnMan PPTP plugin uses pptp-linux client \
 to create a VPN connection to PPTP server."
-FILES_${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \
+FILES:${PN}-plugin-vpn-pptp += "${libdir}/connman/scripts/libppp-plugin.so* \
                                 ${libdir}/connman/plugins-vpn/pptp.so"
-RDEPENDS_${PN}-plugin-vpn-pptp += "${PN}-vpn"
-RRECOMMENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}"
+RDEPENDS:${PN}-plugin-vpn-pptp += "${PN}-vpn"
+RRECOMMENDS:${PN} += "${@bb.utils.contains('PACKAGECONFIG','pptp','${PN}-plugin-vpn-pptp', '', d)}"
diff --git a/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch b/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch
deleted file mode 100644
index f344fea109..0000000000
--- a/meta/recipes-connectivity/connman/connman/0001-Fix-various-issues-which-cause-problems-under-musl.patch
+++ /dev/null
@@ -1,362 +0,0 @@
-From 181ff3439783c6920f5211730672685a210c318f Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Mon, 8 Oct 2018 22:12:56 +0200
-Subject: [PATCH] Fix various issues which cause problems under musl
-
-Instead of using #define _GNU_SOURCE in some source files which causes
-problems when building with musl as more files need the define, simply
-use AC_USE_SYSTEM_EXTENSIONS in configure.ac to get it defined globally.
-
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-Upstream-Status: Backport [bd1326ba7d68df38c5ccaafd2403a5fb30bd452b]
----
- configure.ac                 | 3 +++
- gdhcp/client.c               | 1 -
- gdhcp/common.h               | 5 +++--
- gweb/gresolv.c               | 1 +
- plugins/tist.c               | 1 -
- plugins/wifi.c               | 3 +--
- src/backtrace.c              | 1 -
- src/inet.c                   | 1 -
- src/ippool.c                 | 1 -
- src/iptables.c               | 2 +-
- src/log.c                    | 1 -
- src/ntp.c                    | 1 -
- src/resolver.c               | 1 -
- src/rfkill.c                 | 1 -
- src/stats.c                  | 1 -
- src/tethering.c              | 2 --
- src/timezone.c               | 1 -
- tools/dhcp-test.c            | 1 -
- tools/dnsproxy-test.c        | 1 +
- tools/private-network-test.c | 2 +-
- tools/stats-tool.c           | 1 -
- tools/tap-test.c             | 3 +--
- tools/wispr.c                | 1 -
- vpn/plugins/vpn.c            | 1 -
- 24 files changed, 12 insertions(+), 25 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 39745f76..984126c2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -20,6 +20,7 @@ AC_SUBST(abs_top_srcdir)
- AC_SUBST(abs_top_builddir)
- 
- AC_LANG_C
-+AC_USE_SYSTEM_EXTENSIONS
- 
- AC_PROG_CC
- AM_PROG_CC_C_O
-@@ -185,6 +186,8 @@ AC_CHECK_LIB(resolv, ns_initparse, dummy=yes, [
- AC_CHECK_HEADERS([execinfo.h])
- AM_CONDITIONAL([BACKTRACE], [test "${ac_cv_header_execinfo_h}" = "yes"])
- 
-+AC_CHECK_MEMBERS([struct in6_pktinfo.ipi6_addr], [], [], [[#include <netinet/in.h>]])
-+
- AC_CHECK_FUNC(signalfd, dummy=yes,
- 			AC_MSG_ERROR(signalfd support is required))
- 
-diff --git a/gdhcp/client.c b/gdhcp/client.c
-index 67357782..c7db76f0 100644
---- a/gdhcp/client.c
-+++ b/gdhcp/client.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <unistd.h>
-diff --git a/gdhcp/common.h b/gdhcp/common.h
-index 75abc183..6899499e 100644
---- a/gdhcp/common.h
-+++ b/gdhcp/common.h
-@@ -19,6 +19,7 @@
-  *
-  */
- 
-+#include <config.h>
- #include <netinet/udp.h>
- #include <netinet/ip.h>
- 
-@@ -170,8 +171,8 @@ static const uint8_t dhcp_option_lengths[] = {
- 	[OPTION_U32]	= 4,
- };
- 
--/* already defined within netinet/in.h if using GNU compiler */
--#ifndef __USE_GNU
-+/* already defined within netinet/in.h if using glibc or musl */
-+#ifndef HAVE_STRUCT_IN6_PKTINFO_IPI6_ADDR
- struct in6_pktinfo {
- 	struct in6_addr ipi6_addr;  /* src/dst IPv6 address */
- 	unsigned int ipi6_ifindex;  /* send/recv interface index */
-diff --git a/gweb/gresolv.c b/gweb/gresolv.c
-index 81c79b6c..b06f8932 100644
---- a/gweb/gresolv.c
-+++ b/gweb/gresolv.c
-@@ -29,6 +29,7 @@
- #include <string.h>
- #include <stdlib.h>
- #include <resolv.h>
-+#include <stdio.h>
- #include <sys/types.h>
- #include <sys/socket.h>
- #include <netdb.h>
-diff --git a/plugins/tist.c b/plugins/tist.c
-index ad5ef79e..cc2800a1 100644
---- a/plugins/tist.c
-+++ b/plugins/tist.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <stdbool.h>
- #include <stdlib.h>
-diff --git a/plugins/wifi.c b/plugins/wifi.c
-index dc08c6af..46e4cca4 100644
---- a/plugins/wifi.c
-+++ b/plugins/wifi.c
-@@ -30,9 +30,8 @@
- #include <string.h>
- #include <sys/ioctl.h>
- #include <sys/socket.h>
--#include <linux/if_arp.h>
--#include <linux/wireless.h>
- #include <net/ethernet.h>
-+#include <linux/wireless.h>
- 
- #ifndef IFF_LOWER_UP
- #define IFF_LOWER_UP	0x10000
-diff --git a/src/backtrace.c b/src/backtrace.c
-index e8d7f432..bede6698 100644
---- a/src/backtrace.c
-+++ b/src/backtrace.c
-@@ -24,7 +24,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <unistd.h>
- #include <stdlib.h>
-diff --git a/src/inet.c b/src/inet.c
-index a31372b5..a58ce7c1 100644
---- a/src/inet.c
-+++ b/src/inet.c
-@@ -25,7 +25,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <unistd.h>
-diff --git a/src/ippool.c b/src/ippool.c
-index cea1dccd..8a645da2 100644
---- a/src/ippool.c
-+++ b/src/ippool.c
-@@ -28,7 +28,6 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
--#include <sys/errno.h>
- #include <sys/socket.h>
- 
- #include "connman.h"
-diff --git a/src/iptables.c b/src/iptables.c
-index f3670e77..469effed 100644
---- a/src/iptables.c
-+++ b/src/iptables.c
-@@ -28,7 +28,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <sys/socket.h>
- #include <xtables.h>
- #include <inttypes.h>
-diff --git a/src/log.c b/src/log.c
-index 9bae4a3d..f7e82e5d 100644
---- a/src/log.c
-+++ b/src/log.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <unistd.h>
- #include <stdarg.h>
-diff --git a/src/ntp.c b/src/ntp.c
-index 51ba9aac..724ca188 100644
---- a/src/ntp.c
-+++ b/src/ntp.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <errno.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/src/resolver.c b/src/resolver.c
-index 76f0a8e1..10121aa5 100644
---- a/src/resolver.c
-+++ b/src/resolver.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/src/rfkill.c b/src/rfkill.c
-index d9bed4d2..b2514c41 100644
---- a/src/rfkill.c
-+++ b/src/rfkill.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
-diff --git a/src/stats.c b/src/stats.c
-index 663bc382..c9ddc2e8 100644
---- a/src/stats.c
-+++ b/src/stats.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <errno.h>
- #include <sys/mman.h>
- #include <sys/types.h>
-diff --git a/src/tethering.c b/src/tethering.c
-index 4b202369..f3cb36f4 100644
---- a/src/tethering.c
-+++ b/src/tethering.c
-@@ -34,8 +34,6 @@
- #include <string.h>
- #include <fcntl.h>
- #include <netinet/in.h>
--#include <linux/sockios.h>
--#include <linux/if_tun.h>
- #include <linux/if_bridge.h>
- 
- #include "connman.h"
-diff --git a/src/timezone.c b/src/timezone.c
-index e346b11a..8e912670 100644
---- a/src/timezone.c
-+++ b/src/timezone.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <errno.h>
- #include <stdio.h>
- #include <fcntl.h>
-diff --git a/tools/dhcp-test.c b/tools/dhcp-test.c
-index c34e10a8..eae66fc2 100644
---- a/tools/dhcp-test.c
-+++ b/tools/dhcp-test.c
-@@ -33,7 +33,6 @@
- #include <arpa/inet.h>
- #include <net/route.h>
- #include <net/ethernet.h>
--#include <linux/if_arp.h>
- 
- #include <gdhcp/gdhcp.h>
- 
-diff --git a/tools/dnsproxy-test.c b/tools/dnsproxy-test.c
-index 551cae91..371e2e23 100644
---- a/tools/dnsproxy-test.c
-+++ b/tools/dnsproxy-test.c
-@@ -24,6 +24,7 @@
- #endif
- 
- #include <errno.h>
-+#include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-diff --git a/tools/private-network-test.c b/tools/private-network-test.c
-index 3dd115ba..2828bb30 100644
---- a/tools/private-network-test.c
-+++ b/tools/private-network-test.c
-@@ -32,7 +32,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <signal.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/signalfd.h>
- #include <unistd.h>
- 
-diff --git a/tools/stats-tool.c b/tools/stats-tool.c
-index efa39de2..5695048f 100644
---- a/tools/stats-tool.c
-+++ b/tools/stats-tool.c
-@@ -22,7 +22,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <sys/mman.h>
- #include <sys/types.h>
- #include <sys/stat.h>
-diff --git a/tools/tap-test.c b/tools/tap-test.c
-index fdc098aa..cb3ee622 100644
---- a/tools/tap-test.c
-+++ b/tools/tap-test.c
-@@ -23,13 +23,12 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <errno.h>
- #include <fcntl.h>
- #include <unistd.h>
- #include <string.h>
--#include <sys/poll.h>
-+#include <poll.h>
- #include <sys/ioctl.h>
- 
- #include <netinet/in.h>
-diff --git a/tools/wispr.c b/tools/wispr.c
-index d5f9341f..e56dfc16 100644
---- a/tools/wispr.c
-+++ b/tools/wispr.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <stdio.h>
- #include <fcntl.h>
- #include <unistd.h>
-diff --git a/vpn/plugins/vpn.c b/vpn/plugins/vpn.c
-index 10548aaf..6e3f640c 100644
---- a/vpn/plugins/vpn.c
-+++ b/vpn/plugins/vpn.c
-@@ -23,7 +23,6 @@
- #include <config.h>
- #endif
- 
--#define _GNU_SOURCE
- #include <string.h>
- #include <fcntl.h>
- #include <unistd.h>
--- 
-2.17.1
-
diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
index 639ccfa2a2..9dca21a02f 100644
--- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
+++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch
@@ -1,7 +1,7 @@
-From 10b0d16d04b811b1ccd1f9b0cfe757bce8d876a1 Mon Sep 17 00:00:00 2001
+From 01974865e4d331eeaf25248bee1bb96539c450d9 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 6 Apr 2015 23:02:21 -0700
-Subject: [PATCH 2/3] resolve: musl does not implement res_ninit
+Subject: [PATCH] resolve: musl does not implement res_ninit
 
 ported from
 http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch
@@ -9,12 +9,13 @@ http://git.alpinelinux.org/cgit/aports/plain/testing/connman/libresolv.patch
 Upstream-Status: Pending
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
 ---
- gweb/gresolv.c | 33 ++++++++++++---------------------
- 1 file changed, 12 insertions(+), 21 deletions(-)
+ gweb/gresolv.c | 34 +++++++++++++---------------------
+ 1 file changed, 13 insertions(+), 21 deletions(-)
 
 diff --git a/gweb/gresolv.c b/gweb/gresolv.c
-index 5cf7a9a..3ad8e70 100644
+index 954e7cf..2a9bc51 100644
 --- a/gweb/gresolv.c
 +++ b/gweb/gresolv.c
 @@ -36,6 +36,7 @@
@@ -25,7 +26,7 @@ index 5cf7a9a..3ad8e70 100644
  
  #include "gresolv.h"
  
-@@ -875,8 +875,6 @@ GResolv *g_resolv_new(int index)
+@@ -878,8 +879,6 @@ GResolv *g_resolv_new(int index)
  	resolv->index = index;
  	resolv->nameserver_list = NULL;
  
@@ -34,7 +35,7 @@ index 5cf7a9a..3ad8e70 100644
  	return resolv;
  }
  
-@@ -916,8 +914,6 @@ void g_resolv_unref(GResolv *resolv)
+@@ -919,8 +918,6 @@ void g_resolv_unref(GResolv *resolv)
  
  	flush_nameservers(resolv);
  
@@ -43,7 +44,7 @@ index 5cf7a9a..3ad8e70 100644
  	g_free(resolv);
  }
  
-@@ -1020,24 +1016,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
+@@ -1023,24 +1020,19 @@ guint g_resolv_lookup_hostname(GResolv *resolv, const char *hostname,
  	debug(resolv, "hostname %s", hostname);
  
  	if (!resolv->nameserver_list) {
@@ -80,6 +81,3 @@ index 5cf7a9a..3ad8e70 100644
  		}
  
  		if (!resolv->nameserver_list)
--- 
-2.5.1
-
diff --git a/meta/recipes-connectivity/connman/connman/connman b/meta/recipes-connectivity/connman/connman/connman
index c64fa0d715..310a696863 100644
--- a/meta/recipes-connectivity/connman/connman/connman
+++ b/meta/recipes-connectivity/connman/connman/connman
@@ -27,7 +27,6 @@ while read dev mtpt fstype rest; do
 done
 
 do_start() {
-	EXTRA_PARAM=""
 	if test $nfsroot -eq 1 ; then
 	    NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 ]*\):.*$/\1/p'`
 	    NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'`
@@ -36,13 +35,13 @@ do_start() {
 		if [ "$NET_ADDR" = dhcp ]; then
 		    ethn=`ifconfig | grep "^eth" | sed -e "s/\(eth[0-9]\)\(.*\)/\1/"`
 		    if [ ! -z "$ethn" ]; then
-			EXTRA_PARAM="-I $ethn"
+			EXTRA_PARAM="$EXTRA_PARAM -I $ethn"
 		    fi
 		else
 		    for i in $NET_DEVS; do
 			ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 's/^.*inet \([0-9.]*\) .*$/\1/p'`
 			if [ "$NET_ADDR" = "$ADDR" ]; then
-			    EXTRA_PARAM="-I $i"
+			    EXTRA_PARAM="$EXTRA_PARAM -I $i"
 			    break
 			fi
 		    done
diff --git a/meta/recipes-connectivity/connman/connman_1.36.bb b/meta/recipes-connectivity/connman/connman_1.36.bb
deleted file mode 100644
index 6e4dbdfda6..0000000000
--- a/meta/recipes-connectivity/connman/connman_1.36.bb
+++ /dev/null
@@ -1,16 +0,0 @@
-require connman.inc
-
-SRC_URI  = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-            file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
-            file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
-            file://connman \
-            file://no-version-scripts.patch \
-            file://0001-Fix-various-issues-which-cause-problems-under-musl.patch \
-"
-
-SRC_URI_append_libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
-
-SRC_URI[md5sum] = "dae77d9c904d2c223ae849e32079d57e"
-SRC_URI[sha256sum] = "c789db41cc443fa41e661217ea321492ad59a004bebcd1aa013f3bc10a6e0074"
-
-RRECOMMENDS_${PN} = "connman-conf"
diff --git a/meta/recipes-connectivity/connman/connman_1.41.bb b/meta/recipes-connectivity/connman/connman_1.41.bb
new file mode 100644
index 0000000000..736b78eaeb
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman_1.41.bb
@@ -0,0 +1,15 @@
+require connman.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+           file://0001-plugin.h-Change-visibility-to-default-for-debug-symb.patch \
+           file://0001-connman.service-stop-systemd-resolved-when-we-use-co.patch \
+           file://connman \
+           file://no-version-scripts.patch \
+           "
+
+SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"
+
+SRC_URI[sha256sum] = "79fb40f4fdd5530c45aa8e592fb16ba23d3674f3a98cf10b89a6576f198de589"
+
+RRECOMMENDS:${PN} = "connman-conf"
+RCONFLICTS:${PN} = "networkmanager"
diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc b/meta/recipes-connectivity/dhcp/dhcp.inc
deleted file mode 100644
index 3e65e5cf29..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp.inc
+++ /dev/null
@@ -1,148 +0,0 @@
-SECTION = "console/network"
-SUMMARY = "Internet Software Consortium DHCP package"
-DESCRIPTION = "DHCP (Dynamic Host Configuration Protocol) is a protocol \
-which allows individual devices on an IP network to get their own \
-network configuration information from a server.  DHCP helps make it \
-easier to administer devices."
-
-HOMEPAGE = "http://www.isc.org/"
-
-LICENSE = "ISC"
-LIC_FILES_CHKSUM = "file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01"
-
-DEPENDS = "openssl bind"
-
-SRC_URI = "http://ftp.isc.org/isc/dhcp/${PV}/dhcp-${PV}.tar.gz \
-           file://init-relay file://default-relay \
-           file://init-server file://default-server \
-           file://dhclient.conf file://dhcpd.conf \
-           file://dhclient-systemd-wrapper \
-           file://dhclient.service \
-           file://dhcpd.service file://dhcrelay.service \
-           file://dhcpd6.service \
-           "
-UPSTREAM_CHECK_URI = "ftp://ftp.isc.org/isc/dhcp/"
-UPSTREAM_CHECK_REGEX = "(?P<pver>\d+\.\d+\.(\d+?))/"
-
-inherit autotools-brokensep systemd useradd update-rc.d
-
-USERADD_PACKAGES = "${PN}-server"
-USERADD_PARAM_${PN}-server = "--system --no-create-home --home-dir /var/run/${BPN} --shell /bin/false --user-group ${BPN}"
-
-SYSTEMD_PACKAGES = "${PN}-server ${PN}-relay ${PN}-client"
-SYSTEMD_SERVICE_${PN}-server = "dhcpd.service dhcpd6.service"
-SYSTEMD_AUTO_ENABLE_${PN}-server = "disable"
-
-SYSTEMD_SERVICE_${PN}-relay = "dhcrelay.service"
-SYSTEMD_AUTO_ENABLE_${PN}-relay = "disable"
-
-SYSTEMD_SERVICE_${PN}-client = "dhclient.service"
-SYSTEMD_AUTO_ENABLE_${PN}-client = "disable"
-
-INITSCRIPT_PACKAGES = "dhcp-server"
-INITSCRIPT_NAME_dhcp-server = "dhcp-server"
-INITSCRIPT_PARAMS_dhcp-server = "defaults"
-
-TARGET_CFLAGS += "-D_GNU_SOURCE"
-EXTRA_OECONF = "--with-srv-lease-file=${localstatedir}/lib/dhcp/dhcpd.leases \
-                --with-srv6-lease-file=${localstatedir}/lib/dhcp/dhcpd6.leases \
-                --with-cli-lease-file=${localstatedir}/lib/dhcp/dhclient.leases \
-                --with-cli6-lease-file=${localstatedir}/lib/dhcp/dhclient6.leases \
-                --enable-paranoia --disable-static \
-                --with-randomdev=/dev/random \
-                --with-libbind=${STAGING_DIR_HOST} \
-		--enable-libtool \
-               "
-
-#Enable shared libs per dhcp README
-do_configure_prepend () {
-	cp configure.ac+lt configure.ac
-}
-
-do_install_append () {
-	install -d ${D}${sysconfdir}/init.d
-	install -d ${D}${sysconfdir}/default
-	install -d ${D}${sysconfdir}/dhcp
-	install -m 0755 ${WORKDIR}/init-relay ${D}${sysconfdir}/init.d/dhcp-relay
-	install -m 0644 ${WORKDIR}/default-relay ${D}${sysconfdir}/default/dhcp-relay
-	install -m 0755 ${WORKDIR}/init-server ${D}${sysconfdir}/init.d/dhcp-server
-	install -m 0644 ${WORKDIR}/default-server ${D}${sysconfdir}/default/dhcp-server
-
-	rm -f ${D}${sysconfdir}/dhclient.conf*
-	rm -f ${D}${sysconfdir}/dhcpd.conf*
-	install -m 0644 ${WORKDIR}/dhclient.conf ${D}${sysconfdir}/dhcp/dhclient.conf
-	install -m 0644 ${WORKDIR}/dhcpd.conf ${D}${sysconfdir}/dhcp/dhcpd.conf
-
-	install -d ${D}${base_sbindir}/
-	if [ "${sbindir}" != "${base_sbindir}" ]; then
-		mv ${D}${sbindir}/dhclient ${D}${base_sbindir}/
-	fi
-	install -m 0755 ${S}/client/scripts/linux ${D}${base_sbindir}/dhclient-script
-
-	# Install systemd unit files
-	install -d ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/dhcpd.service ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/dhcpd6.service ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/dhcrelay.service ${D}${systemd_unitdir}/system
-	sed -i -e 's,@SBINDIR@,${sbindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service ${D}${systemd_unitdir}/system/dhcrelay.service
-	sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
-	sed -i -e 's,@base_bindir@,${base_bindir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
-	sed -i -e 's,@localstatedir@,${localstatedir},g' ${D}${systemd_unitdir}/system/dhcpd*.service
-	sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhcrelay.service
-
-	install -d ${D}${base_sbindir}
-	install -m 0755 ${WORKDIR}/dhclient-systemd-wrapper ${D}${base_sbindir}/dhclient-systemd-wrapper
-	install -m 0644 ${WORKDIR}/dhclient.service ${D}${systemd_unitdir}/system
-	sed -i -e 's,@SYSCONFDIR@,${sysconfdir},g' ${D}${systemd_unitdir}/system/dhclient.service
-	sed -i -e 's,@BASE_SBINDIR@,${base_sbindir},g' ${D}${systemd_unitdir}/system/dhclient.service
-}
-
-PACKAGES += "dhcp-libs dhcp-server dhcp-server-config dhcp-client dhcp-relay dhcp-omshell"
-
-PACKAGES_remove = "${PN}"
-RDEPENDS_${PN}-dev = ""
-RDEPENDS_${PN}-staticdev = ""
-FILES_${PN}-libs = "${libdir}/libdhcpctl.so.0* ${libdir}/libomapi.so.0* ${libdir}/libdhcp.so.0*"
-
-FILES_${PN}-server = "${sbindir}/dhcpd ${sysconfdir}/init.d/dhcp-server"
-RRECOMMENDS_${PN}-server = "dhcp-server-config"
-
-FILES_${PN}-server-config = "${sysconfdir}/default/dhcp-server ${sysconfdir}/dhcp/dhcpd.conf"
-
-FILES_${PN}-relay = "${sbindir}/dhcrelay ${sysconfdir}/init.d/dhcp-relay ${sysconfdir}/default/dhcp-relay"
-
-FILES_${PN}-client = "${base_sbindir}/dhclient \
-                      ${base_sbindir}/dhclient-script \
-                      ${sysconfdir}/dhcp/dhclient.conf \
-                      ${base_sbindir}/dhclient-systemd-wrapper \
-                     "
-
-FILES_${PN}-omshell = "${bindir}/omshell"
-
-pkg_postinst_dhcp-server() {
-    mkdir -p $D/${localstatedir}/lib/dhcp
-    touch $D/${localstatedir}/lib/dhcp/dhcpd.leases
-    touch $D/${localstatedir}/lib/dhcp/dhcpd6.leases
-}
-
-pkg_postinst_dhcp-client() {
-    mkdir -p $D/${localstatedir}/lib/dhcp
-}
-
-pkg_postrm_dhcp-server() {
-    rm -f $D/${localstatedir}/lib/dhcp/dhcpd.leases
-    rm -f $D/${localstatedir}/lib/dhcp/dhcpd6.leases
-
-    if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then
-        echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty."
-    fi
-}
-
-pkg_postrm_dhcp-client() {
-    rm -f $D/${localstatedir}/lib/dhcp/dhclient.leases
-    rm -f $D/${localstatedir}/lib/dhcp/dhclient6.leases
-
-    if ! rmdir $D/${localstatedir}/lib/dhcp 2>/dev/null; then
-        echo "Not removing ${localstatedir}/lib/dhcp as it is non-empty."
-    fi
-}
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
deleted file mode 100644
index d1b57f0bb4..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Tue, 15 Aug 2017 16:14:22 +0800
-Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
-
-Upstream-Status: Inappropriate [OE specific]
-
-Rebase to 4.3.6
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- includes/site.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-Index: dhcp-4.4.1/includes/site.h
-===================================================================
---- dhcp-4.4.1.orig/includes/site.h
-+++ dhcp-4.4.1/includes/site.h
-@@ -148,7 +148,8 @@
- /* Define this if you want the dhcpd.conf file to go somewhere other than
-    the default location.   By default, it goes in /etc/dhcpd.conf. */
- 
--/* #define _PATH_DHCPD_CONF	"/etc/dhcpd.conf" */
-+#define _PATH_DHCPD_CONF	"/etc/dhcp/dhcpd.conf"
-+#define _PATH_DHCLIENT_CONF	"/etc/dhcp/dhclient.conf"
- 
- /* Network API definitions.   You do not need to choose one of these - if
-    you don't choose, one will be chosen for you in your system's config
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch b/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch
deleted file mode 100644
index d2e57714cd..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch
+++ /dev/null
@@ -1,2882 +0,0 @@
-From ffb1d1325bd6503df9a324befac5f5039ac77432 Mon Sep 17 00:00:00 2001
-From: Armin Kuster <akuster@mvista.com>
-Date: Tue, 23 Oct 2018 10:36:56 +0000
-Subject: [PATCH] dhcpd: fix Replace custom isc_boolean_t with C standard bool
- type
-
-
-Upstream-Status: Pending
-
-Fixes issues introduced by bind when they changed their headers.
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
----
- includes/dhcpd.h           | 34 +++++++++++++++++-----------------
- includes/heap.h            |  2 +-
- includes/omapip/omapip.h   |  2 +-
- includes/omapip/omapip_p.h |  6 +++---
- includes/tree.h            |  2 +-
- 5 files changed, 23 insertions(+), 23 deletions(-)
-
-Index: dhcp-4.4.1/includes/dhcpd.h
-===================================================================
---- dhcp-4.4.1.orig/includes/dhcpd.h
-+++ dhcp-4.4.1/includes/dhcpd.h
-@@ -461,20 +461,20 @@ struct packet {
- 	 * options we got in a previous exchange were still there, we need
- 	 * to signal this in a reliable way.
- 	 */
--	isc_boolean_t agent_options_stashed;
-+	bool agent_options_stashed;
- 
- 	/*
- 	 * ISC_TRUE if packet received unicast (as opposed to multicast).
- 	 * Only used in DHCPv6.
- 	 */
--	isc_boolean_t unicast;
-+	bool unicast;
- 
- 	/* Propagates server value SV_ECHO_CLIENT_ID so it is available
-          * in cons_options() */
- 	int sv_echo_client_id;
- 
- 	/* Relay port check */
--	isc_boolean_t relay_source_port;
-+	bool relay_source_port;
- };
- 
- /*
-@@ -1174,7 +1174,7 @@ struct dhc6_lease {
- 	struct dhc6_lease *next;
- 	struct data_string server_id;
- 
--	isc_boolean_t released;
-+	bool released;
- 	int score;
- 	u_int8_t pref;
- 
-@@ -1695,8 +1695,8 @@ struct ipv6_pool {
- 	int bits;				/* number of bits, CIDR style */
- 	int units;				/* allocation unit in bits */
- 	iasubopt_hash_t *leases;		/* non-free leases */
--	isc_uint64_t num_active;		/* count of active leases */
--	isc_uint64_t num_abandoned;		/* count of abandoned leases */
-+	uint64_t num_active;			/* count of active leases */
-+	uint64_t num_abandoned;			/* count of abandoned leases */
- 	isc_heap_t *active_timeouts;		/* timeouts for active leases */
- 	int num_inactive;			/* count of inactive leases */
- 	isc_heap_t *inactive_timeouts;		/* timeouts for expired or
-@@ -1732,11 +1732,11 @@ struct ipv6_pond {
- 	struct ipv6_pool **ipv6_pools;	/* NULL-terminated array */
- 	int last_ipv6_pool;		/* offset of last IPv6 pool
- 					   used to issue a lease */
--	isc_uint64_t num_total;	    /* Total number of elements in the pond */
--	isc_uint64_t num_active;    /* Number of elements in the pond in use */
--	isc_uint64_t num_abandoned;	/* count of abandoned leases */
-+	uint64_t num_total;	    	/* Total number of elements in the pond */
-+	uint64_t num_active;    	/* Number of elements in the pond in use */
-+	uint64_t num_abandoned;		/* count of abandoned leases */
- 	int logged;			/* already logged a message */
--	isc_uint64_t low_threshold;	/* low threshold to restart logging */
-+	uint64_t low_threshold;		/* low threshold to restart logging */
- 	int jumbo_range;
- #ifdef EUI_64
- 	int use_eui_64;		/* use EUI-64 address assignment when true */
-@@ -1745,9 +1745,9 @@ struct ipv6_pond {
- 
- /*
-  * Max addresses in a pond that can be supported by log threshold
-- * Currently based on max value supported by isc_uint64_t.
-+ * Currently based on max value supported by uint64_t.
- */
--#define POND_TRACK_MAX ISC_UINT64_MAX
-+#define POND_TRACK_MAX UINT64_MAX
- 
- /* Flags for dhcp_ddns_cb_t */
- #define DDNS_UPDATE_ADDR		0x0001
-@@ -1868,7 +1868,7 @@ lookup_fqdn6_option(struct universe *uni
- 		    unsigned code);
- void
- save_fqdn6_option(struct universe *universe, struct option_state *options,
--		  struct option_cache *oc, isc_boolean_t appendp);
-+		  struct option_cache *oc, bool appendp);
- void
- delete_fqdn6_option(struct universe *universe, struct option_state *options,
- 		    int code);
-@@ -1953,7 +1953,7 @@ void save_option(struct universe *, stru
- void also_save_option(struct universe *, struct option_state *,
- 		      struct option_cache *);
- void save_hashed_option(struct universe *, struct option_state *,
--			struct option_cache *, isc_boolean_t appendp);
-+			struct option_cache *, bool appendp);
- void delete_option (struct universe *, struct option_state *, int);
- void delete_hashed_option (struct universe *,
- 			   struct option_state *, int);
-@@ -2041,7 +2041,7 @@ int linked_option_state_dereference (str
- 				     struct option_state *,
- 				     const char *, int);
- void save_linked_option(struct universe *, struct option_state *,
--			struct option_cache *, isc_boolean_t appendp);
-+			struct option_cache *, bool appendp);
- void linked_option_space_foreach (struct packet *, struct lease *,
- 				  struct client_state *,
- 				  struct option_state *,
-@@ -2069,7 +2069,7 @@ void do_packet (struct interface_info *,
- 		struct dhcp_packet *, unsigned,
- 		unsigned int, struct iaddr, struct hardware *);
- void do_packet6(struct interface_info *, const char *,
--		int, int, const struct iaddr *, isc_boolean_t);
-+		int, int, const struct iaddr *, bool);
- int packet6_len_okay(const char *, int);
- 
- int validate_packet(struct packet *);
-@@ -2224,7 +2224,7 @@ uint32_t parse_byte_order_uint32(const v
- int ddns_updates(struct packet *, struct lease *, struct lease *,
- 		 struct iasubopt *, struct iasubopt *, struct option_state *);
- isc_result_t ddns_removals(struct lease *, struct iasubopt *,
--			   struct dhcp_ddns_cb *, isc_boolean_t);
-+			   struct dhcp_ddns_cb *, bool);
- u_int16_t get_conflict_mask(struct option_state *input_options);
- #if defined (TRACING)
- void trace_ddns_init(void);
-@@ -2450,7 +2450,7 @@ void dhcpleasequery (struct packet *, in
- void dhcpv6_leasequery (struct data_string *, struct packet *);
- 
- /* dhcpv6.c */
--isc_boolean_t server_duid_isset(void);
-+bool server_duid_isset(void);
- void copy_server_duid(struct data_string *ds, const char *file, int line);
- void set_server_duid(struct data_string *new_duid);
- isc_result_t set_server_duid_from_option(void);
-@@ -2852,7 +2852,7 @@ extern void (*bootp_packet_handler) (str
- 				     struct iaddr, struct hardware *);
- extern void (*dhcpv6_packet_handler)(struct interface_info *,
- 				     const char *, int,
--				     int, const struct iaddr *, isc_boolean_t);
-+				     int, const struct iaddr *, bool);
- extern struct timeout *timeouts;
- extern omapi_object_type_t *dhcp_type_interface;
- #if defined (TRACING)
-@@ -2943,7 +2943,7 @@ int addr_or(struct iaddr *result,
- 	    const struct iaddr *a1, const struct iaddr *a2);
- int addr_and(struct iaddr *result,
- 	     const struct iaddr *a1, const struct iaddr *a2);
--isc_boolean_t is_cidr_mask_valid(const struct iaddr *addr, int bits);
-+bool is_cidr_mask_valid(const struct iaddr *addr, int bits);
- isc_result_t range2cidr(struct iaddrcidrnetlist **result,
- 			const struct iaddr *lo, const struct iaddr *hi);
- isc_result_t free_iaddrcidrnetlist(struct iaddrcidrnetlist **result);
-@@ -3787,7 +3787,7 @@ isc_result_t ia_add_iasubopt(struct ia_x
- 			     const char *file, int line);
- void ia_remove_iasubopt(struct ia_xx *ia, struct iasubopt *iasubopt,
- 			const char *file, int line);
--isc_boolean_t ia_equal(const struct ia_xx *a, const struct ia_xx *b);
-+bool ia_equal(const struct ia_xx *a, const struct ia_xx *b);
- 
- isc_result_t ipv6_pool_allocate(struct ipv6_pool **pool, u_int16_t type,
- 				const struct in6_addr *start_addr,
-@@ -3820,9 +3820,9 @@ isc_result_t expire_lease6(struct iasubo
- 			   struct ipv6_pool *pool, time_t now);
- isc_result_t release_lease6(struct ipv6_pool *pool, struct iasubopt *lease);
- isc_result_t decline_lease6(struct ipv6_pool *pool, struct iasubopt *lease);
--isc_boolean_t lease6_exists(const struct ipv6_pool *pool,
-+bool lease6_exists(const struct ipv6_pool *pool,
- 			    const struct in6_addr *addr);
--isc_boolean_t lease6_usable(struct iasubopt *lease);
-+bool lease6_usable(struct iasubopt *lease);
- isc_result_t cleanup_lease6(ia_hash_t *ia_table,
- 			    struct ipv6_pool *pool,
- 			    struct iasubopt *lease,
-@@ -3834,13 +3834,13 @@ isc_result_t create_prefix6(struct ipv6_
- 			    unsigned int *attempts,
- 			    const struct data_string *uid,
- 			    time_t soft_lifetime_end_time);
--isc_boolean_t prefix6_exists(const struct ipv6_pool *pool,
-+bool prefix6_exists(const struct ipv6_pool *pool,
- 			     const struct in6_addr *pref, u_int8_t plen);
- 
- isc_result_t add_ipv6_pool(struct ipv6_pool *pool);
- isc_result_t find_ipv6_pool(struct ipv6_pool **pool, u_int16_t type,
- 			    const struct in6_addr *addr);
--isc_boolean_t ipv6_in_pool(const struct in6_addr *addr,
-+bool ipv6_in_pool(const struct in6_addr *addr,
- 			   const struct ipv6_pool *pool);
- isc_result_t ipv6_pond_allocate(struct ipv6_pond **pond,
- 				const char *file, int line);
-Index: dhcp-4.4.1/includes/heap.h
-===================================================================
---- dhcp-4.4.1.orig/includes/heap.h
-+++ dhcp-4.4.1/includes/heap.h
-@@ -26,7 +26,7 @@
-  * The comparision function returns ISC_TRUE if the first argument has
-  * higher priority than the second argument, and ISC_FALSE otherwise.
-  */
--typedef isc_boolean_t (*isc_heapcompare_t)(void *, void *);
-+typedef bool (*isc_heapcompare_t)(void *, void *);
- 
- /*%
-  * The index function allows the client of the heap to receive a callback
-Index: dhcp-4.4.1/includes/omapip/omapip.h
-===================================================================
---- dhcp-4.4.1.orig/includes/omapip/omapip.h
-+++ dhcp-4.4.1/includes/omapip/omapip.h
-@@ -264,7 +264,7 @@ isc_result_t omapi_protocol_connect (oma
- isc_result_t omapi_connect_list (omapi_object_t *, omapi_addr_list_t *,
- 				 omapi_addr_t *);
- isc_result_t omapi_protocol_listen (omapi_object_t *, unsigned, int);
--isc_boolean_t omapi_protocol_authenticated (omapi_object_t *);
-+bool omapi_protocol_authenticated (omapi_object_t *);
- isc_result_t omapi_protocol_configure_security (omapi_object_t *,
- 						isc_result_t (*)
- 						(omapi_object_t *,
-Index: dhcp-4.4.1/includes/omapip/omapip_p.h
-===================================================================
---- dhcp-4.4.1.orig/includes/omapip/omapip_p.h
-+++ dhcp-4.4.1/includes/omapip/omapip_p.h
-@@ -149,7 +149,7 @@ typedef struct __omapi_protocol_object {
- 	omapi_remote_auth_t *remote_auth_list;	/* Authenticators active on
- 						   this connection. */
- 
--	isc_boolean_t insecure;		/* Set to allow unauthenticated
-+	bool insecure;		/* Set to allow unauthenticated
- 					   messages. */
- 
- 	isc_result_t (*verify_auth) (omapi_object_t *, omapi_auth_key_t *);
-@@ -158,7 +158,7 @@ typedef struct __omapi_protocol_object {
- typedef struct {
- 	OMAPI_OBJECT_PREAMBLE;
- 
--	isc_boolean_t insecure;		/* Set to allow unauthenticated
-+	bool insecure;		/* Set to allow unauthenticated
- 					   messages. */
- 
- 	isc_result_t (*verify_auth) (omapi_object_t *, omapi_auth_key_t *);
-@@ -208,7 +208,7 @@ typedef struct __omapi_io_object {
- 	isc_result_t (*writer) (omapi_object_t *);
- 	isc_result_t (*reaper) (omapi_object_t *);
- 	isc_socket_t *fd;
--	isc_boolean_t closed; /* ISC_TRUE = closed, do not use */
-+	bool closed; /* ISC_TRUE = closed, do not use */
- } omapi_io_object_t;
- 
- typedef struct __omapi_generic_object {
-Index: dhcp-4.4.1/includes/tree.h
-===================================================================
---- dhcp-4.4.1.orig/includes/tree.h
-+++ dhcp-4.4.1/includes/tree.h
-@@ -304,7 +304,7 @@ struct universe {
- 					     struct option_state *,
- 					     unsigned);
- 	void (*save_func) (struct universe *, struct option_state *,
--			   struct option_cache *, isc_boolean_t);
-+			   struct option_cache *, bool );
- 	void (*foreach) (struct packet *,
- 			 struct lease *, struct client_state *,
- 			 struct option_state *, struct option_state *,
-Index: dhcp-4.4.1/common/conflex.c
-===================================================================
---- dhcp-4.4.1.orig/common/conflex.c
-+++ dhcp-4.4.1/common/conflex.c
-@@ -322,7 +322,7 @@ get_raw_token(struct parse *cfile) {
- 
- static enum dhcp_token 
- get_next_token(const char **rval, unsigned *rlen, 
--	       struct parse *cfile, isc_boolean_t raw) {
-+	       struct parse *cfile, bool raw) {
- 	int rv;
- 
- 	if (cfile -> token) {
-@@ -367,7 +367,7 @@ get_next_token(const char **rval, unsign
- 
- enum dhcp_token
- next_token(const char **rval, unsigned *rlen, struct parse *cfile) {
--	return get_next_token(rval, rlen, cfile, ISC_FALSE);
-+	return get_next_token(rval, rlen, cfile, false);
- }
- 
- 
-@@ -378,7 +378,7 @@ next_token(const char **rval, unsigned *
- 
- enum dhcp_token
- next_raw_token(const char **rval, unsigned *rlen, struct parse *cfile) {
--	return get_next_token(rval, rlen, cfile, ISC_TRUE);
-+	return get_next_token(rval, rlen, cfile, true);
- }
- 
- 
-@@ -393,7 +393,7 @@ next_raw_token(const char **rval, unsign
- 
- enum dhcp_token
- do_peek_token(const char **rval, unsigned int *rlen,
--	      struct parse *cfile, isc_boolean_t raw) {
-+	      struct parse *cfile, bool raw) {
- 	int x;
- 
- 	if (!cfile->token || (!raw && (cfile->token == WHITESPACE))) {
-@@ -441,7 +441,7 @@ do_peek_token(const char **rval, unsigne
- 
- enum dhcp_token
- peek_token(const char **rval, unsigned *rlen, struct parse *cfile) {
--	return do_peek_token(rval, rlen, cfile, ISC_FALSE);
-+	return do_peek_token(rval, rlen, cfile, false);
- }
- 
- 
-@@ -452,7 +452,7 @@ peek_token(const char **rval, unsigned *
- 
- enum dhcp_token
- peek_raw_token(const char **rval, unsigned *rlen, struct parse *cfile) {
--	return do_peek_token(rval, rlen, cfile, ISC_TRUE);
-+	return do_peek_token(rval, rlen, cfile, true);
- }
- 
- static void skip_to_eol (cfile)
-Index: dhcp-4.4.1/common/discover.c
-===================================================================
---- dhcp-4.4.1.orig/common/discover.c
-+++ dhcp-4.4.1/common/discover.c
-@@ -73,7 +73,7 @@ void (*bootp_packet_handler) (struct int
- void (*dhcpv6_packet_handler)(struct interface_info *,
- 			      const char *, int,
- 			      int, const struct iaddr *,
--			      isc_boolean_t);
-+			      bool);
- #endif /* DHCPv6 */
- 
- 
-@@ -236,7 +236,7 @@ struct iface_conf_list {
- struct iface_info {
- 	char name[IF_NAMESIZE+1];	/* name of the interface, e.g. "bge0" */
- 	struct sockaddr_storage addr;	/* address information */
--	isc_uint64_t flags;		/* interface flags, e.g. IFF_LOOPBACK */
-+	uint64_t flags;			/* interface flags, e.g. IFF_LOOPBACK */
- };
- 
- /* 
-@@ -312,14 +312,14 @@ int
- next_iface(struct iface_info *info, int *err, struct iface_conf_list *ifaces) {
- 	struct LIFREQ *p;
- 	struct LIFREQ tmp;
--	isc_boolean_t foundif;
-+	bool foundif;
- #if defined(sun) || defined(__linux)
- 	/* Pointer used to remove interface aliases. */
- 	char *s;
- #endif
- 
- 	do {
--		foundif = ISC_FALSE;
-+		foundif = false;
- 
- 		if (ifaces->next >= ifaces->num) {
- 			*err = 0;
-@@ -353,8 +353,8 @@ next_iface(struct iface_info *info, int
- 		}
- #endif /* defined(sun) || defined(__linux) */
- 
--		foundif = ISC_TRUE;
--	} while ((foundif == ISC_FALSE) ||
-+		foundif = true;
-+	} while ((foundif == false) ||
- 		 (strncmp(info->name, "dummy", 5) == 0));
- 	
- 	memset(&tmp, 0, sizeof(tmp));
-@@ -410,7 +410,7 @@ struct iface_conf_list {
- struct iface_info {
- 	char name[IFNAMSIZ];		/* name of the interface, e.g. "bge0" */
- 	struct sockaddr_storage addr;	/* address information */
--	isc_uint64_t flags;		/* interface flags, e.g. IFF_LOOPBACK */
-+	uint64_t flags;			/* interface flags, e.g. IFF_LOOPBACK */
- };
- 
- /* 
-@@ -1190,9 +1190,9 @@ got_one_v6(omapi_object_t *h) {
- 		 * If a packet is not multicast, we assume it is unicast.
- 		 */
- 		if (IN6_IS_ADDR_MULTICAST(&to)) { 
--			is_unicast = ISC_FALSE;
-+			is_unicast = false;
- 		} else {
--			is_unicast = ISC_TRUE;
-+			is_unicast = true;
- 		}
- 
- 		ifrom.len = 16;
-Index: dhcp-4.4.1/omapip/iscprint.c
-===================================================================
---- dhcp-4.4.1.orig/omapip/iscprint.c
-+++ dhcp-4.4.1/omapip/iscprint.c
-@@ -59,8 +59,8 @@ isc_print_vsnprintf(char *str, size_t si
- 	int plus;
- 	int space;
- 	int neg;
--	isc_int64_t tmpi;
--	isc_uint64_t tmpui;
-+	int64_t tmpi;
-+	uint64_t tmpui;
- 	unsigned long width;
- 	unsigned long precision;
- 	unsigned int length;
-@@ -234,7 +234,7 @@ isc_print_vsnprintf(char *str, size_t si
- 				goto printint;
- 			case 'o':
- 				if (q)
--					tmpui = va_arg(ap, isc_uint64_t);
-+					tmpui = va_arg(ap, uint64_t);
- 				else if (l)
- 					tmpui = va_arg(ap, long int);
- 				else
-@@ -244,7 +244,7 @@ isc_print_vsnprintf(char *str, size_t si
- 				goto printint;
- 			case 'u':
- 				if (q)
--					tmpui = va_arg(ap, isc_uint64_t);
-+					tmpui = va_arg(ap, uint64_t);
- 				else if (l)
- 					tmpui = va_arg(ap, unsigned long int);
- 				else
-@@ -253,7 +253,7 @@ isc_print_vsnprintf(char *str, size_t si
- 				goto printint;
- 			case 'x':
- 				if (q)
--					tmpui = va_arg(ap, isc_uint64_t);
-+					tmpui = va_arg(ap, uint64_t);
- 				else if (l)
- 					tmpui = va_arg(ap, unsigned long int);
- 				else
-@@ -267,7 +267,7 @@ isc_print_vsnprintf(char *str, size_t si
- 				goto printint;
- 			case 'X':
- 				if (q)
--					tmpui = va_arg(ap, isc_uint64_t);
-+					tmpui = va_arg(ap, uint64_t);
- 				else if (l)
- 					tmpui = va_arg(ap, unsigned long int);
- 				else
-Index: dhcp-4.4.1/server/confpars.c
-===================================================================
---- dhcp-4.4.1.orig/server/confpars.c
-+++ dhcp-4.4.1/server/confpars.c
-@@ -4005,15 +4005,15 @@ add_ipv6_pool_to_subnet(struct subnet *s
- 
- 	/* Only bother if we aren't already flagged as jumbo */
- 	if (pond->jumbo_range == 0) {
--		if ((units - bits) > (sizeof(isc_uint64_t) * 8)) {
-+		if ((units - bits) > (sizeof(uint64_t) * 8)) {
- 			pond->jumbo_range = 1;
- 			pond->num_total = POND_TRACK_MAX;
- 		}
- 		else {
--			isc_uint64_t space_left
-+			uint64_t space_left
- 				= POND_TRACK_MAX - pond->num_total;
--			isc_uint64_t addon
--				= (isc_uint64_t)(1) << (units - bits);
-+			uint64_t addon
-+				= (uint64_t)(1) << (units - bits);
- 
- 			if (addon > space_left) {
- 				pond->jumbo_range = 1;
-@@ -4739,7 +4739,7 @@ parse_ia_na_declaration(struct parse *cf
- 	struct iasubopt *iaaddr;
- 	struct ipv6_pool *pool;
- 	char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
--	isc_boolean_t newbinding;
-+	bool newbinding;
- 	struct binding_scope *scope = NULL;
- 	struct binding *bnd;
- 	struct binding_value *nv = NULL;
-@@ -4959,9 +4959,9 @@ parse_ia_na_declaration(struct parse *cf
- 					}
- 					strcpy(bnd->name, val);
- 
--					newbinding = ISC_TRUE;
-+					newbinding = true;
- 				} else {
--					newbinding = ISC_FALSE;
-+					newbinding = false;
- 				}
- 
- 				if (!binding_value_allocate(&nv, MDL)) {
-@@ -5186,7 +5186,7 @@ parse_ia_ta_declaration(struct parse *cf
- 	struct iasubopt *iaaddr;
- 	struct ipv6_pool *pool;
- 	char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
--	isc_boolean_t newbinding;
-+	bool newbinding;
- 	struct binding_scope *scope = NULL;
- 	struct binding *bnd;
- 	struct binding_value *nv = NULL;
-@@ -5406,9 +5406,9 @@ parse_ia_ta_declaration(struct parse *cf
- 					}
- 					strcpy(bnd->name, val);
- 
--					newbinding = ISC_TRUE;
-+					newbinding = true;
- 				} else {
--					newbinding = ISC_FALSE;
-+					newbinding = false;
- 				}
- 
- 				if (!binding_value_allocate(&nv, MDL)) {
-@@ -5623,7 +5623,7 @@ parse_ia_pd_declaration(struct parse *cf
- 	struct iasubopt *iapref;
- 	struct ipv6_pool *pool;
- 	char addr_buf[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
--	isc_boolean_t newbinding;
-+	bool newbinding;
- 	struct binding_scope *scope = NULL;
- 	struct binding *bnd;
- 	struct binding_value *nv = NULL;
-@@ -5843,9 +5843,9 @@ parse_ia_pd_declaration(struct parse *cf
- 					}
- 					strcpy(bnd->name, val);
- 
--					newbinding = ISC_TRUE;
-+					newbinding = true;
- 				} else {
--					newbinding = ISC_FALSE;
-+					newbinding = false;
- 				}
- 
- 				if (!binding_value_allocate(&nv, MDL)) {
-Index: dhcp-4.4.1/server/dhcpv6.c
-===================================================================
---- dhcp-4.4.1.orig/server/dhcpv6.c
-+++ dhcp-4.4.1/server/dhcpv6.c
-@@ -71,8 +71,8 @@ struct reply_state {
- 	unsigned ia_count;
- 	unsigned pd_count;
- 	unsigned client_resources;
--	isc_boolean_t resources_included;
--	isc_boolean_t static_lease;
-+	bool resources_included;
-+	bool static_lease;
- 	unsigned static_prefixes;
- 	struct ia_xx *ia;
- 	struct ia_xx *old_ia;
-@@ -123,7 +123,7 @@ static isc_result_t shared_network_from_
- 						struct packet *packet);
- static void seek_shared_host(struct host_decl **hp,
- 			     struct shared_network *shared);
--static isc_boolean_t fixed_matches_shared(struct host_decl *host,
-+static bool fixed_matches_shared(struct host_decl *host,
- 					  struct shared_network *shared);
- static isc_result_t reply_process_ia_na(struct reply_state *reply,
- 					struct option_cache *ia);
-@@ -131,9 +131,9 @@ static isc_result_t reply_process_ia_ta(
- 					struct option_cache *ia);
- static isc_result_t reply_process_addr(struct reply_state *reply,
- 				       struct option_cache *addr);
--static isc_boolean_t address_is_owned(struct reply_state *reply,
-+static bool address_is_owned(struct reply_state *reply,
- 				      struct iaddr *addr);
--static isc_boolean_t temporary_is_available(struct reply_state *reply,
-+static bool temporary_is_available(struct reply_state *reply,
- 					    struct iaddr *addr);
- static isc_result_t find_client_temporaries(struct reply_state *reply);
- static isc_result_t reply_process_try_addr(struct reply_state *reply,
-@@ -151,7 +151,7 @@ static isc_result_t reply_process_ia_pd(
- static struct group *find_group_by_prefix(struct reply_state *reply);
- static isc_result_t reply_process_prefix(struct reply_state *reply,
- 					 struct option_cache *pref);
--static isc_boolean_t prefix_is_owned(struct reply_state *reply,
-+static bool prefix_is_owned(struct reply_state *reply,
- 				     struct iaddrcidrnet *pref);
- static isc_result_t find_client_prefix(struct reply_state *reply);
- static isc_result_t reply_process_try_prefix(struct reply_state *reply,
-@@ -174,7 +174,7 @@ static void unicast_reject(struct data_s
- 		  const struct data_string *client_id,
- 		  const struct data_string *server_id);
- 
--static isc_boolean_t is_unicast_option_defined(struct packet *packet);
-+static bool is_unicast_option_defined(struct packet *packet);
- static isc_result_t shared_network_from_requested_addr (struct shared_network
- 							**shared,
- 							struct packet* packet);
-@@ -363,7 +363,7 @@ static struct data_string server_duid;
- /*
-  * Check if the server_duid has been set.
-  */
--isc_boolean_t
-+bool
- server_duid_isset(void) {
- 	return (server_duid.data != NULL);
- }
-@@ -992,7 +992,7 @@ void check_pool6_threshold(struct reply_
- 			   struct iasubopt *lease)
- {
- 	struct ipv6_pond *pond;
--	isc_uint64_t used, count, high_threshold;
-+	uint64_t used, count, high_threshold;
- 	int poolhigh = 0, poollow = 0;
- 	char *shared_name = "no name";
- 	char tmp_addr[INET6_ADDRSTRLEN];
-@@ -1310,9 +1310,9 @@ pick_v6_address(struct reply_state *repl
- 	unsigned int attempts;
- 	char tmp_buf[INET6_ADDRSTRLEN];
- 	struct iasubopt **addr = &reply->lease;
--        isc_uint64_t total = 0;
--        isc_uint64_t active = 0;
--        isc_uint64_t abandoned = 0;
-+        uint64_t total = 0;
-+        uint64_t active = 0;
-+        uint64_t abandoned = 0;
- 	int jumbo_range = 0;
- 	char *shared_name = (reply->shared->name ?
- 			     reply->shared->name : "(no name)");
-@@ -1825,7 +1825,7 @@ lease_to_client(struct data_string *repl
- 
- 		/* Start counting resources (addresses) offered. */
- 		reply.client_resources = 0;
--		reply.resources_included = ISC_FALSE;
-+		reply.resources_included = false;
- 
- 		status = reply_process_ia_na(&reply, oc);
- 
-@@ -1843,7 +1843,7 @@ lease_to_client(struct data_string *repl
- 
- 		/* Start counting resources (addresses) offered. */
- 		reply.client_resources = 0;
--		reply.resources_included = ISC_FALSE;
-+		reply.resources_included = false;
- 
- 		status = reply_process_ia_ta(&reply, oc);
- 
-@@ -1864,7 +1864,7 @@ lease_to_client(struct data_string *repl
- 
- 		/* Start counting resources (prefixes) offered. */
- 		reply.client_resources = 0;
--		reply.resources_included = ISC_FALSE;
-+		reply.resources_included = false;
- 
- 		status = reply_process_ia_pd(&reply, oc);
- 
-@@ -2077,9 +2077,9 @@ reply_process_ia_na(struct reply_state *
- 					tmp_addr, MDL) == 0)
- 			log_fatal("Impossible condition at %s:%d.", MDL);
- 
--		reply->static_lease = ISC_TRUE;
-+		reply->static_lease = true;
- 	} else
--		reply->static_lease = ISC_FALSE;
-+		reply->static_lease = false;
- 
- 	/*
- 	 * Save the cursor position at the start of the IA, so we can
-@@ -2778,7 +2778,7 @@ reply_process_addr(struct reply_state *r
-  * (fault out all else).  Otherwise it's a dynamic address, so lookup
-  * that address and make sure it belongs to this DUID:IAID pair.
-  */
--static isc_boolean_t
-+static bool
- address_is_owned(struct reply_state *reply, struct iaddr *addr) {
- 	int i;
- 	struct ipv6_pond *pond;
-@@ -2791,13 +2791,13 @@ address_is_owned(struct reply_state *rep
- 			log_fatal("Impossible condition at %s:%d.", MDL);
- 
- 		if (memcmp(addr->iabuf, reply->fixed.data, 16) == 0)
--			return (ISC_TRUE);
-+			return (true);
- 
--		return (ISC_FALSE);
-+		return (false);
- 	}
- 
- 	if ((reply->old_ia == NULL) || (reply->old_ia->num_iasubopt == 0))
--		return (ISC_FALSE);
-+		return (false);
- 
- 	for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
- 		struct iasubopt *tmp;
-@@ -2805,8 +2805,8 @@ address_is_owned(struct reply_state *rep
- 		tmp = reply->old_ia->iasubopt[i];
- 
- 		if (memcmp(addr->iabuf, &tmp->addr, 16) == 0) {
--			if (lease6_usable(tmp) == ISC_FALSE) {
--				return (ISC_FALSE);
-+			if (lease6_usable(tmp) == false) {
-+				return (false);
- 			}
- 
- 			pond = tmp->ipv6_pool->ipv6_pond;
-@@ -2814,15 +2814,15 @@ address_is_owned(struct reply_state *rep
- 			     (permitted(reply->packet, pond->prohibit_list))) ||
- 			    ((pond->permit_list != NULL) &&
- 			     (!permitted(reply->packet, pond->permit_list))))
--				return (ISC_FALSE);
-+				return (false);
- 
- 			iasubopt_reference(&reply->lease, tmp, MDL);
- 
--			return (ISC_TRUE);
-+			return (true);
- 		}
- 	}
- 
--	return (ISC_FALSE);
-+	return (false);
- }
- 
- /* Process a client-supplied IA_TA.  This may append options to the tail of
-@@ -2890,7 +2890,7 @@ reply_process_ia_ta(struct reply_state *
- 	/*
- 	 * Temporary leases are dynamic by definition.
- 	 */
--	reply->static_lease = ISC_FALSE;
-+	reply->static_lease = false;
- 
- 	/*
- 	 * Save the cursor position at the start of the IA, so we can
-@@ -2972,7 +2972,7 @@ reply_process_ia_ta(struct reply_state *
- 		}
- 		status = ISC_R_CANCELED;
- 		reply->client_resources = 0;
--		reply->resources_included = ISC_FALSE;
-+		reply->resources_included = false;
- 		if (reply->lease != NULL)
- 			iasubopt_dereference(&reply->lease, MDL);
- 	}
-@@ -3364,7 +3364,7 @@ void shorten_lifetimes(struct reply_stat
- /*
-  * Verify the temporary address is available.
-  */
--static isc_boolean_t
-+static bool
- temporary_is_available(struct reply_state *reply, struct iaddr *addr) {
- 	struct in6_addr tmp_addr;
- 	struct subnet *subnet;
-@@ -3379,7 +3379,7 @@ temporary_is_available(struct reply_stat
- 	 * So this is not a request for this address.
- 	 */
- 	if (IN6_IS_ADDR_UNSPECIFIED(&tmp_addr))
--		return ISC_FALSE;
-+		return false;
- 
- 	/*
- 	 * Verify that this address is on the client's network.
-@@ -3393,13 +3393,13 @@ temporary_is_available(struct reply_stat
- 
- 	/* Address not found on shared network. */
- 	if (subnet == NULL)
--		return ISC_FALSE;
-+		return false;
- 
- 	/*
- 	 * Check if this address is owned (must be before next step).
- 	 */
- 	if (address_is_owned(reply, addr))
--		return ISC_TRUE;
-+		return true;
- 
- 	/*
- 	 * Verify that this address is in a temporary pool and try to get it.
-@@ -3424,18 +3424,18 @@ temporary_is_available(struct reply_stat
- 	}
- 
- 	if (pool == NULL)
--		return ISC_FALSE;
-+		return false;
- 	if (lease6_exists(pool, &tmp_addr))
--		return ISC_FALSE;
-+		return false;
- 	if (iasubopt_allocate(&reply->lease, MDL) != ISC_R_SUCCESS)
--		return ISC_FALSE;
-+		return false;
- 	reply->lease->addr = tmp_addr;
- 	reply->lease->plen = 0;
- 	/* Default is soft binding for 2 minutes. */
- 	if (add_lease6(pool, reply->lease, cur_time + 120) != ISC_R_SUCCESS)
--		return ISC_FALSE;
-+		return false;
- 
--	return ISC_TRUE;
-+	return true;
- }
- 
- /*
-@@ -3652,7 +3652,7 @@ find_client_address(struct reply_state *
- 			 */
- 
- 			if ((candidate_shared != reply->shared) ||
--			    (lease6_usable(lease) != ISC_TRUE))
-+			    (lease6_usable(lease) != true))
- 				continue;
- 
- 			if (((pond->prohibit_list != NULL) &&
-@@ -3971,7 +3971,7 @@ reply_process_send_addr(struct reply_sta
- 		goto cleanup;
- 	}
- 
--	reply->resources_included = ISC_TRUE;
-+	reply->resources_included = true;
- 
-       cleanup:
- 	if (data.data != NULL)
-@@ -4722,7 +4722,7 @@ reply_process_prefix(struct reply_state
-  * (fault out all else).  Otherwise it's a dynamic prefix, so lookup
-  * that prefix and make sure it belongs to this DUID:IAID pair.
-  */
--static isc_boolean_t
-+static bool
- prefix_is_owned(struct reply_state *reply, struct iaddrcidrnet *pref) {
- 	struct iaddrcidrnetlist *l;
- 	int i;
-@@ -4736,14 +4736,14 @@ prefix_is_owned(struct reply_state *repl
- 			if ((pref->bits == l->cidrnet.bits) &&
- 			    (memcmp(pref->lo_addr.iabuf,
- 				    l->cidrnet.lo_addr.iabuf, 16) == 0))
--				return (ISC_TRUE);
-+				return (true);
- 		}
--		return (ISC_FALSE);
-+		return (false);
- 	}
- 
- 	if ((reply->old_ia == NULL) ||
- 	    (reply->old_ia->num_iasubopt == 0))
--		return (ISC_FALSE);
-+		return (false);
- 
- 	for (i = 0 ; i < reply->old_ia->num_iasubopt ; i++) {
- 		struct iasubopt *tmp;
-@@ -4752,8 +4752,8 @@ prefix_is_owned(struct reply_state *repl
- 
- 		if ((pref->bits == (int) tmp->plen) &&
- 		    (memcmp(pref->lo_addr.iabuf, &tmp->addr, 16) == 0)) {
--			if (lease6_usable(tmp) == ISC_FALSE) {
--				return (ISC_FALSE);
-+			if (lease6_usable(tmp) == false) {
-+				return (false);
- 			}
- 
- 			pond = tmp->ipv6_pool->ipv6_pond;
-@@ -4761,14 +4761,14 @@ prefix_is_owned(struct reply_state *repl
- 			     (permitted(reply->packet, pond->prohibit_list))) ||
- 			    ((pond->permit_list != NULL) &&
- 			     (!permitted(reply->packet, pond->permit_list))))
--				return (ISC_FALSE);
-+				return (false);
- 
- 			iasubopt_reference(&reply->lease, tmp, MDL);
--			return (ISC_TRUE);
-+			return (true);
- 		}
- 	}
- 
--	return (ISC_FALSE);
-+	return (false);
- }
- 
- /*
-@@ -4914,7 +4914,7 @@ find_client_prefix(struct reply_state *r
- 			 */
- 			if (((candidate_shared != NULL) &&
- 			     (candidate_shared != reply->shared)) ||
--			    (lease6_usable(prefix) != ISC_TRUE))
-+			    (lease6_usable(prefix) != true))
- 				continue;
- 
- 			/*
-@@ -5233,7 +5233,7 @@ reply_process_send_prefix(struct reply_s
- 		goto cleanup;
- 	}
- 
--	reply->resources_included = ISC_TRUE;
-+	reply->resources_included = true;
- 
-       cleanup:
- 	if (data.data != NULL)
-@@ -5383,8 +5383,8 @@ dhcpv6_request(struct data_string *reply
- 
- 	/* If the REQUEST arrived via unicast and unicast option isn't set,
-  	 * reject it per RFC 3315, Sec 18.2.1 */
--	if (packet->unicast == ISC_TRUE &&
--	    is_unicast_option_defined(packet) == ISC_FALSE) {
-+	if (packet->unicast == true &&
-+	    is_unicast_option_defined(packet) == false) {
- 		unicast_reject(reply_ret, packet, &client_id, &server_id);
- 	} else {
- 		/*
-@@ -5505,7 +5505,7 @@ dhcpv6_confirm(struct data_string *reply
- 	struct option_state *cli_enc_opt_state, *opt_state;
- 	struct iaddr cli_addr;
- 	int pass;
--	isc_boolean_t inappropriate, has_addrs;
-+	bool inappropriate, has_addrs;
- 	char reply_data[65536];
- 	struct dhcpv6_packet *reply = (struct dhcpv6_packet *)reply_data;
- 	int reply_ofs = (int)(offsetof(struct dhcpv6_packet, options));
-@@ -5556,7 +5556,7 @@ dhcpv6_confirm(struct data_string *reply
- 		goto exit;
- 
- 	/* Are the addresses in all the IA's appropriate for that link? */
--	has_addrs = inappropriate = ISC_FALSE;
-+	has_addrs = inappropriate = false;
- 	pass = D6O_IA_NA;
- 	while(!inappropriate) {
- 		/* If we've reached the end of the IA_NA pass, move to the
-@@ -5602,7 +5602,7 @@ dhcpv6_confirm(struct data_string *reply
- 			data_string_forget(&iaaddr, MDL);
- 
- 			/* Record that we've processed at least one address. */
--			has_addrs = ISC_TRUE;
-+			has_addrs = true;
- 
- 			/* Find out if any subnets cover this address. */
- 			for (subnet = shared->subnets ; subnet != NULL ;
-@@ -5621,7 +5621,7 @@ dhcpv6_confirm(struct data_string *reply
- 			 * continue searching.
- 			 */
- 			if (subnet == NULL) {
--				inappropriate = ISC_TRUE;
-+				inappropriate = true;
- 				break;
- 			}
- 		}
-@@ -5719,8 +5719,8 @@ dhcpv6_renew(struct data_string *reply,
- 
- 	/* If the RENEW arrived via unicast and unicast option isn't set,
- 	 * reject it per RFC 3315, Sec 18.2.3 */
--	if (packet->unicast == ISC_TRUE &&
--	    is_unicast_option_defined(packet) == ISC_FALSE) {
-+	if (packet->unicast == true &&
-+	    is_unicast_option_defined(packet) == false) {
- 		unicast_reject(reply, packet, &client_id, &server_id);
- 	} else {
- 		/*
-@@ -6142,8 +6142,8 @@ dhcpv6_decline(struct data_string *reply
- 
- 	/* If the DECLINE arrived via unicast and unicast option isn't set,
- 	 * reject it per RFC 3315, Sec 18.2.7 */
--	if (packet->unicast == ISC_TRUE &&
--	    is_unicast_option_defined(packet) == ISC_FALSE) {
-+	if (packet->unicast == true &&
-+	    is_unicast_option_defined(packet) == false) {
- 		unicast_reject(reply, packet, &client_id, &server_id);
- 	} else {
- 		/*
-@@ -6597,8 +6597,8 @@ dhcpv6_release(struct data_string *reply
- 
- 	/* If the RELEASE arrived via unicast and unicast option isn't set,
-  	 * reject it per RFC 3315, Sec 18.2.6 */
--	if (packet->unicast == ISC_TRUE &&
--	    is_unicast_option_defined(packet) == ISC_FALSE) {
-+	if (packet->unicast == true &&
-+	    is_unicast_option_defined(packet) == false) {
- 		unicast_reject(reply, packet, &client_id, &server_id);
- 	} else {
- 		/*
-@@ -6897,7 +6897,7 @@ dhcpv6_relay_forw(struct data_string *re
- 		}
- 		data_string_forget(&a_opt, MDL);
- 
--		packet->relay_source_port = ISC_TRUE;
-+		packet->relay_source_port = true;
- 	}
- #endif
- 
-@@ -7219,7 +7219,7 @@ dhcp4o6_relay_forw(struct data_string *r
- 		}
- 		data_string_forget(&a_opt, MDL);
- 
--		packet->relay_source_port = ISC_TRUE;
-+		packet->relay_source_port = true;
- 	}
- #endif
- 
-@@ -8036,35 +8036,35 @@ seek_shared_host(struct host_decl **hp,
- 		host_reference(hp, seek, MDL);
- }
- 
--static isc_boolean_t
-+static bool
- fixed_matches_shared(struct host_decl *host, struct shared_network *shared) {
- 	struct subnet *subnet;
- 	struct data_string addr;
--	isc_boolean_t matched;
-+	bool matched;
- 	struct iaddr fixed;
- 
- 	if (host->fixed_addr == NULL)
--		return ISC_FALSE;
-+		return false;
- 
- 	memset(&addr, 0, sizeof(addr));
- 	if (!evaluate_option_cache(&addr, NULL, NULL, NULL, NULL, NULL,
- 				   &global_scope, host->fixed_addr, MDL))
--		return ISC_FALSE;
-+		return false;
- 
- 	if (addr.len < 16) {
- 		data_string_forget(&addr, MDL);
--		return ISC_FALSE;
-+		return false;
- 	}
- 
- 	fixed.len = 16;
- 	memcpy(fixed.iabuf, addr.data, 16);
- 
--	matched = ISC_FALSE;
-+	matched = false;
- 	for (subnet = shared->subnets ; subnet != NULL ;
- 	     subnet = subnet->next_sibling) {
- 		if (addr_eq(subnet_number(fixed, subnet->netmask),
- 			    subnet->net)) {
--			matched = ISC_TRUE;
-+			matched = true;
- 			break;
- 		}
- 	}
-@@ -8167,15 +8167,15 @@ unicast_reject(struct data_string *reply
-  * statements from the network's group outward into a local option cache.
-  * The option cache is then scanned for the presence of unicast option.  If
-  * the packet cannot be mapped to a shared network, the function returns
-- * ISC_FALSE.
-+ * false.
-  * \param packet inbound packet from the client
-  *
-- * \return ISC_TRUE if the dhcp6.unicast option is defined, false otherwise.
-+ * \return true if the dhcp6.unicast option is defined, false otherwise.
-  *
-  */
--isc_boolean_t
-+bool
- is_unicast_option_defined(struct packet *packet) {
--        isc_boolean_t is_defined = ISC_FALSE;
-+        bool is_defined = false;
- 	struct option_state *opt_state = NULL;
- 	struct option_cache *oc = NULL;
- 	struct shared_network *shared = NULL;
-@@ -8195,7 +8195,7 @@ is_unicast_option_defined(struct packet
- 		 * logic will catch it */
- 		log_error("is_unicast_option_defined:"
- 			  "cannot attribute packet to a network.");
--		return (ISC_FALSE);
-+		return (false);
- 	}
- 
- 	/* Now that we've mapped it to a network, execute statments to that
-@@ -8205,7 +8205,7 @@ is_unicast_option_defined(struct packet
- 				    &global_scope, shared->group, NULL, NULL);
- 
- 	oc = lookup_option(&dhcpv6_universe, opt_state, D6O_UNICAST);
--	is_defined = (oc != NULL ? ISC_TRUE : ISC_FALSE);
-+	is_defined = (oc != NULL ? true : false);
- 	log_debug("is_unicast_option_defined: option found : %d", is_defined);
- 
- 	if (shared != NULL) {
-Index: dhcp-4.4.1/client/clparse.c
-===================================================================
---- dhcp-4.4.1.orig/client/clparse.c
-+++ dhcp-4.4.1/client/clparse.c
-@@ -1527,7 +1527,7 @@ parse_client6_lease_statement(struct par
- 
- 		      case TOKEN_RELEASED:
- 		      case TOKEN_ABANDONED:
--			lease->released = ISC_TRUE;
-+			lease->released = true;
- 			break;
- 
- 		      default:
-Index: dhcp-4.4.1/client/dhc6.c
-===================================================================
---- dhcp-4.4.1.orig/client/dhc6.c
-+++ dhcp-4.4.1/client/dhc6.c
-@@ -109,7 +109,7 @@ static isc_result_t dhc6_add_ia_pd(struc
- 				   u_int8_t message,
- 				   int wanted,
- 				   int *added);
--static isc_boolean_t stopping_finished(void);
-+static bool stopping_finished(void);
- static void dhc6_merge_lease(struct dhc6_lease *src, struct dhc6_lease *dst);
- void do_select6(void *input);
- void do_refresh6(void *input);
-@@ -131,7 +131,7 @@ static void script_write_params6(struct
- 				 const char *prefix,
- 				 struct option_state *options);
- static void script_write_requested6(struct client_state *client);
--static isc_boolean_t active_prefix(struct client_state *client);
-+static bool active_prefix(struct client_state *client);
- 
- static int check_timing6(struct client_state *client, u_int8_t msg_type,
- 			 char *msg_str, struct dhc6_lease *lease,
-@@ -149,7 +149,7 @@ static isc_result_t dhc6_add_ia_na_decli
- 					   struct data_string *packet,
- 					   struct dhc6_lease *lease);
- static int drop_declined_addrs(struct dhc6_lease *lease);
--static isc_boolean_t unexpired_address_in_lease(struct dhc6_lease *lease);
-+static bool unexpired_address_in_lease(struct dhc6_lease *lease);
- 
- extern int onetry;
- extern int stateless;
-@@ -418,14 +418,14 @@ valid_reply(struct packet *packet, struc
- {
- 	struct data_string sid, cid;
- 	struct option_cache *oc;
--	int rval = ISC_TRUE;
-+	int rval = true;
- 
- 	memset(&sid, 0, sizeof(sid));
- 	memset(&cid, 0, sizeof(cid));
- 
- 	if (!lookup_option(&dhcpv6_universe, packet->options, D6O_SERVERID)) {
- 		log_error("Response without a server identifier received.");
--		rval = ISC_FALSE;
-+		rval = false;
- 	}
- 
- 	oc = lookup_option(&dhcpv6_universe, packet->options, D6O_CLIENTID);
-@@ -434,7 +434,7 @@ valid_reply(struct packet *packet, struc
- 				   client->sent_options, &global_scope, oc,
- 				   MDL)) {
- 		log_error("Response without a client identifier.");
--		rval = ISC_FALSE;
-+		rval = false;
- 	}
- 
- 	oc = lookup_option(&dhcpv6_universe, client->sent_options,
-@@ -444,7 +444,7 @@ valid_reply(struct packet *packet, struc
- 				   client->sent_options, NULL, &global_scope,
- 				   oc, MDL)) {
- 		log_error("Local client identifier is missing!");
--		rval = ISC_FALSE;
-+		rval = false;
- 	}
- 
- 	if (sid.len == 0 ||
-@@ -452,7 +452,7 @@ valid_reply(struct packet *packet, struc
- 	    memcmp(sid.data, cid.data, sid.len)) {
- 		log_error("Advertise with matching transaction ID, but "
- 			  "mismatching client id.");
--		rval = ISC_FALSE;
-+		rval = false;
- 	}
- 
- 	/* clean up pointers to the strings */
-@@ -2375,7 +2375,7 @@ start_release6(struct client_state *clie
- 	/* Note this in the lease file. */
- 	if (client->active_lease == NULL)
- 		return;
--	client->active_lease->released = ISC_TRUE;
-+	client->active_lease->released = true;
- 	write_client6_lease(client, client->active_lease, 0, 1);
- 
- 	/* Set timers per RFC3315 section 18.1.6. */
-@@ -2612,7 +2612,7 @@ dhc6_check_advertise(struct dhc6_lease *
- {
- 	struct dhc6_ia *ia;
- 	isc_result_t rval = ISC_R_SUCCESS;
--	int have_addrs = ISC_FALSE;
-+	int have_addrs = false;
- 	unsigned code;
- 	const char *scope;
- 	int got_na = 0, got_ta = 0, got_pd = 0;
-@@ -2650,14 +2650,14 @@ dhc6_check_advertise(struct dhc6_lease *
- 		 * Should we check the addr itself for usability?
- 		 */
- 		if (ia->addrs != NULL) {
--			have_addrs = ISC_TRUE;
-+			have_addrs = true;
- 		}
- 	}
- 
- 	/* If we didn't get some addrs or the user required us to
- 	 * get all of the requested IAs and we didn't return an error
- 	 */
--	if ((have_addrs != ISC_TRUE) ||
-+	if ((have_addrs != true) ||
- 	    ((require_all_ias != 0) &&
- 	     ((got_na < wanted_ia_na) ||
- 	      (got_ta < wanted_ia_ta) ||
-@@ -2670,7 +2670,7 @@ dhc6_check_advertise(struct dhc6_lease *
- /* status code <-> action matrix for the client in INIT state
-  * (rapid/commit).  Returns always false as no action is defined.
-  */
--static isc_boolean_t
-+static bool
- dhc6_init_action(struct client_state *client, isc_result_t *rvalp,
- 		 unsigned code)
- {
-@@ -2679,21 +2679,21 @@ dhc6_init_action(struct client_state *cl
- 
- 	if (client == NULL) {
- 		*rvalp = DHCP_R_INVALIDARG;
--		return ISC_FALSE;
-+		return false;
- 	}
- 
- 	if (*rvalp == ISC_R_SUCCESS)
--		return ISC_FALSE;
-+		return false;
- 
- 	/* No possible action in any case... */
--	return ISC_FALSE;
-+	return false;
- }
- 
- /* status code <-> action matrix for the client in SELECT state
-  * (request/reply).  Returns true if action was taken (and the
-  * packet should be ignored), or false if no action was taken.
-  */
--static isc_boolean_t
-+static bool
- dhc6_select_action(struct client_state *client, isc_result_t *rvalp,
- 		   unsigned code)
- {
-@@ -2705,12 +2705,12 @@ dhc6_select_action(struct client_state *
- 
- 	if (client == NULL) {
- 		*rvalp = DHCP_R_INVALIDARG;
--		return ISC_FALSE;
-+		return false;
- 	}
- 	rval = *rvalp;
- 
- 	if (rval == ISC_R_SUCCESS)
--		return ISC_FALSE;
-+		return false;
- 
- 	switch (code) {
- 		/* We may have an earlier failure status code (so no
-@@ -2723,7 +2723,7 @@ dhc6_select_action(struct client_state *
- 	      case STATUS_NoBinding:
- 	      case STATUS_UseMulticast:
- 		/* Take no action. */
--		return ISC_FALSE;
-+		return false;
- 
- 		/* If the server can't deal with us, either try the
- 		 * next advertised server, or continue retrying if there
-@@ -2739,7 +2739,7 @@ dhc6_select_action(struct client_state *
- 
- 			break;
- 		} else /* Take no action - continue to retry. */
--			return ISC_FALSE;
-+			return false;
- 
- 		/* If the server has no addresses, try other servers if
- 		 * we got some, otherwise go to INIT to hope for more
-@@ -2748,7 +2748,7 @@ dhc6_select_action(struct client_state *
- 	      case STATUS_NoAddrsAvail:
- 	      case STATUS_NoPrefixAvail:
- 		if (client->state == S_REBOOTING)
--			return ISC_FALSE;
-+			return false;
- 
- 		if (client->selected_lease == NULL)
- 			log_fatal("Impossible case at %s:%d.", MDL);
-@@ -2794,7 +2794,7 @@ dhc6_select_action(struct client_state *
- 		break;
- 	}
- 
--	return ISC_TRUE;
-+	return true;
- }
- 
- static void
-@@ -2821,7 +2821,7 @@ dhc6_withdraw_lease(struct client_state
-  * (request/reply).  Returns true if action was taken (and the
-  * packet should be ignored), or false if no action was taken.
-  */
--static isc_boolean_t
-+static bool
- dhc6_reply_action(struct client_state *client, isc_result_t *rvalp,
- 		  unsigned code)
- {
-@@ -2832,12 +2832,12 @@ dhc6_reply_action(struct client_state *c
- 
- 	if (client == NULL) {
- 		*rvalp = DHCP_R_INVALIDARG;
--		return ISC_FALSE;
-+		return false;
- 	}
- 	rval = *rvalp;
- 
- 	if (rval == ISC_R_SUCCESS)
--		return ISC_FALSE;
-+		return false;
- 
- 	switch (code) {
- 		/* It's possible an earlier status code set rval to a failure
-@@ -2852,7 +2852,7 @@ dhc6_reply_action(struct client_state *c
- 	      case STATUS_UnspecFail:
- 		/* For unknown codes...it's a soft (retryable) error. */
- 	      default:
--		return ISC_FALSE;
-+		return false;
- 
- 		/* The server is telling us to use a multicast address, so
- 		 * we have to delete the unicast option from the active
-@@ -2865,7 +2865,7 @@ dhc6_reply_action(struct client_state *c
- 			delete_option(&dhcp_universe,
- 				      client->active_lease->options,
- 				      D6O_UNICAST);
--		return ISC_FALSE;
-+		return false;
- 
- 		/* "When the client receives a NotOnLink status from the
- 		 *  server in response to a Request, the client can either
-@@ -2914,7 +2914,7 @@ dhc6_reply_action(struct client_state *c
- 		break;
- 	}
- 
--	return ISC_TRUE;
-+	return true;
- }
- 
- /* status code <-> action matrix for the client in STOPPED state
-@@ -2922,7 +2922,7 @@ dhc6_reply_action(struct client_state *c
-  * packet should be ignored), or false if no action was taken.
-  * NoBinding is translated into Success.
-  */
--static isc_boolean_t
-+static bool
- dhc6_stop_action(struct client_state *client, isc_result_t *rvalp,
- 		  unsigned code)
- {
-@@ -2933,12 +2933,12 @@ dhc6_stop_action(struct client_state *cl
- 
- 	if (client == NULL) {
- 		*rvalp = DHCP_R_INVALIDARG;
--		return ISC_FALSE;
-+		return false;
- 	}
- 	rval = *rvalp;
- 
- 	if (rval == ISC_R_SUCCESS)
--		return ISC_FALSE;
-+		return false;
- 
- 	switch (code) {
- 		/* It's possible an earlier status code set rval to a failure
-@@ -2948,13 +2948,13 @@ dhc6_stop_action(struct client_state *cl
- 		/* For unknown codes...it's a soft (retryable) error. */
- 	      case STATUS_UnspecFail:
- 	      default:
--		return ISC_FALSE;
-+		return false;
- 
- 		/* NoBinding is not an error */
- 	      case STATUS_NoBinding:
- 		if (rval == ISC_R_FAILURE)
- 			*rvalp = ISC_R_SUCCESS;
--		return ISC_FALSE;
-+		return false;
- 
- 		/* Should not happen */
- 	      case STATUS_NoAddrsAvail:
-@@ -2976,13 +2976,13 @@ dhc6_stop_action(struct client_state *cl
- 			delete_option(&dhcp_universe,
- 				      client->active_lease->options,
- 				      D6O_UNICAST);
--		return ISC_FALSE;
-+		return false;
- 	}
- 
--	return ISC_TRUE;
-+	return true;
- }
- 
--static isc_boolean_t
-+static bool
- dhc6_decline_action(struct client_state *client, isc_result_t *rvalp,
- 		  unsigned code)
- {
-@@ -2993,12 +2993,12 @@ dhc6_decline_action(struct client_state
- 
- 	if (client == NULL) {
- 		*rvalp = DHCP_R_INVALIDARG;
--		return ISC_FALSE;
-+		return false;
- 	}
- 	rval = *rvalp;
- 
- 	if (rval == ISC_R_SUCCESS) {
--		return ISC_FALSE;
-+		return false;
- 	}
- 
- 	switch (code) {
-@@ -3013,13 +3013,13 @@ dhc6_decline_action(struct client_state
- 			delete_option(&dhcp_universe,
- 				      client->active_lease->options,
- 				      D6O_UNICAST);
--		return ISC_FALSE;
-+		return false;
- 	default:
- 		/* Anything else is basically meaningless */
- 		break;
- 	}
- 
--	return ISC_TRUE;
-+	return true;
- }
- 
- 
-@@ -3029,14 +3029,14 @@ dhc6_decline_action(struct client_state
- static isc_result_t
- dhc6_check_reply(struct client_state *client, struct dhc6_lease *new)
- {
--	isc_boolean_t (*action)(struct client_state *,
-+	bool (*action)(struct client_state *,
- 				isc_result_t *, unsigned);
- 	struct dhc6_ia *ia;
- 	isc_result_t rval = ISC_R_SUCCESS;
- 	unsigned code;
- 	const char *scope;
- 	int nscore, sscore;
--	int have_addrs = ISC_FALSE;
-+	int have_addrs = false;
- 	int got_na = 0, got_ta = 0, got_pd = 0;
- 
- 	if ((client == NULL) || (new == NULL))
-@@ -3102,7 +3102,7 @@ dhc6_check_reply(struct client_state *cl
- 			return ISC_R_CANCELED;
- 
- 		if (ia->addrs != NULL) {
--			have_addrs = ISC_TRUE;
-+			have_addrs = true;
- 		}
- 	}
- 
-@@ -3119,13 +3119,13 @@ dhc6_check_reply(struct client_state *cl
- 	 * check in and commented it as I eventually do want
- 	 * us to check for TAs as well.  SAR
- 	 */
--	if ((have_addrs != ISC_TRUE) ||
-+	if ((have_addrs != true) ||
- 	    ((require_all_ias != 0) &&
- 	     ((got_na < wanted_ia_na) ||
- 	      /*(got_ta < wanted_ia_ta) ||*/
- 	      (got_pd < wanted_ia_pd)))) {
- 		rval = ISC_R_FAILURE;
--		if (action(client, &rval, STATUS_NoAddrsAvail) == ISC_TRUE) {
-+		if (action(client, &rval, STATUS_NoAddrsAvail) == true) {
- 			return ISC_R_CANCELED;
- 		}
- 	}
-@@ -4256,7 +4256,7 @@ dhc6_add_ia_pd(struct client_state *clie
- 
- /* stopping_finished() checks if there is a remaining work to do.
-  */
--static isc_boolean_t
-+static bool
- stopping_finished(void)
- {
- 	struct interface_info *ip;
-@@ -4265,12 +4265,12 @@ stopping_finished(void)
- 	for (ip = interfaces; ip; ip = ip -> next) {
- 		for (client = ip -> client; client; client = client -> next) {
- 			if (client->state != S_STOPPED)
--				return ISC_FALSE;
-+				return false;
- 			if (client->active_lease != NULL)
--				return ISC_FALSE;
-+				return false;
- 		}
- 	}
--	return ISC_TRUE;
-+	return true;
- }
- 
- /* reply_handler() accepts a Reply while we're attempting Select or Renew or
-@@ -4474,8 +4474,8 @@ dhc6_check_times(struct client_state *cl
- 	struct dhc6_addr *addr;
- 	TIME renew=MAX_TIME, rebind=MAX_TIME, depref=MAX_TIME,
- 	     lo_expire=MAX_TIME, hi_expire=0, max_ia_starts = 0, tmp;
--	int has_addrs = ISC_FALSE;
--	int has_preferred_addrs = ISC_FALSE;
-+	int has_addrs = false;
-+	int has_preferred_addrs = false;
- 	struct timeval tv;
- 
- 	lease = client->active_lease;
-@@ -4506,7 +4506,7 @@ dhc6_check_times(struct client_state *cl
- 					depref = tmp;
- 
- 				if (!(addr->flags & DHC6_ADDR_EXPIRED)) {
--					has_preferred_addrs = ISC_TRUE;
-+					has_preferred_addrs = true;
- 				}
- 			}
- 
-@@ -4525,7 +4525,7 @@ dhc6_check_times(struct client_state *cl
- 				if (tmp < this_ia_lo_expire)
- 					this_ia_lo_expire = tmp;
- 
--				has_addrs = ISC_TRUE;
-+				has_addrs = true;
- 			}
- 		}
- 
-@@ -4603,7 +4603,7 @@ dhc6_check_times(struct client_state *cl
- 	 * In the future, we may decide that we're done here, or to
- 	 * schedule a future request (using 4-pkt info-request model).
- 	 */
--	if (has_addrs == ISC_FALSE) {
-+	if (has_addrs == false) {
- 		dhc6_lease_destroy(&client->active_lease, MDL);
- 		client->active_lease = NULL;
- 
-@@ -4855,7 +4855,7 @@ start_bound(struct client_state *client)
- 			  "is selected.");
- 		return;
- 	}
--	lease->released = ISC_FALSE;
-+	lease->released = false;
- 	old = client->old_lease;
- 
- 	client->v6_handler = bound_handler;
-@@ -5448,8 +5448,8 @@ do_expire(void *input)
- 	struct dhc6_lease *lease;
- 	struct dhc6_ia *ia, **tia;
- 	struct dhc6_addr *addr;
--	int has_addrs = ISC_FALSE;
--	int ia_has_addrs = ISC_FALSE;
-+	int has_addrs = false;
-+	int ia_has_addrs = false;
- 
- 	client = (struct client_state *)input;
- 
-@@ -5458,7 +5458,7 @@ do_expire(void *input)
- 		return;
- 
- 	for (ia = lease->bindings, tia = &lease->bindings; ia != NULL ; ) {
--		ia_has_addrs = ISC_FALSE;
-+		ia_has_addrs = false;
- 		for (addr = ia->addrs ; addr != NULL ; addr = addr->next) {
- 			if (addr->flags & DHC6_ADDR_EXPIRED)
- 				continue;
-@@ -5495,14 +5495,14 @@ do_expire(void *input)
- 				continue;
- 			}
- 
--			ia_has_addrs = ISC_TRUE;
--			has_addrs = ISC_TRUE;
-+			ia_has_addrs = true;
-+			has_addrs = true;
- 		}
- 
- 		/* Update to the next ia and git rid of this ia
- 		 * if it doesn't have any leases.
- 		 */
--		if (ia_has_addrs == ISC_TRUE) {
-+		if (ia_has_addrs == true) {
- 			/* leases, just advance the list pointer */
- 			tia = &(*tia)->next;
- 		} else {
-@@ -5517,7 +5517,7 @@ do_expire(void *input)
- 	}
- 
- 	/* Clean up empty leases. */
--	if (has_addrs == ISC_FALSE) {
-+	if (has_addrs == false) {
- 		log_info("PRC: Bound lease is devoid of active addresses."
- 			 "  Re-initializing.");
- 
-@@ -5596,14 +5596,14 @@ dhc6_check_irt(struct client_state *clie
- 	TIME expire = MAX_TIME;
- 	struct timeval tv;
- 	int i;
--	isc_boolean_t found = ISC_FALSE;
-+	bool found = false;
- 
- 	cancel_timeout(refresh_info_request6, client);
- 
- 	req = client->config->requested_options;
- 	for (i = 0; req[i] != NULL; i++) {
- 		if (req[i] == irt_option) {
--			found = ISC_TRUE;
-+			found = true;
- 			break;
- 		}
- 	}
-@@ -5924,7 +5924,7 @@ static void script_write_requested6(clie
- /*
-  * Check if there is something not fully defined in the active lease.
-  */
--static isc_boolean_t
-+static bool
- active_prefix(struct client_state *client)
- {
- 	struct dhc6_lease *lease;
-@@ -5934,21 +5934,21 @@ active_prefix(struct client_state *clien
- 
- 	lease = client->active_lease;
- 	if (lease == NULL)
--		return ISC_FALSE;
-+		return false;
- 	memset(zeros, 0, 16);
- 	for (ia = lease->bindings; ia != NULL; ia = ia->next) {
- 		if (ia->ia_type != D6O_IA_PD)
- 			continue;
- 		for (pref = ia->addrs; pref != NULL; pref = pref->next) {
- 			if (pref->plen == 0)
--				return ISC_FALSE;
-+				return false;
- 			if (pref->address.len != 16)
--				return ISC_FALSE;
-+				return false;
- 			if (memcmp(pref->address.iabuf, zeros, 16) == 0)
--				return ISC_FALSE;
-+				return false;
- 		}
- 	}
--	return ISC_TRUE;
-+	return true;
- }
- 
- /* Adds a leases's declined addreses to the outbound packet
-@@ -6111,26 +6111,26 @@ int drop_declined_addrs(struct dhc6_leas
- /* Run through the addresses in lease and return true if there's any unexpired.
-  * Return false otherwise.
-  */
--static isc_boolean_t
-+static bool
- unexpired_address_in_lease(struct dhc6_lease *lease)
- {
- 	struct dhc6_ia *ia;
- 	struct dhc6_addr *addr;
- 
- 	if (lease == NULL) {
--		return ISC_FALSE;
-+		return false;
- 	}
- 
- 	for (ia = lease->bindings ; ia != NULL ; ia = ia->next) {
- 		for (addr = ia->addrs ; addr != NULL ; addr = addr->next) {
- 			if (!(addr->flags & DHC6_ADDR_EXPIRED) &&
- 			    (addr->starts + addr->max_life > cur_time)) {
--				return ISC_TRUE;
-+				return true;
- 			}
- 		}
- 	}
- 
- 	log_debug("PRC: Previous lease is devoid of active addresses.");
--	return ISC_FALSE;
-+	return false;
- }
- #endif /* DHCPv6 */
-Index: dhcp-4.4.1/client/dhclient.c
-===================================================================
---- dhcp-4.4.1.orig/client/dhclient.c
-+++ dhcp-4.4.1/client/dhclient.c
-@@ -52,7 +52,7 @@ char *path_dhclient_script = path_dhclie
- const char *path_dhclient_duid = NULL;
- 
- /* False (default) => we write and use a pid file */
--isc_boolean_t no_pid_file = ISC_FALSE;
-+bool no_pid_file = false;
- 
- int dhcp_max_agent_option_packet_length = 0;
- 
-@@ -397,7 +397,7 @@ main(int argc, char **argv) {
- 			path_dhclient_pid = argv[i];
- 			no_dhclient_pid = 1;
- 		} else if (!strcmp(argv[i], "--no-pid")) {
--			no_pid_file = ISC_TRUE;
-+			no_pid_file = true;
- 		} else if (!strcmp(argv[i], "-cf")) {
- 			if (++i == argc)
- 				usage(use_noarg, argv[i-1]);
-@@ -652,7 +652,7 @@ main(int argc, char **argv) {
- 	 * to write a pid file - we assume they are controlling
- 	 * the process in some other fashion.
- 	 */
--	if ((release_mode || exit_mode) && (no_pid_file == ISC_FALSE)) {
-+	if ((release_mode || exit_mode) && (no_pid_file == false)) {
- 		FILE *pidfd;
- 		pid_t oldpid;
- 		long temp;
-@@ -4469,7 +4469,7 @@ void write_client_pid_file ()
- 	int pfdesc;
- 
- 	/* nothing to do if the user doesn't want a pid file */
--	if (no_pid_file == ISC_TRUE) {
-+	if (no_pid_file == true) {
- 		return;
- 	}
- 
-@@ -4727,7 +4727,7 @@ unsigned cons_agent_information_options
- static void shutdown_exit (void *foo)
- {
- 	/* get rid of the pid if we can */
--	if (no_pid_file == ISC_FALSE)
-+	if (no_pid_file == false)
- 		(void) unlink(path_dhclient_pid);
- 	finish(0);
- }
-Index: dhcp-4.4.1/common/inet.c
-===================================================================
---- dhcp-4.4.1.orig/common/inet.c
-+++ dhcp-4.4.1/common/inet.c
-@@ -299,7 +299,7 @@ addr_and(struct iaddr *result, const str
-  *
-  * Because the final ".1" would get masked out by the /8.
-  */
--isc_boolean_t
-+bool
- is_cidr_mask_valid(const struct iaddr *addr, int bits) {
- 	int zero_bits;
- 	int zero_bytes;
-@@ -311,10 +311,10 @@ is_cidr_mask_valid(const struct iaddr *a
- 	 * Check our bit boundaries.
- 	 */
- 	if (bits < 0) {
--		return ISC_FALSE;
-+		return false;
- 	}
- 	if (bits > (addr->len * 8)) {
--		return ISC_FALSE;
-+		return false;
- 	}
- 
- 	/*
-@@ -328,7 +328,7 @@ is_cidr_mask_valid(const struct iaddr *a
- 	 */
- 	for (i=1; i<=zero_bytes; i++) {
- 		if (addr->iabuf[addr->len-i] != 0) {
--			return ISC_FALSE;
-+			return false;
- 		}
- 	}
- 
-@@ -340,7 +340,7 @@ is_cidr_mask_valid(const struct iaddr *a
- 	 * happy.
- 	 */
- 	shift_bits = zero_bits % 8;
--	if (shift_bits == 0) return ISC_TRUE;
-+	if (shift_bits == 0) return true;
- 	byte = addr->iabuf[addr->len-zero_bytes-1];
- 	return (((byte >> shift_bits) << shift_bits) == byte);
- }
-Index: dhcp-4.4.1/common/options.c
-===================================================================
---- dhcp-4.4.1.orig/common/options.c
-+++ dhcp-4.4.1/common/options.c
-@@ -676,7 +676,7 @@ cons_options(struct packet *inpacket, st
- 		 * the priority_list. This way we'll send it whether or not it
- 		 * is in the PRL. */
- 		if ((inpacket != NULL) && (priority_len < PRIORITY_COUNT) &&
--		    (inpacket->sv_echo_client_id == ISC_TRUE)) {
-+		    (inpacket->sv_echo_client_id == true)) {
- 			priority_list[priority_len++] =
- 				DHO_DHCP_CLIENT_IDENTIFIER;
- 		}
-@@ -1802,7 +1802,7 @@ const char *pretty_print_option (option,
- 	const unsigned char *dp = data;
- 	char comma;
- 	unsigned long tval;
--	isc_boolean_t a_array = ISC_FALSE;
-+	bool a_array = false;
- 	int len_used;
- 
- 	if (emit_commas)
-@@ -1828,7 +1828,7 @@ const char *pretty_print_option (option,
- 		fmtbuf [l] = option -> format [i];
- 		switch (option -> format [i]) {
- 		      case 'a':
--			a_array = ISC_TRUE;
-+			a_array = true;
- 			/* Fall through */
- 		      case 'A':
- 			--numelem;
-@@ -1858,7 +1858,7 @@ const char *pretty_print_option (option,
- 				hunksize++;
- 				comma = ':';
- 				numhunk = 0;
--				a_array = ISC_TRUE;
-+				a_array = true;
- 				hunkinc = 1;
- 			}
- 			fmtbuf [l + 1] = 0;
-@@ -1954,7 +1954,7 @@ const char *pretty_print_option (option,
- 
- 	/* If this is an array, compute its size. */
- 	if (numhunk == 0) {
--		if (a_array == ISC_TRUE) {
-+		if (a_array == true) {
- 			/*
- 			 * It is an 'a' type array - we repeat the
- 			 * last format type.  A binary string for 'X'
-@@ -2006,7 +2006,7 @@ const char *pretty_print_option (option,
- 
- 	/* Cycle through the array (or hunk) printing the data. */
- 	for (i = 0; i < numhunk; i++) {
--		if ((a_array == ISC_TRUE) && (i != 0) && (numelem > 0)) {
-+		if ((a_array == true) && (i != 0) && (numelem > 0)) {
- 			/*
- 			 * For 'a' type of arrays we repeat
- 			 * only the last format character
-@@ -2734,7 +2734,7 @@ save_option(struct universe *universe, s
- 	    struct option_cache *oc)
- {
- 	if (universe->save_func)
--		(*universe->save_func)(universe, options, oc, ISC_FALSE);
-+		(*universe->save_func)(universe, options, oc, true);
- 	else
- 		log_error("can't store options in %s space.", universe->name);
- }
-@@ -2745,14 +2745,14 @@ also_save_option(struct universe *univer
- 		 struct option_cache *oc)
- {
- 	if (universe->save_func)
--		(*universe->save_func)(universe, options, oc, ISC_TRUE);
-+		(*universe->save_func)(universe, options, oc, true);
- 	else
- 		log_error("can't store options in %s space.", universe->name);
- }
- 
- void
- save_hashed_option(struct universe *universe, struct option_state *options,
--		   struct option_cache *oc, isc_boolean_t appendp)
-+		   struct option_cache *oc, bool appendp)
- {
- 	int hashix;
- 	pair bptr;
-@@ -3062,7 +3062,7 @@ store_option(struct data_string *result,
- 						  cfg_options, scope, subu);
- 				subu = NULL;
- 			}
--		} while (ISC_FALSE);
-+		} while (false);
- 
- 		status = append_option(result, universe, oc->option, &tmp);
- 		data_string_forget(&tmp, MDL);
-@@ -3459,7 +3459,7 @@ lookup_fqdn6_option(struct universe *uni
-  */
- void
- save_fqdn6_option(struct universe *universe, struct option_state *options,
--		  struct option_cache *oc, isc_boolean_t appendp)
-+		  struct option_cache *oc, bool appendp)
- {
- 	log_fatal("Impossible condition at %s:%d.", MDL);
- }
-@@ -3784,7 +3784,7 @@ void hashed_option_space_foreach (struct
- 
- void
- save_linked_option(struct universe *universe, struct option_state *options,
--		   struct option_cache *oc, isc_boolean_t appendp)
-+		   struct option_cache *oc, bool appendp)
- {
- 	pair *tail;
- 	struct option_chain_head *head;
-@@ -4073,7 +4073,7 @@ packet6_len_okay(const char *packet, int
- void
- do_packet6(struct interface_info *interface, const char *packet,
- 	   int len, int from_port, const struct iaddr *from,
--	   isc_boolean_t was_unicast) {
-+	   bool was_unicast) {
- 	unsigned char msg_type;
- 	const struct dhcpv6_packet *msg;
- 	const struct dhcpv6_relay_packet *relay;
-Index: dhcp-4.4.1/common/parse.c
-===================================================================
---- dhcp-4.4.1.orig/common/parse.c
-+++ dhcp-4.4.1/common/parse.c
-@@ -4952,7 +4952,7 @@ int parse_option_token (rv, cfile, fmt,
- 	unsigned len;
- 	struct iaddr addr;
- 	int compress;
--	isc_boolean_t freeval = ISC_FALSE;
-+	bool freeval = false;
- 	const char *f, *g;
- 	struct enumeration_value *e;
- 
-@@ -5038,7 +5038,7 @@ int parse_option_token (rv, cfile, fmt,
- 			return 0;
- 		}
- 		len = strlen (val);
--		freeval = ISC_TRUE;
-+		freeval = true;
- 		goto make_string;
- 
- 	      case 't': /* Text string... */
-@@ -5055,9 +5055,9 @@ int parse_option_token (rv, cfile, fmt,
- 		if (!make_const_data (&t, (const unsigned char *)val,
- 				      len, 1, 1, MDL))
- 			log_fatal ("No memory for concatenation");
--		if (freeval == ISC_TRUE) {
-+		if (freeval == true) {
- 			dfree((char *)val, MDL);
--			freeval = ISC_FALSE;
-+			freeval = false;
- 			POST(freeval);
- 		}
- 		break;
-Index: dhcp-4.4.1/omapip/dispatch.c
-===================================================================
---- dhcp-4.4.1.orig/omapip/dispatch.c
-+++ dhcp-4.4.1/omapip/dispatch.c
-@@ -156,7 +156,7 @@ omapi_iscsock_cb(isc_task_t   *task,
- 	 * This should be a temporary fix until we arrange to properly
- 	 * close the socket.
- 	 */
--	if (obj->closed == ISC_TRUE) {
-+	if (obj->closed == true) {
- 		return(0);
- 	}
- #endif	  
-@@ -223,7 +223,7 @@ isc_result_t omapi_register_io_object (o
- 	status = omapi_io_allocate (&obj, MDL);
- 	if (status != ISC_R_SUCCESS)
- 		return status;
--	obj->closed = ISC_FALSE;  /* mark as open */
-+	obj->closed = false;  /* mark as open */
- 
- 	status = omapi_object_reference (&obj -> inner, h, MDL);
- 	if (status != ISC_R_SUCCESS) {
-@@ -404,7 +404,7 @@ isc_result_t omapi_unregister_io_object
- 		isc_socket_detach(&obj->fd);
- 	}
- #else
--	obj->closed = ISC_TRUE;
-+	obj->closed = true;
- #endif
- 
- 	omapi_io_dereference (&ph, MDL);
-Index: dhcp-4.4.1/omapip/isclib.c
-===================================================================
---- dhcp-4.4.1.orig/omapip/isclib.c
-+++ dhcp-4.4.1/omapip/isclib.c
-@@ -106,9 +106,9 @@ isclib_cleanup(void)
- 	if (dhcp_gbl_ctx.taskmgr != NULL)
- 		isc_taskmgr_destroy(&dhcp_gbl_ctx.taskmgr);
- 
--	if (dhcp_gbl_ctx.actx_started != ISC_FALSE) {
-+	if (dhcp_gbl_ctx.actx_started != false) {
- 		isc_app_ctxfinish(dhcp_gbl_ctx.actx);
--		dhcp_gbl_ctx.actx_started = ISC_FALSE;
-+		dhcp_gbl_ctx.actx_started = false;
- 	}
- 
- 	if (dhcp_gbl_ctx.actx != NULL)
-@@ -211,7 +211,7 @@ dhcp_context_create(int flags,
- 		result = isc_app_ctxstart(dhcp_gbl_ctx.actx);
- 		if (result != ISC_R_SUCCESS)
- 			return (result);
--		dhcp_gbl_ctx.actx_started = ISC_TRUE;
-+		dhcp_gbl_ctx.actx_started = true;
- 
- 		/* Not all OSs support suppressing SIGPIPE through socket
- 		 * options, so set the sigal action to be ignore.  This allows
-Index: dhcp-4.4.1/omapip/protocol.c
-===================================================================
---- dhcp-4.4.1.orig/omapip/protocol.c
-+++ dhcp-4.4.1/omapip/protocol.c
-@@ -950,14 +950,14 @@ isc_result_t omapi_protocol_stuff_values
- /* Returns a boolean indicating whether this protocol requires that
-    messages be authenticated or not. */
- 
--isc_boolean_t omapi_protocol_authenticated (omapi_object_t *h)
-+bool omapi_protocol_authenticated (omapi_object_t *h)
- {
- 	if (h -> type != omapi_type_protocol)
--		return isc_boolean_false;
-+		return false;
- 	if (((omapi_protocol_object_t *)h) -> insecure)
--		return isc_boolean_false;
-+		return false;
- 	else
--		return isc_boolean_true;
-+		return true;
- }
- 
- /* Sets the address and authenticator verification callbacks.  The handle
-Index: dhcp-4.4.1/relay/dhcrelay.c
-===================================================================
---- dhcp-4.4.1.orig/relay/dhcrelay.c
-+++ dhcp-4.4.1/relay/dhcrelay.c
-@@ -45,9 +45,9 @@ char *token_line;
- char *tlname;
- 
- const char *path_dhcrelay_pid = _PATH_DHCRELAY_PID;
--isc_boolean_t no_dhcrelay_pid = ISC_FALSE;
-+bool no_dhcrelay_pid = false;
- /* False (default) => we write and use a pid file */
--isc_boolean_t no_pid_file = ISC_FALSE;
-+bool no_pid_file = false;
- 
- int bogus_agent_drops = 0;	/* Packets dropped because agent option
- 				   field was specified and we're not relaying
-@@ -82,7 +82,7 @@ int dfd[2] = { -1, -1 };
- 
- #ifdef DHCPv6
- 	/* Force use of DHCPv6 interface-id option. */
--isc_boolean_t use_if_id = ISC_FALSE;
-+bool use_if_id = false;
- #endif
- 
- 	/* Maximum size of a packet with agent options added. */
-@@ -556,7 +556,7 @@ main(int argc, char **argv) {
- 			}
- 			local_family_set = 1;
- 			local_family = AF_INET6;
--			use_if_id = ISC_TRUE;
-+			use_if_id = true;
- 		} else if (!strcmp(argv[i], "-l")) {
- 			if (local_family_set && (local_family == AF_INET)) {
- 				usage(use_v6command, argv[i]);
-@@ -564,7 +564,7 @@ main(int argc, char **argv) {
- 			local_family_set = 1;
- 			local_family = AF_INET6;
- 			if (downstreams != NULL)
--				use_if_id = ISC_TRUE;
-+				use_if_id = true;
- 			if (++i == argc)
- 				usage(use_noarg, argv[i-1]);
- 			sl = parse_downstream(argv[i]);
-@@ -595,9 +595,9 @@ main(int argc, char **argv) {
- 			if (++i == argc)
- 				usage(use_noarg, argv[i-1]);
- 			path_dhcrelay_pid = argv[i];
--			no_dhcrelay_pid = ISC_TRUE;
-+			no_dhcrelay_pid = true;
- 		} else if (!strcmp(argv[i], "--no-pid")) {
--			no_pid_file = ISC_TRUE;
-+			no_pid_file = true;
-  		} else if (argv[i][0] == '-') {
- 			usage("Unknown command: %s", argv[i]);
-  		} else {
-@@ -645,7 +645,7 @@ main(int argc, char **argv) {
- 	 * If the user didn't specify a pid file directly
- 	 * find one from environment variables or defaults
- 	 */
--	if (no_dhcrelay_pid == ISC_FALSE) {
-+	if (no_dhcrelay_pid == false) {
- 		if (local_family == AF_INET) {
- 			path_dhcrelay_pid = getenv("PATH_DHCRELAY_PID");
- 			if (path_dhcrelay_pid == NULL)
-@@ -774,7 +774,7 @@ main(int argc, char **argv) {
- 		}
- 
- 		/* Create the pid file. */
--		if (no_pid_file == ISC_FALSE) {
-+		if (no_pid_file == false) {
- 			pfdesc = open(path_dhcrelay_pid,
- 				      O_CREAT | O_TRUNC | O_WRONLY, 0644);
- 
-@@ -1569,7 +1569,7 @@ static void
- setup_streams(void) {
- 	struct stream_list *dp, *up;
- 	int i;
--	isc_boolean_t link_is_set;
-+	bool link_is_set;
- 
- 	for (dp = downstreams; dp; dp = dp->next) {
- 		/* Check interface */
-@@ -1579,9 +1579,9 @@ setup_streams(void) {
- 
- 		/* Check/set link. */
- 		if (IN6_IS_ADDR_UNSPECIFIED(&dp->link.sin6_addr))
--			link_is_set = ISC_FALSE;
-+			link_is_set = false;
- 		else
--			link_is_set = ISC_TRUE;
-+			link_is_set = true;
- 		for (i = 0; i < dp->ifp->v6address_count; i++) {
- 			if (IN6_IS_ADDR_LINKLOCAL(&dp->ifp->v6addresses[i]))
- 				continue;
-@@ -2076,7 +2076,7 @@ dhcp_set_control_state(control_object_st
- 	if (newstate != server_shutdown)
- 		return ISC_R_SUCCESS;
- 
--	if (no_pid_file == ISC_FALSE)
-+	if (no_pid_file == false)
- 		(void) unlink(path_dhcrelay_pid);
- 
- 	if (!no_daemon && dfd[0] != -1 && dfd[1] != -1) {
-Index: dhcp-4.4.1/server/dhcp.c
-===================================================================
---- dhcp-4.4.1.orig/server/dhcp.c
-+++ dhcp-4.4.1/server/dhcp.c
-@@ -225,7 +225,7 @@ dhcp (struct packet *packet) {
- 			packet->options->universe_count =
- 						agent_universe.index + 1;
- 
--		packet->agent_options_stashed = ISC_TRUE;
-+		packet->agent_options_stashed = true;
- 	}
-       nolease:
- 
-@@ -1094,7 +1094,7 @@ void dhcpinform (packet, ms_nulltp)
- 	int nulltp;
- 	struct sockaddr_in to;
- 	struct in_addr from;
--	isc_boolean_t zeroed_ciaddr;
-+	bool zeroed_ciaddr;
- 	struct interface_info *interface;
- 	int result, h_m_client_ip = 0;
- 	struct host_decl  *host = NULL, *hp = NULL, *h;
-@@ -1109,7 +1109,7 @@ void dhcpinform (packet, ms_nulltp)
- 	   it's common for clients not to do this, so we'll use their IP
- 	   source address if they didn't set ciaddr. */
- 	if (!packet->raw->ciaddr.s_addr) {
--		zeroed_ciaddr = ISC_TRUE;
-+		zeroed_ciaddr = true;
- 		/* With DHCPv4-over-DHCPv6 it can be an IPv6 address
- 		   so we check its length. */
- 		if (packet->client_addr.len == 4) {
-@@ -1122,7 +1122,7 @@ void dhcpinform (packet, ms_nulltp)
- 			addr_type = "v4o6";
- 		}
- 	} else {
--		zeroed_ciaddr = ISC_FALSE;
-+		zeroed_ciaddr = false;
- 		cip.len = 4;
- 		memcpy(cip.iabuf, &packet->raw->ciaddr, 4);
- 		addr_type = "client";
-@@ -1133,7 +1133,7 @@ void dhcpinform (packet, ms_nulltp)
- 	if (packet->raw->giaddr.s_addr) {
- 		gip.len = 4;
- 		memcpy(gip.iabuf, &packet->raw->giaddr, 4);
--		if (zeroed_ciaddr == ISC_TRUE) {
-+		if (zeroed_ciaddr == true) {
- 			addr_type = "relay";
- 			memcpy(sip.iabuf, gip.iabuf, 4);
- 		}
-@@ -1207,7 +1207,7 @@ void dhcpinform (packet, ms_nulltp)
- 		save_option(&dhcp_universe, options, noc);
- 		option_cache_dereference(&noc, MDL);
- 
--		if ((zeroed_ciaddr == ISC_TRUE) && (gip.len != 0))
-+		if ((zeroed_ciaddr == true) && (gip.len != 0))
- 			addr_type = "relay link select";
- 		else
- 			addr_type = "selected";
-@@ -1261,7 +1261,7 @@ void dhcpinform (packet, ms_nulltp)
- 				    NULL, NULL);
- 
- 	/* If we have ciaddr, find its lease so we can find its pool. */
--	if (zeroed_ciaddr == ISC_FALSE) {
-+	if (zeroed_ciaddr == false) {
- 		struct lease* cip_lease = NULL;
- 
- 		find_lease_by_ip_addr (&cip_lease, cip, MDL);
-@@ -2036,7 +2036,7 @@ void echo_client_id(packet, lease, in_op
- 		unsigned int opcode = DHO_DHCP_CLIENT_IDENTIFIER;
- 
- 		/* Save knowledge that echo is enabled to the packet */
--		packet->sv_echo_client_id = ISC_TRUE;
-+		packet->sv_echo_client_id = true;
- 
- 		/* Now see if inbound packet contains client-id */
- 		oc = lookup_option(&dhcp_universe, packet->options, opcode);
-@@ -2187,7 +2187,7 @@ void ack_lease (packet, lease, offer, wh
- 	struct iaddr cip;
- #if defined(DELAYED_ACK)
- 	/* By default we don't do the enqueue */
--	isc_boolean_t enqueue = ISC_FALSE;
-+	bool enqueue = false;
- #endif
- 	int use_old_lease = 0;
- 
-@@ -3217,7 +3217,7 @@ void ack_lease (packet, lease, offer, wh
- 		 * can just answer right away, set a flag to indicate this.
- 		 */
- 		if (commit)
--			enqueue = ISC_TRUE;
-+			enqueue = true;
- 
- 		/* Install the new information on 'lt' onto the lease at
- 		 * 'lease'.  We will not 'commit' this information to disk
-@@ -4234,7 +4234,7 @@ int find_lease (struct lease **lp,
- 	 * preference, so the first one is the best one.
- 	 */
- 	while (uid_lease) {
--		isc_boolean_t do_release = !packet->raw->ciaddr.s_addr;
-+		bool do_release = !packet->raw->ciaddr.s_addr;
- #if defined (DEBUG_FIND_LEASE)
- 		log_info ("trying next lease matching client id: %s",
- 			  piaddr (uid_lease -> ip_addr));
-@@ -4267,7 +4267,7 @@ int find_lease (struct lease **lp,
- #endif
- 			/* Allow multiple leases using the same UID
- 			   on different subnetworks. */
--			do_release = ISC_FALSE;
-+			do_release = false;
- 			goto n_uid;
- 		}
- 
-@@ -5331,7 +5331,7 @@ get_server_source_address(struct in_addr
- 	struct option_cache *oc = NULL;
- 	struct data_string d;
- 	struct in_addr *a = NULL;
--	isc_boolean_t found = ISC_FALSE;
-+	bool found = false;
- 	int allocate = 0;
- 
- 	memset(&d, 0, sizeof(d));
-@@ -5344,7 +5344,7 @@ get_server_source_address(struct in_addr
- 					  packet->options, options, 
- 					  &global_scope, oc, MDL)) {
- 			if (d.len == sizeof(*from)) {
--				found = ISC_TRUE;
-+				found = true;
- 				memcpy(from, d.data, sizeof(*from));
- 
- 				/*
-@@ -5362,7 +5362,7 @@ get_server_source_address(struct in_addr
- 		oc = NULL;
- 	}
- 
--	if ((found == ISC_FALSE) &&
-+	if ((found == false) &&
- 	    (packet->interface->address_count > 0)) {
- 		*from = packet->interface->addresses[0];
- 
-Index: dhcp-4.4.1/server/failover.c
-===================================================================
---- dhcp-4.4.1.orig/server/failover.c
-+++ dhcp-4.4.1/server/failover.c
-@@ -45,7 +45,7 @@ static isc_result_t failover_message_der
- static void dhcp_failover_pool_balance(dhcp_failover_state_t *state);
- static void dhcp_failover_pool_reqbalance(dhcp_failover_state_t *state);
- static int dhcp_failover_pool_dobalance(dhcp_failover_state_t *state,
--					isc_boolean_t *sendreq);
-+					bool *sendreq);
- static inline int secondary_not_hoarding(dhcp_failover_state_t *state,
- 					 struct pool *p);
- static void scrub_lease(struct lease* lease, const char *file, int line);
-@@ -2464,7 +2464,7 @@ void
- dhcp_failover_pool_rebalance(void *failover_state)
- {
- 	dhcp_failover_state_t *state;
--	isc_boolean_t sendreq = ISC_FALSE;
-+	bool sendreq = false;
- 
- 	state = (dhcp_failover_state_t *)failover_state;
- 
-@@ -2512,7 +2512,7 @@ dhcp_failover_pool_reqbalance(dhcp_failo
-  */
- static int
- dhcp_failover_pool_dobalance(dhcp_failover_state_t *state,
--			    isc_boolean_t *sendreq)
-+			    bool *sendreq)
- {
- 	int lts, total, thresh, hold, panic, pass;
- 	int leases_queued = 0;
-@@ -2581,7 +2581,7 @@ dhcp_failover_pool_dobalance(dhcp_failov
- 
- 		if ((sendreq != NULL) && (lts < panic)) {
- 			reqlog = "  (requesting peer rebalance!)";
--			*sendreq = ISC_TRUE;
-+			*sendreq = true;
- 		} else
- 			reqlog = "";
- 
-@@ -5111,7 +5111,7 @@ isc_result_t dhcp_failover_send_update_d
-  * a more detailed system of preferences is required, so this is something we
-  * should monitor as we gain experience with these dueling events.
-  */
--static isc_boolean_t
-+static bool
- failover_lease_is_better(dhcp_failover_state_t *state, struct lease *lease,
- 			 failover_message_t *msg)
- {
-@@ -5132,15 +5132,15 @@ failover_lease_is_better(dhcp_failover_s
- 	      case FTS_ACTIVE:
- 		if (msg->binding_status == FTS_ACTIVE) {
- 			if (msg_cltt < lease->cltt)
--				return ISC_TRUE;
-+				return true;
- 			else if (msg_cltt > lease->cltt)
--				return ISC_FALSE;
-+				return false;
- 			else if (state->i_am == primary)
--				return ISC_TRUE;
-+				return true;
- 			else
--				return ISC_FALSE;
-+				return false;
- 		} else if (msg->binding_status == FTS_EXPIRED) {
--			return ISC_FALSE;
-+			return false;
- 		}
- 		/* FALL THROUGH */
- 
-@@ -5151,11 +5151,11 @@ failover_lease_is_better(dhcp_failover_s
- 	      case FTS_ABANDONED:
- 	      case FTS_RESET:
- 		if (msg->binding_status == FTS_ACTIVE)
--			return ISC_FALSE;
-+			return false;
- 		else if (state->i_am == primary)
--			return ISC_TRUE;
-+			return true;
- 		else
--			return ISC_FALSE;
-+			return false;
- 		/* FALL THROUGH to impossible condition */
- 
- 	      default:
-@@ -5164,7 +5164,7 @@ failover_lease_is_better(dhcp_failover_s
- 
- 	log_fatal("Impossible condition at %s:%d.", MDL);
- 	/* Silence compiler warning. */
--	return ISC_FALSE;
-+	return false;
- }
- 
- isc_result_t dhcp_failover_process_bind_update (dhcp_failover_state_t *state,
-@@ -5177,8 +5177,8 @@ isc_result_t dhcp_failover_process_bind_
- 	int new_binding_state;
- 	int send_to_backup = 0;
- 	int required_options;
--	isc_boolean_t chaddr_changed = ISC_FALSE;
--	isc_boolean_t ident_changed = ISC_FALSE;
-+	bool chaddr_changed = false;
-+	bool ident_changed = false;
- 
- 	/* Validate the binding update. */
- 	required_options = FTB_ASSIGNED_IP_ADDRESS | FTB_BINDING_STATUS;
-@@ -5250,7 +5250,7 @@ isc_result_t dhcp_failover_process_bind_
- 		if ((lt->hardware_addr.hlen != msg->chaddr.count) ||
- 		    (memcmp(lt->hardware_addr.hbuf, msg->chaddr.data,
- 			    msg->chaddr.count) != 0))
--			chaddr_changed = ISC_TRUE;
-+			chaddr_changed = true;
- 
- 		lt -> hardware_addr.hlen = msg -> chaddr.count;
- 		memcpy (lt -> hardware_addr.hbuf, msg -> chaddr.data,
-@@ -5262,7 +5262,7 @@ isc_result_t dhcp_failover_process_bind_
- 		reason = FTR_MISSING_BINDINFO;
- 		goto bad;
- 	} else if (msg->binding_status == FTS_ABANDONED) {
--		chaddr_changed = ISC_TRUE;
-+		chaddr_changed = true;
- 		lt->hardware_addr.hlen = 0;
- 		if (lt->scope)
- 			binding_scope_dereference(&lt->scope, MDL);
-@@ -5282,7 +5282,7 @@ isc_result_t dhcp_failover_process_bind_
- 		    (lt->uid == NULL) || /* Sanity; should never happen. */
- 		    (memcmp(lt->uid, msg->client_identifier.data,
- 			    lt->uid_len) != 0))
--			ident_changed = ISC_TRUE;
-+			ident_changed = true;
- 
- 		lt->uid_len = msg->client_identifier.count;
- 
-@@ -5312,7 +5312,7 @@ isc_result_t dhcp_failover_process_bind_
- 	} else if (lt->uid && msg->binding_status != FTS_RESET &&
- 		   msg->binding_status != FTS_FREE &&
- 		   msg->binding_status != FTS_BACKUP) {
--		ident_changed = ISC_TRUE;
-+		ident_changed = true;
- 		if (lt->uid != lt->uid_buf)
- 			dfree (lt->uid, MDL);
- 		lt->uid = NULL;
-@@ -5347,7 +5347,7 @@ isc_result_t dhcp_failover_process_bind_
- 	if (msg->binding_status == FTS_ACTIVE &&
- 	    (chaddr_changed || ident_changed)) {
- #if defined (NSUPDATE)
--		(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
-+		(void) ddns_removals(lease, NULL, NULL, false);
- #endif /* NSUPDATE */
- 
- 		if (lease->scope != NULL)
-@@ -5534,7 +5534,7 @@ isc_result_t dhcp_failover_process_bind_
- 	struct iaddr ia;
- 	const char *message = "no memory";
- 	u_int32_t pot_expire;
--	int send_to_backup = ISC_FALSE;
-+	int send_to_backup = false;
- 	struct timeval tv;
- 
- 	ia.len = sizeof msg -> assigned_addr;
-@@ -5621,7 +5621,7 @@ isc_result_t dhcp_failover_process_bind_
- 		if (state->i_am == primary &&
- 		    !(lease->flags & (RESERVED_LEASE | BOOTP_LEASE)) &&
- 		    peer_wants_lease(lease))
--			send_to_backup = ISC_TRUE;
-+			send_to_backup = true;
- 
- 		if (!send_to_backup && state->me.state == normal)
- 			commit_leases();
-Index: dhcp-4.4.1/server/dhcpd.c
-===================================================================
---- dhcp-4.4.1.orig/server/dhcpd.c
-+++ dhcp-4.4.1/server/dhcpd.c
-@@ -98,7 +98,7 @@ const char *path_dhcpd_conf = _PATH_DHCP
- const char *path_dhcpd_db = _PATH_DHCPD_DB;
- const char *path_dhcpd_pid = _PATH_DHCPD_PID;
- /* False (default) => we write and use a pid file */
--isc_boolean_t no_pid_file = ISC_FALSE;
-+bool no_pid_file = false;
- 
- int dhcp_max_agent_option_packet_length = DHCP_MTU_MAX;
- 
-@@ -476,7 +476,7 @@ main(int argc, char **argv) {
- 			path_dhcpd_pid = argv [i];
- 			have_dhcpd_pid = 1;
- 		} else if (!strcmp(argv[i], "--no-pid")) {
--			no_pid_file = ISC_TRUE;
-+			no_pid_file = true;
-                 } else if (!strcmp (argv [i], "-t")) {
- 			/* test configurations only */
- #ifndef DEBUG
-@@ -863,7 +863,7 @@ main(int argc, char **argv) {
- 	 * - we don't have a pid file to check
- 	 * - there is no other process running
- 	 */
--	if ((lftest == 0) && (no_pid_file == ISC_FALSE)) {
-+	if ((lftest == 0) && (no_pid_file == false)) {
- 		/*Read previous pid file. */
- 		if ((i = open(path_dhcpd_pid, O_RDONLY)) >= 0) {
- 			status = read(i, pbuf, (sizeof pbuf) - 1);
-@@ -974,7 +974,7 @@ main(int argc, char **argv) {
- 	 * that we have forked we can write our pid if
- 	 * appropriate.
- 	 */
--	if (no_pid_file == ISC_FALSE) {
-+	if (no_pid_file == false) {
- 		i = open(path_dhcpd_pid, O_WRONLY|O_CREAT|O_TRUNC, 0644);
- 		if (i >= 0) {
- 			sprintf(pbuf, "%d\n", (int) getpid());
-@@ -1730,7 +1730,7 @@ static isc_result_t dhcp_io_shutdown_cou
- 	    free_everything ();
- 	    omapi_print_dmalloc_usage_by_caller ();
- #endif
--	    if (no_pid_file == ISC_FALSE)
-+	    if (no_pid_file == false)
- 		    (void) unlink(path_dhcpd_pid);
- 	    exit (0);
- 	}
-@@ -1741,7 +1741,7 @@ static isc_result_t dhcp_io_shutdown_cou
- 		free_everything ();
- 		omapi_print_dmalloc_usage_by_caller ();
- #endif
--		if (no_pid_file == ISC_FALSE)
-+		if (no_pid_file == false)
- 			(void) unlink(path_dhcpd_pid);
- 		exit (0);
- 	}
-@@ -1750,7 +1750,7 @@ static isc_result_t dhcp_io_shutdown_cou
- #if defined(FAILOVER_PROTOCOL)
- 	    !failover_connection_count &&
- #endif
--	    ISC_TRUE) {
-+	    true) {
- 		shutdown_state = shutdown_done;
- 		shutdown_time = cur_time;
- 		goto oncemore;
-Index: dhcp-4.4.1/server/mdb6.c
-===================================================================
---- dhcp-4.4.1.orig/server/mdb6.c
-+++ dhcp-4.4.1/server/mdb6.c
-@@ -514,10 +514,10 @@ ia_remove_all_lease(struct ia_xx *ia, co
- /*
-  * Compare two IA.
-  */
--isc_boolean_t
-+bool
- ia_equal(const struct ia_xx *a, const struct ia_xx *b) 
- {
--	isc_boolean_t found;
-+	bool found;
- 	int i, j;
- 
- 	/*
-@@ -525,9 +525,9 @@ ia_equal(const struct ia_xx *a, const st
- 	 */
- 	if (a == NULL) {
- 		if (b == NULL) {
--			return ISC_TRUE;
-+			return true;
- 		} else {
--			return ISC_FALSE;
-+			return false;
- 		}
- 	}	
- 
-@@ -535,58 +535,58 @@ ia_equal(const struct ia_xx *a, const st
- 	 * Check the type is the same.
- 	 */
- 	if (a->ia_type != b->ia_type) {
--		return ISC_FALSE;
-+		return false;
- 	}
- 
- 	/*
- 	 * Check the DUID is the same.
- 	 */
- 	if (a->iaid_duid.len != b->iaid_duid.len) {
--		return ISC_FALSE;
-+		return false;
- 	}
- 	if (memcmp(a->iaid_duid.data, 
- 		   b->iaid_duid.data, a->iaid_duid.len) != 0) {
--		return ISC_FALSE;
-+		return false;
- 	}
- 
- 	/*
- 	 * Make sure we have the same number of addresses/prefixes in each.
- 	 */
- 	if (a->num_iasubopt != b->num_iasubopt) {
--		return ISC_FALSE;
-+		return false;
- 	}
- 
- 	/*
- 	 * Check that each address/prefix is present in both.
- 	 */
- 	for (i=0; i<a->num_iasubopt; i++) {
--		found = ISC_FALSE;
-+		found = false;
- 		for (j=0; j<a->num_iasubopt; j++) {
- 			if (a->iasubopt[i]->plen != b->iasubopt[i]->plen)
- 				continue;
- 			if (memcmp(&(a->iasubopt[i]->addr),
- 			           &(b->iasubopt[j]->addr), 
- 				   sizeof(struct in6_addr)) == 0) {
--				found = ISC_TRUE;
-+				found = true;
- 				break;
- 			}
- 		}
- 		if (!found) {
--			return ISC_FALSE;
-+			return false;
- 		}
- 	}
- 
- 	/*
- 	 * These are the same in every way we care about.
- 	 */
--	return ISC_TRUE;
-+	return true;
- }
- 
- /*
-  * Helper function for lease heaps.
-  * Makes the top of the heap the oldest lease.
-  */
--static isc_boolean_t 
-+static bool 
- lease_older(void *a, void *b) {
- 	struct iasubopt *la = (struct iasubopt *)a;
- 	struct iasubopt *lb = (struct iasubopt *)b;
-@@ -1038,8 +1038,8 @@ create_lease6(struct ipv6_pool *pool, st
- 	struct data_string new_ds;
- 	struct iasubopt *iaaddr;
- 	isc_result_t result;
--	isc_boolean_t reserved_iid;
--	static isc_boolean_t init_resiid = ISC_FALSE;
-+	bool reserved_iid;
-+	static bool init_resiid = false;
- 
- 	/*
- 	 * Fill the reserved IIDs.
-@@ -1049,7 +1049,7 @@ create_lease6(struct ipv6_pool *pool, st
- 		memset(&resany, 0, 8);
- 		resany.s6_addr[8] = 0xfd;
- 		memset(&resany.s6_addr[9], 0xff, 6);
--		init_resiid = ISC_TRUE;
-+		init_resiid = true;
- 	}
- 
- 	/* 
-@@ -1094,14 +1094,14 @@ create_lease6(struct ipv6_pool *pool, st
- 		/*
- 		 * Avoid reserved interface IDs. (cf. RFC 5453)
- 		 */
--		reserved_iid = ISC_FALSE;
-+		reserved_iid = false;
- 		if (memcmp(&tmp.s6_addr[8], &rtany.s6_addr[8], 8) == 0) {
--			reserved_iid = ISC_TRUE;
-+			reserved_iid = true;
- 		}
- 		if (!reserved_iid &&
- 		    (memcmp(&tmp.s6_addr[8], &resany.s6_addr[8], 7) == 0) &&
- 		    ((tmp.s6_addr[15] & 0x80) == 0x80)) {
--			reserved_iid = ISC_TRUE;
-+			reserved_iid = true;
- 		}
- 
- 		/*
-@@ -1177,7 +1177,7 @@ create_lease6_eui_64(struct ipv6_pool *p
- 	struct iasubopt *test_iaaddr;
- 	struct iasubopt *iaaddr;
- 	isc_result_t result;
--	static isc_boolean_t init_resiid = ISC_FALSE;
-+	static bool init_resiid = false;
- 
- 	/*  Fill the reserved IIDs.  */
- 	if (!init_resiid) {
-@@ -1185,7 +1185,7 @@ create_lease6_eui_64(struct ipv6_pool *p
- 		memset(&resany, 0, 8);
- 		resany.s6_addr[8] = 0xfd;
- 		memset(&resany.s6_addr[9], 0xff, 6);
--		init_resiid = ISC_TRUE;
-+		init_resiid = true;
- 	}
- 
- 	/* Pool must be IA_NA */
-@@ -1520,7 +1520,7 @@ add_lease6(struct ipv6_pool *pool, struc
- /*
-  * Determine if an address is present in a pool or not.
-  */
--isc_boolean_t
-+bool
- lease6_exists(const struct ipv6_pool *pool, const struct in6_addr *addr) {
- 	struct iasubopt *test_iaaddr;
- 
-@@ -1528,9 +1528,9 @@ lease6_exists(const struct ipv6_pool *po
- 	if (iasubopt_hash_lookup(&test_iaaddr, pool->leases, 
- 				 (void *)addr, sizeof(*addr), MDL)) {
- 		iasubopt_dereference(&test_iaaddr, MDL);
--		return ISC_TRUE;
-+		return true;
- 	} else {
--		return ISC_FALSE;
-+		return false;
- 	}
- }
- 
-@@ -1545,20 +1545,20 @@ lease6_exists(const struct ipv6_pool *po
-  * \param[in] lease = lease to check
-  *
-  * \return
-- * ISC_TRUE  = The lease is allowed to use that address
-- * ISC_FALSE = The lease isn't allowed to use that address
-+ * true  = The lease is allowed to use that address
-+ * false = The lease isn't allowed to use that address
-  */
--isc_boolean_t
-+bool
- lease6_usable(struct iasubopt *lease) {
- 	struct iasubopt *test_iaaddr;
--	isc_boolean_t status = ISC_TRUE;
-+	bool status = true;
- 
- 	test_iaaddr = NULL;
- 	if (iasubopt_hash_lookup(&test_iaaddr, lease->ipv6_pool->leases,
- 				 (void *)&lease->addr,
- 				 sizeof(lease->addr), MDL)) {
- 		if (test_iaaddr != lease) {
--			status = ISC_FALSE;
-+			status = false;
- 		}
- 		iasubopt_dereference(&test_iaaddr, MDL);
- 	}
-@@ -1697,7 +1697,7 @@ move_lease_to_inactive(struct ipv6_pool
- #if defined (NSUPDATE)
- 		/* Process events upon expiration. */
- 		if (pool->pool_type != D6O_IA_PD) {
--			(void) ddns_removals(NULL, lease, NULL, ISC_FALSE);
-+			(void) ddns_removals(NULL, lease, NULL, false);
- 		}
- #endif
- 
-@@ -1977,21 +1977,21 @@ create_prefix6(struct ipv6_pool *pool, s
- /*
-  * Determine if a prefix is present in a pool or not.
-  */
--isc_boolean_t
-+bool
- prefix6_exists(const struct ipv6_pool *pool,
- 	       const struct in6_addr *pref, u_int8_t plen) {
- 	struct iasubopt *test_iapref;
- 
- 	if ((int)plen != pool->units)
--		return ISC_FALSE;
-+		return false;
- 
- 	test_iapref = NULL;
- 	if (iasubopt_hash_lookup(&test_iapref, pool->leases, 
- 				 (void *)pref, sizeof(*pref), MDL)) {
- 		iasubopt_dereference(&test_iapref, MDL);
--		return ISC_TRUE;
-+		return true;
- 	} else {
--		return ISC_FALSE;
-+		return false;
- 	}
- }
- 
-@@ -2267,15 +2267,15 @@ ipv6_network_portion(struct in6_addr *re
- /*
-  * Determine if the given address/prefix is in the pool.
-  */
--isc_boolean_t
-+bool
- ipv6_in_pool(const struct in6_addr *addr, const struct ipv6_pool *pool) {
- 	struct in6_addr tmp;
- 
- 	ipv6_network_portion(&tmp, addr, pool->bits);
- 	if (memcmp(&tmp, &pool->start_addr, sizeof(tmp)) == 0) {
--		return ISC_TRUE;
-+		return true;
- 	} else {
--		return ISC_FALSE;
-+		return false;
- 	}
- }
- 
-Index: dhcp-4.4.1/server/ddns.c
-===================================================================
---- dhcp-4.4.1.orig/server/ddns.c
-+++ dhcp-4.4.1/server/ddns.c
-@@ -373,7 +373,7 @@ ddns_updates(struct packet *packet, stru
- 
- 		/* If desired do the removals */
- 		if (do_remove != 0) {
--			(void) ddns_removals(lease, lease6, NULL, ISC_TRUE);
-+			(void) ddns_removals(lease, lease6, NULL, true);
- 		}
- 		goto out;
- 	}
-@@ -618,7 +618,7 @@ ddns_updates(struct packet *packet, stru
- 		 * We should log a more specific error closer to the actual
- 		 * error if we want one. ddns_removal failure not logged here.
- 		 */
--		 (void) ddns_removals(lease, lease6, ddns_cb, ISC_TRUE);
-+		 (void) ddns_removals(lease, lease6, ddns_cb, true);
- 	}
- 	else {
- 		ddns_fwd_srv_connector(lease, lease6, scope, ddns_cb,
-@@ -1907,7 +1907,7 @@ ddns_fwd_srv_rem1(dhcp_ddns_cb_t *ddns_c
-  *     the current entry.
-  *
-  * \li active - indication about the status of the lease. It is
-- *     ISC_TRUE if the lease is still active, and FALSE if the lease
-+ *     true if the lease is still active, and FALSE if the lease
-  *     is inactive.  This is used to indicate if the lease is inactive or going
-  *     to inactive so we can avoid trying to update the lease with cb pointers
-  *     and text information if it isn't useful.
-@@ -1923,7 +1923,7 @@ isc_result_t
- ddns_removals(struct lease    *lease,
- 	      struct iasubopt *lease6,
- 	      dhcp_ddns_cb_t  *add_ddns_cb,
--	      isc_boolean_t    active)
-+	      bool    active)
- {
- 	isc_result_t rcode, execute_add = ISC_R_FAILURE;
- 	struct binding_scope **scope = NULL;
-@@ -1970,7 +1970,7 @@ ddns_removals(struct lease    *lease,
- 			if (((ddns_cb->state == DDNS_STATE_ADD_PTR) ||
- 			     (ddns_cb->state == DDNS_STATE_ADD_FW_NXDOMAIN) ||
- 			     (ddns_cb->state == DDNS_STATE_ADD_FW_YXDHCID)) ||
--			    ((active == ISC_FALSE) &&
-+			    ((active == false) &&
- 			     ((ddns_cb->flags & DDNS_ACTIVE_LEASE) != 0))) {
- 				/* Cancel the current request */
- 				ddns_cancel(lease->ddns_cb, MDL);
-@@ -1998,7 +1998,7 @@ ddns_removals(struct lease    *lease,
- 			if (((ddns_cb->state == DDNS_STATE_ADD_PTR) ||
- 			     (ddns_cb->state == DDNS_STATE_ADD_FW_NXDOMAIN) ||
- 			     (ddns_cb->state == DDNS_STATE_ADD_FW_YXDHCID)) ||
--			    ((active == ISC_FALSE) &&
-+			    ((active == false) &&
- 			     ((ddns_cb->flags & DDNS_ACTIVE_LEASE) != 0))) {
- 				/* Cancel the current request */
- 				ddns_cancel(lease6->ddns_cb, MDL);
-@@ -2053,7 +2053,7 @@ ddns_removals(struct lease    *lease,
- 	 * the lease information for v6 when the response
- 	 * from the DNS code is processed.
- 	 */
--	if (active == ISC_TRUE) {
-+	if (active == true) {
- 		ddns_cb->flags |= DDNS_ACTIVE_LEASE;
- 	}
- 
-Index: dhcp-4.4.1/server/mdb.c
-===================================================================
---- dhcp-4.4.1.orig/server/mdb.c
-+++ dhcp-4.4.1/server/mdb.c
-@@ -1504,7 +1504,7 @@ void make_binding_state_transition (stru
- 	      lease -> binding_state == FTS_ACTIVE &&
- 	      lease -> next_binding_state != FTS_RELEASED))) {
- #if defined (NSUPDATE)
--		(void) ddns_removals(lease, NULL, NULL, ISC_TRUE);
-+		(void) ddns_removals(lease, NULL, NULL, true);
- #endif
- 		if (lease->on_star.on_expiry) {
- 			execute_statements(NULL, NULL, lease,
-@@ -1568,7 +1568,7 @@ void make_binding_state_transition (stru
- 		 * release message.  This is not true of expiry, where the
- 		 * peer may have extended the lease.
- 		 */
--		(void) ddns_removals(lease, NULL, NULL, ISC_TRUE);
-+		(void) ddns_removals(lease, NULL, NULL, true);
- #endif
- 		if (lease->on_star.on_release) {
- 			execute_statements(NULL, NULL, lease,
-@@ -1736,7 +1736,7 @@ void release_lease (lease, packet)
- 	/* If there are statements to execute when the lease is
- 	   released, execute them. */
- #if defined (NSUPDATE)
--	(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
-+	(void) ddns_removals(lease, NULL, NULL, false);
- #endif
- 	if (lease->on_star.on_release) {
- 		execute_statements (NULL, packet, lease,
-@@ -1810,7 +1810,7 @@ void abandon_lease (lease, message)
- {
- 	struct lease *lt = NULL;
- #if defined (NSUPDATE)
--	(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
-+	(void) ddns_removals(lease, NULL, NULL, false);
- #endif
- 
- 	if (!lease_copy(&lt, lease, MDL)) {
-@@ -1860,7 +1860,7 @@ void dissociate_lease (lease)
- {
- 	struct lease *lt = (struct lease *)0;
- #if defined (NSUPDATE)
--	(void) ddns_removals(lease, NULL, NULL, ISC_FALSE);
-+	(void) ddns_removals(lease, NULL, NULL, false);
- #endif
- 
- 	if (!lease_copy (&lt, lease, MDL))
-@@ -2072,38 +2072,38 @@ int find_lease_by_hw_addr (struct lease
-  *    should never see reset leases for this.
-  * 4) Abandoned leases are always dead last.
-  */
--static isc_boolean_t
-+static bool
- client_lease_preferred(struct lease *cand, struct lease *lease)
- {
- 	if (cand->binding_state == FTS_ACTIVE) {
- 		if (lease->binding_state == FTS_ACTIVE &&
- 		    lease->ends >= cand->ends)
--			return ISC_TRUE;
-+			return true;
- 	} else if (cand->binding_state == FTS_EXPIRED ||
- 		   cand->binding_state == FTS_RELEASED) {
- 		if (lease->binding_state == FTS_ACTIVE)
--			return ISC_TRUE;
-+			return true;
- 
- 		if ((lease->binding_state == FTS_EXPIRED ||
- 		     lease->binding_state == FTS_RELEASED) &&
- 		    lease->cltt >= cand->cltt)
--			return ISC_TRUE;
-+			return true;
- 	} else if (cand->binding_state != FTS_ABANDONED) {
- 		if (lease->binding_state == FTS_ACTIVE ||
- 		    lease->binding_state == FTS_EXPIRED ||
- 		    lease->binding_state == FTS_RELEASED)
--			return ISC_TRUE;
-+			return true;
- 
- 		if (lease->binding_state != FTS_ABANDONED &&
- 		    lease->cltt >= cand->cltt)
--			return ISC_TRUE;
-+			return true;
- 	} else /* (cand->binding_state == FTS_ABANDONED) */ {
- 		if (lease->binding_state != FTS_ABANDONED ||
- 		    lease->cltt >= cand->cltt)
--			return ISC_TRUE;
-+			return true;
- 	}
- 
--	return ISC_FALSE;
-+	return false;
- }
- 
- /* Add the specified lease to the uid hash. */
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
deleted file mode 100644
index 101c33f677..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Tue, 15 Aug 2017 14:56:56 +0800
-Subject: [PATCH 02/11] dhclient dbus
-
-Upstream-Status: Inappropriate [distribution]
-
-Rebase to 4.3.6
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/scripts/bsdos   | 5 +++++
- client/scripts/freebsd | 5 +++++
- client/scripts/linux   | 5 +++++
- client/scripts/netbsd  | 5 +++++
- client/scripts/openbsd | 5 +++++
- client/scripts/solaris | 5 +++++
- 6 files changed, 30 insertions(+)
-
-diff --git a/client/scripts/bsdos b/client/scripts/bsdos
-index d69d0d8..095b143 100755
---- a/client/scripts/bsdos
-+++ b/client/scripts/bsdos
-@@ -45,6 +45,11 @@ exit_with_hooks() {
-     . /etc/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
-diff --git a/client/scripts/freebsd b/client/scripts/freebsd
-index 8f3e2a2..ad7fb44 100755
---- a/client/scripts/freebsd
-+++ b/client/scripts/freebsd
-@@ -89,6 +89,11 @@ exit_with_hooks() {
-     . /etc/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
-diff --git a/client/scripts/linux b/client/scripts/linux
-index 5fb1612..3d447b6 100755
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -174,6 +174,11 @@ exit_with_hooks() {
-         exit_status=$?
-     fi
- 
-+    if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+        dbus-send --system --dest=com.redhat.dhcp \
-+           --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+           'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+    fi
-     exit $exit_status
- }
- 
-diff --git a/client/scripts/netbsd b/client/scripts/netbsd
-index 07383b7..aaba8e8 100755
---- a/client/scripts/netbsd
-+++ b/client/scripts/netbsd
-@@ -45,6 +45,11 @@ exit_with_hooks() {
-     . /etc/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
-diff --git a/client/scripts/openbsd b/client/scripts/openbsd
-index e7f4746..56b980c 100644
---- a/client/scripts/openbsd
-+++ b/client/scripts/openbsd
-@@ -45,6 +45,11 @@ exit_with_hooks() {
-     . /etc/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
-diff --git a/client/scripts/solaris b/client/scripts/solaris
-index af553b9..4a2aa69 100755
---- a/client/scripts/solaris
-+++ b/client/scripts/solaris
-@@ -26,6 +26,11 @@ exit_with_hooks() {
-     . /etc/dhclient-exit-hooks
-   fi
- # probably should do something with exit status of the local script
-+  if [ x$dhc_dbus != x -a $exit_status -eq 0 ]; then
-+    dbus-send --system --dest=com.redhat.dhcp \
-+      --type=method_call /com/redhat/dhcp/$interface com.redhat.dhcp.set \
-+      'string:'"`env | grep -Ev '^(PATH|SHLVL|_|PWD|dhc_dbus)\='`"
-+  fi
-   exit $exit_status
- }
- 
--- 
-1.8.3.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch b/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
deleted file mode 100644
index 5b35933a54..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From d80bd792323dbd56269309f85b4506eb6b1b60e9 Mon Sep 17 00:00:00 2001
-From: Andrei Gherzan <andrei@gherzan.ro>
-Date: Tue, 15 Aug 2017 15:05:47 +0800
-Subject: [PATCH 03/11] link with lcrypto
-
-From 4.2.0 final release, -lcrypto check was removed and we compile
-static libraries
-from bind that are linked to libcrypto. This is why i added a patch in
-order to add
--lcrypto to LIBS.
-
-Upstream-Status: Pending
-Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
-
-Rebase to 4.3.6
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- configure.ac | 4 ++++
- 1 file changed, 4 insertions(+)
-
-Index: dhcp-4.4.1/configure.ac
-===================================================================
---- dhcp-4.4.1.orig/configure.ac
-+++ dhcp-4.4.1/configure.ac
-@@ -612,6 +612,10 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
- # Look for optional headers.
- AC_CHECK_HEADERS(sys/socket.h net/if_dl.h net/if6.h regex.h)
- 
-+# find an MD5 library
-+AC_SEARCH_LIBS(MD5_Init, [crypto])
-+AC_SEARCH_LIBS(MD5Init, [crypto])
-+
- # Solaris needs some libraries for functions
- AC_SEARCH_LIBS(socket, [socket])
- AC_SEARCH_LIBS(inet_ntoa, [nsl])
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch b/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
deleted file mode 100644
index b71c93dd6d..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0004-Fix-out-of-tree-builds.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From cccec0344d68dac4100b6f260ee24e7c2da9dfda Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Tue, 15 Aug 2017 15:08:22 +0800
-Subject: [PATCH 04/11] Fix out of tree builds
-
-Upstream-Status: Pending
-
-RP 2013/03/21
-
-Rebase to 4.3.6
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/Makefile.am  | 4 ++--
- common/Makefile.am  | 3 ++-
- dhcpctl/Makefile.am | 2 ++
- omapip/Makefile.am  | 1 +
- relay/Makefile.am   | 2 +-
- server/Makefile.am  | 2 +-
- 6 files changed, 9 insertions(+), 5 deletions(-)
-
-Index: dhcp-4.4.1/common/Makefile.am
-===================================================================
---- dhcp-4.4.1.orig/common/Makefile.am
-+++ dhcp-4.4.1/common/Makefile.am
-@@ -1,4 +1,5 @@
--AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"'
-+
- AM_CFLAGS = $(LDAP_CFLAGS)
- 
- lib_LIBRARIES = libdhcp.a
-Index: dhcp-4.4.1/dhcpctl/Makefile.am
-===================================================================
---- dhcp-4.4.1.orig/dhcpctl/Makefile.am
-+++ dhcp-4.4.1/dhcpctl/Makefile.am
-@@ -3,6 +3,8 @@ BINDLIBDNSDIR=@BINDLIBDNSDIR@
- BINDLIBISCCFGDIR=@BINDLIBISCCFGDIR@
- BINDLIBISCDIR=@BINDLIBISCDIR@
- 
-+AM_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_srcdir)
-+
- bin_PROGRAMS = omshell
- lib_LIBRARIES = libdhcpctl.a
- noinst_PROGRAMS = cltest
-Index: dhcp-4.4.1/server/Makefile.am
-===================================================================
---- dhcp-4.4.1.orig/server/Makefile.am
-+++ dhcp-4.4.1/server/Makefile.am
-@@ -4,7 +4,7 @@
- # production code. Sadly, we are not there yet.
- SUBDIRS = . tests
- 
--AM_CPPFLAGS = -I.. -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -I$(top_srcdir) -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
- dist_sysconf_DATA = dhcpd.conf.example
- sbin_PROGRAMS = dhcpd
-Index: dhcp-4.4.1/client/Makefile.am
-===================================================================
---- dhcp-4.4.1.orig/client/Makefile.am
-+++ dhcp-4.4.1/client/Makefile.am
-@@ -5,7 +5,7 @@
- SUBDIRS = . tests
- 
- AM_CPPFLAGS = -DCLIENT_PATH='"PATH=$(sbindir):/sbin:/bin:/usr/sbin:/usr/bin"'
--AM_CPPFLAGS += -DLOCALSTATEDIR='"$(localstatedir)"'
-+AM_CPPFLAGS += -DLOCALSTATEDIR='"$(localstatedir)"' -I$(top_srcdir)/includes
- 
- dist_sysconf_DATA = dhclient.conf.example
- sbin_PROGRAMS = dhclient
-Index: dhcp-4.4.1/omapip/Makefile.am
-===================================================================
---- dhcp-4.4.1.orig/omapip/Makefile.am
-+++ dhcp-4.4.1/omapip/Makefile.am
-@@ -2,6 +2,7 @@ BINDLIBIRSDIR=@BINDLIBIRSDIR@
- BINDLIBDNSDIR=@BINDLIBDNSDIR@
- BINDLIBISCCFGDIR=@BINDLIBISCCFGDIR@
- BINDLIBISCDIR=@BINDLIBISCDIR@
-+AM_CPPFLAGS = -I$(top_srcdir)/includes
- 
- lib_LIBRARIES = libomapi.a
- noinst_PROGRAMS = svtest
-Index: dhcp-4.4.1/relay/Makefile.am
-===================================================================
---- dhcp-4.4.1.orig/relay/Makefile.am
-+++ dhcp-4.4.1/relay/Makefile.am
-@@ -1,4 +1,4 @@
--AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"'
-+AM_CPPFLAGS = -DLOCALSTATEDIR='"@localstatedir@"' -I$(top_srcdir)/includes
- 
- sbin_PROGRAMS = dhcrelay
- dhcrelay_SOURCES = dhcrelay.c
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch b/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
deleted file mode 100644
index dd56381b1d..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 2e8ff0e4f6d39e346ea86b8c514ab4ccc78fa359 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Tue, 15 Aug 2017 15:24:14 +0800
-Subject: [PATCH 05/11] dhcp-client: fix invoke dhclient-script failed on
- Read-only file system
-
-In read-only file system, '/etc' is on the readonly partition,
-and '/etc/resolv.conf' is symlinked to a separate writable
-partition.
-
-In this situation, we create temp files 'resolv.conf.dhclient-new'
-in /tmp dir.
-
-Upstream-Status: Pending
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/scripts/linux | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
-index 3d447b6..3122a75 100755
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -40,7 +40,7 @@ make_resolv_conf() {
-     # DHCPv4
-     if [ -n "$new_domain_search" ] || [ -n "$new_domain_name" ] ||
-        [ -n "$new_domain_name_servers" ]; then
--        new_resolv_conf=/etc/resolv.conf.dhclient-new
-+        new_resolv_conf=/tmp/resolv.conf.dhclient-new
-         rm -f $new_resolv_conf
- 
-         if [ -n "$new_domain_name" ]; then
--- 
-1.8.3.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch b/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
deleted file mode 100644
index 6ef70ccacd..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0006-site.h-enable-gentle-shutdown.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 01641d146e4e6bea954e4a4ee1f6230b822665b4 Mon Sep 17 00:00:00 2001
-From: Chen Qi <Qi.Chen@windriver.com>
-Date: Tue, 15 Aug 2017 15:37:49 +0800
-Subject: [PATCH 06/11] site.h: enable gentle shutdown
-
-Upstream-Status: Inappropriate [configuration]
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
-
-Rebase to 4.3.6
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- includes/site.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: dhcp-4.4.1/includes/site.h
-===================================================================
---- dhcp-4.4.1.orig/includes/site.h
-+++ dhcp-4.4.1/includes/site.h
-@@ -295,7 +295,7 @@
-    situations.  We plan to revisit this feature and may
-    make non-backwards compatible changes including the
-    removal of this define.  Use at your own risk.  */
--/* #define ENABLE_GENTLE_SHUTDOWN */
-+#define ENABLE_GENTLE_SHUTDOWN
- 
- /* Include old error codes.  This is provided in case you
-    are building an external program similar to omshell for
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch b/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
deleted file mode 100644
index feb0754fff..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 7107511fd209f08f9a96f8938041ae48f3295895 Mon Sep 17 00:00:00 2001
-From: Christopher Larson <chris_larson@mentor.com>
-Date: Tue, 15 Aug 2017 16:17:49 +0800
-Subject: [PATCH 07/11] Add configure argument to make the libxml2 dependency
- explicit and determinisitic.
-
-Upstream-Status: Pending
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-
-Rebase to 4.3.6
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- configure.ac | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-Index: dhcp-4.4.1/configure.ac
-===================================================================
---- dhcp-4.4.1.orig/configure.ac
-+++ dhcp-4.4.1/configure.ac
-@@ -642,6 +642,17 @@ if test "$have_nanosleep" = "rt"; then
- 	LIBS="-lrt $LIBS"
- fi
- 
-+AC_ARG_WITH(libxml2,
-+	AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
-+	with_libxml2="$withval", with_libxml2="no")
-+
-+if test x$with_libxml2 != xno; then
-+	AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
-+		[if test x$with_libxml2 != xauto; then
-+			AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
-+		fi])
-+fi
-+
- # check for /dev/random (declares HAVE_DEV_RANDOM)
- AC_MSG_CHECKING(for random device)
- AC_ARG_WITH(randomdev,
-Index: dhcp-4.4.1/configure.ac+lt
-===================================================================
---- dhcp-4.4.1.orig/configure.ac+lt
-+++ dhcp-4.4.1/configure.ac+lt
-@@ -909,6 +909,18 @@ elif test "$want_libtool" = "yes" -a "$u
- fi
- AM_CONDITIONAL(INSTALL_BIND, test "$want_install_bind" = "yes")
- 
-+AC_ARG_WITH(libxml2,
-+	AS_HELP_STRING([--with-libxml2], [link against libxml2. this is needed if bind was built with xml2 support enabled]),
-+	with_libxml2="$withval", with_libxml2="no")
-+
-+if test x$with_libxml2 != xno; then
-+	AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],,
-+		[if test x$with_libxml2 != xauto; then
-+			AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
-+		fi])
-+fi
-+
-+
- # OpenLDAP support.
- AC_ARG_WITH(ldap,
-     AS_HELP_STRING([--with-ldap],[enable OpenLDAP support in dhcpd (default is no)]),
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch b/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
deleted file mode 100644
index 912b6d6312..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0009-remove-dhclient-script-bash-dependency.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From f3f8b7726e50e24ef3edf5fa5a17e31d39118d7e Mon Sep 17 00:00:00 2001
-From: Andre McCurdy <armccurdy@gmail.com>
-Date: Tue, 15 Aug 2017 15:49:31 +0800
-Subject: [PATCH 09/11] remove dhclient-script bash dependency
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
-
-Rebase to 4.3.6
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- client/scripts/linux | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/client/scripts/linux b/client/scripts/linux
-index 3122a75..1712d7d 100755
---- a/client/scripts/linux
-+++ b/client/scripts/linux
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
- # dhclient-script for Linux. Dan Halbert, March, 1997.
- # Updated for Linux 2.[12] by Brian J. Murrell, January 1999.
- # No guarantees about this. I'm a novice at the details of Linux
--- 
-1.8.3.1
-
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch b/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
deleted file mode 100644
index 39ba65fbc4..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 501543b3ef715488a142e3d301ff2733aa33eec7 Mon Sep 17 00:00:00 2001
-From: Awais Belal <awais_belal@mentor.com>
-Date: Wed, 25 Oct 2017 21:00:05 +0500
-Subject: [PATCH] dhcp: correct the intention for xml2 lib search
-
-A missing case breaks the build when libxml2 is
-required and found appropriately. The third argument
-to the function AC_SEARCH_LIB is action-if-found which
-was mistakenly been used for the case where the library
-is not found and hence breaks the configure phase
-where it shoud actually pass.
-We now pass on silently when action-if-found is
-executed.
-
-Upstream-Status: Pending
-
-Signed-off-by: Awais Belal <awais_belal@mentor.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: dhcp-4.4.1/configure.ac
-===================================================================
---- dhcp-4.4.1.orig/configure.ac
-+++ dhcp-4.4.1/configure.ac
-@@ -647,7 +647,7 @@ AC_ARG_WITH(libxml2,
- 	with_libxml2="$withval", with_libxml2="no")
- 
- if test x$with_libxml2 != xno; then
--	AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],
-+	AC_SEARCH_LIBS(xmlTextWriterStartElement, [xml2],,
- 		[if test x$with_libxml2 != xauto; then
- 			AC_MSG_FAILURE([*** Cannot find xmlTextWriterStartElement with -lxml2 and libxml2 was requested])
- 		fi])
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch b/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
deleted file mode 100644
index fcec010bd0..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-lib and include path is hardcoded for use_libbind 
-
-use libdir and includedir vars
-
-Upstream-Status: Pending
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: dhcp-4.4.1/configure.ac+lt
-===================================================================
---- dhcp-4.4.1.orig/configure.ac+lt
-+++ dhcp-4.4.1/configure.ac+lt
-@@ -801,22 +801,22 @@ no)
- 	if test ! -d "$use_libbind"; then
- 		AC_MSG_ERROR([Cannot find bind directory at $use_libbind])
- 	fi
--	if test ! -d "$use_libbind/include" -o \
--	        ! -f "$use_libbind/include/isc/buffer.h"
-+	if test ! -d "$use_libbind/$includedir" -o \
-+	        ! -f "$use_libbind/$includedir/isc/buffer.h"
- 	then
--		AC_MSG_ERROR([Cannot find bind includes at $use_libbind/include])
-+		AC_MSG_ERROR([Cannot find bind includes at $use_libbind/$includedir])
- 	fi
--	if test	! -d "$use_libbind/lib" -o \
--	        \( ! -f "$use_libbind/lib/libisc.a" -a \
--		   ! -f	"$use_libbind/lib/libisc.la" \)
-+	if test	! -d "$use_libbind/$libdir" -o \
-+	        \( ! -f "$use_libbind/$libdir/libisc.a" -a \
-+		   ! -f	"$use_libbind/$libdir/libisc.la" \)
- 	then
--		AC_MSG_ERROR([Cannot find bind libraries at $use_libbind/lib])
-+		AC_MSG_ERROR([Cannot find bind libraries at $use_libbind/$libdir])
- 	fi
- 	BINDDIR="$use_libbind"
--	BINDLIBIRSDIR="$BINDDIR/lib"
--	BINDLIBDNSDIR="$BINDDIR/lib"
--	BINDLIBISCCFGDIR="$BINDDIR/lib"
--	BINDLIBISCDIR="$BINDDIR/lib"	
-+	BINDLIBIRSDIR="$BINDDIR/$libdir"
-+	BINDLIBDNSDIR="$BINDDIR/$libdir"
-+	BINDLIBISCCFGDIR="$BINDDIR/$libdir"
-+	BINDLIBISCDIR="$BINDDIR/$libdir"
- 	DISTCHECK_LIBBIND_CONFIGURE_FLAG="--with-libbind=$use_libbind"
- 	;;
- esac
-@@ -856,14 +856,14 @@ AC_ARG_ENABLE(libtool,
- 
- if test "$use_libbind" != "no"; then
- 	if test "$want_libtool" = "yes" -a \
--	        ! -f "$use_libbind/lib/libisc.la"
-+	        ! -f "$use_libbind/$libdir/libisc.la"
- 	then
--		AC_MSG_ERROR([Cannot find dynamic libraries at $use_libbind/lib])
-+		AC_MSG_ERROR([Cannot find dynamic libraries at $use_libbind/$libdir])
- 	fi
- 	if test "$want_libtool" = "no" -a \
--	        ! -f "$use_libbind/lib/libisc.a"
-+	        ! -f "$use_libbind/$libdir/libisc.a"
- 	then
--		AC_MSG_ERROR([Cannot find static libraries at $use_libbind/lib])
-+		AC_MSG_ERROR([Cannot find static libraries at $use_libbind/$libdir])
- 	fi
- fi
- 
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb b/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
deleted file mode 100644
index ca0daa1810..0000000000
--- a/meta/recipes-connectivity/dhcp/dhcp_4.4.1.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-require dhcp.inc
-
-SRC_URI += "file://0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch \
-            file://0002-dhclient-dbus.patch \
-            file://0003-link-with-lcrypto.patch \
-            file://0004-Fix-out-of-tree-builds.patch \
-            file://0005-dhcp-client-fix-invoke-dhclient-script-failed-on-Rea.patch \
-            file://0006-site.h-enable-gentle-shutdown.patch \
-            file://0007-Add-configure-argument-to-make-the-libxml2-dependenc.patch \
-            file://0009-remove-dhclient-script-bash-dependency.patch \
-            file://0012-dhcp-correct-the-intention-for-xml2-lib-search.patch \
-            file://0013-fixup_use_libbind.patch \
-            file://0001-dhcpd-fix-Replace-custom-isc_boolean_t-with-C-standa.patch \
-"
-
-SRC_URI[md5sum] = "18c7f4dcbb0a63df25098216d47b1ede"
-SRC_URI[sha256sum] = "2a22508922ab367b4af4664a0472dc220cc9603482cf3c16d9aff14f3a76b608"
-
-LDFLAGS_append = " -pthread"
-
-PACKAGECONFIG ?= ""
-PACKAGECONFIG[bind-httpstats] = "--with-libxml2,--without-libxml2,libxml2"
diff --git a/meta/recipes-connectivity/dhcp/files/default-relay b/meta/recipes-connectivity/dhcp/files/default-relay
deleted file mode 100644
index 7961f014be..0000000000
--- a/meta/recipes-connectivity/dhcp/files/default-relay
+++ /dev/null
@@ -1,12 +0,0 @@
-# Defaults for dhcp-relay initscript
-# sourced by /etc/init.d/dhcp-relay
-
-# What servers should the DHCP relay forward requests to?
-# e.g: SERVERS="192.168.0.1"
-SERVERS=""
-
-# On what interfaces should the DHCP relay (dhrelay) serve DHCP requests?
-INTERFACES=""
-
-# Additional options that are passed to the DHCP relay daemon?
-OPTIONS=""
diff --git a/meta/recipes-connectivity/dhcp/files/default-server b/meta/recipes-connectivity/dhcp/files/default-server
deleted file mode 100644
index 0385d16992..0000000000
--- a/meta/recipes-connectivity/dhcp/files/default-server
+++ /dev/null
@@ -1,7 +0,0 @@
-# Defaults for dhcp initscript
-# sourced by /etc/init.d/dhcp-server
-# installed at /etc/default/dhcp-server by the maintainer scripts
-
-# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
-#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".
-INTERFACES=""
diff --git a/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper b/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
deleted file mode 100644
index 7d0e224a1d..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhclient-systemd-wrapper
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# In case the interface is used for nfs, skip it.
-nfsroot=0
-interfaces=""
-exec 9<&0 < /proc/mounts
-while read dev mtpt fstype rest; do
-    if test $mtpt = "/" ; then
-        case $fstype in
-            nfs | nfs4)
-                nfsroot=1
-                nfs_addr=`echo $rest | sed -e 's/^.*addr=\([0-9.]*\).*$/\1/'`
-                break
-                ;;
-            *)
-                ;;
-        esac
-    fi
-done
-exec 0<&9 9<&-
-
-if [ $nfsroot -eq 0 ]; then
-    interfaces="$INTERFACES"
-else
-    if [ -x /bin/ip -o -x /sbin/ip ] ; then
-	nfs_iface=`ip route get $nfs_addr | grep dev | sed -e 's/^.*dev \([-a-z0-9.]*\).*$/\1/'`
-    fi
-    for i in $INTERFACES; do
-	if test "x$i" = "x$nfs_iface"; then
-            echo "dhclient skipping nfsroot interface $i"
-	else
-	    interfaces="$interfaces $i"
-	fi
-    done
-fi
-
-if test "x$interfaces" != "x"; then
-    /sbin/dhclient -d -cf /etc/dhcp/dhclient.conf -q -lf /var/lib/dhcp/dhclient.leases $interfaces
-fi
diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.conf b/meta/recipes-connectivity/dhcp/files/dhclient.conf
deleted file mode 100644
index 0e6dcf96c2..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhclient.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-# Configuration file for /sbin/dhclient, which is included in Debian's
-#	dhcp3-client package.
-#
-# This is a sample configuration file for dhclient. See dhclient.conf's
-#	man page for more information about the syntax of this file
-#	and a more comprehensive list of the parameters understood by
-#	dhclient.
-#
-# Normally, if the DHCP server provides reasonable information and does
-#	not leave anything out (like the domain name, for example), then
-#	few changes must be made to this file, if any.
-#
-
-#send host-name "andare.fugue.com";
-#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
-#send dhcp-lease-time 3600;
-#supersede domain-name "fugue.com home.vix.com";
-#prepend domain-name-servers 127.0.0.1;
-request subnet-mask, broadcast-address, time-offset, routers,
-	domain-name, domain-name-servers, host-name,
-	netbios-name-servers, netbios-scope;
-#require subnet-mask, domain-name-servers;
-#timeout 60;
-#retry 60;
-#reboot 10;
-#select-timeout 5;
-#initial-interval 2;
-#script "/etc/dhcp3/dhclient-script";
-#media "-link0 -link1 -link2", "link0 link1";
-#reject 192.33.137.209;
-
-#alias {
-#  interface "eth0";
-#  fixed-address 192.5.5.213;
-#  option subnet-mask 255.255.255.255;
-#}
-
-#lease {
-#  interface "eth0";
-#  fixed-address 192.33.137.200;
-#  medium "link0 link1";
-#  option host-name "andare.swiftmedia.com";
-#  option subnet-mask 255.255.255.0;
-#  option broadcast-address 192.33.137.255;
-#  option routers 192.33.137.250;
-#  option domain-name-servers 127.0.0.1;
-#  renew 2 2000/1/12 00:00:01;
-#  rebind 2 2000/1/12 00:00:01;
-#  expire 2 2000/1/12 00:00:01;
-#}
diff --git a/meta/recipes-connectivity/dhcp/files/dhclient.service b/meta/recipes-connectivity/dhcp/files/dhclient.service
deleted file mode 100644
index 9ddb4d1dfe..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhclient.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Dynamic Host Configuration Protocol (DHCP)
-Wants=network.target
-Before=network.target
-After=systemd-udevd.service
-
-[Service]
-EnvironmentFile=-@SYSCONFDIR@/default/dhcp-client
-ExecStart=@BASE_SBINDIR@/dhclient-systemd-wrapper
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.conf b/meta/recipes-connectivity/dhcp/files/dhcpd.conf
deleted file mode 100644
index 0001c0f00e..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhcpd.conf
+++ /dev/null
@@ -1,108 +0,0 @@
-#
-# Sample configuration file for ISC dhcpd for Debian
-#
-# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
-#
-
-# The ddns-updates-style parameter controls whether or not the server will
-# attempt to do a DNS update when a lease is confirmed. We default to the
-# behavior of the version 2 packages ('none', since DHCP v2 didn't
-# have support for DDNS.)
-ddns-update-style none;
-
-# option definitions common to all supported networks...
-option domain-name "example.org";
-option domain-name-servers ns1.example.org, ns2.example.org;
-
-default-lease-time 600;
-max-lease-time 7200;
-
-# If this DHCP server is the official DHCP server for the local
-# network, the authoritative directive should be uncommented.
-#authoritative;
-
-# Use this to send dhcp log messages to a different log file (you also
-# have to hack syslog.conf to complete the redirection).
-log-facility local7;
-
-# No service will be given on this subnet, but declaring it helps the 
-# DHCP server to understand the network topology.
-
-#subnet 10.152.187.0 netmask 255.255.255.0 {
-#}
-
-# This is a very basic subnet declaration.
-
-#subnet 10.254.239.0 netmask 255.255.255.224 {
-#  range 10.254.239.10 10.254.239.20;
-#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
-#}
-
-# This declaration allows BOOTP clients to get dynamic addresses,
-# which we don't really recommend.
-
-#subnet 10.254.239.32 netmask 255.255.255.224 {
-#  range dynamic-bootp 10.254.239.40 10.254.239.60;
-#  option broadcast-address 10.254.239.31;
-#  option routers rtr-239-32-1.example.org;
-#}
-
-# A slightly different configuration for an internal subnet.
-#subnet 10.5.5.0 netmask 255.255.255.224 {
-#  range 10.5.5.26 10.5.5.30;
-#  option domain-name-servers ns1.internal.example.org;
-#  option domain-name "internal.example.org";
-#  option routers 10.5.5.1;
-#  option broadcast-address 10.5.5.31;
-#  default-lease-time 600;
-#  max-lease-time 7200;
-#}
-
-# Hosts which require special configuration options can be listed in
-# host statements.   If no address is specified, the address will be
-# allocated dynamically (if possible), but the host-specific information
-# will still come from the host declaration.
-
-#host passacaglia {
-#  hardware ethernet 0:0:c0:5d:bd:95;
-#  filename "vmunix.passacaglia";
-#  server-name "toccata.fugue.com";
-#}
-
-# Fixed IP addresses can also be specified for hosts.   These addresses
-# should not also be listed as being available for dynamic assignment.
-# Hosts for which fixed IP addresses have been specified can boot using
-# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
-# be booted with DHCP, unless there is an address range on the subnet
-# to which a BOOTP client is connected which has the dynamic-bootp flag
-# set.
-#host fantasia {
-#  hardware ethernet 08:00:07:26:c0:a5;
-#  fixed-address fantasia.fugue.com;
-#}
-
-# You can declare a class of clients and then do address allocation
-# based on that.   The example below shows a case where all clients
-# in a certain class get addresses on the 10.17.224/24 subnet, and all
-# other clients get addresses on the 10.0.29/24 subnet.
-
-#class "foo" {
-#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
-#}
-
-#shared-network 224-29 {
-#  subnet 10.17.224.0 netmask 255.255.255.0 {
-#    option routers rtr-224.example.org;
-#  }
-#  subnet 10.0.29.0 netmask 255.255.255.0 {
-#    option routers rtr-29.example.org;
-#  }
-#  pool {
-#    allow members of "foo";
-#    range 10.17.224.10 10.17.224.250;
-#  }
-#  pool {
-#    deny members of "foo";
-#    range 10.0.29.10 10.0.29.230;
-#  }
-#}
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd.service b/meta/recipes-connectivity/dhcp/files/dhcpd.service
deleted file mode 100644
index ae4f93eca5..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhcpd.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=DHCPv4 Server Daemon
-Documentation=man:dhcpd(8) man:dhcpd.conf(5)
-After=network.target
-After=time-sync.target
-
-[Service]
-PIDFile=@localstatedir@/run/dhcpd.pid
-EnvironmentFile=@SYSCONFDIR@/default/dhcp-server
-EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcp-server
-ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd.leases
-ExecStart=@SBINDIR@/dhcpd -f -cf @SYSCONFDIR@/dhcp/dhcpd.conf -pf @localstatedir@/run/dhcpd.pid $DHCPDARGS -q $INTERFACES
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/dhcpd6.service b/meta/recipes-connectivity/dhcp/files/dhcpd6.service
deleted file mode 100644
index 52a6224dc2..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhcpd6.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=DHCPv6 Server Daemon
-Documentation=man:dhcpd(8) man:dhcpd.conf(5)
-After=network.target
-After=time-sync.target
-
-[Service]
-PIDFile=@localstatedir@/run/dhcpd6.pid
-EnvironmentFile=@SYSCONFDIR@/default/dhcp-server
-EnvironmentFile=-@SYSCONFDIR@/sysconfig/dhcpd6
-ExecStartPre=@base_bindir@/touch @localstatedir@/lib/dhcp/dhcpd6.leases
-ExecStart=@SBINDIR@/dhcpd -f -6 -cf @SYSCONFDIR@/dhcp/dhcpd6.conf -pf @localstatedir@/run/dhcpd6.pid $DHCPDARGS -q $INTERFACES
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/dhcrelay.service b/meta/recipes-connectivity/dhcp/files/dhcrelay.service
deleted file mode 100644
index 15ff927d34..0000000000
--- a/meta/recipes-connectivity/dhcp/files/dhcrelay.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=DHCP Relay Agent Daemon
-After=network.target
-
-[Service]
-EnvironmentFile=@SYSCONFDIR@/default/dhcp-relay
-ExecStart=@SBINDIR@/dhcrelay -d --no-pid -q $SERVERS
-
-[Install]
-WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcp/files/init-relay b/meta/recipes-connectivity/dhcp/files/init-relay
deleted file mode 100644
index 019a7e84cf..0000000000
--- a/meta/recipes-connectivity/dhcp/files/init-relay
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-#
-# $Id: dhcp3-relay,v 1.1 2004/04/16 15:41:08 ml Exp $
-#
-
-# It is not safe to start if we don't have a default configuration...
-if [ ! -f /etc/default/dhcp-relay ]; then
-	echo "/etc/default/dhcp-relay does not exist! - Aborting..."
-	echo "create this file to fix the problem."
-	exit 1
-fi
-
-# Read init script configuration (interfaces the daemon should listen on
-# and the DHCP server we should forward requests to.)
-. /etc/default/dhcp-relay
-
-# Build command line for interfaces (will be passed to dhrelay below.)
-IFCMD=""
-if test "$INTERFACES" != ""; then
-	for I in $INTERFACES; do
-		IFCMD=${IFCMD}"-i "${I}" "
-	done
-fi
-
-DHCRELAYPID=/var/run/dhcrelay.pid
-
-case "$1" in
-	start)
-		start-stop-daemon -S -x /usr/sbin/dhcrelay -- -q $OPTIONS $IFCMD $SERVERS
-		;;
-	stop)
-		start-stop-daemon -K -x /usr/sbin/dhcrelay
-		;;
-	restart | force-reload)
-		$0 stop
-		sleep 2
-		$0 start
-		;;
-	*)
-		echo "Usage: /etc/init.d/dhcp-relay {start|stop|restart|force-reload}"
-		exit 1 
-esac
-
-exit 0
diff --git a/meta/recipes-connectivity/dhcp/files/init-server b/meta/recipes-connectivity/dhcp/files/init-server
deleted file mode 100644
index 5e693adf78..0000000000
--- a/meta/recipes-connectivity/dhcp/files/init-server
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-#
-# $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $
-#
-
-test -f /usr/sbin/dhcpd || exit 0
-
-# It is not safe to start if we don't have a default configuration...
-if [ ! -f /etc/default/dhcp-server ]; then
-	echo "/etc/default/dhcp-server does not exist! - Aborting..."
-	exit 0
-fi
-
-# Read init script configuration (so far only interfaces the daemon
-# should listen on.)
-. /etc/default/dhcp-server
-
-case "$1" in
-	start)
-		echo -n "Starting DHCP server: "
-		test -d /var/lib/dhcp/ || mkdir -p /var/lib/dhcp/
-		test -f /var/lib/dhcp/dhcpd.leases || touch /var/lib/dhcp/dhcpd.leases	
-		start-stop-daemon -S -x /usr/sbin/dhcpd -- -q $INTERFACES -user dhcp -group dhcp
-		echo "."
-		;;
-	stop)
-		echo -n "Stopping DHCP server: dhcpd3"
-		start-stop-daemon -K -x /usr/sbin/dhcpd
-		echo "."
-		;;
-	restart | force-reload)
-		$0 stop
-		sleep 2
-		$0 start
-		if [ "$?" != "0" ]; then
-			exit 1
-		fi
-		;;
-	*)
-		echo "Usage: /etc/init.d/dhcp-server {start|stop|restart|force-reload}"
-		exit 1 
-esac
-
-exit 0
diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
new file mode 100644
index 0000000000..ab6ffe986c
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_9.4.1.bb
@@ -0,0 +1,60 @@
+SECTION = "console/network"
+SUMMARY = "dhcpcd - a DHCP client"
+DESCRIPTION = "dhcpcd runs on your machine and silently configures your \
+               computer to work on the attached networks without trouble \
+               and mostly without configuration."
+
+HOMEPAGE = "http://roy.marples.name/projects/dhcpcd/"
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=d148485768fe85b9f1072b186a7e9b4d"
+
+UPSTREAM_CHECK_URI = "https://roy.marples.name/downloads/dhcpcd/"
+
+SRC_URI = "https://roy.marples.name/downloads/${BPN}/${BPN}-${PV}.tar.xz \
+           file://0001-remove-INCLUDEDIR-to-prevent-build-issues.patch \
+           file://dhcpcd.service \
+           file://dhcpcd@.service \
+           "
+
+SRC_URI[sha256sum] = "819357634efed1ea5cf44ec01b24d3d3f8852fec8b4249925dcc5667c54e376c"
+
+inherit pkgconfig autotools-brokensep systemd useradd
+
+SYSTEMD_SERVICE:${PN} = "dhcpcd.service"
+
+PACKAGECONFIG ?= "udev ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
+
+PACKAGECONFIG[udev] = "--with-udev,--without-udev,udev,udev"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6"
+# ntp conflicts with chrony
+PACKAGECONFIG[ntp] = "--with-hook=ntp, , ,ntp"
+PACKAGECONFIG[chrony] = "--with-hook=ntp, , ,chrony"
+PACKAGECONFIG[ypbind] = "--with-eghook=yp, , ,ypbind-mt"
+
+# add option to override DBDIR location
+DBDIR ?= "${localstatedir}/lib/${BPN}"
+
+EXTRA_OECONF = "--enable-ipv4 \
+                --dbdir=${DBDIR} \
+                --sbindir=${base_sbindir} \
+                --runstatedir=/run \
+                --enable-privsep \
+                --privsepuser=dhcpcd \
+                --with-hooks \
+                --with-eghooks \
+               "
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM:${PN} = "--system -d ${DBDIR} -M -s /bin/false -U dhcpcd"
+
+do_install:append () {
+    # install systemd unit files
+    install -d ${D}${systemd_system_unitdir}
+    install -m 0644 ${WORKDIR}/dhcpcd*.service ${D}${systemd_system_unitdir}
+
+    chmod 700 ${D}${DBDIR}
+    chown dhcpcd:dhcpcd ${D}${DBDIR}
+}
+
+FILES:${PN}-dbg += "${libdir}/dhcpcd/dev/.debug"
diff --git a/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
new file mode 100644
index 0000000000..37d2344438
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/0001-remove-INCLUDEDIR-to-prevent-build-issues.patch
@@ -0,0 +1,45 @@
+From aa9e3982c1e75ad49945a62f5e262279c7a905a4 Mon Sep 17 00:00:00 2001
+From: Stefano Cappa <stefano.cappa.ks89@gmail.com>
+Date: Sun, 13 Jan 2019 01:50:52 +0100
+Subject: [PATCH] remove INCLUDEDIR to prevent build issues
+
+Upstream-Status: Pending
+
+Signed-off-by: Stefano Cappa <stefano.cappa.ks89@gmail.com>
+---
+ configure | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/configure b/configure
+index 6c81e0db..32dea2b4 100755
+--- a/configure
++++ b/configure
+@@ -20,7 +20,6 @@ BUILD=
+ HOST=
+ HOSTCC=
+ TARGET=
+-INCLUDEDIR=
+ DEBUG=
+ FORK=
+ STATIC=
+@@ -72,7 +71,6 @@ for x do
+ 	--mandir) MANDIR=$var;;
+ 	--datadir) DATADIR=$var;;
+ 	--with-ccopts|CFLAGS) CFLAGS=$var;;
+-	-I|--includedir) INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }-I$var";;
+ 	CC) CC=$var;;
+ 	CPPFLAGS) CPPFLAGS=$var;;
+ 	PKG_CONFIG) PKG_CONFIG=$var;;
+@@ -309,9 +307,6 @@ if [ -n "$CPPFLAGS" ]; then
+ 	echo "CPPFLAGS=" >>$CONFIG_MK
+ 	echo "CPPFLAGS+=	$CPPFLAGS" >>$CONFIG_MK
+ fi
+-if [ -n "$INCLUDEDIR" ]; then
+-	echo "CPPFLAGS+=	$INCLUDEDIR" >>$CONFIG_MK
+-fi
+ if [ -n "$LDFLAGS" ]; then
+ 	echo "LDFLAGS=" >>$CONFIG_MK
+ 	echo "LDFLAGS+=	$LDFLAGS" >>$CONFIG_MK
+-- 
+2.17.2 (Apple Git-113)
+
diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service
new file mode 100644
index 0000000000..6c967ddaf0
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/dhcpcd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support
+Wants=network.target
+Before=network.target
+Conflicts=connman.service
+
+[Service]
+ExecStart=/sbin/dhcpcd -q --nobackground
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service
new file mode 100644
index 0000000000..845b83b9e5
--- /dev/null
+++ b/meta/recipes-connectivity/dhcpcd/files/dhcpcd@.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=dhcpcd on %I
+Wants=network.target
+Before=network.target
+BindsTo=sys-subsystem-net-devices-%i.device
+After=sys-subsystem-net-devices-%i.device
+Conflicts=connman.service
+
+[Service]
+Type=forking
+PIDFile=/run/dhcpcd/%I.pid
+ExecStart=/sbin/dhcpcd -q %I
+ExecStop=/sbin/dhcpcd -x %I
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch
new file mode 100644
index 0000000000..49d319f59d
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/0001-ftpd-telnetd-Fix-multiple-definitions-of-errcatch-an.patch
@@ -0,0 +1,58 @@
+From 7d39930468e272c740b0eed3c7e5b7fb3abf29e8 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 5 Aug 2020 10:36:22 -0700
+Subject: [PATCH] ftpd,telnetd: Fix multiple definitions of errcatch and not42
+
+This helps fix build failures when -fno-common option is used
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ ftpd/extern.h     | 2 +-
+ ftpd/ftpcmd.c     | 1 +
+ telnetd/utility.c | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/ftpd/extern.h b/ftpd/extern.h
+index ab33cf3..91dbbee 100644
+--- a/ftpd/extern.h
++++ b/ftpd/extern.h
+@@ -90,7 +90,7 @@ extern void user (const char *);
+ extern char *sgetsave (const char *);
+ 
+ /* Exported from ftpd.c.  */
+-jmp_buf errcatch;
++extern jmp_buf errcatch;
+ extern struct sockaddr_storage data_dest;
+ extern socklen_t data_dest_len;
+ extern struct sockaddr_storage his_addr;
+diff --git a/ftpd/ftpcmd.c b/ftpd/ftpcmd.c
+index beb1f06..d272e9d 100644
+--- a/ftpd/ftpcmd.c
++++ b/ftpd/ftpcmd.c
+@@ -106,6 +106,7 @@
+ #endif
+ 
+ off_t restart_point;
++jmp_buf errcatch;
+ 
+ static char cbuf[512];           /* Command Buffer.  */
+ static char *fromname;
+diff --git a/telnetd/utility.c b/telnetd/utility.c
+index e7ffb8e..46bf91e 100644
+--- a/telnetd/utility.c
++++ b/telnetd/utility.c
+@@ -63,7 +63,7 @@ static int ncc;
+ static char ptyibuf[BUFSIZ], *ptyip;
+ static int pcc;
+ 
+-int not42;
++extern int not42;
+ 
+ static int
+ readstream (int p, char *ibuf, int bufsize)
+-- 
+2.28.0
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
new file mode 100644
index 0000000000..a91913cb51
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/fix-buffer-fortify-tfpt.patch
@@ -0,0 +1,25 @@
+tftpd: Fix abort on error path
+
+When trying to fetch a non existent file, the app crashes with:
+
+*** buffer overflow detected ***: 
+Aborted
+
+
+Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205]
+Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
+diff --git a/src/tftpd.c b/src/tftpd.c
+index 56002a0..144012f 100644
+--- a/src/tftpd.c
++++ b/src/tftpd.c
+@@ -864,9 +864,8 @@ nak (int error)
+       pe->e_msg = strerror (error - 100);
+       tp->th_code = EUNDEF;	/* set 'undef' errorcode */
+     }
+-  strcpy (tp->th_msg, pe->e_msg);
+   length = strlen (pe->e_msg);
+-  tp->th_msg[length] = '\0';
++  memcpy(tp->th_msg, pe->e_msg, length + 1);
+   length += 5;
+   if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length)
+     syslog (LOG_ERR, "nak: %m\n");
diff --git a/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
new file mode 100644
index 0000000000..603d2baf9d
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/fix-disable-ipv6.patch
@@ -0,0 +1,85 @@
+From c7c27ba763c613f83c1561e56448b49315c271c5 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Wed, 6 Mar 2019 09:36:11 -0500
+Subject: [PATCH] Upstream:
+ http://www.mail-archive.com/bug-inetutils@gnu.org/msg02103.html
+
+Upstream-Status: Pending
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+
+---
+ ping/ping_common.h | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/ping/ping_common.h b/ping/ping_common.h
+index 65e3e60..3e84db0 100644
+--- a/ping/ping_common.h
++++ b/ping/ping_common.h
+@@ -18,10 +18,14 @@
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see `http://www.gnu.org/licenses/'. */
+ 
++#include <config.h>
++
+ #include <netinet/in_systm.h>
+ #include <netinet/in.h>
+ #include <netinet/ip.h>
++#ifdef HAVE_IPV6
+ #include <netinet/icmp6.h>
++#endif
+ #include <icmp.h>
+ #include <error.h>
+ #include <progname.h>
+@@ -63,7 +67,12 @@ struct ping_stat
+    want to follow the traditional behaviour of ping.  */
+ #define DEFAULT_PING_COUNT 0
+ 
++#ifdef HAVE_IPV6
+ #define PING_HEADER_LEN (USE_IPV6 ? sizeof (struct icmp6_hdr) : ICMP_MINLEN)
++#else
++#define PING_HEADER_LEN (ICMP_MINLEN)
++#endif
++
+ #define PING_TIMING(s)  ((s) >= sizeof (struct timeval))
+ #define PING_DATALEN    (64 - PING_HEADER_LEN)  /* default data length */
+ 
+@@ -78,13 +87,20 @@ struct ping_stat
+ 
+ #define PING_MIN_USER_INTERVAL (200000/PING_PRECISION)
+ 
++#ifdef HAVE_IPV6
+ /* FIXME: Adjust IPv6 case for options and their consumption.  */
+ #define _PING_BUFLEN(p, u) ((u)? ((p)->ping_datalen + sizeof (struct icmp6_hdr)) : \
+ 				   (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN))
+ 
++#else
++#define _PING_BUFLEN(p, u) (MAXIPLEN + (p)->ping_datalen + ICMP_TSLEN)
++#endif
++
++#ifdef HAVE_IPV6
+ typedef int (*ping_efp6) (int code, void *closure, struct sockaddr_in6 * dest,
+ 			  struct sockaddr_in6 * from, struct icmp6_hdr * icmp,
+ 			  int datalen);
++#endif
+ 
+ typedef int (*ping_efp) (int code,
+ 			 void *closure,
+@@ -93,13 +109,17 @@ typedef int (*ping_efp) (int code,
+ 			 struct ip * ip, icmphdr_t * icmp, int datalen);
+ 
+ union event {
++#ifdef HAVE_IPV6
+   ping_efp6 handler6;
++#endif
+   ping_efp handler;
+ };
+ 
+ union ping_address {
+   struct sockaddr_in ping_sockaddr;
++#ifdef HAVE_IPV6
+   struct sockaddr_in6 ping_sockaddr6;
++#endif
+ };
+ 
+ typedef struct ping_data PING;
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
new file mode 100644
index 0000000000..2974bd4f94
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch
@@ -0,0 +1,27 @@
+From f7f785c21306010b2367572250b2822df5bc7728 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier at gentoo.org>
+Date: Thu, 18 Nov 2010 16:59:14 -0500
+Subject: [PATCH] printf-parse: pull in features.h for __GLIBC__
+
+Upstream-Status: Pending
+
+Signed-off-by: Mike Frysinger <vapier at gentoo.org>
+
+---
+ lib/printf-parse.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/printf-parse.h b/lib/printf-parse.h
+index e7d0f82..d7b4534 100644
+--- a/lib/printf-parse.h
++++ b/lib/printf-parse.h
+@@ -28,6 +28,9 @@
+ 
+ #include "printf-args.h"
+ 
++#ifdef HAVE_FEATURES_H
++# include <features.h>	/* for __GLIBC__ */
++#endif
+ 
+ /* Flags */
+ #define FLAG_GROUP       1      /* ' flag */
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
new file mode 100644
index 0000000000..1ef7e21073
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.8-0003-wchar.patch
@@ -0,0 +1,25 @@
+From 9089c6eafbf5903174dce87b68476e35db80beb9 Mon Sep 17 00:00:00 2001
+From: Martin Jansa <martin.jansa@gmail.com>
+Date: Wed, 6 Mar 2019 09:36:11 -0500
+Subject: [PATCH] inetutils: Import version 1.9.4
+
+Upstream-Status: Pending
+
+---
+ lib/wchar.in.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/wchar.in.h b/lib/wchar.in.h
+index cdda680..043866a 100644
+--- a/lib/wchar.in.h
++++ b/lib/wchar.in.h
+@@ -77,6 +77,9 @@
+ /* The include_next requires a split double-inclusion guard.  */
+ #if @HAVE_WCHAR_H@
+ # @INCLUDE_NEXT@ @NEXT_WCHAR_H@
++#else
++# include <stddef.h>
++# define MB_CUR_MAX 1
+ #endif
+ 
+ #undef _GL_ALREADY_INCLUDING_WCHAR_H
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
new file mode 100644
index 0000000000..460ddf9830
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-1.9-PATH_PROCNET_DEV.patch
@@ -0,0 +1,37 @@
+From 101130f422dd5c01a1459645d7b2a5b8d19720ab Mon Sep 17 00:00:00 2001
+From: Martin Jansa <martin.jansa@gmail.com>
+Date: Wed, 6 Mar 2019 09:36:11 -0500
+Subject: [PATCH] inetutils: define PATH_PROCNET_DEV if not already defined
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+this prevents the following compilation error :
+system/linux.c:401:15: error: 'PATH_PROCNET_DEV' undeclared (first use in this function)
+
+this patch comes from :
+ http://repository.timesys.com/buildsources/i/inetutils/inetutils-1.9/
+
+Upstream-Status: Inappropriate [not author]
+
+Signed-of-by: Eric Bénard <eric@eukrea.com>
+
+---
+ ifconfig/system/linux.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ifconfig/system/linux.c b/ifconfig/system/linux.c
+index e453b46..4268ca9 100644
+--- a/ifconfig/system/linux.c
++++ b/ifconfig/system/linux.c
+@@ -53,6 +53,10 @@
+ #include "../ifconfig.h"
+ 
+ 
++#ifndef PATH_PROCNET_DEV
++  #define PATH_PROCNET_DEV "/proc/net/dev"
++#endif
++
+ /* ARPHRD stuff.  */
+ 
+ static void
diff --git a/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
new file mode 100644
index 0000000000..2343c03cb4
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/inetutils-only-check-pam_appl.h-when-pam-enabled.patch
@@ -0,0 +1,49 @@
+From cc66e842e037fba9f06761f942abe5c4856492b8 Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Wed, 6 Mar 2019 09:36:11 -0500
+Subject: [PATCH] inetutils: Import version 1.9.4
+
+Only check security/pam_appl.h which is provided by package libpam when pam is
+enabled.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+---
+ configure.ac | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5e16c3a..18510a8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -182,6 +182,19 @@ AC_SUBST(LIBUTIL)
+ 
+ # See if we have libpam.a.  Investigate PAM versus Linux-PAM.
+ if test "$with_pam" = yes ; then
++  AC_CHECK_HEADERS([security/pam_appl.h], [], [], [
++#include <sys/types.h>
++#ifdef HAVE_NETINET_IN_SYSTM_H
++# include <netinet/in_systm.h>
++#endif
++#include <netinet/in.h>
++#ifdef HAVE_NETINET_IP_H
++# include <netinet/ip.h>
++#endif
++#ifdef HAVE_SYS_PARAM_H
++# include <sys/param.h>
++#endif
++])
+   AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl)
+   AC_CHECK_LIB(pam, pam_authenticate, LIBPAM=-lpam)
+   if test "$ac_cv_lib_pam_pam_authenticate" = yes ; then
+@@ -617,7 +630,7 @@ AC_HEADER_DIRENT
+ AC_CHECK_HEADERS([arpa/nameser.h arpa/tftp.h fcntl.h features.h \
+ 		  glob.h memory.h netinet/ether.h netinet/in_systm.h \
+ 		  netinet/ip.h netinet/ip_icmp.h netinet/ip_var.h \
+-		  security/pam_appl.h shadow.h \
++		  shadow.h \
+ 		  stropts.h sys/tty.h \
+ 		  sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
+ 		  sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
new file mode 100644
index 0000000000..30e81ef450
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rexec.xinetd.inetutils
@@ -0,0 +1,20 @@
+# default: off
+# description:
+# Rexecd is the server for the rexec program. The server provides remote 
+# execution facilities with authentication based on user names and 
+# passwords.
+#
+service exec
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rexecd
+	disable		= yes
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
new file mode 100644
index 0000000000..21b55da9a9
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rlogin.xinetd.inetutils
@@ -0,0 +1,23 @@
+# default: off
+# description:
+# Rlogind is a server for the rlogin program. The server provides remote 
+# execution with authentication based on privileged port numbers from trusted
+# host
+#
+service login
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rlogind -a
+	disable		= yes
+}
+							
+							
+							
diff --git a/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
new file mode 100644
index 0000000000..2b894a74bd
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/rsh.xinetd.inetutils
@@ -0,0 +1,21 @@
+# default: off
+# description:
+# The rshd server is a server for the rcmd(3) routine and, 
+# consequently, for the rsh(1) program. The server provides 
+# remote execution facilities with authentication based on 
+# privileged port numbers from trusted hosts.
+#
+service shell
+{
+	socket_type	= stream
+	protocol	= tcp
+	flags		= NAMEINARGS
+	wait		= no
+	user		= root
+	group		= root
+	log_on_success	+= USERID
+	log_on_failure	+= USERID
+	server		= @SBINDIR@/tcpd
+	server_args	= @SBINDIR@/in.rshd -aL
+	disable		= yes
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
new file mode 100644
index 0000000000..2d9a0408c0
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/telnet.xinetd.inetutils
@@ -0,0 +1,13 @@
+# default: on
+# description: The telnet server serves telnet sessions; it uses \
+#       unencrypted username/password pairs for authentication.
+service telnet
+{
+	disable		= no
+	flags		= REUSE
+	socket_type	= stream
+	wait		= no
+	user		= root
+	server		= @SBINDIR@/in.telnetd
+	log_on_failure	+= USERID
+}
diff --git a/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
new file mode 100644
index 0000000000..67b44c43e8
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils/tftpd.xinetd.inetutils
@@ -0,0 +1,19 @@
+# default: off
+# description:
+# Tftpd is a server which supports the Internet Trivial File Transfer
+# Pro-tocol (RFC 783). The TFTP server operates at the port indicated
+# in the tftp service description; see services(5).
+#
+service tftp
+{
+        disable         = yes
+        socket_type     = dgram
+        protocol        = udp
+        flags           = IPv6
+        wait            = yes
+        user            = root
+        group           = root
+        server          = @SBINDIR@/in.tftpd
+        server_args     = /tftpboot
+}
+
diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.2.bb b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
new file mode 100644
index 0000000000..6c9a299b71
--- /dev/null
+++ b/meta/recipes-connectivity/inetutils/inetutils_2.2.bb
@@ -0,0 +1,211 @@
+DESCRIPTION = "The GNU inetutils are a collection of common \
+networking utilities and servers including ftp, ftpd, rcp, \
+rexec, rlogin, rlogind, rsh, rshd, syslog, syslogd, talk, \
+talkd, telnet, telnetd, tftp, tftpd, and uucpd."
+HOMEPAGE = "http://www.gnu.org/software/inetutils"
+SECTION = "net"
+DEPENDS = "ncurses netbase readline virtual/crypt"
+
+LICENSE = "GPL-3.0-only"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=0c7051aef9219dc7237f206c5c4179a7"
+
+SRC_URI[sha256sum] = "d547f69172df73afef691a0f7886280fd781acea28def4ff4b4b212086a89d80"
+SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
+           file://inetutils-1.8-0001-printf-parse-pull-in-features.h-for-__GLIBC__.patch \
+           file://inetutils-1.8-0003-wchar.patch \
+           file://rexec.xinetd.inetutils  \
+           file://rlogin.xinetd.inetutils \
+           file://rsh.xinetd.inetutils \
+           file://telnet.xinetd.inetutils \
+           file://tftpd.xinetd.inetutils \
+           file://inetutils-1.9-PATH_PROCNET_DEV.patch \
+           file://inetutils-only-check-pam_appl.h-when-pam-enabled.patch \
+"
+
+inherit autotools gettext update-alternatives texinfo
+
+acpaths = "-I ./m4"
+
+SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', '', 'file://fix-disable-ipv6.patch', d)}"
+
+PACKAGECONFIG ??= "ftp uucpd \
+                   ${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \
+                   ${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6 ping6', '', d)} \
+                  "
+PACKAGECONFIG[ftp] = "--enable-ftp,--disable-ftp,readline"
+PACKAGECONFIG[uucpd] = "--enable-uucpd,--disable-uucpd,readline"
+PACKAGECONFIG[pam] = "--with-pam,--without-pam,libpam"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6 gl_cv_socket_ipv6=no,"
+PACKAGECONFIG[ping6] = "--enable-ping6,--disable-ping6,"
+
+EXTRA_OECONF = "--with-ncurses-include-dir=${STAGING_INCDIR} \
+        inetutils_cv_path_login=${base_bindir}/login \
+        --with-libreadline-prefix=${STAGING_LIBDIR} \
+        --enable-rpath=no \
+"
+
+# These are horrible for security, disable them
+EXTRA_OECONF:append = " --disable-rsh --disable-rshd --disable-rcp \
+        --disable-rlogin --disable-rlogind --disable-rexec --disable-rexecd"
+
+do_configure:prepend () {
+    export HELP2MAN='true'
+    cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${S}/build-aux/config.rpath
+    install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.guess ${S}
+    install -m 0755 ${STAGING_DATADIR_NATIVE}/gnu-config/config.sub ${S}
+    rm -f ${S}/glob/configure*
+}
+
+do_install:append () {
+    install -m 0755 -d ${D}${base_sbindir}
+    install -m 0755 -d ${D}${sbindir}
+    install -m 0755 -d ${D}${sysconfdir}/xinetd.d
+    if [ "${base_bindir}" != "${bindir}" ] ; then
+         install -m 0755 -d ${D}${base_bindir}
+         mv ${D}${bindir}/ping* ${D}${base_bindir}/
+         mv ${D}${bindir}/hostname ${D}${base_bindir}/
+         mv ${D}${bindir}/dnsdomainname ${D}${base_bindir}/
+    fi
+    mv ${D}${bindir}/ifconfig ${D}${base_sbindir}/
+    mv ${D}${libexecdir}/syslogd ${D}${base_sbindir}/
+    mv ${D}${libexecdir}/tftpd ${D}${sbindir}/in.tftpd
+    mv ${D}${libexecdir}/telnetd ${D}${sbindir}/in.telnetd
+    if [ -e ${D}${libexecdir}/rexecd ]; then
+        mv ${D}${libexecdir}/rexecd ${D}${sbindir}/in.rexecd
+        cp ${WORKDIR}/rexec.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rexec
+    fi
+    if [ -e ${D}${libexecdir}/rlogind ]; then
+        mv ${D}${libexecdir}/rlogind ${D}${sbindir}/in.rlogind
+        cp ${WORKDIR}/rlogin.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rlogin
+    fi
+    if [ -e ${D}${libexecdir}/rshd ]; then
+        mv ${D}${libexecdir}/rshd ${D}${sbindir}/in.rshd
+        cp ${WORKDIR}/rsh.xinetd.inetutils ${D}/${sysconfdir}/xinetd.d/rsh
+    fi
+    if [ -e ${D}${libexecdir}/talkd ]; then
+        mv ${D}${libexecdir}/talkd ${D}${sbindir}/in.talkd
+    fi
+    mv ${D}${libexecdir}/uucpd ${D}${sbindir}/in.uucpd
+    mv ${D}${libexecdir}/* ${D}${bindir}/
+    cp ${WORKDIR}/telnet.xinetd.inetutils  ${D}/${sysconfdir}/xinetd.d/telnet
+    cp ${WORKDIR}/tftpd.xinetd.inetutils  ${D}/${sysconfdir}/xinetd.d/tftpd
+
+    sed -e 's,@SBINDIR@,${sbindir},g' -i ${D}/${sysconfdir}/xinetd.d/*
+    if [ -e ${D}${libdir}/charset.alias ]; then
+        rm -rf ${D}${libdir}/charset.alias
+    fi
+    rm -rf ${D}${libexecdir}/
+    # remove usr/lib if empty
+    rmdir ${D}${libdir} || true
+}
+
+PACKAGES =+ "${PN}-ping ${PN}-ping6 ${PN}-hostname ${PN}-ifconfig \
+${PN}-tftp ${PN}-logger ${PN}-traceroute ${PN}-syslogd \
+${PN}-ftp ${PN}-ftpd ${PN}-tftpd ${PN}-telnet ${PN}-telnetd ${PN}-inetd \
+${PN}-rsh ${PN}-rshd"
+
+# The packages tftpd, telnetd and rshd conflict with the ones
+# provided by netkit, so add the corresponding -dbg packages
+# for them to avoid the confliction between the dbg package
+# of inetutils and netkit.
+PACKAGES =+ "${PN}-tftpd-dbg ${PN}-telnetd-dbg ${PN}-rshd-dbg"
+NOAUTOPACKAGEDEBUG = "1"
+
+ALTERNATIVE_PRIORITY = "79"
+ALTERNATIVE:${PN} = "whois dnsdomainname"
+ALTERNATIVE_LINK_NAME[uucpd]  = "${sbindir}/in.uucpd"
+ALTERNATIVE_LINK_NAME[dnsdomainname]  = "${base_bindir}/dnsdomainname"
+
+ALTERNATIVE_PRIORITY_${PN}-logger = "60"
+ALTERNATIVE:${PN}-logger = "logger"
+ALTERNATIVE:${PN}-syslogd = "syslogd"
+ALTERNATIVE_LINK_NAME[syslogd]  = "${base_sbindir}/syslogd"
+
+ALTERNATIVE:${PN}-ftp = "ftp"
+ALTERNATIVE:${PN}-ftpd = "ftpd"
+ALTERNATIVE:${PN}-tftp = "tftp"
+ALTERNATIVE:${PN}-tftpd = "tftpd"
+ALTERNATIVE_LINK_NAME[tftpd] = "${sbindir}/tftpd"
+ALTERNATIVE_TARGET[tftpd]  = "${sbindir}/in.tftpd"
+
+ALTERNATIVE:${PN}-telnet = "telnet"
+ALTERNATIVE:${PN}-telnetd = "telnetd"
+ALTERNATIVE_LINK_NAME[telnetd] = "${sbindir}/telnetd"
+ALTERNATIVE_TARGET[telnetd] = "${sbindir}/in.telnetd"
+
+ALTERNATIVE:${PN}-inetd= "inetd"
+ALTERNATIVE:${PN}-traceroute = "traceroute"
+
+ALTERNATIVE:${PN}-hostname = "hostname"
+ALTERNATIVE_LINK_NAME[hostname]  = "${base_bindir}/hostname"
+
+ALTERNATIVE:${PN}-doc = "hostname.1 dnsdomainname.1 logger.1 syslogd.8 \
+                         tftpd.8 tftp.1 telnetd.8"
+ALTERNATIVE_LINK_NAME[hostname.1] = "${mandir}/man1/hostname.1"
+ALTERNATIVE_LINK_NAME[dnsdomainname.1] = "${mandir}/man1/dnsdomainname.1"
+ALTERNATIVE_LINK_NAME[logger.1] = "${mandir}/man1/logger.1"
+ALTERNATIVE_LINK_NAME[syslogd.8] = "${mandir}/man8/syslogd.8"
+ALTERNATIVE_LINK_NAME[telnetd.8] = "${mandir}/man8/telnetd.8"
+ALTERNATIVE_LINK_NAME[tftpd.8] = "${mandir}/man8/tftpd.8"
+ALTERNATIVE_LINK_NAME[tftp.1] = "${mandir}/man1/tftp.1"
+
+ALTERNATIVE:${PN}-ifconfig = "ifconfig"
+ALTERNATIVE_LINK_NAME[ifconfig]  = "${base_sbindir}/ifconfig"
+
+ALTERNATIVE:${PN}-ping = "ping"
+ALTERNATIVE_LINK_NAME[ping]   = "${base_bindir}/ping"
+
+ALTERNATIVE:${PN}-ping6 = "${@bb.utils.filter('PACKAGECONFIG', 'ping6', d)}"
+ALTERNATIVE_LINK_NAME[ping6]  = "${base_bindir}/ping6"
+
+
+FILES:${PN}-dbg += "${base_bindir}/.debug ${base_sbindir}/.debug ${bindir}/.debug ${sbindir}/.debug"
+FILES:${PN}-ping = "${base_bindir}/ping.${BPN}"
+FILES:${PN}-ping6 = "${base_bindir}/ping6.${BPN}"
+FILES:${PN}-hostname = "${base_bindir}/hostname.${BPN}"
+FILES:${PN}-ifconfig = "${base_sbindir}/ifconfig.${BPN}"
+FILES:${PN}-traceroute = "${bindir}/traceroute.${BPN}"
+FILES:${PN}-logger = "${bindir}/logger.${BPN}"
+
+FILES:${PN}-syslogd = "${base_sbindir}/syslogd.${BPN}"
+RCONFLICTS:${PN}-syslogd = "rsyslog busybox-syslog sysklogd syslog-ng"
+
+FILES:${PN}-ftp = "${bindir}/ftp.${BPN}"
+
+FILES:${PN}-tftp = "${bindir}/tftp.${BPN}"
+FILES:${PN}-telnet = "${bindir}/telnet.${BPN}"
+
+# We make us of RCONFLICTS / RPROVIDES here rather than using the normal
+# alternatives method as this leads to packaging QA issues when using
+# musl as that library does not provide what these applications need to
+# build.
+FILES:${PN}-rsh = "${bindir}/rsh ${bindir}/rlogin ${bindir}/rexec ${bindir}/rcp"
+RCONFLICTS:${PN}-rsh += "netkit-rsh-client"
+RPROVIDES:${PN}-rsh = "rsh"
+
+FILES:${PN}-rshd = "${sbindir}/in.rshd ${sbindir}/in.rlogind ${sbindir}/in.rexecd \
+                    ${sysconfdir}/xinetd.d/rsh ${sysconfdir}/xinetd.d/rlogin ${sysconfdir}/xinetd.d/rexec"
+FILES:${PN}-rshd-dbg = "${sbindir}/.debug/in.rshd ${sbindir}/.debug/in.rlogind ${sbindir}/.debug/in.rexecd"
+RDEPENDS:${PN}-rshd += "xinetd tcp-wrappers"
+RCONFLICTS:${PN}-rshd += "netkit-rshd-server"
+RPROVIDES:${PN}-rshd = "rshd"
+
+FILES:${PN}-ftpd = "${bindir}/ftpd.${BPN}"
+FILES:${PN}-ftpd-dbg = "${bindir}/.debug/ftpd.${BPN}"
+RDEPENDS:${PN}-ftpd += "xinetd"
+
+FILES:${PN}-tftpd = "${sbindir}/in.tftpd ${sysconfdir}/xinetd.d/tftpd"
+FILES:${PN}-tftpd-dbg = "${sbindir}/.debug/in.tftpd"
+RCONFLICTS:${PN}-tftpd += "netkit-tftpd"
+RDEPENDS:${PN}-tftpd += "xinetd"
+
+FILES:${PN}-telnetd = "${sbindir}/in.telnetd ${sysconfdir}/xinetd.d/telnet"
+FILES:${PN}-telnetd-dbg = "${sbindir}/.debug/in.telnetd"
+RCONFLICTS:${PN}-telnetd += "netkit-telnet"
+RPROVIDES:${PN}-telnetd = "telnetd"
+RDEPENDS:${PN}-telnetd += "xinetd"
+
+FILES:${PN}-inetd = "${bindir}/inetd.${BPN}"
+
+RDEPENDS:${PN} = "xinetd"
diff --git a/meta/recipes-connectivity/iproute2/iproute2.inc b/meta/recipes-connectivity/iproute2/iproute2.inc
index b283589063..b1bcc1434c 100644
--- a/meta/recipes-connectivity/iproute2/iproute2.inc
+++ b/meta/recipes-connectivity/iproute2/iproute2.inc
@@ -5,22 +5,34 @@ and tc are the most important.  ip controls IPv4 and IPv6 \
 configuration and tc stands for traffic control."
 HOMEPAGE = "http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2"
 SECTION = "base"
-LICENSE = "GPLv2+"
+LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
                     file://ip/ip.c;beginline=3;endline=8;md5=689d691d0410a4b64d3899f8d6e31817"
 
-DEPENDS = "flex-native bison-native iptables elfutils libcap"
+DEPENDS = "flex-native bison-native iptables libcap"
 
 inherit update-alternatives bash-completion pkgconfig
 
 CLEANBROKEN = "1"
 
-PACKAGECONFIG ??= "tipc"
+PACKAGECONFIG ??= "tipc elf devlink"
 PACKAGECONFIG[tipc] = ",,libmnl,"
+PACKAGECONFIG[elf] = ",,elfutils,"
+PACKAGECONFIG[devlink] = ",,libmnl,"
+PACKAGECONFIG[rdma] = ",,libmnl,"
 
-EXTRA_OEMAKE = "CC='${CC}' KERNEL_INCLUDE=${STAGING_INCDIR} DOCDIR=${docdir}/iproute2 SUBDIRS='lib tc ip bridge misc genl ${@bb.utils.contains('PACKAGECONFIG', 'tipc', 'tipc', '', d)}' SBINDIR='${base_sbindir}' LIBDIR='${libdir}'"
+IPROUTE2_MAKE_SUBDIRS = "lib tc ip bridge misc genl ${@bb.utils.filter('PACKAGECONFIG', 'devlink tipc rdma', d)}"
 
-do_configure_append () {
+EXTRA_OEMAKE = "\
+    CC='${CC}' \
+    KERNEL_INCLUDE=${STAGING_INCDIR} \
+    DOCDIR=${docdir}/iproute2 \
+    SUBDIRS='${IPROUTE2_MAKE_SUBDIRS}' \
+    SBINDIR='${base_sbindir}' \
+    LIBDIR='${libdir}' \
+"
+
+do_configure:append () {
     sh configure ${STAGING_INCDIR}
     # Explicitly disable ATM support
     sed -i -e '/TC_CONFIG_ATM/d' config.mk
@@ -35,20 +47,45 @@ do_install () {
 }
 
 # The .so files in iproute2-tc are modules, not traditional libraries
-INSANE_SKIP_${PN}-tc = "dev-so"
+INSANE_SKIP:${PN}-tc = "dev-so"
+
+IPROUTE2_PACKAGES =+ "\
+    ${PN}-devlink \
+    ${PN}-genl \
+    ${PN}-ifstat \
+    ${PN}-ip \
+    ${PN}-lnstat \
+    ${PN}-nstat \
+    ${PN}-rtacct \
+    ${PN}-ss \
+    ${PN}-tc \
+    ${PN}-tipc \
+    ${PN}-rdma \
+"
+
+PACKAGE_BEFORE_PN = "${IPROUTE2_PACKAGES}"
+RDEPENDS:${PN} += "${PN}-ip"
 
-PACKAGES =+ "${PN}-tc ${PN}-lnstat ${PN}-ifstat ${PN}-genl ${PN}-rtacct ${PN}-nstat ${PN}-ss ${@bb.utils.contains('PACKAGECONFIG', 'tipc', '${PN}-tipc', '', d)}"
-FILES_${PN}-tc = "${base_sbindir}/tc* \
+FILES:${PN}-tc = "${base_sbindir}/tc* \
                   ${libdir}/tc/*.so"
-FILES_${PN}-lnstat = "${base_sbindir}/lnstat ${base_sbindir}/ctstat ${base_sbindir}/rtstat"
-FILES_${PN}-ifstat = "${base_sbindir}/ifstat"
-FILES_${PN}-genl = "${base_sbindir}/genl"
-FILES_${PN}-rtacct = "${base_sbindir}/rtacct"
-FILES_${PN}-nstat = "${base_sbindir}/nstat"
-FILES_${PN}-ss = "${base_sbindir}/ss"
-FILES_${PN}-tipc = "${base_sbindir}/tipc"
-
-ALTERNATIVE_${PN} = "ip"
+FILES:${PN}-lnstat = "${base_sbindir}/lnstat \
+                      ${base_sbindir}/ctstat \
+                      ${base_sbindir}/rtstat"
+FILES:${PN}-ifstat = "${base_sbindir}/ifstat"
+FILES:${PN}-ip = "${base_sbindir}/ip.${PN} ${sysconfdir}/iproute2"
+FILES:${PN}-genl = "${base_sbindir}/genl"
+FILES:${PN}-rtacct = "${base_sbindir}/rtacct"
+FILES:${PN}-nstat = "${base_sbindir}/nstat"
+FILES:${PN}-ss = "${base_sbindir}/ss"
+FILES:${PN}-tipc = "${base_sbindir}/tipc"
+FILES:${PN}-devlink = "${base_sbindir}/devlink"
+FILES:${PN}-rdma = "${base_sbindir}/rdma"
+
+ALTERNATIVE:${PN}-ip = "ip"
 ALTERNATIVE_TARGET[ip] = "${base_sbindir}/ip.${BPN}"
 ALTERNATIVE_LINK_NAME[ip] = "${base_sbindir}/ip"
 ALTERNATIVE_PRIORITY = "100"
+
+ALTERNATIVE:${PN}-tc = "tc"
+ALTERNATIVE_LINK_NAME[tc] = "${base_sbindir}/tc"
+ALTERNATIVE_PRIORITY_${PN}-tc = "100"
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch
deleted file mode 100644
index a9027c5b58..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2/0001-ip-Remove-unneed-header.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 02ed10fc5215c4a32e6740b0a0c2439659be6801 Mon Sep 17 00:00:00 2001
-From: Changhyeok Bae <changhyeok.bae@gmail.com>
-Date: Mon, 13 Nov 2017 15:59:35 +0000
-Subject: [PATCH] ip: Remove unneed header
-
-Fix redefinition of struct ethhdr with a suitably patched musl libc
-that suppresses the kernel if_ether.h.
-
-Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
-
-Upstream-Status: Pending [netdev@vger.kernel.org]
----
- ip/iplink_bridge.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c
-index cccdec1..f065b22 100644
---- a/ip/iplink_bridge.c
-+++ b/ip/iplink_bridge.c
-@@ -13,7 +13,6 @@
- #include <stdlib.h>
- #include <string.h>
- #include <netinet/in.h>
--#include <netinet/ether.h>
- #include <linux/if_link.h>
- #include <linux/if_bridge.h>
- #include <net/if.h>
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-lib-fix-ax25.h-include-for-musl.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-lib-fix-ax25.h-include-for-musl.patch
new file mode 100644
index 0000000000..e4c0cf4aa5
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2/0001-lib-fix-ax25.h-include-for-musl.patch
@@ -0,0 +1,37 @@
+From 8bced38a941a181f1468fa39541e872e51b6022f Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Thu, 13 Jan 2022 08:14:13 +0000
+Subject: [PATCH] lib: fix ax25.h include for musl
+
+ax25.h isn't guaranteed to be avilable in netax25/*;
+it's dependent on our choice of libc (it's not available
+on musl at least) [0].
+
+Let's use the version from linux-headers.
+
+[0] https://sourceware.org/glibc/wiki/Synchronizing_Headers
+Bug: https://bugs.gentoo.org/831102
+
+Signed-off-by: Sam James <sam@gentoo.org>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=8bced38a941a181f1468fa39541e872e51b6022f]
+---
+ lib/ax25_ntop.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ax25_ntop.c b/lib/ax25_ntop.c
+index cfd0e04b..3a72a43e 100644
+--- a/lib/ax25_ntop.c
++++ b/lib/ax25_ntop.c
+@@ -2,7 +2,7 @@
+
+ #include <errno.h>
+ #include <sys/socket.h>
+-#include <netax25/ax25.h>
++#include <linux/ax25.h>
+
+ #include "utils.h"
+
+--
+2.32.0 (Apple Git-132)
diff --git a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
index 50c4bfb0f2..74e3de1ce9 100644
--- a/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
+++ b/meta/recipes-connectivity/iproute2/iproute2/0001-libc-compat.h-add-musl-workaround.patch
@@ -1,4 +1,4 @@
-From b7d96340c55afb7023ded0041107c63dbd886196 Mon Sep 17 00:00:00 2001
+From c25f8d1f7a6203dfeb10b39f80ffd314bb84a58d Mon Sep 17 00:00:00 2001
 From: Baruch Siach <baruch@tkos.co.il>
 Date: Thu, 22 Dec 2016 15:26:30 +0200
 Subject: [PATCH] libc-compat.h: add musl workaround
@@ -14,15 +14,16 @@ https://git.buildroot.net/buildroot/tree/package/iproute2/0001-Add-the-musl-work
 
 Signed-off-by: Baruch Siach <baruch@tkos.co.il>
 Signed-off-by: Maxin B. John <maxin.john@intel.com>
+
 ---
  include/uapi/linux/libc-compat.h | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)
 
 diff --git a/include/uapi/linux/libc-compat.h b/include/uapi/linux/libc-compat.h
-index f38571d..30f0b67 100644
+index a159991..22198fa 100644
 --- a/include/uapi/linux/libc-compat.h
 +++ b/include/uapi/linux/libc-compat.h
-@@ -49,10 +49,12 @@
+@@ -50,10 +50,12 @@
  #define _LIBC_COMPAT_H
  
  /* We have included glibc headers... */
@@ -36,6 +37,3 @@ index f38571d..30f0b67 100644
  
  /* GLIBC headers included first so don't define anything
   * that would already be defined. */
--- 
-2.4.0
-
diff --git a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch b/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
deleted file mode 100644
index 8b75a2ada4..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2/configure-cross.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 85b0589b4843c03e8e6fd9416d71ea449a73c5c0 Mon Sep 17 00:00:00 2001
-From: Koen Kooi <koen@dominion.thruhere.net>
-Date: Thu, 3 Nov 2011 10:46:16 +0100
-Subject: [PATCH] make configure cross compile safe
-
-According to Kevin Tian:
-Upstream-Status: Pending
-
-Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
-Signed-off-by: Shane Wang <shane.wang@intel.com>
-
-Index: iproute2-4.14.1/configure
-===================================================================
---- iproute2-4.14.1.orig/configure
-+++ iproute2-4.14.1/configure
-@@ -2,6 +2,7 @@
- # This is not an autoconf generated configure
- #
- INCLUDE=${1:-"$PWD/include"}
-+SYSROOT=$1
- 
- # Output file which is input to Makefile
- CONFIG=config.mk
-@@ -195,7 +196,7 @@ check_ipt_lib_dir()
- 		return
- 	fi
- 
--	for dir in /lib /usr/lib /usr/local/lib
-+	for dir in $SYSROOT/lib $SYSROOT/usr/lib $SYSROOT/usr/local/lib
- 	do
- 		for file in $dir/{xtables,iptables}/lib*t_*so ; do
- 			if [ -f $file ]; then
diff --git a/meta/recipes-connectivity/iproute2/iproute2_4.19.0.bb b/meta/recipes-connectivity/iproute2/iproute2_4.19.0.bb
deleted file mode 100644
index 6db4062d68..0000000000
--- a/meta/recipes-connectivity/iproute2/iproute2_4.19.0.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-require iproute2.inc
-
-SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
-           file://configure-cross.patch \
-           file://0001-libc-compat.h-add-musl-workaround.patch \
-           file://0001-ip-Remove-unneed-header.patch \
-          "
-
-SRC_URI[md5sum] = "67eeebacaac4515cab73dfd2fc796af3"
-SRC_URI[sha256sum] = "d9ec5ca1f47d8a85416fa26e7dc1cbf5d067640eb60e90bdc1c7e5bdc6a29984"
-
-# CFLAGS are computed in Makefile and reference CCOPTS
-#
-EXTRA_OEMAKE_append = " CCOPTS='${CFLAGS}'"
diff --git a/meta/recipes-connectivity/iproute2/iproute2_5.16.0.bb b/meta/recipes-connectivity/iproute2/iproute2_5.16.0.bb
new file mode 100644
index 0000000000..871f8d8fb7
--- /dev/null
+++ b/meta/recipes-connectivity/iproute2/iproute2_5.16.0.bb
@@ -0,0 +1,12 @@
+require iproute2.inc
+
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/net/${BPN}/${BP}.tar.xz \
+           file://0001-libc-compat.h-add-musl-workaround.patch \
+           file://0001-lib-fix-ax25.h-include-for-musl.patch \
+           "
+
+SRC_URI[sha256sum] = "c064b66f6b001c2a35aa5224b5b1ac8aa4bee104d7dce30d6f10a84cb8b01e2f"
+
+# CFLAGS are computed in Makefile and reference CCOPTS
+#
+EXTRA_OEMAKE:append = " CCOPTS='${CFLAGS}'"
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
deleted file mode 100755
index 6f29e9c6ed..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/init
+++ /dev/null
@@ -1,78 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides:          irda
-# Required-Start:    $network $remote_fs
-# Required-Stop:     $network $remote_fs
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: Infrared port support
-### END INIT INFO
-
-NAME="irattach"
-test -x "$IRDA_DAEMON" || IRDA_DAEMON=/usr/sbin/irattach
-test -z "$IRATTACH_PID" && IRATTACH_PID=/var/run/irattach.pid
-
-# Source function library.
-. /etc/init.d/functions
-
-module_id() {
-        awk 'BEGIN { FS=": " } /Hardware/ { print $2 } ' </proc/cpuinfo
-}
-
-if [ ! -f /etc/sysconfig/irda ]; then
-    case `module_id` in
-	"HP iPAQ H2200" | "HP iPAQ HX4700" | "HTC Universal")
-	    IRDA=yes
-	    DEVICE=/dev/ttyS2
-	    DONGLE=
-	    DISCOVERY=
-	    ;;
-	*)
-	    IRDA=yes
-	    DEVICE=/dev/ttyS1
-	    DONGLE=
-	    DISCOVERY=
-	    ;;
-    esac
-else
-    . /etc/sysconfig/irda
-fi
-
-# Check that irda is up.
-[ ${IRDA} = "no" ] && exit 0
-
-[ -f /usr/sbin/irattach ] || exit 0
-
-ARGS=
-if [ $DONGLE ]; then
-	ARGS="$ARGS -d $DONGLE"
-fi
-if [ "$DISCOVERY" = "yes" ];then
-	ARGS="$ARGS -s"
-fi
-
-case "$1" in
-  start)
-	echo -n "Starting IrDA: $NAME"
-	start-stop-daemon --start --quiet --exec "$IRDA_DAEMON" ${DEVICE} ${ARGS} --pidfile "$IRATTACH_PID"
-	sleep 1
-	[ -f /var/run/irattach.pid ] && echo " done" || echo " fail"
-	;;
-  stop)
-	echo "Stopping IrDA: $NAME"
-	start-stop-daemon --stop --quiet --exec "$IRDA_DAEMON" --pidfile "$IRATTACH_PID"
-	;;
-  restart|force-reload)
-	$0 stop
-	$0 start
-	;;
-  status)
-	status irattach
-	exit $?
-	;;
-  *)
-	N=/etc/init.d/$NAME
-	echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
-	exit 1
-	;;
-esac
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
deleted file mode 100644
index b246de8f5f..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/ldflags.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-Obey LDFLAGS
-
-Signed-off-by: Christopher Larson <chris_larson@mentor.com>
-Upstream-Status: Pending
-
-Index: irda-utils-0.9.18/findchip/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/findchip/Makefile
-+++ irda-utils-0.9.18/findchip/Makefile
-@@ -65,5 +65,5 @@ install: findchip
- 
- gfindchip: gfindchip.c 
- 	$(prn_cc)
--	$(ECMD))$(CC) $(CFLAGS) `gtk-config --cflags`  $< -o $@ `gtk-config --libs`
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `gtk-config --cflags`  $< -o $@ `gtk-config --libs`
- 
-Index: irda-utils-0.9.18/irattach/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/irattach/Makefile
-+++ irda-utils-0.9.18/irattach/Makefile
-@@ -49,13 +49,13 @@ all: $(TARGETS)
- 
- irattach: irattach.o util.o
- 	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) irattach.o util.o -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) irattach.o util.o -o $@
- 
- 
- 
- dongle_attach: dongle_attach.o
- 	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) dongle_attach.o -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) dongle_attach.o -o $@
- 
- 
- install: $(TARGETS)
-Index: irda-utils-0.9.18/irdadump/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/irdadump/Makefile
-+++ irda-utils-0.9.18/irdadump/Makefile
-@@ -40,7 +40,7 @@ lib_irdadump.a: $(LIBIRDADUMP_OBJS)
- 
- irdadump: $(IRDADUMP_OBJS) $(LIBIRDADUMP_TARGET)
- 	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) `pkg-config --libs glib-2.0` -o  $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) `pkg-config --libs glib-2.0` -o  $(IRDADUMP_TARGET) $< $(LIBIRDADUMP_TARGET)
- 
- 
- .c.o:
-Index: irda-utils-0.9.18/irdaping/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/irdaping/Makefile
-+++ irda-utils-0.9.18/irdaping/Makefile
-@@ -56,7 +56,7 @@ all: $(TARGETS)
- 
- irdaping: $(OBJS)
- 	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
- 
- 
- .c.o:
-Index: irda-utils-0.9.18/irnetd/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/irnetd/Makefile
-+++ irda-utils-0.9.18/irnetd/Makefile
-@@ -50,7 +50,7 @@ all: $(TARGETS)
- 
- irnetd: $(OBJS)
- 	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(OBJS) -o $@
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $@
- 
- 
- install: irnetd
-Index: irda-utils-0.9.18/psion/Makefile
-===================================================================
---- irda-utils-0.9.18.orig/psion/Makefile
-+++ irda-utils-0.9.18/psion/Makefile
-@@ -25,4 +25,4 @@ install: $(PSION_TARGETS)
- CFLAGS += -g -I../include -Wall -Wstrict-prototypes $(RPM_OPT_FLAGS)
- irpsion5: 
- 	$(prn_cc_o)
--	$(ECMD)$(CC) $(CFLAGS) $(PSION_SRC) -o $@
-\ No newline at end of file
-+	$(ECMD)$(CC) $(CFLAGS) $(LDFLAGS) $(PSION_SRC) -o $@
-\ No newline at end of file
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch b/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch
deleted file mode 100644
index 97eb975023..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils-0.9.18/musl.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Replace use of <net/if_packet.h> with <linux/if_packet.h>.
-
-kernel headers <linux/if_packet.h> already provides the
-needed definitions, moreover not all libc implementations
-provide if_packet.h e.g. musl
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-Upstream-Status: Pending
-
-Index: irda-utils-0.9.18/irdaping/irdaping.c
-===================================================================
---- irda-utils-0.9.18.orig/irdaping/irdaping.c
-+++ irda-utils-0.9.18/irdaping/irdaping.c
-@@ -33,7 +33,6 @@
- #include <sys/socket.h>
- #include <sys/ioctl.h>
- #include <net/if.h>		/* For struct ifreq */
--#include <net/if_packet.h>	/* For struct sockaddr_pkt */
- #include <net/if_arp.h>		/* For ARPHRD_IRDA */
- #include <netinet/if_ether.h>	/* For ETH_P_ALL */
- #include <netinet/in.h>		/* For htons */
-@@ -46,6 +45,7 @@
- #include <asm/byteorder.h>	/* __cpu_to_le32 and co. */
- 
- #include <linux/types.h>	/* For __u8 and co. */
-+#include <linux/if_packet.h>	/* For struct sockaddr_pkt */
- #include <irda.h>
- 
- #ifndef AF_IRDA
diff --git a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb b/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
deleted file mode 100644
index 11b2ee9117..0000000000
--- a/meta/recipes-connectivity/irda-utils/irda-utils_0.9.18.bb
+++ /dev/null
@@ -1,51 +0,0 @@
-SUMMARY = "Common files for IrDA"
-DESCRIPTION = "Provides common files needed to use IrDA. \
-IrDA allows communication over Infrared with other devices \
-such as phones and laptops."
-HOMEPAGE = "http://irda.sourceforge.net/"
-BUGTRACKER = "http://sourceforge.net/p/irda/bugs/"
-SECTION = "base"
-LICENSE = "GPLv2+"
-LIC_FILES_CHKSUM = "file://irdadump/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-                    file://smcinit/COPYING;md5=0636e73ff0215e8d672dc4c32c317bb3 \
-                    file://man/COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
-                    file://irdadump/irdadump.c;beginline=1;endline=24;md5=d78b9dce3cd78c2220250c9c7a2be178"
-
-SRC_URI = "${SOURCEFORGE_MIRROR}/irda/irda-utils-${PV}.tar.gz \
-           file://ldflags.patch \
-           file://musl.patch \
-           file://init"
-
-SRC_URI[md5sum] = "84dc12aa4c3f61fccb8d8919bf4079bb"
-SRC_URI[sha256sum] = "61980551e46b2eaa9e17ad31cbc1a638074611fc33bff34163d10c7a67a9fdc6"
-
-inherit update-rc.d
-
-EXTRA_OEMAKE = "\
-    'CC=${CC}' \
-    'LD=${LD}' \
-    'CFLAGS=${CFLAGS}' \
-    'LDFLAGS=${LDFLAGS}' \
-    'SYS_INCLUDES=' \
-    'V=1' \
-"
-
-INITSCRIPT_NAME = "irattach"
-INITSCRIPT_PARAMS = "defaults 20"
-
-TARGETS ??= "irattach irdaping"
-do_compile () {
-	for t in ${TARGETS}; do
-		oe_runmake -C $t
-	done
-}
-
-do_install () {
-	install -d ${D}${sbindir}
-	for t in ${TARGETS}; do
-		oe_runmake -C $t ROOT="${D}" install
-	done
-
-	install -d ${D}${sysconfdir}/init.d
-	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/${INITSCRIPT_NAME}
-}
diff --git a/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch b/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch
deleted file mode 100644
index 8cf8f7ab38..0000000000
--- a/meta/recipes-connectivity/iw/iw/0001-connect-fix-parsing-of-WEP-keys.patch
+++ /dev/null
@@ -1,194 +0,0 @@
-From 2a6be4166fd718be0694fe8a6e3f1013c125dee2 Mon Sep 17 00:00:00 2001
-From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Date: Tue, 12 Jun 2018 09:01:56 +0300
-Subject: [PATCH] connect: fix parsing of WEP keys
-
-The introduction of MFP options added a bug that causes a
-segmentation fault when parsing WEP keys.
-Fix that.
-
-Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-
-Upstream-Status: Backport
-[https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=0e39f109c4b8155697a12ef090b59cdb304c8c44]
-Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
----
- ap.c      |  2 +-
- connect.c |  7 ++-----
- ibss.c    |  2 +-
- iw.h      |  3 ++-
- util.c    | 36 ++++++++++++++++++------------------
- 5 files changed, 24 insertions(+), 26 deletions(-)
-
-diff --git a/ap.c b/ap.c
-index 4bab5b9..dcce402 100644
---- a/ap.c
-+++ b/ap.c
-@@ -116,7 +116,7 @@ static int handle_start_ap(struct nl80211_state *state,
- 	argv++;
- 	argc--;
- 
--	return parse_keys(msg, argv, argc);
-+	return parse_keys(msg, &argv, &argc);
-  nla_put_failure:
- 	return -ENOSPC;
- }
-diff --git a/connect.c b/connect.c
-index 339fc73..4a847a1 100644
---- a/connect.c
-+++ b/connect.c
-@@ -54,13 +54,10 @@ static int iw_conn(struct nl80211_state *state,
- 	argv++;
- 	argc--;
- 
--	ret = parse_keys(msg, argv, argc);
-+	ret = parse_keys(msg, &argv, &argc);
- 	if (ret)
- 		return ret;
- 
--	argc -= 4;
--	argv += 4;
--
- 	if (!argc)
- 		return 0;
- 
-@@ -228,7 +225,7 @@ static int iw_auth(struct nl80211_state *state,
- 	argv++;
- 	argc--;
- 
--	return parse_keys(msg, argv, argc);
-+	return parse_keys(msg, &argv, &argc);
-  nla_put_failure:
- 	return -ENOSPC;
- }
-diff --git a/ibss.c b/ibss.c
-index 84f1e95..d77fc92 100644
---- a/ibss.c
-+++ b/ibss.c
-@@ -115,7 +115,7 @@ static int join_ibss(struct nl80211_state *state,
- 	argv++;
- 	argc--;
- 
--	return parse_keys(msg, argv, argc);
-+	return parse_keys(msg, &argv, &argc);
-  nla_put_failure:
- 	return -ENOSPC;
- }
-diff --git a/iw.h b/iw.h
-index ee7ca20..8767ed3 100644
---- a/iw.h
-+++ b/iw.h
-@@ -180,7 +180,8 @@ int parse_hex_mask(char *hexmask, unsigned char **result, size_t *result_len,
- 		   unsigned char **mask);
- unsigned char *parse_hex(char *hex, size_t *outlen);
- 
--int parse_keys(struct nl_msg *msg, char **argv, int argc);
-+
-+int parse_keys(struct nl_msg *msg, char **argv[], int *argc);
- int parse_freqchan(struct chandef *chandef, bool chan, int argc, char **argv, int *parsed);
- enum nl80211_chan_width str_to_bw(const char *str);
- int put_chandef(struct nl_msg *msg, struct chandef *chandef);
-diff --git a/util.c b/util.c
-index 6e0ddff..122c019 100644
---- a/util.c
-+++ b/util.c
-@@ -417,23 +417,23 @@ static int parse_cipher_suite(const char *cipher_str)
- 	return -EINVAL;
- }
- 
--int parse_keys(struct nl_msg *msg, char **argv, int argc)
-+int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
- {
- 	struct nlattr *keys;
- 	int i = 0;
- 	bool have_default = false;
--	char *arg = *argv;
-+	char *arg = **argv;
- 	char keybuf[13];
- 	int pos = 0;
- 
--	if (!argc)
-+	if (!*argc)
- 		return 1;
- 
- 	if (!memcmp(&arg[pos], "psk", 3)) {
- 		char psk_keybuf[32];
- 		int cipher_suite, akm_suite;
- 
--		if (argc < 4)
-+		if (*argc < 4)
- 			goto explain;
- 
- 		pos+=3;
-@@ -451,9 +451,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
- 		NLA_PUT(msg, NL80211_ATTR_PMK, 32, psk_keybuf);
- 		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_OPEN_SYSTEM);
- 
--		argv++;
--		argc--;
--		arg = *argv;
-+		*argv += 1;
-+		*argc -= 1;
-+		arg = **argv;
- 
- 		akm_suite = parse_akm_suite(arg);
- 		if (akm_suite < 0)
-@@ -461,9 +461,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
- 
- 		NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, akm_suite);
- 
--		argv++;
--		argc--;
--		arg = *argv;
-+		*argv += 1;
-+		*argc -= 1;
-+		arg = **argv;
- 
- 		cipher_suite = parse_cipher_suite(arg);
- 		if (cipher_suite < 0)
-@@ -471,9 +471,9 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
- 
- 		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, cipher_suite);
- 
--		argv++;
--		argc--;
--		arg = *argv;
-+		*argv += 1;
-+		*argc -= 1;
-+		arg = **argv;
- 
- 		cipher_suite = parse_cipher_suite(arg);
- 		if (cipher_suite < 0)
-@@ -495,7 +495,7 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
- 		struct nlattr *key = nla_nest_start(msg, ++i);
- 		char *keydata;
- 
--		arg = *argv;
-+		arg = **argv;
- 		pos = 0;
- 
- 		if (!key)
-@@ -537,15 +537,15 @@ int parse_keys(struct nl_msg *msg, char **argv, int argc)
- 
- 		NLA_PUT(msg, NL80211_KEY_DATA, keylen, keydata);
- 
--		argv++;
--		argc--;
-+		*argv += 1;
-+		*argc -= 1;
- 
- 		/* one key should be TX key */
--		if (!have_default && !argc)
-+		if (!have_default && !*argc)
- 			NLA_PUT_FLAG(msg, NL80211_KEY_DEFAULT);
- 
- 		nla_nest_end(msg, key);
--	} while (argc);
-+	} while (*argc);
- 
- 	nla_nest_end(msg, keys);
- 
--- 
-2.17.1
-
diff --git a/meta/recipes-connectivity/iw/iw/separate-objdir.patch b/meta/recipes-connectivity/iw/iw/separate-objdir.patch
index 0ea6a52789..179fd90124 100644
--- a/meta/recipes-connectivity/iw/iw/separate-objdir.patch
+++ b/meta/recipes-connectivity/iw/iw/separate-objdir.patch
@@ -1,3 +1,6 @@
+From ff9f0a631c99fb6e2677c02bf572a5e69c70f5cf Mon Sep 17 00:00:00 2001
+From: Changhyeok Bae <changhyeok.bae@gmail.com>
+Date: Mon, 27 Jan 2020 22:48:03 +0100
 Subject: [PATCH] Support separation of SRCDIR and OBJDIR
 
 Typical use of VPATH to locate the sources.
@@ -7,29 +10,41 @@ Upstream-Status: Pending
 Signed-off-by: Christopher Larson <chris_larson@mentor.com>
 Signed-off-by: Maxin B. John <maxin.john@intel.com>
 ---
-diff -Naur iw-4.3-origin/Makefile iw-4.3/Makefile
---- iw-4.3-origin/Makefile	2015-11-20 16:37:58.752077287 +0200
-+++ iw-4.3/Makefile	2015-11-20 16:57:15.510615815 +0200
-@@ -1,5 +1,7 @@
+ Makefile | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 90f2251..714cdb9 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,5 +1,9 @@
  MAKEFLAGS += --no-print-directory
--
+ 
 +SRCDIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
 +OBJDIR ?= $(PWD)
 +VPATH = $(SRCDIR)
++
  PREFIX ?= /usr
  SBINDIR ?= $(PREFIX)/sbin
  MANDIR ?= $(PREFIX)/share/man
-@@ -95,11 +97,11 @@
+@@ -92,7 +96,7 @@ all: $(ALL)
  version.c: version.sh $(patsubst %.o,%.c,$(VERSION_OBJS)) nl80211.h iw.h Makefile \
  		$(wildcard .git/index .git/refs/tags)
  	@$(NQ) ' GEN ' $@
 -	$(Q)./version.sh $@
 +	$(Q)cd $(SRCDIR) && ./version.sh $(OBJDIR)/$@
  
- %.o: %.c iw.h nl80211.h
+ nl80211-commands.inc: nl80211.h
+ 	@$(NQ) ' GEN ' $@
+@@ -100,7 +104,7 @@ nl80211-commands.inc: nl80211.h
+ 
+ %.o: %.c iw.h nl80211.h nl80211-commands.inc
  	@$(NQ) ' CC  ' $@
--	$(Q)$(CC) $(CFLAGS) -c -o $@ $<
-+	$(Q)$(CC) -I$(SRCDIR) $(CFLAGS) -c -o $@ $<
+-	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
++	$(Q)$(CC) -I$(SRCDIR) $(CFLAGS) $(CPPFLAGS) -c -o $@ $<
  
  ifeq ($(IW_ANDROID_BUILD),)
  iw:	$(OBJS)
+-- 
+2.23.0
+
diff --git a/meta/recipes-connectivity/iw/iw_4.14.bb b/meta/recipes-connectivity/iw/iw_5.16.bb
index f414a4b1dc..cf176a349f 100644
--- a/meta/recipes-connectivity/iw/iw_4.14.bb
+++ b/meta/recipes-connectivity/iw/iw_5.16.bb
@@ -2,9 +2,9 @@ SUMMARY = "nl80211 based CLI configuration utility for wireless devices"
 DESCRIPTION = "iw is a new nl80211 based CLI configuration utility for \
 wireless devices. It supports almost all new drivers that have been added \
 to the kernel recently. "
-HOMEPAGE = "http://wireless.kernel.org/en/users/Documentation/iw"
+HOMEPAGE = "https://wireless.wiki.kernel.org/en/users/documentation/iw"
 SECTION = "base"
-LICENSE = "BSD"
+LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=878618a5c4af25e9b93ef0be1a93f774"
 
 DEPENDS = "libnl"
@@ -12,11 +12,9 @@ DEPENDS = "libnl"
 SRC_URI = "http://www.kernel.org/pub/software/network/iw/${BP}.tar.gz \
            file://0001-iw-version.sh-don-t-use-git-describe-for-versioning.patch \
            file://separate-objdir.patch \
-           file://0001-connect-fix-parsing-of-WEP-keys.patch \
 "
 
-SRC_URI[md5sum] = "2067516ca9940fdb8c091ee3250da374"
-SRC_URI[sha256sum] = "a0c3aad6ff52234d03a2522ba2eba570e36abb3e60dc29bf0b1ce88dd725d6d4"
+SRC_URI[sha256sum] = "9c91f2560b258d9660e656ad37fa5bd100ac255865dcfb26076a576b10d8f3a7"
 
 inherit pkgconfig
 
@@ -27,7 +25,6 @@ EXTRA_OEMAKE = "\
     'SBINDIR=${sbindir}' \
     'MANDIR=${mandir}' \
 "
-B = "${WORKDIR}/build"
 
 do_install() {
     oe_runmake 'DESTDIR=${D}' install
diff --git a/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch
new file mode 100644
index 0000000000..94fbd12737
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch
@@ -0,0 +1,28 @@
+From 841924e1fe8db2bff3eab8d37634ef08f86c00ec Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Tue, 10 Nov 2020 15:57:03 +0000
+Subject: [PATCH] src/lib/log/logger_unittest_support.cc: do not write build
+ path into binary
+
+This breaks reproducibility and is needed only in unit testing.
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
+---
+ src/lib/log/logger_unittest_support.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/log/logger_unittest_support.cc b/src/lib/log/logger_unittest_support.cc
+index fc01c6e..f46d17e 100644
+--- a/src/lib/log/logger_unittest_support.cc
++++ b/src/lib/log/logger_unittest_support.cc
+@@ -84,7 +84,7 @@ void initLogger(isc::log::Severity severity, int dbglevel) {
+     const char* localfile = getenv("KEA_LOGGER_LOCALMSG");
+ 
+     // Set a directory for creating lockfiles when running tests
+-    setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0);
++    //setenv("KEA_LOCKFILE_DIR", TOP_BUILDDIR, 0);
+ 
+     // Initialize logging
+     initLogger(root, severity, dbglevel, localfile);
diff --git a/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
new file mode 100644
index 0000000000..78f475a495
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/fix-multilib-conflict.patch
@@ -0,0 +1,58 @@
+From d027b1d85a8c1a0193b6e4a00083d3038d699a59 Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Tue, 22 Sep 2020 15:02:33 +0800
+Subject: [PATCH] There are conflict of config files between kea and lib32-kea:
+
+| Error: Transaction test error:
+|  file /etc/kea/kea-ctrl-agent.conf conflicts between attempted installs of
+     lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64
+|  file /etc/kea/kea-dhcp4.conf conflicts between attempted installs of
+     lib32-kea-1.7.10-r0.core2_32 and kea-1.7.10-r0.core2_64
+
+Because they are all commented out, replace the expanded libdir path with
+'$libdir' in the config files to avoid conflict.
+
+Upstream-Status: Pending
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+---
+ src/bin/keactrl/kea-ctrl-agent.conf.pre | 3 ++-
+ src/bin/keactrl/kea-dhcp4.conf.pre      | 4 ++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/bin/keactrl/kea-ctrl-agent.conf.pre b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+index e6ae8b8..50a3092 100644
+--- a/src/bin/keactrl/kea-ctrl-agent.conf.pre
++++ b/src/bin/keactrl/kea-ctrl-agent.conf.pre
+@@ -51,7 +51,8 @@
+     // Agent will fail to start.
+     "hooks-libraries": [
+ //  {
+-//      "library": "@libdir@/kea/hooks/control-agent-commands.so",
++//      // Replace $libdir with real library path /usr/lib or /usr/lib64
++//      "library": "$libdir/kea/hooks/control-agent-commands.so",
+ //      "parameters": {
+ //          "param1": "foo"
+ //      }
+diff --git a/src/bin/keactrl/kea-dhcp4.conf.pre b/src/bin/keactrl/kea-dhcp4.conf.pre
+index 26bf163..49ddb0a 100644
+--- a/src/bin/keactrl/kea-dhcp4.conf.pre
++++ b/src/bin/keactrl/kea-dhcp4.conf.pre
+@@ -252,7 +252,7 @@
+     //       // of all devices serviced by Kea, including their identifiers
+     //       // (like MAC address), their location in the network, times
+     //       // when they were active etc.
+-    //       "library": "@libdir@/kea/hooks/libdhcp_legal_log.so",
++    //       "library": "$libdir/kea/hooks/libdhcp_legal_log.so",
+     //       "parameters": {
+     //           "path": "/var/lib/kea",
+     //           "base-name": "kea-forensic4"
+@@ -269,7 +269,7 @@
+     //       // of specific options or perhaps even a combination of several
+     //       // options and fields to uniquely identify a client. Those scenarios
+     //       // are addressed by the Flexible Identifiers hook application.
+-    //       "library": "@libdir@/kea/hooks/libdhcp_flex_id.so",
++    //       "library": "$libdir/kea/hooks/libdhcp_flex_id.so",
+     //       "parameters": {
+     //           "identifier-expression": "relay4[2].hex"
+     //       }
diff --git a/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
new file mode 100644
index 0000000000..b7c2fd4f0d
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/fix_pid_keactrl.patch
@@ -0,0 +1,29 @@
+From 18f4f6206c248d6169aa67b3ecf16bf54e9292e8 Mon Sep 17 00:00:00 2001
+From: Armin kuster <akuster808@gmail.com>
+Date: Wed, 14 Oct 2020 22:48:31 -0700
+Subject: [PATCH] Busybox does not support ps -p so use pgrep
+
+Upstream-Status: Inappropriate [embedded specific]
+Based on changes from Diego Sueiro <Diego.Sueiro@arm.com>
+
+Signed-off-by: Armin kuster <akuster808@gmail.com>
+
+---
+ src/bin/keactrl/keactrl.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/bin/keactrl/keactrl.in b/src/bin/keactrl/keactrl.in
+index ae5bd8e..e9f9b73 100644
+--- a/src/bin/keactrl/keactrl.in
++++ b/src/bin/keactrl/keactrl.in
+@@ -151,8 +151,8 @@ check_running() {
+     # Get the PID from the PID file (if it exists)
+     get_pid_from_file "${proc_name}"
+     if [ ${_pid} -gt 0 ]; then
+-        # Use ps to check if PID is alive
+-        if ps -p ${_pid} 1>/dev/null; then
++        # Use pgrep and grep to check if PID is alive
++        if pgrep -v 1 | grep ${_pid} 1>/dev/null; then
+             # No error, so PID IS ALIVE
+             _running=1
+         fi
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server
new file mode 100644
index 0000000000..50fe40d439
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns-server
@@ -0,0 +1,46 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          kea-dhcp-ddns-server
+# Required-Start:    $local_fs $network $remote_fs $syslog
+# Required-Stop:     $local_fs $network $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: ISC KEA DHCP IPv6 Server
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp-ddns-server"
+NAME=kea-dhcp-ddns
+DAEMON=/usr/sbin/keactrl
+DAEMON_ARGS=" -s dhcp_ddns"
+
+set -e
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Source function library.
+. /etc/init.d/functions
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
+        echo "done."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        kpid=`pidof $NAME`
+        kill $kpid
+        echo "done."
+        ;;
+  restart|force-reload)
+        #
+        $0 stop
+        $0 start
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
new file mode 100644
index 0000000000..91aa2eb14f
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCP-DDNS Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/kea
+ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4-server b/meta/recipes-connectivity/kea/files/kea-dhcp4-server
new file mode 100644
index 0000000000..e83e51025d
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp4-server
@@ -0,0 +1,46 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          kea-dhcp4-server
+# Required-Start:    $local_fs $network $remote_fs $syslog
+# Required-Stop:     $local_fs $network $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: ISC KEA DHCP IPv6 Server
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp4-server"
+NAME=kea-dhcp4
+DAEMON=/usr/sbin/keactrl
+DAEMON_ARGS=" -s dhcp4"
+
+set -e
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Source function library.
+. /etc/init.d/functions
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
+        echo "done."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        kpid=`pidof $NAME`
+        kill $kpid
+        echo "done."
+        ;;
+  restart|force-reload)
+        #
+        $0 stop
+        $0 start
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
new file mode 100644
index 0000000000..b851ea71c5
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCPv4 Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
+ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6-server b/meta/recipes-connectivity/kea/files/kea-dhcp6-server
new file mode 100644
index 0000000000..10f2d22641
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp6-server
@@ -0,0 +1,47 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          kea-dhcp6-server
+# Required-Start:    $local_fs $network $remote_fs $syslog
+# Required-Stop:     $local_fs $network $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: ISC KEA DHCP IPv6 Server
+### END INIT INFO
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="kea-dhcp6-server"
+NAME=kea-dhcp6
+DAEMON=/usr/sbin/keactrl
+DAEMON_ARGS=" -s dhcp6"
+
+set -e
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Source function library.
+. /etc/init.d/functions
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon -S -b -n $NAME -x $DAEMON -- start $DAEMON_ARGS
+        echo "done."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        kpid=`pidof $NAME`
+        kill $kpid
+        echo "done."
+        ;;
+  restart|force-reload)
+        #
+        $0 stop
+        $0 start
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
new file mode 100644
index 0000000000..0f9f0ef8d9
--- /dev/null
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kea DHCPv6 Server
+Wants=network-online.target
+After=network-online.target
+After=time-sync.target
+
+[Service]
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
+ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/kea/kea_2.0.2.bb b/meta/recipes-connectivity/kea/kea_2.0.2.bb
new file mode 100644
index 0000000000..13da1f858d
--- /dev/null
+++ b/meta/recipes-connectivity/kea/kea_2.0.2.bb
@@ -0,0 +1,77 @@
+SUMMARY = "ISC Kea DHCP Server"
+DESCRIPTION = "Kea is the next generation of DHCP software developed by ISC. It supports both DHCPv4 and DHCPv6 protocols along with their extensions, e.g. prefix delegation and dynamic updates to DNS."
+HOMEPAGE = "http://kea.isc.org"
+SECTION = "connectivity"
+LICENSE = "MPL-2.0 & Apache-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b4ecee995eeb6780a17dd7e539e97abc"
+
+DEPENDS = "boost log4cplus openssl"
+
+SRC_URI = "http://ftp.isc.org/isc/kea/${PV}/${BP}.tar.gz \
+           file://kea-dhcp4.service \
+           file://kea-dhcp6.service \
+           file://kea-dhcp-ddns.service \
+           file://kea-dhcp4-server \
+           file://kea-dhcp6-server \
+           file://kea-dhcp-ddns-server \
+           file://fix-multilib-conflict.patch \
+           file://fix_pid_keactrl.patch \
+           file://0001-src-lib-log-logger_unittest_support.cc-do-not-write-.patch \
+           "
+SRC_URI[sha256sum] = "8d28213bdc8e2bb870a383b30ac1e53d54e1eba43d2f86e5151b08b66aa6cf32"
+
+inherit autotools systemd update-rc.d upstream-version-is-even
+
+INITSCRIPT_NAME = "kea-dhcp4-server"
+INITSCRIPT_PARAMS = "defaults 30"
+
+SYSTEMD_SERVICE:${PN} = "kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service"
+SYSTEMD_AUTO_ENABLE = "disable"
+
+DEBUG_OPTIMIZATION:remove:mips = " -Og"
+DEBUG_OPTIMIZATION:append:mips = " -O"
+BUILD_OPTIMIZATION:remove:mips = " -Og"
+BUILD_OPTIMIZATION:append:mips = " -O"
+
+DEBUG_OPTIMIZATION:remove:mipsel = " -Og"
+DEBUG_OPTIMIZATION:append:mipsel = " -O"
+BUILD_OPTIMIZATION:remove:mipsel = " -Og"
+BUILD_OPTIMIZATION:append:mipsel = " -O"
+
+EXTRA_OECONF = "--with-boost-libs=-lboost_system \
+                --with-log4cplus=${STAGING_DIR_TARGET}${prefix} \
+                --with-openssl=${STAGING_DIR_TARGET}${prefix}"
+
+do_configure:prepend() {
+    # replace abs_top_builddir to avoid introducing the build path
+    # don't expand the abs_top_builddir on the target as the abs_top_builddir is meanlingless on the target
+    find ${S} -type f -name *.sh.in | xargs sed -i  "s:@abs_top_builddir@:@abs_top_builddir_placeholder@:g"
+    sed -i "s:@abs_top_srcdir@:@abs_top_srcdir_placeholder@:g" ${S}/src/bin/admin/kea-admin.in
+}
+
+# patch out build host paths for reproducibility
+do_compile:prepend:class-target() {
+        sed -i -e "s,${WORKDIR},,g" ${B}/config.report
+}
+
+do_install:append() {
+    install -d ${D}${sysconfdir}/init.d
+    install -d ${D}${systemd_system_unitdir}
+
+    install -m 0644 ${WORKDIR}/kea-dhcp*service ${D}${systemd_system_unitdir}
+    install -m 0755 ${WORKDIR}/kea-*-server ${D}${sysconfdir}/init.d
+    sed -i -e 's,@SBINDIR@,${sbindir},g' -e 's,@BASE_BINDIR@,${base_bindir},g' \
+           -e 's,@LOCALSTATEDIR@,${localstatedir},g' -e 's,@SYSCONFDIR@,${sysconfdir},g' \
+           ${D}${systemd_system_unitdir}/kea-dhcp*service ${D}${sbindir}/keactrl
+}
+
+do_install:append() {
+    rm -rf "${D}${localstatedir}"
+}
+
+CONFFILES:${PN} = "${sysconfdir}/kea/keactrl.conf"
+
+FILES:${PN}-staticdev += "${libdir}/kea/hooks/*.a ${libdir}/hooks/*.a"
+FILES:${PN} += "${libdir}/hooks/*.so"
+
+PARALLEL_MAKEINST = ""
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch b/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch
deleted file mode 100644
index f63eb90cdc..0000000000
--- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns/0001-check-for-nss.h.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From bdf01a581d58eb5340e9238d143dbcac9db5b11c Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 30 Jan 2016 19:29:45 +0000
-Subject: [PATCH] check for nss.h
-
-nss.h may not available on all libc implementations, e.g. musl does not
-have this header, this patch detects nss.h presence and defines the data
-types that are required if nss.h is missing on platform
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- configure.ac |  2 +-
- src/nss.c    | 11 +++++++++++
- 2 files changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index aa66bc6..ce19b07 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -71,7 +71,7 @@ AC_PROG_LIBTOOL
- 
- # Checks for header files.
- AC_HEADER_STDC
--AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h])
-+AC_CHECK_HEADERS([arpa/inet.h fcntl.h inttypes.h netdb.h netinet/in.h stdlib.h string.h sys/socket.h sys/time.h unistd.h nss.h sys/ioctl.h nss.h])
- 
- # Checks for typedefs, structures, and compiler characteristics.
- AC_C_CONST
-diff --git a/src/nss.c b/src/nss.c
-index e48e315..406733b 100644
---- a/src/nss.c
-+++ b/src/nss.c
-@@ -29,7 +29,18 @@
- #include <assert.h>
- #include <netdb.h>
- #include <sys/socket.h>
-+#ifdef HAVE_NSS_H
- #include <nss.h>
-+#else
-+enum nss_status {
-+    NSS_STATUS_TRYAGAIN = -2,
-+    NSS_STATUS_UNAVAIL,
-+    NSS_STATUS_NOTFOUND,
-+    NSS_STATUS_SUCCESS,
-+    NSS_STATUS_RETURN
-+};
-+#endif
-+
- #include <stdio.h>
- #include <stdlib.h>
- 
--- 
-2.7.0
-
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
deleted file mode 100644
index d0eb2768d1..0000000000
--- a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.10.bb
+++ /dev/null
@@ -1,45 +0,0 @@
-SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
-HOMEPAGE = "http://0pointer.de/lennart/projects/nss-mdns/"
-SECTION = "libs"
-
-LICENSE = "LGPLv2.1+"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
-
-DEPENDS = "avahi"
-PR = "r7"
-
-SRC_URI = "http://0pointer.de/lennart/projects/nss-mdns/nss-mdns-${PV}.tar.gz \
-           file://0001-check-for-nss.h.patch \
-           "
-
-SRC_URI[md5sum] = "03938f17646efbb50aa70ba5f99f51d7"
-SRC_URI[sha256sum] = "1e683c2e7c3921814706d62fbbd3e9cbf493a75fa00255e0e715508d8134fa6d"
-
-S = "${WORKDIR}/nss-mdns-${PV}"
-
-localstatedir = "/"
-
-inherit autotools
-
-EXTRA_OECONF = "--libdir=${base_libdir} --disable-lynx --enable-avahi"
-
-# suppress warning, but don't bother with autonamer
-LEAD_SONAME = "libnss_mdns.so"
-DEBIANNAME_${PN} = "libnss-mdns"
-
-RDEPENDS_${PN} = "avahi-daemon"
-
-pkg_postinst_${PN} () {
-	sed '
-		/^hosts:/ !b
-		/\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b
-		s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g
-		' -i $D${sysconfdir}/nsswitch.conf
-}
-
-pkg_prerm_${PN} () {
-	sed '
-		/^hosts:/ !b
-		s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g
-		' -i $D${sysconfdir}/nsswitch.conf
-}
diff --git a/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
new file mode 100644
index 0000000000..0db609fc47
--- /dev/null
+++ b/meta/recipes-connectivity/libnss-mdns/libnss-mdns_0.15.1.bb
@@ -0,0 +1,39 @@
+SUMMARY = "Name Service Switch module for Multicast DNS (zeroconf) name resolution"
+HOMEPAGE = "https://github.com/lathiat/nss-mdns"
+DESCRIPTION = "nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local."
+SECTION = "libs"
+
+LICENSE = "LGPL-2.1-or-later"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=2d5025d4aa3495befef8f17206a5b0a1"
+
+DEPENDS = "avahi"
+
+SRC_URI = "git://github.com/lathiat/nss-mdns;branch=master;protocol=https \
+           "
+
+SRCREV = "4b3cfe818bf72d99a02b8ca8b8813cb2d6b40633"
+
+S = "${WORKDIR}/git"
+
+inherit autotools pkgconfig
+
+COMPATIBLE_HOST:libc-musl = 'null'
+
+EXTRA_OECONF = "--libdir=${base_libdir}"
+
+RDEPENDS:${PN} = "avahi-daemon"
+
+pkg_postinst:${PN} () {
+	sed '
+		/^hosts:/ !b
+		/\<mdns\(4\|6\)\?\(_minimal\)\?\>/ b
+		s/\([[:blank:]]\+\)dns\>/\1mdns4_minimal [NOTFOUND=return] dns/g
+		' -i $D${sysconfdir}/nsswitch.conf
+}
+
+pkg_prerm:${PN} () {
+	sed '
+		/^hosts:/ !b
+		s/[[:blank:]]\+mdns\(4\|6\)\?\(_minimal\( \[NOTFOUND=return\]\)\?\)\?//g
+		' -i $D${sysconfdir}/nsswitch.conf
+}
diff --git a/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch b/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
deleted file mode 100644
index 01773834c7..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From aafa3512b7b742f5e66a5543e41974cc5e7eebfa Mon Sep 17 00:00:00 2001
-From: maxice8 <thinkabit.ukim@gmail.com>
-Date: Sun, 22 Jul 2018 18:54:17 -0300
-Subject: [PATCH] pcap-usb-linux.c: add missing limits.h for musl systems.
-
-fix compilation on musl libc systems like Void Linux and Alpine.
-
-Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/d557c98a16dc254aaff03762b694fe624e180bea]
-
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
----
- pcap-usb-linux.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/pcap-usb-linux.c b/pcap-usb-linux.c
-index 6f8adf65..b92c05ea 100644
---- a/pcap-usb-linux.c
-+++ b/pcap-usb-linux.c
-@@ -50,6 +50,7 @@
- #include <stdlib.h>
- #include <unistd.h>
- #include <fcntl.h>
-+#include <limits.h>
- #include <string.h>
- #include <dirent.h>
- #include <byteswap.h>
--- 
-2.17.1
-
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
index 78361561e6..dbe2fd8157 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.9.0.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb
@@ -5,31 +5,29 @@ security monitoring and network debugging."
 HOMEPAGE = "http://www.tcpdump.org/"
 BUGTRACKER = "http://sourceforge.net/tracker/?group_id=53067&atid=469577"
 SECTION = "libs/network"
-LICENSE = "BSD"
+LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
                     file://pcap.h;beginline=1;endline=32;md5=39af3510e011f34b8872f120b1dc31d2"
 DEPENDS = "flex-native bison-native"
 
-SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
-           file://0001-pcap-usb-linux.c-add-missing-limits.h-for-musl-syste.patch \
-           "
-SRC_URI[md5sum] = "dffd65cb14406ab9841f421732eb0f33"
-SRC_URI[sha256sum] = "2edb88808e5913fdaa8e9c1fcaf272e19b2485338742b5074b9fe44d68f37019"
+SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz"
+SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4"
 
-inherit autotools binconfig-disabled pkgconfig bluetooth
+inherit autotools binconfig-disabled pkgconfig
 
 BINCONFIG = "${bindir}/pcap-config"
 
 # Explicitly disable dag support. We don't have recipe for it and if enabled here,
 # configure script poisons the include dirs with /usr/local/include even when the
-# support hasn't been detected.
+# support hasn't been detected. Do the same thing for DPDK.
 EXTRA_OECONF = " \
                  --with-pcap=linux \
                  --without-dag \
+                 --without-dpdk \
                  "
 EXTRA_AUTORECONF += "--exclude=aclocal"
 
-PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
                    ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
 PACKAGECONFIG[bluez5] = "--enable-bluetooth,--disable-bluetooth,bluez5"
@@ -37,7 +35,7 @@ PACKAGECONFIG[dbus] = "--enable-dbus,--disable-dbus,dbus"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 PACKAGECONFIG[libnl] = "--with-libnl,--without-libnl,libnl"
 
-do_configure_prepend () {
+do_configure:prepend () {
     #remove hardcoded references to /usr/include
     sed 's|\([ "^'\''I]\+\)/usr/include/|\1${STAGING_INCDIR}/|g' -i ${S}/configure.ac
 }
diff --git a/meta/recipes-connectivity/libuv/libuv_1.44.1.bb b/meta/recipes-connectivity/libuv/libuv_1.44.1.bb
new file mode 100644
index 0000000000..4c96d80a65
--- /dev/null
+++ b/meta/recipes-connectivity/libuv/libuv_1.44.1.bb
@@ -0,0 +1,21 @@
+SUMMARY = "A multi-platform support library with a focus on asynchronous I/O"
+HOMEPAGE = "https://github.com/libuv/libuv"
+DESCRIPTION = "libuv is a multi-platform support library with a focus on asynchronous I/O. It was primarily developed for use by Node.js, but it's also used by Luvit, Julia, pyuv, and others."
+BUGTRACKER = "https://github.com/libuv/libuv/issues"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ad93ca1fffe931537fcf64f6fcce084d"
+
+SRCREV = "e8b7eb6908a847ffbe6ab2eec7428e43a0aa53a2"
+SRC_URI = "git://github.com/libuv/libuv;branch=v1.x;protocol=https"
+UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
+
+S = "${WORKDIR}/git"
+
+inherit autotools
+
+do_configure() {
+    ${S}/autogen.sh || bbnote "${PN} failed to autogen.sh"
+    oe_runconf
+}
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
index 77adcebbae..781b9216c5 100644
--- a/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
+++ b/meta/recipes-connectivity/mobile-broadband-provider-info/mobile-broadband-provider-info_git.bb
@@ -1,13 +1,17 @@
 SUMMARY = "Mobile Broadband Service Provider Database"
 HOMEPAGE = "http://live.gnome.org/NetworkManager/MobileBroadband/ServiceProviders"
+DESCRIPTION = "Mobile Broadband Service Provider Database stores service provider specific information. When this Database is available the information can be fetched there"
 SECTION = "network"
 LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://COPYING;md5=87964579b2a8ece4bc6744d2dc9a8b04"
-SRCREV = "c7def60ba50d9cc30a90f69f89d7e82243501e86"
-PV = "20190116"
+
+SRCREV = "4cbb44a9fe26aa6f0b28beb79f9488b37c097b5e"
+PV = "20220315"
 PE = "1"
 
-SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https"
+SRC_URI = "git://gitlab.gnome.org/GNOME/mobile-broadband-provider-info.git;protocol=https;branch=main"
 S = "${WORKDIR}/git"
 
 inherit autotools
+
+DEPENDS += "libxslt-native"
diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb b/meta/recipes-connectivity/neard/neard_0.16.bb
index cc6af4e1ca..57f2a3e2e1 100644
--- a/meta/recipes-connectivity/neard/neard_0.16.bb
+++ b/meta/recipes-connectivity/neard/neard_0.16.bb
@@ -1,7 +1,7 @@
 SUMMARY = "Linux NFC daemon"
 DESCRIPTION = "A daemon for the Linux Near Field Communication stack"
 HOMEPAGE = "http://01.org/linux-nfc"
-LICENSE = "GPLv2"
+LICENSE = "GPL-2.0-only"
 
 DEPENDS = "dbus glib-2.0 libnl"
 
@@ -18,16 +18,16 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=12f884d2ae1ff87c09e5b7ccc2c4ca7e \
  file://src/near.h;beginline=1;endline=20;md5=358e4deefef251a4761e1ffacc965d13 \
  "
 
-inherit autotools pkgconfig systemd update-rc.d bluetooth
+inherit autotools pkgconfig systemd update-rc.d
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
 
-PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_unitdir}/system/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd"
+PACKAGECONFIG[systemd] = "--enable-systemd --with-systemdsystemunitdir=${systemd_system_unitdir}/ --with-systemduserunitdir=${systemd_unitdir}/user/,--disable-systemd"
 
 EXTRA_OECONF += "--enable-tools"
 
 # This would copy neard start-stop shell and test scripts
-do_install_append() {
+do_install:append() {
 	if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
 		install -d ${D}${sysconfdir}/init.d/
 		sed "s:@installpath@:${libexecdir}/nfc:" ${WORKDIR}/neard.in \
@@ -36,15 +36,15 @@ do_install_append() {
 	fi
 }
 
-RDEPENDS_${PN} = "dbus"
+RDEPENDS:${PN} = "dbus"
 
 # Bluez & Wifi are not mandatory except for handover
-RRECOMMENDS_${PN} = "\
-                     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', '${BLUEZ}', '', d)} \
+RRECOMMENDS:${PN} = "\
+                     ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez5', '', d)} \
                      ${@bb.utils.contains('DISTRO_FEATURES', 'wifi','wpa-supplicant', '', d)} \
                     "
 
 INITSCRIPT_NAME = "neard"
 INITSCRIPT_PARAMS = "defaults 64"
 
-SYSTEMD_SERVICE_${PN} = "neard.service"
+SYSTEMD_SERVICE:${PN} = "neard.service"
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch
deleted file mode 100644
index a44d1bf2fe..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 4f115fc314646500f7b4178d7248a02654c7cd10 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 30 Nov 2018 16:47:57 -0800
-Subject: [PATCH] Do not pass null pointer to freeaddrinfo()
-
-Passing null pointer as input parameter to freeaddrinfo() is undefined
-behaviour, some libcs e.g. glibc might just call free() which does
-accept null pointer but other libcs e.g. musl might not and instead
-cause the program to segfault. Therefore do not rely on undefined
-behaviour instead make it deterministic
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- support/export/client.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-Index: nfs-utils-2.3.2/support/export/client.c
-===================================================================
---- nfs-utils-2.3.2.orig/support/export/client.c
-+++ nfs-utils-2.3.2/support/export/client.c
-@@ -309,7 +309,8 @@ client_lookup(char *hname, int canonical
- 		init_addrlist(clp, ai);
- 
- out:
--	freeaddrinfo(ai);
-+	if (ai)
-+		freeaddrinfo(ai);
- 	return clp;
- }
- 
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
index aa551ebd19..7603eb680d 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch
@@ -19,36 +19,39 @@ As there is already one source file named file.c
 as support/nsm/file.c in support/nsm/Makefile.am,
 so rename ../support/misc/file.c to ../support/misc/misc.c.
 
-Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502780423058&w=2]
+Upstream-Status: Submitted [https://marc.info/?l=linux-nfs&m=154502780423058&w=2]
 
 Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
+
+Rebase it.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
 ---
  support/misc/Makefile.am |   2 +-
- support/misc/file.c      | 111 -----------------------------------------------
- support/misc/misc.c      | 111 +++++++++++++++++++++++++++++++++++++++++++++++
+ support/misc/file.c      | 115 ---------------------------------------------------------------------------------------------------------------
+ support/misc/misc.c      | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  support/nsm/Makefile.am  |   2 +-
- 4 files changed, 113 insertions(+), 113 deletions(-)
- delete mode 100644 support/misc/file.c
- create mode 100644 support/misc/misc.c
+ 4 files changed, 113 insertions(+), 117 deletions(-)
 
 diff --git a/support/misc/Makefile.am b/support/misc/Makefile.am
-index 8936b0d..d4c1f76 100644
+index f9993e3..8b0e9db 100644
 --- a/support/misc/Makefile.am
 +++ b/support/misc/Makefile.am
-@@ -1,6 +1,6 @@
+@@ -1,7 +1,7 @@
  ## Process this file with automake to produce Makefile.in
  
  noinst_LIBRARIES = libmisc.a
--libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c
-+libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c
+-libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c file.c \
++libmisc_a_SOURCES = tcpwrapper.c from_local.c mountpoint.c misc.c \
+ 		    nfsd_path.c workqueue.c xstat.c
  
  MAINTAINERCLEANFILES = Makefile.in
 diff --git a/support/misc/file.c b/support/misc/file.c
 deleted file mode 100644
-index e7c3819..0000000
+index 06f6bb2..0000000
 --- a/support/misc/file.c
 +++ /dev/null
-@@ -1,111 +0,0 @@
+@@ -1,115 +0,0 @@
 -/*
 - * Copyright 2009 Oracle.  All rights reserved.
 - * Copyright 2017 Red Hat, Inc.  All rights reserved.
@@ -69,6 +72,10 @@ index e7c3819..0000000
 - * along with nfs-utils.  If not, see <http://www.gnu.org/licenses/>.
 - */
 -
+-#ifdef HAVE_CONFIG_H
+-#include <config.h>
+-#endif
+-
 -#include <sys/stat.h>
 -
 -#include <string.h>
@@ -290,6 +297,3 @@ index 8f5874e..68f1a46 100644
  
  BUILT_SOURCES = $(GENFILES)
  
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch
deleted file mode 100644
index 906ac0f905..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-Makefile.am-update-the-path-of-libnfs.a.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From fcece65d1b713eaeef41706898440302f8ce92d9 Mon Sep 17 00:00:00 2001
-From: Mingli Yu <Mingli.Yu@windriver.com>
-Date: Thu, 12 Jul 2018 15:19:41 +0800
-Subject: [PATCH] Makefile.am: update the path of libnfs.a
-
-The libnfs.a is under ../support/nfs/.libs/ now,
-update the reference path accordingly to fix below
-build error when run "make -C tests statdb_dump":
-| make: *** No rule to make target '../support/nfs/libnfs.a', needed by 'statdb_dump'.  Stop.
-
-And below error when run "make -C tests/nsm_client nsm_client"
-| make: *** No rule to make target '../../support/nfs/libnfs.a', needed by 'nsm_client'.  Stop.
-
-Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154502636522745&w=2]
-
-Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
----
- tests/Makefile.am            | 2 +-
- tests/nsm_client/Makefile.am | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 1f96264..74aa629 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -3,7 +3,7 @@
- check_PROGRAMS = statdb_dump
- statdb_dump_SOURCES = statdb_dump.c
- 
--statdb_dump_LDADD = ../support/nfs/libnfs.a \
-+statdb_dump_LDADD = ../support/nfs/.libs/libnfs.a \
- 		    ../support/nsm/libnsm.a $(LIBCAP)
- 
- SUBDIRS = nsm_client
-diff --git a/tests/nsm_client/Makefile.am b/tests/nsm_client/Makefile.am
-index a8fc131..43db9c2 100644
---- a/tests/nsm_client/Makefile.am
-+++ b/tests/nsm_client/Makefile.am
-@@ -13,7 +13,7 @@ check_PROGRAMS	= nsm_client
- nsm_client_SOURCES = $(GENFILES) nsm_client.c
- 
- BUILT_SOURCES = $(GENFILES)
--nsm_client_LDADD = ../../support/nfs/libnfs.a \
-+nsm_client_LDADD = ../../support/nfs/.libs/libnfs.a \
- 		   ../../support/nsm/libnsm.a $(LIBCAP) $(LIBTIRPC)
- 
- if CONFIG_RPCGEN
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
deleted file mode 100644
index bafff5b9c0..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-cacheio-use-intmax_t-for-formatted-IO.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From ac32b813f5d6f9a2de944015cf9bb98d68e0203a Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 1 Dec 2018 10:02:12 -0800
-Subject: [PATCH] cacheio: use intmax_t for formatted IO
-
-time_t is not same size on x32 ABI (ILP32)
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- support/nfs/cacheio.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/support/nfs/cacheio.c b/support/nfs/cacheio.c
-index 9dc4cf1..2086a95 100644
---- a/support/nfs/cacheio.c
-+++ b/support/nfs/cacheio.c
-@@ -17,6 +17,7 @@
- 
- #include <nfslib.h>
- #include <stdio.h>
-+#include <inttypes.h>
- #include <stdio_ext.h>
- #include <string.h>
- #include <ctype.h>
-@@ -234,7 +235,7 @@ cache_flush(int force)
- 	    stb.st_mtime > now)
- 		stb.st_mtime = time(0);
- 	
--	sprintf(stime, "%ld\n", stb.st_mtime);
-+	sprintf(stime, "%jd\n", (intmax_t)stb.st_mtime);
- 	for (c=0; cachelist[c]; c++) {
- 		int fd;
- 		sprintf(path, "/proc/net/rpc/%s/flush", cachelist[c]);
--- 
-2.19.2
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch
deleted file mode 100644
index 17aabb9e4d..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 66471fbf7106917da7a1536b18a0a77d07479779 Mon Sep 17 00:00:00 2001
-From: Mingli Yu <Mingli.Yu@windriver.com>
-Date: Mon, 17 Dec 2018 15:29:47 +0800
-Subject: [PATCH] configure.ac: Do not fatalize -Wmissing-prototypes
-
-There comes below error when run "make -C tests/nsm_client nsm_client"
-| nlm_sm_inter_svc.c:20:1: error: no previous prototype for 'nlm_sm_prog_3' [-Werror=missing-prototypes]
-
-It is because rpcgen doesn't generate -Wmissing-prototypes
-free code for nlm_sm_inter_svc.c with below logic
-in tests/nsm_client/Makefile.am
-[snip]
-GENFILES_SVC    = nlm_sm_inter_svc.c
-[snip]
-$(GENFILES_SVC): %_svc.c: %.x $(RPCGEN)
-        test -f $@ && rm -rf $@ || true
-        $(RPCGEN) -m -o $@ $<
-
-So add the logic not to fatalize -Wmissing-prototypes.
-
-Upstream-Status: Submitted[https://marc.info/?l=linux-nfs&m=154503260323936&w=2]
-
-Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index e82ff14..d0cc5d5 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -548,7 +548,7 @@ my_am_cflags="\
-  -Wall \
-  -Wextra \
-  -Werror=strict-prototypes \
-- -Werror=missing-prototypes \
-+ -Wmissing-prototypes \
-  -Werror=missing-declarations \
-  -Werror=format=2 \
-  -Werror=undef \
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
index 822939f0d2..f13d7b380c 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/bugfix-adjust-statd-service-name.patch
@@ -12,20 +12,28 @@ instead but forgot to update the mount.nfs helper 'start-statd' accordingly.
 Upstream-Status: Inappropriate [other]
 
 Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
+
+Rebase it.
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
 ---
- utils/statd/start-statd | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ utils/statd/start-statd | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
 
-Index: nfs-utils-2.1.1/utils/statd/start-statd
-===================================================================
---- nfs-utils-2.1.1.orig/utils/statd/start-statd
-+++ nfs-utils-2.1.1/utils/statd/start-statd
-@@ -28,7 +28,7 @@ fi
+diff --git a/utils/statd/start-statd b/utils/statd/start-statd
+index af5c950..df9b9be 100755
+--- a/utils/statd/start-statd
++++ b/utils/statd/start-statd
+@@ -28,10 +28,10 @@ fi
  # First try systemd if it's installed.
  if [ -d /run/systemd/system ]; then
      # Quit only if the call worked.
--    systemctl start rpc-statd.service && exit
-+    systemctl start nfs-statd.service && exit
+-    if systemctl start rpc-statd.service; then
++    if systemctl start nfs-statd.service; then
+         # Ensure systemd knows not to stop rpc.statd or its dependencies
+         # on 'systemctl isolate ..'
+-        systemctl add-wants --runtime remote-fs.target rpc-statd.service
++        systemctl add-wants --runtime remote-fs.target nfs-statd.service
+         exit 0
+     fi
  fi
- 
- cd /
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch
deleted file mode 100644
index 1d693e4142..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-format-string.patch
+++ /dev/null
@@ -1,183 +0,0 @@
-Clang comes up with more printf format warnings
-Correcting “format string is not a string literal” warning
-requires us to declare that parameter is a printf style 
-format using the attribute flag
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: nfs-utils-2.3.3/support/include/xcommon.h
-===================================================================
---- nfs-utils-2.3.3.orig/support/include/xcommon.h
-+++ nfs-utils-2.3.3/support/include/xcommon.h
-@@ -27,7 +27,7 @@
- 
- /* Functions in sundries.c that are used in mount.c and umount.c  */ 
- char *canonicalize (const char *path);
--void nfs_error (const char *fmt, ...);
-+void nfs_error (const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
- void *xmalloc (size_t size);
- void *xrealloc(void *p, size_t size);
- void xfree(void *);
-@@ -36,9 +36,9 @@ char *xstrndup (const char *s, int n);
- char *xstrconcat2 (const char *, const char *);
- char *xstrconcat3 (const char *, const char *, const char *);
- char *xstrconcat4 (const char *, const char *, const char *, const char *);
--void die (int errcode, const char *fmt, ...);
-+void die (int errcode, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
- 
--extern void die(int err, const char *fmt, ...);
-+extern void die(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
- extern void (*at_die)(void);
- 
- /* exit status - bits below are ORed */
-Index: nfs-utils-2.3.3/support/include/xlog.h
-===================================================================
---- nfs-utils-2.3.3.orig/support/include/xlog.h
-+++ nfs-utils-2.3.3/support/include/xlog.h
-@@ -43,10 +43,10 @@ void			xlog_config(int fac, int on);
- void			xlog_sconfig(char *, int on);
- void			xlog_from_conffile(char *);
- int			xlog_enabled(int fac);
--void			xlog(int fac, const char *fmt, ...);
--void			xlog_warn(const char *fmt, ...);
--void			xlog_err(const char *fmt, ...);
--void			xlog_errno(int err, const char *fmt, ...);
--void			xlog_backend(int fac, const char *fmt, va_list args);
-+void			xlog(int fac, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
-+void			xlog_warn(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
-+void			xlog_err(const char *fmt, ...) __attribute__((__format__ (__printf__, 1, 2)));
-+void			xlog_errno(int err, const char *fmt, ...) __attribute__((__format__ (__printf__, 2, 3)));
-+void			xlog_backend(int fac, const char *fmt, va_list args) __attribute__((__format__ (__printf__, 2, 0)));
- 
- #endif /* XLOG_H */
-Index: nfs-utils-2.3.3/support/nfs/xcommon.c
-===================================================================
---- nfs-utils-2.3.3.orig/support/nfs/xcommon.c
-+++ nfs-utils-2.3.3/support/nfs/xcommon.c
-@@ -93,7 +93,10 @@ nfs_error (const char *fmt, ...) {
- 
-      fmt2 = xstrconcat2 (fmt, "\n");
-      va_start (args, fmt);
-+#pragma clang diagnostic push
-+#pragma clang diagnostic ignored "-Wformat-nonliteral"
-      vfprintf (stderr, fmt2, args);
-+#pragma clang diagnostic pop
-      va_end (args);
-      free (fmt2);
- }
-Index: nfs-utils-2.3.3/utils/exportfs/exportfs.c
-===================================================================
---- nfs-utils-2.3.3.orig/utils/exportfs/exportfs.c
-+++ nfs-utils-2.3.3/utils/exportfs/exportfs.c
-@@ -644,6 +644,7 @@ out:
- 	return result;
- }
- 
-+__attribute__((__format__ (__printf__, 2, 3)))
- static char
- dumpopt(char c, char *fmt, ...)
- {
-Index: nfs-utils-2.3.3/utils/statd/statd.c
-===================================================================
---- nfs-utils-2.3.3.orig/utils/statd/statd.c
-+++ nfs-utils-2.3.3/utils/statd/statd.c
-@@ -136,7 +136,7 @@ static void log_modes(void)
- 	strcat(buf, "TI-RPC ");
- #endif
- 
--	xlog_warn(buf);
-+	xlog_warn("%s", buf);
- }
- 
- /*
-Index: nfs-utils-2.3.3/support/nfs/svc_create.c
-===================================================================
---- nfs-utils-2.3.3.orig/support/nfs/svc_create.c
-+++ nfs-utils-2.3.3/support/nfs/svc_create.c
-@@ -184,7 +184,7 @@ svc_create_sock(const struct sockaddr *s
- 		type = SOCK_STREAM;
- 		break;
- 	default:
--		xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %u",
-+		xlog(D_GENERAL, "%s: Unrecognized bind address semantics: %lu",
- 			__func__, nconf->nc_semantics);
- 		return -1;
- 	}
-Index: nfs-utils-2.3.3/support/nsm/rpc.c
-===================================================================
---- nfs-utils-2.3.3.orig/support/nsm/rpc.c
-+++ nfs-utils-2.3.3/support/nsm/rpc.c
-@@ -182,7 +182,7 @@ nsm_xmit_getport(const int sock, const s
- 	uint32_t xid;
- 	XDR xdr;
- 
--	xlog(D_CALL, "Sending PMAP_GETPORT for %u, %u, udp", program, version);
-+	xlog(D_CALL, "Sending PMAP_GETPORT for %lu, %lu, udp", program, version);
- 
- 	nsm_init_xdrmem(msgbuf, NSM_MAXMSGSIZE, &xdr);
- 	xid = nsm_init_rpc_header(PMAPPROG, PMAPVERS,
-Index: nfs-utils-2.3.3/utils/mountd/cache.c
-===================================================================
---- nfs-utils-2.3.3.orig/utils/mountd/cache.c
-+++ nfs-utils-2.3.3/utils/mountd/cache.c
-@@ -968,8 +968,7 @@ lookup_export(char *dom, char *path, str
- 			} else if (found_type == i && found->m_warned == 0) {
- 				xlog(L_WARNING, "%s exported to both %s and %s, "
- 				     "arbitrarily choosing options from first",
--				     path, found->m_client->m_hostname, exp->m_client->m_hostname,
--				     dom);
-+				     path, found->m_client->m_hostname, exp->m_client->m_hostname);
- 				found->m_warned = 1;
- 			}
- 		}
-Index: nfs-utils-2.3.3/utils/mountd/mountd.c
-===================================================================
---- nfs-utils-2.3.3.orig/utils/mountd/mountd.c
-+++ nfs-utils-2.3.3/utils/mountd/mountd.c
-@@ -213,7 +213,7 @@ static void
- sig_hup (int sig)
- {
- 	/* don't exit on SIGHUP */
--	xlog (L_NOTICE, "Received SIGHUP... Ignoring.\n", sig);
-+	xlog (L_NOTICE, "Received SIGHUP(%d)... Ignoring.\n", sig);
- 	return;
- }
- 
-Index: nfs-utils-2.3.3/utils/statd/rmtcall.c
-===================================================================
---- nfs-utils-2.3.3.orig/utils/statd/rmtcall.c
-+++ nfs-utils-2.3.3/utils/statd/rmtcall.c
-@@ -247,7 +247,7 @@ process_reply(FD_SET_TYPE *rfds)
- 		xlog_warn("%s: service %d not registered on localhost",
- 			__func__, NL_MY_PROG(lp));
- 	} else {
--		xlog(D_GENERAL, "%s: Callback to %s (for %d) succeeded",
-+		xlog(D_GENERAL, "%s: Callback to %s (for %s) succeeded",
- 			__func__, NL_MY_NAME(lp), NL_MON_NAME(lp));
- 	}
- 	nlist_free(&notify, lp);
-Index: nfs-utils-2.3.3/utils/statd/svc_run.c
-===================================================================
---- nfs-utils-2.3.3.orig/utils/statd/svc_run.c
-+++ nfs-utils-2.3.3/utils/statd/svc_run.c
-@@ -53,6 +53,7 @@
- 
- #include <errno.h>
- #include <time.h>
-+#include <inttypes.h>
- #include "statd.h"
- #include "notlist.h"
- 
-@@ -104,8 +105,8 @@ my_svc_run(int sockfd)
- 
- 			tv.tv_sec  = NL_WHEN(notify) - now;
- 			tv.tv_usec = 0;
--			xlog(D_GENERAL, "Waiting for reply... (timeo %d)",
--							tv.tv_sec);
-+			xlog(D_GENERAL, "Waiting for reply... (timeo %jd)",
-+							(intmax_t)tv.tv_sec);
- 			selret = select(FD_SETSIZE, &readfds,
- 				(void *) 0, (void *) 0, &tv);
- 		} else {
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch
new file mode 100644
index 0000000000..fde99b599e
--- /dev/null
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/clang-warnings.patch
@@ -0,0 +1,36 @@
+From 1ab0c326405c6daa06f1a7eb4b0b60bf4e0584c2 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 31 Dec 2019 08:15:34 -0800
+Subject: [PATCH] Detect warning options during configure
+
+Certain options maybe compiler specific therefore its better
+to detect them before use.
+
+nfs_error copies the format string and appends newline to it
+but compiler can forget that it was format string since its not
+same fmt string that was passed. Ignore the warning
+
+Wdiscarded-qualifiers is gcc specific and this is no longer needed
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ support/nfs/xcommon.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/support/nfs/xcommon.c b/support/nfs/xcommon.c
+index 3989f0b..e080423 100644
+--- a/support/nfs/xcommon.c
++++ b/support/nfs/xcommon.c
+@@ -98,7 +98,10 @@ nfs_error (const char *fmt, ...) {
+ 
+      fmt2 = xstrconcat2 (fmt, "\n");
+      va_start (args, fmt);
++#pragma GCC diagnostic push
++#pragma GCC diagnostic ignored "-Wformat-nonliteral"
+      vfprintf (stderr, fmt2, args);
++#pragma GCC diagnostic pop
+      va_end (args);
+      free (fmt2);
+ }
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
index 27ea58d366..c01415de84 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-mountd.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=NFS Mount Daemon
 DefaultDependencies=no
+After=rpcbind.socket
 Requires=proc-fs-nfsd.mount
 After=proc-fs-nfsd.mount
 After=network.target local-fs.target
@@ -10,6 +11,7 @@ ConditionPathExists=@SYSCONFDIR@/exports
 [Service]
 EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStart=@SBINDIR@/rpc.mountd -F $MOUNTD_OPTS
+LimitNOFILE=@HIGH_RLIMIT_NOFILE@
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
index 6481377d80..5c845b7e82 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-server.service
@@ -17,7 +17,6 @@ ExecStop=@SBINDIR@/rpc.nfsd 0
 ExecStopPost=@SBINDIR@/exportfs -au
 ExecStopPost=@SBINDIR@/exportfs -f
 ExecReload=@SBINDIR@/exportfs -r
-StandardError=syslog
 RemainAfterExit=yes
 
 [Install]
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
index 6e196b8c8c..4fa64e1998 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-statd.service
@@ -8,6 +8,7 @@ After=network.target nss-lookup.target rpcbind.service
 [Service]
 EnvironmentFile=-@SYSCONFDIR@/nfs-utils.conf
 ExecStart=@SBINDIR@/rpc.statd -F $STATD_OPTS
+LimitNOFILE=@HIGH_RLIMIT_NOFILE@
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
deleted file mode 100644
index 993f1e5ea5..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-nfs-utils: Do not pass CFLAGS to gcc while building
-
-Do not pass CFLAGS/LDFLAGS to gcc while building, The needed flags has
-been passed by xxx_CFLAGS=$(CFLAGS_FOR_BUILD).
-
-Upstream-Status: Pending
-
-Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
----
- tools/locktest/Makefile.am |    2 ++
- tools/rpcgen/Makefile.am   |    2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/tools/locktest/Makefile.am b/tools/locktest/Makefile.am
-index 3156815..1729fd1 100644
---- a/tools/locktest/Makefile.am
-+++ b/tools/locktest/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
- 
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
- 
- noinst_PROGRAMS = testlk
-diff --git a/tools/rpcgen/Makefile.am b/tools/rpcgen/Makefile.am
-index 8a9ec89..8bacdaa 100644
---- a/tools/rpcgen/Makefile.am
-+++ b/tools/rpcgen/Makefile.am
-@@ -1,6 +1,8 @@
- ## Process this file with automake to produce Makefile.in
- 
- CC=$(CC_FOR_BUILD)
-+CFLAGS=
-+LDFLAGS=
- LIBTOOL = @LIBTOOL@ --tag=CC
- 
- noinst_PROGRAMS = rpcgen
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch
deleted file mode 100644
index 25ca415155..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-limits.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-Fixed:
-| file.c: In function 'generic_make_pathname':
-| file.c:48:13: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'RAND_MAX'?
-|   if (size > PATH_MAX)
-|              ^~~~~~~~
-[snip]
-
-Upstream-Status: Pending [https://git.alpinelinux.org/cgit/aports/tree/main/nfs-utils/limits.patch?id=f6734a77d3caee73325f8cc1f77d1b5117a75096]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- support/export/export.c          | 1 +
- support/export/xtab.c            | 1 +
- support/misc/file.c              | 1 +
- support/nfs/xcommon.c            | 1 +
- support/nsm/file.c               | 1 +
- utils/blkmapd/device-discovery.c | 1 +
- utils/gssd/krb5_util.c           | 1 +
- utils/mountd/cache.c             | 1 +
- utils/mountd/mountd.c            | 1 +
- utils/mountd/rmtab.c             | 1 +
- 10 files changed, 10 insertions(+)
-
-diff --git a/support/export/export.c b/support/export/export.c
---- a/support/export/export.c
-+++ b/support/export/export.c
-@@ -17,6 +17,7 @@
- #include <stdlib.h>
- #include <dirent.h>
- #include <errno.h>
-+#include <limits.h>
- #include "xmalloc.h"
- #include "nfslib.h"
- #include "exportfs.h"
-diff --git a/support/export/xtab.c b/support/export/xtab.c
---- a/support/export/xtab.c
-+++ b/support/export/xtab.c
-@@ -18,6 +18,7 @@
- #include <sys/stat.h>
- #include <errno.h>
- #include <libgen.h>
-+#include <limits.h>
- 
- #include "nfslib.h"
- #include "exportfs.h"
-diff --git a/support/misc/file.c b/support/misc/file.c
---- a/support/misc/file.c
-+++ b/support/misc/file.c
-@@ -27,6 +27,7 @@
- #include <dirent.h>
- #include <stdlib.h>
- #include <stdbool.h>
-+#include <limits.h>
- 
- #include "xlog.h"
- #include "misc.h"
-diff --git a/support/nfs/xcommon.c b/support/nfs/xcommon.c
---- a/support/nfs/xcommon.c
-+++ b/support/nfs/xcommon.c
-@@ -16,6 +16,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <string.h>
-+#include <limits.h>
- 
- #include "xcommon.h"
- #include "nls.h"	/* _() */
-diff --git a/support/nsm/file.c b/support/nsm/file.c
---- a/support/nsm/file.c
-+++ b/support/nsm/file.c
-@@ -85,6 +85,7 @@
- #include <fcntl.h>
- #include <dirent.h>
- #include <grp.h>
-+#include <limits.h>
- 
- #include "xlog.h"
- #include "nsm.h"
-diff --git a/utils/blkmapd/device-discovery.c b/utils/blkmapd/device-discovery.c
---- a/utils/blkmapd/device-discovery.c
-+++ b/utils/blkmapd/device-discovery.c
-@@ -49,6 +49,7 @@
- #include <unistd.h>
- #include <libgen.h>
- #include <errno.h>
-+#include <limits.h>
- #include <libdevmapper.h>
- 
- #ifdef HAVE_CONFIG_H
-diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
---- a/utils/gssd/krb5_util.c
-+++ b/utils/gssd/krb5_util.c
-@@ -120,6 +120,7 @@
- #endif
- #include <krb5.h>
- #include <rpc/auth_gss.h>
-+#include <limits.h>
- 
- #include "gssd.h"
- #include "err_util.h"
-diff --git a/utils/mountd/cache.c b/utils/mountd/cache.c
---- a/utils/mountd/cache.c
-+++ b/utils/mountd/cache.c
-@@ -26,6 +26,7 @@
- #include <pwd.h>
- #include <grp.h>
- #include <mntent.h>
-+#include <limits.h>
- #include "misc.h"
- #include "nfslib.h"
- #include "exportfs.h"
-diff --git a/utils/mountd/mountd.c b/utils/mountd/mountd.c
---- a/utils/mountd/mountd.c
-+++ b/utils/mountd/mountd.c
-@@ -22,6 +22,7 @@
- #include <fcntl.h>
- #include <sys/resource.h>
- #include <sys/wait.h>
-+#include <limits.h>
- 
- #include "conffile.h"
- #include "xmalloc.h"
-diff --git a/utils/mountd/rmtab.c b/utils/mountd/rmtab.c
---- a/utils/mountd/rmtab.c
-+++ b/utils/mountd/rmtab.c
-@@ -16,6 +16,7 @@
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <netdb.h>
-+#include <limits.h>
- 
- #include "misc.h"
- #include "exportfs.h"
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
deleted file mode 100644
index 22002fadca..0000000000
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfs-utils-musl-res_querydomain.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From caa19231196d73541445728e6813c8fa70345acb Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Tue, 26 Jun 2018 15:59:00 +0800
-Subject: [PATCH] nfs-utils: 2.1.1 -> 2.3.1
-
-Fixed:
-configure: error: res_querydomain needed
-
-Upstream-Status: Pending [https://github.com/alpinelinux/aports/blob/master/main/nfs-utils/musl-configure_ac.patch]
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
-
----
- configure.ac | 13 ++++++-------
- 1 file changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 276dec3..760238b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -408,7 +408,7 @@ if test "$enable_gss" = yes; then
- fi
- 
- dnl libdnsidmap specific checks
--AC_CHECK_LIB([resolv], [__res_querydomain], , AC_MSG_ERROR(res_querydomain needed))
-+AC_CHECK_LIB([resolv], [res_querydomain], , AC_MSG_ERROR(res_querydomain needed))
- 
- AC_ARG_ENABLE([ldap],
- 	[AS_HELP_STRING([--disable-ldap],[Disable support for LDAP @<:default=detect@:>@])])
-@@ -547,11 +547,11 @@ my_am_cflags="\
-  -pipe \
-  -Wall \
-  -Wextra \
-- -Werror=strict-prototypes \
-- -Werror=missing-prototypes \
-- -Werror=missing-declarations \
-+ -Wstrict-prototypes \
-+ -Wmissing-prototypes \
-+ -Wmissing-declarations \
-  -Werror=format=2 \
-- -Werror=undef \
-+ -Wundef \
-  -Werror=missing-include-dirs \
-  -Werror=strict-aliasing=2 \
-  -Werror=init-self \
-@@ -579,10 +579,9 @@ AC_DEFUN([CHECK_CCSUPPORT], [
- 
- CHECK_CCSUPPORT([-Werror=format-overflow=2], [flg1])
- CHECK_CCSUPPORT([-Werror=int-conversion], [flg2])
--CHECK_CCSUPPORT([-Werror=incompatible-pointer-types], [flg3])
- CHECK_CCSUPPORT([-Werror=misleading-indentation], [flg4])
- 
--AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg3 $flg4"])
-+AC_SUBST([AM_CFLAGS], ["$my_am_cflags $flg1 $flg2 $flg4"])
- 
- # Make sure that $ACLOCAL_FLAGS are used during a rebuild
- AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"])
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
index d5e9c38a9c..0f5747cc6d 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/nfsserver
@@ -107,7 +107,7 @@ stop_nfsd(){
 #FIXME: need to create the /var/lib/nfs/... directories
 case "$1" in
   start)
-	exportfs -r
+	test -r /etc/exports && exportfs -r
 	start_nfsd "$NFS_SERVERS"
 	start_mountd
 	test -r /etc/exports && exportfs -a;;
diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.1.bb
index 84530f698b..bbed5aea59 100644
--- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.3.3.bb
+++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.6.1.bb
@@ -4,18 +4,18 @@ NFS server and related tools."
 HOMEPAGE = "http://nfs.sourceforge.net/"
 SECTION = "console/network"
 
-LICENSE = "MIT & GPLv2+ & BSD"
+LICENSE = "MIT & GPL-2.0-or-later & BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=95f3a93a5c3c7888de623b46ea085a84"
 
 # util-linux for libblkid
 DEPENDS = "libcap libevent util-linux sqlite3 libtirpc"
-RDEPENDS_${PN} = "${PN}-client bash"
-RRECOMMENDS_${PN} = "kernel-module-nfsd"
+RDEPENDS:${PN} = "${PN}-client"
+RRECOMMENDS:${PN} = "kernel-module-nfsd"
 
 inherit useradd
 
 USERADD_PACKAGES = "${PN}-client"
-USERADD_PARAM_${PN}-client = "--system  --home-dir /var/lib/nfs \
+USERADD_PARAM:${PN}-client = "--system  --home-dir /var/lib/nfs \
 			      --shell /bin/false --user-group rpcuser"
 
 SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.xz \
@@ -26,21 +26,12 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x
            file://nfs-mountd.service \
            file://nfs-statd.service \
            file://proc-fs-nfsd.mount \
-           file://nfs-utils-Do-not-pass-CFLAGS-to-gcc-while-building.patch \
            file://nfs-utils-debianize-start-statd.patch \
            file://bugfix-adjust-statd-service-name.patch \
-           file://nfs-utils-musl-limits.patch \
-           file://0001-cacheio-use-intmax_t-for-formatted-IO.patch \
-           file://0001-Do-not-pass-null-pointer-to-freeaddrinfo.patch \
-           file://clang-format-string.patch \
-           file://0001-Makefile.am-update-the-path-of-libnfs.a.patch \
            file://0001-Makefile.am-fix-undefined-function-for-libnsm.a.patch \
-"
-SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch"
-SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch"
-
-SRC_URI[md5sum] = "b6c9c032995af1c08fea9fbcc1ce33e9"
-SRC_URI[sha256sum] = "f68b34793831b05f1fd5760d6bdec92772c7684177586a99a61e7b444f336322"
+           file://clang-warnings.patch \
+           "
+SRC_URI[sha256sum] = "60dfcd94a9f3d72a12bc7058d811787ec87a6d593d70da2123faf9aad3d7a1df"
 
 # Only kernel-module-nfsd is required here (but can be built-in)  - the nfsd module will
 # pull in the remainder of the dependencies.
@@ -48,14 +39,14 @@ SRC_URI[sha256sum] = "f68b34793831b05f1fd5760d6bdec92772c7684177586a99a61e7b444f
 INITSCRIPT_PACKAGES = "${PN} ${PN}-client"
 INITSCRIPT_NAME = "nfsserver"
 INITSCRIPT_PARAMS = "defaults"
-INITSCRIPT_NAME_${PN}-client = "nfscommon"
-INITSCRIPT_PARAMS_${PN}-client = "defaults 19 21"
+INITSCRIPT_NAME:${PN}-client = "nfscommon"
+INITSCRIPT_PARAMS:${PN}-client = "defaults 19 21"
 
 inherit autotools-brokensep update-rc.d systemd pkgconfig
 
 SYSTEMD_PACKAGES = "${PN} ${PN}-client"
-SYSTEMD_SERVICE_${PN} = "nfs-server.service nfs-mountd.service"
-SYSTEMD_SERVICE_${PN}-client = "nfs-statd.service"
+SYSTEMD_SERVICE:${PN} = "nfs-server.service nfs-mountd.service"
+SYSTEMD_SERVICE:${PN}-client = "nfs-statd.service"
 
 # --enable-uuid is need for cross-compiling
 EXTRA_OECONF = "--with-statduser=rpcuser \
@@ -65,61 +56,62 @@ EXTRA_OECONF = "--with-statduser=rpcuser \
                 --disable-gss \
                 --disable-nfsdcltrack \
                 --with-statdpath=/var/lib/nfs/statd \
+                --with-rpcgen=${HOSTTOOLS_DIR}/rpcgen \
                "
 
-CFLAGS += "-Wno-error=format-overflow"
-
 PACKAGECONFIG ??= "tcp-wrappers \
     ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
 "
-PACKAGECONFIG_remove_libc-musl = "tcp-wrappers"
+PACKAGECONFIG:remove:libc-musl = "tcp-wrappers"
 PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,--without-tcp-wrappers,tcp-wrappers"
 PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
 # libdevmapper is available in meta-oe
-PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper"
-# keyutils is available in meta-security
-PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils"
+PACKAGECONFIG[nfsv41] = "--enable-nfsv41,--disable-nfsv41,libdevmapper,libdevmapper"
+# keyutils is available in meta-oe
+PACKAGECONFIG[nfsv4] = "--enable-nfsv4,--disable-nfsv4,keyutils,python3-core"
 
 PACKAGES =+ "${PN}-client ${PN}-mount ${PN}-stats"
 
-CONFFILES_${PN}-client += "${localstatedir}/lib/nfs/etab \
+CONFFILES:${PN}-client += "${localstatedir}/lib/nfs/etab \
 			   ${localstatedir}/lib/nfs/rmtab \
 			   ${localstatedir}/lib/nfs/xtab \
 			   ${localstatedir}/lib/nfs/statd/state \
 			   ${sysconfdir}/nfsmount.conf"
 
-FILES_${PN}-client = "${sbindir}/*statd \
+FILES:${PN}-client = "${sbindir}/*statd \
 		      ${sbindir}/rpc.idmapd ${sbindir}/sm-notify \
 		      ${sbindir}/showmount ${sbindir}/nfsstat \
 		      ${localstatedir}/lib/nfs \
 		      ${sysconfdir}/nfs-utils.conf \
 		      ${sysconfdir}/nfsmount.conf \
 		      ${sysconfdir}/init.d/nfscommon \
-		      ${systemd_unitdir}/system/nfs-statd.service"
-RDEPENDS_${PN}-client = "${PN}-mount rpcbind"
+		      ${systemd_system_unitdir}/nfs-statd.service"
+RDEPENDS:${PN}-client = "${PN}-mount rpcbind"
 
-FILES_${PN}-mount = "${base_sbindir}/*mount.nfs*"
+FILES:${PN}-mount = "${base_sbindir}/*mount.nfs*"
 
-FILES_${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat"
-RDEPENDS_${PN}-stats = "python3-core"
+FILES:${PN}-stats = "${sbindir}/mountstats ${sbindir}/nfsiostat ${sbindir}/nfsdclnts"
+RDEPENDS:${PN}-stats = "python3-core"
 
-FILES_${PN} += "${systemd_unitdir}"
+FILES:${PN}-staticdev += "${libdir}/libnfsidmap/*.a"
 
-do_configure_prepend() {
-        sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
-            ${S}/utils/mount/Makefile.am
+FILES:${PN} += "${systemd_unitdir} ${libdir}/libnfsidmap/"
 
-        sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
-            ${S}/utils/osd_login/Makefile.am
+do_configure:prepend() {
+	sed -i -e 's,sbindir = /sbin,sbindir = ${base_sbindir},g' \
+		${S}/utils/mount/Makefile.am
 }
 
 # Make clean needed because the package comes with
 # precompiled 64-bit objects that break the build
-do_compile_prepend() {
+do_compile:prepend() {
 	make clean
 }
 
-do_install_append () {
+# Works on systemd only
+HIGH_RLIMIT_NOFILE ??= "4096"
+
+do_install:append () {
 	install -d ${D}${sysconfdir}/init.d
 	install -m 0755 ${WORKDIR}/nfsserver ${D}${sysconfdir}/init.d/nfsserver
 	install -m 0755 ${WORKDIR}/nfscommon ${D}${sysconfdir}/init.d/nfscommon
@@ -127,17 +119,18 @@ do_install_append () {
 	install -m 0755 ${WORKDIR}/nfs-utils.conf ${D}${sysconfdir}
 	install -m 0755 ${S}/utils/mount/nfsmount.conf ${D}${sysconfdir}
 
-	install -d ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_unitdir}/system/
-	install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_unitdir}/system/
-	install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_unitdir}/system/
+	install -d ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/nfs-server.service ${D}${systemd_system_unitdir}/
+	install -m 0644 ${WORKDIR}/nfs-mountd.service ${D}${systemd_system_unitdir}/
+	install -m 0644 ${WORKDIR}/nfs-statd.service ${D}${systemd_system_unitdir}/
 	sed -i -e 's,@SBINDIR@,${sbindir},g' \
 		-e 's,@SYSCONFDIR@,${sysconfdir},g' \
-		${D}${systemd_unitdir}/system/*.service
+		-e 's,@HIGH_RLIMIT_NOFILE@,${HIGH_RLIMIT_NOFILE},g' \
+		${D}${systemd_system_unitdir}/*.service
 	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-	    install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/
-	    install -d ${D}${systemd_unitdir}/system/sysinit.target.wants/
-	    ln -sf ../proc-fs-nfsd.mount ${D}${systemd_unitdir}/system/sysinit.target.wants/proc-fs-nfsd.mount
+		install -m 0644 ${WORKDIR}/proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/
+		install -d ${D}${systemd_system_unitdir}/sysinit.target.wants/
+		ln -sf ../proc-fs-nfsd.mount ${D}${systemd_system_unitdir}/sysinit.target.wants/proc-fs-nfsd.mount
 	fi
 
 	# kernel code as of 3.8 hard-codes this path as a default
@@ -147,12 +140,6 @@ do_install_append () {
 	chown -R rpcuser:rpcuser ${D}${localstatedir}/lib/nfs/statd
 	chmod 0644 ${D}${localstatedir}/lib/nfs/statd/state
 
-	# the following are built by CC_FOR_BUILD
-	rm -f ${D}${sbindir}/rpcdebug
-	rm -f ${D}${sbindir}/rpcgen
-	rm -f ${D}${sbindir}/locktest
-
-        # Make python tools use python 3
-        sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
-
+	# Make python tools use python 3
+	sed -i -e '1s,#!.*python.*,#!${bindir}/python3,' ${D}${sbindir}/mountstats ${D}${sbindir}/nfsiostat
 }
diff --git a/meta/recipes-connectivity/ofono/ofono.inc b/meta/recipes-connectivity/ofono/ofono.inc
deleted file mode 100644
index 0472414b19..0000000000
--- a/meta/recipes-connectivity/ofono/ofono.inc
+++ /dev/null
@@ -1,39 +0,0 @@
-HOMEPAGE = "http://www.ofono.org"
-SUMMARY  = "open source telephony"
-DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
-LICENSE  = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
-                    file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
-
-inherit autotools pkgconfig update-rc.d systemd bluetooth gobject-introspection-data
-
-DEPENDS  = "dbus glib-2.0 udev mobile-broadband-provider-info"
-
-INITSCRIPT_NAME = "ofono"
-INITSCRIPT_PARAMS = "defaults 22"
-
-PACKAGECONFIG ??= "\
-    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
-    ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
-    "
-PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_unitdir}/system/,--with-systemdunitdir="
-PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, ${BLUEZ}"
-
-EXTRA_OECONF += "--enable-test"
-
-SYSTEMD_SERVICE_${PN} = "ofono.service"
-
-do_install_append() {
-  install -d ${D}${sysconfdir}/init.d/
-  install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
-}
-
-PACKAGES =+ "${PN}-tests"
-
-RDEPENDS_${PN} += "dbus"
-RRECOMMENDS_${PN} += "kernel-module-tun mobile-broadband-provider-info"
-
-FILES_${PN} += "${systemd_unitdir}"
-FILES_${PN}-tests = "${libdir}/${BPN}/test"
-RDEPENDS_${PN}-tests = "python3 python3-dbus"
-RDEPENDS_${PN}-tests += "${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)}"
diff --git a/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
new file mode 100644
index 0000000000..8a5a300adc
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch
@@ -0,0 +1,36 @@
+From 22b52db4842611ac31a356f023fc09595384e2ad Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 23 May 2019 18:11:22 -0700
+Subject: [PATCH] mbim: add an optional TEMP_FAILURE_RETRY macro copy
+
+Fixes build on musl which does not provide this macro
+
+Upstream-Status: Submitted [https://lists.ofono.org/pipermail/ofono/2019-May/019370.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ drivers/mbimmodem/mbim-private.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
+index e159235..51693ea 100644
+--- a/drivers/mbimmodem/mbim-private.h
++++ b/drivers/mbimmodem/mbim-private.h
+@@ -21,6 +21,15 @@
+ 
+ #define align_len(len, boundary) (((len)+(boundary)-1) & ~((boundary)-1))
+ 
++#ifndef TEMP_FAILURE_RETRY
++#define TEMP_FAILURE_RETRY(expression) ({     \
++  __typeof(expression) __result;              \
++  do {                                        \
++    __result = (expression);                  \
++  } while (__result == -1 && errno == EINTR); \
++  __result; })
++#endif
++
+ enum mbim_control_message {
+ 	MBIM_OPEN_MSG = 0x1,
+ 	MBIM_CLOSE_MSG = 0x2,
+-- 
+2.21.0
+
diff --git a/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch
new file mode 100644
index 0000000000..3655b3fd66
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono/0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch
@@ -0,0 +1,28 @@
+From 76e4054801350ebd4a44057379431a33d460ad0f Mon Sep 17 00:00:00 2001
+From: Martin Jansa <Martin.Jansa@gmail.com>
+Date: Wed, 21 Apr 2021 11:01:34 +0000
+Subject: [PATCH] mbim: Fix build with ell-0.39 by restoring unlikely macro
+ from ell/util.h
+
+Upstream-Status: Pending
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+---
+ drivers/mbimmodem/mbim-private.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/mbimmodem/mbim-private.h b/drivers/mbimmodem/mbim-private.h
+index 51693eae..d917312c 100644
+--- a/drivers/mbimmodem/mbim-private.h
++++ b/drivers/mbimmodem/mbim-private.h
+@@ -30,6 +30,10 @@
+   __result; })
+ #endif
+ 
++/* used to be part of ell/util.h before 0.39:
++   https://git.kernel.org/pub/scm/libs/ell/ell.git/commit/?id=2a682421b06e41c45098217a686157f576847021 */
++#define unlikely(x) __builtin_expect(!!(x), 0)
++
+ enum mbim_control_message {
+ 	MBIM_OPEN_MSG = 0x1,
+ 	MBIM_CLOSE_MSG = 0x2,
diff --git a/meta/recipes-connectivity/ofono/ofono/use-python3.patch b/meta/recipes-connectivity/ofono/ofono/use-python3.patch
deleted file mode 100644
index 7b84075257..0000000000
--- a/meta/recipes-connectivity/ofono/ofono/use-python3.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-set-ddr should use Python3 like all the other tests.
-
-Upstream-Status: Submitted
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-From 17b69cd1da4c5c5f732acb38ca1602446c567ee7 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Mon, 29 Jan 2018 11:31:25 +0000
-Subject: [PATCH] test/setddr: use Python 3
-
-All the other tests use Python 3, so this should to.
----
- test/set-ddr | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/set-ddr b/test/set-ddr
-index 5d061b95..33631f31 100755
---- a/test/set-ddr
-+++ b/test/set-ddr
-@@ -1,4 +1,4 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
- 
- import sys
- import dbus
--- 
-2.11.0
diff --git a/meta/recipes-connectivity/ofono/ofono_1.25.bb b/meta/recipes-connectivity/ofono/ofono_1.25.bb
deleted file mode 100644
index 3688b9d2fc..0000000000
--- a/meta/recipes-connectivity/ofono/ofono_1.25.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require ofono.inc
-
-SRC_URI  = "\
-  ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
-  file://ofono \
-  file://use-python3.patch \
-"
-SRC_URI[md5sum] = "31450cabdd8dbbf3f808ea2f2f066863"
-SRC_URI[sha256sum] = "eb011fcd3080e93f3a56f96be60350b6595a8b5f36b61646312ba41b0bcb0d75"
diff --git a/meta/recipes-connectivity/ofono/ofono_1.34.bb b/meta/recipes-connectivity/ofono/ofono_1.34.bb
new file mode 100644
index 0000000000..23631747a7
--- /dev/null
+++ b/meta/recipes-connectivity/ofono/ofono_1.34.bb
@@ -0,0 +1,55 @@
+SUMMARY = "open source telephony"
+DESCRIPTION = "oFono is a stack for mobile telephony devices on Linux. oFono supports speaking to telephony devices through specific drivers, or with generic AT commands."
+HOMEPAGE = "http://www.ofono.org"
+BUGTRACKER = "https://01.org/jira/browse/OF"
+LICENSE = "GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://COPYING;md5=eb723b61539feef013de476e68b5c50a \
+                    file://src/ofono.h;beginline=1;endline=20;md5=3ce17d5978ef3445def265b98899c2ee"
+DEPENDS = "dbus glib-2.0 udev mobile-broadband-provider-info ell"
+
+SRC_URI = "\
+    ${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
+    file://ofono \
+    file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
+    file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
+"
+SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"
+
+inherit autotools pkgconfig update-rc.d systemd gobject-introspection-data
+
+INITSCRIPT_NAME = "ofono"
+INITSCRIPT_PARAMS = "defaults 22"
+SYSTEMD_SERVICE:${PN} = "ofono.service"
+
+PACKAGECONFIG ??= "\
+    ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)} \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'bluetooth', 'bluez', '', d)} \
+"
+PACKAGECONFIG[systemd] = "--with-systemdunitdir=${systemd_system_unitdir}/,--with-systemdunitdir="
+PACKAGECONFIG[bluez] = "--enable-bluetooth, --disable-bluetooth, bluez5"
+
+EXTRA_OECONF += "--enable-test --enable-external-ell"
+
+do_configure:prepend() {
+    bbnote "Removing bundled ell from ${S}/ell to prevent including it"
+    rm -rf ${S}/ell
+}
+
+do_install:append() {
+    install -d ${D}${sysconfdir}/init.d/
+    install -m 0755 ${WORKDIR}/ofono ${D}${sysconfdir}/init.d/ofono
+}
+
+PACKAGES =+ "${PN}-tests"
+
+FILES:${PN} += "${systemd_unitdir}"
+FILES:${PN}-tests = "${libdir}/${BPN}/test"
+
+RDEPENDS:${PN} += "dbus"
+RDEPENDS:${PN}-tests = "\
+    python3-core \
+    python3-dbus \
+    ${@bb.utils.contains('GI_DATA_ENABLED', 'True', 'python3-pygobject', '', d)} \
+"
+
+RRECOMMENDS:${PN} += "kernel-module-tun mobile-broadband-provider-info"
diff --git a/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch b/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch
new file mode 100644
index 0000000000..847c0a143c
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/f107467179428a0e3ea9e4aa9738ac12ff02822d.patch
@@ -0,0 +1,35 @@
+From f107467179428a0e3ea9e4aa9738ac12ff02822d Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Thu, 24 Feb 2022 16:04:18 +0000
+Subject: [PATCH] Improve detection of -fzero-call-used-regs=all support
+
+GCC doesn't tell us whether this option is supported unless it runs into
+the situation where it would need to emit corresponding code.
+
+Upstream-Status: Backport
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ m4/openssh.m4 | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/m4/openssh.m4 b/m4/openssh.m4
+index 4f9c3792dc1..8c33c701b8b 100644
+--- a/m4/openssh.m4
++++ b/m4/openssh.m4
+@@ -14,6 +14,8 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
+ 	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+ #include <stdlib.h>
+ #include <stdio.h>
++/* Trivial function to help test for -fzero-call-used-regs */
++void f(int n) {}
+ int main(int argc, char **argv) {
+ 	(void)argv;
+ 	/* Some math to catch -ftrapv problems in the toolchain */
+@@ -21,6 +23,7 @@ int main(int argc, char **argv) {
+ 	float l = i * 2.1;
+ 	double m = l / 0.5;
+ 	long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
++	f(0);
+ 	printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+ 	/*
+ 	 * Test fallthrough behaviour.  clang 10's -Wimplicit-fallthrough does
diff --git a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
index 7e043a2db1..20036da931 100644
--- a/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
+++ b/meta/recipes-connectivity/openssh/openssh/fix-potential-signed-overflow-in-pointer-arithmatic.patch
@@ -11,14 +11,17 @@ would lead to program abort.
 Upstream-Status: Submitted [http://bugzilla.mindrot.org/show_bug.cgi?id=2608]
 
 Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
+
+Complete the fix
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
 ---
- openbsd-compat/strlcat.c | 8 ++++++--
- openbsd-compat/strlcpy.c | 8 ++++++--
- openbsd-compat/strnlen.c | 8 ++++++--
- 3 files changed, 18 insertions(+), 6 deletions(-)
+ openbsd-compat/strlcat.c | 10 +++++++---
+ openbsd-compat/strlcpy.c |  8 ++++++--
+ openbsd-compat/strnlen.c |  8 ++++++--
+ 3 files changed, 19 insertions(+), 7 deletions(-)
 
 diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
-index bcc1b61..e758ebf 100644
+index bcc1b61..124e1e3 100644
 --- a/openbsd-compat/strlcat.c
 +++ b/openbsd-compat/strlcat.c
 @@ -23,6 +23,7 @@
@@ -29,6 +32,15 @@ index bcc1b61..e758ebf 100644
  
  /*
   * Appends src to string dst of size siz (unlike strncat, siz is the
+@@ -42,7 +43,7 @@ strlcat(char *dst, const char *src, size_t siz)
+ 	/* Find the end of dst and adjust bytes left but don't go past end */
+ 	while (n-- != 0 && *d != '\0')
+ 		d++;
+-	dlen = d - dst;
++	dlen = (uintptr_t)d - (uintptr_t)dst;
+ 	n = siz - dlen;
+ 
+ 	if (n == 0)
 @@ -55,8 +56,11 @@ strlcat(char *dst, const char *src, size_t siz)
  		s++;
  	}
@@ -70,7 +82,7 @@ index b4b1b60..b06f374 100644
  
  #endif /* !HAVE_STRLCPY */
 diff --git a/openbsd-compat/strnlen.c b/openbsd-compat/strnlen.c
-index 93d5155..9b8de5d 100644
+index 7ad3573..7040f1f 100644
 --- a/openbsd-compat/strnlen.c
 +++ b/openbsd-compat/strnlen.c
 @@ -23,6 +23,7 @@
@@ -95,5 +107,5 @@ index 93d5155..9b8de5d 100644
  }
  #endif
 -- 
-1.9.1
+2.17.1
 
diff --git a/meta/recipes-connectivity/openssh/openssh/run-ptest b/meta/recipes-connectivity/openssh/openssh/run-ptest
index 36a3d2a7b7..8a9b770d59 100755
--- a/meta/recipes-connectivity/openssh/openssh/run-ptest
+++ b/meta/recipes-connectivity/openssh/openssh/run-ptest
@@ -1,11 +1,12 @@
 #!/bin/sh
 
 export TEST_SHELL=sh
+export SKIP_UNIT=1
 
 cd regress
 sed -i "/\t\tagent-ptrace /d" Makefile
-make -k .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \
-        | sed -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
+make -k BUILDDIR=`pwd`/.. .OBJDIR=`pwd` .CURDIR=`pwd` SUDO="sudo" tests \
+        | sed -u -e 's/^skipped/SKIP: /g' -e 's/^ok /PASS: /g' -e 's/^failed/FAIL: /g'
 
 SSHAGENT=`which ssh-agent`
 GDB=`which gdb`
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 12c39b26b5..8d76d62309 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,5 +1,6 @@
 [Unit]
 Conflicts=sshd.service
+Wants=sshdgenkeys.service
 
 [Socket]
 ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd@.service b/meta/recipes-connectivity/openssh/openssh/sshd@.service
index 9d83dfb2bb..9d9965e624 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd@.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshd@.service
@@ -1,13 +1,10 @@
 [Unit]
 Description=OpenSSH Per-Connection Daemon
-Wants=sshdgenkeys.service
 After=sshdgenkeys.service
 
 [Service]
 Environment="SSHD_OPTS="
 EnvironmentFile=-/etc/default/ssh
 ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS
-ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID
 StandardInput=socket
-StandardError=syslog
 KillMode=process
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
index 1931dc7153..ef117de897 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
+++ b/meta/recipes-connectivity/openssh/openssh/sshd_check_keys
@@ -6,6 +6,7 @@ generate_key() {
     local DIR="$(dirname "$FILE")"
 
     mkdir -p "$DIR"
+    rm -f ${FILE}.tmp
     ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE
 
     # Atomically rename file public key
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index 603c33787f..fd81793d51 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -6,3 +6,4 @@ RequiresMountsFor=/var /run
 ExecStart=@LIBEXECDIR@/sshd_check_keys
 Type=oneshot
 RemainAfterExit=yes
+Nice=10
diff --git a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index 2a23f64b89..6c5c1912e8 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -5,10 +5,10 @@ Ssh (Secure Shell) is a program for logging into a remote machine \
 and for executing commands on a remote machine."
 HOMEPAGE = "http://www.openssh.com/"
 SECTION = "console/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8"
+LICENSE = "BSD-2-Clause & BSD-3-Clause & ISC & MIT"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=8baf365614c9bdd63705f298c9afbfb9"
 
-DEPENDS = "zlib openssl"
+DEPENDS = "zlib openssl virtual/crypt"
 DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
@@ -24,25 +24,44 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
+           file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \
            "
-SRC_URI[md5sum] = "c6af50b7a474d04726a5aa747a5dce8f"
-SRC_URI[sha256sum] = "6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad"
+SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
+
+# This CVE is specific to OpenSSH with the pam opie which we don't build/use here
+CVE_CHECK_IGNORE += "CVE-2007-2768"
+
+# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
+# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
+CVE_CHECK_IGNORE += "CVE-2014-9278"
+
+# CVE only applies to some distributed RHEL binaries
+CVE_CHECK_IGNORE += "CVE-2008-3844"
 
 PAM_SRC_URI = "file://sshd"
 
-inherit useradd update-rc.d update-alternatives systemd
+inherit manpages useradd update-rc.d update-alternatives systemd
 
 USERADD_PACKAGES = "${PN}-sshd"
-USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
+USERADD_PARAM:${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
 INITSCRIPT_PACKAGES = "${PN}-sshd"
-INITSCRIPT_NAME_${PN}-sshd = "sshd"
-INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
+INITSCRIPT_NAME:${PN}-sshd = "sshd"
+INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
 
 SYSTEMD_PACKAGES = "${PN}-sshd"
-SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
+SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket"
 
 inherit autotools-brokensep ptest
 
+PACKAGECONFIG ??= "rng-tools"
+PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
+PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
+PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
+PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
+
+# Add RRECOMMENDS to rng-tools for sshd package
+PACKAGECONFIG[rng-tools] = ""
+
 EXTRA_AUTORECONF += "--exclude=aclocal"
 
 # login path is hardcoded in sshd
@@ -55,8 +74,11 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
                 --disable-strip \
                 "
 
-# musl doesn't implement wtmp/utmp
-EXTRA_OECONF_append_libc-musl = " --disable-wtmp"
+# musl doesn't implement wtmp/utmp and logwtmp
+EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"
+
+# https://bugzilla.mindrot.org/show_bug.cgi?id=3398
+EXTRA_OECONF:append:powerpc = " --with-sandbox=no"
 
 # Since we do not depend on libbsd, we do not want configure to use it
 # just because it finds libutil.h.  But, specifying --disable-libutil
@@ -69,20 +91,17 @@ CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
 # We don't want to depend on libblockfile
 CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
 
-do_configure_prepend () {
+do_configure:prepend () {
 	export LD="${CC}"
 	install -m 0644 ${WORKDIR}/sshd_config ${B}/
 	install -m 0644 ${WORKDIR}/ssh_config ${B}/
 }
 
 do_compile_ptest() {
-        # skip regress/unittests/ binaries: this will silently skip
-        # unittests in run-ptests which is good because they are so slow.
-        oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \
-                   regress/check-perm regress/mkdtemp
+	oe_runmake regress-binaries regress-unit-binaries
 }
 
-do_install_append () {
+do_install:append () {
 	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
 		install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
 		sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
@@ -108,15 +127,15 @@ do_install_append () {
 	echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 
-	install -d ${D}${systemd_unitdir}/system
-	install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
-	install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
-	install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
+	install -d ${D}${systemd_system_unitdir}
+	install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_system_unitdir}
+	install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_system_unitdir}
+	install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_system_unitdir}
 	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
 		-e 's,@SBINDIR@,${sbindir},g' \
 		-e 's,@BINDIR@,${bindir},g' \
 		-e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
-		${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
+		${D}${systemd_system_unitdir}/sshd.socket ${D}${systemd_system_unitdir}/*.service
 
 	sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
 		${D}${sysconfdir}/init.d/sshd
@@ -127,36 +146,42 @@ do_install_append () {
 do_install_ptest () {
 	sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
 	cp -r regress ${D}${PTEST_PATH}
+	cp config.h ${D}${PTEST_PATH}
 }
 
-ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY:${PN} = "1"
 
 PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
-FILES_${PN}-scp = "${bindir}/scp.${BPN}"
-FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
-FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
-FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
-FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
-FILES_${PN}-sftp = "${bindir}/sftp"
-FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
-FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
-FILES_${PN}-keygen = "${bindir}/ssh-keygen"
-
-RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
-RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
-
-RPROVIDES_${PN}-ssh = "ssh"
-RPROVIDES_${PN}-sshd = "sshd"
-
-RCONFLICTS_${PN} = "dropbear"
-RCONFLICTS_${PN}-sshd = "dropbear"
-
-CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
-CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
+FILES:${PN}-scp = "${bindir}/scp.${BPN}"
+FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
+FILES:${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}"
+FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
+FILES:${PN}-sftp = "${bindir}/sftp"
+FILES:${PN}-sftp-server = "${libexecdir}/sftp-server"
+FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
+FILES:${PN}-keygen = "${bindir}/ssh-keygen"
+
+RDEPENDS:${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
+RDEPENDS:${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
+RRECOMMENDS:${PN}-sshd:append:class-target = "\
+    ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \
+"
+
+# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
+RDEPENDS:${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"
+
+RPROVIDES:${PN}-ssh = "ssh"
+RPROVIDES:${PN}-sshd = "sshd"
+
+RCONFLICTS:${PN} = "dropbear"
+RCONFLICTS:${PN}-sshd = "dropbear"
+
+CONFFILES:${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
+CONFFILES:${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
 
 ALTERNATIVE_PRIORITY = "90"
-ALTERNATIVE_${PN}-scp = "scp"
-ALTERNATIVE_${PN}-ssh = "ssh"
+ALTERNATIVE:${PN}-scp = "scp"
+ALTERNATIVE:${PN}-ssh = "ssh"
 
 BBCLASSEXTEND += "nativesdk"
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
new file mode 100644
index 0000000000..5effa6c6f6
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch
@@ -0,0 +1,36 @@
+From 326909baf81a638d51fa8be1d8227518784f5cc4 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Tue, 14 Sep 2021 12:18:25 +0200
+Subject: [PATCH] Configure: do not tweak mips cflags
+
+This conflicts with mips machine definitons from yocto,
+e.g.
+| Error: -mips3 conflicts with the other architecture options, which imply -mips64r2
+
+Upstream-Status: Inappropriate [oe-core specific]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ Configure | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/Configure b/Configure
+index 821e680..0387a74 100755
+--- a/Configure
++++ b/Configure
+@@ -1422,16 +1422,6 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
+         push @{$config{shared_ldflag}}, "-mno-cygwin";
+         }
+ 
+-if ($target =~ /linux.*-mips/ && !$disabled{asm}
+-        && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+-        # minimally required architecture flags for assembly modules
+-        my $value;
+-        $value = '-mips2' if ($target =~ /mips32/);
+-        $value = '-mips3' if ($target =~ /mips64/);
+-        unshift @{$config{cflags}}, $value;
+-        unshift @{$config{cxxflags}}, $value if $config{CXX};
+-}
+-
+ # If threads aren't disabled, check how possible they are
+ unless ($disabled{threads}) {
+     if ($auto_threads) {
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
index 80b62ab18c..60890c666d 100644
--- a/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
+++ b/meta/recipes-connectivity/openssl/openssl/0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch
@@ -1,4 +1,4 @@
-From 3e1d00481093e10775eaf69d619c45b32a4aa7dc Mon Sep 17 00:00:00 2001
+From 5985253f2c9025d7c127443a3a9938946f80c2a1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Martin=20Hundeb=C3=B8ll?= <martin@geanix.com>
 Date: Tue, 6 Nov 2018 14:50:47 +0100
 Subject: [PATCH] buildinfo: strip sysroot and debug-prefix-map from compiler
@@ -20,16 +20,25 @@ https://patchwork.openembedded.org/patch/147229/
 
 Upstream-Status: Inappropriate [OE specific]
 Signed-off-by: Martin Hundebøll <martin@geanix.com>
+
+Update to fix buildpaths qa issue for '-fmacro-prefix-map'.
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Update to fix buildpaths qa issue for '-ffile-prefix-map'.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
 ---
- Configurations/unix-Makefile.tmpl | 10 +++++++++-
+ Configurations/unix-Makefile.tmpl | 12 +++++++++++-
  crypto/build.info                 |  2 +-
- 2 files changed, 10 insertions(+), 2 deletions(-)
+ 2 files changed, 12 insertions(+), 2 deletions(-)
 
 diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 16af4d2087..54c162784c 100644
+index f88a70f..528cdef 100644
 --- a/Configurations/unix-Makefile.tmpl
 +++ b/Configurations/unix-Makefile.tmpl
-@@ -317,13 +317,21 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
+@@ -471,13 +471,23 @@ BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (),
                           '$(CNF_LDFLAGS)', '$(LDFLAGS)') -}
  BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS)
  
@@ -43,6 +52,8 @@ index 16af4d2087..54c162784c 100644
  
 +CFLAGS_Q={- for (@{$config{CFLAGS}}) {
 +              s|-fdebug-prefix-map=[^ ]+|-fdebug-prefix-map=|g;
++              s|-fmacro-prefix-map=[^ ]+|-fmacro-prefix-map=|g;
++              s|-ffile-prefix-map=[^ ]+|-ffile-prefix-map=|g;
 +            }
 +            join(' ', @{$config{CFLAGS}}) -}
 +
@@ -53,18 +64,15 @@ index 16af4d2087..54c162784c 100644
  
  # For x86 assembler: Set PROCESSOR to 386 if you want to support
 diff --git a/crypto/build.info b/crypto/build.info
-index b515b7318e..8c9cee2a09 100644
+index efca6cc..eda433e 100644
 --- a/crypto/build.info
 +++ b/crypto/build.info
-@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
-         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+@@ -109,7 +109,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
  
+ DEPEND[info.o]=buildinf.h
  DEPEND[cversion.o]=buildinf.h
 -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
 +GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC_Q) $(CFLAGS_Q) $(CPPFLAGS_Q)" "$(PLATFORM)"
- DEPEND[buildinf.h]=../configdata.pm
  
- GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
--- 
-2.19.1
-
+ GENERATE[uplink-x86.s]=../ms/uplink-x86.pl
+ GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch b/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
deleted file mode 100644
index d8d9651b64..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-skip-test_symbol_presence.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From a9401b2289656c5a36dd1b0ecebf0d23e291ce70 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Tue, 2 Oct 2018 23:58:24 +0800
-Subject: [PATCH] skip test_symbol_presence
-
-We cannot skip `01-test_symbol_presence.t' by configuring option `no-shared'
-as INSTALL told us the shared libraries will not be built.
-
-[INSTALL snip]
- Notes on shared libraries
- -------------------------
-
- For most systems the OpenSSL Configure script knows what is needed to
- build shared libraries for libcrypto and libssl. On these systems
- the shared libraries will be created by default. This can be suppressed and
- only static libraries created by using the "no-shared" option. On systems
- where OpenSSL does not know how to build shared libraries the "no-shared"
- option will be forced and only static libraries will be created.
-[INSTALL snip]
-
-Hence directly modification the case to skip it.
-
-Upstream-Status: Inappropriate [OE Specific]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- test/recipes/01-test_symbol_presence.t | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
-index 7f2a2d7..0b93745 100644
---- a/test/recipes/01-test_symbol_presence.t
-+++ b/test/recipes/01-test_symbol_presence.t
-@@ -14,8 +14,7 @@ use OpenSSL::Test::Utils;
- 
- setup("test_symbol_presence");
- 
--plan skip_all => "Only useful when building shared libraries"
--    if disabled("shared");
-+plan skip_all => "The case needs debug symbols then we just disable it";
- 
- my @libnames = ("crypto", "ssl");
- my $testcount = scalar @libnames;
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/openssl/openssl/afalg.patch b/meta/recipes-connectivity/openssl/openssl/afalg.patch
index 7c4b084f3d..b7c0e9697f 100644
--- a/meta/recipes-connectivity/openssl/openssl/afalg.patch
+++ b/meta/recipes-connectivity/openssl/openssl/afalg.patch
@@ -18,14 +18,14 @@ index 3baa8ce..9ef52ed 100755
 -            ($mi2) = $mi2 =~ /(\d+)/;
 -            my $ver = $ma*10000 + $mi1*100 + $mi2;
 -            if ($ver < $minver) {
--                $disabled{afalgeng} = "too-old-kernel";
+-                disable('too-old-kernel', 'afalgeng');
 -            } else {
 -                push @{$config{engdirs}}, "afalg";
 -            }
 -        } else {
--            $disabled{afalgeng} = "cross-compiling";
+-            disable('cross-compiling', 'afalgeng');
 -        }
 +        push @{$config{engdirs}}, "afalg";
      } else {
-         $disabled{afalgeng}  = "not-linux";
+         disable('not-linux', 'afalgeng');
      }
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
deleted file mode 100644
index 6620fdcb53..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-
-# default certificate location
-DIR=/etc/openssl
-
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-#       1. the filename to be scanned
-# returns:
-#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
-    local IS_TYPE=0
-
-    # make IFS a newline so we can process grep output line by line
-    local OLDIFS=${IFS}
-    IFS=$( printf "\n" )
-
-    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
-    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
-    do
-	if echo ${LINE} \
-	    | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	fi
-    done
-
-    # restore IFS
-    IFS=${OLDIFS}
-
-    return ${IS_TYPE}
-}
-
-
-#
-# use openssl to fingerprint a file
-#    arguments:
-#	1. the filename to fingerprint
-#	2. the method to use (x509, crl)
-#    returns:
-#	none
-#    assumptions:
-#	user will capture output from last stage of pipeline
-#
-fingerprint()
-{
-    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-
-
-#
-# link_hash - create links to certificate files
-#    arguments:
-#       1. the filename to create a link for
-#	2. the type of certificate being linked (x509, crl)
-#    returns:
-#	0 on success, 1 otherwise
-#
-link_hash()
-{
-    local FINGERPRINT=$( fingerprint ${1} ${2} )
-    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
-    local SUFFIX=0
-    local LINKFILE=''
-    local TAG=''
-
-    if [ ${2} = "crl" ]
-    then
-    	TAG='r'
-    fi
-
-    LINKFILE=${HASH}.${TAG}${SUFFIX}
-
-    while [ -f ${LINKFILE} ]
-    do
-	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
-	then
-	    echo "NOTE: Skipping duplicate file ${1}" >&2
-	    return 1
-	fi	
-
-	SUFFIX=$(( ${SUFFIX} + 1 ))
-	LINKFILE=${HASH}.${TAG}${SUFFIX}
-    done
-
-    echo "${3} => ${LINKFILE}"
-
-    # assume any system with a POSIX shell will either support symlinks or
-    # do something to handle this gracefully
-    ln -s ${3} ${LINKFILE}
-
-    return 0
-}
-
-
-# hash_dir create hash links in a given directory
-hash_dir()
-{
-    echo "Doing ${1}"
-
-    cd ${1}
-
-    ls -1 * 2>/dev/null | while read FILE
-    do
-        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
-	    	&& [ -h "${FILE}" ]
-        then
-            rm ${FILE}
-        fi
-    done
-
-    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
-    do
-	REAL_FILE=${FILE}
-	# if we run on build host then get to the real files in rootfs
-	if [ -n "${SYSROOT}" -a -h ${FILE} ]
-	then
-	    FILE=$( readlink ${FILE} )
-	    # check the symlink is absolute (or dangling in other word)
-	    if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
-	    then
-		REAL_FILE=${SYSROOT}/${FILE}
-	    fi
-	fi
-
-	check_file ${REAL_FILE}
-        local FILE_TYPE=${?}
-	local TYPE_STR=''
-
-        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
-        then
-            TYPE_STR='x509'
-        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
-        then
-            TYPE_STR='crl'
-        else
-            echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
-	    continue
-        fi
-
-	link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
-    done
-}
-
-
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
-    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
-    SSL_CMD=/usr/bin/openssl
-    OPENSSL=${SSL_CMD}
-    export OPENSSL
-fi
-
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
-    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
-    exit 0
-fi
-
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
-    IFS=':'
-    DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
-    DIRLIST=$SSL_CERT_DIR
-else
-    DIRLIST=${DIR}/certs
-fi
-
-IFS=':'
-
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
-    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
-    then
-        IFS=$old_IFS
-        hash_dir ${CERT_DIR}
-        IFS=':'
-    fi
-done
diff --git a/meta/recipes-connectivity/openssl/openssl/run-ptest b/meta/recipes-connectivity/openssl/openssl/run-ptest
index 0a620dea74..8dff79101f 100644
--- a/meta/recipes-connectivity/openssl/openssl/run-ptest
+++ b/meta/recipes-connectivity/openssl/openssl/run-ptest
@@ -9,4 +9,4 @@ export TOP=.
 # OPENSSL_ENGINES is relative from the test binaries
 export OPENSSL_ENGINES=../engines
 
-perl ./test/run_tests.pl $*
+perl ./test/run_tests.pl $* | sed -u -r -e '/(.*) \.*.ok/ s/^/PASS: /g' -r -e '/Dubious(.*)/ s/^/FAIL: /g' -e '/(.*) \.*.skipped: (.*)/ s/^/SKIP: /g'
diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch
deleted file mode 100644
index 13d39c918c..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-BN_LLONG-breakage.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 247b3188cde5f3347091cd54271127386d3aece0 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Wed, 6 Feb 2019 22:10:33 -0800
-Subject: [PATCH] Fix BN_LLONG breakage
-
-opensslconf.h is un-defining BN_LLONG only when included from bn.h which
-is not robust at all, especially when include guards are used and
-multiple inclusions of a given header is not allowed. so lets take out
-the nesting constraint and add OPENSSL_SYS_UEFI constraint instead
-
-Upstream-Status: Inappropriate [ fixed differently with OpenSSL 1.1+ ]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- crypto/opensslconf.h.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
-index 7a1c85d..a10c10f 100644
---- a/crypto/opensslconf.h.in
-+++ b/crypto/opensslconf.h.in
-@@ -56,7 +56,7 @@
- #endif
- #endif
- 
--#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-+#if !defined(OPENSSL_SYS_UEFI) && !defined(CONFIG_HEADER_BN_H)
- #define CONFIG_HEADER_BN_H
- #undef BN_LLONG
- 
--- 
-2.20.1
-
diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch b/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch
deleted file mode 100644
index 2270962a6f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/0001-Fix-build-with-clang-using-external-assembler.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 2f6026cb8b16cf00726e3c5625c023f196680f07 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 17 Mar 2017 12:52:08 -0700
-Subject: [PATCH] Fix build with clang using external assembler
-
-Cherry-picked from
-https://github.com/openssl/openssl/commit/11208dcfb9105e8afa37233185decefd45e89e17
-https://github.com/openssl/openssl/commit/fbab8baddef8d3346ae40ff068871e2ddaf10270
-https://github.com/openssl/openssl/commit/6cf412c473d8145562b76219ce3da73b201b3255
-
-Fixes
-
-| ghash-armv4.S: Assembler messages:
-| ghash-armv4.S:81: Error: bad instruction `ldrbpl r12,[r2,r3]'
-| ghash-armv4.S:91: Error: bad instruction `ldrbpl r8,[r0,r3]'
-| ghash-armv4.S:137: Error: bad instruction `ldrbne r12,[r2,#15]'
-| ghash-armv4.S:224: Error: bad instruction `ldrbpl r12,[r0,r3]'
-| clang-4.0: error: assembler command failed with exit code 1 (use -v to see invocation)
-| make[2]: *** [<builtin>: ghash-armv4.o] Error 1
-
-Upstream-Status: Backport
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- crypto/modes/asm/ghash-armv4.pl | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
-index 8ccc963ef..442fed4da 100644
---- a/crypto/modes/asm/ghash-armv4.pl
-+++ b/crypto/modes/asm/ghash-armv4.pl
-@@ -124,7 +124,10 @@ $code=<<___;
- #include "arm_arch.h"
- 
- .text
-+#if defined(__thumb2__) || defined(__clang__)
-+.syntax	unified
-+#endif
- .code	32
- 
- #ifdef __clang__
- #define ldrplb	ldrbpl
--- 
-2.12.0
-
diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch b/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch
deleted file mode 100644
index 3f7d649955..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/0001-allow-manpages-to-be-disabled.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From e1c39b80b01d4d18feeadfdc6e45a3e1dd110634 Mon Sep 17 00:00:00 2001
-From: Andre McCurdy <armccurdy@gmail.com>
-Date: Fri, 27 Jul 2018 21:41:06 +0000
-Subject: [PATCH] allow manpages to be disabled
-
-Define OE_DISABLE_MANPAGES (via environment or the make command line)
-to skip creation and installation of manpages.
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
----
- Makefile.org | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.org b/Makefile.org
-index ed98d2a..747d8cb 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -549,7 +549,7 @@ dist:
- 	@$(MAKE) SDIRS='$(SDIRS)' clean
- 	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
- 
--install: all install_docs install_sw
-+install: all $(if $(OE_DISABLE_MANPAGES),,install_docs) install_sw
- 
- install_sw:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch b/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch
deleted file mode 100644
index dd1a9b1dd2..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/0001-openssl-force-soft-link-to-avoid-rare-race.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 3d9199423d48766649a2b2ebb3924e892ed16fa4 Mon Sep 17 00:00:00 2001
-From: Randy MacLeod <Randy.MacLeod@windriver.com>
-Date: Tue, 20 Jun 2017 15:32:08 -0400
-Subject: [PATCH] openssl: Force soft link to avoid rare race
-
-This patch works around a rare parallel build race condition. 
-The error seen is:
-
-ln: failed to create symbolic link 'libssl.so': File exists
-make[4]: *** [Makefile.shared:171: link_a.gnu] Error 1
-make[4]: Leaving directory
-'/.../build/tmp-glibc/work/x86_64-linux/openssl-native/1.0.2k-r0/openssl-1.0.2k'
-
-The openssl team is rewriting their build files so it's not
-appropriate for openssl upstream and fixing the root cause of
-the Makefile race condition was also not pursued.
-
-Upstream-Status: Inappropriate [build rules rewrite in progress]
-Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
----
- Makefile.shared | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Makefile.shared b/Makefile.shared
-index e8d222a..1bff92f 100644
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -118,14 +118,14 @@
- 		if [ -n "$$SHLIB_COMPAT" ]; then \
- 			for x in $$SHLIB_COMPAT; do \
- 				( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
--				  ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
-+				  ln -sf $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
- 				prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
- 			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
--			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
-+			  ln -sf $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
- 	fi
- 
--- 
-2.9.3
diff --git a/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch b/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch
deleted file mode 100644
index 1b8402af97..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/Makefiles-ptest.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From a176c69f4fdfbfa7e4ccb79d91c3b6602da7e69a Mon Sep 17 00:00:00 2001
-From: Anders Roxell <anders.roxell@enea.com>
-Date: Thu, 24 Apr 2014 19:28:25 +0200
-Subject: [PATCH 19/28] openssl: enable ptest support
-
-Add 'buildtest' and 'runtest' targets to Makefile, to build and run tests
-cross-compiled.
-
-Signed-off-by: Anders Roxell <anders.roxell@enea.com>
-Signed-off-by: Maxin B. John <maxin.john@enea.com>
-Upstream-Status: Pending
-
----
- Makefile.org  | 10 +++++++++-
- test/Makefile | 13 +++++++++----
- 2 files changed, 18 insertions(+), 5 deletions(-)
- 
-diff --git a/Makefile.org b/Makefile.org
-index 111fbba..8e7936c 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -467,8 +467,16 @@ rehash.time: certs apps
- test:   tests
- 
- tests: rehash
-+	$(MAKE) buildtest
-+	$(MAKE) runtest
-+
-+buildtest:
-+	@(cd test && \
-+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf exe apps);
-+
-+runtest:
- 	@(cd test && echo "testing..." && \
--	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf tests );
-+	$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='$(TESTS)' OPENSSL_DEBUG_MEMORY=on OPENSSL_CONF=../apps/openssl.cnf alltests );
- 	OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
- 
- report:
-diff --git a/test/Makefile b/test/Makefile
-index 55a6b50..d46b4d1 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -150,7 +150,7 @@ tests:	exe apps $(TESTS)
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
- 
--alltests: \
-+all-tests= \
- 	test_des test_idea test_sha test_md4 test_md5 test_hmac \
- 	test_md2 test_mdc2 test_wp \
- 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
-@@ -162,6 +162,11 @@ alltests: \
- 	test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
- 	test_dtls test_bad_dtls test_fatalerr test_x509_time
- 
-+alltests:
-+	@(for i in $(all-tests); do \
-+	( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
-+	done)
-+
- test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
- 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
- 
-@@ -230,7 +235,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pe
- 	echo test second x509v3 certificate
- 	sh ./tx509 v3-cert2.pem 2>/dev/null
- 
--test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
-+test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
- 	@sh ./trsa 2>/dev/null
- 	../util/shlib_wrap.sh ./$(RSATEST)
- 
-@@ -331,11 +336,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
- 	  sh ./testtsa; \
- 	fi
- 
--test_ige: $(IGETEST)$(EXE_EXT)
-+test_ige:
- 	@echo "Test IGE mode"
- 	../util/shlib_wrap.sh ./$(IGETEST)
- 
--test_jpake: $(JPAKETEST)$(EXE_EXT)
-+test_jpake:
- 	@echo "Test JPAKE"
- 	../util/shlib_wrap.sh ./$(JPAKETEST)
- 
--- 
-2.15.1
diff --git a/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch
deleted file mode 100644
index 58c9ee7844..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/Use-SHA256-not-MD5-as-default-digest.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
-From: Rich Salz <rsalz@akamai.com>
-Date: Sat, 13 Jun 2015 17:03:39 -0400
-Subject: [PATCH] Use SHA256 not MD5 as default digest.
-
-Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
-
-Upstream-Status: Backport
-Backport from OpenSSL 2.0 to OpenSSL 1.0.2
-Commit f8547f62c212837dbf44fb7e2755e5774a59a57b   
-
-CVE: CVE-2004-2761
-
-    The MD5 Message-Digest Algorithm is not collision resistant,
-    which makes it easier for context-dependent attackers to            
-    conduct spoofing attacks, as demonstrated by attacks on the     
-    use of MD5 in the signature algorithm of an X.509 certificate.     
-
-Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>     
-Signed-off-by: T.O. Radzy Radzykewycz <radzy@windriver.com> 
----
- apps/ca.c   | 2 +-
- apps/dgst.c | 2 +-
- apps/enc.c  | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/apps/ca.c b/apps/ca.c
-index 3b7336c..8f3a84b 100644
---- a/apps/ca.c
-+++ b/apps/ca.c
-@@ -1612,7 +1612,7 @@ static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
-     } else
-         BIO_printf(bio_err, "Signature ok\n");
- 
--    if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
-+    if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
-         goto err;
- 
-     ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
-diff --git a/apps/dgst.c b/apps/dgst.c
-index 95e5fa3..0d1529f 100644
---- a/apps/dgst.c
-+++ b/apps/dgst.c
-@@ -442,7 +442,7 @@ int MAIN(int argc, char **argv)
-             goto end;
-         }
-         if (md == NULL)
--            md = EVP_md5();
-+            md = EVP_sha256();
-         if (!EVP_DigestInit_ex(mctx, md, impl)) {
-             BIO_printf(bio_err, "Error setting digest %s\n", pname);
-             ERR_print_errors(bio_err);
-diff --git a/apps/enc.c b/apps/enc.c
-index 7b7c70b..a7d944c 100644
---- a/apps/enc.c
-+++ b/apps/enc.c
-@@ -344,7 +344,7 @@ int MAIN(int argc, char **argv)
-     }
- 
-     if (dgst == NULL) {
--        dgst = EVP_md5();
-+        dgst = EVP_sha256();
-     }
- 
-     if (bufsize != NULL) {
--- 
-1.9.1
-
diff --git a/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch b/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch
deleted file mode 100644
index f357b3f59f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/configure-musl-target.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Add musl triplet support
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: openssl-1.0.2a/Configure
-===================================================================
---- openssl-1.0.2a.orig/Configure
-+++ openssl-1.0.2a/Configure
-@@ -431,7 +431,7 @@ my %table=(
- #
- #       ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
- #
--"linux-armv4",	"gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- # Configure script adds minimally required -march for assembly support,
- # if no -march was specified at command line. mips32 and mips64 below
-@@ -504,4 +504,6 @@ my %table=(
- "linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-musleabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-musleabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- 
- "linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
- 
diff --git a/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch b/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch
deleted file mode 100644
index 1e01589722..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/configure-targets.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upstream-Status: Inappropriate [embedded specific]
-
-The number of colons are important :)
-
-
----
- Configure |   16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-Index: openssl-1.0.2a/Configure
-===================================================================
---- openssl-1.0.2a.orig/Configure
-+++ openssl-1.0.2a/Configure
-@@ -443,6 +443,21 @@ my %table=(
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- 
-+ 
-+# Linux on ARM
-+"linux-elf-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-arm","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-gnueabi-armeb","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
-+"linux-avr32","$ENV{'CC'}:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).",
-+
-+#### Linux on MIPS/MIPS64
-+"linux-mips","$ENV{'CC'}:-DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64","$ENV{'CC'}:-DB_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mips64el","$ENV{'CC'}:-DL_ENDIAN -mabi=64 -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-mipsel","$ENV{'CC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Android: linux-* but without pointers to headers and libs.
- "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch
deleted file mode 100644
index 3820e3e306..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian/c_rehash-compat.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
-From: Ludwig Nussel <ludwig.nussel@suse.de>
-Date: Wed, 21 Apr 2010 15:52:10 +0200
-Subject: [PATCH] also create old hash for compatibility
-
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.2n/tools/c_rehash.in
-===================================================================
---- openssl-1.0.2n.orig/tools/c_rehash.in
-+++ openssl-1.0.2n/tools/c_rehash.in
-@@ -8,8 +8,6 @@ my $prefix;
- 
- my $openssl = $ENV{OPENSSL} || "openssl";
- my $pwd;
--my $x509hash = "-subject_hash";
--my $crlhash = "-hash";
- my $verbose = 0;
- my $symlink_exists=eval {symlink("",""); 1};
- my $removelinks = 1;
-@@ -18,10 +16,7 @@ my $removelinks = 1;
- while ( $ARGV[0] =~ /^-/ ) {
-     my $flag = shift @ARGV;
-     last if ( $flag eq '--');
--    if ( $flag eq '-old') {
--	    $x509hash = "-subject_hash_old";
--	    $crlhash = "-hash_old";
--    } elsif ( $flag eq '-h') {
-+    if ( $flag eq '-h') {
- 	    help();
-     } elsif ( $flag eq '-n' ) {
- 	    $removelinks = 0;
-@@ -113,7 +108,9 @@ sub hash_dir {
- 			next;
- 		}
- 		link_hash_cert($fname) if($cert);
-+		link_hash_cert_old($fname) if($cert);
- 		link_hash_crl($fname) if($crl);
-+		link_hash_crl_old($fname) if($crl);
- 	}
- }
- 
-@@ -146,6 +143,7 @@ sub check_file {
- 
- sub link_hash_cert {
- 		my $fname = $_[0];
-+		my $x509hash = $_[1] || '-subject_hash';
- 		$fname =~ s/'/'\\''/g;
- 		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
- 		chomp $hash;
-@@ -177,10 +175,20 @@ sub link_hash_cert {
- 		$hashlist{$hash} = $fprint;
- }
- 
-+sub link_hash_cert_old {
-+		link_hash_cert($_[0], '-subject_hash_old');
-+}
-+
-+sub link_hash_crl_old {
-+		link_hash_crl($_[0], '-hash_old');
-+}
-+
-+
- # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
- 
- sub link_hash_crl {
- 		my $fname = $_[0];
-+		my $crlhash = $_[1] || "-hash";
- 		$fname =~ s/'/'\\''/g;
- 		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
- 		chomp $hash;
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch b/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch
deleted file mode 100644
index 24709f4f06..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian/debian-targets.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.2n/Configure
-===================================================================
---- openssl-1.0.2n.orig/Configure
-+++ openssl-1.0.2n/Configure
-@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-pa
- # Warn that "make depend" should be run?
- my $warn_make_depend = 0;
- 
-+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
-+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
-+$debian_cflags =~ s/\n/ /g;
-+
- my $strict_warnings = 0;
- 
- my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -369,6 +373,55 @@ my %table=(
- "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
- "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
- 
-+# Debian GNU/* (various architectures)
-+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32",   "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32el",   "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64",   "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64el",   "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-i386",	"gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-m68k",	"gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-sparc",	"gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
-+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4",   "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4eb",   "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
-+
- ####
- #### Variety of LINUX:-)
- ####
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch b/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch
deleted file mode 100644
index 4085e3b1d7..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian/man-dir.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.org
-===================================================================
---- openssl-1.0.0c.orig/Makefile.org	2010-12-12 16:11:27.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org	2010-12-12 16:11:37.000000000 +0100
-@@ -131,7 +131,7 @@
- 
- MAKEFILE= Makefile
- 
--MANDIR=$(OPENSSLDIR)/man
-+MANDIR=/usr/share/man
- MAN1=1
- MAN3=3
- MANSUFFIX=
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch b/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch
deleted file mode 100644
index 21c1d1a4eb..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian/man-section.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.org
-===================================================================
---- openssl-1.0.0c.orig/Makefile.org	2010-12-12 16:11:37.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org	2010-12-12 16:13:28.000000000 +0100
-@@ -160,7 +160,8 @@
- MANDIR=/usr/share/man
- MAN1=1
- MAN3=3
--MANSUFFIX=
-+MANSUFFIX=ssl
-+MANSECTION=SSL
- HTMLSUFFIX=html
- HTMLDIR=$(OPENSSLDIR)/html
- SHELL=/bin/sh
-@@ -651,7 +652,7 @@
- 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- 		(cd `$(PERL) util/dirname.pl $$i`; \
- 		sh -c "$$pod2man \
--			--section=$$sec --center=OpenSSL \
-+			--section=$${sec}$(MANSECTION) --center=OpenSSL \
- 			--release=$(VERSION) `basename $$i`") \
- 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- 		$(PERL) util/extract-names.pl < $$i | \
-@@ -668,7 +669,7 @@
- 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- 		(cd `$(PERL) util/dirname.pl $$i`; \
- 		sh -c "$$pod2man \
--			--section=$$sec --center=OpenSSL \
-+			--section=$${sec}$(MANSECTION) --center=OpenSSL \
- 			--release=$(VERSION) `basename $$i`") \
- 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- 		$(PERL) util/extract-names.pl < $$i | \
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch b/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch
deleted file mode 100644
index 1ccb3b86ee..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian/no-rpath.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.shared
-===================================================================
---- openssl-1.0.0c.orig/Makefile.shared	2010-08-21 13:36:49.000000000 +0200
-+++ openssl-1.0.0c/Makefile.shared	2010-12-12 16:13:36.000000000 +0100
-@@ -153,7 +153,7 @@
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
- #This is rather special.  It's a special target with which one can link
- #applications without bothering with any features that have anything to
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch b/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch
deleted file mode 100644
index cc4408ab7d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian/no-symbolic.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.0c/Makefile.shared
-===================================================================
---- openssl-1.0.0c.orig/Makefile.shared	2010-12-12 16:13:36.000000000 +0100
-+++ openssl-1.0.0c/Makefile.shared	2010-12-12 16:13:44.000000000 +0100
-@@ -151,7 +151,7 @@
- 	SHLIB_SUFFIX=; \
- 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
--	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-+	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
- DO_GNU_APP=LDFLAGS="$(CFLAGS)"
- 
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch b/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch
deleted file mode 100644
index bfda3888bf..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian/pic.patch
+++ /dev/null
@@ -1,177 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl	2001-10-24 23:20:56.000000000 +0200
-+++ openssl-1.0.1c/crypto/des/asm/desboth.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -16,6 +16,11 @@
- 
- 	&push("edi");
- 
-+	&call   (&label("pic_point0"));
-+	&set_label("pic_point0");
-+	&blindpop("ebp");
-+	&add    ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+
- 	&comment("");
- 	&comment("Load the data words");
- 	&mov($L,&DWP(0,"ebx","",0));
-@@ -47,15 +52,21 @@
- 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
- 	&mov(&swtmp(1),	"eax");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
- 	&mov(&swtmp(1),	"edi");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
- 	&mov(&swtmp(1),	"esi");
- 	&mov(&swtmp(0),	"ebx");
--	&call("DES_encrypt2");
-+	&exch("ebx", "ebp");
-+	&call("DES_encrypt2\@PLT");
-+	&exch("ebx", "ebp");
- 
- 	&stack_pop(3);
- 	&mov($L,&DWP(0,"ebx","",0));
-Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl	2011-07-13 08:22:46.000000000 +0200
-+++ openssl-1.0.1c/crypto/perlasm/cbc.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -122,7 +122,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($enc_func);
-+	&call	(&label("pic_point0"));
-+	&set_label("pic_point0");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+	&call("$enc_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));
-@@ -185,7 +189,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put in array for call
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($enc_func);
-+	&call	(&label("pic_point1"));
-+	&set_label("pic_point1");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
-+	&call("$enc_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));
-@@ -218,7 +226,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($dec_func);
-+	&call	(&label("pic_point2"));
-+	&set_label("pic_point2");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
-+	&call("$dec_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
-@@ -261,7 +273,11 @@
- 	&mov(&DWP($data_off,"esp","",0),	"eax");	# put back
- 	&mov(&DWP($data_off+4,"esp","",0),	"ebx");	#
- 
--	&call($dec_func);
-+	&call	(&label("pic_point3"));
-+	&set_label("pic_point3");
-+	&blindpop("ebx");
-+	&add	("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
-+	&call("$dec_func\@PLT");
- 
- 	&mov("eax",	&DWP($data_off,"esp","",0));	# get return
- 	&mov("ebx",	&DWP($data_off+4,"esp","",0));	#
-Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl	2011-12-09 20:16:35.000000000 +0100
-+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -161,6 +161,7 @@
- 	if ($::macosx)	{ push (@out,"$tmp,2\n"); }
- 	elsif ($::elf)	{ push (@out,"$tmp,4\n"); }
- 	else		{ push (@out,"$tmp\n"); }
-+	if ($::elf)	{ push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
-     }
-     push(@out,$initseg) if ($initseg);
- }
-@@ -218,8 +219,23 @@
-     elsif ($::elf)
-     {	$initseg.=<<___;
- .section	.init
-+___
-+        if ($::pic)
-+	{   $initseg.=<<___;
-+	pushl	%ebx
-+	call	.pic_point0
-+.pic_point0:
-+	popl	%ebx
-+	addl	\$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
-+	call	$f\@PLT
-+	popl	%ebx
-+___
-+	}
-+	else
-+	{   $initseg.=<<___;
- 	call	$f
- ___
-+	}
-     }
-     elsif ($::coff)
-     {   $initseg.=<<___;	# applies to both Cygwin and Mingw
-Index: openssl-1.0.1c/crypto/x86cpuid.pl
-===================================================================
---- openssl-1.0.1c.orig/crypto/x86cpuid.pl	2012-02-28 15:20:34.000000000 +0100
-+++ openssl-1.0.1c/crypto/x86cpuid.pl	2012-07-29 14:15:26.000000000 +0200
-@@ -8,6 +8,8 @@
- 
- for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- 
-+push(@out, ".hidden OPENSSL_ia32cap_P\n");
-+
- &function_begin("OPENSSL_ia32_cpuid");
- 	&xor	("edx","edx");
- 	&pushf	();
-@@ -139,9 +141,7 @@
- &set_label("nocpuid");
- &function_end("OPENSSL_ia32_cpuid");
- 
--&external_label("OPENSSL_ia32cap_P");
--
--&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_rdtsc");
- 	&xor	("eax","eax");
- 	&xor	("edx","edx");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -155,7 +155,7 @@
- # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
- # but it's safe to call it on any [supported] 32-bit platform...
- # Just check for [non-]zero return value...
--&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_instrument_halt");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
- 	&bt	(&DWP(0,"ecx"),4);
- 	&jnc	(&label("nohalt"));	# no TSC
-@@ -222,7 +222,7 @@
- 	&ret	();
- &function_end_B("OPENSSL_far_spin");
- 
--&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_wipe_cpu");
- 	&xor	("eax","eax");
- 	&xor	("edx","edx");
- 	&picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch b/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch
deleted file mode 100644
index c43bcd1c77..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_digicert_malaysia.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-11-05
-
-Upstream-Status: Backport [debian]
-
-
-Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c	2014-02-25 00:16:12.488028844 +0100
-+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c	2014-02-25 00:16:12.484028929 +0100
-@@ -964,10 +964,11 @@
- 	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
- 		{
- 		x = sk_X509_value(ctx->chain, i);
--		/* Mark DigiNotar certificates as revoked, no matter
--		 * where in the chain they are.
-+		/* Mark certificates containing the following names as
-+		 * revoked, no matter where in the chain they are.
- 		 */
--		if (x->name && strstr(x->name, "DigiNotar"))
-+		if (x->name && (strstr(x->name, "DigiNotar") ||
-+			strstr(x->name, "Digicert Sdn. Bhd.")))
- 			{
- 			ctx->error = X509_V_ERR_CERT_REVOKED;
- 			ctx->error_depth = i;
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch
deleted file mode 100644
index d81e22cd8d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/block_diginotar.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "DigiNotar" is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-09-08
-Bug: http://bugs.debian.org/639744
-Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
-
-This is not meant as final patch.  
-
-Upstream-Status: Backport [debian]
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
-===================================================================
---- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
-+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
-@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
- static int check_revocation(X509_STORE_CTX *ctx);
- static int check_cert(X509_STORE_CTX *ctx);
- static int check_policy(X509_STORE_CTX *ctx);
-+static int check_ca_blacklist(X509_STORE_CTX *ctx);
- 
- static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
-                          unsigned int *preasons, X509_CRL *crl, X509 *x);
-@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
-     if (!ok)
-         goto err;
- 
-+	ok = check_ca_blacklist(ctx);
-+	if(!ok) goto err;
-+
- #ifndef OPENSSL_NO_RFC3779
-     /* RFC 3779 path validation, now that CRL check has been done */
-     ok = v3_asid_validate_path(ctx);
-@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
-     return 1;
- }
- 
-+static int check_ca_blacklist(X509_STORE_CTX *ctx)
-+	{
-+	X509 *x;
-+	int i;
-+	/* Check all certificates against the blacklist */
-+	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
-+		{
-+		x = sk_X509_value(ctx->chain, i);
-+		/* Mark DigiNotar certificates as revoked, no matter
-+		 * where in the chain they are.
-+		 */
-+		if (x->name && strstr(x->name, "DigiNotar"))
-+			{
-+			ctx->error = X509_V_ERR_CERT_REVOKED;
-+			ctx->error_depth = i;
-+			ctx->current_cert = x;
-+			if (!ctx->verify_cb(0,ctx))
-+				return 0;
-+			}
-+		}
-+	return 1;
-+	}
-+
- static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
-                       X509 **pissuer, int *pscore, unsigned int *preasons,
-                       STACK_OF(X509_CRL) *crls)
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch b/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch
deleted file mode 100644
index 09dd9eaf86..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/soname.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Inappropriate
-
-Index: openssl-1.0.2d/crypto/opensslv.h
-===================================================================
---- openssl-1.0.2d.orig/crypto/opensslv.h
-+++ openssl-1.0.2d/crypto/opensslv.h
-@@ -88,7 +88,7 @@ extern "C" {
-  * should only keep the versions that are binary compatible with the current.
-  */
- # define SHLIB_VERSION_HISTORY ""
--# define SHLIB_VERSION_NUMBER "1.0.0"
-+# define SHLIB_VERSION_NUMBER "1.0.2"
- 
- 
- #ifdef  __cplusplus
diff --git a/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch b/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch
deleted file mode 100644
index e404ee3312..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/debian1.0.2/version-script.patch
+++ /dev/null
@@ -1,4658 +0,0 @@
-Upstream-Status: Inappropriate
-
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
-===================================================================
---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure	2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure	2014-02-24 21:02:30.000000000 +0100
-@@ -1651,6 +1651,8 @@
- 		}
- 	}
- 
-+$shared_ldflag .= " -Wl,--version-script=openssl.ld";
-+
- open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
- unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
- open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld	2014-02-24 22:19:08.601827266 +0100
-@@ -0,0 +1,4608 @@
-+OPENSSL_1.0.2d {
-+	global:
-+		BIO_f_ssl;
-+		BIO_new_buffer_ssl_connect;
-+		BIO_new_ssl;
-+		BIO_new_ssl_connect;
-+		BIO_proxy_ssl_copy_session_id;
-+		BIO_ssl_copy_session_id;
-+		BIO_ssl_shutdown;
-+		d2i_SSL_SESSION;
-+		DTLSv1_client_method;
-+		DTLSv1_method;
-+		DTLSv1_server_method;
-+		ERR_load_SSL_strings;
-+		i2d_SSL_SESSION;
-+		kssl_build_principal_2;
-+		kssl_cget_tkt;
-+		kssl_check_authent;
-+		kssl_ctx_free;
-+		kssl_ctx_new;
-+		kssl_ctx_setkey;
-+		kssl_ctx_setprinc;
-+		kssl_ctx_setstring;
-+		kssl_ctx_show;
-+		kssl_err_set;
-+		kssl_krb5_free_data_contents;
-+		kssl_sget_tkt;
-+		kssl_skip_confound;
-+		kssl_validate_times;
-+		PEM_read_bio_SSL_SESSION;
-+		PEM_read_SSL_SESSION;
-+		PEM_write_bio_SSL_SESSION;
-+		PEM_write_SSL_SESSION;
-+		SSL_accept;
-+		SSL_add_client_CA;
-+		SSL_add_dir_cert_subjects_to_stack;
-+		SSL_add_dir_cert_subjs_to_stk;
-+		SSL_add_file_cert_subjects_to_stack;
-+		SSL_add_file_cert_subjs_to_stk;
-+		SSL_alert_desc_string;
-+		SSL_alert_desc_string_long;
-+		SSL_alert_type_string;
-+		SSL_alert_type_string_long;
-+		SSL_callback_ctrl;
-+		SSL_check_private_key;
-+		SSL_CIPHER_description;
-+		SSL_CIPHER_get_bits;
-+		SSL_CIPHER_get_name;
-+		SSL_CIPHER_get_version;
-+		SSL_clear;
-+		SSL_COMP_add_compression_method;
-+		SSL_COMP_get_compression_methods;
-+		SSL_COMP_get_compress_methods;
-+		SSL_COMP_get_name;
-+		SSL_connect;
-+		SSL_copy_session_id;
-+		SSL_ctrl;
-+		SSL_CTX_add_client_CA;
-+		SSL_CTX_add_session;
-+		SSL_CTX_callback_ctrl;
-+		SSL_CTX_check_private_key;
-+		SSL_CTX_ctrl;
-+		SSL_CTX_flush_sessions;
-+		SSL_CTX_free;
-+		SSL_CTX_get_cert_store;
-+		SSL_CTX_get_client_CA_list;
-+		SSL_CTX_get_client_cert_cb;
-+		SSL_CTX_get_ex_data;
-+		SSL_CTX_get_ex_new_index;
-+		SSL_CTX_get_info_callback;
-+		SSL_CTX_get_quiet_shutdown;
-+		SSL_CTX_get_timeout;
-+		SSL_CTX_get_verify_callback;
-+		SSL_CTX_get_verify_depth;
-+		SSL_CTX_get_verify_mode;
-+		SSL_CTX_load_verify_locations;
-+		SSL_CTX_new;
-+		SSL_CTX_remove_session;
-+		SSL_CTX_sess_get_get_cb;
-+		SSL_CTX_sess_get_new_cb;
-+		SSL_CTX_sess_get_remove_cb;
-+		SSL_CTX_sessions;
-+		SSL_CTX_sess_set_get_cb;
-+		SSL_CTX_sess_set_new_cb;
-+		SSL_CTX_sess_set_remove_cb;
-+		SSL_CTX_set1_param;
-+		SSL_CTX_set_cert_store;
-+		SSL_CTX_set_cert_verify_callback;
-+		SSL_CTX_set_cert_verify_cb;
-+		SSL_CTX_set_cipher_list;
-+		SSL_CTX_set_client_CA_list;
-+		SSL_CTX_set_client_cert_cb;
-+		SSL_CTX_set_client_cert_engine;
-+		SSL_CTX_set_cookie_generate_cb;
-+		SSL_CTX_set_cookie_verify_cb;
-+		SSL_CTX_set_default_passwd_cb;
-+		SSL_CTX_set_default_passwd_cb_userdata;
-+		SSL_CTX_set_default_verify_paths;
-+		SSL_CTX_set_def_passwd_cb_ud;
-+		SSL_CTX_set_def_verify_paths;
-+		SSL_CTX_set_ex_data;
-+		SSL_CTX_set_generate_session_id;
-+		SSL_CTX_set_info_callback;
-+		SSL_CTX_set_msg_callback;
-+		SSL_CTX_set_psk_client_callback;
-+		SSL_CTX_set_psk_server_callback;
-+		SSL_CTX_set_purpose;
-+		SSL_CTX_set_quiet_shutdown;
-+		SSL_CTX_set_session_id_context;
-+		SSL_CTX_set_ssl_version;
-+		SSL_CTX_set_timeout;
-+		SSL_CTX_set_tmp_dh_callback;
-+		SSL_CTX_set_tmp_ecdh_callback;
-+		SSL_CTX_set_tmp_rsa_callback;
-+		SSL_CTX_set_trust;
-+		SSL_CTX_set_verify;
-+		SSL_CTX_set_verify_depth;
-+		SSL_CTX_use_cert_chain_file;
-+		SSL_CTX_use_certificate;
-+		SSL_CTX_use_certificate_ASN1;
-+		SSL_CTX_use_certificate_chain_file;
-+		SSL_CTX_use_certificate_file;
-+		SSL_CTX_use_PrivateKey;
-+		SSL_CTX_use_PrivateKey_ASN1;
-+		SSL_CTX_use_PrivateKey_file;
-+		SSL_CTX_use_psk_identity_hint;
-+		SSL_CTX_use_RSAPrivateKey;
-+		SSL_CTX_use_RSAPrivateKey_ASN1;
-+		SSL_CTX_use_RSAPrivateKey_file;
-+		SSL_do_handshake;
-+		SSL_dup;
-+		SSL_dup_CA_list;
-+		SSLeay_add_ssl_algorithms;
-+		SSL_free;
-+		SSL_get1_session;
-+		SSL_get_certificate;
-+		SSL_get_cipher_list;
-+		SSL_get_ciphers;
-+		SSL_get_client_CA_list;
-+		SSL_get_current_cipher;
-+		SSL_get_current_compression;
-+		SSL_get_current_expansion;
-+		SSL_get_default_timeout;
-+		SSL_get_error;
-+		SSL_get_ex_data;
-+		SSL_get_ex_data_X509_STORE_CTX_idx;
-+		SSL_get_ex_d_X509_STORE_CTX_idx;
-+		SSL_get_ex_new_index;
-+		SSL_get_fd;
-+		SSL_get_finished;
-+		SSL_get_info_callback;
-+		SSL_get_peer_cert_chain;
-+		SSL_get_peer_certificate;
-+		SSL_get_peer_finished;
-+		SSL_get_privatekey;
-+		SSL_get_psk_identity;
-+		SSL_get_psk_identity_hint;
-+		SSL_get_quiet_shutdown;
-+		SSL_get_rbio;
-+		SSL_get_read_ahead;
-+		SSL_get_rfd;
-+		SSL_get_servername;
-+		SSL_get_servername_type;
-+		SSL_get_session;
-+		SSL_get_shared_ciphers;
-+		SSL_get_shutdown;
-+		SSL_get_SSL_CTX;
-+		SSL_get_ssl_method;
-+		SSL_get_verify_callback;
-+		SSL_get_verify_depth;
-+		SSL_get_verify_mode;
-+		SSL_get_verify_result;
-+		SSL_get_version;
-+		SSL_get_wbio;
-+		SSL_get_wfd;
-+		SSL_has_matching_session_id;
-+		SSL_library_init;
-+		SSL_load_client_CA_file;
-+		SSL_load_error_strings;
-+		SSL_new;
-+		SSL_peek;
-+		SSL_pending;
-+		SSL_read;
-+		SSL_renegotiate;
-+		SSL_renegotiate_pending;
-+		SSL_rstate_string;
-+		SSL_rstate_string_long;
-+		SSL_SESSION_cmp;
-+		SSL_SESSION_free;
-+		SSL_SESSION_get_ex_data;
-+		SSL_SESSION_get_ex_new_index;
-+		SSL_SESSION_get_id;
-+		SSL_SESSION_get_time;
-+		SSL_SESSION_get_timeout;
-+		SSL_SESSION_hash;
-+		SSL_SESSION_new;
-+		SSL_SESSION_print;
-+		SSL_SESSION_print_fp;
-+		SSL_SESSION_set_ex_data;
-+		SSL_SESSION_set_time;
-+		SSL_SESSION_set_timeout;
-+		SSL_set1_param;
-+		SSL_set_accept_state;
-+		SSL_set_bio;
-+		SSL_set_cipher_list;
-+		SSL_set_client_CA_list;
-+		SSL_set_connect_state;
-+		SSL_set_ex_data;
-+		SSL_set_fd;
-+		SSL_set_generate_session_id;
-+		SSL_set_info_callback;
-+		SSL_set_msg_callback;
-+		SSL_set_psk_client_callback;
-+		SSL_set_psk_server_callback;
-+		SSL_set_purpose;
-+		SSL_set_quiet_shutdown;
-+		SSL_set_read_ahead;
-+		SSL_set_rfd;
-+		SSL_set_session;
-+		SSL_set_session_id_context;
-+		SSL_set_session_secret_cb;
-+		SSL_set_session_ticket_ext;
-+		SSL_set_session_ticket_ext_cb;
-+		SSL_set_shutdown;
-+		SSL_set_SSL_CTX;
-+		SSL_set_ssl_method;
-+		SSL_set_tmp_dh_callback;
-+		SSL_set_tmp_ecdh_callback;
-+		SSL_set_tmp_rsa_callback;
-+		SSL_set_trust;
-+		SSL_set_verify;
-+		SSL_set_verify_depth;
-+		SSL_set_verify_result;
-+		SSL_set_wfd;
-+		SSL_shutdown;
-+		SSL_state;
-+		SSL_state_string;
-+		SSL_state_string_long;
-+		SSL_use_certificate;
-+		SSL_use_certificate_ASN1;
-+		SSL_use_certificate_file;
-+		SSL_use_PrivateKey;
-+		SSL_use_PrivateKey_ASN1;
-+		SSL_use_PrivateKey_file;
-+		SSL_use_psk_identity_hint;
-+		SSL_use_RSAPrivateKey;
-+		SSL_use_RSAPrivateKey_ASN1;
-+		SSL_use_RSAPrivateKey_file;
-+		SSLv23_client_method;
-+		SSLv23_method;
-+		SSLv23_server_method;
-+		SSLv2_client_method;
-+		SSLv2_method;
-+		SSLv2_server_method;
-+		SSLv3_client_method;
-+		SSLv3_method;
-+		SSLv3_server_method;
-+		SSL_version;
-+		SSL_want;
-+		SSL_write;
-+		TLSv1_client_method;
-+		TLSv1_method;
-+		TLSv1_server_method;
-+
-+
-+		SSLeay;
-+		SSLeay_version;
-+		ASN1_BIT_STRING_asn1_meth;
-+		ASN1_HEADER_free;
-+		ASN1_HEADER_new;
-+		ASN1_IA5STRING_asn1_meth;
-+		ASN1_INTEGER_get;
-+		ASN1_INTEGER_set;
-+		ASN1_INTEGER_to_BN;
-+		ASN1_OBJECT_create;
-+		ASN1_OBJECT_free;
-+		ASN1_OBJECT_new;
-+		ASN1_PRINTABLE_type;
-+		ASN1_STRING_cmp;
-+		ASN1_STRING_dup;
-+		ASN1_STRING_free;
-+		ASN1_STRING_new;
-+		ASN1_STRING_print;
-+		ASN1_STRING_set;
-+		ASN1_STRING_type_new;
-+		ASN1_TYPE_free;
-+		ASN1_TYPE_new;
-+		ASN1_UNIVERSALSTRING_to_string;
-+		ASN1_UTCTIME_check;
-+		ASN1_UTCTIME_print;
-+		ASN1_UTCTIME_set;
-+		ASN1_check_infinite_end;
-+		ASN1_d2i_bio;
-+		ASN1_d2i_fp;
-+		ASN1_digest;
-+		ASN1_dup;
-+		ASN1_get_object;
-+		ASN1_i2d_bio;
-+		ASN1_i2d_fp;
-+		ASN1_object_size;
-+		ASN1_parse;
-+		ASN1_put_object;
-+		ASN1_sign;
-+		ASN1_verify;
-+		BF_cbc_encrypt;
-+		BF_cfb64_encrypt;
-+		BF_ecb_encrypt;
-+		BF_encrypt;
-+		BF_ofb64_encrypt;
-+		BF_options;
-+		BF_set_key;
-+		BIO_CONNECT_free;
-+		BIO_CONNECT_new;
-+		BIO_accept;
-+		BIO_ctrl;
-+		BIO_int_ctrl;
-+		BIO_debug_callback;
-+		BIO_dump;
-+		BIO_dup_chain;
-+		BIO_f_base64;
-+		BIO_f_buffer;
-+		BIO_f_cipher;
-+		BIO_f_md;
-+		BIO_f_null;
-+		BIO_f_proxy_server;
-+		BIO_fd_non_fatal_error;
-+		BIO_fd_should_retry;
-+		BIO_find_type;
-+		BIO_free;
-+		BIO_free_all;
-+		BIO_get_accept_socket;
-+		BIO_get_filter_bio;
-+		BIO_get_host_ip;
-+		BIO_get_port;
-+		BIO_get_retry_BIO;
-+		BIO_get_retry_reason;
-+		BIO_gethostbyname;
-+		BIO_gets;
-+		BIO_new;
-+		BIO_new_accept;
-+		BIO_new_connect;
-+		BIO_new_fd;
-+		BIO_new_file;
-+		BIO_new_fp;
-+		BIO_new_socket;
-+		BIO_pop;
-+		BIO_printf;
-+		BIO_push;
-+		BIO_puts;
-+		BIO_read;
-+		BIO_s_accept;
-+		BIO_s_connect;
-+		BIO_s_fd;
-+		BIO_s_file;
-+		BIO_s_mem;
-+		BIO_s_null;
-+		BIO_s_proxy_client;
-+		BIO_s_socket;
-+		BIO_set;
-+		BIO_set_cipher;
-+		BIO_set_tcp_ndelay;
-+		BIO_sock_cleanup;
-+		BIO_sock_error;
-+		BIO_sock_init;
-+		BIO_sock_non_fatal_error;
-+		BIO_sock_should_retry;
-+		BIO_socket_ioctl;
-+		BIO_write;
-+		BN_CTX_free;
-+		BN_CTX_new;
-+		BN_MONT_CTX_free;
-+		BN_MONT_CTX_new;
-+		BN_MONT_CTX_set;
-+		BN_add;
-+		BN_add_word;
-+		BN_hex2bn;
-+		BN_bin2bn;
-+		BN_bn2hex;
-+		BN_bn2bin;
-+		BN_clear;
-+		BN_clear_bit;
-+		BN_clear_free;
-+		BN_cmp;
-+		BN_copy;
-+		BN_div;
-+		BN_div_word;
-+		BN_dup;
-+		BN_free;
-+		BN_from_montgomery;
-+		BN_gcd;
-+		BN_generate_prime;
-+		BN_get_word;
-+		BN_is_bit_set;
-+		BN_is_prime;
-+		BN_lshift;
-+		BN_lshift1;
-+		BN_mask_bits;
-+		BN_mod;
-+		BN_mod_exp;
-+		BN_mod_exp_mont;
-+		BN_mod_exp_simple;
-+		BN_mod_inverse;
-+		BN_mod_mul;
-+		BN_mod_mul_montgomery;
-+		BN_mod_word;
-+		BN_mul;
-+		BN_new;
-+		BN_num_bits;
-+		BN_num_bits_word;
-+		BN_options;
-+		BN_print;
-+		BN_print_fp;
-+		BN_rand;
-+		BN_reciprocal;
-+		BN_rshift;
-+		BN_rshift1;
-+		BN_set_bit;
-+		BN_set_word;
-+		BN_sqr;
-+		BN_sub;
-+		BN_to_ASN1_INTEGER;
-+		BN_ucmp;
-+		BN_value_one;
-+		BUF_MEM_free;
-+		BUF_MEM_grow;
-+		BUF_MEM_new;
-+		BUF_strdup;
-+		CONF_free;
-+		CONF_get_number;
-+		CONF_get_section;
-+		CONF_get_string;
-+		CONF_load;
-+		CRYPTO_add_lock;
-+		CRYPTO_dbg_free;
-+		CRYPTO_dbg_malloc;
-+		CRYPTO_dbg_realloc;
-+		CRYPTO_dbg_remalloc;
-+		CRYPTO_free;
-+		CRYPTO_get_add_lock_callback;
-+		CRYPTO_get_id_callback;
-+		CRYPTO_get_lock_name;
-+		CRYPTO_get_locking_callback;
-+		CRYPTO_get_mem_functions;
-+		CRYPTO_lock;
-+		CRYPTO_malloc;
-+		CRYPTO_mem_ctrl;
-+		CRYPTO_mem_leaks;
-+		CRYPTO_mem_leaks_cb;
-+		CRYPTO_mem_leaks_fp;
-+		CRYPTO_realloc;
-+		CRYPTO_remalloc;
-+		CRYPTO_set_add_lock_callback;
-+		CRYPTO_set_id_callback;
-+		CRYPTO_set_locking_callback;
-+		CRYPTO_set_mem_functions;
-+		CRYPTO_thread_id;
-+		DH_check;
-+		DH_compute_key;
-+		DH_free;
-+		DH_generate_key;
-+		DH_generate_parameters;
-+		DH_new;
-+		DH_size;
-+		DHparams_print;
-+		DHparams_print_fp;
-+		DSA_free;
-+		DSA_generate_key;
-+		DSA_generate_parameters;
-+		DSA_is_prime;
-+		DSA_new;
-+		DSA_print;
-+		DSA_print_fp;
-+		DSA_sign;
-+		DSA_sign_setup;
-+		DSA_size;
-+		DSA_verify;
-+		DSAparams_print;
-+		DSAparams_print_fp;
-+		ERR_clear_error;
-+		ERR_error_string;
-+		ERR_free_strings;
-+		ERR_func_error_string;
-+		ERR_get_err_state_table;
-+		ERR_get_error;
-+		ERR_get_error_line;
-+		ERR_get_state;
-+		ERR_get_string_table;
-+		ERR_lib_error_string;
-+		ERR_load_ASN1_strings;
-+		ERR_load_BIO_strings;
-+		ERR_load_BN_strings;
-+		ERR_load_BUF_strings;
-+		ERR_load_CONF_strings;
-+		ERR_load_DH_strings;
-+		ERR_load_DSA_strings;
-+		ERR_load_ERR_strings;
-+		ERR_load_EVP_strings;
-+		ERR_load_OBJ_strings;
-+		ERR_load_PEM_strings;
-+		ERR_load_PROXY_strings;
-+		ERR_load_RSA_strings;
-+		ERR_load_X509_strings;
-+		ERR_load_crypto_strings;
-+		ERR_load_strings;
-+		ERR_peek_error;
-+		ERR_peek_error_line;
-+		ERR_print_errors;
-+		ERR_print_errors_fp;
-+		ERR_put_error;
-+		ERR_reason_error_string;
-+		ERR_remove_state;
-+		EVP_BytesToKey;
-+		EVP_CIPHER_CTX_cleanup;
-+		EVP_CipherFinal;
-+		EVP_CipherInit;
-+		EVP_CipherUpdate;
-+		EVP_DecodeBlock;
-+		EVP_DecodeFinal;
-+		EVP_DecodeInit;
-+		EVP_DecodeUpdate;
-+		EVP_DecryptFinal;
-+		EVP_DecryptInit;
-+		EVP_DecryptUpdate;
-+		EVP_DigestFinal;
-+		EVP_DigestInit;
-+		EVP_DigestUpdate;
-+		EVP_EncodeBlock;
-+		EVP_EncodeFinal;
-+		EVP_EncodeInit;
-+		EVP_EncodeUpdate;
-+		EVP_EncryptFinal;
-+		EVP_EncryptInit;
-+		EVP_EncryptUpdate;
-+		EVP_OpenFinal;
-+		EVP_OpenInit;
-+		EVP_PKEY_assign;
-+		EVP_PKEY_copy_parameters;
-+		EVP_PKEY_free;
-+		EVP_PKEY_missing_parameters;
-+		EVP_PKEY_new;
-+		EVP_PKEY_save_parameters;
-+		EVP_PKEY_size;
-+		EVP_PKEY_type;
-+		EVP_SealFinal;
-+		EVP_SealInit;
-+		EVP_SignFinal;
-+		EVP_VerifyFinal;
-+		EVP_add_alias;
-+		EVP_add_cipher;
-+		EVP_add_digest;
-+		EVP_bf_cbc;
-+		EVP_bf_cfb64;
-+		EVP_bf_ecb;
-+		EVP_bf_ofb;
-+		EVP_cleanup;
-+		EVP_des_cbc;
-+		EVP_des_cfb64;
-+		EVP_des_ecb;
-+		EVP_des_ede;
-+		EVP_des_ede3;
-+		EVP_des_ede3_cbc;
-+		EVP_des_ede3_cfb64;
-+		EVP_des_ede3_ofb;
-+		EVP_des_ede_cbc;
-+		EVP_des_ede_cfb64;
-+		EVP_des_ede_ofb;
-+		EVP_des_ofb;
-+		EVP_desx_cbc;
-+		EVP_dss;
-+		EVP_dss1;
-+		EVP_enc_null;
-+		EVP_get_cipherbyname;
-+		EVP_get_digestbyname;
-+		EVP_get_pw_prompt;
-+		EVP_idea_cbc;
-+		EVP_idea_cfb64;
-+		EVP_idea_ecb;
-+		EVP_idea_ofb;
-+		EVP_md2;
-+		EVP_md5;
-+		EVP_md_null;
-+		EVP_rc2_cbc;
-+		EVP_rc2_cfb64;
-+		EVP_rc2_ecb;
-+		EVP_rc2_ofb;
-+		EVP_rc4;
-+		EVP_read_pw_string;
-+		EVP_set_pw_prompt;
-+		EVP_sha;
-+		EVP_sha1;
-+		MD2;
-+		MD2_Final;
-+		MD2_Init;
-+		MD2_Update;
-+		MD2_options;
-+		MD5;
-+		MD5_Final;
-+		MD5_Init;
-+		MD5_Update;
-+		MDC2;
-+		MDC2_Final;
-+		MDC2_Init;
-+		MDC2_Update;
-+		NETSCAPE_SPKAC_free;
-+		NETSCAPE_SPKAC_new;
-+		NETSCAPE_SPKI_free;
-+		NETSCAPE_SPKI_new;
-+		NETSCAPE_SPKI_sign;
-+		NETSCAPE_SPKI_verify;
-+		OBJ_add_object;
-+		OBJ_bsearch;
-+		OBJ_cleanup;
-+		OBJ_cmp;
-+		OBJ_create;
-+		OBJ_dup;
-+		OBJ_ln2nid;
-+		OBJ_new_nid;
-+		OBJ_nid2ln;
-+		OBJ_nid2obj;
-+		OBJ_nid2sn;
-+		OBJ_obj2nid;
-+		OBJ_sn2nid;
-+		OBJ_txt2nid;
-+		PEM_ASN1_read;
-+		PEM_ASN1_read_bio;
-+		PEM_ASN1_write;
-+		PEM_ASN1_write_bio;
-+		PEM_SealFinal;
-+		PEM_SealInit;
-+		PEM_SealUpdate;
-+		PEM_SignFinal;
-+		PEM_SignInit;
-+		PEM_SignUpdate;
-+		PEM_X509_INFO_read;
-+		PEM_X509_INFO_read_bio;
-+		PEM_X509_INFO_write_bio;
-+		PEM_dek_info;
-+		PEM_do_header;
-+		PEM_get_EVP_CIPHER_INFO;
-+		PEM_proc_type;
-+		PEM_read;
-+		PEM_read_DHparams;
-+		PEM_read_DSAPrivateKey;
-+		PEM_read_DSAparams;
-+		PEM_read_PKCS7;
-+		PEM_read_PrivateKey;
-+		PEM_read_RSAPrivateKey;
-+		PEM_read_X509;
-+		PEM_read_X509_CRL;
-+		PEM_read_X509_REQ;
-+		PEM_read_bio;
-+		PEM_read_bio_DHparams;
-+		PEM_read_bio_DSAPrivateKey;
-+		PEM_read_bio_DSAparams;
-+		PEM_read_bio_PKCS7;
-+		PEM_read_bio_PrivateKey;
-+		PEM_read_bio_RSAPrivateKey;
-+		PEM_read_bio_X509;
-+		PEM_read_bio_X509_CRL;
-+		PEM_read_bio_X509_REQ;
-+		PEM_write;
-+		PEM_write_DHparams;
-+		PEM_write_DSAPrivateKey;
-+		PEM_write_DSAparams;
-+		PEM_write_PKCS7;
-+		PEM_write_PrivateKey;
-+		PEM_write_RSAPrivateKey;
-+		PEM_write_X509;
-+		PEM_write_X509_CRL;
-+		PEM_write_X509_REQ;
-+		PEM_write_bio;
-+		PEM_write_bio_DHparams;
-+		PEM_write_bio_DSAPrivateKey;
-+		PEM_write_bio_DSAparams;
-+		PEM_write_bio_PKCS7;
-+		PEM_write_bio_PrivateKey;
-+		PEM_write_bio_RSAPrivateKey;
-+		PEM_write_bio_X509;
-+		PEM_write_bio_X509_CRL;
-+		PEM_write_bio_X509_REQ;
-+		PKCS7_DIGEST_free;
-+		PKCS7_DIGEST_new;
-+		PKCS7_ENCRYPT_free;
-+		PKCS7_ENCRYPT_new;
-+		PKCS7_ENC_CONTENT_free;
-+		PKCS7_ENC_CONTENT_new;
-+		PKCS7_ENVELOPE_free;
-+		PKCS7_ENVELOPE_new;
-+		PKCS7_ISSUER_AND_SERIAL_digest;
-+		PKCS7_ISSUER_AND_SERIAL_free;
-+		PKCS7_ISSUER_AND_SERIAL_new;
-+		PKCS7_RECIP_INFO_free;
-+		PKCS7_RECIP_INFO_new;
-+		PKCS7_SIGNED_free;
-+		PKCS7_SIGNED_new;
-+		PKCS7_SIGNER_INFO_free;
-+		PKCS7_SIGNER_INFO_new;
-+		PKCS7_SIGN_ENVELOPE_free;
-+		PKCS7_SIGN_ENVELOPE_new;
-+		PKCS7_dup;
-+		PKCS7_free;
-+		PKCS7_new;
-+		PROXY_ENTRY_add_noproxy;
-+		PROXY_ENTRY_clear_noproxy;
-+		PROXY_ENTRY_free;
-+		PROXY_ENTRY_get_noproxy;
-+		PROXY_ENTRY_new;
-+		PROXY_ENTRY_set_server;
-+		PROXY_add_noproxy;
-+		PROXY_add_server;
-+		PROXY_check_by_host;
-+		PROXY_check_url;
-+		PROXY_clear_noproxy;
-+		PROXY_free;
-+		PROXY_get_noproxy;
-+		PROXY_get_proxies;
-+		PROXY_get_proxy_entry;
-+		PROXY_load_conf;
-+		PROXY_new;
-+		PROXY_print;
-+		RAND_bytes;
-+		RAND_cleanup;
-+		RAND_file_name;
-+		RAND_load_file;
-+		RAND_screen;
-+		RAND_seed;
-+		RAND_write_file;
-+		RC2_cbc_encrypt;
-+		RC2_cfb64_encrypt;
-+		RC2_ecb_encrypt;
-+		RC2_encrypt;
-+		RC2_ofb64_encrypt;
-+		RC2_set_key;
-+		RC4;
-+		RC4_options;
-+		RC4_set_key;
-+		RSAPrivateKey_asn1_meth;
-+		RSAPrivateKey_dup;
-+		RSAPublicKey_dup;
-+		RSA_PKCS1_SSLeay;
-+		RSA_free;
-+		RSA_generate_key;
-+		RSA_new;
-+		RSA_new_method;
-+		RSA_print;
-+		RSA_print_fp;
-+		RSA_private_decrypt;
-+		RSA_private_encrypt;
-+		RSA_public_decrypt;
-+		RSA_public_encrypt;
-+		RSA_set_default_method;
-+		RSA_sign;
-+		RSA_sign_ASN1_OCTET_STRING;
-+		RSA_size;
-+		RSA_verify;
-+		RSA_verify_ASN1_OCTET_STRING;
-+		SHA;
-+		SHA1;
-+		SHA1_Final;
-+		SHA1_Init;
-+		SHA1_Update;
-+		SHA_Final;
-+		SHA_Init;
-+		SHA_Update;
-+		OpenSSL_add_all_algorithms;
-+		OpenSSL_add_all_ciphers;
-+		OpenSSL_add_all_digests;
-+		TXT_DB_create_index;
-+		TXT_DB_free;
-+		TXT_DB_get_by_index;
-+		TXT_DB_insert;
-+		TXT_DB_read;
-+		TXT_DB_write;
-+		X509_ALGOR_free;
-+		X509_ALGOR_new;
-+		X509_ATTRIBUTE_free;
-+		X509_ATTRIBUTE_new;
-+		X509_CINF_free;
-+		X509_CINF_new;
-+		X509_CRL_INFO_free;
-+		X509_CRL_INFO_new;
-+		X509_CRL_add_ext;
-+		X509_CRL_cmp;
-+		X509_CRL_delete_ext;
-+		X509_CRL_dup;
-+		X509_CRL_free;
-+		X509_CRL_get_ext;
-+		X509_CRL_get_ext_by_NID;
-+		X509_CRL_get_ext_by_OBJ;
-+		X509_CRL_get_ext_by_critical;
-+		X509_CRL_get_ext_count;
-+		X509_CRL_new;
-+		X509_CRL_sign;
-+		X509_CRL_verify;
-+		X509_EXTENSION_create_by_NID;
-+		X509_EXTENSION_create_by_OBJ;
-+		X509_EXTENSION_dup;
-+		X509_EXTENSION_free;
-+		X509_EXTENSION_get_critical;
-+		X509_EXTENSION_get_data;
-+		X509_EXTENSION_get_object;
-+		X509_EXTENSION_new;
-+		X509_EXTENSION_set_critical;
-+		X509_EXTENSION_set_data;
-+		X509_EXTENSION_set_object;
-+		X509_INFO_free;
-+		X509_INFO_new;
-+		X509_LOOKUP_by_alias;
-+		X509_LOOKUP_by_fingerprint;
-+		X509_LOOKUP_by_issuer_serial;
-+		X509_LOOKUP_by_subject;
-+		X509_LOOKUP_ctrl;
-+		X509_LOOKUP_file;
-+		X509_LOOKUP_free;
-+		X509_LOOKUP_hash_dir;
-+		X509_LOOKUP_init;
-+		X509_LOOKUP_new;
-+		X509_LOOKUP_shutdown;
-+		X509_NAME_ENTRY_create_by_NID;
-+		X509_NAME_ENTRY_create_by_OBJ;
-+		X509_NAME_ENTRY_dup;
-+		X509_NAME_ENTRY_free;
-+		X509_NAME_ENTRY_get_data;
-+		X509_NAME_ENTRY_get_object;
-+		X509_NAME_ENTRY_new;
-+		X509_NAME_ENTRY_set_data;
-+		X509_NAME_ENTRY_set_object;
-+		X509_NAME_add_entry;
-+		X509_NAME_cmp;
-+		X509_NAME_delete_entry;
-+		X509_NAME_digest;
-+		X509_NAME_dup;
-+		X509_NAME_entry_count;
-+		X509_NAME_free;
-+		X509_NAME_get_entry;
-+		X509_NAME_get_index_by_NID;
-+		X509_NAME_get_index_by_OBJ;
-+		X509_NAME_get_text_by_NID;
-+		X509_NAME_get_text_by_OBJ;
-+		X509_NAME_hash;
-+		X509_NAME_new;
-+		X509_NAME_oneline;
-+		X509_NAME_print;
-+		X509_NAME_set;
-+		X509_OBJECT_free_contents;
-+		X509_OBJECT_retrieve_by_subject;
-+		X509_OBJECT_up_ref_count;
-+		X509_PKEY_free;
-+		X509_PKEY_new;
-+		X509_PUBKEY_free;
-+		X509_PUBKEY_get;
-+		X509_PUBKEY_new;
-+		X509_PUBKEY_set;
-+		X509_REQ_INFO_free;
-+		X509_REQ_INFO_new;
-+		X509_REQ_dup;
-+		X509_REQ_free;
-+		X509_REQ_get_pubkey;
-+		X509_REQ_new;
-+		X509_REQ_print;
-+		X509_REQ_print_fp;
-+		X509_REQ_set_pubkey;
-+		X509_REQ_set_subject_name;
-+		X509_REQ_set_version;
-+		X509_REQ_sign;
-+		X509_REQ_to_X509;
-+		X509_REQ_verify;
-+		X509_REVOKED_add_ext;
-+		X509_REVOKED_delete_ext;
-+		X509_REVOKED_free;
-+		X509_REVOKED_get_ext;
-+		X509_REVOKED_get_ext_by_NID;
-+		X509_REVOKED_get_ext_by_OBJ;
-+		X509_REVOKED_get_ext_by_critical;
-+		X509_REVOKED_get_ext_by_critic;
-+		X509_REVOKED_get_ext_count;
-+		X509_REVOKED_new;
-+		X509_SIG_free;
-+		X509_SIG_new;
-+		X509_STORE_CTX_cleanup;
-+		X509_STORE_CTX_init;
-+		X509_STORE_add_cert;
-+		X509_STORE_add_lookup;
-+		X509_STORE_free;
-+		X509_STORE_get_by_subject;
-+		X509_STORE_load_locations;
-+		X509_STORE_new;
-+		X509_STORE_set_default_paths;
-+		X509_VAL_free;
-+		X509_VAL_new;
-+		X509_add_ext;
-+		X509_asn1_meth;
-+		X509_certificate_type;
-+		X509_check_private_key;
-+		X509_cmp_current_time;
-+		X509_delete_ext;
-+		X509_digest;
-+		X509_dup;
-+		X509_free;
-+		X509_get_default_cert_area;
-+		X509_get_default_cert_dir;
-+		X509_get_default_cert_dir_env;
-+		X509_get_default_cert_file;
-+		X509_get_default_cert_file_env;
-+		X509_get_default_private_dir;
-+		X509_get_ext;
-+		X509_get_ext_by_NID;
-+		X509_get_ext_by_OBJ;
-+		X509_get_ext_by_critical;
-+		X509_get_ext_count;
-+		X509_get_issuer_name;
-+		X509_get_pubkey;
-+		X509_get_pubkey_parameters;
-+		X509_get_serialNumber;
-+		X509_get_subject_name;
-+		X509_gmtime_adj;
-+		X509_issuer_and_serial_cmp;
-+		X509_issuer_and_serial_hash;
-+		X509_issuer_name_cmp;
-+		X509_issuer_name_hash;
-+		X509_load_cert_file;
-+		X509_new;
-+		X509_print;
-+		X509_print_fp;
-+		X509_set_issuer_name;
-+		X509_set_notAfter;
-+		X509_set_notBefore;
-+		X509_set_pubkey;
-+		X509_set_serialNumber;
-+		X509_set_subject_name;
-+		X509_set_version;
-+		X509_sign;
-+		X509_subject_name_cmp;
-+		X509_subject_name_hash;
-+		X509_to_X509_REQ;
-+		X509_verify;
-+		X509_verify_cert;
-+		X509_verify_cert_error_string;
-+		X509v3_add_ext;
-+		X509v3_add_extension;
-+		X509v3_add_netscape_extensions;
-+		X509v3_add_standard_extensions;
-+		X509v3_cleanup_extensions;
-+		X509v3_data_type_by_NID;
-+		X509v3_data_type_by_OBJ;
-+		X509v3_delete_ext;
-+		X509v3_get_ext;
-+		X509v3_get_ext_by_NID;
-+		X509v3_get_ext_by_OBJ;
-+		X509v3_get_ext_by_critical;
-+		X509v3_get_ext_count;
-+		X509v3_pack_string;
-+		X509v3_pack_type_by_NID;
-+		X509v3_pack_type_by_OBJ;
-+		X509v3_unpack_string;
-+		_des_crypt;
-+		a2d_ASN1_OBJECT;
-+		a2i_ASN1_INTEGER;
-+		a2i_ASN1_STRING;
-+		asn1_Finish;
-+		asn1_GetSequence;
-+		bn_div_words;
-+		bn_expand2;
-+		bn_mul_add_words;
-+		bn_mul_words;
-+		BN_uadd;
-+		BN_usub;
-+		bn_sqr_words;
-+		_ossl_old_crypt;
-+		d2i_ASN1_BIT_STRING;
-+		d2i_ASN1_BOOLEAN;
-+		d2i_ASN1_HEADER;
-+		d2i_ASN1_IA5STRING;
-+		d2i_ASN1_INTEGER;
-+		d2i_ASN1_OBJECT;
-+		d2i_ASN1_OCTET_STRING;
-+		d2i_ASN1_PRINTABLE;
-+		d2i_ASN1_PRINTABLESTRING;
-+		d2i_ASN1_SET;
-+		d2i_ASN1_T61STRING;
-+		d2i_ASN1_TYPE;
-+		d2i_ASN1_UTCTIME;
-+		d2i_ASN1_bytes;
-+		d2i_ASN1_type_bytes;
-+		d2i_DHparams;
-+		d2i_DSAPrivateKey;
-+		d2i_DSAPrivateKey_bio;
-+		d2i_DSAPrivateKey_fp;
-+		d2i_DSAPublicKey;
-+		d2i_DSAparams;
-+		d2i_NETSCAPE_SPKAC;
-+		d2i_NETSCAPE_SPKI;
-+		d2i_Netscape_RSA;
-+		d2i_PKCS7;
-+		d2i_PKCS7_DIGEST;
-+		d2i_PKCS7_ENCRYPT;
-+		d2i_PKCS7_ENC_CONTENT;
-+		d2i_PKCS7_ENVELOPE;
-+		d2i_PKCS7_ISSUER_AND_SERIAL;
-+		d2i_PKCS7_RECIP_INFO;
-+		d2i_PKCS7_SIGNED;
-+		d2i_PKCS7_SIGNER_INFO;
-+		d2i_PKCS7_SIGN_ENVELOPE;
-+		d2i_PKCS7_bio;
-+		d2i_PKCS7_fp;
-+		d2i_PrivateKey;
-+		d2i_PublicKey;
-+		d2i_RSAPrivateKey;
-+		d2i_RSAPrivateKey_bio;
-+		d2i_RSAPrivateKey_fp;
-+		d2i_RSAPublicKey;
-+		d2i_X509;
-+		d2i_X509_ALGOR;
-+		d2i_X509_ATTRIBUTE;
-+		d2i_X509_CINF;
-+		d2i_X509_CRL;
-+		d2i_X509_CRL_INFO;
-+		d2i_X509_CRL_bio;
-+		d2i_X509_CRL_fp;
-+		d2i_X509_EXTENSION;
-+		d2i_X509_NAME;
-+		d2i_X509_NAME_ENTRY;
-+		d2i_X509_PKEY;
-+		d2i_X509_PUBKEY;
-+		d2i_X509_REQ;
-+		d2i_X509_REQ_INFO;
-+		d2i_X509_REQ_bio;
-+		d2i_X509_REQ_fp;
-+		d2i_X509_REVOKED;
-+		d2i_X509_SIG;
-+		d2i_X509_VAL;
-+		d2i_X509_bio;
-+		d2i_X509_fp;
-+		DES_cbc_cksum;
-+		DES_cbc_encrypt;
-+		DES_cblock_print_file;
-+		DES_cfb64_encrypt;
-+		DES_cfb_encrypt;
-+		DES_decrypt3;
-+		DES_ecb3_encrypt;
-+		DES_ecb_encrypt;
-+		DES_ede3_cbc_encrypt;
-+		DES_ede3_cfb64_encrypt;
-+		DES_ede3_ofb64_encrypt;
-+		DES_enc_read;
-+		DES_enc_write;
-+		DES_encrypt1;
-+		DES_encrypt2;
-+		DES_encrypt3;
-+		DES_fcrypt;
-+		DES_is_weak_key;
-+		DES_key_sched;
-+		DES_ncbc_encrypt;
-+		DES_ofb64_encrypt;
-+		DES_ofb_encrypt;
-+		DES_options;
-+		DES_pcbc_encrypt;
-+		DES_quad_cksum;
-+		DES_random_key;
-+		_ossl_old_des_random_seed;
-+		_ossl_old_des_read_2passwords;
-+		_ossl_old_des_read_password;
-+		_ossl_old_des_read_pw;
-+		_ossl_old_des_read_pw_string;
-+		DES_set_key;
-+		DES_set_odd_parity;
-+		DES_string_to_2keys;
-+		DES_string_to_key;
-+		DES_xcbc_encrypt;
-+		DES_xwhite_in2out;
-+		fcrypt_body;
-+		i2a_ASN1_INTEGER;
-+		i2a_ASN1_OBJECT;
-+		i2a_ASN1_STRING;
-+		i2d_ASN1_BIT_STRING;
-+		i2d_ASN1_BOOLEAN;
-+		i2d_ASN1_HEADER;
-+		i2d_ASN1_IA5STRING;
-+		i2d_ASN1_INTEGER;
-+		i2d_ASN1_OBJECT;
-+		i2d_ASN1_OCTET_STRING;
-+		i2d_ASN1_PRINTABLE;
-+		i2d_ASN1_SET;
-+		i2d_ASN1_TYPE;
-+		i2d_ASN1_UTCTIME;
-+		i2d_ASN1_bytes;
-+		i2d_DHparams;
-+		i2d_DSAPrivateKey;
-+		i2d_DSAPrivateKey_bio;
-+		i2d_DSAPrivateKey_fp;
-+		i2d_DSAPublicKey;
-+		i2d_DSAparams;
-+		i2d_NETSCAPE_SPKAC;
-+		i2d_NETSCAPE_SPKI;
-+		i2d_Netscape_RSA;
-+		i2d_PKCS7;
-+		i2d_PKCS7_DIGEST;
-+		i2d_PKCS7_ENCRYPT;
-+		i2d_PKCS7_ENC_CONTENT;
-+		i2d_PKCS7_ENVELOPE;
-+		i2d_PKCS7_ISSUER_AND_SERIAL;
-+		i2d_PKCS7_RECIP_INFO;
-+		i2d_PKCS7_SIGNED;
-+		i2d_PKCS7_SIGNER_INFO;
-+		i2d_PKCS7_SIGN_ENVELOPE;
-+		i2d_PKCS7_bio;
-+		i2d_PKCS7_fp;
-+		i2d_PrivateKey;
-+		i2d_PublicKey;
-+		i2d_RSAPrivateKey;
-+		i2d_RSAPrivateKey_bio;
-+		i2d_RSAPrivateKey_fp;
-+		i2d_RSAPublicKey;
-+		i2d_X509;
-+		i2d_X509_ALGOR;
-+		i2d_X509_ATTRIBUTE;
-+		i2d_X509_CINF;
-+		i2d_X509_CRL;
-+		i2d_X509_CRL_INFO;
-+		i2d_X509_CRL_bio;
-+		i2d_X509_CRL_fp;
-+		i2d_X509_EXTENSION;
-+		i2d_X509_NAME;
-+		i2d_X509_NAME_ENTRY;
-+		i2d_X509_PKEY;
-+		i2d_X509_PUBKEY;
-+		i2d_X509_REQ;
-+		i2d_X509_REQ_INFO;
-+		i2d_X509_REQ_bio;
-+		i2d_X509_REQ_fp;
-+		i2d_X509_REVOKED;
-+		i2d_X509_SIG;
-+		i2d_X509_VAL;
-+		i2d_X509_bio;
-+		i2d_X509_fp;
-+		idea_cbc_encrypt;
-+		idea_cfb64_encrypt;
-+		idea_ecb_encrypt;
-+		idea_encrypt;
-+		idea_ofb64_encrypt;
-+		idea_options;
-+		idea_set_decrypt_key;
-+		idea_set_encrypt_key;
-+		lh_delete;
-+		lh_doall;
-+		lh_doall_arg;
-+		lh_free;
-+		lh_insert;
-+		lh_new;
-+		lh_node_stats;
-+		lh_node_stats_bio;
-+		lh_node_usage_stats;
-+		lh_node_usage_stats_bio;
-+		lh_retrieve;
-+		lh_stats;
-+		lh_stats_bio;
-+		lh_strhash;
-+		sk_delete;
-+		sk_delete_ptr;
-+		sk_dup;
-+		sk_find;
-+		sk_free;
-+		sk_insert;
-+		sk_new;
-+		sk_pop;
-+		sk_pop_free;
-+		sk_push;
-+		sk_set_cmp_func;
-+		sk_shift;
-+		sk_unshift;
-+		sk_zero;
-+		BIO_f_nbio_test;
-+		ASN1_TYPE_get;
-+		ASN1_TYPE_set;
-+		PKCS7_content_free;
-+		ERR_load_PKCS7_strings;
-+		X509_find_by_issuer_and_serial;
-+		X509_find_by_subject;
-+		PKCS7_ctrl;
-+		PKCS7_set_type;
-+		PKCS7_set_content;
-+		PKCS7_SIGNER_INFO_set;
-+		PKCS7_add_signer;
-+		PKCS7_add_certificate;
-+		PKCS7_add_crl;
-+		PKCS7_content_new;
-+		PKCS7_dataSign;
-+		PKCS7_dataVerify;
-+		PKCS7_dataInit;
-+		PKCS7_add_signature;
-+		PKCS7_cert_from_signer_info;
-+		PKCS7_get_signer_info;
-+		EVP_delete_alias;
-+		EVP_mdc2;
-+		PEM_read_bio_RSAPublicKey;
-+		PEM_write_bio_RSAPublicKey;
-+		d2i_RSAPublicKey_bio;
-+		i2d_RSAPublicKey_bio;
-+		PEM_read_RSAPublicKey;
-+		PEM_write_RSAPublicKey;
-+		d2i_RSAPublicKey_fp;
-+		i2d_RSAPublicKey_fp;
-+		BIO_copy_next_retry;
-+		RSA_flags;
-+		X509_STORE_add_crl;
-+		X509_load_crl_file;
-+		EVP_rc2_40_cbc;
-+		EVP_rc4_40;
-+		EVP_CIPHER_CTX_init;
-+		HMAC;
-+		HMAC_Init;
-+		HMAC_Update;
-+		HMAC_Final;
-+		ERR_get_next_error_library;
-+		EVP_PKEY_cmp_parameters;
-+		HMAC_cleanup;
-+		BIO_ptr_ctrl;
-+		BIO_new_file_internal;
-+		BIO_new_fp_internal;
-+		BIO_s_file_internal;
-+		BN_BLINDING_convert;
-+		BN_BLINDING_invert;
-+		BN_BLINDING_update;
-+		RSA_blinding_on;
-+		RSA_blinding_off;
-+		i2t_ASN1_OBJECT;
-+		BN_BLINDING_new;
-+		BN_BLINDING_free;
-+		EVP_cast5_cbc;
-+		EVP_cast5_cfb64;
-+		EVP_cast5_ecb;
-+		EVP_cast5_ofb;
-+		BF_decrypt;
-+		CAST_set_key;
-+		CAST_encrypt;
-+		CAST_decrypt;
-+		CAST_ecb_encrypt;
-+		CAST_cbc_encrypt;
-+		CAST_cfb64_encrypt;
-+		CAST_ofb64_encrypt;
-+		RC2_decrypt;
-+		OBJ_create_objects;
-+		BN_exp;
-+		BN_mul_word;
-+		BN_sub_word;
-+		BN_dec2bn;
-+		BN_bn2dec;
-+		BIO_ghbn_ctrl;
-+		CRYPTO_free_ex_data;
-+		CRYPTO_get_ex_data;
-+		CRYPTO_set_ex_data;
-+		ERR_load_CRYPTO_strings;
-+		ERR_load_CRYPTOlib_strings;
-+		EVP_PKEY_bits;
-+		MD5_Transform;
-+		SHA1_Transform;
-+		SHA_Transform;
-+		X509_STORE_CTX_get_chain;
-+		X509_STORE_CTX_get_current_cert;
-+		X509_STORE_CTX_get_error;
-+		X509_STORE_CTX_get_error_depth;
-+		X509_STORE_CTX_get_ex_data;
-+		X509_STORE_CTX_set_cert;
-+		X509_STORE_CTX_set_chain;
-+		X509_STORE_CTX_set_error;
-+		X509_STORE_CTX_set_ex_data;
-+		CRYPTO_dup_ex_data;
-+		CRYPTO_get_new_lockid;
-+		CRYPTO_new_ex_data;
-+		RSA_set_ex_data;
-+		RSA_get_ex_data;
-+		RSA_get_ex_new_index;
-+		RSA_padding_add_PKCS1_type_1;
-+		RSA_padding_add_PKCS1_type_2;
-+		RSA_padding_add_SSLv23;
-+		RSA_padding_add_none;
-+		RSA_padding_check_PKCS1_type_1;
-+		RSA_padding_check_PKCS1_type_2;
-+		RSA_padding_check_SSLv23;
-+		RSA_padding_check_none;
-+		bn_add_words;
-+		d2i_Netscape_RSA_2;
-+		CRYPTO_get_ex_new_index;
-+		RIPEMD160_Init;
-+		RIPEMD160_Update;
-+		RIPEMD160_Final;
-+		RIPEMD160;
-+		RIPEMD160_Transform;
-+		RC5_32_set_key;
-+		RC5_32_ecb_encrypt;
-+		RC5_32_encrypt;
-+		RC5_32_decrypt;
-+		RC5_32_cbc_encrypt;
-+		RC5_32_cfb64_encrypt;
-+		RC5_32_ofb64_encrypt;
-+		BN_bn2mpi;
-+		BN_mpi2bn;
-+		ASN1_BIT_STRING_get_bit;
-+		ASN1_BIT_STRING_set_bit;
-+		BIO_get_ex_data;
-+		BIO_get_ex_new_index;
-+		BIO_set_ex_data;
-+		X509v3_get_key_usage;
-+		X509v3_set_key_usage;
-+		a2i_X509v3_key_usage;
-+		i2a_X509v3_key_usage;
-+		EVP_PKEY_decrypt;
-+		EVP_PKEY_encrypt;
-+		PKCS7_RECIP_INFO_set;
-+		PKCS7_add_recipient;
-+		PKCS7_add_recipient_info;
-+		PKCS7_set_cipher;
-+		ASN1_TYPE_get_int_octetstring;
-+		ASN1_TYPE_get_octetstring;
-+		ASN1_TYPE_set_int_octetstring;
-+		ASN1_TYPE_set_octetstring;
-+		ASN1_UTCTIME_set_string;
-+		ERR_add_error_data;
-+		ERR_set_error_data;
-+		EVP_CIPHER_asn1_to_param;
-+		EVP_CIPHER_param_to_asn1;
-+		EVP_CIPHER_get_asn1_iv;
-+		EVP_CIPHER_set_asn1_iv;
-+		EVP_rc5_32_12_16_cbc;
-+		EVP_rc5_32_12_16_cfb64;
-+		EVP_rc5_32_12_16_ecb;
-+		EVP_rc5_32_12_16_ofb;
-+		asn1_add_error;
-+		d2i_ASN1_BMPSTRING;
-+		i2d_ASN1_BMPSTRING;
-+		BIO_f_ber;
-+		BN_init;
-+		COMP_CTX_new;
-+		COMP_CTX_free;
-+		COMP_CTX_compress_block;
-+		COMP_CTX_expand_block;
-+		X509_STORE_CTX_get_ex_new_index;
-+		OBJ_NAME_add;
-+		BIO_socket_nbio;
-+		EVP_rc2_64_cbc;
-+		OBJ_NAME_cleanup;
-+		OBJ_NAME_get;
-+		OBJ_NAME_init;
-+		OBJ_NAME_new_index;
-+		OBJ_NAME_remove;
-+		BN_MONT_CTX_copy;
-+		BIO_new_socks4a_connect;
-+		BIO_s_socks4a_connect;
-+		PROXY_set_connect_mode;
-+		RAND_SSLeay;
-+		RAND_set_rand_method;
-+		RSA_memory_lock;
-+		bn_sub_words;
-+		bn_mul_normal;
-+		bn_mul_comba8;
-+		bn_mul_comba4;
-+		bn_sqr_normal;
-+		bn_sqr_comba8;
-+		bn_sqr_comba4;
-+		bn_cmp_words;
-+		bn_mul_recursive;
-+		bn_mul_part_recursive;
-+		bn_sqr_recursive;
-+		bn_mul_low_normal;
-+		BN_RECP_CTX_init;
-+		BN_RECP_CTX_new;
-+		BN_RECP_CTX_free;
-+		BN_RECP_CTX_set;
-+		BN_mod_mul_reciprocal;
-+		BN_mod_exp_recp;
-+		BN_div_recp;
-+		BN_CTX_init;
-+		BN_MONT_CTX_init;
-+		RAND_get_rand_method;
-+		PKCS7_add_attribute;
-+		PKCS7_add_signed_attribute;
-+		PKCS7_digest_from_attributes;
-+		PKCS7_get_attribute;
-+		PKCS7_get_issuer_and_serial;
-+		PKCS7_get_signed_attribute;
-+		COMP_compress_block;
-+		COMP_expand_block;
-+		COMP_rle;
-+		COMP_zlib;
-+		ms_time_diff;
-+		ms_time_new;
-+		ms_time_free;
-+		ms_time_cmp;
-+		ms_time_get;
-+		PKCS7_set_attributes;
-+		PKCS7_set_signed_attributes;
-+		X509_ATTRIBUTE_create;
-+		X509_ATTRIBUTE_dup;
-+		ASN1_GENERALIZEDTIME_check;
-+		ASN1_GENERALIZEDTIME_print;
-+		ASN1_GENERALIZEDTIME_set;
-+		ASN1_GENERALIZEDTIME_set_string;
-+		ASN1_TIME_print;
-+		BASIC_CONSTRAINTS_free;
-+		BASIC_CONSTRAINTS_new;
-+		ERR_load_X509V3_strings;
-+		NETSCAPE_CERT_SEQUENCE_free;
-+		NETSCAPE_CERT_SEQUENCE_new;
-+		OBJ_txt2obj;
-+		PEM_read_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_NS_CERT_SEQ;
-+		PEM_read_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_read_bio_NS_CERT_SEQ;
-+		PEM_write_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_NS_CERT_SEQ;
-+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE;
-+		PEM_write_bio_NS_CERT_SEQ;
-+		X509V3_EXT_add;
-+		X509V3_EXT_add_alias;
-+		X509V3_EXT_add_conf;
-+		X509V3_EXT_cleanup;
-+		X509V3_EXT_conf;
-+		X509V3_EXT_conf_nid;
-+		X509V3_EXT_get;
-+		X509V3_EXT_get_nid;
-+		X509V3_EXT_print;
-+		X509V3_EXT_print_fp;
-+		X509V3_add_standard_extensions;
-+		X509V3_add_value;
-+		X509V3_add_value_bool;
-+		X509V3_add_value_int;
-+		X509V3_conf_free;
-+		X509V3_get_value_bool;
-+		X509V3_get_value_int;
-+		X509V3_parse_list;
-+		d2i_ASN1_GENERALIZEDTIME;
-+		d2i_ASN1_TIME;
-+		d2i_BASIC_CONSTRAINTS;
-+		d2i_NETSCAPE_CERT_SEQUENCE;
-+		d2i_ext_ku;
-+		ext_ku_free;
-+		ext_ku_new;
-+		i2d_ASN1_GENERALIZEDTIME;
-+		i2d_ASN1_TIME;
-+		i2d_BASIC_CONSTRAINTS;
-+		i2d_NETSCAPE_CERT_SEQUENCE;
-+		i2d_ext_ku;
-+		EVP_MD_CTX_copy;
-+		i2d_ASN1_ENUMERATED;
-+		d2i_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_set;
-+		ASN1_ENUMERATED_get;
-+		BN_to_ASN1_ENUMERATED;
-+		ASN1_ENUMERATED_to_BN;
-+		i2a_ASN1_ENUMERATED;
-+		a2i_ASN1_ENUMERATED;
-+		i2d_GENERAL_NAME;
-+		d2i_GENERAL_NAME;
-+		GENERAL_NAME_new;
-+		GENERAL_NAME_free;
-+		GENERAL_NAMES_new;
-+		GENERAL_NAMES_free;
-+		d2i_GENERAL_NAMES;
-+		i2d_GENERAL_NAMES;
-+		i2v_GENERAL_NAMES;
-+		i2s_ASN1_OCTET_STRING;
-+		s2i_ASN1_OCTET_STRING;
-+		X509V3_EXT_check_conf;
-+		hex_to_string;
-+		string_to_hex;
-+		DES_ede3_cbcm_encrypt;
-+		RSA_padding_add_PKCS1_OAEP;
-+		RSA_padding_check_PKCS1_OAEP;
-+		X509_CRL_print_fp;
-+		X509_CRL_print;
-+		i2v_GENERAL_NAME;
-+		v2i_GENERAL_NAME;
-+		i2d_PKEY_USAGE_PERIOD;
-+		d2i_PKEY_USAGE_PERIOD;
-+		PKEY_USAGE_PERIOD_new;
-+		PKEY_USAGE_PERIOD_free;
-+		v2i_GENERAL_NAMES;
-+		i2s_ASN1_INTEGER;
-+		X509V3_EXT_d2i;
-+		name_cmp;
-+		str_dup;
-+		i2s_ASN1_ENUMERATED;
-+		i2s_ASN1_ENUMERATED_TABLE;
-+		BIO_s_log;
-+		BIO_f_reliable;
-+		PKCS7_dataFinal;
-+		PKCS7_dataDecode;
-+		X509V3_EXT_CRL_add_conf;
-+		BN_set_params;
-+		BN_get_params;
-+		BIO_get_ex_num;
-+		BIO_set_ex_free_func;
-+		EVP_ripemd160;
-+		ASN1_TIME_set;
-+		i2d_AUTHORITY_KEYID;
-+		d2i_AUTHORITY_KEYID;
-+		AUTHORITY_KEYID_new;
-+		AUTHORITY_KEYID_free;
-+		ASN1_seq_unpack;
-+		ASN1_seq_pack;
-+		ASN1_unpack_string;
-+		ASN1_pack_string;
-+		PKCS12_pack_safebag;
-+		PKCS12_MAKE_KEYBAG;
-+		PKCS8_encrypt;
-+		PKCS12_MAKE_SHKEYBAG;
-+		PKCS12_pack_p7data;
-+		PKCS12_pack_p7encdata;
-+		PKCS12_add_localkeyid;
-+		PKCS12_add_friendlyname_asc;
-+		PKCS12_add_friendlyname_uni;
-+		PKCS12_get_friendlyname;
-+		PKCS12_pbe_crypt;
-+		PKCS12_decrypt_d2i;
-+		PKCS12_i2d_encrypt;
-+		PKCS12_init;
-+		PKCS12_key_gen_asc;
-+		PKCS12_key_gen_uni;
-+		PKCS12_gen_mac;
-+		PKCS12_verify_mac;
-+		PKCS12_set_mac;
-+		PKCS12_setup_mac;
-+		OPENSSL_asc2uni;
-+		OPENSSL_uni2asc;
-+		i2d_PKCS12_BAGS;
-+		PKCS12_BAGS_new;
-+		d2i_PKCS12_BAGS;
-+		PKCS12_BAGS_free;
-+		i2d_PKCS12;
-+		d2i_PKCS12;
-+		PKCS12_new;
-+		PKCS12_free;
-+		i2d_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_new;
-+		d2i_PKCS12_MAC_DATA;
-+		PKCS12_MAC_DATA_free;
-+		i2d_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_new;
-+		d2i_PKCS12_SAFEBAG;
-+		PKCS12_SAFEBAG_free;
-+		ERR_load_PKCS12_strings;
-+		PKCS12_PBE_add;
-+		PKCS8_add_keyusage;
-+		PKCS12_get_attr_gen;
-+		PKCS12_parse;
-+		PKCS12_create;
-+		i2d_PKCS12_bio;
-+		i2d_PKCS12_fp;
-+		d2i_PKCS12_bio;
-+		d2i_PKCS12_fp;
-+		i2d_PBEPARAM;
-+		PBEPARAM_new;
-+		d2i_PBEPARAM;
-+		PBEPARAM_free;
-+		i2d_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_new;
-+		d2i_PKCS8_PRIV_KEY_INFO;
-+		PKCS8_PRIV_KEY_INFO_free;
-+		EVP_PKCS82PKEY;
-+		EVP_PKEY2PKCS8;
-+		PKCS8_set_broken;
-+		EVP_PBE_ALGOR_CipherInit;
-+		EVP_PBE_alg_add;
-+		PKCS5_pbe_set;
-+		EVP_PBE_cleanup;
-+		i2d_SXNET;
-+		d2i_SXNET;
-+		SXNET_new;
-+		SXNET_free;
-+		i2d_SXNETID;
-+		d2i_SXNETID;
-+		SXNETID_new;
-+		SXNETID_free;
-+		DSA_SIG_new;
-+		DSA_SIG_free;
-+		DSA_do_sign;
-+		DSA_do_verify;
-+		d2i_DSA_SIG;
-+		i2d_DSA_SIG;
-+		i2d_ASN1_VISIBLESTRING;
-+		d2i_ASN1_VISIBLESTRING;
-+		i2d_ASN1_UTF8STRING;
-+		d2i_ASN1_UTF8STRING;
-+		i2d_DIRECTORYSTRING;
-+		d2i_DIRECTORYSTRING;
-+		i2d_DISPLAYTEXT;
-+		d2i_DISPLAYTEXT;
-+		d2i_ASN1_SET_OF_X509;
-+		i2d_ASN1_SET_OF_X509;
-+		i2d_PBKDF2PARAM;
-+		PBKDF2PARAM_new;
-+		d2i_PBKDF2PARAM;
-+		PBKDF2PARAM_free;
-+		i2d_PBE2PARAM;
-+		PBE2PARAM_new;
-+		d2i_PBE2PARAM;
-+		PBE2PARAM_free;
-+		d2i_ASN1_SET_OF_GENERAL_NAME;
-+		i2d_ASN1_SET_OF_GENERAL_NAME;
-+		d2i_ASN1_SET_OF_SXNETID;
-+		i2d_ASN1_SET_OF_SXNETID;
-+		d2i_ASN1_SET_OF_POLICYQUALINFO;
-+		i2d_ASN1_SET_OF_POLICYQUALINFO;
-+		d2i_ASN1_SET_OF_POLICYINFO;
-+		i2d_ASN1_SET_OF_POLICYINFO;
-+		SXNET_add_id_asc;
-+		SXNET_add_id_ulong;
-+		SXNET_add_id_INTEGER;
-+		SXNET_get_id_asc;
-+		SXNET_get_id_ulong;
-+		SXNET_get_id_INTEGER;
-+		X509V3_set_conf_lhash;
-+		i2d_CERTIFICATEPOLICIES;
-+		CERTIFICATEPOLICIES_new;
-+		CERTIFICATEPOLICIES_free;
-+		d2i_CERTIFICATEPOLICIES;
-+		i2d_POLICYINFO;
-+		POLICYINFO_new;
-+		d2i_POLICYINFO;
-+		POLICYINFO_free;
-+		i2d_POLICYQUALINFO;
-+		POLICYQUALINFO_new;
-+		d2i_POLICYQUALINFO;
-+		POLICYQUALINFO_free;
-+		i2d_USERNOTICE;
-+		USERNOTICE_new;
-+		d2i_USERNOTICE;
-+		USERNOTICE_free;
-+		i2d_NOTICEREF;
-+		NOTICEREF_new;
-+		d2i_NOTICEREF;
-+		NOTICEREF_free;
-+		X509V3_get_string;
-+		X509V3_get_section;
-+		X509V3_string_free;
-+		X509V3_section_free;
-+		X509V3_set_ctx;
-+		s2i_ASN1_INTEGER;
-+		CRYPTO_set_locked_mem_functions;
-+		CRYPTO_get_locked_mem_functions;
-+		CRYPTO_malloc_locked;
-+		CRYPTO_free_locked;
-+		BN_mod_exp2_mont;
-+		ERR_get_error_line_data;
-+		ERR_peek_error_line_data;
-+		PKCS12_PBE_keyivgen;
-+		X509_ALGOR_dup;
-+		d2i_ASN1_SET_OF_DIST_POINT;
-+		i2d_ASN1_SET_OF_DIST_POINT;
-+		i2d_CRL_DIST_POINTS;
-+		CRL_DIST_POINTS_new;
-+		CRL_DIST_POINTS_free;
-+		d2i_CRL_DIST_POINTS;
-+		i2d_DIST_POINT;
-+		DIST_POINT_new;
-+		d2i_DIST_POINT;
-+		DIST_POINT_free;
-+		i2d_DIST_POINT_NAME;
-+		DIST_POINT_NAME_new;
-+		DIST_POINT_NAME_free;
-+		d2i_DIST_POINT_NAME;
-+		X509V3_add_value_uchar;
-+		d2i_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_ASN1_TYPE;
-+		d2i_ASN1_SET_OF_X509_EXTENSION;
-+		d2i_ASN1_SET_OF_X509_NAME_ENTRY;
-+		d2i_ASN1_SET_OF_ASN1_TYPE;
-+		i2d_ASN1_SET_OF_X509_ATTRIBUTE;
-+		i2d_ASN1_SET_OF_X509_EXTENSION;
-+		i2d_ASN1_SET_OF_X509_NAME_ENTRY;
-+		X509V3_EXT_i2d;
-+		X509V3_EXT_val_prn;
-+		X509V3_EXT_add_list;
-+		EVP_CIPHER_type;
-+		EVP_PBE_CipherInit;
-+		X509V3_add_value_bool_nf;
-+		d2i_ASN1_UINTEGER;
-+		sk_value;
-+		sk_num;
-+		sk_set;
-+		i2d_ASN1_SET_OF_X509_REVOKED;
-+		sk_sort;
-+		d2i_ASN1_SET_OF_X509_REVOKED;
-+		i2d_ASN1_SET_OF_X509_ALGOR;
-+		i2d_ASN1_SET_OF_X509_CRL;
-+		d2i_ASN1_SET_OF_X509_ALGOR;
-+		d2i_ASN1_SET_OF_X509_CRL;
-+		i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		i2d_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO;
-+		d2i_ASN1_SET_OF_PKCS7_RECIP_INFO;
-+		PKCS5_PBE_add;
-+		PEM_write_bio_PKCS8;
-+		i2d_PKCS8_fp;
-+		PEM_read_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_bio_P8_PRIV_KEY_INFO;
-+		d2i_PKCS8_bio;
-+		d2i_PKCS8_PRIV_KEY_INFO_fp;
-+		PEM_write_bio_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_bio_P8_PRIV_KEY_INFO;
-+		PEM_read_PKCS8;
-+		d2i_PKCS8_PRIV_KEY_INFO_bio;
-+		d2i_PKCS8_fp;
-+		PEM_write_PKCS8;
-+		PEM_read_PKCS8_PRIV_KEY_INFO;
-+		PEM_read_P8_PRIV_KEY_INFO;
-+		PEM_read_bio_PKCS8;
-+		PEM_write_PKCS8_PRIV_KEY_INFO;
-+		PEM_write_P8_PRIV_KEY_INFO;
-+		PKCS5_PBE_keyivgen;
-+		i2d_PKCS8_bio;
-+		i2d_PKCS8_PRIV_KEY_INFO_fp;
-+		i2d_PKCS8_PRIV_KEY_INFO_bio;
-+		BIO_s_bio;
-+		PKCS5_pbe2_set;
-+		PKCS5_PBKDF2_HMAC_SHA1;
-+		PKCS5_v2_PBE_keyivgen;
-+		PEM_write_bio_PKCS8PrivateKey;
-+		PEM_write_PKCS8PrivateKey;
-+		BIO_ctrl_get_read_request;
-+		BIO_ctrl_pending;
-+		BIO_ctrl_wpending;
-+		BIO_new_bio_pair;
-+		BIO_ctrl_get_write_guarantee;
-+		CRYPTO_num_locks;
-+		CONF_load_bio;
-+		CONF_load_fp;
-+		i2d_ASN1_SET_OF_ASN1_OBJECT;
-+		d2i_ASN1_SET_OF_ASN1_OBJECT;
-+		PKCS7_signatureVerify;
-+		RSA_set_method;
-+		RSA_get_method;
-+		RSA_get_default_method;
-+		RSA_check_key;
-+		OBJ_obj2txt;
-+		DSA_dup_DH;
-+		X509_REQ_get_extensions;
-+		X509_REQ_set_extension_nids;
-+		BIO_nwrite;
-+		X509_REQ_extension_nid;
-+		BIO_nread;
-+		X509_REQ_get_extension_nids;
-+		BIO_nwrite0;
-+		X509_REQ_add_extensions_nid;
-+		BIO_nread0;
-+		X509_REQ_add_extensions;
-+		BIO_new_mem_buf;
-+		DH_set_ex_data;
-+		DH_set_method;
-+		DSA_OpenSSL;
-+		DH_get_ex_data;
-+		DH_get_ex_new_index;
-+		DSA_new_method;
-+		DH_new_method;
-+		DH_OpenSSL;
-+		DSA_get_ex_new_index;
-+		DH_get_default_method;
-+		DSA_set_ex_data;
-+		DH_set_default_method;
-+		DSA_get_ex_data;
-+		X509V3_EXT_REQ_add_conf;
-+		NETSCAPE_SPKI_print;
-+		NETSCAPE_SPKI_set_pubkey;
-+		NETSCAPE_SPKI_b64_encode;
-+		NETSCAPE_SPKI_get_pubkey;
-+		NETSCAPE_SPKI_b64_decode;
-+		UTF8_putc;
-+		UTF8_getc;
-+		RSA_null_method;
-+		ASN1_tag2str;
-+		BIO_ctrl_reset_read_request;
-+		DISPLAYTEXT_new;
-+		ASN1_GENERALIZEDTIME_free;
-+		X509_REVOKED_get_ext_d2i;
-+		X509_set_ex_data;
-+		X509_reject_set_bit_asc;
-+		X509_NAME_add_entry_by_txt;
-+		X509_NAME_add_entry_by_NID;
-+		X509_PURPOSE_get0;
-+		PEM_read_X509_AUX;
-+		d2i_AUTHORITY_INFO_ACCESS;
-+		PEM_write_PUBKEY;
-+		ACCESS_DESCRIPTION_new;
-+		X509_CERT_AUX_free;
-+		d2i_ACCESS_DESCRIPTION;
-+		X509_trust_clear;
-+		X509_TRUST_add;
-+		ASN1_VISIBLESTRING_new;
-+		X509_alias_set1;
-+		ASN1_PRINTABLESTRING_free;
-+		EVP_PKEY_get1_DSA;
-+		ASN1_BMPSTRING_new;
-+		ASN1_mbstring_copy;
-+		ASN1_UTF8STRING_new;
-+		DSA_get_default_method;
-+		i2d_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_T61STRING_free;
-+		DSA_set_method;
-+		X509_get_ex_data;
-+		ASN1_STRING_type;
-+		X509_PURPOSE_get_by_sname;
-+		ASN1_TIME_free;
-+		ASN1_OCTET_STRING_cmp;
-+		ASN1_BIT_STRING_new;
-+		X509_get_ext_d2i;
-+		PEM_read_bio_X509_AUX;
-+		ASN1_STRING_set_default_mask_asc;
-+		ASN1_STRING_set_def_mask_asc;
-+		PEM_write_bio_RSA_PUBKEY;
-+		ASN1_INTEGER_cmp;
-+		d2i_RSA_PUBKEY_fp;
-+		X509_trust_set_bit_asc;
-+		PEM_write_bio_DSA_PUBKEY;
-+		X509_STORE_CTX_free;
-+		EVP_PKEY_set1_DSA;
-+		i2d_DSA_PUBKEY_fp;
-+		X509_load_cert_crl_file;
-+		ASN1_TIME_new;
-+		i2d_RSA_PUBKEY;
-+		X509_STORE_CTX_purpose_inherit;
-+		PEM_read_RSA_PUBKEY;
-+		d2i_X509_AUX;
-+		i2d_DSA_PUBKEY;
-+		X509_CERT_AUX_print;
-+		PEM_read_DSA_PUBKEY;
-+		i2d_RSA_PUBKEY_bio;
-+		ASN1_BIT_STRING_num_asc;
-+		i2d_PUBKEY;
-+		ASN1_UTCTIME_free;
-+		DSA_set_default_method;
-+		X509_PURPOSE_get_by_id;
-+		ACCESS_DESCRIPTION_free;
-+		PEM_read_bio_PUBKEY;
-+		ASN1_STRING_set_by_NID;
-+		X509_PURPOSE_get_id;
-+		DISPLAYTEXT_free;
-+		OTHERNAME_new;
-+		X509_CERT_AUX_new;
-+		X509_TRUST_cleanup;
-+		X509_NAME_add_entry_by_OBJ;
-+		X509_CRL_get_ext_d2i;
-+		X509_PURPOSE_get0_name;
-+		PEM_read_PUBKEY;
-+		i2d_DSA_PUBKEY_bio;
-+		i2d_OTHERNAME;
-+		ASN1_OCTET_STRING_free;
-+		ASN1_BIT_STRING_set_asc;
-+		X509_get_ex_new_index;
-+		ASN1_STRING_TABLE_cleanup;
-+		X509_TRUST_get_by_id;
-+		X509_PURPOSE_get_trust;
-+		ASN1_STRING_length;
-+		d2i_ASN1_SET_OF_ACCESS_DESCRIPTION;
-+		ASN1_PRINTABLESTRING_new;
-+		X509V3_get_d2i;
-+		ASN1_ENUMERATED_free;
-+		i2d_X509_CERT_AUX;
-+		X509_STORE_CTX_set_trust;
-+		ASN1_STRING_set_default_mask;
-+		X509_STORE_CTX_new;
-+		EVP_PKEY_get1_RSA;
-+		DIRECTORYSTRING_free;
-+		PEM_write_X509_AUX;
-+		ASN1_OCTET_STRING_set;
-+		d2i_DSA_PUBKEY_fp;
-+		d2i_RSA_PUBKEY;
-+		X509_TRUST_get0_name;
-+		X509_TRUST_get0;
-+		AUTHORITY_INFO_ACCESS_free;
-+		ASN1_IA5STRING_new;
-+		d2i_DSA_PUBKEY;
-+		X509_check_purpose;
-+		ASN1_ENUMERATED_new;
-+		d2i_RSA_PUBKEY_bio;
-+		d2i_PUBKEY;
-+		X509_TRUST_get_trust;
-+		X509_TRUST_get_flags;
-+		ASN1_BMPSTRING_free;
-+		ASN1_T61STRING_new;
-+		ASN1_UTCTIME_new;
-+		i2d_AUTHORITY_INFO_ACCESS;
-+		EVP_PKEY_set1_RSA;
-+		X509_STORE_CTX_set_purpose;
-+		ASN1_IA5STRING_free;
-+		PEM_write_bio_X509_AUX;
-+		X509_PURPOSE_get_count;
-+		CRYPTO_add_info;
-+		X509_NAME_ENTRY_create_by_txt;
-+		ASN1_STRING_get_default_mask;
-+		X509_alias_get0;
-+		ASN1_STRING_data;
-+		i2d_ACCESS_DESCRIPTION;
-+		X509_trust_set_bit;
-+		ASN1_BIT_STRING_free;
-+		PEM_read_bio_RSA_PUBKEY;
-+		X509_add1_reject_object;
-+		X509_check_trust;
-+		PEM_read_bio_DSA_PUBKEY;
-+		X509_PURPOSE_add;
-+		ASN1_STRING_TABLE_get;
-+		ASN1_UTF8STRING_free;
-+		d2i_DSA_PUBKEY_bio;
-+		PEM_write_RSA_PUBKEY;
-+		d2i_OTHERNAME;
-+		X509_reject_set_bit;
-+		PEM_write_DSA_PUBKEY;
-+		X509_PURPOSE_get0_sname;
-+		EVP_PKEY_set1_DH;
-+		ASN1_OCTET_STRING_dup;
-+		ASN1_BIT_STRING_set;
-+		X509_TRUST_get_count;
-+		ASN1_INTEGER_free;
-+		OTHERNAME_free;
-+		i2d_RSA_PUBKEY_fp;
-+		ASN1_INTEGER_dup;
-+		d2i_X509_CERT_AUX;
-+		PEM_write_bio_PUBKEY;
-+		ASN1_VISIBLESTRING_free;
-+		X509_PURPOSE_cleanup;
-+		ASN1_mbstring_ncopy;
-+		ASN1_GENERALIZEDTIME_new;
-+		EVP_PKEY_get1_DH;
-+		ASN1_OCTET_STRING_new;
-+		ASN1_INTEGER_new;
-+		i2d_X509_AUX;
-+		ASN1_BIT_STRING_name_print;
-+		X509_cmp;
-+		ASN1_STRING_length_set;
-+		DIRECTORYSTRING_new;
-+		X509_add1_trust_object;
-+		PKCS12_newpass;
-+		SMIME_write_PKCS7;
-+		SMIME_read_PKCS7;
-+		DES_set_key_checked;
-+		PKCS7_verify;
-+		PKCS7_encrypt;
-+		DES_set_key_unchecked;
-+		SMIME_crlf_copy;
-+		i2d_ASN1_PRINTABLESTRING;
-+		PKCS7_get0_signers;
-+		PKCS7_decrypt;
-+		SMIME_text;
-+		PKCS7_simple_smimecap;
-+		PKCS7_get_smimecap;
-+		PKCS7_sign;
-+		PKCS7_add_attrib_smimecap;
-+		CRYPTO_dbg_set_options;
-+		CRYPTO_remove_all_info;
-+		CRYPTO_get_mem_debug_functions;
-+		CRYPTO_is_mem_check_on;
-+		CRYPTO_set_mem_debug_functions;
-+		CRYPTO_pop_info;
-+		CRYPTO_push_info_;
-+		CRYPTO_set_mem_debug_options;
-+		PEM_write_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivateKey_nid;
-+		PEM_write_bio_PKCS8PrivKey_nid;
-+		d2i_PKCS8PrivateKey_bio;
-+		ASN1_NULL_free;
-+		d2i_ASN1_NULL;
-+		ASN1_NULL_new;
-+		i2d_PKCS8PrivateKey_bio;
-+		i2d_PKCS8PrivateKey_fp;
-+		i2d_ASN1_NULL;
-+		i2d_PKCS8PrivateKey_nid_fp;
-+		d2i_PKCS8PrivateKey_fp;
-+		i2d_PKCS8PrivateKey_nid_bio;
-+		i2d_PKCS8PrivateKeyInfo_fp;
-+		i2d_PKCS8PrivateKeyInfo_bio;
-+		PEM_cb;
-+		i2d_PrivateKey_fp;
-+		d2i_PrivateKey_bio;
-+		d2i_PrivateKey_fp;
-+		i2d_PrivateKey_bio;
-+		X509_reject_clear;
-+		X509_TRUST_set_default;
-+		d2i_AutoPrivateKey;
-+		X509_ATTRIBUTE_get0_type;
-+		X509_ATTRIBUTE_set1_data;
-+		X509at_get_attr;
-+		X509at_get_attr_count;
-+		X509_ATTRIBUTE_create_by_NID;
-+		X509_ATTRIBUTE_set1_object;
-+		X509_ATTRIBUTE_count;
-+		X509_ATTRIBUTE_create_by_OBJ;
-+		X509_ATTRIBUTE_get0_object;
-+		X509at_get_attr_by_NID;
-+		X509at_add1_attr;
-+		X509_ATTRIBUTE_get0_data;
-+		X509at_delete_attr;
-+		X509at_get_attr_by_OBJ;
-+		RAND_add;
-+		BIO_number_written;
-+		BIO_number_read;
-+		X509_STORE_CTX_get1_chain;
-+		ERR_load_RAND_strings;
-+		RAND_pseudo_bytes;
-+		X509_REQ_get_attr_by_NID;
-+		X509_REQ_get_attr;
-+		X509_REQ_add1_attr_by_NID;
-+		X509_REQ_get_attr_by_OBJ;
-+		X509at_add1_attr_by_NID;
-+		X509_REQ_add1_attr_by_OBJ;
-+		X509_REQ_get_attr_count;
-+		X509_REQ_add1_attr;
-+		X509_REQ_delete_attr;
-+		X509at_add1_attr_by_OBJ;
-+		X509_REQ_add1_attr_by_txt;
-+		X509_ATTRIBUTE_create_by_txt;
-+		X509at_add1_attr_by_txt;
-+		BN_pseudo_rand;
-+		BN_is_prime_fasttest;
-+		BN_CTX_end;
-+		BN_CTX_start;
-+		BN_CTX_get;
-+		EVP_PKEY2PKCS8_broken;
-+		ASN1_STRING_TABLE_add;
-+		CRYPTO_dbg_get_options;
-+		AUTHORITY_INFO_ACCESS_new;
-+		CRYPTO_get_mem_debug_options;
-+		DES_crypt;
-+		PEM_write_bio_X509_REQ_NEW;
-+		PEM_write_X509_REQ_NEW;
-+		BIO_callback_ctrl;
-+		RAND_egd;
-+		RAND_status;
-+		bn_dump1;
-+		DES_check_key_parity;
-+		lh_num_items;
-+		RAND_event;
-+		DSO_new;
-+		DSO_new_method;
-+		DSO_free;
-+		DSO_flags;
-+		DSO_up;
-+		DSO_set_default_method;
-+		DSO_get_default_method;
-+		DSO_get_method;
-+		DSO_set_method;
-+		DSO_load;
-+		DSO_bind_var;
-+		DSO_METHOD_null;
-+		DSO_METHOD_openssl;
-+		DSO_METHOD_dlfcn;
-+		DSO_METHOD_win32;
-+		ERR_load_DSO_strings;
-+		DSO_METHOD_dl;
-+		NCONF_load;
-+		NCONF_load_fp;
-+		NCONF_new;
-+		NCONF_get_string;
-+		NCONF_free;
-+		NCONF_get_number;
-+		CONF_dump_fp;
-+		NCONF_load_bio;
-+		NCONF_dump_fp;
-+		NCONF_get_section;
-+		NCONF_dump_bio;
-+		CONF_dump_bio;
-+		NCONF_free_data;
-+		CONF_set_default_method;
-+		ERR_error_string_n;
-+		BIO_snprintf;
-+		DSO_ctrl;
-+		i2d_ASN1_SET_OF_ASN1_INTEGER;
-+		i2d_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		i2d_ASN1_SET_OF_PKCS7;
-+		BIO_vfree;
-+		d2i_ASN1_SET_OF_ASN1_INTEGER;
-+		d2i_ASN1_SET_OF_PKCS12_SAFEBAG;
-+		ASN1_UTCTIME_get;
-+		X509_REQ_digest;
-+		X509_CRL_digest;
-+		d2i_ASN1_SET_OF_PKCS7;
-+		EVP_CIPHER_CTX_set_key_length;
-+		EVP_CIPHER_CTX_ctrl;
-+		BN_mod_exp_mont_word;
-+		RAND_egd_bytes;
-+		X509_REQ_get1_email;
-+		X509_get1_email;
-+		X509_email_free;
-+		i2d_RSA_NET;
-+		d2i_RSA_NET_2;
-+		d2i_RSA_NET;
-+		DSO_bind_func;
-+		CRYPTO_get_new_dynlockid;
-+		sk_new_null;
-+		CRYPTO_set_dynlock_destroy_callback;
-+		CRYPTO_set_dynlock_destroy_cb;
-+		CRYPTO_destroy_dynlockid;
-+		CRYPTO_set_dynlock_size;
-+		CRYPTO_set_dynlock_create_callback;
-+		CRYPTO_set_dynlock_create_cb;
-+		CRYPTO_set_dynlock_lock_callback;
-+		CRYPTO_set_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_lock_callback;
-+		CRYPTO_get_dynlock_lock_cb;
-+		CRYPTO_get_dynlock_destroy_callback;
-+		CRYPTO_get_dynlock_destroy_cb;
-+		CRYPTO_get_dynlock_value;
-+		CRYPTO_get_dynlock_create_callback;
-+		CRYPTO_get_dynlock_create_cb;
-+		c2i_ASN1_BIT_STRING;
-+		i2c_ASN1_BIT_STRING;
-+		RAND_poll;
-+		c2i_ASN1_INTEGER;
-+		i2c_ASN1_INTEGER;
-+		BIO_dump_indent;
-+		ASN1_parse_dump;
-+		c2i_ASN1_OBJECT;
-+		X509_NAME_print_ex_fp;
-+		ASN1_STRING_print_ex_fp;
-+		X509_NAME_print_ex;
-+		ASN1_STRING_print_ex;
-+		MD4;
-+		MD4_Transform;
-+		MD4_Final;
-+		MD4_Update;
-+		MD4_Init;
-+		EVP_md4;
-+		i2d_PUBKEY_bio;
-+		i2d_PUBKEY_fp;
-+		d2i_PUBKEY_bio;
-+		ASN1_STRING_to_UTF8;
-+		BIO_vprintf;
-+		BIO_vsnprintf;
-+		d2i_PUBKEY_fp;
-+		X509_cmp_time;
-+		X509_STORE_CTX_set_time;
-+		X509_STORE_CTX_get1_issuer;
-+		X509_OBJECT_retrieve_match;
-+		X509_OBJECT_idx_by_subject;
-+		X509_STORE_CTX_set_flags;
-+		X509_STORE_CTX_trusted_stack;
-+		X509_time_adj;
-+		X509_check_issued;
-+		ASN1_UTCTIME_cmp_time_t;
-+		DES_set_weak_key_flag;
-+		DES_check_key;
-+		DES_rw_mode;
-+		RSA_PKCS1_RSAref;
-+		X509_keyid_set1;
-+		BIO_next;
-+		DSO_METHOD_vms;
-+		BIO_f_linebuffer;
-+		BN_bntest_rand;
-+		OPENSSL_issetugid;
-+		BN_rand_range;
-+		ERR_load_ENGINE_strings;
-+		ENGINE_set_DSA;
-+		ENGINE_get_finish_function;
-+		ENGINE_get_default_RSA;
-+		ENGINE_get_BN_mod_exp;
-+		DSA_get_default_openssl_method;
-+		ENGINE_set_DH;
-+		ENGINE_set_def_BN_mod_exp_crt;
-+		ENGINE_set_default_BN_mod_exp_crt;
-+		ENGINE_init;
-+		DH_get_default_openssl_method;
-+		RSA_set_default_openssl_method;
-+		ENGINE_finish;
-+		ENGINE_load_public_key;
-+		ENGINE_get_DH;
-+		ENGINE_ctrl;
-+		ENGINE_get_init_function;
-+		ENGINE_set_init_function;
-+		ENGINE_set_default_DSA;
-+		ENGINE_get_name;
-+		ENGINE_get_last;
-+		ENGINE_get_prev;
-+		ENGINE_get_default_DH;
-+		ENGINE_get_RSA;
-+		ENGINE_set_default;
-+		ENGINE_get_RAND;
-+		ENGINE_get_first;
-+		ENGINE_by_id;
-+		ENGINE_set_finish_function;
-+		ENGINE_get_def_BN_mod_exp_crt;
-+		ENGINE_get_default_BN_mod_exp_crt;
-+		RSA_get_default_openssl_method;
-+		ENGINE_set_RSA;
-+		ENGINE_load_private_key;
-+		ENGINE_set_default_RAND;
-+		ENGINE_set_BN_mod_exp;
-+		ENGINE_remove;
-+		ENGINE_free;
-+		ENGINE_get_BN_mod_exp_crt;
-+		ENGINE_get_next;
-+		ENGINE_set_name;
-+		ENGINE_get_default_DSA;
-+		ENGINE_set_default_BN_mod_exp;
-+		ENGINE_set_default_RSA;
-+		ENGINE_get_default_RAND;
-+		ENGINE_get_default_BN_mod_exp;
-+		ENGINE_set_RAND;
-+		ENGINE_set_id;
-+		ENGINE_set_BN_mod_exp_crt;
-+		ENGINE_set_default_DH;
-+		ENGINE_new;
-+		ENGINE_get_id;
-+		DSA_set_default_openssl_method;
-+		ENGINE_add;
-+		DH_set_default_openssl_method;
-+		ENGINE_get_DSA;
-+		ENGINE_get_ctrl_function;
-+		ENGINE_set_ctrl_function;
-+		BN_pseudo_rand_range;
-+		X509_STORE_CTX_set_verify_cb;
-+		ERR_load_COMP_strings;
-+		PKCS12_item_decrypt_d2i;
-+		ASN1_UTF8STRING_it;
-+		ENGINE_unregister_ciphers;
-+		ENGINE_get_ciphers;
-+		d2i_OCSP_BASICRESP;
-+		KRB5_CHECKSUM_it;
-+		EC_POINT_add;
-+		ASN1_item_ex_i2d;
-+		OCSP_CERTID_it;
-+		d2i_OCSP_RESPBYTES;
-+		X509V3_add1_i2d;
-+		PKCS7_ENVELOPE_it;
-+		UI_add_input_boolean;
-+		ENGINE_unregister_RSA;
-+		X509V3_EXT_nconf;
-+		ASN1_GENERALSTRING_free;
-+		d2i_OCSP_CERTSTATUS;
-+		X509_REVOKED_set_serialNumber;
-+		X509_print_ex;
-+		OCSP_ONEREQ_get1_ext_d2i;
-+		ENGINE_register_all_RAND;
-+		ENGINE_load_dynamic;
-+		PBKDF2PARAM_it;
-+		EXTENDED_KEY_USAGE_new;
-+		EC_GROUP_clear_free;
-+		OCSP_sendreq_bio;
-+		ASN1_item_digest;
-+		OCSP_BASICRESP_delete_ext;
-+		OCSP_SIGNATURE_it;
-+		X509_CRL_it;
-+		OCSP_BASICRESP_add_ext;
-+		KRB5_ENCKEY_it;
-+		UI_method_set_closer;
-+		X509_STORE_set_purpose;
-+		i2d_ASN1_GENERALSTRING;
-+		OCSP_response_status;
-+		i2d_OCSP_SERVICELOC;
-+		ENGINE_get_digest_engine;
-+		EC_GROUP_set_curve_GFp;
-+		OCSP_REQUEST_get_ext_by_OBJ;
-+		_ossl_old_des_random_key;
-+		ASN1_T61STRING_it;
-+		EC_GROUP_method_of;
-+		i2d_KRB5_APREQ;
-+		_ossl_old_des_encrypt;
-+		ASN1_PRINTABLE_new;
-+		HMAC_Init_ex;
-+		d2i_KRB5_AUTHENT;
-+		OCSP_archive_cutoff_new;
-+		EC_POINT_set_Jprojective_coordinates_GFp;
-+		EC_POINT_set_Jproj_coords_GFp;
-+		_ossl_old_des_is_weak_key;
-+		OCSP_BASICRESP_get_ext_by_OBJ;
-+		EC_POINT_oct2point;
-+		OCSP_SINGLERESP_get_ext_count;
-+		UI_ctrl;
-+		_shadow_DES_rw_mode;
-+		asn1_do_adb;
-+		ASN1_template_i2d;
-+		ENGINE_register_DH;
-+		UI_construct_prompt;
-+		X509_STORE_set_trust;
-+		UI_dup_input_string;
-+		d2i_KRB5_APREQ;
-+		EVP_MD_CTX_copy_ex;
-+		OCSP_request_is_signed;
-+		i2d_OCSP_REQINFO;
-+		KRB5_ENCKEY_free;
-+		OCSP_resp_get0;
-+		GENERAL_NAME_it;
-+		ASN1_GENERALIZEDTIME_it;
-+		X509_STORE_set_flags;
-+		EC_POINT_set_compressed_coordinates_GFp;
-+		EC_POINT_set_compr_coords_GFp;
-+		OCSP_response_status_str;
-+		d2i_OCSP_REVOKEDINFO;
-+		OCSP_basic_add1_cert;
-+		ERR_get_implementation;
-+		EVP_CipherFinal_ex;
-+		OCSP_CERTSTATUS_new;
-+		CRYPTO_cleanup_all_ex_data;
-+		OCSP_resp_find;
-+		BN_nnmod;
-+		X509_CRL_sort;
-+		X509_REVOKED_set_revocationDate;
-+		ENGINE_register_RAND;
-+		OCSP_SERVICELOC_new;
-+		EC_POINT_set_affine_coordinates_GFp;
-+		EC_POINT_set_affine_coords_GFp;
-+		_ossl_old_des_options;
-+		SXNET_it;
-+		UI_dup_input_boolean;
-+		PKCS12_add_CSPName_asc;
-+		EC_POINT_is_at_infinity;
-+		ENGINE_load_cryptodev;
-+		DSO_convert_filename;
-+		POLICYQUALINFO_it;
-+		ENGINE_register_ciphers;
-+		BN_mod_lshift_quick;
-+		DSO_set_filename;
-+		ASN1_item_free;
-+		KRB5_TKTBODY_free;
-+		AUTHORITY_KEYID_it;
-+		KRB5_APREQBODY_new;
-+		X509V3_EXT_REQ_add_nconf;
-+		ENGINE_ctrl_cmd_string;
-+		i2d_OCSP_RESPDATA;
-+		EVP_MD_CTX_init;
-+		EXTENDED_KEY_USAGE_free;
-+		PKCS7_ATTR_SIGN_it;
-+		UI_add_error_string;
-+		KRB5_CHECKSUM_free;
-+		OCSP_REQUEST_get_ext;
-+		ENGINE_load_ubsec;
-+		ENGINE_register_all_digests;
-+		PKEY_USAGE_PERIOD_it;
-+		PKCS12_unpack_authsafes;
-+		ASN1_item_unpack;
-+		NETSCAPE_SPKAC_it;
-+		X509_REVOKED_it;
-+		ASN1_STRING_encode;
-+		EVP_aes_128_ecb;
-+		KRB5_AUTHENT_free;
-+		OCSP_BASICRESP_get_ext_by_critical;
-+		OCSP_BASICRESP_get_ext_by_crit;
-+		OCSP_cert_status_str;
-+		d2i_OCSP_REQUEST;
-+		UI_dup_info_string;
-+		_ossl_old_des_xwhite_in2out;
-+		PKCS12_it;
-+		OCSP_SINGLERESP_get_ext_by_critical;
-+		OCSP_SINGLERESP_get_ext_by_crit;
-+		OCSP_CERTSTATUS_free;
-+		_ossl_old_des_crypt;
-+		ASN1_item_i2d;
-+		EVP_DecryptFinal_ex;
-+		ENGINE_load_openssl;
-+		ENGINE_get_cmd_defns;
-+		ENGINE_set_load_privkey_function;
-+		ENGINE_set_load_privkey_fn;
-+		EVP_EncryptFinal_ex;
-+		ENGINE_set_default_digests;
-+		X509_get0_pubkey_bitstr;
-+		asn1_ex_i2c;
-+		ENGINE_register_RSA;
-+		ENGINE_unregister_DSA;
-+		_ossl_old_des_key_sched;
-+		X509_EXTENSION_it;
-+		i2d_KRB5_AUTHENT;
-+		SXNETID_it;
-+		d2i_OCSP_SINGLERESP;
-+		EDIPARTYNAME_new;
-+		PKCS12_certbag2x509;
-+		_ossl_old_des_ofb64_encrypt;
-+		d2i_EXTENDED_KEY_USAGE;
-+		ERR_print_errors_cb;
-+		ENGINE_set_ciphers;
-+		d2i_KRB5_APREQBODY;
-+		UI_method_get_flusher;
-+		X509_PUBKEY_it;
-+		_ossl_old_des_enc_read;
-+		PKCS7_ENCRYPT_it;
-+		i2d_OCSP_RESPONSE;
-+		EC_GROUP_get_cofactor;
-+		PKCS12_unpack_p7data;
-+		d2i_KRB5_AUTHDATA;
-+		OCSP_copy_nonce;
-+		KRB5_AUTHDATA_new;
-+		OCSP_RESPDATA_new;
-+		EC_GFp_mont_method;
-+		OCSP_REVOKEDINFO_free;
-+		UI_get_ex_data;
-+		KRB5_APREQBODY_free;
-+		EC_GROUP_get0_generator;
-+		UI_get_default_method;
-+		X509V3_set_nconf;
-+		PKCS12_item_i2d_encrypt;
-+		X509_add1_ext_i2d;
-+		PKCS7_SIGNER_INFO_it;
-+		KRB5_PRINCNAME_new;
-+		PKCS12_SAFEBAG_it;
-+		EC_GROUP_get_order;
-+		d2i_OCSP_RESPID;
-+		OCSP_request_verify;
-+		NCONF_get_number_e;
-+		_ossl_old_des_decrypt3;
-+		X509_signature_print;
-+		OCSP_SINGLERESP_free;
-+		ENGINE_load_builtin_engines;
-+		i2d_OCSP_ONEREQ;
-+		OCSP_REQUEST_add_ext;
-+		OCSP_RESPBYTES_new;
-+		EVP_MD_CTX_create;
-+		OCSP_resp_find_status;
-+		X509_ALGOR_it;
-+		ASN1_TIME_it;
-+		OCSP_request_set1_name;
-+		OCSP_ONEREQ_get_ext_count;
-+		UI_get0_result;
-+		PKCS12_AUTHSAFES_it;
-+		EVP_aes_256_ecb;
-+		PKCS12_pack_authsafes;
-+		ASN1_IA5STRING_it;
-+		UI_get_input_flags;
-+		EC_GROUP_set_generator;
-+		_ossl_old_des_string_to_2keys;
-+		OCSP_CERTID_free;
-+		X509_CERT_AUX_it;
-+		CERTIFICATEPOLICIES_it;
-+		_ossl_old_des_ede3_cbc_encrypt;
-+		RAND_set_rand_engine;
-+		DSO_get_loaded_filename;
-+		X509_ATTRIBUTE_it;
-+		OCSP_ONEREQ_get_ext_by_NID;
-+		PKCS12_decrypt_skey;
-+		KRB5_AUTHENT_it;
-+		UI_dup_error_string;
-+		RSAPublicKey_it;
-+		i2d_OCSP_REQUEST;
-+		PKCS12_x509crl2certbag;
-+		OCSP_SERVICELOC_it;
-+		ASN1_item_sign;
-+		X509_CRL_set_issuer_name;
-+		OBJ_NAME_do_all_sorted;
-+		i2d_OCSP_BASICRESP;
-+		i2d_OCSP_RESPBYTES;
-+		PKCS12_unpack_p7encdata;
-+		HMAC_CTX_init;
-+		ENGINE_get_digest;
-+		OCSP_RESPONSE_print;
-+		KRB5_TKTBODY_it;
-+		ACCESS_DESCRIPTION_it;
-+		PKCS7_ISSUER_AND_SERIAL_it;
-+		PBE2PARAM_it;
-+		PKCS12_certbag2x509crl;
-+		PKCS7_SIGNED_it;
-+		ENGINE_get_cipher;
-+		i2d_OCSP_CRLID;
-+		OCSP_SINGLERESP_new;
-+		ENGINE_cmd_is_executable;
-+		RSA_up_ref;
-+		ASN1_GENERALSTRING_it;
-+		ENGINE_register_DSA;
-+		X509V3_EXT_add_nconf_sk;
-+		ENGINE_set_load_pubkey_function;
-+		PKCS8_decrypt;
-+		PEM_bytes_read_bio;
-+		DIRECTORYSTRING_it;
-+		d2i_OCSP_CRLID;
-+		EC_POINT_is_on_curve;
-+		CRYPTO_set_locked_mem_ex_functions;
-+		CRYPTO_set_locked_mem_ex_funcs;
-+		d2i_KRB5_CHECKSUM;
-+		ASN1_item_dup;
-+		X509_it;
-+		BN_mod_add;
-+		KRB5_AUTHDATA_free;
-+		_ossl_old_des_cbc_cksum;
-+		ASN1_item_verify;
-+		CRYPTO_set_mem_ex_functions;
-+		EC_POINT_get_Jprojective_coordinates_GFp;
-+		EC_POINT_get_Jproj_coords_GFp;
-+		ZLONG_it;
-+		CRYPTO_get_locked_mem_ex_functions;
-+		CRYPTO_get_locked_mem_ex_funcs;
-+		ASN1_TIME_check;
-+		UI_get0_user_data;
-+		HMAC_CTX_cleanup;
-+		DSA_up_ref;
-+		_ossl_old_des_ede3_cfb64_encrypt;
-+		_ossl_odes_ede3_cfb64_encrypt;
-+		ASN1_BMPSTRING_it;
-+		ASN1_tag2bit;
-+		UI_method_set_flusher;
-+		X509_ocspid_print;
-+		KRB5_ENCDATA_it;
-+		ENGINE_get_load_pubkey_function;
-+		UI_add_user_data;
-+		OCSP_REQUEST_delete_ext;
-+		UI_get_method;
-+		OCSP_ONEREQ_free;
-+		ASN1_PRINTABLESTRING_it;
-+		X509_CRL_set_nextUpdate;
-+		OCSP_REQUEST_it;
-+		OCSP_BASICRESP_it;
-+		AES_ecb_encrypt;
-+		BN_mod_sqr;
-+		NETSCAPE_CERT_SEQUENCE_it;
-+		GENERAL_NAMES_it;
-+		AUTHORITY_INFO_ACCESS_it;
-+		ASN1_FBOOLEAN_it;
-+		UI_set_ex_data;
-+		_ossl_old_des_string_to_key;
-+		ENGINE_register_all_RSA;
-+		d2i_KRB5_PRINCNAME;
-+		OCSP_RESPBYTES_it;
-+		X509_CINF_it;
-+		ENGINE_unregister_digests;
-+		d2i_EDIPARTYNAME;
-+		d2i_OCSP_SERVICELOC;
-+		ENGINE_get_digests;
-+		_ossl_old_des_set_odd_parity;
-+		OCSP_RESPDATA_free;
-+		d2i_KRB5_TICKET;
-+		OTHERNAME_it;
-+		EVP_MD_CTX_cleanup;
-+		d2i_ASN1_GENERALSTRING;
-+		X509_CRL_set_version;
-+		BN_mod_sub;
-+		OCSP_SINGLERESP_get_ext_by_NID;
-+		ENGINE_get_ex_new_index;
-+		OCSP_REQUEST_free;
-+		OCSP_REQUEST_add1_ext_i2d;
-+		X509_VAL_it;
-+		EC_POINTs_make_affine;
-+		EC_POINT_mul;
-+		X509V3_EXT_add_nconf;
-+		X509_TRUST_set;
-+		X509_CRL_add1_ext_i2d;
-+		_ossl_old_des_fcrypt;
-+		DISPLAYTEXT_it;
-+		X509_CRL_set_lastUpdate;
-+		OCSP_BASICRESP_free;
-+		OCSP_BASICRESP_add1_ext_i2d;
-+		d2i_KRB5_AUTHENTBODY;
-+		CRYPTO_set_ex_data_implementation;
-+		CRYPTO_set_ex_data_impl;
-+		KRB5_ENCDATA_new;
-+		DSO_up_ref;
-+		OCSP_crl_reason_str;
-+		UI_get0_result_string;
-+		ASN1_GENERALSTRING_new;
-+		X509_SIG_it;
-+		ERR_set_implementation;
-+		ERR_load_EC_strings;
-+		UI_get0_action_string;
-+		OCSP_ONEREQ_get_ext;
-+		EC_POINT_method_of;
-+		i2d_KRB5_APREQBODY;
-+		_ossl_old_des_ecb3_encrypt;
-+		CRYPTO_get_mem_ex_functions;
-+		ENGINE_get_ex_data;
-+		UI_destroy_method;
-+		ASN1_item_i2d_bio;
-+		OCSP_ONEREQ_get_ext_by_OBJ;
-+		ASN1_primitive_new;
-+		ASN1_PRINTABLE_it;
-+		EVP_aes_192_ecb;
-+		OCSP_SIGNATURE_new;
-+		LONG_it;
-+		ASN1_VISIBLESTRING_it;
-+		OCSP_SINGLERESP_add1_ext_i2d;
-+		d2i_OCSP_CERTID;
-+		ASN1_item_d2i_fp;
-+		CRL_DIST_POINTS_it;
-+		GENERAL_NAME_print;
-+		OCSP_SINGLERESP_delete_ext;
-+		PKCS12_SAFEBAGS_it;
-+		d2i_OCSP_SIGNATURE;
-+		OCSP_request_add1_nonce;
-+		ENGINE_set_cmd_defns;
-+		OCSP_SERVICELOC_free;
-+		EC_GROUP_free;
-+		ASN1_BIT_STRING_it;
-+		X509_REQ_it;
-+		_ossl_old_des_cbc_encrypt;
-+		ERR_unload_strings;
-+		PKCS7_SIGN_ENVELOPE_it;
-+		EDIPARTYNAME_free;
-+		OCSP_REQINFO_free;
-+		EC_GROUP_new_curve_GFp;
-+		OCSP_REQUEST_get1_ext_d2i;
-+		PKCS12_item_pack_safebag;
-+		asn1_ex_c2i;
-+		ENGINE_register_digests;
-+		i2d_OCSP_REVOKEDINFO;
-+		asn1_enc_restore;
-+		UI_free;
-+		UI_new_method;
-+		EVP_EncryptInit_ex;
-+		X509_pubkey_digest;
-+		EC_POINT_invert;
-+		OCSP_basic_sign;
-+		i2d_OCSP_RESPID;
-+		OCSP_check_nonce;
-+		ENGINE_ctrl_cmd;
-+		d2i_KRB5_ENCKEY;
-+		OCSP_parse_url;
-+		OCSP_SINGLERESP_get_ext;
-+		OCSP_CRLID_free;
-+		OCSP_BASICRESP_get1_ext_d2i;
-+		RSAPrivateKey_it;
-+		ENGINE_register_all_DH;
-+		i2d_EDIPARTYNAME;
-+		EC_POINT_get_affine_coordinates_GFp;
-+		EC_POINT_get_affine_coords_GFp;
-+		OCSP_CRLID_new;
-+		ENGINE_get_flags;
-+		OCSP_ONEREQ_it;
-+		UI_process;
-+		ASN1_INTEGER_it;
-+		EVP_CipherInit_ex;
-+		UI_get_string_type;
-+		ENGINE_unregister_DH;
-+		ENGINE_register_all_DSA;
-+		OCSP_ONEREQ_get_ext_by_critical;
-+		bn_dup_expand;
-+		OCSP_cert_id_new;
-+		BASIC_CONSTRAINTS_it;
-+		BN_mod_add_quick;
-+		EC_POINT_new;
-+		EVP_MD_CTX_destroy;
-+		OCSP_RESPBYTES_free;
-+		EVP_aes_128_cbc;
-+		OCSP_SINGLERESP_get1_ext_d2i;
-+		EC_POINT_free;
-+		DH_up_ref;
-+		X509_NAME_ENTRY_it;
-+		UI_get_ex_new_index;
-+		BN_mod_sub_quick;
-+		OCSP_ONEREQ_add_ext;
-+		OCSP_request_sign;
-+		EVP_DigestFinal_ex;
-+		ENGINE_set_digests;
-+		OCSP_id_issuer_cmp;
-+		OBJ_NAME_do_all;
-+		EC_POINTs_mul;
-+		ENGINE_register_complete;
-+		X509V3_EXT_nconf_nid;
-+		ASN1_SEQUENCE_it;
-+		UI_set_default_method;
-+		RAND_query_egd_bytes;
-+		UI_method_get_writer;
-+		UI_OpenSSL;
-+		PEM_def_callback;
-+		ENGINE_cleanup;
-+		DIST_POINT_it;
-+		OCSP_SINGLERESP_it;
-+		d2i_KRB5_TKTBODY;
-+		EC_POINT_cmp;
-+		OCSP_REVOKEDINFO_new;
-+		i2d_OCSP_CERTSTATUS;
-+		OCSP_basic_add1_nonce;
-+		ASN1_item_ex_d2i;
-+		BN_mod_lshift1_quick;
-+		UI_set_method;
-+		OCSP_id_get0_info;
-+		BN_mod_sqrt;
-+		EC_GROUP_copy;
-+		KRB5_ENCDATA_free;
-+		_ossl_old_des_cfb_encrypt;
-+		OCSP_SINGLERESP_get_ext_by_OBJ;
-+		OCSP_cert_to_id;
-+		OCSP_RESPID_new;
-+		OCSP_RESPDATA_it;
-+		d2i_OCSP_RESPDATA;
-+		ENGINE_register_all_complete;
-+		OCSP_check_validity;
-+		PKCS12_BAGS_it;
-+		OCSP_url_svcloc_new;
-+		ASN1_template_free;
-+		OCSP_SINGLERESP_add_ext;
-+		KRB5_AUTHENTBODY_it;
-+		X509_supported_extension;
-+		i2d_KRB5_AUTHDATA;
-+		UI_method_get_opener;
-+		ENGINE_set_ex_data;
-+		OCSP_REQUEST_print;
-+		CBIGNUM_it;
-+		KRB5_TICKET_new;
-+		KRB5_APREQ_new;
-+		EC_GROUP_get_curve_GFp;
-+		KRB5_ENCKEY_new;
-+		ASN1_template_d2i;
-+		_ossl_old_des_quad_cksum;
-+		OCSP_single_get0_status;
-+		BN_swap;
-+		POLICYINFO_it;
-+		ENGINE_set_destroy_function;
-+		asn1_enc_free;
-+		OCSP_RESPID_it;
-+		EC_GROUP_new;
-+		EVP_aes_256_cbc;
-+		i2d_KRB5_PRINCNAME;
-+		_ossl_old_des_encrypt2;
-+		_ossl_old_des_encrypt3;
-+		PKCS8_PRIV_KEY_INFO_it;
-+		OCSP_REQINFO_it;
-+		PBEPARAM_it;
-+		KRB5_AUTHENTBODY_new;
-+		X509_CRL_add0_revoked;
-+		EDIPARTYNAME_it;
-+		NETSCAPE_SPKI_it;
-+		UI_get0_test_string;
-+		ENGINE_get_cipher_engine;
-+		ENGINE_register_all_ciphers;
-+		EC_POINT_copy;
-+		BN_kronecker;
-+		_ossl_old_des_ede3_ofb64_encrypt;
-+		_ossl_odes_ede3_ofb64_encrypt;
-+		UI_method_get_reader;
-+		OCSP_BASICRESP_get_ext_count;
-+		ASN1_ENUMERATED_it;
-+		UI_set_result;
-+		i2d_KRB5_TICKET;
-+		X509_print_ex_fp;
-+		EVP_CIPHER_CTX_set_padding;
-+		d2i_OCSP_RESPONSE;
-+		ASN1_UTCTIME_it;
-+		_ossl_old_des_enc_write;
-+		OCSP_RESPONSE_new;
-+		AES_set_encrypt_key;
-+		OCSP_resp_count;
-+		KRB5_CHECKSUM_new;
-+		ENGINE_load_cswift;
-+		OCSP_onereq_get0_id;
-+		ENGINE_set_default_ciphers;
-+		NOTICEREF_it;
-+		X509V3_EXT_CRL_add_nconf;
-+		OCSP_REVOKEDINFO_it;
-+		AES_encrypt;
-+		OCSP_REQUEST_new;
-+		ASN1_ANY_it;
-+		CRYPTO_ex_data_new_class;
-+		_ossl_old_des_ncbc_encrypt;
-+		i2d_KRB5_TKTBODY;
-+		EC_POINT_clear_free;
-+		AES_decrypt;
-+		asn1_enc_init;
-+		UI_get_result_maxsize;
-+		OCSP_CERTID_new;
-+		ENGINE_unregister_RAND;
-+		UI_method_get_closer;
-+		d2i_KRB5_ENCDATA;
-+		OCSP_request_onereq_count;
-+		OCSP_basic_verify;
-+		KRB5_AUTHENTBODY_free;
-+		ASN1_item_d2i;
-+		ASN1_primitive_free;
-+		i2d_EXTENDED_KEY_USAGE;
-+		i2d_OCSP_SIGNATURE;
-+		asn1_enc_save;
-+		ENGINE_load_nuron;
-+		_ossl_old_des_pcbc_encrypt;
-+		PKCS12_MAC_DATA_it;
-+		OCSP_accept_responses_new;
-+		asn1_do_lock;
-+		PKCS7_ATTR_VERIFY_it;
-+		KRB5_APREQBODY_it;
-+		i2d_OCSP_SINGLERESP;
-+		ASN1_item_ex_new;
-+		UI_add_verify_string;
-+		_ossl_old_des_set_key;
-+		KRB5_PRINCNAME_it;
-+		EVP_DecryptInit_ex;
-+		i2d_OCSP_CERTID;
-+		ASN1_item_d2i_bio;
-+		EC_POINT_dbl;
-+		asn1_get_choice_selector;
-+		i2d_KRB5_CHECKSUM;
-+		ENGINE_set_table_flags;
-+		AES_options;
-+		ENGINE_load_chil;
-+		OCSP_id_cmp;
-+		OCSP_BASICRESP_new;
-+		OCSP_REQUEST_get_ext_by_NID;
-+		KRB5_APREQ_it;
-+		ENGINE_get_destroy_function;
-+		CONF_set_nconf;
-+		ASN1_PRINTABLE_free;
-+		OCSP_BASICRESP_get_ext_by_NID;
-+		DIST_POINT_NAME_it;
-+		X509V3_extensions_print;
-+		_ossl_old_des_cfb64_encrypt;
-+		X509_REVOKED_add1_ext_i2d;
-+		_ossl_old_des_ofb_encrypt;
-+		KRB5_TKTBODY_new;
-+		ASN1_OCTET_STRING_it;
-+		ERR_load_UI_strings;
-+		i2d_KRB5_ENCKEY;
-+		ASN1_template_new;
-+		OCSP_SIGNATURE_free;
-+		ASN1_item_i2d_fp;
-+		KRB5_PRINCNAME_free;
-+		PKCS7_RECIP_INFO_it;
-+		EXTENDED_KEY_USAGE_it;
-+		EC_GFp_simple_method;
-+		EC_GROUP_precompute_mult;
-+		OCSP_request_onereq_get0;
-+		UI_method_set_writer;
-+		KRB5_AUTHENT_new;
-+		X509_CRL_INFO_it;
-+		DSO_set_name_converter;
-+		AES_set_decrypt_key;
-+		PKCS7_DIGEST_it;
-+		PKCS12_x5092certbag;
-+		EVP_DigestInit_ex;
-+		i2a_ACCESS_DESCRIPTION;
-+		OCSP_RESPONSE_it;
-+		PKCS7_ENC_CONTENT_it;
-+		OCSP_request_add0_id;
-+		EC_POINT_make_affine;
-+		DSO_get_filename;
-+		OCSP_CERTSTATUS_it;
-+		OCSP_request_add1_cert;
-+		UI_get0_output_string;
-+		UI_dup_verify_string;
-+		BN_mod_lshift;
-+		KRB5_AUTHDATA_it;
-+		asn1_set_choice_selector;
-+		OCSP_basic_add1_status;
-+		OCSP_RESPID_free;
-+		asn1_get_field_ptr;
-+		UI_add_input_string;
-+		OCSP_CRLID_it;
-+		i2d_KRB5_AUTHENTBODY;
-+		OCSP_REQUEST_get_ext_count;
-+		ENGINE_load_atalla;
-+		X509_NAME_it;
-+		USERNOTICE_it;
-+		OCSP_REQINFO_new;
-+		OCSP_BASICRESP_get_ext;
-+		CRYPTO_get_ex_data_implementation;
-+		CRYPTO_get_ex_data_impl;
-+		ASN1_item_pack;
-+		i2d_KRB5_ENCDATA;
-+		X509_PURPOSE_set;
-+		X509_REQ_INFO_it;
-+		UI_method_set_opener;
-+		ASN1_item_ex_free;
-+		ASN1_BOOLEAN_it;
-+		ENGINE_get_table_flags;
-+		UI_create_method;
-+		OCSP_ONEREQ_add1_ext_i2d;
-+		_shadow_DES_check_key;
-+		d2i_OCSP_REQINFO;
-+		UI_add_info_string;
-+		UI_get_result_minsize;
-+		ASN1_NULL_it;
-+		BN_mod_lshift1;
-+		d2i_OCSP_ONEREQ;
-+		OCSP_ONEREQ_new;
-+		KRB5_TICKET_it;
-+		EVP_aes_192_cbc;
-+		KRB5_TICKET_free;
-+		UI_new;
-+		OCSP_response_create;
-+		_ossl_old_des_xcbc_encrypt;
-+		PKCS7_it;
-+		OCSP_REQUEST_get_ext_by_critical;
-+		OCSP_REQUEST_get_ext_by_crit;
-+		ENGINE_set_flags;
-+		_ossl_old_des_ecb_encrypt;
-+		OCSP_response_get1_basic;
-+		EVP_Digest;
-+		OCSP_ONEREQ_delete_ext;
-+		ASN1_TBOOLEAN_it;
-+		ASN1_item_new;
-+		ASN1_TIME_to_generalizedtime;
-+		BIGNUM_it;
-+		AES_cbc_encrypt;
-+		ENGINE_get_load_privkey_function;
-+		ENGINE_get_load_privkey_fn;
-+		OCSP_RESPONSE_free;
-+		UI_method_set_reader;
-+		i2d_ASN1_T61STRING;
-+		EC_POINT_set_to_infinity;
-+		ERR_load_OCSP_strings;
-+		EC_POINT_point2oct;
-+		KRB5_APREQ_free;
-+		ASN1_OBJECT_it;
-+		OCSP_crlID_new;
-+		OCSP_crlID2_new;
-+		CONF_modules_load_file;
-+		CONF_imodule_set_usr_data;
-+		ENGINE_set_default_string;
-+		CONF_module_get_usr_data;
-+		ASN1_add_oid_module;
-+		CONF_modules_finish;
-+		OPENSSL_config;
-+		CONF_modules_unload;
-+		CONF_imodule_get_value;
-+		CONF_module_set_usr_data;
-+		CONF_parse_list;
-+		CONF_module_add;
-+		CONF_get1_default_config_file;
-+		CONF_imodule_get_flags;
-+		CONF_imodule_get_module;
-+		CONF_modules_load;
-+		CONF_imodule_get_name;
-+		ERR_peek_top_error;
-+		CONF_imodule_get_usr_data;
-+		CONF_imodule_set_flags;
-+		ENGINE_add_conf_module;
-+		ERR_peek_last_error_line;
-+		ERR_peek_last_error_line_data;
-+		ERR_peek_last_error;
-+		DES_read_2passwords;
-+		DES_read_password;
-+		UI_UTIL_read_pw;
-+		UI_UTIL_read_pw_string;
-+		ENGINE_load_aep;
-+		ENGINE_load_sureware;
-+		OPENSSL_add_all_algorithms_noconf;
-+		OPENSSL_add_all_algo_noconf;
-+		OPENSSL_add_all_algorithms_conf;
-+		OPENSSL_add_all_algo_conf;
-+		OPENSSL_load_builtin_modules;
-+		AES_ofb128_encrypt;
-+		AES_ctr128_encrypt;
-+		AES_cfb128_encrypt;
-+		ENGINE_load_4758cca;
-+		_ossl_096_des_random_seed;
-+		EVP_aes_256_ofb;
-+		EVP_aes_192_ofb;
-+		EVP_aes_128_cfb128;
-+		EVP_aes_256_cfb128;
-+		EVP_aes_128_ofb;
-+		EVP_aes_192_cfb128;
-+		CONF_modules_free;
-+		NCONF_default;
-+		OPENSSL_no_config;
-+		NCONF_WIN32;
-+		ASN1_UNIVERSALSTRING_new;
-+		EVP_des_ede_ecb;
-+		i2d_ASN1_UNIVERSALSTRING;
-+		ASN1_UNIVERSALSTRING_free;
-+		ASN1_UNIVERSALSTRING_it;
-+		d2i_ASN1_UNIVERSALSTRING;
-+		EVP_des_ede3_ecb;
-+		X509_REQ_print_ex;
-+		ENGINE_up_ref;
-+		BUF_MEM_grow_clean;
-+		CRYPTO_realloc_clean;
-+		BUF_strlcat;
-+		BIO_indent;
-+		BUF_strlcpy;
-+		OpenSSLDie;
-+		OPENSSL_cleanse;
-+		ENGINE_setup_bsd_cryptodev;
-+		ERR_release_err_state_table;
-+		EVP_aes_128_cfb8;
-+		FIPS_corrupt_rsa;
-+		FIPS_selftest_des;
-+		EVP_aes_128_cfb1;
-+		EVP_aes_192_cfb8;
-+		FIPS_mode_set;
-+		FIPS_selftest_dsa;
-+		EVP_aes_256_cfb8;
-+		FIPS_allow_md5;
-+		DES_ede3_cfb_encrypt;
-+		EVP_des_ede3_cfb8;
-+		FIPS_rand_seeded;
-+		AES_cfbr_encrypt_block;
-+		AES_cfb8_encrypt;
-+		FIPS_rand_seed;
-+		FIPS_corrupt_des;
-+		EVP_aes_192_cfb1;
-+		FIPS_selftest_aes;
-+		FIPS_set_prng_key;
-+		EVP_des_cfb8;
-+		FIPS_corrupt_dsa;
-+		FIPS_test_mode;
-+		FIPS_rand_method;
-+		EVP_aes_256_cfb1;
-+		ERR_load_FIPS_strings;
-+		FIPS_corrupt_aes;
-+		FIPS_selftest_sha1;
-+		FIPS_selftest_rsa;
-+		FIPS_corrupt_sha1;
-+		EVP_des_cfb1;
-+		FIPS_dsa_check;
-+		AES_cfb1_encrypt;
-+		EVP_des_ede3_cfb1;
-+		FIPS_rand_check;
-+		FIPS_md5_allowed;
-+		FIPS_mode;
-+		FIPS_selftest_failed;
-+		sk_is_sorted;
-+		X509_check_ca;
-+		HMAC_CTX_set_flags;
-+		d2i_PROXY_CERT_INFO_EXTENSION;
-+		PROXY_POLICY_it;
-+		i2d_PROXY_POLICY;
-+		i2d_PROXY_CERT_INFO_EXTENSION;
-+		d2i_PROXY_POLICY;
-+		PROXY_CERT_INFO_EXTENSION_new;
-+		PROXY_CERT_INFO_EXTENSION_free;
-+		PROXY_CERT_INFO_EXTENSION_it;
-+		PROXY_POLICY_free;
-+		PROXY_POLICY_new;
-+		BN_MONT_CTX_set_locked;
-+		FIPS_selftest_rng;
-+		EVP_sha384;
-+		EVP_sha512;
-+		EVP_sha224;
-+		EVP_sha256;
-+		FIPS_selftest_hmac;
-+		FIPS_corrupt_rng;
-+		BN_mod_exp_mont_consttime;
-+		RSA_X931_hash_id;
-+		RSA_padding_check_X931;
-+		RSA_verify_PKCS1_PSS;
-+		RSA_padding_add_X931;
-+		RSA_padding_add_PKCS1_PSS;
-+		PKCS1_MGF1;
-+		BN_X931_generate_Xpq;
-+		RSA_X931_generate_key;
-+		BN_X931_derive_prime;
-+		BN_X931_generate_prime;
-+		RSA_X931_derive;
-+		BIO_new_dgram;
-+		BN_get0_nist_prime_384;
-+		ERR_set_mark;
-+		X509_STORE_CTX_set0_crls;
-+		ENGINE_set_STORE;
-+		ENGINE_register_ECDSA;
-+		STORE_meth_set_list_start_fn;
-+		STORE_method_set_list_start_function;
-+		BN_BLINDING_invert_ex;
-+		NAME_CONSTRAINTS_free;
-+		STORE_ATTR_INFO_set_number;
-+		BN_BLINDING_get_thread_id;
-+		X509_STORE_CTX_set0_param;
-+		POLICY_MAPPING_it;
-+		STORE_parse_attrs_start;
-+		POLICY_CONSTRAINTS_free;
-+		EVP_PKEY_add1_attr_by_NID;
-+		BN_nist_mod_192;
-+		EC_GROUP_get_trinomial_basis;
-+		STORE_set_method;
-+		GENERAL_SUBTREE_free;
-+		NAME_CONSTRAINTS_it;
-+		ECDH_get_default_method;
-+		PKCS12_add_safe;
-+		EC_KEY_new_by_curve_name;
-+		STORE_meth_get_update_store_fn;
-+		STORE_method_get_update_store_function;
-+		ENGINE_register_ECDH;
-+		SHA512_Update;
-+		i2d_ECPrivateKey;
-+		BN_get0_nist_prime_192;
-+		STORE_modify_certificate;
-+		EC_POINT_set_affine_coordinates_GF2m;
-+		EC_POINT_set_affine_coords_GF2m;
-+		BN_GF2m_mod_exp_arr;
-+		STORE_ATTR_INFO_modify_number;
-+		X509_keyid_get0;
-+		ENGINE_load_gmp;
-+		pitem_new;
-+		BN_GF2m_mod_mul_arr;
-+		STORE_list_public_key_endp;
-+		o2i_ECPublicKey;
-+		EC_KEY_copy;
-+		BIO_dump_fp;
-+		X509_policy_node_get0_parent;
-+		EC_GROUP_check_discriminant;
-+		i2o_ECPublicKey;
-+		EC_KEY_precompute_mult;
-+		a2i_IPADDRESS;
-+		STORE_meth_set_initialise_fn;
-+		STORE_method_set_initialise_function;
-+		X509_STORE_CTX_set_depth;
-+		X509_VERIFY_PARAM_inherit;
-+		EC_POINT_point2bn;
-+		STORE_ATTR_INFO_set_dn;
-+		X509_policy_tree_get0_policies;
-+		EC_GROUP_new_curve_GF2m;
-+		STORE_destroy_method;
-+		ENGINE_unregister_STORE;
-+		EVP_PKEY_get1_EC_KEY;
-+		STORE_ATTR_INFO_get0_number;
-+		ENGINE_get_default_ECDH;
-+		EC_KEY_get_conv_form;
-+		ASN1_OCTET_STRING_NDEF_it;
-+		STORE_delete_public_key;
-+		STORE_get_public_key;
-+		STORE_modify_arbitrary;
-+		ENGINE_get_static_state;
-+		pqueue_iterator;
-+		ECDSA_SIG_new;
-+		OPENSSL_DIR_end;
-+		BN_GF2m_mod_sqr;
-+		EC_POINT_bn2point;
-+		X509_VERIFY_PARAM_set_depth;
-+		EC_KEY_set_asn1_flag;
-+		STORE_get_method;
-+		EC_KEY_get_key_method_data;
-+		ECDSA_sign_ex;
-+		STORE_parse_attrs_end;
-+		EC_GROUP_get_point_conversion_form;
-+		EC_GROUP_get_point_conv_form;
-+		STORE_method_set_store_function;
-+		STORE_ATTR_INFO_in;
-+		PEM_read_bio_ECPKParameters;
-+		EC_GROUP_get_pentanomial_basis;
-+		EVP_PKEY_add1_attr_by_txt;
-+		BN_BLINDING_set_flags;
-+		X509_VERIFY_PARAM_set1_policies;
-+		X509_VERIFY_PARAM_set1_name;
-+		X509_VERIFY_PARAM_set_purpose;
-+		STORE_get_number;
-+		ECDSA_sign_setup;
-+		BN_GF2m_mod_solve_quad_arr;
-+		EC_KEY_up_ref;
-+		POLICY_MAPPING_free;
-+		BN_GF2m_mod_div;
-+		X509_VERIFY_PARAM_set_flags;
-+		EC_KEY_free;
-+		STORE_meth_set_list_next_fn;
-+		STORE_method_set_list_next_function;
-+		PEM_write_bio_ECPrivateKey;
-+		d2i_EC_PUBKEY;
-+		STORE_meth_get_generate_fn;
-+		STORE_method_get_generate_function;
-+		STORE_meth_set_list_end_fn;
-+		STORE_method_set_list_end_function;
-+		pqueue_print;
-+		EC_GROUP_have_precompute_mult;
-+		EC_KEY_print_fp;
-+		BN_GF2m_mod_arr;
-+		PEM_write_bio_X509_CERT_PAIR;
-+		EVP_PKEY_cmp;
-+		X509_policy_level_node_count;
-+		STORE_new_engine;
-+		STORE_list_public_key_start;
-+		X509_VERIFY_PARAM_new;
-+		ECDH_get_ex_data;
-+		EVP_PKEY_get_attr;
-+		ECDSA_do_sign;
-+		ENGINE_unregister_ECDH;
-+		ECDH_OpenSSL;
-+		EC_KEY_set_conv_form;
-+		EC_POINT_dup;
-+		GENERAL_SUBTREE_new;
-+		STORE_list_crl_endp;
-+		EC_get_builtin_curves;
-+		X509_policy_node_get0_qualifiers;
-+		X509_pcy_node_get0_qualifiers;
-+		STORE_list_crl_end;
-+		EVP_PKEY_set1_EC_KEY;
-+		BN_GF2m_mod_sqrt_arr;
-+		i2d_ECPrivateKey_bio;
-+		ECPKParameters_print_fp;
-+		pqueue_find;
-+		ECDSA_SIG_free;
-+		PEM_write_bio_ECPKParameters;
-+		STORE_method_set_ctrl_function;
-+		STORE_list_public_key_end;
-+		EC_KEY_set_private_key;
-+		pqueue_peek;
-+		STORE_get_arbitrary;
-+		STORE_store_crl;
-+		X509_policy_node_get0_policy;
-+		PKCS12_add_safes;
-+		BN_BLINDING_convert_ex;
-+		X509_policy_tree_free;
-+		OPENSSL_ia32cap_loc;
-+		BN_GF2m_poly2arr;
-+		STORE_ctrl;
-+		STORE_ATTR_INFO_compare;
-+		BN_get0_nist_prime_224;
-+		i2d_ECParameters;
-+		i2d_ECPKParameters;
-+		BN_GENCB_call;
-+		d2i_ECPKParameters;
-+		STORE_meth_set_generate_fn;
-+		STORE_method_set_generate_function;
-+		ENGINE_set_ECDH;
-+		NAME_CONSTRAINTS_new;
-+		SHA256_Init;
-+		EC_KEY_get0_public_key;
-+		PEM_write_bio_EC_PUBKEY;
-+		STORE_ATTR_INFO_set_cstr;
-+		STORE_list_crl_next;
-+		STORE_ATTR_INFO_in_range;
-+		ECParameters_print;
-+		STORE_meth_set_delete_fn;
-+		STORE_method_set_delete_function;
-+		STORE_list_certificate_next;
-+		ASN1_generate_nconf;
-+		BUF_memdup;
-+		BN_GF2m_mod_mul;
-+		STORE_meth_get_list_next_fn;
-+		STORE_method_get_list_next_function;
-+		STORE_ATTR_INFO_get0_dn;
-+		STORE_list_private_key_next;
-+		EC_GROUP_set_seed;
-+		X509_VERIFY_PARAM_set_trust;
-+		STORE_ATTR_INFO_free;
-+		STORE_get_private_key;
-+		EVP_PKEY_get_attr_count;
-+		STORE_ATTR_INFO_new;
-+		EC_GROUP_get_curve_GF2m;
-+		STORE_meth_set_revoke_fn;
-+		STORE_method_set_revoke_function;
-+		STORE_store_number;
-+		BN_is_prime_ex;
-+		STORE_revoke_public_key;
-+		X509_STORE_CTX_get0_param;
-+		STORE_delete_arbitrary;
-+		PEM_read_X509_CERT_PAIR;
-+		X509_STORE_set_depth;
-+		ECDSA_get_ex_data;
-+		SHA224;
-+		BIO_dump_indent_fp;
-+		EC_KEY_set_group;
-+		BUF_strndup;
-+		STORE_list_certificate_start;
-+		BN_GF2m_mod;
-+		X509_REQ_check_private_key;
-+		EC_GROUP_get_seed_len;
-+		ERR_load_STORE_strings;
-+		PEM_read_bio_EC_PUBKEY;
-+		STORE_list_private_key_end;
-+		i2d_EC_PUBKEY;
-+		ECDSA_get_default_method;
-+		ASN1_put_eoc;
-+		X509_STORE_CTX_get_explicit_policy;
-+		X509_STORE_CTX_get_expl_policy;
-+		X509_VERIFY_PARAM_table_cleanup;
-+		STORE_modify_private_key;
-+		X509_VERIFY_PARAM_free;
-+		EC_METHOD_get_field_type;
-+		EC_GFp_nist_method;
-+		STORE_meth_set_modify_fn;
-+		STORE_method_set_modify_function;
-+		STORE_parse_attrs_next;
-+		ENGINE_load_padlock;
-+		EC_GROUP_set_curve_name;
-+		X509_CERT_PAIR_it;
-+		STORE_meth_get_revoke_fn;
-+		STORE_method_get_revoke_function;
-+		STORE_method_set_get_function;
-+		STORE_modify_number;
-+		STORE_method_get_store_function;
-+		STORE_store_private_key;
-+		BN_GF2m_mod_sqr_arr;
-+		RSA_setup_blinding;
-+		BIO_s_datagram;
-+		STORE_Memory;
-+		sk_find_ex;
-+		EC_GROUP_set_curve_GF2m;
-+		ENGINE_set_default_ECDSA;
-+		POLICY_CONSTRAINTS_new;
-+		BN_GF2m_mod_sqrt;
-+		ECDH_set_default_method;
-+		EC_KEY_generate_key;
-+		SHA384_Update;
-+		BN_GF2m_arr2poly;
-+		STORE_method_get_get_function;
-+		STORE_meth_set_cleanup_fn;
-+		STORE_method_set_cleanup_function;
-+		EC_GROUP_check;
-+		d2i_ECPrivateKey_bio;
-+		EC_KEY_insert_key_method_data;
-+		STORE_meth_get_lock_store_fn;
-+		STORE_method_get_lock_store_function;
-+		X509_VERIFY_PARAM_get_depth;
-+		SHA224_Final;
-+		STORE_meth_set_update_store_fn;
-+		STORE_method_set_update_store_function;
-+		SHA224_Update;
-+		d2i_ECPrivateKey;
-+		ASN1_item_ndef_i2d;
-+		STORE_delete_private_key;
-+		ERR_pop_to_mark;
-+		ENGINE_register_all_STORE;
-+		X509_policy_level_get0_node;
-+		i2d_PKCS7_NDEF;
-+		EC_GROUP_get_degree;
-+		ASN1_generate_v3;
-+		STORE_ATTR_INFO_modify_cstr;
-+		X509_policy_tree_level_count;
-+		BN_GF2m_add;
-+		EC_KEY_get0_group;
-+		STORE_generate_crl;
-+		STORE_store_public_key;
-+		X509_CERT_PAIR_free;
-+		STORE_revoke_private_key;
-+		BN_nist_mod_224;
-+		SHA512_Final;
-+		STORE_ATTR_INFO_modify_dn;
-+		STORE_meth_get_initialise_fn;
-+		STORE_method_get_initialise_function;
-+		STORE_delete_number;
-+		i2d_EC_PUBKEY_bio;
-+		BIO_dgram_non_fatal_error;
-+		EC_GROUP_get_asn1_flag;
-+		STORE_ATTR_INFO_in_ex;
-+		STORE_list_crl_start;
-+		ECDH_get_ex_new_index;
-+		STORE_meth_get_modify_fn;
-+		STORE_method_get_modify_function;
-+		v2i_ASN1_BIT_STRING;
-+		STORE_store_certificate;
-+		OBJ_bsearch_ex;
-+		X509_STORE_CTX_set_default;
-+		STORE_ATTR_INFO_set_sha1str;
-+		BN_GF2m_mod_inv;
-+		BN_GF2m_mod_exp;
-+		STORE_modify_public_key;
-+		STORE_meth_get_list_start_fn;
-+		STORE_method_get_list_start_function;
-+		EC_GROUP_get0_seed;
-+		STORE_store_arbitrary;
-+		STORE_meth_set_unlock_store_fn;
-+		STORE_method_set_unlock_store_function;
-+		BN_GF2m_mod_div_arr;
-+		ENGINE_set_ECDSA;
-+		STORE_create_method;
-+		ECPKParameters_print;
-+		EC_KEY_get0_private_key;
-+		PEM_write_EC_PUBKEY;
-+		X509_VERIFY_PARAM_set1;
-+		ECDH_set_method;
-+		v2i_GENERAL_NAME_ex;
-+		ECDH_set_ex_data;
-+		STORE_generate_key;
-+		BN_nist_mod_521;
-+		X509_policy_tree_get0_level;
-+		EC_GROUP_set_point_conversion_form;
-+		EC_GROUP_set_point_conv_form;
-+		PEM_read_EC_PUBKEY;
-+		i2d_ECDSA_SIG;
-+		ECDSA_OpenSSL;
-+		STORE_delete_crl;
-+		EC_KEY_get_enc_flags;
-+		ASN1_const_check_infinite_end;
-+		EVP_PKEY_delete_attr;
-+		ECDSA_set_default_method;
-+		EC_POINT_set_compressed_coordinates_GF2m;
-+		EC_POINT_set_compr_coords_GF2m;
-+		EC_GROUP_cmp;
-+		STORE_revoke_certificate;
-+		BN_get0_nist_prime_256;
-+		STORE_meth_get_delete_fn;
-+		STORE_method_get_delete_function;
-+		SHA224_Init;
-+		PEM_read_ECPrivateKey;
-+		SHA512_Init;
-+		STORE_parse_attrs_endp;
-+		BN_set_negative;
-+		ERR_load_ECDSA_strings;
-+		EC_GROUP_get_basis_type;
-+		STORE_list_public_key_next;
-+		i2v_ASN1_BIT_STRING;
-+		STORE_OBJECT_free;
-+		BN_nist_mod_384;
-+		i2d_X509_CERT_PAIR;
-+		PEM_write_ECPKParameters;
-+		ECDH_compute_key;
-+		STORE_ATTR_INFO_get0_sha1str;
-+		ENGINE_register_all_ECDH;
-+		pqueue_pop;
-+		STORE_ATTR_INFO_get0_cstr;
-+		POLICY_CONSTRAINTS_it;
-+		STORE_get_ex_new_index;
-+		EVP_PKEY_get_attr_by_OBJ;
-+		X509_VERIFY_PARAM_add0_policy;
-+		BN_GF2m_mod_solve_quad;
-+		SHA256;
-+		i2d_ECPrivateKey_fp;
-+		X509_policy_tree_get0_user_policies;
-+		X509_pcy_tree_get0_usr_policies;
-+		OPENSSL_DIR_read;
-+		ENGINE_register_all_ECDSA;
-+		X509_VERIFY_PARAM_lookup;
-+		EC_POINT_get_affine_coordinates_GF2m;
-+		EC_POINT_get_affine_coords_GF2m;
-+		EC_GROUP_dup;
-+		ENGINE_get_default_ECDSA;
-+		EC_KEY_new;
-+		SHA256_Transform;
-+		EC_KEY_set_enc_flags;
-+		ECDSA_verify;
-+		EC_POINT_point2hex;
-+		ENGINE_get_STORE;
-+		SHA512;
-+		STORE_get_certificate;
-+		ECDSA_do_sign_ex;
-+		ECDSA_do_verify;
-+		d2i_ECPrivateKey_fp;
-+		STORE_delete_certificate;
-+		SHA512_Transform;
-+		X509_STORE_set1_param;
-+		STORE_method_get_ctrl_function;
-+		STORE_free;
-+		PEM_write_ECPrivateKey;
-+		STORE_meth_get_unlock_store_fn;
-+		STORE_method_get_unlock_store_function;
-+		STORE_get_ex_data;
-+		EC_KEY_set_public_key;
-+		PEM_read_ECPKParameters;
-+		X509_CERT_PAIR_new;
-+		ENGINE_register_STORE;
-+		RSA_generate_key_ex;
-+		DSA_generate_parameters_ex;
-+		ECParameters_print_fp;
-+		X509V3_NAME_from_section;
-+		EVP_PKEY_add1_attr;
-+		STORE_modify_crl;
-+		STORE_list_private_key_start;
-+		POLICY_MAPPINGS_it;
-+		GENERAL_SUBTREE_it;
-+		EC_GROUP_get_curve_name;
-+		PEM_write_X509_CERT_PAIR;
-+		BIO_dump_indent_cb;
-+		d2i_X509_CERT_PAIR;
-+		STORE_list_private_key_endp;
-+		asn1_const_Finish;
-+		i2d_EC_PUBKEY_fp;
-+		BN_nist_mod_256;
-+		X509_VERIFY_PARAM_add0_table;
-+		pqueue_free;
-+		BN_BLINDING_create_param;
-+		ECDSA_size;
-+		d2i_EC_PUBKEY_bio;
-+		BN_get0_nist_prime_521;
-+		STORE_ATTR_INFO_modify_sha1str;
-+		BN_generate_prime_ex;
-+		EC_GROUP_new_by_curve_name;
-+		SHA256_Final;
-+		DH_generate_parameters_ex;
-+		PEM_read_bio_ECPrivateKey;
-+		STORE_meth_get_cleanup_fn;
-+		STORE_method_get_cleanup_function;
-+		ENGINE_get_ECDH;
-+		d2i_ECDSA_SIG;
-+		BN_is_prime_fasttest_ex;
-+		ECDSA_sign;
-+		X509_policy_check;
-+		EVP_PKEY_get_attr_by_NID;
-+		STORE_set_ex_data;
-+		ENGINE_get_ECDSA;
-+		EVP_ecdsa;
-+		BN_BLINDING_get_flags;
-+		PKCS12_add_cert;
-+		STORE_OBJECT_new;
-+		ERR_load_ECDH_strings;
-+		EC_KEY_dup;
-+		EVP_CIPHER_CTX_rand_key;
-+		ECDSA_set_method;
-+		a2i_IPADDRESS_NC;
-+		d2i_ECParameters;
-+		STORE_list_certificate_end;
-+		STORE_get_crl;
-+		X509_POLICY_NODE_print;
-+		SHA384_Init;
-+		EC_GF2m_simple_method;
-+		ECDSA_set_ex_data;
-+		SHA384_Final;
-+		PKCS7_set_digest;
-+		EC_KEY_print;
-+		STORE_meth_set_lock_store_fn;
-+		STORE_method_set_lock_store_function;
-+		ECDSA_get_ex_new_index;
-+		SHA384;
-+		POLICY_MAPPING_new;
-+		STORE_list_certificate_endp;
-+		X509_STORE_CTX_get0_policy_tree;
-+		EC_GROUP_set_asn1_flag;
-+		EC_KEY_check_key;
-+		d2i_EC_PUBKEY_fp;
-+		PKCS7_set0_type_other;
-+		PEM_read_bio_X509_CERT_PAIR;
-+		pqueue_next;
-+		STORE_meth_get_list_end_fn;
-+		STORE_method_get_list_end_function;
-+		EVP_PKEY_add1_attr_by_OBJ;
-+		X509_VERIFY_PARAM_set_time;
-+		pqueue_new;
-+		ENGINE_set_default_ECDH;
-+		STORE_new_method;
-+		PKCS12_add_key;
-+		DSO_merge;
-+		EC_POINT_hex2point;
-+		BIO_dump_cb;
-+		SHA256_Update;
-+		pqueue_insert;
-+		pitem_free;
-+		BN_GF2m_mod_inv_arr;
-+		ENGINE_unregister_ECDSA;
-+		BN_BLINDING_set_thread_id;
-+		get_rfc3526_prime_8192;
-+		X509_VERIFY_PARAM_clear_flags;
-+		get_rfc2409_prime_1024;
-+		DH_check_pub_key;
-+		get_rfc3526_prime_2048;
-+		get_rfc3526_prime_6144;
-+		get_rfc3526_prime_1536;
-+		get_rfc3526_prime_3072;
-+		get_rfc3526_prime_4096;
-+		get_rfc2409_prime_768;
-+		X509_VERIFY_PARAM_get_flags;
-+		EVP_CIPHER_CTX_new;
-+		EVP_CIPHER_CTX_free;
-+		Camellia_cbc_encrypt;
-+		Camellia_cfb128_encrypt;
-+		Camellia_cfb1_encrypt;
-+		Camellia_cfb8_encrypt;
-+		Camellia_ctr128_encrypt;
-+		Camellia_cfbr_encrypt_block;
-+		Camellia_decrypt;
-+		Camellia_ecb_encrypt;
-+		Camellia_encrypt;
-+		Camellia_ofb128_encrypt;
-+		Camellia_set_key;
-+		EVP_camellia_128_cbc;
-+		EVP_camellia_128_cfb128;
-+		EVP_camellia_128_cfb1;
-+		EVP_camellia_128_cfb8;
-+		EVP_camellia_128_ecb;
-+		EVP_camellia_128_ofb;
-+		EVP_camellia_192_cbc;
-+		EVP_camellia_192_cfb128;
-+		EVP_camellia_192_cfb1;
-+		EVP_camellia_192_cfb8;
-+		EVP_camellia_192_ecb;
-+		EVP_camellia_192_ofb;
-+		EVP_camellia_256_cbc;
-+		EVP_camellia_256_cfb128;
-+		EVP_camellia_256_cfb1;
-+		EVP_camellia_256_cfb8;
-+		EVP_camellia_256_ecb;
-+		EVP_camellia_256_ofb;
-+		a2i_ipadd;
-+		ASIdentifiers_free;
-+		i2d_ASIdOrRange;
-+		EVP_CIPHER_block_size;
-+		v3_asid_is_canonical;
-+		IPAddressChoice_free;
-+		EVP_CIPHER_CTX_set_app_data;
-+		BIO_set_callback_arg;
-+		v3_addr_add_prefix;
-+		IPAddressOrRange_it;
-+		BIO_set_flags;
-+		ASIdentifiers_it;
-+		v3_addr_get_range;
-+		BIO_method_type;
-+		v3_addr_inherits;
-+		IPAddressChoice_it;
-+		AES_ige_encrypt;
-+		v3_addr_add_range;
-+		EVP_CIPHER_CTX_nid;
-+		d2i_ASRange;
-+		v3_addr_add_inherit;
-+		v3_asid_add_id_or_range;
-+		v3_addr_validate_resource_set;
-+		EVP_CIPHER_iv_length;
-+		EVP_MD_type;
-+		v3_asid_canonize;
-+		IPAddressRange_free;
-+		v3_asid_add_inherit;
-+		EVP_CIPHER_CTX_key_length;
-+		IPAddressRange_new;
-+		ASIdOrRange_new;
-+		EVP_MD_size;
-+		EVP_MD_CTX_test_flags;
-+		BIO_clear_flags;
-+		i2d_ASRange;
-+		IPAddressRange_it;
-+		IPAddressChoice_new;
-+		ASIdentifierChoice_new;
-+		ASRange_free;
-+		EVP_MD_pkey_type;
-+		EVP_MD_CTX_clear_flags;
-+		IPAddressFamily_free;
-+		i2d_IPAddressFamily;
-+		IPAddressOrRange_new;
-+		EVP_CIPHER_flags;
-+		v3_asid_validate_resource_set;
-+		d2i_IPAddressRange;
-+		AES_bi_ige_encrypt;
-+		BIO_get_callback;
-+		IPAddressOrRange_free;
-+		v3_addr_subset;
-+		d2i_IPAddressFamily;
-+		v3_asid_subset;
-+		BIO_test_flags;
-+		i2d_ASIdentifierChoice;
-+		ASRange_it;
-+		d2i_ASIdentifiers;
-+		ASRange_new;
-+		d2i_IPAddressChoice;
-+		v3_addr_get_afi;
-+		EVP_CIPHER_key_length;
-+		EVP_Cipher;
-+		i2d_IPAddressOrRange;
-+		ASIdOrRange_it;
-+		EVP_CIPHER_nid;
-+		i2d_IPAddressChoice;
-+		EVP_CIPHER_CTX_block_size;
-+		ASIdentifiers_new;
-+		v3_addr_validate_path;
-+		IPAddressFamily_new;
-+		EVP_MD_CTX_set_flags;
-+		v3_addr_is_canonical;
-+		i2d_IPAddressRange;
-+		IPAddressFamily_it;
-+		v3_asid_inherits;
-+		EVP_CIPHER_CTX_cipher;
-+		EVP_CIPHER_CTX_get_app_data;
-+		EVP_MD_block_size;
-+		EVP_CIPHER_CTX_flags;
-+		v3_asid_validate_path;
-+		d2i_IPAddressOrRange;
-+		v3_addr_canonize;
-+		ASIdentifierChoice_it;
-+		EVP_MD_CTX_md;
-+		d2i_ASIdentifierChoice;
-+		BIO_method_name;
-+		EVP_CIPHER_CTX_iv_length;
-+		ASIdOrRange_free;
-+		ASIdentifierChoice_free;
-+		BIO_get_callback_arg;
-+		BIO_set_callback;
-+		d2i_ASIdOrRange;
-+		i2d_ASIdentifiers;
-+		SEED_decrypt;
-+		SEED_encrypt;
-+		SEED_cbc_encrypt;
-+		EVP_seed_ofb;
-+		SEED_cfb128_encrypt;
-+		SEED_ofb128_encrypt;
-+		EVP_seed_cbc;
-+		SEED_ecb_encrypt;
-+		EVP_seed_ecb;
-+		SEED_set_key;
-+		EVP_seed_cfb128;
-+		X509_EXTENSIONS_it;
-+		X509_get1_ocsp;
-+		OCSP_REQ_CTX_free;
-+		i2d_X509_EXTENSIONS;
-+		OCSP_sendreq_nbio;
-+		OCSP_sendreq_new;
-+		d2i_X509_EXTENSIONS;
-+		X509_ALGORS_it;
-+		X509_ALGOR_get0;
-+		X509_ALGOR_set0;
-+		AES_unwrap_key;
-+		AES_wrap_key;
-+		X509at_get0_data_by_OBJ;
-+		ASN1_TYPE_set1;
-+		ASN1_STRING_set0;
-+		i2d_X509_ALGORS;
-+		BIO_f_zlib;
-+		COMP_zlib_cleanup;
-+		d2i_X509_ALGORS;
-+		CMS_ReceiptRequest_free;
-+		PEM_write_CMS;
-+		CMS_add0_CertificateChoices;
-+		CMS_unsigned_add1_attr_by_OBJ;
-+		ERR_load_CMS_strings;
-+		CMS_sign_receipt;
-+		i2d_CMS_ContentInfo;
-+		CMS_signed_delete_attr;
-+		d2i_CMS_bio;
-+		CMS_unsigned_get_attr_by_NID;
-+		CMS_verify;
-+		SMIME_read_CMS;
-+		CMS_decrypt_set1_key;
-+		CMS_SignerInfo_get0_algs;
-+		CMS_add1_cert;
-+		CMS_set_detached;
-+		CMS_encrypt;
-+		CMS_EnvelopedData_create;
-+		CMS_uncompress;
-+		CMS_add0_crl;
-+		CMS_SignerInfo_verify_content;
-+		CMS_unsigned_get0_data_by_OBJ;
-+		PEM_write_bio_CMS;
-+		CMS_unsigned_get_attr;
-+		CMS_RecipientInfo_ktri_cert_cmp;
-+		CMS_RecipientInfo_ktri_get0_algs;
-+		CMS_RecipInfo_ktri_get0_algs;
-+		CMS_ContentInfo_free;
-+		CMS_final;
-+		CMS_add_simple_smimecap;
-+		CMS_SignerInfo_verify;
-+		CMS_data;
-+		CMS_ContentInfo_it;
-+		d2i_CMS_ReceiptRequest;
-+		CMS_compress;
-+		CMS_digest_create;
-+		CMS_SignerInfo_cert_cmp;
-+		CMS_SignerInfo_sign;
-+		CMS_data_create;
-+		i2d_CMS_bio;
-+		CMS_EncryptedData_set1_key;
-+		CMS_decrypt;
-+		int_smime_write_ASN1;
-+		CMS_unsigned_delete_attr;
-+		CMS_unsigned_get_attr_count;
-+		CMS_add_smimecap;
-+		PEM_read_CMS;
-+		CMS_signed_get_attr_by_OBJ;
-+		d2i_CMS_ContentInfo;
-+		CMS_add_standard_smimecap;
-+		CMS_ContentInfo_new;
-+		CMS_RecipientInfo_type;
-+		CMS_get0_type;
-+		CMS_is_detached;
-+		CMS_sign;
-+		CMS_signed_add1_attr;
-+		CMS_unsigned_get_attr_by_OBJ;
-+		SMIME_write_CMS;
-+		CMS_EncryptedData_decrypt;
-+		CMS_get0_RecipientInfos;
-+		CMS_add0_RevocationInfoChoice;
-+		CMS_decrypt_set1_pkey;
-+		CMS_SignerInfo_set1_signer_cert;
-+		CMS_get0_signers;
-+		CMS_ReceiptRequest_get0_values;
-+		CMS_signed_get0_data_by_OBJ;
-+		CMS_get0_SignerInfos;
-+		CMS_add0_cert;
-+		CMS_EncryptedData_encrypt;
-+		CMS_digest_verify;
-+		CMS_set1_signers_certs;
-+		CMS_signed_get_attr;
-+		CMS_RecipientInfo_set0_key;
-+		CMS_SignedData_init;
-+		CMS_RecipientInfo_kekri_get0_id;
-+		CMS_verify_receipt;
-+		CMS_ReceiptRequest_it;
-+		PEM_read_bio_CMS;
-+		CMS_get1_crls;
-+		CMS_add0_recipient_key;
-+		SMIME_read_ASN1;
-+		CMS_ReceiptRequest_new;
-+		CMS_get0_content;
-+		CMS_get1_ReceiptRequest;
-+		CMS_signed_add1_attr_by_OBJ;
-+		CMS_RecipientInfo_kekri_id_cmp;
-+		CMS_add1_ReceiptRequest;
-+		CMS_SignerInfo_get0_signer_id;
-+		CMS_unsigned_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr;
-+		CMS_signed_get_attr_by_NID;
-+		CMS_get1_certs;
-+		CMS_signed_add1_attr_by_NID;
-+		CMS_unsigned_add1_attr_by_txt;
-+		CMS_dataFinal;
-+		CMS_RecipientInfo_ktri_get0_signer_id;
-+		CMS_RecipInfo_ktri_get0_sigr_id;
-+		i2d_CMS_ReceiptRequest;
-+		CMS_add1_recipient_cert;
-+		CMS_dataInit;
-+		CMS_signed_add1_attr_by_txt;
-+		CMS_RecipientInfo_decrypt;
-+		CMS_signed_get_attr_count;
-+		CMS_get0_eContentType;
-+		CMS_set1_eContentType;
-+		CMS_ReceiptRequest_create0;
-+		CMS_add1_signer;
-+		CMS_RecipientInfo_set0_pkey;
-+		ENGINE_set_load_ssl_client_cert_function;
-+		ENGINE_set_ld_ssl_clnt_cert_fn;
-+		ENGINE_get_ssl_client_cert_function;
-+		ENGINE_get_ssl_client_cert_fn;
-+		ENGINE_load_ssl_client_cert;
-+		ENGINE_load_capi;
-+		OPENSSL_isservice;
-+		FIPS_dsa_sig_decode;
-+		EVP_CIPHER_CTX_clear_flags;
-+		FIPS_rand_status;
-+		FIPS_rand_set_key;
-+		CRYPTO_set_mem_info_functions;
-+		RSA_X931_generate_key_ex;
-+		int_ERR_set_state_func;
-+		int_EVP_MD_set_engine_callbacks;
-+		int_CRYPTO_set_do_dynlock_callback;
-+		FIPS_rng_stick;
-+		EVP_CIPHER_CTX_set_flags;
-+		BN_X931_generate_prime_ex;
-+		FIPS_selftest_check;
-+		FIPS_rand_set_dt;
-+		CRYPTO_dbg_pop_info;
-+		FIPS_dsa_free;
-+		RSA_X931_derive_ex;
-+		FIPS_rsa_new;
-+		FIPS_rand_bytes;
-+		fips_cipher_test;
-+		EVP_CIPHER_CTX_test_flags;
-+		CRYPTO_malloc_debug_init;
-+		CRYPTO_dbg_push_info;
-+		FIPS_corrupt_rsa_keygen;
-+		FIPS_dh_new;
-+		FIPS_corrupt_dsa_keygen;
-+		FIPS_dh_free;
-+		fips_pkey_signature_test;
-+		EVP_add_alg_module;
-+		int_RAND_init_engine_callbacks;
-+		int_EVP_CIPHER_set_engine_callbacks;
-+		int_EVP_MD_init_engine_callbacks;
-+		FIPS_rand_test_mode;
-+		FIPS_rand_reset;
-+		FIPS_dsa_new;
-+		int_RAND_set_callbacks;
-+		BN_X931_derive_prime_ex;
-+		int_ERR_lib_init;
-+		int_EVP_CIPHER_init_engine_callbacks;
-+		FIPS_rsa_free;
-+		FIPS_dsa_sig_encode;
-+		CRYPTO_dbg_remove_all_info;
-+		OPENSSL_init;
-+		CRYPTO_strdup;
-+		JPAKE_STEP3A_process;
-+		JPAKE_STEP1_release;
-+		JPAKE_get_shared_key;
-+		JPAKE_STEP3B_init;
-+		JPAKE_STEP1_generate;
-+		JPAKE_STEP1_init;
-+		JPAKE_STEP3B_process;
-+		JPAKE_STEP2_generate;
-+		JPAKE_CTX_new;
-+		JPAKE_CTX_free;
-+		JPAKE_STEP3B_release;
-+		JPAKE_STEP3A_release;
-+		JPAKE_STEP2_process;
-+		JPAKE_STEP3B_generate;
-+		JPAKE_STEP1_process;
-+		JPAKE_STEP3A_generate;
-+		JPAKE_STEP2_release;
-+		JPAKE_STEP3A_init;
-+		ERR_load_JPAKE_strings;
-+		JPAKE_STEP2_init;
-+		pqueue_size;
-+		i2d_TS_ACCURACY;
-+		i2d_TS_MSG_IMPRINT_fp;
-+		i2d_TS_MSG_IMPRINT;
-+		EVP_PKEY_print_public;
-+		EVP_PKEY_CTX_new;
-+		i2d_TS_TST_INFO;
-+		EVP_PKEY_asn1_find;
-+		DSO_METHOD_beos;
-+		TS_CONF_load_cert;
-+		TS_REQ_get_ext;
-+		EVP_PKEY_sign_init;
-+		ASN1_item_print;
-+		TS_TST_INFO_set_nonce;
-+		TS_RESP_dup;
-+		ENGINE_register_pkey_meths;
-+		EVP_PKEY_asn1_add0;
-+		PKCS7_add0_attrib_signing_time;
-+		i2d_TS_TST_INFO_fp;
-+		BIO_asn1_get_prefix;
-+		TS_TST_INFO_set_time;
-+		EVP_PKEY_meth_set_decrypt;
-+		EVP_PKEY_set_type_str;
-+		EVP_PKEY_CTX_get_keygen_info;
-+		TS_REQ_set_policy_id;
-+		d2i_TS_RESP_fp;
-+		ENGINE_get_pkey_asn1_meth_engine;
-+		ENGINE_get_pkey_asn1_meth_eng;
-+		WHIRLPOOL_Init;
-+		TS_RESP_set_status_info;
-+		EVP_PKEY_keygen;
-+		EVP_DigestSignInit;
-+		TS_ACCURACY_set_millis;
-+		TS_REQ_dup;
-+		GENERAL_NAME_dup;
-+		ASN1_SEQUENCE_ANY_it;
-+		WHIRLPOOL;
-+		X509_STORE_get1_crls;
-+		ENGINE_get_pkey_asn1_meth;
-+		EVP_PKEY_asn1_new;
-+		BIO_new_NDEF;
-+		ENGINE_get_pkey_meth;
-+		TS_MSG_IMPRINT_set_algo;
-+		i2d_TS_TST_INFO_bio;
-+		TS_TST_INFO_set_ordering;
-+		TS_TST_INFO_get_ext_by_OBJ;
-+		CRYPTO_THREADID_set_pointer;
-+		TS_CONF_get_tsa_section;
-+		SMIME_write_ASN1;
-+		TS_RESP_CTX_set_signer_key;
-+		EVP_PKEY_encrypt_old;
-+		EVP_PKEY_encrypt_init;
-+		CRYPTO_THREADID_cpy;
-+		ASN1_PCTX_get_cert_flags;
-+		i2d_ESS_SIGNING_CERT;
-+		TS_CONF_load_key;
-+		i2d_ASN1_SEQUENCE_ANY;
-+		d2i_TS_MSG_IMPRINT_bio;
-+		EVP_PKEY_asn1_set_public;
-+		b2i_PublicKey_bio;
-+		BIO_asn1_set_prefix;
-+		EVP_PKEY_new_mac_key;
-+		BIO_new_CMS;
-+		CRYPTO_THREADID_cmp;
-+		TS_REQ_ext_free;
-+		EVP_PKEY_asn1_set_free;
-+		EVP_PKEY_get0_asn1;
-+		d2i_NETSCAPE_X509;
-+		EVP_PKEY_verify_recover_init;
-+		EVP_PKEY_CTX_set_data;
-+		EVP_PKEY_keygen_init;
-+		TS_RESP_CTX_set_status_info;
-+		TS_MSG_IMPRINT_get_algo;
-+		TS_REQ_print_bio;
-+		EVP_PKEY_CTX_ctrl_str;
-+		EVP_PKEY_get_default_digest_nid;
-+		PEM_write_bio_PKCS7_stream;
-+		TS_MSG_IMPRINT_print_bio;
-+		BN_asc2bn;
-+		TS_REQ_get_policy_id;
-+		ENGINE_set_default_pkey_asn1_meths;
-+		ENGINE_set_def_pkey_asn1_meths;
-+		d2i_TS_ACCURACY;
-+		DSO_global_lookup;
-+		TS_CONF_set_tsa_name;
-+		i2d_ASN1_SET_ANY;
-+		ENGINE_load_gost;
-+		WHIRLPOOL_BitUpdate;
-+		ASN1_PCTX_get_flags;
-+		TS_TST_INFO_get_ext_by_NID;
-+		TS_RESP_new;
-+		ESS_CERT_ID_dup;
-+		TS_STATUS_INFO_dup;
-+		TS_REQ_delete_ext;
-+		EVP_DigestVerifyFinal;
-+		EVP_PKEY_print_params;
-+		i2d_CMS_bio_stream;
-+		TS_REQ_get_msg_imprint;
-+		OBJ_find_sigid_by_algs;
-+		TS_TST_INFO_get_serial;
-+		TS_REQ_get_nonce;
-+		X509_PUBKEY_set0_param;
-+		EVP_PKEY_CTX_set0_keygen_info;
-+		DIST_POINT_set_dpname;
-+		i2d_ISSUING_DIST_POINT;
-+		ASN1_SET_ANY_it;
-+		EVP_PKEY_CTX_get_data;
-+		TS_STATUS_INFO_print_bio;
-+		EVP_PKEY_derive_init;
-+		d2i_TS_TST_INFO;
-+		EVP_PKEY_asn1_add_alias;
-+		d2i_TS_RESP_bio;
-+		OTHERNAME_cmp;
-+		GENERAL_NAME_set0_value;
-+		PKCS7_RECIP_INFO_get0_alg;
-+		TS_RESP_CTX_new;
-+		TS_RESP_set_tst_info;
-+		PKCS7_final;
-+		EVP_PKEY_base_id;
-+		TS_RESP_CTX_set_signer_cert;
-+		TS_REQ_set_msg_imprint;
-+		EVP_PKEY_CTX_ctrl;
-+		TS_CONF_set_digests;
-+		d2i_TS_MSG_IMPRINT;
-+		EVP_PKEY_meth_set_ctrl;
-+		TS_REQ_get_ext_by_NID;
-+		PKCS5_pbe_set0_algor;
-+		BN_BLINDING_thread_id;
-+		TS_ACCURACY_new;
-+		X509_CRL_METHOD_free;
-+		ASN1_PCTX_get_nm_flags;
-+		EVP_PKEY_meth_set_sign;
-+		CRYPTO_THREADID_current;
-+		EVP_PKEY_decrypt_init;
-+		NETSCAPE_X509_free;
-+		i2b_PVK_bio;
-+		EVP_PKEY_print_private;
-+		GENERAL_NAME_get0_value;
-+		b2i_PVK_bio;
-+		ASN1_UTCTIME_adj;
-+		TS_TST_INFO_new;
-+		EVP_MD_do_all_sorted;
-+		TS_CONF_set_default_engine;
-+		TS_ACCURACY_set_seconds;
-+		TS_TST_INFO_get_time;
-+		PKCS8_pkey_get0;
-+		EVP_PKEY_asn1_get0;
-+		OBJ_add_sigid;
-+		PKCS7_SIGNER_INFO_sign;
-+		EVP_PKEY_paramgen_init;
-+		EVP_PKEY_sign;
-+		OBJ_sigid_free;
-+		EVP_PKEY_meth_set_init;
-+		d2i_ESS_ISSUER_SERIAL;
-+		ISSUING_DIST_POINT_new;
-+		ASN1_TIME_adj;
-+		TS_OBJ_print_bio;
-+		EVP_PKEY_meth_set_verify_recover;
-+		EVP_PKEY_meth_set_vrfy_recover;
-+		TS_RESP_get_status_info;
-+		CMS_stream;
-+		EVP_PKEY_CTX_set_cb;
-+		PKCS7_to_TS_TST_INFO;
-+		ASN1_PCTX_get_oid_flags;
-+		TS_TST_INFO_add_ext;
-+		EVP_PKEY_meth_set_derive;
-+		i2d_TS_RESP_fp;
-+		i2d_TS_MSG_IMPRINT_bio;
-+		TS_RESP_CTX_set_accuracy;
-+		TS_REQ_set_nonce;
-+		ESS_CERT_ID_new;
-+		ENGINE_pkey_asn1_find_str;
-+		TS_REQ_get_ext_count;
-+		BUF_reverse;
-+		TS_TST_INFO_print_bio;
-+		d2i_ISSUING_DIST_POINT;
-+		ENGINE_get_pkey_meths;
-+		i2b_PrivateKey_bio;
-+		i2d_TS_RESP;
-+		b2i_PublicKey;
-+		TS_VERIFY_CTX_cleanup;
-+		TS_STATUS_INFO_free;
-+		TS_RESP_verify_token;
-+		OBJ_bsearch_ex_;
-+		ASN1_bn_print;
-+		EVP_PKEY_asn1_get_count;
-+		ENGINE_register_pkey_asn1_meths;
-+		ASN1_PCTX_set_nm_flags;
-+		EVP_DigestVerifyInit;
-+		ENGINE_set_default_pkey_meths;
-+		TS_TST_INFO_get_policy_id;
-+		TS_REQ_get_cert_req;
-+		X509_CRL_set_meth_data;
-+		PKCS8_pkey_set0;
-+		ASN1_STRING_copy;
-+		d2i_TS_TST_INFO_fp;
-+		X509_CRL_match;
-+		EVP_PKEY_asn1_set_private;
-+		TS_TST_INFO_get_ext_d2i;
-+		TS_RESP_CTX_add_policy;
-+		d2i_TS_RESP;
-+		TS_CONF_load_certs;
-+		TS_TST_INFO_get_msg_imprint;
-+		ERR_load_TS_strings;
-+		TS_TST_INFO_get_version;
-+		EVP_PKEY_CTX_dup;
-+		EVP_PKEY_meth_set_verify;
-+		i2b_PublicKey_bio;
-+		TS_CONF_set_certs;
-+		EVP_PKEY_asn1_get0_info;
-+		TS_VERIFY_CTX_free;
-+		TS_REQ_get_ext_by_critical;
-+		TS_RESP_CTX_set_serial_cb;
-+		X509_CRL_get_meth_data;
-+		TS_RESP_CTX_set_time_cb;
-+		TS_MSG_IMPRINT_get_msg;
-+		TS_TST_INFO_ext_free;
-+		TS_REQ_get_version;
-+		TS_REQ_add_ext;
-+		EVP_PKEY_CTX_set_app_data;
-+		OBJ_bsearch_;
-+		EVP_PKEY_meth_set_verifyctx;
-+		i2d_PKCS7_bio_stream;
-+		CRYPTO_THREADID_set_numeric;
-+		PKCS7_sign_add_signer;
-+		d2i_TS_TST_INFO_bio;
-+		TS_TST_INFO_get_ordering;
-+		TS_RESP_print_bio;
-+		TS_TST_INFO_get_exts;
-+		HMAC_CTX_copy;
-+		PKCS5_pbe2_set_iv;
-+		ENGINE_get_pkey_asn1_meths;
-+		b2i_PrivateKey;
-+		EVP_PKEY_CTX_get_app_data;
-+		TS_REQ_set_cert_req;
-+		CRYPTO_THREADID_set_callback;
-+		TS_CONF_set_serial;
-+		TS_TST_INFO_free;
-+		d2i_TS_REQ_fp;
-+		TS_RESP_verify_response;
-+		i2d_ESS_ISSUER_SERIAL;
-+		TS_ACCURACY_get_seconds;
-+		EVP_CIPHER_do_all;
-+		b2i_PrivateKey_bio;
-+		OCSP_CERTID_dup;
-+		X509_PUBKEY_get0_param;
-+		TS_MSG_IMPRINT_dup;
-+		PKCS7_print_ctx;
-+		i2d_TS_REQ_bio;
-+		EVP_whirlpool;
-+		EVP_PKEY_asn1_set_param;
-+		EVP_PKEY_meth_set_encrypt;
-+		ASN1_PCTX_set_flags;
-+		i2d_ESS_CERT_ID;
-+		TS_VERIFY_CTX_new;
-+		TS_RESP_CTX_set_extension_cb;
-+		ENGINE_register_all_pkey_meths;
-+		TS_RESP_CTX_set_status_info_cond;
-+		TS_RESP_CTX_set_stat_info_cond;
-+		EVP_PKEY_verify;
-+		WHIRLPOOL_Final;
-+		X509_CRL_METHOD_new;
-+		EVP_DigestSignFinal;
-+		TS_RESP_CTX_set_def_policy;
-+		NETSCAPE_X509_it;
-+		TS_RESP_create_response;
-+		PKCS7_SIGNER_INFO_get0_algs;
-+		TS_TST_INFO_get_nonce;
-+		EVP_PKEY_decrypt_old;
-+		TS_TST_INFO_set_policy_id;
-+		TS_CONF_set_ess_cert_id_chain;
-+		EVP_PKEY_CTX_get0_pkey;
-+		d2i_TS_REQ;
-+		EVP_PKEY_asn1_find_str;
-+		BIO_f_asn1;
-+		ESS_SIGNING_CERT_new;
-+		EVP_PBE_find;
-+		X509_CRL_get0_by_cert;
-+		EVP_PKEY_derive;
-+		i2d_TS_REQ;
-+		TS_TST_INFO_delete_ext;
-+		ESS_ISSUER_SERIAL_free;
-+		ASN1_PCTX_set_str_flags;
-+		ENGINE_get_pkey_asn1_meth_str;
-+		TS_CONF_set_signer_key;
-+		TS_ACCURACY_get_millis;
-+		TS_RESP_get_token;
-+		TS_ACCURACY_dup;
-+		ENGINE_register_all_pkey_asn1_meths;
-+		ENGINE_reg_all_pkey_asn1_meths;
-+		X509_CRL_set_default_method;
-+		CRYPTO_THREADID_hash;
-+		CMS_ContentInfo_print_ctx;
-+		TS_RESP_free;
-+		ISSUING_DIST_POINT_free;
-+		ESS_ISSUER_SERIAL_new;
-+		CMS_add1_crl;
-+		PKCS7_add1_attrib_digest;
-+		TS_RESP_CTX_add_md;
-+		TS_TST_INFO_dup;
-+		ENGINE_set_pkey_asn1_meths;
-+		PEM_write_bio_Parameters;
-+		TS_TST_INFO_get_accuracy;
-+		X509_CRL_get0_by_serial;
-+		TS_TST_INFO_set_version;
-+		TS_RESP_CTX_get_tst_info;
-+		TS_RESP_verify_signature;
-+		CRYPTO_THREADID_get_callback;
-+		TS_TST_INFO_get_tsa;
-+		TS_STATUS_INFO_new;
-+		EVP_PKEY_CTX_get_cb;
-+		TS_REQ_get_ext_d2i;
-+		GENERAL_NAME_set0_othername;
-+		TS_TST_INFO_get_ext_count;
-+		TS_RESP_CTX_get_request;
-+		i2d_NETSCAPE_X509;
-+		ENGINE_get_pkey_meth_engine;
-+		EVP_PKEY_meth_set_signctx;
-+		EVP_PKEY_asn1_copy;
-+		ASN1_TYPE_cmp;
-+		EVP_CIPHER_do_all_sorted;
-+		EVP_PKEY_CTX_free;
-+		ISSUING_DIST_POINT_it;
-+		d2i_TS_MSG_IMPRINT_fp;
-+		X509_STORE_get1_certs;
-+		EVP_PKEY_CTX_get_operation;
-+		d2i_ESS_SIGNING_CERT;
-+		TS_CONF_set_ordering;
-+		EVP_PBE_alg_add_type;
-+		TS_REQ_set_version;
-+		EVP_PKEY_get0;
-+		BIO_asn1_set_suffix;
-+		i2d_TS_STATUS_INFO;
-+		EVP_MD_do_all;
-+		TS_TST_INFO_set_accuracy;
-+		PKCS7_add_attrib_content_type;
-+		ERR_remove_thread_state;
-+		EVP_PKEY_meth_add0;
-+		TS_TST_INFO_set_tsa;
-+		EVP_PKEY_meth_new;
-+		WHIRLPOOL_Update;
-+		TS_CONF_set_accuracy;
-+		ASN1_PCTX_set_oid_flags;
-+		ESS_SIGNING_CERT_dup;
-+		d2i_TS_REQ_bio;
-+		X509_time_adj_ex;
-+		TS_RESP_CTX_add_flags;
-+		d2i_TS_STATUS_INFO;
-+		TS_MSG_IMPRINT_set_msg;
-+		BIO_asn1_get_suffix;
-+		TS_REQ_free;
-+		EVP_PKEY_meth_free;
-+		TS_REQ_get_exts;
-+		TS_RESP_CTX_set_clock_precision_digits;
-+		TS_RESP_CTX_set_clk_prec_digits;
-+		TS_RESP_CTX_add_failure_info;
-+		i2d_TS_RESP_bio;
-+		EVP_PKEY_CTX_get0_peerkey;
-+		PEM_write_bio_CMS_stream;
-+		TS_REQ_new;
-+		TS_MSG_IMPRINT_new;
-+		EVP_PKEY_meth_find;
-+		EVP_PKEY_id;
-+		TS_TST_INFO_set_serial;
-+		a2i_GENERAL_NAME;
-+		TS_CONF_set_crypto_device;
-+		EVP_PKEY_verify_init;
-+		TS_CONF_set_policies;
-+		ASN1_PCTX_new;
-+		ESS_CERT_ID_free;
-+		ENGINE_unregister_pkey_meths;
-+		TS_MSG_IMPRINT_free;
-+		TS_VERIFY_CTX_init;
-+		PKCS7_stream;
-+		TS_RESP_CTX_set_certs;
-+		TS_CONF_set_def_policy;
-+		ASN1_GENERALIZEDTIME_adj;
-+		NETSCAPE_X509_new;
-+		TS_ACCURACY_free;
-+		TS_RESP_get_tst_info;
-+		EVP_PKEY_derive_set_peer;
-+		PEM_read_bio_Parameters;
-+		TS_CONF_set_clock_precision_digits;
-+		TS_CONF_set_clk_prec_digits;
-+		ESS_ISSUER_SERIAL_dup;
-+		TS_ACCURACY_get_micros;
-+		ASN1_PCTX_get_str_flags;
-+		NAME_CONSTRAINTS_check;
-+		ASN1_BIT_STRING_check;
-+		X509_check_akid;
-+		ENGINE_unregister_pkey_asn1_meths;
-+		ENGINE_unreg_pkey_asn1_meths;
-+		ASN1_PCTX_free;
-+		PEM_write_bio_ASN1_stream;
-+		i2d_ASN1_bio_stream;
-+		TS_X509_ALGOR_print_bio;
-+		EVP_PKEY_meth_set_cleanup;
-+		EVP_PKEY_asn1_free;
-+		ESS_SIGNING_CERT_free;
-+		TS_TST_INFO_set_msg_imprint;
-+		GENERAL_NAME_cmp;
-+		d2i_ASN1_SET_ANY;
-+		ENGINE_set_pkey_meths;
-+		i2d_TS_REQ_fp;
-+		d2i_ASN1_SEQUENCE_ANY;
-+		GENERAL_NAME_get0_otherName;
-+		d2i_ESS_CERT_ID;
-+		OBJ_find_sigid_algs;
-+		EVP_PKEY_meth_set_keygen;
-+		PKCS5_PBKDF2_HMAC;
-+		EVP_PKEY_paramgen;
-+		EVP_PKEY_meth_set_paramgen;
-+		BIO_new_PKCS7;
-+		EVP_PKEY_verify_recover;
-+		TS_ext_print_bio;
-+		TS_ASN1_INTEGER_print_bio;
-+		check_defer;
-+		DSO_pathbyaddr;
-+		EVP_PKEY_set_type;
-+		TS_ACCURACY_set_micros;
-+		TS_REQ_to_TS_VERIFY_CTX;
-+		EVP_PKEY_meth_set_copy;
-+		ASN1_PCTX_set_cert_flags;
-+		TS_TST_INFO_get_ext;
-+		EVP_PKEY_asn1_set_ctrl;
-+		TS_TST_INFO_get_ext_by_critical;
-+		EVP_PKEY_CTX_new_id;
-+		TS_REQ_get_ext_by_OBJ;
-+		TS_CONF_set_signer_cert;
-+		X509_NAME_hash_old;
-+		ASN1_TIME_set_string;
-+		EVP_MD_flags;
-+		TS_RESP_CTX_free;
-+		DSAparams_dup;
-+		DHparams_dup;
-+		OCSP_REQ_CTX_add1_header;
-+		OCSP_REQ_CTX_set1_req;
-+		X509_STORE_set_verify_cb;
-+		X509_STORE_CTX_get0_current_crl;
-+		X509_STORE_CTX_get0_parent_ctx;
-+		X509_STORE_CTX_get0_current_issuer;
-+		X509_STORE_CTX_get0_cur_issuer;
-+		X509_issuer_name_hash_old;
-+		X509_subject_name_hash_old;
-+		EVP_CIPHER_CTX_copy;
-+		UI_method_get_prompt_constructor;
-+		UI_method_get_prompt_constructr;
-+		UI_method_set_prompt_constructor;
-+		UI_method_set_prompt_constructr;
-+		EVP_read_pw_string_min;
-+		CRYPTO_cts128_encrypt;
-+		CRYPTO_cts128_decrypt_block;
-+		CRYPTO_cfb128_1_encrypt;
-+		CRYPTO_cbc128_encrypt;
-+		CRYPTO_ctr128_encrypt;
-+		CRYPTO_ofb128_encrypt;
-+		CRYPTO_cts128_decrypt;
-+		CRYPTO_cts128_encrypt_block;
-+		CRYPTO_cbc128_decrypt;
-+		CRYPTO_cfb128_encrypt;
-+		CRYPTO_cfb128_8_encrypt;
-+		SSL_renegotiate_abbreviated;
-+		TLSv1_1_method;
-+		TLSv1_1_client_method;
-+		TLSv1_1_server_method;
-+		SSL_CTX_set_srp_client_pwd_callback;
-+		SSL_CTX_set_srp_client_pwd_cb;
-+		SSL_get_srp_g;
-+		SSL_CTX_set_srp_username_callback;
-+		SSL_CTX_set_srp_un_cb;
-+		SSL_get_srp_userinfo;
-+		SSL_set_srp_server_param;
-+		SSL_set_srp_server_param_pw;
-+		SSL_get_srp_N;
-+		SSL_get_srp_username;
-+		SSL_CTX_set_srp_password;
-+		SSL_CTX_set_srp_strength;
-+		SSL_CTX_set_srp_verify_param_callback;
-+		SSL_CTX_set_srp_vfy_param_cb;
-+		SSL_CTX_set_srp_cb_arg;
-+		SSL_CTX_set_srp_username;
-+		SSL_CTX_SRP_CTX_init;
-+		SSL_SRP_CTX_init;
-+		SRP_Calc_A_param;
-+		SRP_generate_server_master_secret;
-+		SRP_gen_server_master_secret;
-+		SSL_CTX_SRP_CTX_free;
-+		SRP_generate_client_master_secret;
-+		SRP_gen_client_master_secret;
-+		SSL_srp_server_param_with_username;
-+		SSL_srp_server_param_with_un;
-+		SSL_SRP_CTX_free;
-+		SSL_set_debug;
-+		SSL_SESSION_get0_peer;
-+		TLSv1_2_client_method;
-+		SSL_SESSION_set1_id_context;
-+		TLSv1_2_server_method;
-+		SSL_cache_hit;
-+		SSL_get0_kssl_ctx;
-+		SSL_set0_kssl_ctx;
-+		SSL_set_state;
-+		SSL_CIPHER_get_id;
-+		TLSv1_2_method;
-+		kssl_ctx_get0_client_princ;
-+		SSL_export_keying_material;
-+		SSL_set_tlsext_use_srtp;
-+		SSL_CTX_set_next_protos_advertised_cb;
-+		SSL_CTX_set_next_protos_adv_cb;
-+		SSL_get0_next_proto_negotiated;
-+		SSL_get_selected_srtp_profile;
-+		SSL_CTX_set_tlsext_use_srtp;
-+		SSL_select_next_proto;
-+		SSL_get_srtp_profiles;
-+		SSL_CTX_set_next_proto_select_cb;
-+		SSL_CTX_set_next_proto_sel_cb;
-+		SSL_SESSION_get_compress_id;
-+
-+		SRP_VBASE_get_by_user;
-+		SRP_Calc_server_key;
-+		SRP_create_verifier;
-+		SRP_create_verifier_BN;
-+		SRP_Calc_u;
-+		SRP_VBASE_free;
-+		SRP_Calc_client_key;
-+		SRP_get_default_gN;
-+		SRP_Calc_x;
-+		SRP_Calc_B;
-+		SRP_VBASE_new;
-+		SRP_check_known_gN_param;
-+		SRP_Calc_A;
-+		SRP_Verify_A_mod_N;
-+		SRP_VBASE_init;
-+		SRP_Verify_B_mod_N;
-+		EC_KEY_set_public_key_affine_coordinates;
-+		EC_KEY_set_pub_key_aff_coords;
-+		EVP_aes_192_ctr;
-+		EVP_PKEY_meth_get0_info;
-+		EVP_PKEY_meth_copy;
-+		ERR_add_error_vdata;
-+		EVP_aes_128_ctr;
-+		EVP_aes_256_ctr;
-+		EC_GFp_nistp224_method;
-+		EC_KEY_get_flags;
-+		RSA_padding_add_PKCS1_PSS_mgf1;
-+		EVP_aes_128_xts;
-+		EVP_aes_256_xts;
-+		EVP_aes_128_gcm;
-+		EC_KEY_clear_flags;
-+		EC_KEY_set_flags;
-+		EVP_aes_256_ccm;
-+		RSA_verify_PKCS1_PSS_mgf1;
-+		EVP_aes_128_ccm;
-+		EVP_aes_192_gcm;
-+		X509_ALGOR_set_md;
-+		RAND_init_fips;
-+		EVP_aes_256_gcm;
-+		EVP_aes_192_ccm;
-+		CMAC_CTX_copy;
-+		CMAC_CTX_free;
-+		CMAC_CTX_get0_cipher_ctx;
-+		CMAC_CTX_cleanup;
-+		CMAC_Init;
-+		CMAC_Update;
-+		CMAC_resume;
-+		CMAC_CTX_new;
-+		CMAC_Final;
-+		CRYPTO_ctr128_encrypt_ctr32;
-+		CRYPTO_gcm128_release;
-+		CRYPTO_ccm128_decrypt_ccm64;
-+		CRYPTO_ccm128_encrypt;
-+		CRYPTO_gcm128_encrypt;
-+		CRYPTO_xts128_encrypt;
-+		EVP_rc4_hmac_md5;
-+		CRYPTO_nistcts128_decrypt_block;
-+		CRYPTO_gcm128_setiv;
-+		CRYPTO_nistcts128_encrypt;
-+		EVP_aes_128_cbc_hmac_sha1;
-+		CRYPTO_gcm128_tag;
-+		CRYPTO_ccm128_encrypt_ccm64;
-+		ENGINE_load_rdrand;
-+		CRYPTO_ccm128_setiv;
-+		CRYPTO_nistcts128_encrypt_block;
-+		CRYPTO_gcm128_aad;
-+		CRYPTO_ccm128_init;
-+		CRYPTO_nistcts128_decrypt;
-+		CRYPTO_gcm128_new;
-+		CRYPTO_ccm128_tag;
-+		CRYPTO_ccm128_decrypt;
-+		CRYPTO_ccm128_aad;
-+		CRYPTO_gcm128_init;
-+		CRYPTO_gcm128_decrypt;
-+		ENGINE_load_rsax;
-+		CRYPTO_gcm128_decrypt_ctr32;
-+		CRYPTO_gcm128_encrypt_ctr32;
-+		CRYPTO_gcm128_finish;
-+		EVP_aes_256_cbc_hmac_sha1;
-+		PKCS5_pbkdf2_set;
-+		CMS_add0_recipient_password;
-+		CMS_decrypt_set1_password;
-+		CMS_RecipientInfo_set0_password;
-+		RAND_set_fips_drbg_type;
-+		X509_REQ_sign_ctx;
-+		RSA_PSS_PARAMS_new;
-+		X509_CRL_sign_ctx;
-+		X509_signature_dump;
-+		d2i_RSA_PSS_PARAMS;
-+		RSA_PSS_PARAMS_it;
-+		RSA_PSS_PARAMS_free;
-+		X509_sign_ctx;
-+		i2d_RSA_PSS_PARAMS;
-+		ASN1_item_sign_ctx;
-+		EC_GFp_nistp521_method;
-+		EC_GFp_nistp256_method;
-+		OPENSSL_stderr;
-+		OPENSSL_cpuid_setup;
-+		OPENSSL_showfatal;
-+		BIO_new_dgram_sctp;
-+		BIO_dgram_sctp_msg_waiting;
-+		BIO_dgram_sctp_wait_for_dry;
-+		BIO_s_datagram_sctp;
-+		BIO_dgram_is_sctp;
-+		BIO_dgram_sctp_notification_cb;
-+		CRYPTO_memcmp;
-+		SSL_CTX_set_alpn_protos;
-+		SSL_set_alpn_protos;
-+		SSL_CTX_set_alpn_select_cb;
-+		SSL_get0_alpn_selected;
-+		SSL_CTX_set_custom_cli_ext;
-+		SSL_CTX_set_custom_srv_ext;
-+		SSL_CTX_set_srv_supp_data;
-+		SSL_CTX_set_cli_supp_data;
-+		SSL_set_cert_cb;
-+		SSL_CTX_use_serverinfo;
-+		SSL_CTX_use_serverinfo_file;
-+		SSL_CTX_set_cert_cb;
-+		SSL_CTX_get0_param;
-+		SSL_get0_param;
-+		SSL_certs_clear;
-+		DTLSv1_2_method;
-+		DTLSv1_2_server_method;
-+		DTLSv1_2_client_method;
-+		DTLS_method;
-+		DTLS_server_method;
-+		DTLS_client_method;
-+		SSL_CTX_get_ssl_method;
-+		SSL_CTX_get0_certificate;
-+		SSL_CTX_get0_privatekey;
-+		SSL_COMP_set0_compression_methods;
-+		SSL_COMP_free_compression_methods;
-+		SSL_CIPHER_find;
-+		SSL_is_server;
-+		SSL_CONF_CTX_new;
-+		SSL_CONF_CTX_finish;
-+		SSL_CONF_CTX_free;
-+		SSL_CONF_CTX_set_flags;
-+		SSL_CONF_CTX_clear_flags;
-+		SSL_CONF_CTX_set1_prefix;
-+		SSL_CONF_CTX_set_ssl;
-+		SSL_CONF_CTX_set_ssl_ctx;
-+		SSL_CONF_cmd;
-+		SSL_CONF_cmd_argv;
-+		SSL_CONF_cmd_value_type;
-+		SSL_trace;
-+		SSL_CIPHER_standard_name;
-+		SSL_get_tlsa_record_byname;
-+		ASN1_TIME_diff;
-+		BIO_hex_string;
-+		CMS_RecipientInfo_get0_pkey_ctx;
-+		CMS_RecipientInfo_encrypt;
-+		CMS_SignerInfo_get0_pkey_ctx;
-+		CMS_SignerInfo_get0_md_ctx;
-+		CMS_SignerInfo_get0_signature;
-+		CMS_RecipientInfo_kari_get0_alg;
-+		CMS_RecipientInfo_kari_get0_reks;
-+		CMS_RecipientInfo_kari_get0_orig_id;
-+		CMS_RecipientInfo_kari_orig_id_cmp;
-+		CMS_RecipientEncryptedKey_get0_id;
-+		CMS_RecipientEncryptedKey_cert_cmp;
-+		CMS_RecipientInfo_kari_set0_pkey;
-+		CMS_RecipientInfo_kari_get0_ctx;
-+		CMS_RecipientInfo_kari_decrypt;
-+		CMS_SharedInfo_encode;
-+		DH_compute_key_padded;
-+		d2i_DHxparams;
-+		i2d_DHxparams;
-+		DH_get_1024_160;
-+		DH_get_2048_224;
-+		DH_get_2048_256;
-+		DH_KDF_X9_42;
-+		ECDH_KDF_X9_62;
-+		ECDSA_METHOD_new;
-+		ECDSA_METHOD_free;
-+		ECDSA_METHOD_set_app_data;
-+		ECDSA_METHOD_get_app_data;
-+		ECDSA_METHOD_set_sign;
-+		ECDSA_METHOD_set_sign_setup;
-+		ECDSA_METHOD_set_verify;
-+		ECDSA_METHOD_set_flags;
-+		ECDSA_METHOD_set_name;
-+		EVP_des_ede3_wrap;
-+		EVP_aes_128_wrap;
-+		EVP_aes_192_wrap;
-+		EVP_aes_256_wrap;
-+		EVP_aes_128_cbc_hmac_sha256;
-+		EVP_aes_256_cbc_hmac_sha256;
-+		CRYPTO_128_wrap;
-+		CRYPTO_128_unwrap;
-+		OCSP_REQ_CTX_nbio;
-+		OCSP_REQ_CTX_new;
-+		OCSP_set_max_response_length;
-+		OCSP_REQ_CTX_i2d;
-+		OCSP_REQ_CTX_nbio_d2i;
-+		OCSP_REQ_CTX_get0_mem_bio;
-+		OCSP_REQ_CTX_http;
-+		RSA_padding_add_PKCS1_OAEP_mgf1;
-+		RSA_padding_check_PKCS1_OAEP_mgf1;
-+		RSA_OAEP_PARAMS_free;
-+		RSA_OAEP_PARAMS_it;
-+		RSA_OAEP_PARAMS_new;
-+		SSL_get_sigalgs;
-+		SSL_get_shared_sigalgs;
-+		SSL_check_chain;
-+		X509_chain_up_ref;
-+		X509_http_nbio;
-+		X509_CRL_http_nbio;
-+		X509_REVOKED_dup;
-+		i2d_re_X509_tbs;
-+		X509_get0_signature;
-+		X509_get_signature_nid;
-+		X509_CRL_diff;
-+		X509_chain_check_suiteb;
-+		X509_CRL_check_suiteb;
-+		X509_check_host;
-+		X509_check_email;
-+		X509_check_ip;
-+		X509_check_ip_asc;
-+		X509_STORE_set_lookup_crls_cb;
-+		X509_STORE_CTX_get0_store;
-+		X509_VERIFY_PARAM_set1_host;
-+		X509_VERIFY_PARAM_add1_host;
-+		X509_VERIFY_PARAM_set_hostflags;
-+		X509_VERIFY_PARAM_get0_peername;
-+		X509_VERIFY_PARAM_set1_email;
-+		X509_VERIFY_PARAM_set1_ip;
-+		X509_VERIFY_PARAM_set1_ip_asc;
-+		X509_VERIFY_PARAM_get0_name;
-+		X509_VERIFY_PARAM_get_count;
-+		X509_VERIFY_PARAM_get0;
-+		X509V3_EXT_free;
-+		EC_GROUP_get_mont_data;
-+		EC_curve_nid2nist;
-+		EC_curve_nist2nid;
-+		PEM_write_bio_DHxparams;
-+		PEM_write_DHxparams;
-+		SSL_CTX_add_client_custom_ext;
-+		SSL_CTX_add_server_custom_ext;
-+		SSL_extension_supported;
-+		BUF_strnlen;
-+		sk_deep_copy;
-+		SSL_test_functions;
-+
-+	local:
-+		*;
-+};
-+
-+OPENSSL_1.0.2g {
-+       global:
-+               SRP_VBASE_get1_by_user;
-+               SRP_user_pwd_free;
-+} OPENSSL_1.0.2d;
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.2 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
-===================================================================
---- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld	2014-02-24 21:02:30.000000000 +0100
-@@ -0,0 +1,10 @@
-+OPENSSL_1.0.2 {
-+	global:
-+		bind_engine;
-+		v_check;
-+		OPENSSL_init;
-+		OPENSSL_finish;
-+	local:
-+		*;
-+};
-+
diff --git a/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch b/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch
deleted file mode 100644
index a5746483e6..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/engines-install-in-libdir-ssl.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-
-Index: openssl-1.0.2/engines/Makefile
-===================================================================
---- openssl-1.0.2.orig/engines/Makefile
-+++ openssl-1.0.2/engines/Makefile
-@@ -107,13 +107,13 @@ install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
--		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
-+		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines; \
- 		for l in $(LIBNAMES); do \
- 			( echo installing $$l; \
- 			  pfx=lib; \
- 			  if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- 				sfx=".so"; \
--				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+				cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- 			  else \
- 				case "$(CFLAGS)" in \
- 				*DSO_BEOS*)	sfx=".so";;	\
-@@ -122,10 +122,10 @@ install:
- 				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
- 				*)		sfx=".bad";;	\
- 				esac; \
--				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+				cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
- 			  fi; \
--			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
--			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-+			  chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
-+			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
- 	@target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.2/engines/ccgost/Makefile
-===================================================================
---- openssl-1.0.2.orig/engines/ccgost/Makefile
-+++ openssl-1.0.2/engines/ccgost/Makefile
-@@ -47,7 +47,7 @@ install:
- 		pfx=lib; \
- 		if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
- 			sfx=".so"; \
--			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+			cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- 		else \
- 			case "$(CFLAGS)" in \
- 			*DSO_BEOS*) sfx=".so";; \
-@@ -56,10 +56,10 @@ install:
- 			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- 			*) sfx=".bad";; \
- 			esac; \
--			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+			cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- 		fi; \
--		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
--		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
-+		chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+		mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx; \
- 	fi
- 
- links:
diff --git a/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch b/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch
deleted file mode 100644
index 292e13dc5f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/oe-ldflags.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Upstream-Status: Inappropriate [open-embedded]
-
-Index: openssl-1.0.0/Makefile.shared
-===================================================================
---- openssl-1.0.0.orig/Makefile.shared
-+++ openssl-1.0.0/Makefile.shared
-@@ -92,7 +92,7 @@
- LINK_APP=	\
-   ( $(SET_X);   \
-     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
--    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
-+    LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$(OE_LDFLAGS) $${LDFLAGS:-$(CFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-@@ -102,7 +102,7 @@
-   ( $(SET_X);   \
-     LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
-     SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
--    SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-+    SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
diff --git a/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh
deleted file mode 100644
index 6620fdcb53..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/openssl-c_rehash.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-
-# default certificate location
-DIR=/etc/openssl
-
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-#       1. the filename to be scanned
-# returns:
-#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
-    local IS_TYPE=0
-
-    # make IFS a newline so we can process grep output line by line
-    local OLDIFS=${IFS}
-    IFS=$( printf "\n" )
-
-    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
-    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
-    do
-	if echo ${LINE} \
-	    | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	fi
-    done
-
-    # restore IFS
-    IFS=${OLDIFS}
-
-    return ${IS_TYPE}
-}
-
-
-#
-# use openssl to fingerprint a file
-#    arguments:
-#	1. the filename to fingerprint
-#	2. the method to use (x509, crl)
-#    returns:
-#	none
-#    assumptions:
-#	user will capture output from last stage of pipeline
-#
-fingerprint()
-{
-    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-
-
-#
-# link_hash - create links to certificate files
-#    arguments:
-#       1. the filename to create a link for
-#	2. the type of certificate being linked (x509, crl)
-#    returns:
-#	0 on success, 1 otherwise
-#
-link_hash()
-{
-    local FINGERPRINT=$( fingerprint ${1} ${2} )
-    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
-    local SUFFIX=0
-    local LINKFILE=''
-    local TAG=''
-
-    if [ ${2} = "crl" ]
-    then
-    	TAG='r'
-    fi
-
-    LINKFILE=${HASH}.${TAG}${SUFFIX}
-
-    while [ -f ${LINKFILE} ]
-    do
-	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
-	then
-	    echo "NOTE: Skipping duplicate file ${1}" >&2
-	    return 1
-	fi	
-
-	SUFFIX=$(( ${SUFFIX} + 1 ))
-	LINKFILE=${HASH}.${TAG}${SUFFIX}
-    done
-
-    echo "${3} => ${LINKFILE}"
-
-    # assume any system with a POSIX shell will either support symlinks or
-    # do something to handle this gracefully
-    ln -s ${3} ${LINKFILE}
-
-    return 0
-}
-
-
-# hash_dir create hash links in a given directory
-hash_dir()
-{
-    echo "Doing ${1}"
-
-    cd ${1}
-
-    ls -1 * 2>/dev/null | while read FILE
-    do
-        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
-	    	&& [ -h "${FILE}" ]
-        then
-            rm ${FILE}
-        fi
-    done
-
-    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
-    do
-	REAL_FILE=${FILE}
-	# if we run on build host then get to the real files in rootfs
-	if [ -n "${SYSROOT}" -a -h ${FILE} ]
-	then
-	    FILE=$( readlink ${FILE} )
-	    # check the symlink is absolute (or dangling in other word)
-	    if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
-	    then
-		REAL_FILE=${SYSROOT}/${FILE}
-	    fi
-	fi
-
-	check_file ${REAL_FILE}
-        local FILE_TYPE=${?}
-	local TYPE_STR=''
-
-        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
-        then
-            TYPE_STR='x509'
-        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
-        then
-            TYPE_STR='crl'
-        else
-            echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
-	    continue
-        fi
-
-	link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
-    done
-}
-
-
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
-    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
-    SSL_CMD=/usr/bin/openssl
-    OPENSSL=${SSL_CMD}
-    export OPENSSL
-fi
-
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
-    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
-    exit 0
-fi
-
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
-    IFS=':'
-    DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
-    DIRLIST=$SSL_CERT_DIR
-else
-    DIRLIST=${DIR}/certs
-fi
-
-IFS=':'
-
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
-    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
-    then
-        IFS=$old_IFS
-        hash_dir ${CERT_DIR}
-        IFS=':'
-    fi
-done
diff --git a/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch b/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch
deleted file mode 100644
index de49729e5e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/openssl-fix-des.pod-error.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-openssl: Fix pod2man des.pod error on Ubuntu 12.04
-
-This is a formatting fix, '=back' is required before
-'=head1' on Ubuntu 12.04.
-
-Upstream-Status: Pending
-Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
-diff -urpN a_origin/des.pod b_modify/des.pod
---- a_origin/crypto/des/des.pod	2013-08-15 15:02:56.211674589 +0800
-+++ b_modify/crypto/des/des.pod	2013-08-15 15:04:14.439674580 +0800
-@@ -181,6 +181,8 @@ the uuencoded file to embed in the begin
- output.  If there is no name specified after the B<-u>, the name text.des
- will be embedded in the header.
- 
-+=back
-+
- =head1 SEE ALSO
- 
- ps(1),
diff --git a/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch b/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch
deleted file mode 100644
index 0f08a642f6..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/openssl_fix_for_x32.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Upstream-Status: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.2/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.2.orig/crypto/bn/bn.h
-+++ openssl-1.0.2/crypto/bn/bn.h
-@@ -173,6 +173,13 @@ extern "C" {
- #  endif
- # endif
- 
-+/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /*
-  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
-  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
-Index: openssl-1.0.2/crypto/bn/bn_exp.c
-===================================================================
---- openssl-1.0.2.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.2/crypto/bn/bn_exp.c
-@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
-  * multiple.
-  */
- #define MOD_EXP_CTIME_ALIGN(x_) \
--        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
- 
- /*
-  * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/meta/recipes-connectivity/openssl/openssl10/parallel.patch b/meta/recipes-connectivity/openssl/openssl10/parallel.patch
deleted file mode 100644
index 41abf3d6bd..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/parallel.patch
+++ /dev/null
@@ -1,368 +0,0 @@
-From 7fb1192f112c1920bfd39f4185f34e9afff3cff2 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@intel.com>
-Date: Sat, 5 Mar 2016 00:12:02 +0000
-Subject: [PATCH 24/28] Fix the parallel races in the Makefiles.
-
-This patch was taken from the Gentoo packaging:
-https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-
-Refreshed for 1.0.2i
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
-
----
- Makefile.org                                   | 14 ++--
- Makefile.shared                                |  2 +
- crypto/Makefile                                | 10 +--
- engines/Makefile                               |  6 +-
- test/Makefile                                  | 94 +++++++++++-----------
- 5 files changed, 64 insertions(+), 62 deletions(-)
-
-diff --git a/Makefile.org b/Makefile.org
-index efcfafb..82eab91 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -282,17 +282,17 @@ build_libcrypto: build_crypto build_engines libcrypto.pc
- build_libssl: build_ssl libssl.pc
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -564,7 +564,7 @@ install_sw:
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
-diff --git a/Makefile.shared b/Makefile.shared
-index bbefb2b..18013a9 100644
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -105,6 +105,7 @@ LINK_SO=	\
-     SHAREDFLAGS="$(OE_LDFLAGS) $${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@ SYMLINK_SO=	\
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
-diff --git a/crypto/Makefile b/crypto/Makefile
-index 875ea1a..c22b683 100644
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@ testapps:
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@ links:
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@ shared: buildinf.h lib subdirs
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@ install:
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
-diff --git a/engines/Makefile b/engines/Makefile
-index fe8e9ca..a43d21b 100644
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@ top:
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@ lib:	$(LIBOBJ)
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@ install:
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
-diff --git a/test/Makefile b/test/Makefile
-index 36506cf..c69af8b 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -145,7 +145,7 @@ install:
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -448,142 +448,142 @@ BUILD_CMD_STATIC=shlib_target=; \
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--	@target=$(EVPEXTRATEST); $(BUILD_CMD)
-+	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
--	@target=$(V3NAMETEST); $(BUILD_CMD)
-+	+@target=$(V3NAMETEST); $(BUILD_CMD)
- 
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- 
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--	@target=$(CONSTTIMETEST) $(BUILD_CMD)
-+	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
- 
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
--	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-+	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
- 
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
--	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-+	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
- 
- $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
--	@target=$(BADDTLSTEST) $(BUILD_CMD)
-+	+@target=$(BADDTLSTEST) $(BUILD_CMD)
- 
- $(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
- 	@target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
-
- $(X509TIMETEST)$(EXE_EXT): $(X509TIMETEST).o
--	@target=$(X509TIMETEST) $(BUILD_CMD)
-+	+@target=$(X509TIMETEST) $(BUILD_CMD)
-
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
--	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
-+	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
- 
- $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
-+	+@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -596,7 +596,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 
--- 
-2.15.1
-
diff --git a/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch b/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch
deleted file mode 100644
index ef6d17934d..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/ptest-deps.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Remove Makefile dependencies for test targets
-
-These are probably here because the executables aren't always built for
-other platforms (e.g. Windows); however we can safely assume they'll
-always be there. None of the other test targets have such dependencies
-and if we don't remove them, make tries to rebuild the executables and
-fails during run-ptest.
-
-Upstream-Status: Inappropriate [config]
-
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-
-Index: openssl-1.0.2/test/Makefile
-===================================================================
---- openssl-1.0.2.orig/test/Makefile
-+++ openssl-1.0.2/test/Makefile
-@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
- 	@echo "CMS consistency test"
- 	$(PERL) cms-test.pl
- 
--test_srp: $(SRPTEST)$(EXE_EXT)
-+test_srp:
- 	@echo "Test SRP"
- 	../util/shlib_wrap.sh ./srptest
- 
-@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
- 	@echo "Test X509v3_check_*"
- 	../util/shlib_wrap.sh ./$(V3NAMETEST)
- 
--test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
-+test_heartbeat:
- 	../util/shlib_wrap.sh ./$(HEARTBEATTEST)
- 
- test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git a/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch b/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch
deleted file mode 100644
index 4202e61d1e..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/ptest_makefile_deps.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-Additional Makefile dependencies removal for test targets
-
-Removing the dependency check for test targets as these tests are
-causing a number of failures and "noise" during ptest execution.
-
-Upstream-Status: Inappropriate [config]
-
-Signed-off-by: Maxin B. John <maxin.john@intel.com>
-
-diff -Naur openssl-1.0.2d-orig/test/Makefile openssl-1.0.2d/test/Makefile
---- openssl-1.0.2d-orig/test/Makefile	2015-09-28 12:50:41.530022979 +0300
-+++ openssl-1.0.2d/test/Makefile	2015-09-28 12:57:45.930717240 +0300
-@@ -155,67 +155,67 @@
- 	( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
- 	done)
- 
--test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
-+test_evp:
- 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
- 
--test_evp_extra: $(EVPEXTRATEST)$(EXE_EXT)
-+test_evp_extra:
- 	../util/shlib_wrap.sh ./$(EVPEXTRATEST)
- 
--test_des: $(DESTEST)$(EXE_EXT)
-+test_des:
- 	../util/shlib_wrap.sh ./$(DESTEST)
- 
--test_idea: $(IDEATEST)$(EXE_EXT)
-+test_idea:
- 	../util/shlib_wrap.sh ./$(IDEATEST)
- 
--test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
-+test_sha:
- 	../util/shlib_wrap.sh ./$(SHATEST)
- 	../util/shlib_wrap.sh ./$(SHA1TEST)
- 	../util/shlib_wrap.sh ./$(SHA256TEST)
- 	../util/shlib_wrap.sh ./$(SHA512TEST)
- 
--test_mdc2: $(MDC2TEST)$(EXE_EXT)
-+test_mdc2:
- 	../util/shlib_wrap.sh ./$(MDC2TEST)
- 
--test_md5: $(MD5TEST)$(EXE_EXT)
-+test_md5:
- 	../util/shlib_wrap.sh ./$(MD5TEST)
- 
--test_md4: $(MD4TEST)$(EXE_EXT)
-+test_md4:
- 	../util/shlib_wrap.sh ./$(MD4TEST)
- 
--test_hmac: $(HMACTEST)$(EXE_EXT)
-+test_hmac:
- 	../util/shlib_wrap.sh ./$(HMACTEST)
- 
--test_wp: $(WPTEST)$(EXE_EXT)
-+test_wp:
- 	../util/shlib_wrap.sh ./$(WPTEST)
- 
--test_md2: $(MD2TEST)$(EXE_EXT)
-+test_md2:
- 	../util/shlib_wrap.sh ./$(MD2TEST)
- 
--test_rmd: $(RMDTEST)$(EXE_EXT)
-+test_rmd:
- 	../util/shlib_wrap.sh ./$(RMDTEST)
- 
--test_bf: $(BFTEST)$(EXE_EXT)
-+test_bf:
- 	../util/shlib_wrap.sh ./$(BFTEST)
- 
--test_cast: $(CASTTEST)$(EXE_EXT)
-+test_cast:
- 	../util/shlib_wrap.sh ./$(CASTTEST)
- 
--test_rc2: $(RC2TEST)$(EXE_EXT)
-+test_rc2:
- 	../util/shlib_wrap.sh ./$(RC2TEST)
- 
--test_rc4: $(RC4TEST)$(EXE_EXT)
-+test_rc4:
- 	../util/shlib_wrap.sh ./$(RC4TEST)
- 
--test_rc5: $(RC5TEST)$(EXE_EXT)
-+test_rc5:
- 	../util/shlib_wrap.sh ./$(RC5TEST)
- 
--test_rand: $(RANDTEST)$(EXE_EXT)
-+test_rand:
- 	../util/shlib_wrap.sh ./$(RANDTEST)
- 
--test_enc: ../apps/openssl$(EXE_EXT) testenc
-+test_enc:
- 	@sh ./testenc
- 
--test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pem
-+test_x509:
- 	echo test normal x509v1 certificate
- 	sh ./tx509 2>/dev/null
- 	echo test first x509v3 certificate
-@@ -223,25 +223,25 @@
- 	echo test second x509v3 certificate
- 	sh ./tx509 v3-cert2.pem 2>/dev/null
- 
--test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
-+test_rsa:
- 	@sh ./trsa 2>/dev/null
- 	../util/shlib_wrap.sh ./$(RSATEST)
- 
--test_crl: ../apps/openssl$(EXE_EXT) tcrl testcrl.pem
-+test_crl:
- 	@sh ./tcrl 2>/dev/null
- 
--test_sid: ../apps/openssl$(EXE_EXT) tsid testsid.pem
-+test_sid:
- 	@sh ./tsid 2>/dev/null
- 
--test_req: ../apps/openssl$(EXE_EXT) treq testreq.pem testreq2.pem
-+test_req:
- 	@sh ./treq 2>/dev/null
- 	@sh ./treq testreq2.pem 2>/dev/null
- 
--test_pkcs7: ../apps/openssl$(EXE_EXT) tpkcs7 tpkcs7d testp7.pem pkcs7-1.pem
-+test_pkcs7:
- 	@sh ./tpkcs7 2>/dev/null
- 	@sh ./tpkcs7d 2>/dev/null
- 
--test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest
-+test_bn:
- 	@echo starting big number library test, could take a while...
- 	@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
- 	@echo quit >>tmp.bntest
-@@ -250,33 +250,33 @@
- 	@echo 'test a^b%c implementations'
- 	../util/shlib_wrap.sh ./$(EXPTEST)
- 
--test_ec: $(ECTEST)$(EXE_EXT)
-+test_ec:
- 	@echo 'test elliptic curves'
- 	../util/shlib_wrap.sh ./$(ECTEST)
- 
--test_ecdsa: $(ECDSATEST)$(EXE_EXT)
-+test_ecdsa:
- 	@echo 'test ecdsa'
- 	../util/shlib_wrap.sh ./$(ECDSATEST)
- 
--test_ecdh: $(ECDHTEST)$(EXE_EXT)
-+test_ecdh:
- 	@echo 'test ecdh'
- 	../util/shlib_wrap.sh ./$(ECDHTEST)
- 
--test_verify: ../apps/openssl$(EXE_EXT)
-+test_verify:
- 	@echo "The following command should have some OK's and some failures"
- 	@echo "There are definitly a few expired certificates"
- 	../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
- 
--test_dh: $(DHTEST)$(EXE_EXT)
-+test_dh:
- 	@echo "Generate a set of DH parameters"
- 	../util/shlib_wrap.sh ./$(DHTEST)
- 
--test_dsa: $(DSATEST)$(EXE_EXT)
-+test_dsa:
- 	@echo "Generate a set of DSA parameters"
- 	../util/shlib_wrap.sh ./$(DSATEST)
- 	../util/shlib_wrap.sh ./$(DSATEST) -app2_1
- 
--test_gen testreq.pem: ../apps/openssl$(EXE_EXT) testgen test.cnf
-+test_gen testreq.pem:
- 	@echo "Generate and verify a certificate request"
- 	@sh ./testgen
- 
-@@ -288,13 +288,11 @@
- 	@cat certCA.ss certU.ss > intP1.ss
- 	@cat certCA.ss certU.ss certP1.ss > intP2.ss
- 
--test_engine:  $(ENGINETEST)$(EXE_EXT)
-+test_engine:
- 	@echo "Manipulate the ENGINE structures"
- 	../util/shlib_wrap.sh ./$(ENGINETEST)
- 
--test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
--		intP1.ss intP2.ss $(SSLTEST)$(EXE_EXT) testssl testsslproxy \
--		../apps/server2.pem serverinfo.pem
-+test_ssl:
- 	@echo "test SSL protocol"
- 	@if [ -n "$(FIPSCANLIB)" ]; then \
- 	  sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
-@@ -304,7 +302,7 @@
- 	@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
- 	@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
- 
--test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf
-+test_ca:
- 	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
- 	  echo "skipping CA.sh test -- requires RSA"; \
- 	else \
-@@ -312,11 +310,11 @@
- 	  sh ./testca; \
- 	fi
- 
--test_aes: #$(AESTEST)
-+test_aes:
- #	@echo "test Rijndael"
- #	../util/shlib_wrap.sh ./$(AESTEST)
- 
--test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh
-+test_tsa:
- 	@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
- 	  echo "skipping testtsa test -- requires RSA"; \
- 	else \
-@@ -331,7 +329,7 @@
- 	@echo "Test JPAKE"
- 	../util/shlib_wrap.sh ./$(JPAKETEST)
- 
--test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt
-+test_cms:
- 	@echo "CMS consistency test"
- 	$(PERL) cms-test.pl
- 
-@@ -339,22 +337,22 @@
- 	@echo "Test SRP"
- 	../util/shlib_wrap.sh ./srptest
- 
--test_ocsp: ../apps/openssl$(EXE_EXT) tocsp
-+test_ocsp:
- 	@echo "Test OCSP"
- 	@sh ./tocsp
- 
--test_v3name: $(V3NAMETEST)$(EXE_EXT)
-+test_v3name:
- 	@echo "Test X509v3_check_*"
- 	../util/shlib_wrap.sh ./$(V3NAMETEST)
- 
- test_heartbeat:
- 	../util/shlib_wrap.sh ./$(HEARTBEATTEST)
- 
--test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
-+test_constant_time:
- 	@echo "Test constant time utilites"
- 	../util/shlib_wrap.sh ./$(CONSTTIMETEST)
- 
--test_verify_extra: $(VERIFYEXTRATEST)$(EXE_EXT)
-+test_verify_extra:
- 	@echo $(START) $@
- 	../util/shlib_wrap.sh ./$(VERIFYEXTRATEST)
- 
diff --git a/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch b/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch
deleted file mode 100644
index 2803cb0393..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/reproducible-cflags.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Allow passing custom c-flags to mkbuildinf.pl in order to pass
-flags without any build host references
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
-
---- Makefile	2018-03-06 14:50:18.342138147 -0800
-+++ Makefile	2018-03-06 15:24:04.794239071 -0800
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -55,7 +55,7 @@
- all: shared
- 
- buildinf.h: ../Makefile
--	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
-+	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC_INFO)" "$(PLATFORM)" >buildinf.h
- 
- x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
- 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch b/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch
deleted file mode 100644
index b556731219..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/reproducible-mkbuildinf.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-If SOURCE_DATE_EPOCH is present in the environment, use it as build date.
-Also make sure to use UTC time.
-
-Upstream-Status: Backport [ https://github.com/openssl/openssl/blob/master/util/mkbuildinf.pl ]
-
-Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
-
---- mkbuildinf.pl	2018-03-06 14:20:09.438048058 -0800
-+++ mkbuildinf.pl	2018-03-06 14:19:20.722045632 -0800
---- a/util/mkbuildinf.pl
-+++ b/util/mkbuildinf.pl
-@@ -3,7 +3,8 @@
- my ($cflags, $platform) = @ARGV;
- 
- $cflags = "compiler: $cflags";
--$date = localtime();
-+my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC";
-+
- print <<"END_OUTPUT";
- #ifndef MK1MF_BUILD
-     /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */
diff --git a/meta/recipes-connectivity/openssl/openssl10/run-ptest b/meta/recipes-connectivity/openssl/openssl10/run-ptest
deleted file mode 100755
index 3b20fce1ee..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/run-ptest
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-make -k runtest
diff --git a/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch b/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch
deleted file mode 100644
index a7ca0a3078..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10/shared-libs.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Upstream-Status: Inappropriate [configuration]
-
-Index: openssl-1.0.1e/crypto/Makefile
-===================================================================
---- openssl-1.0.1e.orig/crypto/Makefile
-+++ openssl-1.0.1e/crypto/Makefile
-@@ -108,7 +108,7 @@ $(LIB):	$(LIBOBJ)
- 
- shared: buildinf.h lib subdirs
- 	if [ -n "$(SHARED_LIBS)" ]; then \
--		(cd ..; $(MAKE) $(SHARED_LIB)); \
-+		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
- 	fi
- 
- libs:
-Index: openssl-1.0.1e/Makefile.org
-===================================================================
---- openssl-1.0.1e.orig/Makefile.org
-+++ openssl-1.0.1e/Makefile.org
-@@ -310,7 +310,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_
- 
- libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
--		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-+		$(MAKE) -e SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- 	else \
- 		echo "There's no support for shared libraries on this platform" >&2; \
- 		exit 1; \
-Index: openssl-1.0.1e/ssl/Makefile
-===================================================================
---- openssl-1.0.1e.orig/ssl/Makefile
-+++ openssl-1.0.1e/ssl/Makefile
-@@ -62,7 +62,7 @@ lib:	$(LIBOBJ)
- 
- shared: lib
- 	if [ -n "$(SHARED_LIBS)" ]; then \
--		(cd ..; $(MAKE) $(SHARED_LIB)); \
-+		(cd ..; $(MAKE) -e $(SHARED_LIB)); \
- 	fi
- 
- files:
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
deleted file mode 100644
index 88aefdea4f..0000000000
--- a/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb
+++ /dev/null
@@ -1,359 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-
-# "openssl | SSLeay" dual license
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=f475368924827d06d4b416111c8bdb77"
-
-DEPENDS = "hostperl-runtime-native"
-DEPENDS_append_class-target = " openssl-native"
-
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
-           file://run-ptest \
-           file://openssl-c_rehash.sh \
-           file://configure-targets.patch \
-           file://shared-libs.patch \
-           file://oe-ldflags.patch \
-           file://engines-install-in-libdir-ssl.patch \
-           file://debian1.0.2/block_diginotar.patch \
-           file://debian1.0.2/block_digicert_malaysia.patch \
-           file://debian/c_rehash-compat.patch \
-           file://debian/debian-targets.patch \
-           file://debian/man-dir.patch \
-           file://debian/man-section.patch \
-           file://debian/no-rpath.patch \
-           file://debian/no-symbolic.patch \
-           file://debian/pic.patch \
-           file://debian1.0.2/version-script.patch \
-           file://debian1.0.2/soname.patch \
-           file://openssl_fix_for_x32.patch \
-           file://openssl-fix-des.pod-error.patch \
-           file://Makefiles-ptest.patch \
-           file://ptest-deps.patch \
-           file://ptest_makefile_deps.patch \
-           file://configure-musl-target.patch \
-           file://parallel.patch \
-           file://Use-SHA256-not-MD5-as-default-digest.patch \
-           file://0001-Fix-build-with-clang-using-external-assembler.patch \
-           file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \
-           file://0001-allow-manpages-to-be-disabled.patch \
-           file://0001-Fix-BN_LLONG-breakage.patch \
-           "
-
-SRC_URI_append_class-target = " \
-           file://reproducible-cflags.patch \
-           file://reproducible-mkbuildinf.patch \
-           "
-
-SRC_URI_append_class-nativesdk = " \
-           file://environment.d-openssl.sh \
-           "
-
-SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c"
-SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684"
-
-S = "${WORKDIR}/openssl-${PV}"
-
-UPSTREAM_CHECK_REGEX = "openssl-(?P<pver>1\.0.+)\.tar"
-
-inherit pkgconfig siteinfo multilib_header ptest manpages
-
-PACKAGECONFIG ?= "cryptodev-linux"
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_class-nativesdk = ""
-
-PACKAGECONFIG[cryptodev-linux] = "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS,,cryptodev-linux"
-PACKAGECONFIG[manpages] = ",,,"
-PACKAGECONFIG[perl] = ",,,"
-
-# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
-# vulnerability
-EXTRA_OECONF = "no-ssl3"
-
-EXTRA_OEMAKE = "${@bb.utils.contains('PACKAGECONFIG', 'manpages', '', 'OE_DISABLE_MANPAGES=1', d)}"
-
-export OE_LDFLAGS = "${LDFLAGS}"
-
-TERMIO ?= "-DTERMIO"
-TERMIO_libc-musl = "-DTERMIOS"
-EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
-
-CFLAG = "${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
-         ${TERMIO} ${CFLAGS} -Wall"
-
-# Avoid binaries being marked as requiring an executable stack since they don't
-# (and it causes issues with SELinux)
-CFLAG += "-Wa,--noexecstack"
-
-CFLAG_append_class-native = " -fPIC"
-
-do_configure () {
-	# The crypto_use_bigint patch means that perl's bignum module needs to be
-	# installed, but some distributions (for example Fedora 23) don't ship it by
-	# default.  As the resulting error is very misleading check for bignum before
-	# building.
-	if ! perl -Mbigint -e true; then
-		bbfatal "The perl module 'bignum' was not found but this is required to build openssl.  Please install this module (often packaged as perl-bignum) and re-run bitbake."
-	fi
-
-	ln -sf apps/openssl.pod crypto/crypto.pod ssl/ssl.pod doc/
-
-	os=${HOST_OS}
-	case $os in
-	linux-gnueabi |\
-	linux-gnuspe |\
-	linux-musleabi |\
-	linux-muslspe |\
-	linux-musl )
-		os=linux
-		;;
-	*)
-		;;
-	esac
-	target="$os-${HOST_ARCH}"
-	case $target in
-	linux-arm)
-		target=linux-armv4
-		;;
-	linux-armeb)
-		target=linux-elf-armeb
-		;;
-	linux-aarch64*)
-		target=linux-aarch64
-		;;
-	linux-sh3)
-		target=debian-sh3
-		;;
-	linux-sh4)
-		target=debian-sh4
-		;;
-	linux-i486)
-		target=debian-i386-i486
-		;;
-	linux-i586 | linux-viac3)
-		target=debian-i386-i586
-		;;
-	linux-i686)
-		target=debian-i386-i686/cmov
-		;;
-	linux-gnux32-x86_64 | linux-muslx32-x86_64 )
-		target=linux-x32
-		;;
-	linux-gnu64-x86_64)
-		target=linux-x86_64
-		;;
-	linux-gnun32-mips*el)
-		target=debian-mipsn32el
-		;;
-	linux-gnun32-mips*)
-		target=debian-mipsn32
-		;;
-	linux-mips*64*el)
-		target=debian-mips64el
-		;;
-	linux-mips*64*)
-		target=debian-mips64
-		;;
-	linux-mips*el)
-		target=debian-mipsel
-		;;
-	linux-mips*)
-		target=debian-mips
-		;;
-	linux-microblaze* | linux-nios2* | linux-gnu*ilp32** | linux-arc*)
-		target=linux-generic32
-		;;
-	linux-powerpc)
-		target=linux-ppc
-		;;
-	linux-powerpc64)
-		target=linux-ppc64
-		;;
-	linux-riscv32)
-		target=linux-generic32
-		;;
-	linux-riscv64)
-		target=linux-generic64
-		;;
-	linux-sparc | linux-supersparc)
-		target=linux-sparcv8
-		;;
-	esac
-
-	# inject machine-specific flags
-	sed -i -e "s|^\(\"$target\",\s*\"[^:]\+\):\([^:]\+\)|\1:${CFLAG}|g" Configure
-
-	useprefix=${prefix}
-	if [ "x$useprefix" = "x" ]; then
-		useprefix=/
-	fi
-	libdirleaf="$( echo "${libdir}" | sed "s:^$useprefix/*::" )"
-	perl ./Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} shared --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=$libdirleaf $target
-}
-
-do_compile () {
-	oe_runmake depend
-	oe_runmake
-}
-
-do_compile_class-target () {
-	sed -i 's/\((OPENSSL=\)".*"/\1"openssl"/' Makefile
-	oe_runmake depend
-	cc_sanitized=$(echo "${CC} ${CFLAG}" | sed -e 's,--sysroot=${STAGING_DIR_TARGET},,g' -e 's|${DEBUG_PREFIX_MAP}||g' -e 's/[ \t]\+/ /g')
-	oe_runmake CC_INFO="$cc_sanitized"
-}
-
-do_compile_ptest () {
-	oe_runmake buildtest
-}
-
-do_install () {
-	# Create ${D}/${prefix} to fix parallel issues
-	mkdir -p ${D}/${prefix}/
-
-	oe_runmake INSTALL_PREFIX="${D}" MANDIR="${mandir}" install
-
-	oe_libinstall -so libcrypto ${D}${libdir}
-	oe_libinstall -so libssl ${D}${libdir}
-
-	install -d ${D}${includedir}
-	cp --dereference -R include/openssl ${D}${includedir}
-
-	oe_multilib_header openssl/opensslconf.h
-
-	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
-	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
-
-	if [ "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}" ]; then
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/CA.pl
-		sed -i -e '1s,.*,#!${bindir}/env perl,' ${D}${libdir}/ssl/misc/tsget
-	else
-		rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
-	fi
-
-	# Create SSL structure for packages such as ca-certificates which
-	# contain hard-coded paths to /etc/ssl. Debian does the same.
-	install -d ${D}${sysconfdir}/ssl
-	mv ${D}${libdir}/ssl/certs \
-	   ${D}${libdir}/ssl/private \
-	   ${D}${libdir}/ssl/openssl.cnf \
-	   ${D}${sysconfdir}/ssl/
-
-	# Although absolute symlinks would be OK for the target, they become
-	# invalid if native or nativesdk are relocated from sstate.
-	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl/certs
-	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl/private
-	ln -sf ${@oe.path.relative('${libdir}/ssl', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl/openssl.cnf
-
-	# Rename man pages to prefix openssl10-*
-	for f in `find ${D}${mandir} -type f`; do
-	    mv $f $(dirname $f)/openssl10-$(basename $f)
-	done
-	for f in `find ${D}${mandir} -type l`; do
-	    ln_f=`readlink $f`
-	    rm -f $f
-	    ln -s openssl10-$ln_f $(dirname $f)/openssl10-$(basename $f)
-	done
-}
-
-do_install_append_class-native () {
-	create_wrapper ${D}${bindir}/openssl \
-	    OPENSSL_CONF=${libdir}/ssl/openssl.cnf \
-	    SSL_CERT_DIR=${libdir}/ssl/certs \
-	    SSL_CERT_FILE=${libdir}/ssl/cert.pem \
-	    OPENSSL_ENGINES=${libdir}/ssl/engines
-}
-
-do_install_append_class-nativesdk () {
-	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
-	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
-}
-
-do_install_ptest () {
-	cp -r -L Makefile.org Makefile test ${D}${PTEST_PATH}
-
-	# Replace the path to native perl with the path to target perl
-	sed -i 's,^PERL=.*,PERL=${bindir}/perl,' ${D}${PTEST_PATH}/Makefile
-
-	cp Configure config e_os.h ${D}${PTEST_PATH}
-	cp -r -L include ${D}${PTEST_PATH}
-	ln -sf ${libdir}/libcrypto.a ${D}${PTEST_PATH}
-	ln -sf ${libdir}/libssl.a ${D}${PTEST_PATH}
-	mkdir -p ${D}${PTEST_PATH}/crypto
-	cp crypto/constant_time_locl.h ${D}${PTEST_PATH}/crypto
-	cp -r certs ${D}${PTEST_PATH}
-	mkdir -p ${D}${PTEST_PATH}/apps
-	ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
-	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
-	ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
-	cp apps/server.pem              ${D}${PTEST_PATH}/apps
-	cp apps/server2.pem             ${D}${PTEST_PATH}/apps
-	mkdir -p ${D}${PTEST_PATH}/util
-	install util/opensslwrap.sh    ${D}${PTEST_PATH}/util
-	install util/shlib_wrap.sh     ${D}${PTEST_PATH}/util
-	# Time stamps are relevant for "make alltests", otherwise
-	# make may try to recompile binaries. Not only must the
-	# binary files be newer than the sources, they also must
-	# be more recent than the header files in /usr/include.
-	#
-	# Using "cp -a" is not sufficient, because do_install
-	# does not preserve the original time stamps.
-	#
-	# So instead of using the original file stamps, we set
-	# the current time for all files. Binaries will get
-	# modified again later when stripping them, but that's okay.
-	touch ${D}${PTEST_PATH}
-	find ${D}${PTEST_PATH} -type f -print0 | xargs --verbose -0 touch -r ${D}${PTEST_PATH}
-
-	# exclude binary files or the package won't install
-	for d in ssltest_old v3ext x509aux; do
-		rm -rf ${D}${libdir}/${BPN}/ptest/test/$d
-	done
-
-	# Remove build host references
-	sed -i \
-	-e 's,--sysroot=${STAGING_DIR_TARGET},,g' \
-	-e 's|${DEBUG_PREFIX_MAP}||g' \
-	${D}${PTEST_PATH}/Makefile ${D}${PTEST_PATH}/Configure
-}
-
-# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
-# package RRECOMMENDS on this package. This will enable the configuration
-# file to be installed for both the base openssl package and the libcrypto
-# package since the base openssl package depends on the libcrypto package.
-
-PACKAGES =+ "libcrypto10 libssl10 openssl10-conf ${PN}-engines ${PN}-misc"
-
-FILES_libcrypto10 = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl10 = "${libdir}/libssl${SOLIBS}"
-FILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
-FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines"
-FILES_${PN}-misc = "${libdir}/ssl/misc"
-FILES_${PN} =+ "${libdir}/ssl/*"
-FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
-
-CONFFILES_openssl10-conf = "${sysconfdir}/ssl/openssl.cnf"
-
-RRECOMMENDS_libcrypto10 += "openssl10-conf"
-RDEPENDS_${PN}-misc = "${@bb.utils.filter('PACKAGECONFIG', 'perl', d)}"
-RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
-
-BBCLASSEXTEND = "native nativesdk"
-PACKAGE_PREPROCESS_FUNCS += "openssl_package_preprocess"
-
-# openssl 1.0 development files and executable binaries clash with openssl 1.1
-# files when installed into target rootfs. So we don't put them into
-# packages, but they continue to be provided via target sysroot for
-# cross-compilation on the host, if some software still depends on openssl 1.0.
-openssl_package_preprocess () {
-        for file in `find ${PKGD} -name *.h -o -name *.pc -o -name *.so`; do
-                rm $file
-        done
-        rm ${PKGD}${bindir}/openssl
-        rm ${PKGD}${bindir}/c_rehash
-        rmdir ${PKGD}${bindir}
-
-}
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
deleted file mode 100644
index 6676614bc0..0000000000
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
+++ /dev/null
@@ -1,212 +0,0 @@
-SUMMARY = "Secure Socket Layer"
-DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
-HOMEPAGE = "http://www.openssl.org/"
-BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
-SECTION = "libs/network"
-
-# "openssl" here actually means both OpenSSL and SSLeay licenses apply
-# (see meta/files/common-licenses/OpenSSL to which "openssl" is SPDXLICENSEMAPped)
-LICENSE = "openssl"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=d57d511030c9d66ef5f5966bee5a7eff"
-
-DEPENDS = "hostperl-runtime-native"
-
-SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
-           file://run-ptest \
-           file://openssl-c_rehash.sh \
-           file://0001-skip-test_symbol_presence.patch \
-           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
-           file://afalg.patch \
-           "
-
-SRC_URI_append_class-nativesdk = " \
-           file://environment.d-openssl.sh \
-           "
-
-SRC_URI[md5sum] = "963deb2272d6be7d4c2458afd2517b73"
-SRC_URI[sha256sum] = "fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41"
-
-inherit lib_package multilib_header ptest
-
-B = "${WORKDIR}/build"
-do_configure[cleandirs] = "${B}"
-
-#| ./libcrypto.so: undefined reference to `getcontext'
-#| ./libcrypto.so: undefined reference to `setcontext'
-#| ./libcrypto.so: undefined reference to `makecontext'
-EXTRA_OECONF_append_libc-musl = " no-async"
-EXTRA_OECONF_append_libc-musl_powerpc64 = " no-asm"
-
-# This prevents openssl from using getrandom() which is not available on older glibc versions
-# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
-EXTRA_OECONF_class-native = "--with-rand-seed=devrandom"
-EXTRA_OECONF_class-nativesdk = "--with-rand-seed=devrandom"
-
-# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
-CFLAGS_append_class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
-CFLAGS_append_class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
-
-do_configure () {
-	os=${HOST_OS}
-	case $os in
-	linux-gnueabi |\
-	linux-gnuspe |\
-	linux-musleabi |\
-	linux-muslspe |\
-	linux-musl )
-		os=linux
-		;;
-	*)
-		;;
-	esac
-	target="$os-${HOST_ARCH}"
-	case $target in
-	linux-arm*)
-		target=linux-armv4
-		;;
-	linux-aarch64*)
-		target=linux-aarch64
-		;;
-	linux-i?86 | linux-viac3)
-		target=linux-x86
-		;;
-	linux-gnux32-x86_64 | linux-muslx32-x86_64 )
-		target=linux-x32
-		;;
-	linux-gnu64-x86_64)
-		target=linux-x86_64
-		;;
-	linux-mips | linux-mipsel)
-		# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
-		target="linux-mips32 ${TARGET_CC_ARCH}"
-		;;
-	linux-gnun32-mips*)
-		target=linux-mips64
-		;;
-	linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
-		target=linux64-mips64
-		;;
-	linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
-		target=linux-generic32
-		;;
-	linux-powerpc)
-		target=linux-ppc
-		;;
-	linux-powerpc64)
-		target=linux-ppc64
-		;;
-	linux-riscv32)
-		target=linux-generic32
-		;;
-	linux-riscv64)
-		target=linux-generic64
-		;;
-	linux-sparc | linux-supersparc)
-		target=linux-sparcv9
-		;;
-	esac
-
-	useprefix=${prefix}
-	if [ "x$useprefix" = "x" ]; then
-		useprefix=/
-	fi
-	# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
-	# environment variables set by bitbake. Adjust the environment variables instead.
-	PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
-	perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} --prefix=$useprefix --openssldir=${libdir}/ssl-1.1 --libdir=${libdir} $target
-	perl ${B}/configdata.pm --dump
-}
-
-do_install () {
-	oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
-
-	oe_multilib_header openssl/opensslconf.h
-
-	# Create SSL structure for packages such as ca-certificates which
-	# contain hard-coded paths to /etc/ssl. Debian does the same.
-	install -d ${D}${sysconfdir}/ssl
-	mv ${D}${libdir}/ssl-1.1/certs \
-	   ${D}${libdir}/ssl-1.1/private \
-	   ${D}${libdir}/ssl-1.1/openssl.cnf \
-	   ${D}${sysconfdir}/ssl/
-
-	# Although absolute symlinks would be OK for the target, they become
-	# invalid if native or nativesdk are relocated from sstate.
-	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-1.1/certs
-	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-1.1/private
-	ln -sf ${@oe.path.relative('${libdir}/ssl-1.1', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-1.1/openssl.cnf
-}
-
-do_install_append_class-native () {
-	create_wrapper ${D}${bindir}/openssl \
-	    OPENSSL_CONF=${libdir}/ssl-1.1/openssl.cnf \
-	    SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
-	    SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
-	    OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
-
-	# Install a custom version of c_rehash that can handle sysroots properly.
-	# This version is used for example when installing ca-certificates during
-	# image creation.
-	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
-	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
-}
-
-do_install_append_class-nativesdk () {
-	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
-	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
-	sed 's|/usr/lib/ssl/|/usr/lib/ssl-1.1/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
-}
-
-PTEST_BUILD_HOST_FILES += "configdata.pm"
-PTEST_BUILD_HOST_PATTERN = "perl_version ="
-do_install_ptest () {
-	# Prune the build tree
-	rm -f ${B}/fuzz/*.* ${B}/test/*.*
-
-	cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
-	cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
-
-	# For test_shlibload
-	ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/libcrypto.so
-	ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/libssl.so
-
-	install -d ${D}${PTEST_PATH}/apps
-	ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
-	install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
-	install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
-
-	install -d ${D}${PTEST_PATH}/engines
-	install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
-}
-
-# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
-# package RRECOMMENDS on this package. This will enable the configuration
-# file to be installed for both the openssl-bin package and the libcrypto
-# package since the openssl-bin package depends on the libcrypto package.
-
-PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
-
-FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
-FILES_libssl = "${libdir}/libssl${SOLIBS}"
-FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
-FILES_${PN} =+ "${libdir}/ssl-1.1/*"
-FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
-
-CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
-
-RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-bin = "perl"
-RDEPENDS_${PN}-misc = "perl"
-RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash python"
-
-RPROVIDES_openssl-conf = "openssl10-conf"
-RREPLACES_openssl-conf = "openssl10-conf"
-RCONFLICTS_openssl-conf = "openssl10-conf"
-
-BBCLASSEXTEND = "native nativesdk"
-
-inherit multilib_script
-
-MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.2.bb b/meta/recipes-connectivity/openssl/openssl_3.0.2.bb
new file mode 100644
index 0000000000..ff2a22c6c3
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.2.bb
@@ -0,0 +1,257 @@
+SUMMARY = "Secure Socket Layer"
+DESCRIPTION = "Secure Socket Layer (SSL) binary and related cryptographic tools."
+HOMEPAGE = "http://www.openssl.org/"
+BUGTRACKER = "http://www.openssl.org/news/vulnerabilities.html"
+SECTION = "libs/network"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c75985e733726beaba57bc5253e96d04"
+
+SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
+           file://run-ptest \
+           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
+           file://afalg.patch \
+           file://0001-Configure-do-not-tweak-mips-cflags.patch \
+           "
+
+SRC_URI:append:class-nativesdk = " \
+           file://environment.d-openssl.sh \
+           "
+
+SRC_URI[sha256sum] = "98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63"
+
+inherit lib_package multilib_header multilib_script ptest perlnative
+MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
+
+PACKAGECONFIG ?= ""
+PACKAGECONFIG:class-native = ""
+PACKAGECONFIG:class-nativesdk = ""
+
+PACKAGECONFIG[cryptodev-linux] = "enable-devcryptoeng,disable-devcryptoeng,cryptodev-linux,,cryptodev-module"
+PACKAGECONFIG[no-tls1] = "no-tls1"
+PACKAGECONFIG[no-tls1_1] = "no-tls1_1"
+
+B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
+
+#| ./libcrypto.so: undefined reference to `getcontext'
+#| ./libcrypto.so: undefined reference to `setcontext'
+#| ./libcrypto.so: undefined reference to `makecontext'
+EXTRA_OECONF:append:libc-musl = " no-async"
+EXTRA_OECONF:append:libc-musl:powerpc64 = " no-asm"
+
+# adding devrandom prevents openssl from using getrandom() which is not available on older glibc versions
+# (native versions can be built with newer glibc, but then relocated onto a system with older glibc)
+EXTRA_OECONF:class-native = "--with-rand-seed=os,devrandom"
+EXTRA_OECONF:class-nativesdk = "--with-rand-seed=os,devrandom"
+
+# Relying on hardcoded built-in paths causes openssl-native to not be relocateable from sstate.
+CFLAGS:append:class-native = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+CFLAGS:append:class-nativesdk = " -DOPENSSLDIR=/not/builtin -DENGINESDIR=/not/builtin"
+
+# This allows disabling deprecated or undesirable crypto algorithms.
+# The default is to trust upstream choices.
+DEPRECATED_CRYPTO_FLAGS ?= ""
+
+do_configure () {
+	# When we upgrade glibc but not uninative we see obtuse failures in openssl. Make
+	# the issue really clear that perl isn't functional due to symbol mismatch issues.
+	cat <<- EOF > ${WORKDIR}/perltest
+	#!/usr/bin/env perl
+	use POSIX;
+	EOF
+	chmod a+x ${WORKDIR}/perltest
+	${WORKDIR}/perltest
+
+	os=${HOST_OS}
+	case $os in
+	linux-gnueabi |\
+	linux-gnuspe |\
+	linux-musleabi |\
+	linux-muslspe |\
+	linux-musl )
+		os=linux
+		;;
+	*)
+		;;
+	esac
+	target="$os-${HOST_ARCH}"
+	case $target in
+	linux-arc)
+		target=linux-latomic
+		;;
+	linux-arm*)
+		target=linux-armv4
+		;;
+	linux-aarch64*)
+		target=linux-aarch64
+		;;
+	linux-i?86 | linux-viac3)
+		target=linux-x86
+		;;
+	linux-gnux32-x86_64 | linux-muslx32-x86_64 )
+		target=linux-x32
+		;;
+	linux-gnu64-x86_64)
+		target=linux-x86_64
+		;;
+	linux-mips | linux-mipsel)
+		# specifying TARGET_CC_ARCH prevents openssl from (incorrectly) adding target architecture flags
+		target="linux-mips32 ${TARGET_CC_ARCH}"
+		;;
+	linux-gnun32-mips*)
+		target=linux-mips64
+		;;
+	linux-*-mips64 | linux-mips64 | linux-*-mips64el | linux-mips64el)
+		target=linux64-mips64
+		;;
+	linux-microblaze* | linux-nios2* | linux-sh3 | linux-sh4 | linux-arc*)
+		target=linux-generic32
+		;;
+	linux-powerpc)
+		target=linux-ppc
+		;;
+	linux-powerpc64)
+		target=linux-ppc64
+		;;
+	linux-powerpc64le)
+		target=linux-ppc64le
+		;;
+	linux-riscv32)
+		target=linux-generic32
+		;;
+	linux-riscv64)
+		target=linux-generic64
+		;;
+	linux-sparc | linux-supersparc)
+		target=linux-sparcv9
+		;;
+	mingw32-x86_64)
+		target=mingw64
+		;;
+	esac
+
+	useprefix=${prefix}
+	if [ "x$useprefix" = "x" ]; then
+		useprefix=/
+	fi
+	# WARNING: do not set compiler/linker flags (-I/-D etc.) in EXTRA_OECONF, as they will fully replace the
+	# environment variables set by bitbake. Adjust the environment variables instead.
+	HASHBANGPERL="/usr/bin/env perl" PERL=perl PERL5LIB="${S}/external/perl/Text-Template-1.46/lib/" \
+	perl ${S}/Configure ${EXTRA_OECONF} ${PACKAGECONFIG_CONFARGS} ${DEPRECATED_CRYPTO_FLAGS} --prefix=$useprefix --openssldir=${libdir}/ssl-3 --libdir=${libdir} $target
+	perl ${B}/configdata.pm --dump
+}
+
+do_install () {
+	oe_runmake DESTDIR="${D}" MANDIR="${mandir}" MANSUFFIX=ssl install
+
+	oe_multilib_header openssl/opensslconf.h
+	oe_multilib_header openssl/configuration.h
+
+	# Create SSL structure for packages such as ca-certificates which
+	# contain hard-coded paths to /etc/ssl. Debian does the same.
+	install -d ${D}${sysconfdir}/ssl
+	mv ${D}${libdir}/ssl-3/certs \
+	   ${D}${libdir}/ssl-3/private \
+	   ${D}${libdir}/ssl-3/openssl.cnf \
+	   ${D}${sysconfdir}/ssl/
+
+	# Although absolute symlinks would be OK for the target, they become
+	# invalid if native or nativesdk are relocated from sstate.
+	ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/certs')} ${D}${libdir}/ssl-3/certs
+	ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/private')} ${D}${libdir}/ssl-3/private
+	ln -sf ${@oe.path.relative('${libdir}/ssl-3', '${sysconfdir}/ssl/openssl.cnf')} ${D}${libdir}/ssl-3/openssl.cnf
+}
+
+do_install:append:class-native () {
+	create_wrapper ${D}${bindir}/openssl \
+	    OPENSSL_CONF=${libdir}/ssl-3/openssl.cnf \
+	    SSL_CERT_DIR=${libdir}/ssl-3/certs \
+	    SSL_CERT_FILE=${libdir}/ssl-3/cert.pem \
+	    OPENSSL_ENGINES=${libdir}/engines-3 \
+	    OPENSSL_MODULES=${libdir}/ossl-modules
+}
+
+do_install:append:class-nativesdk () {
+	mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d
+	install -m 644 ${WORKDIR}/environment.d-openssl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+	sed 's|/usr/lib/ssl/|/usr/lib/ssl-3/|g' -i ${D}${SDKPATHNATIVE}/environment-setup.d/openssl.sh
+}
+
+PTEST_BUILD_HOST_FILES += "configdata.pm"
+PTEST_BUILD_HOST_PATTERN = "perl_version ="
+do_install_ptest () {
+	install -d ${D}${PTEST_PATH}/test
+	install -m755 ${B}/test/p_test.so ${D}${PTEST_PATH}/test
+	install -m755 ${B}/test/provider_internal_test.cnf ${D}${PTEST_PATH}/test
+
+	# Prune the build tree
+	rm -f ${B}/fuzz/*.* ${B}/test/*.*
+
+	cp ${S}/Configure ${B}/configdata.pm ${D}${PTEST_PATH}
+	sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/configdata.pm
+	cp -r ${S}/external ${B}/test ${S}/test ${B}/fuzz ${S}/util ${B}/util ${D}${PTEST_PATH}
+
+	# For test_shlibload
+	ln -s ${libdir}/libcrypto.so.1.1 ${D}${PTEST_PATH}/
+	ln -s ${libdir}/libssl.so.1.1 ${D}${PTEST_PATH}/
+
+	install -d ${D}${PTEST_PATH}/apps
+	ln -s ${bindir}/openssl ${D}${PTEST_PATH}/apps
+	install -m644 ${S}/apps/*.pem ${S}/apps/*.srl ${S}/apps/openssl.cnf ${D}${PTEST_PATH}/apps
+	install -m755 ${B}/apps/CA.pl ${D}${PTEST_PATH}/apps
+
+	install -d ${D}${PTEST_PATH}/engines
+	install -m755 ${B}/engines/dasync.so ${D}${PTEST_PATH}/engines
+	install -m755 ${B}/engines/loader_attic.so ${D}${PTEST_PATH}/engines
+	install -m755 ${B}/engines/ossltest.so ${D}${PTEST_PATH}/engines
+
+	install -d ${D}${PTEST_PATH}/providers
+	install -m755 ${B}/providers/legacy.so ${D}${PTEST_PATH}/providers
+
+	install -d ${D}${PTEST_PATH}/Configurations
+	cp -rf ${S}/Configurations/* ${D}${PTEST_PATH}/Configurations/
+
+	# seems to be needed with perl 5.32.1
+	install -d ${D}${PTEST_PATH}/util/perl/recipes
+	cp ${D}${PTEST_PATH}/test/recipes/tconversion.pl ${D}${PTEST_PATH}/util/perl/recipes/
+
+	sed 's|${S}|${PTEST_PATH}|g' -i ${D}${PTEST_PATH}/util/wrap.pl
+}
+
+# Add the openssl.cnf file to the openssl-conf package. Make the libcrypto
+# package RRECOMMENDS on this package. This will enable the configuration
+# file to be installed for both the openssl-bin package and the libcrypto
+# package since the openssl-bin package depends on the libcrypto package.
+
+PACKAGES =+ "libcrypto libssl openssl-conf ${PN}-engines ${PN}-misc"
+
+FILES:libcrypto = "${libdir}/libcrypto${SOLIBS}"
+FILES:libssl = "${libdir}/libssl${SOLIBS}"
+FILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf \
+                      ${libdir}/ssl-3/openssl.cnf* \
+                      "
+FILES:${PN}-engines = "${libdir}/engines-3"
+# ${prefix} comes from what we pass into --prefix at configure time (which is used for INSTALLTOP)
+FILES:${PN}-engines:append:mingw32:class-nativesdk = " ${prefix}${libdir}/engines-3"
+FILES:${PN}-misc = "${libdir}/ssl-3/misc ${bindir}/c_rehash"
+FILES:${PN} =+ "${libdir}/ssl-3/* ${libdir}/ossl-modules/"
+FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
+
+CONFFILES:openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+
+RRECOMMENDS:libcrypto += "openssl-conf"
+RDEPENDS:${PN}-misc = "perl"
+RDEPENDS:${PN}-ptest += "openssl-bin perl perl-modules bash sed"
+
+RDEPENDS:${PN}-bin += "openssl-conf"
+
+BBCLASSEXTEND = "native nativesdk"
+
+CVE_PRODUCT = "openssl:openssl"
+
+CVE_VERSION_SUFFIX = "alphabetical"
+
+# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
+# Apache in meta-webserver is already recent enough
+CVE_CHECK_IGNORE += "CVE-2019-0190"
diff --git a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
index b5f68951d7..8a6c297cb0 100644
--- a/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
+++ b/meta/recipes-connectivity/ppp-dialin/ppp-dialin_0.1.bb
@@ -1,7 +1,8 @@
 SUMMARY = "Enables PPP dial-in through a serial connection"
 SECTION = "console/network"
+DESCRIPTION = "PPP dail-in provides a point to point protocol (PPP), so that other computers can dial up to it and access connected networks."
 DEPENDS = "ppp"
-RDEPENDS_${PN} = "ppp"
+RDEPENDS:${PN} = "ppp"
 PR = "r8"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
@@ -22,6 +23,6 @@ do_install() {
 }
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM_${PN} = "--system --home /dev/null \
+USERADD_PARAM:${PN} = "--system --home /dev/null \
                        --no-create-home --shell ${sbindir}/ppp-dialin \
                        --no-user-group --gid nogroup ppp"
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch b/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch
deleted file mode 100644
index 763e374488..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-Fix-build-with-musl.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From 52a1e41d7541b2c936285844c59bd1be21797860 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 29 May 2015 14:57:05 -0700
-Subject: [PATCH] Fix build with musl
-
-There are several assumption about glibc
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- include/net/ppp_defs.h                  | 2 ++
- pppd/Makefile.linux                     | 2 +-
- pppd/magic.h                            | 6 +++---
- pppd/plugins/rp-pppoe/config.h          | 5 ++++-
- pppd/plugins/rp-pppoe/plugin.c          | 1 -
- pppd/plugins/rp-pppoe/pppoe-discovery.c | 8 ++++----
- pppd/plugins/rp-pppoe/pppoe.h           | 2 +-
- pppd/sys-linux.c                        | 3 ++-
- 8 files changed, 17 insertions(+), 12 deletions(-)
-
-diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h
-index b06eda5..dafa36c 100644
---- a/include/net/ppp_defs.h
-+++ b/include/net/ppp_defs.h
-@@ -38,6 +38,8 @@
- #ifndef _PPP_DEFS_H_
- #define _PPP_DEFS_H_
- 
-+#include <sys/time.h>
-+
- /*
-  * The basic PPP frame.
-  */
-diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
-index 8ab2102..d7e2564 100644
---- a/pppd/Makefile.linux
-+++ b/pppd/Makefile.linux
-@@ -126,7 +126,7 @@ LIBS	+= -lcrypt
- #endif
- 
- ifdef USE_LIBUTIL
--CFLAGS	+= -DHAVE_LOGWTMP=1
-+#CFLAGS	+= -DHAVE_LOGWTMP=1
- LIBS	+= -lutil
- endif
- 
-diff --git a/pppd/magic.h b/pppd/magic.h
-index c81213b..9d399e3 100644
---- a/pppd/magic.h
-+++ b/pppd/magic.h
-@@ -42,8 +42,8 @@
-  * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $
-  */
- 
--void magic_init __P((void));	/* Initialize the magic number generator */
--u_int32_t magic __P((void));	/* Returns the next magic number */
-+void magic_init (void);	/* Initialize the magic number generator */
-+u_int32_t magic (void);	/* Returns the next magic number */
- 
- /* Fill buffer with random bytes */
--void random_bytes __P((unsigned char *buf, int len));
-+void random_bytes (unsigned char *buf, int len);
-diff --git a/pppd/plugins/rp-pppoe/config.h b/pppd/plugins/rp-pppoe/config.h
-index 5703087..fff032e 100644
---- a/pppd/plugins/rp-pppoe/config.h
-+++ b/pppd/plugins/rp-pppoe/config.h
-@@ -78,8 +78,9 @@
- #define HAVE_NET_IF_ARP_H 1
- 
- /* Define if you have the <net/ethernet.h> header file.  */
-+#ifdef __GLIBC__
- #define HAVE_NET_ETHERNET_H 1
--
-+#endif
- /* Define if you have the <net/if.h> header file.  */
- #define HAVE_NET_IF_H 1
- 
-@@ -102,7 +103,9 @@
- #define HAVE_NETPACKET_PACKET_H 1
- 
- /* Define if you have the <sys/cdefs.h> header file.  */
-+#ifdef __GLIBC__
- #define HAVE_SYS_CDEFS_H 1
-+#endif
- 
- /* Define if you have the <sys/dlpi.h> header file.  */
- /* #undef HAVE_SYS_DLPI_H */
-diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
-index a8c2bb4..ca34d79 100644
---- a/pppd/plugins/rp-pppoe/plugin.c
-+++ b/pppd/plugins/rp-pppoe/plugin.c
-@@ -46,7 +46,6 @@ static char const RCSID[] =
- #include <unistd.h>
- #include <fcntl.h>
- #include <signal.h>
--#include <net/ethernet.h>
- #include <net/if_arp.h>
- #include <linux/ppp_defs.h>
- #include <linux/if_pppox.h>
-diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
-index 3d3bf4e..d42f619 100644
---- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
-+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
-@@ -27,10 +27,6 @@
- #include <linux/if_packet.h>
- #endif
- 
--#ifdef HAVE_NET_ETHERNET_H
--#include <net/ethernet.h>
--#endif
--
- #ifdef HAVE_ASM_TYPES_H
- #include <asm/types.h>
- #endif
-@@ -47,6 +43,10 @@
- #include <net/if_arp.h>
- #endif
- 
-+#ifndef __GLIBC__
-+#define error(x...) fprintf(stderr, x)
-+#endif
-+
- char *xstrdup(const char *s);
- void usage(void);
- 
-diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
-index 9ab2eee..75b9004 100644
---- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
-@@ -92,7 +92,7 @@ typedef unsigned long UINT32_t;
- #ifdef HAVE_SYS_SOCKET_H
- #include <sys/socket.h>
- #endif
--#ifndef HAVE_SYS_DLPI_H
-+#if !defined HAVE_SYS_DLPI_H && defined HAVE_NET_ETHERNET_H
- #include <netinet/if_ether.h>
- #endif
- #endif
-diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
-index a105505..49b0273 100644
---- a/pppd/sys-linux.c
-+++ b/pppd/sys-linux.c
-@@ -112,7 +112,7 @@
- #include <linux/types.h>
- #include <linux/if.h>
- #include <linux/if_arp.h>
--#include <linux/route.h>
-+/* #include <linux/route.h> */
- #include <linux/if_ether.h>
- #endif
- #include <netinet/in.h>
-@@ -145,6 +145,7 @@
- #endif
- 
- #ifdef INET6
-+#include <net/route.h>
- #ifndef _LINUX_IN6_H
- /*
-  *    This is in linux/include/net/ipv6.h.
--- 
-2.1.4
-
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
deleted file mode 100644
index ea4969b366..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Fix-compilation-errors-in-Makefile.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From ba0f6058d1f25b2b60fc31ab2656bf12a71ffdab Mon Sep 17 00:00:00 2001
-From: Lu Chong <Chong.Lu@windriver.com>
-Date: Tue, 5 Nov 2013 17:32:56 +0800
-Subject: [PATCH] ppp: Fix compilation errors in Makefile
-
-Make can't exit while compilation error occurs in subdir for plugins building.
-
-Upstream-Status: Pending
-
-Signed-off-by: Lu Chong <Chong.Lu@windriver.com>
----
- pppd/plugins/Makefile.linux          |    1 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
-index 0a7ec7b..2a2c15a 100644
---- a/pppd/plugins/Makefile.linux
-+++ b/pppd/plugins/Makefile.linux
-@@ -20,7 +20,7 @@ include .depend
- endif
- 
- all:	$(PLUGINS)
--	for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
-+	for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit 1; done
- 
- %.so: %.c
- 	$(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
deleted file mode 100644
index a32f89fbc8..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-ppp-Remove-unneeded-include.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-commit cd90fd147844a0cfec101f1e2db7a3c59d236621
-Author: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Date:   Wed Dec 28 14:11:22 2016 +0200
-
-pppol2tp plugin: Remove unneeded include
-
-The include is not required and will break compile on musl libc with
-    
-| In file included from pppol2tp.c:34:0:
-| /usr/include/linux/if.h:97:2: error: expected identifier before numeric constant
-|   IFF_LOWER_UP   = 1<<16, /* __volatile__ */
-
-Patch originally from Khem Raj.
-
-Upstream-Status: Pending [https://github.com/paulusmack/ppp/issues/73]
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-
-diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c
-index 9643b96..458316b 100644
---- a/pppd/plugins/pppol2tp/openl2tp.c
-+++ b/pppd/plugins/pppol2tp/openl2tp.c
-@@ -47,7 +47,6 @@
- #include <linux/if_ether.h>
- #include <linux/ppp_defs.h>
- #include <linux/if_ppp.h>
--#include <linux/if_pppox.h>
- #include <linux/if_pppol2tp.h>
- 
- #include "l2tp_event.h"
-diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c
-index 0e28606..4f6d98c 100644
---- a/pppd/plugins/pppol2tp/pppol2tp.c
-+++ b/pppd/plugins/pppol2tp/pppol2tp.c
-@@ -46,7 +46,6 @@
- #include <linux/if_ether.h>
- #include <linux/ppp_defs.h>
- #include <linux/if_ppp.h>
--#include <linux/if_pppox.h>
- #include <linux/if_pppol2tp.h>
- 
- /* should be added to system's socket.h... */
----
-
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch
new file mode 100644
index 0000000000..c91246dbf5
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/0001-ppp-fix-build-against-5.15-headers.patch
@@ -0,0 +1,36 @@
+From aba3273273e826c6dc90f197ca9a3e800e826891 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@gmail.com>
+Date: Fri, 5 Nov 2021 12:41:35 -0400
+Subject: [PATCH] ppp: fix build against 5.15 headers
+
+The 5.15 kernel has removed ipx support, along with the userspace
+visible header.
+
+This support wasn't used previously (as it hasn't been very well
+maintained in the kernel for several years), so we can simply
+disable it in our build and wait for upstream to do a release that
+drops the support.
+
+Upstream-Status: Inappropriate [OE-specific configuration/headers]
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+---
+ pppd/Makefile.linux | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
+index 22837c5..23b9b22 100644
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -91,7 +91,7 @@ MAXOCTETS=y
+ 
+ INCLUDE_DIRS= -I../include
+ 
+-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
++COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP -pipe
+ 
+ CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch b/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch
deleted file mode 100644
index 9362d12648..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/0001-pppoe-include-netinet-in.h-before-linux-in.h.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 50a2997b256e0e0ef7a46fae133f56f60fce539c Mon Sep 17 00:00:00 2001
-From: Lubomir Rintel <lkundrak@v3.sk>
-Date: Mon, 9 Jan 2017 13:34:23 +0000
-Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
-
-This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be
-included before <linux/in.h> otherwise the earlier, unaware of the latter,
-tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work
-alone anymore, since it pulls the headers in the wrong order, so we better
-include <netinet/in.h> early.
-
-Upstream-Status: Backport
-[https://github.com/paulusmack/ppp/commit/50a2997b256e0e0ef7a46fae133f56f60fce539c]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- pppd/plugins/rp-pppoe/pppoe.h | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
-index 9ab2eee..c4aaa6e 100644
---- a/pppd/plugins/rp-pppoe/pppoe.h
-+++ b/pppd/plugins/rp-pppoe/pppoe.h
-@@ -47,6 +47,10 @@
- #include <sys/socket.h>
- #endif
- 
-+/* This has to be included before Linux 4.8's linux/in.h
-+ * gets dragged in. */
-+#include <netinet/in.h>
-+
- /* Ugly header files on some Linux boxes... */
- #if defined(HAVE_LINUX_IF_H)
- #include <linux/if.h>
-@@ -84,8 +88,6 @@ typedef unsigned long UINT32_t;
- #include <linux/if_ether.h>
- #endif
- 
--#include <netinet/in.h>
--
- #ifdef HAVE_NETINET_IF_ETHER_H
- #include <sys/types.h>
- 
-@@ -98,7 +100,6 @@ typedef unsigned long UINT32_t;
- #endif
- 
- 
--
- /* Ethernet frame types according to RFC 2516 */
- #define ETH_PPPOE_DISCOVERY 0x8863
- #define ETH_PPPOE_SESSION   0x8864
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch b/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
deleted file mode 100644
index 7dd69d8f4d..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/cifdefroute.patch
+++ /dev/null
@@ -1,297 +0,0 @@
-This patch comes from OpenEmbedded.
-The original patch is from Debian / SuSE to implement replacedefaultroute
-Rebased it to fit ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
-
-Upstream-Status: Inappropriate [debian/suse patches]
-
-Index: ppp-2.4.7/pppd/ipcp.c
-===================================================================
---- ppp-2.4.7.orig/pppd/ipcp.c
-+++ ppp-2.4.7/pppd/ipcp.c
-@@ -198,6 +198,16 @@ static option_t ipcp_option_list[] = {
-       "disable defaultroute option", OPT_ALIAS | OPT_A2CLR,
-       &ipcp_wantoptions[0].default_route },
- 
-+#ifdef __linux__
-+    { "replacedefaultroute", o_bool,
-+                               &ipcp_wantoptions[0].replace_default_route,
-+      "Replace default route", 1
-+    },
-+    { "noreplacedefaultroute", o_bool,
-+                               &ipcp_allowoptions[0].replace_default_route,
-+      "Never replace default route", OPT_A2COPY,
-+                               &ipcp_wantoptions[0].replace_default_route },
-+#endif
-     { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp,
-       "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp },
-     { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp,
-@@ -271,7 +281,7 @@ struct protent ipcp_protent = {
-     ip_active_pkt
- };
- 
--static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t));
-+static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool));
- static void ipcp_script __P((char *, int));	/* Run an up/down script */
- static void ipcp_script_done __P((void *));
- 
-@@ -1761,7 +1771,12 @@ ip_demand_conf(u)
-     if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE))
- 	return 0;
-     if (wo->default_route)
-+#ifndef __linux__
- 	if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr))
-+#else
-+	if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr,
-+                                            wo->replace_default_route))
-+#endif
- 	    default_route_set[u] = 1;
-     if (wo->proxy_arp)
- 	if (sifproxyarp(u, wo->hisaddr))
-@@ -1849,7 +1864,8 @@ ipcp_up(f)
-      */
-     if (demand) {
- 	if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) {
--	    ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr);
-+	    ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, 
-+				      wo->replace_default_route);
- 	    if (go->ouraddr != wo->ouraddr) {
- 		warn("Local IP address changed to %I", go->ouraddr);
- 		script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
-@@ -1874,7 +1890,12 @@ ipcp_up(f)
- 
- 	    /* assign a default route through the interface if required */
- 	    if (ipcp_wantoptions[f->unit].default_route) 
-+#ifndef __linux__
- 		if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr))
-+#else
-+		if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr,
-+					     wo->replace_default_route))
-+#endif
- 		    default_route_set[f->unit] = 1;
- 
- 	    /* Make a proxy ARP entry if requested. */
-@@ -1924,7 +1945,12 @@ ipcp_up(f)
- 
- 	/* assign a default route through the interface if required */
- 	if (ipcp_wantoptions[f->unit].default_route) 
-+#ifndef __linux__
- 	    if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr))
-+#else
-+	    if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr,
-+					 wo->replace_default_route))
-+#endif
- 		default_route_set[f->unit] = 1;
- 
- 	/* Make a proxy ARP entry if requested. */
-@@ -2002,7 +2028,7 @@ ipcp_down(f)
- 	sifnpmode(f->unit, PPP_IP, NPMODE_DROP);
- 	sifdown(f->unit);
- 	ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr,
--			 ipcp_hisoptions[f->unit].hisaddr);
-+			 ipcp_hisoptions[f->unit].hisaddr, 0);
-     }
- 
-     /* Execute the ip-down script */
-@@ -2018,12 +2044,21 @@ ipcp_down(f)
-  * proxy arp entries, etc.
-  */
- static void
--ipcp_clear_addrs(unit, ouraddr, hisaddr)
-+ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute)
-     int unit;
-     u_int32_t ouraddr;  /* local address */
-     u_int32_t hisaddr;  /* remote address */
-+    bool replacedefaultroute;
- {
--    if (proxy_arp_set[unit]) {
-+    /* If replacedefaultroute, sifdefaultroute will be called soon
-+     * with replacedefaultroute set and that will overwrite the current
-+     * default route. This is the case only when doing demand, otherwise
-+     * during demand, this cifdefaultroute would restore the old default
-+     * route which is not what we want in this case. In the non-demand
-+     * case, we'll delete the default route and restore the old if there
-+     * is one saved by an sifdefaultroute with replacedefaultroute.
-+     */
-+    if (!replacedefaultroute && default_route_set[unit]) {
- 	cifproxyarp(unit, hisaddr);
- 	proxy_arp_set[unit] = 0;
-     }
-Index: ppp-2.4.7/pppd/ipcp.h
-===================================================================
---- ppp-2.4.7.orig/pppd/ipcp.h
-+++ ppp-2.4.7/pppd/ipcp.h
-@@ -70,6 +70,7 @@ typedef struct ipcp_options {
-     bool old_addrs;		/* Use old (IP-Addresses) option? */
-     bool req_addr;		/* Ask peer to send IP address? */
-     bool default_route;		/* Assign default route through interface? */
-+    bool replace_default_route; /* Replace default route through interface? */
-     bool proxy_arp;		/* Make proxy ARP entry for peer? */
-     bool neg_vj;		/* Van Jacobson Compression? */
-     bool old_vj;		/* use old (short) form of VJ option? */
-Index: ppp-2.4.7/pppd/pppd.8
-===================================================================
---- ppp-2.4.7.orig/pppd/pppd.8
-+++ ppp-2.4.7/pppd/pppd.8
-@@ -121,6 +121,13 @@ the gateway, when IPCP negotiation is su
- This entry is removed when the PPP connection is broken.  This option
- is privileged if the \fInodefaultroute\fR option has been specified.
- .TP
-+.B replacedefaultroute
-+This option is a flag to the defaultroute option. If defaultroute is
-+set and this flag is also set, pppd replaces an existing default route
-+with the new default route.
-+
-+
-+.TP
- .B disconnect \fIscript
- Execute the command specified by \fIscript\fR, by passing it to a
- shell, after
-@@ -734,7 +741,12 @@ disable both forms of hardware flow cont
- .TP
- .B nodefaultroute
- Disable the \fIdefaultroute\fR option.  The system administrator who
--wishes to prevent users from creating default routes with pppd
-+wishes to prevent users from adding a default route with pppd
-+can do so by placing this option in the /etc/ppp/options file.
-+.TP
-+.B noreplacedefaultroute
-+Disable the \fIreplacedefaultroute\fR option. The system administrator who
-+wishes to prevent users from replacing a default route with pppd
- can do so by placing this option in the /etc/ppp/options file.
- .TP
- .B nodeflate
-Index: ppp-2.4.7/pppd/pppd.h
-===================================================================
---- ppp-2.4.7.orig/pppd/pppd.h
-+++ ppp-2.4.7/pppd/pppd.h
-@@ -665,7 +665,11 @@ int  sif6addr __P((int, eui64_t, eui64_t
- int  cif6addr __P((int, eui64_t, eui64_t));
- 				/* Remove an IPv6 address from i/f */
- #endif
-+#ifndef __linux__
- int  sifdefaultroute __P((int, u_int32_t, u_int32_t));
-+#else
-+int  sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt));
-+#endif
- 				/* Create default route through i/f */
- int  cifdefaultroute __P((int, u_int32_t, u_int32_t));
- 				/* Delete default route through i/f */
-Index: ppp-2.4.7/pppd/sys-linux.c
-===================================================================
---- ppp-2.4.7.orig/pppd/sys-linux.c
-+++ ppp-2.4.7/pppd/sys-linux.c
-@@ -207,6 +207,8 @@ static unsigned char inbuf[512]; /* buff
- static int	if_is_up;	/* Interface has been marked up */
- static int	if6_is_up;	/* Interface has been marked up for IPv6, to help differentiate */
- static int	have_default_route;	/* Gateway for default route added */
-+static struct rtentry old_def_rt;       /* Old default route */
-+static int       default_rt_repl_rest;  /* replace and restore old default rt */
- static u_int32_t proxy_arp_addr;	/* Addr for proxy arp entry added */
- static char proxy_arp_dev[16];		/* Device for proxy arp entry */
- static u_int32_t our_old_addr;		/* for detecting address changes */
-@@ -1545,6 +1547,9 @@ static int read_route_table(struct rtent
- 	p = NULL;
-     }
- 
-+    SET_SA_FAMILY (rt->rt_dst,     AF_INET);
-+    SET_SA_FAMILY (rt->rt_gateway, AF_INET);
-+
-     SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16);
-     SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16);
-     SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16);
-@@ -1614,20 +1619,51 @@ int have_route_to(u_int32_t addr)
- /********************************************************************
-  *
-  * sifdefaultroute - assign a default route through the address given.
-- */
--
--int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway)
--{
--    struct rtentry rt;
--
--    if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) {
--	if (rt.rt_flags & RTF_GATEWAY)
--	    error("not replacing existing default route via %I",
--		  SIN_ADDR(rt.rt_gateway));
--	else
--	    error("not replacing existing default route through %s",
--		  rt.rt_dev);
--	return 0;
-+ *
-+ * If the global default_rt_repl_rest flag is set, then this function
-+ * already replaced the original system defaultroute with some other
-+ * route and it should just replace the current defaultroute with
-+ * another one, without saving the current route. Use: demand mode,
-+ * when pppd sets first a defaultroute it it's temporary ppp0 addresses
-+ * and then changes the temporary addresses to the addresses for the real
-+ * ppp connection when it has come up.
-+ */
-+
-+int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace)
-+{
-+    struct rtentry rt, tmp_rt;
-+    struct rtentry *del_rt = NULL;
-+
-+    if (default_rt_repl_rest) {
-+	/* We have already reclaced the original defaultroute, if we
-+         * are called again, we will delete the current default route
-+         * and set the new default route in this function.  
-+         * - this is normally only the case the doing demand: */
-+	if (defaultroute_exists( &tmp_rt ))
-+		del_rt = &tmp_rt;
-+    } else if ( defaultroute_exists( &old_def_rt                ) &&
-+	                     strcmp(  old_def_rt.rt_dev, ifname ) != 0) {
-+	/* We did not yet replace an existing default route, let's
-+	 * check if we should save and replace a default route:
-+         */
-+	u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway);
-+	if (old_gateway != gateway) {
-+	    if (!replace) {
-+	        error("not replacing default route to %s [%I]",
-+			old_def_rt.rt_dev, old_gateway);
-+		return 0;
-+	    } else {
-+		// we need to copy rt_dev because we need it permanent too:
-+		char * tmp_dev = malloc(strlen(old_def_rt.rt_dev)+1);
-+		strcpy(tmp_dev, old_def_rt.rt_dev);
-+		old_def_rt.rt_dev = tmp_dev;
-+
-+		notice("replacing old default route to %s [%I]",
-+			old_def_rt.rt_dev, old_gateway);
-+	        default_rt_repl_rest = 1;
-+		del_rt = &old_def_rt;
-+	    }
-+	}
-     }
- 
-     memset (&rt, 0, sizeof (rt));
-@@ -1646,6 +1682,12 @@ int sifdefaultroute (int unit, u_int32_t
- 	    error("default route ioctl(SIOCADDRT): %m");
- 	return 0;
-     }
-+    if (default_rt_repl_rest && del_rt)
-+        if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) {
-+	    if ( ! ok_error ( errno ))
-+	        error("del old default route ioctl(SIOCDELRT): %m(%d)", errno);
-+	    return 0;
-+        }
- 
-     have_default_route = 1;
-     return 1;
-@@ -1681,6 +1723,16 @@ int cifdefaultroute (int unit, u_int32_t
- 	    return 0;
- 	}
-     }
-+    if (default_rt_repl_rest) {
-+	notice("restoring old default route to %s [%I]",
-+			old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway));
-+        if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) {
-+	    if ( ! ok_error ( errno ))
-+	        error("restore default route ioctl(SIOCADDRT): %m(%d)", errno);
-+	    return 0;
-+        }
-+        default_rt_repl_rest = 0;
-+    }
- 
-     return 1;
- }
diff --git a/meta/recipes-connectivity/ppp/ppp/copts.patch b/meta/recipes-connectivity/ppp/ppp/copts.patch
deleted file mode 100644
index 53ff06e03e..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/copts.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-ppp: use build system CFLAGS when compiling
-
-Upstream-Status: Pending
-
-Override the hard-coded COPTS make variables with
-CFLAGS.  Add COPTS into one Makefile that did not
-use it.
-
-Signed-off-by: Joe Slater <jslater@windriver.com>
-
---- a/pppd/plugins/radius/Makefile.linux
-+++ b/pppd/plugins/radius/Makefile.linux
-@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ 
- INSTALL	= install
- 
- PLUGIN=radius.so radattr.so radrealms.so
--CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
-+CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
- 
- # Uncomment the next line to include support for Microsoft's
- # MS-CHAP authentication protocol.
diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
deleted file mode 100644
index c5a0be86f5..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-ppp: Buffer overflow in radius plugin
-
-From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450
-
-Upstream-Status: Backport
-CVE: CVE-2015-3310
-
-On systems with more than 65535 processes running, pppd aborts when
-sending a "start" accounting message to the RADIUS server because of a
-buffer overflow in rc_mksid.
-
-The process id is used in rc_mksid to generate a pseudo-unique string,
-assuming that the hex representation of the pid will be at most 4
-characters (FFFF). __sprintf_chk(), used when compiling with
-optimization levels greater than 0 and FORTIFY_SOURCE, detects the
-buffer overflow and makes pppd crash.
-
-The following patch fixes the problem.
-
---- ppp-2.4.6.orig/pppd/plugins/radius/util.c
-+++ ppp-2.4.6/pppd/plugins/radius/util.c
-@@ -77,7 +77,7 @@ rc_mksid (void)
-   static unsigned short int cnt = 0;
-   sprintf (buf, "%08lX%04X%02hX",
- 	   (unsigned long int) time (NULL),
--	   (unsigned int) getpid (),
-+	   (unsigned int) getpid () % 65535,
- 	   cnt & 0xFF);
-   cnt++;
-   return buf;
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch b/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
deleted file mode 100644
index 8a69396cc7..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/makefile-remove-hard-usr-reference.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-The patch comes from OpenEmbedded.
-Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
-
-Updated from OE-Classic to include the pcap hunk.
-Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
-
-Upstream-Status: Inappropriate [configuration]
-
-Index: ppp-2.4.7/pppd/Makefile.linux
-===================================================================
---- ppp-2.4.7.orig/pppd/Makefile.linux
-+++ ppp-2.4.7/pppd/Makefile.linux
-@@ -120,10 +120,10 @@ CFLAGS   += -DHAS_SHADOW
- #LIBS     += -lshadow $(LIBS)
- endif
- 
--ifneq ($(wildcard /usr/include/crypt.h),)
-+#ifneq ($(wildcard /usr/include/crypt.h),)
- CFLAGS  += -DHAVE_CRYPT_H=1
- LIBS	+= -lcrypt
--endif
-+#endif
- 
- ifdef USE_LIBUTIL
- CFLAGS	+= -DHAVE_LOGWTMP=1
-@@ -177,10 +177,10 @@ LIBS	+= -ldl
- endif
- 
- ifdef FILTER
--ifneq ($(wildcard /usr/include/pcap-bpf.h),)
-+#ifneq ($(wildcard /usr/include/pcap-bpf.h),)
- LIBS    += -lpcap
- CFLAGS  += -DPPP_FILTER
--endif
-+#endif
- endif
- 
- ifdef HAVE_INET6
diff --git a/meta/recipes-connectivity/ppp/ppp/makefile.patch b/meta/recipes-connectivity/ppp/ppp/makefile.patch
deleted file mode 100644
index 2d09baf5d0..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/makefile.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-The patch comes from OpenEmbedded
-Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
-
-Upstream-Status: Inappropriate [configuration]
-
-diff -ruN ppp-2.4.5-orig/chat/Makefile.linux ppp-2.4.5/chat/Makefile.linux
---- ppp-2.4.5-orig/chat/Makefile.linux	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/chat/Makefile.linux	2010-06-30 15:51:30.450118446 +0800
-@@ -25,7 +25,7 @@
- 
- install: chat
- 	mkdir -p $(BINDIR) $(MANDIR)
--	$(INSTALL) -s -c chat $(BINDIR)
-+	$(INSTALL) -c chat $(BINDIR)
- 	$(INSTALL) -c -m 644 chat.8 $(MANDIR)
- 
- clean:
-diff -ruN ppp-2.4.5-orig/pppd/Makefile.linux ppp-2.4.5/pppd/Makefile.linux
---- ppp-2.4.5-orig/pppd/Makefile.linux	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/Makefile.linux	2010-06-30 15:52:11.214170607 +0800
-@@ -99,7 +99,7 @@
- CFLAGS	+= -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
- LIBS	+= -lsrp -L/usr/local/ssl/lib -lcrypto
- TARGETS	+= srp-entry
--EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
-+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
- MANPAGES += srp-entry.8
- EXTRACLEAN += srp-entry.o
- NEEDDES=y
-@@ -200,7 +200,7 @@
- install: pppd
- 	mkdir -p $(BINDIR) $(MANDIR)
- 	$(EXTRAINSTALL)
--	$(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd
-+	$(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
- 	if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
- 	  chmod o-rx,u+s $(BINDIR)/pppd; fi
- 	$(INSTALL) -c -m 444 pppd.8 $(MANDIR)
-diff -ruN ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux ppp-2.4.5/pppd/plugins/radius/Makefile.linux
---- ppp-2.4.5-orig/pppd/plugins/radius/Makefile.linux	2010-06-30 15:51:12.047676187 +0800
-+++ ppp-2.4.5/pppd/plugins/radius/Makefile.linux	2010-06-30 15:53:47.750182267 +0800
-@@ -36,11 +36,11 @@
- 
- install: all
- 	$(INSTALL) -d -m 755 $(LIBDIR)
--	$(INSTALL) -s -c -m 755 radius.so $(LIBDIR)
--	$(INSTALL) -s -c -m 755 radattr.so $(LIBDIR)
--	$(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR)
--	$(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
--	$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
-+	$(INSTALL) -c -m 755 radius.so $(LIBDIR)
-+	$(INSTALL) -c -m 755 radattr.so $(LIBDIR)
-+	$(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
-+	$(INSTALL) -m 444 pppd-radius.8 $(MANDIR)
-+	$(INSTALL) -m 444 pppd-radattr.8 $(MANDIR)
- 
- radius.so: radius.o libradiusclient.a
- 	$(CC) -o radius.so -shared radius.o libradiusclient.a
-diff -ruN ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux
---- ppp-2.4.5-orig/pppd/plugins/rp-pppoe/Makefile.linux	2010-06-30 15:51:12.047676187 +0800
-+++ ppp-2.4.5/pppd/plugins/rp-pppoe/Makefile.linux	2010-06-30 15:53:15.454486877 +0800
-@@ -43,9 +43,9 @@
- 
- install: all
- 	$(INSTALL) -d -m 755 $(LIBDIR)
--	$(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR)
-+	$(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
- 	$(INSTALL) -d -m 755 $(BINDIR)
--	$(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR)
-+	$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
- 
- clean:
- 	rm -f *.o *.so pppoe-discovery
-diff -ruN ppp-2.4.5-orig/pppdump/Makefile.linux ppp-2.4.5/pppdump/Makefile.linux
---- ppp-2.4.5-orig/pppdump/Makefile.linux	2010-06-30 15:51:12.058183383 +0800
-+++ ppp-2.4.5/pppdump/Makefile.linux	2010-06-30 15:52:25.762183537 +0800
-@@ -17,5 +17,5 @@
- 
- install:
- 	mkdir -p $(BINDIR) $(MANDIR)
--	$(INSTALL) -s -c pppdump $(BINDIR)
-+	$(INSTALL) -c pppdump $(BINDIR)
- 	$(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
-diff -ruN ppp-2.4.5-orig/pppstats/Makefile.linux ppp-2.4.5/pppstats/Makefile.linux
---- ppp-2.4.5-orig/pppstats/Makefile.linux	2010-06-30 15:51:12.058183383 +0800
-+++ ppp-2.4.5/pppstats/Makefile.linux	2010-06-30 15:52:42.486341081 +0800
-@@ -22,7 +22,7 @@
- 
- install: pppstats
- 	-mkdir -p $(MANDIR)
--	$(INSTALL) -s -c pppstats $(BINDIR)
-+	$(INSTALL) -c pppstats $(BINDIR)
- 	$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
- 
- pppstats: $(PPPSTATSRCS)
diff --git a/meta/recipes-connectivity/ppp/ppp/makefix.patch b/meta/recipes-connectivity/ppp/ppp/makefix.patch
new file mode 100644
index 0000000000..fce068cae0
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/makefix.patch
@@ -0,0 +1,40 @@
+We were seeing reproducibility issues where one host would use the internal 
+logwtmp wrapper, another would use the one in libutil. The issue was that in
+some cases the "\#include" was making it to CC, in others, "#include". The
+issue seems to be related to shell escaping.
+
+The root cause looks to be:
+http://git.savannah.gnu.org/cgit/make.git/commit/?id=c6966b323811c37acedff05b576b907b06aea5f4
+
+Instead of relying on shell quoting, use make to indirect the variable
+and avoid the problem.
+
+See https://github.com/paulusmack/ppp/issues/233
+
+Upstream-Status: Backport [https://github.com/paulusmack/ppp/commit/b4430f7092ececdff2504d5f3393a4c6528c3686]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: ppp-2.4.9/pppd/Makefile.linux
+===================================================================
+--- ppp-2.4.9.orig/pppd/Makefile.linux
++++ ppp-2.4.9/pppd/Makefile.linux
+@@ -80,7 +80,8 @@ PLUGIN=y
+ #USE_SRP=y
+ 
+ # Use libutil; test if logwtmp is declared in <utmp.h> to detect
+-ifeq ($(shell echo '\#include <utmp.h>' | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes)
++UTMPHEADER = "\#include <utmp.h>"
++ifeq ($(shell echo $(UTMPHEADER) | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes)
+ USE_LIBUTIL=y
+ endif
+ 
+@@ -143,7 +144,8 @@ CFLAGS   += -DHAS_SHADOW
+ #LIBS     += -lshadow $(LIBS)
+ endif
+ 
+-ifeq ($(shell echo '\#include <crypt.h>' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
++CRYPTHEADER = "\#include <crypt.h>"
++ifeq ($(shell echo $(CRYPTHEADER) | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
+ CFLAGS  += -DHAVE_CRYPT_H=1
+ LIBS	+= -lcrypt
+ endif
diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
deleted file mode 100644
index e53f240543..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-Used openssl for the DES instead of the libcrypt / glibc
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
-Index: ppp-2.4.7/pppd/Makefile.linux
-===================================================================
---- ppp-2.4.7.orig/pppd/Makefile.linux
-+++ ppp-2.4.7/pppd/Makefile.linux
-@@ -38,7 +38,7 @@ LIBS =
- # Uncomment the next 2 lines to include support for Microsoft's
- # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
- CHAPMS=y
--USE_CRYPT=y
-+#USE_CRYPT=y
- # Don't use MSLANMAN unless you really know what you're doing.
- #MSLANMAN=y
- # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
-@@ -132,7 +132,7 @@ endif
- 
- ifdef NEEDDES
- ifndef USE_CRYPT
--LIBS     += -ldes $(LIBS)
-+LIBS     += -lcrypto
- else
- CFLAGS   += -DUSE_CRYPT=1
- endif
-Index: ppp-2.4.7/pppd/pppcrypt.c
-===================================================================
---- ppp-2.4.7.orig/pppd/pppcrypt.c
-+++ ppp-2.4.7/pppd/pppcrypt.c
-@@ -64,7 +64,7 @@ u_char *des_key;	/* OUT 64 bit DES key w
- 	des_key[7] = Get7Bits(key, 49);
- 
- #ifndef USE_CRYPT
--	des_set_odd_parity((des_cblock *)des_key);
-+	DES_set_odd_parity((DES_cblock *)des_key);
- #endif
- }
- 
-@@ -158,25 +158,25 @@ u_char *clear;	/* OUT 8 octets */
- }
- 
- #else /* USE_CRYPT */
--static des_key_schedule	key_schedule;
-+static DES_key_schedule	key_schedule;
- 
- bool
- DesSetkey(key)
- u_char *key;
- {
--	des_cblock des_key;
-+	DES_cblock des_key;
- 	MakeKey(key, des_key);
--	des_set_key(&des_key, key_schedule);
-+	DES_set_key(&des_key, &key_schedule);
- 	return (1);
- }
- 
- bool
--DesEncrypt(clear, key, cipher)
-+DesEncrypt(clear, cipher)
- u_char *clear;	/* IN  8 octets */
- u_char *cipher;	/* OUT 8 octets */
- {
--	des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
--	    key_schedule, 1);
-+	DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
-+	    &key_schedule, 1);
- 	return (1);
- }
- 
-@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
- u_char *cipher;	/* IN  8 octets */
- u_char *clear;	/* OUT 8 octets */
- {
--	des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
--	    key_schedule, 0);
-+	DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
-+	    &key_schedule, 0);
- 	return (1);
- }
- 
diff --git a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch b/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch
deleted file mode 100644
index a72414ff8a..0000000000
--- a/meta/recipes-connectivity/ppp/ppp/pppd-resolv-varrun.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-The patch comes from OpenEmbedded
-Rebased for ppp-2.4.5. Dongxiao Xu <dongxiao.xu@intel.com>
-
-Upstream-Status: Inappropriate [embedded specific]
-
-diff -ruN ppp-2.4.5-orig/pppd/ipcp.c ppp-2.4.5/pppd/ipcp.c
---- ppp-2.4.5-orig/pppd/ipcp.c	2010-06-30 15:51:12.050166398 +0800
-+++ ppp-2.4.5/pppd/ipcp.c	2010-06-30 17:02:33.930393283 +0800
-@@ -55,6 +55,8 @@
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
- 
- #include "pppd.h"
- #include "fsm.h"
-@@ -2095,6 +2097,14 @@
-     u_int32_t peerdns1, peerdns2;
- {
-     FILE *f;
-+    struct stat dirinfo;
-+
-+    if(stat(_PATH_OUTDIR, &dirinfo)) {
-+        if(mkdir(_PATH_OUTDIR, 0775)) {
-+            error("Failed to create directory %s: %m", _PATH_OUTDIR);
-+            return;
-+        }
-+    }
- 
-     f = fopen(_PATH_RESOLV, "w");
-     if (f == NULL) {
-diff -ruN ppp-2.4.5-orig/pppd/pathnames.h ppp-2.4.5/pppd/pathnames.h
---- ppp-2.4.5-orig/pppd/pathnames.h	2010-06-30 15:51:12.043682063 +0800
-+++ ppp-2.4.5/pppd/pathnames.h	2010-06-30 17:03:20.594371055 +0800
-@@ -30,7 +30,8 @@
- #define _PATH_TTYOPT	 _ROOT_PATH "/etc/ppp/options."
- #define _PATH_CONNERRS	 _ROOT_PATH "/etc/ppp/connect-errors"
- #define _PATH_PEERFILES	 _ROOT_PATH "/etc/ppp/peers/"
--#define _PATH_RESOLV	 _ROOT_PATH "/etc/ppp/resolv.conf"
-+#define _PATH_OUTDIR	_ROOT_PATH _PATH_VARRUN "/ppp"
-+#define _PATH_RESOLV	_PATH_OUTDIR "/resolv.conf"
- 
- #define _PATH_USEROPT	 ".ppprc"
- #define	_PATH_PSEUDONYM	 ".ppp_pseudonym"
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
index 644cde4562..700ece61dc 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.9.bb
@@ -5,17 +5,14 @@ SECTION = "console/network"
 HOMEPAGE = "http://samba.org/ppp/"
 BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
 DEPENDS = "libpcap openssl virtual/crypt"
-LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
+LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD"
 LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
                     file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
                     file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \
                     file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2"
 
 SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
-           file://makefile.patch \
-           file://cifdefroute.patch \
-           file://pppd-resolv-varrun.patch \
-           file://makefile-remove-hard-usr-reference.patch \
+           file://makefix.patch \
            file://pon \
            file://poff \
            file://init \
@@ -23,28 +20,19 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
            file://ip-down \
            file://08setupdns \
            file://92removedns \
-           file://copts.patch \
            file://pap \
            file://ppp_on_boot \
            file://provider \
-           file://0001-ppp-Fix-compilation-errors-in-Makefile.patch \
            file://ppp@.service \
-           file://fix-CVE-2015-3310.patch \
-           file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
-           file://0001-ppp-Remove-unneeded-include.patch \
-           file://ppp-2.4.7-DES-openssl.patch \
-"
+           file://0001-ppp-fix-build-against-5.15-headers.patch \
+           "
 
-SRC_URI_append_libc-musl = "\
-           file://0001-Fix-build-with-musl.patch \
-"
-SRC_URI[md5sum] = "78818f40e6d33a1d1de68a1551f6595a"
-SRC_URI[sha256sum] = "02e0a3dd3e4799e33103f70ec7df75348c8540966ee7c948e4ed8a42bbccfb30"
+SRC_URI[sha256sum] = "f938b35eccde533ea800b15a7445b2f1137da7f88e32a16898d02dee8adc058d"
 
 inherit autotools-brokensep systemd
 
 TARGET_CC_ARCH += " ${LDFLAGS}"
-EXTRA_OEMAKE = "STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}"
+EXTRA_OEMAKE = "CC='${CC}' STRIPPROG=${STRIP} MANDIR=${D}${datadir}/man/man8 INCDIR=${D}${includedir} LIBDIR=${D}${libdir}/pppd/${PV} BINDIR=${D}${sbindir}"
 EXTRA_OECONF = "--disable-strip"
 
 # Package Makefile computes CFLAGS, referencing COPTS.
@@ -52,11 +40,13 @@ EXTRA_OECONF = "--disable-strip"
 #
 EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
 
+EXTRA_OECONF:append:libc-musl = " --disable-ipxcp"
+
 do_configure () {
 	oe_runconf
 }
 
-do_install_append () {
+do_install:append () {
 	make install-etcppp ETCDIR=${D}/${sysconfdir}/ppp
 	mkdir -p ${D}${bindir}/ ${D}${sysconfdir}/init.d
 	mkdir -p ${D}${sysconfdir}/ppp/ip-up.d/
@@ -73,34 +63,37 @@ do_install_append () {
 	install -m 0755 ${WORKDIR}/pap ${D}${sysconfdir}/chatscripts
 	install -m 0755 ${WORKDIR}/ppp_on_boot ${D}${sysconfdir}/ppp/ppp_on_boot
 	install -m 0755 ${WORKDIR}/provider ${D}${sysconfdir}/ppp/peers/provider
-	install -d ${D}${systemd_unitdir}/system
-	install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_unitdir}/system
+	install -d ${D}${systemd_system_unitdir}
+	install -m 0644 ${WORKDIR}/ppp@.service ${D}${systemd_system_unitdir}
 	sed -i -e 's,@SBINDIR@,${sbindir},g' \
-	       ${D}${systemd_unitdir}/system/ppp@.service
+	       ${D}${systemd_system_unitdir}/ppp@.service
 	rm -rf ${D}/${mandir}/man8/man8
 	chmod u+s ${D}${sbindir}/pppd
 }
 
-do_install_append_libc-musl () {
+do_install:append:libc-musl () {
 	install -Dm 0644 ${S}/include/net/ppp_defs.h ${D}${includedir}/net/ppp_defs.h
 }
 
-CONFFILES_${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
+CONFFILES:${PN} = "${sysconfdir}/ppp/pap-secrets ${sysconfdir}/ppp/chap-secrets ${sysconfdir}/ppp/options"
 PACKAGES =+ "${PN}-oa ${PN}-oe ${PN}-radius ${PN}-winbind ${PN}-minconn ${PN}-password ${PN}-l2tp ${PN}-tools"
-FILES_${PN}        = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_unitdir}/system/ppp@.service"
-FILES_${PN}-oa       = "${libdir}/pppd/${PV}/pppoatm.so"
-FILES_${PN}-oe       = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/rp-pppoe.so"
-FILES_${PN}-radius   = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so"
-FILES_${PN}-winbind  = "${libdir}/pppd/${PV}/winbind.so"
-FILES_${PN}-minconn  = "${libdir}/pppd/${PV}/minconn.so"
-FILES_${PN}-password = "${libdir}/pppd/${PV}/pass*.so"
-FILES_${PN}-l2tp     = "${libdir}/pppd/${PV}/*l2tp.so"
-FILES_${PN}-tools    = "${sbindir}/pppstats ${sbindir}/pppdump"
-SUMMARY_${PN}-oa       = "Plugin for PPP for PPP-over-ATM support"
-SUMMARY_${PN}-oe       = "Plugin for PPP for PPP-over-Ethernet support"
-SUMMARY_${PN}-radius   = "Plugin for PPP for RADIUS support"
-SUMMARY_${PN}-winbind  = "Plugin for PPP to authenticate against Samba or Windows"
-SUMMARY_${PN}-minconn  = "Plugin for PPP to set a delay before the idle timeout applies"
-SUMMARY_${PN}-password = "Plugin for PPP to get passwords via a pipe"
-SUMMARY_${PN}-l2tp     = "Plugin for PPP for l2tp support"
-SUMMARY_${PN}-tools    = "Additional tools for the PPP package"
+FILES:${PN}        = "${sysconfdir} ${bindir} ${sbindir}/chat ${sbindir}/pppd ${systemd_system_unitdir}/ppp@.service"
+FILES:${PN}-oa       = "${libdir}/pppd/${PV}/pppoatm.so"
+FILES:${PN}-oe       = "${sbindir}/pppoe-discovery ${libdir}/pppd/${PV}/*pppoe.so"
+FILES:${PN}-radius   = "${libdir}/pppd/${PV}/radius.so ${libdir}/pppd/${PV}/radattr.so ${libdir}/pppd/${PV}/radrealms.so"
+FILES:${PN}-winbind  = "${libdir}/pppd/${PV}/winbind.so"
+FILES:${PN}-minconn  = "${libdir}/pppd/${PV}/minconn.so"
+FILES:${PN}-password = "${libdir}/pppd/${PV}/pass*.so"
+FILES:${PN}-l2tp     = "${libdir}/pppd/${PV}/*l2tp.so"
+FILES:${PN}-tools    = "${sbindir}/pppstats ${sbindir}/pppdump"
+SUMMARY:${PN}-oa       = "Plugin for PPP for PPP-over-ATM support"
+SUMMARY:${PN}-oe       = "Plugin for PPP for PPP-over-Ethernet support"
+SUMMARY:${PN}-radius   = "Plugin for PPP for RADIUS support"
+SUMMARY:${PN}-winbind  = "Plugin for PPP to authenticate against Samba or Windows"
+SUMMARY:${PN}-minconn  = "Plugin for PPP to set a delay before the idle timeout applies"
+SUMMARY:${PN}-password = "Plugin for PPP to get passwords via a pipe"
+SUMMARY:${PN}-l2tp     = "Plugin for PPP for l2tp support"
+SUMMARY:${PN}-tools    = "Additional tools for the PPP package"
+
+# Ignore compatibility symlink rp-pppoe.so->pppoe.so
+INSANE_SKIP:${PN}-oe += "dev-so"
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch b/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch
deleted file mode 100644
index 1aead07869..0000000000
--- a/meta/recipes-connectivity/resolvconf/resolvconf/fix-path-for-busybox.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-
-busybox installs readlink into /usr/bin, so ensure /usr/bin
-is in the path.
-
-Upstream-Status: Submitted
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-
-Index: resolvconf-1.76/etc/resolvconf/update.d/libc
-===================================================================
---- resolvconf-1.76.orig/etc/resolvconf/update.d/libc
-+++ resolvconf-1.76/etc/resolvconf/update.d/libc
-@@ -16,7 +16,7 @@
- #
- 
- set -e
--PATH=/sbin:/bin
-+PATH=/sbin:/bin:/usr/bin
- 
- [ -x /lib/resolvconf/list-records ] || exit 1
- 
diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb
index 8550177288..94fd2c1a70 100644
--- a/meta/recipes-connectivity/resolvconf/resolvconf_1.79.bb
+++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.91.bb
@@ -5,19 +5,19 @@ itself up as the intermediary between programs that supply \
 nameserver information and programs that need nameserver \
 information."
 SECTION = "console/network"
-LICENSE = "GPLv2+"
+LICENSE = "GPL-2.0-or-later"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c93c0550bd3173f4504b2cbd8991e50b"
 AUTHOR = "Thomas Hood"
 HOMEPAGE = "http://packages.debian.org/resolvconf"
-RDEPENDS_${PN} = "bash"
+RDEPENDS:${PN} = "bash"
 
-SRC_URI = "http://snapshot.debian.org/archive/debian/20160520T044340Z/pool/main/r/${BPN}/${BPN}_1.79.tar.xz \
-           file://fix-path-for-busybox.patch \
+SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \
            file://99_resolvconf \
-          "
+           "
 
-SRC_URI[md5sum] = "aab2382020fc518f06a06e924c56d300"
-SRC_URI[sha256sum] = "8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0"
+SRCREV = "859209d573e7aec0e95d812c6b52444591a628d1"
+
+S = "${WORKDIR}/git"
 
 # the package is taken from snapshots.debian.org; that source is static and goes stale
 # so we check the latest upstream from a directory that does get updated
@@ -42,7 +42,7 @@ do_install () {
 	ln -snf ${localstatedir}/run/${BPN} ${D}${sysconfdir}/${BPN}/run
 	install -d ${D}${sysconfdir} ${D}${base_sbindir}
 	install -d ${D}${mandir}/man8 ${D}${docdir}/${P}
-	cp -pPR etc/* ${D}${sysconfdir}/
+	cp -pPR etc/resolvconf ${D}${sysconfdir}/
 	chown -R root:root ${D}${sysconfdir}/
 	install -m 0755 bin/resolvconf ${D}${base_sbindir}/
 	install -m 0755 bin/list-records ${D}${base_libdir}/${BPN}
@@ -54,7 +54,7 @@ do_install () {
 	install -m 0644 man/resolvconf.8 ${D}${mandir}/man8/
 }
 
-pkg_postinst_${PN} () {
+pkg_postinst:${PN} () {
 	if [ -z "$D" ]; then
 		if command -v systemd-tmpfiles >/dev/null; then
 			systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/resolvconf.conf
@@ -64,4 +64,4 @@ pkg_postinst_${PN} () {
 	fi
 }
 
-FILES_${PN} += "${base_libdir}/${BPN}"
+FILES:${PN} += "${base_libdir}/${BPN}"
diff --git a/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch b/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch
deleted file mode 100644
index c0e27f3d78..0000000000
--- a/meta/recipes-connectivity/socat/socat/0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From fb10ab134d630705cae0c7be42437cc289af7d32 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 15 Mar 2016 21:36:02 +0000
-Subject: [PATCH] Use __c_ispeed and __c_ospeed on musl
-
-Original intention of these asserts is to find if termios structure
-is mapped correctly to locally define union, the get* APIs for
-baudrate would not do the right thing since they do not return the
-value from c_ospeed/c_ispeed but the value which is stored in iflag
-for baudrate.
-
-So we check if we are on Linux but not using glibc then we use
-__c_ispeed and __c_ospeed as defined in musl, however these are
-internal elements of structs it should not have been used this
-way.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
-
----
-Upstream-Status: Pending
-
- xioinitialize.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/xioinitialize.c b/xioinitialize.c
-index 9f50155..8fb2e4c 100644
---- a/xioinitialize.c
-+++ b/xioinitialize.c
-@@ -65,6 +65,12 @@ int xioinitialize(void) {
- #if HAVE_TERMIOS_ISPEED && (ISPEED_OFFSET != -1) && (OSPEED_OFFSET != -1)
- #if defined(ISPEED_OFFSET) && (ISPEED_OFFSET != -1)
- #if defined(OSPEED_OFFSET) && (OSPEED_OFFSET != -1)
-+#if defined(__linux__) && !defined(__GLIBC__)
-+      tdata.termarg.__c_ispeed = 0x56789abc;
-+      tdata.termarg.__c_ospeed = 0x6789abcd;
-+      assert(tdata.termarg.__c_ispeed == tdata.speeds[ISPEED_OFFSET]);
-+      assert(tdata.termarg.__c_ospeed == tdata.speeds[OSPEED_OFFSET]);
-+#else
-       tdata.termarg.c_ispeed = 0x56789abc;
-       tdata.termarg.c_ospeed = 0x6789abcd;
-       assert(tdata.termarg.c_ispeed == tdata.speeds[ISPEED_OFFSET]);
-@@ -72,6 +78,7 @@ int xioinitialize(void) {
- #endif
- #endif
- #endif
-+#endif
-    }
- #endif
- 
--- 
-2.8.0
-
diff --git a/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch b/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch
new file mode 100644
index 0000000000..fbfb0816dd
--- /dev/null
+++ b/meta/recipes-connectivity/socat/socat/0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch
@@ -0,0 +1,35 @@
+From d67d6b4f981db9612d808bd723176a1d2996d53a Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Mon, 17 Jan 2022 13:21:32 +0100
+Subject: [PATCH] configure.ac: check getprotobynumber_r with AC_TRY_LINK
+
+AC_TRY_COMPILE won't error out if the function is altogether absent
+(e.g. on linux musl C library), the test needs to link all the way.
+
+Upstream-Status: Submitted [via email to socat@dest-unreach.org]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ configure.ac | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index d4acc9e..973a7f2 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -137,13 +137,13 @@ AC_MSG_RESULT($sc_cv_have_prototype_hstrerror)
+ # getprotobynumber_r() is not standardized
+ AC_MSG_CHECKING(for getprotobynumber_r() variant)
+ AC_CACHE_VAL(sc_cv_getprotobynumber_r,
+-[AC_TRY_COMPILE([#include <stddef.h>
++[AC_TRY_LINK([#include <stddef.h>
+ #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024,NULL);],
+ [sc_cv_getprotobynumber_r=1; tmp_bynum_variant=Linux],
+- [AC_TRY_COMPILE([#include <stddef.h>
++ [AC_TRY_LINK([#include <stddef.h>
+  #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL,1024);],
+  [sc_cv_getprotobynumber_r=2; tmp_bynum_variant=Solaris],
+-  [AC_TRY_COMPILE([#include <stddef.h>
++  [AC_TRY_LINK([#include <stddef.h>
+   #include <netdb.h>],[getprotobynumber_r(1,NULL,NULL);],
+   [sc_cv_getprotobynumber_r=3; tmp_bynum_variant=AIX],
+ 
diff --git a/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch b/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch
deleted file mode 100644
index 4bbd36766d..0000000000
--- a/meta/recipes-connectivity/socat/socat/0001-define-NETDB_INTERNAL-to-1-if-not-available.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From e6a7d96fa3675bdd3f4d7a3d7682381789eef22f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 15 Feb 2016 20:25:34 +0000
-Subject: [PATCH] define NETDB_INTERNAL to -1 if not available
-
-helps build with musl
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
-Upstream-Status: Pending
-
- compat.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/compat.h b/compat.h
-index c8bee4d..bfb013a 100644
---- a/compat.h
-+++ b/compat.h
-@@ -666,6 +666,10 @@ typedef int sig_atomic_t;
- #  define NETDB_INTERNAL h_NETDB_INTERNAL
- #endif
- 
-+#if !defined(NETDB_INTERNAL)
-+#  define NETDB_INTERNAL (-1)
-+#endif
-+
- #ifndef INET_ADDRSTRLEN
- #  define INET_ADDRSTRLEN sizeof(struct sockaddr_in)
- #endif
--- 
-2.7.1
-
diff --git a/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch b/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
deleted file mode 100644
index aa4db65a79..0000000000
--- a/meta/recipes-connectivity/socat/socat/Makefile.in-fix-for-parallel-build.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From c6f0080b55679b6e8b5d332d6e05fdcbda1e4064 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Mon, 4 May 2015 00:58:47 -0700
-Subject: [PATCH] Makefile.in: fix for parallel build
-
-Fixed:
-vsnprintf_r.o: file not recognized: File truncated
-collect2: error: ld returned 3 exit status
-Makefile:122: recipe for target 'filan' failed
-
-Let filan depend on vsnprintf_r.o and snprinterr.o to fix the issue.
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
----
- Makefile.in |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index f2a6edb..88b784b 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -118,7 +118,7 @@ PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysut
- procan: $(PROCAN_OBJS)
- 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(PROCAN_OBJS) $(CLIBS)
- 
--filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o
-+filan: filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o
- 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ filan_main.o filan.o fdname.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o $(CLIBS)
- 
- libxio.a: $(XIOOBJS) $(UTLOBJS)
--- 
-1.7.9.5
-
diff --git a/meta/recipes-connectivity/socat/socat_1.7.3.2.bb b/meta/recipes-connectivity/socat/socat_1.7.4.3.bb
index b2d6b1dea4..a4a0a8933e 100644
--- a/meta/recipes-connectivity/socat/socat_1.7.3.2.bb
+++ b/meta/recipes-connectivity/socat/socat_1.7.4.3.bb
@@ -5,20 +5,15 @@ HOMEPAGE = "http://www.dest-unreach.org/socat/"
 
 SECTION = "console/network"
 
-DEPENDS = "openssl readline"
-
 LICENSE = "GPL-2.0-with-OpenSSL-exception"
 LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-                    file://README;beginline=257;endline=287;md5=338c05eadd013872abb1d6e198e10a3f"
+                    file://README;beginline=257;endline=287;md5=82520b052f322ac2b5b3dfdc7c7eea86"
 
 SRC_URI = "http://www.dest-unreach.org/socat/download/socat-${PV}.tar.bz2 \
-           file://Makefile.in-fix-for-parallel-build.patch \
-           file://0001-define-NETDB_INTERNAL-to-1-if-not-available.patch \
-           file://0001-Access-c_ispeed-and-c_ospeed-via-APIs.patch \
-"
+           file://0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch \
+           "
 
-SRC_URI[md5sum] = "607a24c15bd2cb54e9328bfbbd3a1ae9"
-SRC_URI[sha256sum] = "e3561f808739383eb10fada1e5d4f26883f0311b34fd0af7837d0c95ef379251"
+SRC_URI[sha256sum] = "d47318104415077635119dfee44bcfb41de3497374a9a001b1aff6e2f0858007"
 
 inherit autotools
 
@@ -34,19 +29,23 @@ TERMBITS_SHIFTS ?= "sc_cv_sys_crdly_shift=9 \
                     sc_cv_sys_tabdly_shift=11 \
                     sc_cv_sys_csize_shift=4"
 
-TERMBITS_SHIFTS_powerpc = "sc_cv_sys_crdly_shift=12 \
+TERMBITS_SHIFTS:powerpc = "sc_cv_sys_crdly_shift=12 \
                            sc_cv_sys_tabdly_shift=10 \
                            sc_cv_sys_csize_shift=8"
 
-TERMBITS_SHIFTS_powerpc64 = "sc_cv_sys_crdly_shift=12 \
+TERMBITS_SHIFTS:powerpc64 = "sc_cv_sys_crdly_shift=12 \
                              sc_cv_sys_tabdly_shift=10 \
                              sc_cv_sys_csize_shift=8"
 
-PACKAGECONFIG_class-target ??= "tcp-wrappers"
-PACKAGECONFIG ??= ""
+PACKAGECONFIG:class-target ??= "tcp-wrappers readline openssl"
+PACKAGECONFIG ??= "readline openssl"
 PACKAGECONFIG[tcp-wrappers] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline"
+PACKAGECONFIG[openssl] = "--enable-openssl,--disable-openssl,openssl"
+
+CFLAGS += "-fcommon"
 
-do_install_prepend () {
+do_install:prepend () {
     mkdir -p ${D}${bindir}
     install -d ${D}${bindir} ${D}${mandir}/man1
 }
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key
new file mode 100644
index 0000000000..30443c9438
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/dropbear_rsa_host_key
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key
new file mode 100644
index 0000000000..86c2104ec8
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRJR6iZxr/NTqQN9NOwV+WPtu42r2eF
+rJ0xsnlqw5bpmfz6aDR8RQvVHUZjRGQfR/RXPbQ5x+bjjdm176TuXNhHAAAAqAoE27MKBN
+uzAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA30
+07BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2E
+cAAAAgLiHv/IWhxwosz9BiNILOOPlXaueL5hVTBKUJkpOi48sAAAANcm9vdEBxZW11bWlw
+cwECAw==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub
new file mode 100644
index 0000000000..a358aeb88a
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElHqJnGv81OpA3007BX5Y+27javZ4WsnTGyeWrDlumZ/PpoNHxFC9UdRmNEZB9H9Fc9tDnH5uON2bXvpO5c2Ec= root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key
new file mode 100644
index 0000000000..00ed9adae2
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbwAAAJChFtV0oRbV
+dAAAAAtzc2gtZWQyNTUxOQAAACDHSFTAbJ3OTd1r1E8G5JleCmsJEpQHmdTGtMcYqwWbbw
+AAAEA8UiUsygsTbP0HkDi5leXpQaVXihDyCHeitkBCItJGhcdIVMBsnc5N3WvUTwbkmV4K
+awkSlAeZ1Ma0xxirBZtvAAAADXJvb3RAcWVtdW1pcHM=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000000..cc0e2f43ed
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdIVMBsnc5N3WvUTwbkmV4KawkSlAeZ1Ma0xxirBZtv root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key
new file mode 100644
index 0000000000..a8e4406ba3
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA2Q6dzF1xziCQCFq+e+Fv6w0607gNlyKnkhuoRq8G7/HEqXU2eEtC
+i3AMUrAP8k7s9kP5vI5CyfSgFuC9MxDV2YL2bsmvRxBSKgg6KbNxkoTaFBqyqHopuWQca8
+KRahvzt5dh9fsmeqamIwgMWKTSwtDHcsbyt84nmO2Z2ZrNXobgueMIj+HiJVgmWn86FQFL
+EoONAA+qb4SciPsxvmTlaQ/DMAh3llVo/IMLD9oyAyAI2kbHNnZttlYv5TmY7ICd3yCW8z
+PXrxNcEF3Qs1d68gVJxLjLKTlYGzJW2J+RwY+1DJZ0w4lozeQiZXTXVtzcJB0tm2DcvQMz
+kqyARmncSUwcPbEClEW6Y2xQnLeSHjexzlCCndiUbBTeG5iRl4OL6DN40iI9Lw2VROtj2Y
+59n9PCfaoUs08dsgJLaNrDbRHrCRLSdZJ6OQFiC/nAx/t4e4+wdUgNOqLyJqomdNdaLXPq
+tzr9ssrcY5j1DmmwKtzfTI5VM9LRQo+REIiUCNTFAAAFiFh232tYdt9rAAAAB3NzaC1yc2
+EAAAGBANkOncxdcc4gkAhavnvhb+sNOtO4DZcip5IbqEavBu/xxKl1NnhLQotwDFKwD/JO
+7PZD+byOQsn0oBbgvTMQ1dmC9m7Jr0cQUioIOimzcZKE2hQasqh6KblkHGvCkWob87eXYf
+X7JnqmpiMIDFik0sLQx3LG8rfOJ5jtmdmazV6G4LnjCI/h4iVYJlp/OhUBSxKDjQAPqm+E
+nIj7Mb5k5WkPwzAId5ZVaPyDCw/aMgMgCNpGxzZ2bbZWL+U5mOyAnd8glvMz168TXBBd0L
+NXevIFScS4yyk5WBsyVtifkcGPtQyWdMOJaM3kImV011bc3CQdLZtg3L0DM5KsgEZp3ElM
+HD2xApRFumNsUJy3kh43sc5Qgp3YlGwU3huYkZeDi+gzeNIiPS8NlUTrY9mOfZ/Twn2qFL
+NPHbICS2jaw20R6wkS0nWSejkBYgv5wMf7eHuPsHVIDTqi8iaqJnTXWi1z6rc6/bLK3GOY
+9Q5psCrc30yOVTPS0UKPkRCIlAjUxQAAAAMBAAEAAAGAGIj+bUtiwdoMbeVUAszIydkE/U
+mgv6S7LFjT/KlsL1M017LYJWDcdMaFnhMouksRngSxBg9OnWV5cxyURmFwytVy5bMGjRHb
+N8UWTgBqphU+UWdzKngkn0AhtkyYA1aFhgsml5d8EgEkZnFSc/KtoDfZU7AJX519/FtfOK
+m27Shx3pE7Nohh97avHyuidR1gTwdvuMIMke57g0BhrxPYmredaKCMZAHjjCeD6JbRcGj+
+ly3I9u8MF8BGSbLpBlLDUFCwP8G5CdmMua8bPJYhPSRqMLQhclI7hc6FaYk+gZV9B74Iv/
+SAxcCwI97dNbE0IAsbbWoUdoKGpAYQ5gOdhu5ioqZwKWjNjB3Xx48mq8xtmIR9HEnYzEnk
+b/tDWNRWrGkvNK7vpLvnbsSSKBqOAbMzmQdJxogTgjE5doSmu2/krIMR6KUcUox2ZrR8Ot
+JM6bXyNFBviiXmYvw/SZTDrVJu8BPMu5EMS5pBl8jPFBGI/ePk4qg7lWAJeQ89ThtBAAAA
+wQDEU4HjomWwJsn9UWdoodXTV5aPY9B1OPkmYnRPtsjSAcXgtBzUXMEOsmXODOK3aQjsE0
+jQKpWDAUcUf6KKZKRehxUN4MlwujCG9czn65S6B8BsP1YUfZQjpNyub8vDBfeKzlxKBEEM
+lb4iBT+LEGkihK13H5CbqRg1GDAThZzwrV4pj3S40zgyHhn8JjK4x4djEY6NwkWH8E2DgD
+8vYG/FKh5E/VIZtCgtAHa4QNAgGB4VMRn1VpSJzxjCxb1wancAAADBAPT7F34WYEI3Vc52
+p1U5rPa6dZtg5QM14V0+KtMlb3frd0/F+JVj4t6COQ8J9pkOuD0YjOYJuFXIWAAYIjCdWt
+cbTi/sSERawOWxrgSwJo2vjt5izrBQtr3N8tiB6KDGa5sdgJl5XzJ0SsdStfBbyhcJO4RV
+p9lc+X8OsUfFsClmyIs45vlxBRH06DP6/zmYCAmqvlrfZJKqlpKAEWDDObRy/3+mSNhZ0J
+BdmncASiASRlPPIoIHznyA1COUn6+TnwAAAMEA4tH89Dez2JauyPVeCyHAC680vrBKjmMx
+WYdpq2Xzd/LNl2L9oc0IEZzerLTuaCh6qsbbk2wWj1nrYXvefz/xUtDR427tvRXckcsWhP
+2HYohdYBkwTpp9QuscIV76GdwbTImuNEzvABH1hpTG6DSzqeyf/EVmSq07nptJIs5lpU49
+tW2aWraSvswHR9xfts1U79w9f4BNDy1rTmfuLERTRNF/T9CIFsk9tArLUNT64mhHtoEs8F
+9AyGuq6v49bN0bAAAADXJvb3RAcWVtdW1pcHMBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub
new file mode 100644
index 0000000000..9eb8c3838f
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys/openssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZDp3MXXHOIJAIWr574W/rDTrTuA2XIqeSG6hGrwbv8cSpdTZ4S0KLcAxSsA/yTuz2Q/m8jkLJ9KAW4L0zENXZgvZuya9HEFIqCDops3GShNoUGrKoeim5ZBxrwpFqG/O3l2H1+yZ6pqYjCAxYpNLC0MdyxvK3zieY7ZnZms1ehuC54wiP4eIlWCZafzoVAUsSg40AD6pvhJyI+zG+ZOVpD8MwCHeWVWj8gwsP2jIDIAjaRsc2dm22Vi/lOZjsgJ3fIJbzM9evE1wQXdCzV3ryBUnEuMspOVgbMlbYn5HBj7UMlnTDiWjN5CJldNdW3NwkHS2bYNy9AzOSrIBGadxJTBw9sQKURbpjbFCct5IeN7HOUIKd2JRsFN4bmJGXg4voM3jSIj0vDZVE62PZjn2f08J9qhSzTx2yAkto2sNtEesJEtJ1kno5AWIL+cDH+3h7j7B1SA06ovImqiZ011otc+q3Ov2yytxjmPUOabAq3N9MjlUz0tFCj5EQiJQI1MU= root@qemupregen
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
new file mode 100644
index 0000000000..ddd10e6eeb
--- /dev/null
+++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb
@@ -0,0 +1,19 @@
+SUMMARY = "Pre generated host keys mainly for speeding up our qemu tests"
+
+SRC_URI = "file://dropbear_rsa_host_key \
+           file://openssh"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+do_install () {
+	install -d ${D}${sysconfdir}/dropbear
+	install ${WORKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/
+
+	install -d ${D}${sysconfdir}/ssh
+	install ${WORKDIR}/openssh/* ${D}${sysconfdir}/ssh/
+	chmod 0600 ${D}${sysconfdir}/ssh/*
+	chmod 0644 ${D}${sysconfdir}/ssh/*.pub
+}
\ No newline at end of file
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
deleted file mode 100644
index a476cf040e..0000000000
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-replace-systemd-install-Alias-with-WantedBy.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 94c401733a5a3d294cc412671166e6adfb409f53 Mon Sep 17 00:00:00 2001
-From: Joshua DeWeese <jdeweese@hennypenny.com>
-Date: Wed, 30 Jan 2019 16:19:47 -0500
-Subject: [PATCH] replace systemd install Alias with WantedBy
-
-According to the systemd documentation "WantedBy=foo.service in a
-service bar.service is mostly equivalent to
-Alias=foo.service.wants/bar.service in the same file." However,
-this is not really the intended purpose of install Aliases.
-
-Upstream-Status: Submitted [hostap@lists.infradead.org]
-
-Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com>
----
- wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in | 2 +-
- wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in   | 2 +-
- wpa_supplicant/systemd/wpa_supplicant.service.arg.in         | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
-index 03ac507..da69a87 100644
---- a/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
-+++ b/wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in
-@@ -12,4 +12,4 @@ Type=simple
- ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I
- 
- [Install]
--Alias=multi-user.target.wants/wpa_supplicant-nl80211@%i.service
-+WantedBy=multi-user.target
-diff --git a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
-index c8a744d..ca3054b 100644
---- a/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
-+++ b/wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in
-@@ -12,4 +12,4 @@ Type=simple
- ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
- 
- [Install]
--Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
-+WantedBy=multi-user.target
-diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
-index 7788b38..55d2b9c 100644
---- a/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
-+++ b/wpa_supplicant/systemd/wpa_supplicant.service.arg.in
-@@ -12,4 +12,4 @@ Type=simple
- ExecStart=@BINDIR@/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I
- 
- [Install]
--Alias=multi-user.target.wants/wpa_supplicant@%i.service
-+WantedBy=multi-user.target
--- 
-2.7.4
-
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
index 6fc5cf5db7..6e80ac7de3 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.10.bb
@@ -1,50 +1,47 @@
 SUMMARY = "Client for Wi-Fi Protected Access (WPA)"
 HOMEPAGE = "http://w1.fi/wpa_supplicant/"
+DESCRIPTION = "wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key negotiation with a WPA Authenticator and it controls the roaming and IEEE 802.11 authentication/association of the wlan driver."
 BUGTRACKER = "http://w1.fi/security/"
 SECTION = "network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://COPYING;md5=a3791c270ad6bb026707d17bf750e5ef \
-                    file://README;beginline=1;endline=56;md5=495cbce6008253de4b4d8f4cdfae9f4f \
-                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=a5687903a31b8679e6a06b3afa5c819e"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://COPYING;md5=5ebcb90236d1ad640558c3d3cd3035df \
+                    file://README;beginline=1;endline=56;md5=e3d2f6c2948991e37c1ca4960de84747 \
+                    file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=76306a95306fee9a976b0ac1be70f705"
 DEPENDS = "dbus libnl"
-RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
+RRECOMMENDS:${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli"
 
-PACKAGECONFIG ??= "gnutls"
+PACKAGECONFIG ??= "openssl"
 PACKAGECONFIG[gnutls] = ",,gnutls libgcrypt"
 PACKAGECONFIG[openssl] = ",,openssl"
 
 inherit pkgconfig systemd
 
-SYSTEMD_SERVICE_${PN} = "wpa_supplicant.service wpa_supplicant-nl80211@.service wpa_supplicant-wired@.service"
+SYSTEMD_SERVICE:${PN} = "wpa_supplicant.service"
 SYSTEMD_AUTO_ENABLE = "disable"
 
-SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz  \
+SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
            file://defconfig \
            file://wpa-supplicant.sh \
            file://wpa_supplicant.conf \
            file://wpa_supplicant.conf-sane \
            file://99_wpa_supplicant \
-           file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
-          "
-SRC_URI[md5sum] = "a68538fb62766f40f890125026c42c10"
-SRC_URI[sha256sum] = "76ea6b06b7a2ea8e6d9eb1a9166166f1656e6d48c7508914f592100c95c73074"
+           "
+SRC_URI[sha256sum] = "20df7ae5154b3830355f8ab4269123a87affdea59fe74fe9292a91d0d7e17b2f"
 
 CVE_PRODUCT = "wpa_supplicant"
 
 S = "${WORKDIR}/wpa_supplicant-${PV}"
 
-PACKAGES_prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
-FILES_wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
-FILES_wpa-supplicant-cli = "${sbindir}/wpa_cli"
-FILES_${PN} += "${datadir}/dbus-1/system-services/*"
-CONFFILES_${PN} += "${sysconfdir}/wpa_supplicant.conf"
+PACKAGES:prepend = "wpa-supplicant-passphrase wpa-supplicant-cli "
+FILES:wpa-supplicant-passphrase = "${bindir}/wpa_passphrase"
+FILES:wpa-supplicant-cli = "${sbindir}/wpa_cli"
+FILES:${PN} += "${datadir}/dbus-1/system-services/* ${systemd_system_unitdir}/*"
+CONFFILES:${PN} += "${sysconfdir}/wpa_supplicant.conf"
 
 do_configure () {
 	${MAKE} -C wpa_supplicant clean
 	install -m 0755 ${WORKDIR}/defconfig wpa_supplicant/.config
-	echo "CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
-	echo "DRV_CFLAGS +=\"-I${STAGING_INCDIR}/libnl3\"" >> wpa_supplicant/.config
-	
+
 	if echo "${PACKAGECONFIG}" | grep -qw "openssl"; then
         	ssl=openssl
 	elif echo "${PACKAGECONFIG}" | grep -qw "gnutls"; then
@@ -94,15 +91,15 @@ do_install () {
 	install -m 644 ${S}/wpa_supplicant/dbus/*.service ${D}/${datadir}/dbus-1/system-services
 
 	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
-		install -d ${D}/${systemd_unitdir}/system
-		install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_unitdir}/system
+		install -d ${D}/${systemd_system_unitdir}
+		install -m 644 ${S}/wpa_supplicant/systemd/*.service ${D}/${systemd_system_unitdir}
 	fi
 
 	install -d ${D}/etc/default/volatiles
 	install -m 0644 ${WORKDIR}/99_wpa_supplicant ${D}/etc/default/volatiles
 }
 
-pkg_postinst_wpa-supplicant () {
+pkg_postinst:${PN} () {
 	# If we're offline, we don't need to do this.
 	if [ "x$D" = "x" ]; then
 		killall -q -HUP dbus-daemon || true