Update to internal 1.01-42

Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>

160 files changed, 15631 insertions, 368 deletions

diff --git a/meta-openbmc-mods/conf/machine/include/intel.inc b/meta-openbmc-mods/conf/machine/include/intel.inc
index 166f458ec..7544de8fd 100644
--- a/meta-openbmc-mods/conf/machine/include/intel.inc
+++ b/meta-openbmc-mods/conf/machine/include/intel.inc
@@ -28,4 +28,5 @@ PREFERRED_PROVIDER_virtual/phosphor-led-manager-config-native ?= "intel-led-mana
 # add all the upstream intel override fixes
 OVERRIDES .= ":intel"
 DISTRO_FEATURES_remove = "ldap"
-DISTRO_FEATURES_DEFAULT_remove = "ldap"
\ No newline at end of file
+DISTRO_FEATURES_DEFAULT_remove = "ldap"
+GLIBCVERSION ?= "%"
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch
index 79d7ec60d..838dfde9e 100644
--- a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch
+++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch
@@ -133,7 +133,7 @@ index 99239938b5..89fe5fd4fd 100644
 -	switch (genimg_get_format(hdr)) {
 -	case IMAGE_FORMAT_FIT:
 -		printf("   FIT image found\n");
--		if (!fit_check_format(hdr)) {
+-		if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) {
 -			printf("Bad FIT image format!\n");
 -			return -1;
 -		}
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch
new file mode 100644
index 000000000..deb40a938
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0001-image-Adjust-the-workings-of-fit_check_format.patch
@@ -0,0 +1,362 @@
+From 8c6e79df48988760178787af39ecd01954569e81 Mon Sep 17 00:00:00 2001
+From: Simon Glass <sjg@chromium.org>
+Date: Mon, 15 Feb 2021 17:08:09 -0700
+Subject: [PATCH] image: Adjust the workings of fit_check_format()
+
+At present this function does not accept a size for the FIT. This means
+that it must be read from the FIT itself, introducing potential security
+risk. Update the function to include a size parameter, which can be
+invalid, in which case fit_check_format() calculates it.
+
+For now no callers pass the size, but this can be updated later.
+
+Also adjust the return value to an error code so that all the different
+types of problems can be distinguished by the user.
+
+Signed-off-by: Simon Glass <sjg@chromium.org>
+Reported-by: Bruce Monroe <bruce.monroe@intel.com>
+Reported-by: Arie Haenel <arie.haenel@intel.com>
+Reported-by: Julien Lenoir <julien.lenoir@intel.com>
+---
+ board/aspeed/ast-g5/fw-update.c |  2 +-
+ cmd/bootm.c                     |  6 ++---
+ cmd/disk.c                      |  2 +-
+ cmd/fdc.c                       |  2 +-
+ cmd/fpga.c                      |  2 +-
+ cmd/nand.c                      |  2 +-
+ cmd/source.c                    |  2 +-
+ cmd/ximg.c                      |  2 +-
+ common/image-fdt.c              |  2 +-
+ common/image-fit.c              | 44 ++++++++++++++++-----------------
+ common/update.c                 |  2 +-
+ drivers/misc/fsl_debug_server.c |  2 +-
+ drivers/net/fsl-mc/mc.c         |  2 +-
+ include/image.h                 | 21 +++++++++++++++-
+ tools/fit_image.c               |  2 +-
+ tools/mkimage.h                 |  2 ++
+ 16 files changed, 59 insertions(+), 38 deletions(-)
+
+diff --git a/board/aspeed/ast-g5/fw-update.c b/board/aspeed/ast-g5/fw-update.c
+index 99239938b5ee..50b46a2eff5a 100644
+--- a/board/aspeed/ast-g5/fw-update.c
++++ b/board/aspeed/ast-g5/fw-update.c
+@@ -328,7 +328,7 @@ static int verify_image(void)
+ 	switch (genimg_get_format(hdr)) {
+ 	case IMAGE_FORMAT_FIT:
+ 		printf("   FIT image found\n");
+-		if (!fit_check_format(hdr)) {
++		if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) {
+ 			printf("Bad FIT image format!\n");
+ 			return -1;
+ 		}
+diff --git a/cmd/bootm.c b/cmd/bootm.c
+index 8da750ec5101..442ae0ba600e 100644
+--- a/cmd/bootm.c
++++ b/cmd/bootm.c
+@@ -288,7 +288,7 @@ static int image_info(ulong addr)
+ 	case IMAGE_FORMAT_FIT:
+ 		puts("   FIT image found\n");
+ 
+-		if (!fit_check_format(hdr)) {
++		if (fit_check_format(hdr, IMAGE_SIZE_INVAL)) {
+ 			puts("Bad FIT image format!\n");
+ 			return 1;
+ 		}
+@@ -361,7 +361,7 @@ static int do_imls_nor(void)
+ #endif
+ #if defined(CONFIG_FIT)
+ 			case IMAGE_FORMAT_FIT:
+-				if (!fit_check_format(hdr))
++				if (fit_check_format(hdr, IMAGE_SIZE_INVAL))
+ 					goto next_sector;
+ 
+ 				printf("FIT Image at %08lX:\n", (ulong)hdr);
+@@ -441,7 +441,7 @@ static int nand_imls_fitimage(struct mtd_info *mtd, int nand_dev, loff_t off,
+ 		return ret;
+ 	}
+ 
+-	if (!fit_check_format(imgdata)) {
++	if (fit_check_format(imgdata, IMAGE_SIZE_INVAL)) {
+ 		free(imgdata);
+ 		return 0;
+ 	}
+diff --git a/cmd/disk.c b/cmd/disk.c
+index 92de3af8a5c0..3038aacf2215 100644
+--- a/cmd/disk.c
++++ b/cmd/disk.c
+@@ -113,7 +113,7 @@ int common_diskboot(cmd_tbl_t *cmdtp, const char *intf, int argc,
+ 	/* This cannot be done earlier,
+ 	 * we need complete FIT image in RAM first */
+ 	if (genimg_get_format((void *) addr) == IMAGE_FORMAT_FIT) {
+-		if (!fit_check_format(fit_hdr)) {
++		if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) {
+ 			bootstage_error(BOOTSTAGE_ID_IDE_FIT_READ);
+ 			puts("** Bad FIT image format\n");
+ 			return 1;
+diff --git a/cmd/fdc.c b/cmd/fdc.c
+index d2281abbda90..7395e61fcdae 100644
+--- a/cmd/fdc.c
++++ b/cmd/fdc.c
+@@ -731,7 +731,7 @@ int do_fdcboot (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+ #if defined(CONFIG_FIT)
+ 	/* This cannot be done earlier, we need complete FIT image in RAM first */
+ 	if (genimg_get_format ((void *)addr) == IMAGE_FORMAT_FIT) {
+-		if (!fit_check_format (fit_hdr)) {
++		if (fit_check_format (fit_hdr, IMAGE_SIZE_INVAL)) {
+ 			puts ("** Bad FIT image format\n");
+ 			return 1;
+ 		}
+diff --git a/cmd/fpga.c b/cmd/fpga.c
+index 8956eb1b654a..ecb26d77c1cc 100644
+--- a/cmd/fpga.c
++++ b/cmd/fpga.c
+@@ -248,7 +248,7 @@ int do_fpga(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[])
+ 					return 1;
+ 				}
+ 
+-				if (!fit_check_format(fit_hdr)) {
++				if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) {
+ 					puts("Bad FIT image format\n");
+ 					return 1;
+ 				}
+diff --git a/cmd/nand.c b/cmd/nand.c
+index ffdeea41a5a7..2b1c931bd937 100644
+--- a/cmd/nand.c
++++ b/cmd/nand.c
+@@ -902,7 +902,7 @@ static int nand_load_image(cmd_tbl_t *cmdtp, struct mtd_info *mtd,
+ #if defined(CONFIG_FIT)
+ 	/* This cannot be done earlier, we need complete FIT image in RAM first */
+ 	if (genimg_get_format ((void *)addr) == IMAGE_FORMAT_FIT) {
+-		if (!fit_check_format (fit_hdr)) {
++		if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) {
+ 			bootstage_error(BOOTSTAGE_ID_NAND_FIT_READ);
+ 			puts ("** Bad FIT image format\n");
+ 			return 1;
+diff --git a/cmd/source.c b/cmd/source.c
+index db7ab7e5f409..300db33b73cd 100644
+--- a/cmd/source.c
++++ b/cmd/source.c
+@@ -97,7 +97,7 @@ source (ulong addr, const char *fit_uname)
+ 		}
+ 
+ 		fit_hdr = buf;
+-		if (!fit_check_format (fit_hdr)) {
++		if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) {
+ 			puts ("Bad FIT image format\n");
+ 			return 1;
+ 		}
+diff --git a/cmd/ximg.c b/cmd/ximg.c
+index d033c15b629c..0e26e747f25d 100644
+--- a/cmd/ximg.c
++++ b/cmd/ximg.c
+@@ -132,7 +132,7 @@ do_imgextract(cmd_tbl_t * cmdtp, int flag, int argc, char * const argv[])
+ 			"at %08lx ...\n", uname, addr);
+ 
+ 		fit_hdr = (const void *)addr;
+-		if (!fit_check_format(fit_hdr)) {
++		if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) {
+ 			puts("Bad FIT image format\n");
+ 			return 1;
+ 		}
+diff --git a/common/image-fdt.c b/common/image-fdt.c
+index 6cac7dbb7f8b..9b372577dafc 100644
+--- a/common/image-fdt.c
++++ b/common/image-fdt.c
+@@ -353,7 +353,7 @@ int boot_get_fdt(int flag, int argc, char * const argv[], uint8_t arch,
+ 			 */
+ #if CONFIG_IS_ENABLED(FIT)
+ 			/* check FDT blob vs FIT blob */
+-			if (fit_check_format(buf)) {
++			if (!fit_check_format(buf, IMAGE_SIZE_INVAL)) {
+ 				ulong load, len;
+ 
+ 				fdt_noffset = fit_image_load(images,
+diff --git a/common/image-fit.c b/common/image-fit.c
+index 322fde728b50..34bbc8645205 100644
+--- a/common/image-fit.c
++++ b/common/image-fit.c
+@@ -9,6 +9,8 @@
+  * SPDX-License-Identifier:	GPL-2.0+
+  */
+ 
++#define LOG_CATEGORY LOGC_BOOT
++
+ #ifdef USE_HOSTCC
+ #include "mkimage.h"
+ #include <image.h>
+@@ -1212,40 +1214,38 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp)
+ 	return (comp == image_comp);
+ }
+ 
+-/**
+- * fit_check_format - sanity check FIT image format
+- * @fit: pointer to the FIT format image header
+- *
+- * fit_check_format() runs a basic sanity FIT image verification.
+- * Routine checks for mandatory properties, nodes, etc.
+- *
+- * returns:
+- *     1, on success
+- *     0, on failure
+- */
+-int fit_check_format(const void *fit)
++int fit_check_format(const void *fit, ulong size)
+ {
++	int ret;
++
++	ret = fdt_check_header(fit);
++	if (ret) {
++		log_debug("Wrong FIT format: not a flattened device tree (err=%d)\n",
++			  ret);
++		return -ENOEXEC;
++	}
++
+ 	/* mandatory / node 'description' property */
+-	if (fdt_getprop(fit, 0, FIT_DESC_PROP, NULL) == NULL) {
+-		debug("Wrong FIT format: no description\n");
+-		return 0;
++	if (!fdt_getprop(fit, 0, FIT_DESC_PROP, NULL)) {
++		log_debug("Wrong FIT format: no description\n");
++		return -ENOMSG;
+ 	}
+ 
+ 	if (IMAGE_ENABLE_TIMESTAMP) {
+ 		/* mandatory / node 'timestamp' property */
+-		if (fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL) == NULL) {
+-			debug("Wrong FIT format: no timestamp\n");
+-			return 0;
++		if (!fdt_getprop(fit, 0, FIT_TIMESTAMP_PROP, NULL)) {
++			log_debug("Wrong FIT format: no timestamp\n");
++			return -ENODATA;
+ 		}
+ 	}
+ 
+ 	/* mandatory subimages parent '/images' node */
+ 	if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) {
+-		debug("Wrong FIT format: no images parent node\n");
+-		return 0;
++		log_debug("Wrong FIT format: no images parent node\n");
++		return -ENOENT;
+ 	}
+ 
+-	return 1;
++	return 0;
+ }
+ 
+ 
+@@ -1585,7 +1585,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
+ 	printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr);
+ 
+ 	bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT);
+-	if (!fit_check_format(fit)) {
++	if (fit_check_format(fit, IMAGE_SIZE_INVAL)) {
+ 		printf("Bad FIT %s image format!\n", prop_name);
+ 		bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT);
+ 		return -ENOEXEC;
+diff --git a/common/update.c b/common/update.c
+index 1da80b70f2db..521772c3645b 100644
+--- a/common/update.c
++++ b/common/update.c
+@@ -279,7 +279,7 @@ int update_tftp(ulong addr, char *interface, char *devstring)
+ got_update_file:
+ 	fit = (void *)addr;
+ 
+-	if (!fit_check_format((void *)fit)) {
++	if (fit_check_format((void *)fit, IMAGE_SIZE_INVAL)) {
+ 		printf("Bad FIT format of the update file, aborting "
+ 							"auto-update\n");
+ 		return 1;
+diff --git a/drivers/misc/fsl_debug_server.c b/drivers/misc/fsl_debug_server.c
+index 98d9fbe534c3..25713316a1f5 100644
+--- a/drivers/misc/fsl_debug_server.c
++++ b/drivers/misc/fsl_debug_server.c
+@@ -63,7 +63,7 @@ int debug_server_parse_firmware_fit_image(const void **raw_image_addr,
+ 		goto out_error;
+ 	}
+ 
+-	if (!fit_check_format(fit_hdr)) {
++	if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) {
+ 		printf("Debug Server FW: Bad FIT image format\n");
+ 		goto out_error;
+ 	}
+diff --git a/drivers/net/fsl-mc/mc.c b/drivers/net/fsl-mc/mc.c
+index 1811b0fe1a3f..243563eac400 100644
+--- a/drivers/net/fsl-mc/mc.c
++++ b/drivers/net/fsl-mc/mc.c
+@@ -124,7 +124,7 @@ int parse_mc_firmware_fit_image(u64 mc_fw_addr,
+ 		return -EINVAL;
+ 	}
+ 
+-	if (!fit_check_format(fit_hdr)) {
++	if (fit_check_format(fit_hdr, IMAGE_SIZE_INVAL)) {
+ 		printf("fsl-mc: ERR: Bad firmware image (bad FIT header)\n");
+ 		return -EINVAL;
+ 	}
+diff --git a/include/image.h b/include/image.h
+index 2c6ef4de259d..130dc03bfb3c 100644
+--- a/include/image.h
++++ b/include/image.h
+@@ -384,6 +384,9 @@ extern bootm_headers_t images;
+ #define uimage_to_cpu(x)		be32_to_cpu(x)
+ #define cpu_to_uimage(x)		cpu_to_be32(x)
+ 
++/* An invalid size, meaning that the image size is not known */
++#define IMAGE_SIZE_INVAL	(-1UL)
++
+ /*
+  * Translation table for entries of a specific type; used by
+  * get_table_entry_id() and get_table_entry_name().
+@@ -907,7 +910,23 @@ int fit_image_check_os(const void *fit, int noffset, uint8_t os);
+ int fit_image_check_arch(const void *fit, int noffset, uint8_t arch);
+ int fit_image_check_type(const void *fit, int noffset, uint8_t type);
+ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp);
+-int fit_check_format(const void *fit);
++
++/**
++ * fit_check_format() - Check that the FIT is valid
++ *
++ * This performs various checks on the FIT to make sure it is suitable for
++ * use, looking for mandatory properties, nodes, etc.
++ *
++ * If FIT_FULL_CHECK is enabled, it also runs it through libfdt to make
++ * sure that there are no strange tags or broken nodes in the FIT.
++ *
++ * @fit: pointer to the FIT format image header
++ * @return 0 if OK, -ENOEXEC if not an FDT file, -EINVAL if the full FDT check
++ *	failed (e.g. due to bad structure), -ENOMSG if the description is
++ *	missing, -ENODATA if the timestamp is missing, -ENOENT if the /images
++ *	path is missing
++ */
++int fit_check_format(const void *fit, ulong size);
+ 
+ int fit_conf_find_compat(const void *fit, const void *fdt);
+ 
+diff --git a/tools/fit_image.c b/tools/fit_image.c
+index 58aa8e27db3e..6960cc74d23f 100644
+--- a/tools/fit_image.c
++++ b/tools/fit_image.c
+@@ -721,7 +721,7 @@ static int fit_extract_contents(void *ptr, struct image_tool_params *params)
+ 	/* Indent string is defined in header image.h */
+ 	p = IMAGE_INDENT_STRING;
+ 
+-	if (!fit_check_format(fit)) {
++	if (fit_check_format(fit, IMAGE_SIZE_INVAL)) {
+ 		printf("Bad FIT image format\n");
+ 		return -1;
+ 	}
+diff --git a/tools/mkimage.h b/tools/mkimage.h
+index 3f369b748ed1..3c6c680218a2 100644
+--- a/tools/mkimage.h
++++ b/tools/mkimage.h
+@@ -30,6 +30,8 @@
+ #define debug(fmt,args...)
+ #endif /* MKIMAGE_DEBUG */
+ 
++#define log_debug(fmt, args...)	debug(fmt, ##args)
++
+ static inline void *map_sysmem(ulong paddr, unsigned long len)
+ {
+ 	return (void *)(uintptr_t)paddr;
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch
new file mode 100644
index 000000000..d82767ee9
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27097/0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch
@@ -0,0 +1,198 @@
+From df6bfa8d2d429addea3dfd9d1bfb3933b4adb7e7 Mon Sep 17 00:00:00 2001
+From: Simon Glass <sjg@chromium.org>
+Date: Mon, 15 Feb 2021 17:08:10 -0700
+Subject: [PATCH] image: Add an option to do a full check of the FIT
+
+Some strange modifications of the FIT can introduce security risks. Add an
+option to check it thoroughly, using libfdt's fdt_check_full() function.
+
+Enable this by default if signature verification is enabled.
+
+CVE-2021-27097
+
+Signed-off-by: Simon Glass <sjg@chromium.org>
+Reported-by: Bruce Monroe <bruce.monroe@intel.com>
+Reported-by: Arie Haenel <arie.haenel@intel.com>
+Reported-by: Julien Lenoir <julien.lenoir@intel.com>
+---
+ Kconfig             | 19 +++++++++++++
+ common/image-fit.c  | 19 +++++++++++++
+ include/libfdt.h    |  1 +
+ lib/libfdt/fdt_ro.c | 65 +++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 104 insertions(+)
+
+diff --git a/Kconfig b/Kconfig
+index d6439d01ca60..1c1267fee079 100644
+--- a/Kconfig
++++ b/Kconfig
+@@ -222,11 +222,21 @@ config FIT_VERBOSE
+ 	bool "Display verbose messages on FIT boot"
+ 	depends on FIT
+ 
++config FIT_FULL_CHECK
++	bool "Do a full check of the FIT before using it"
++	default y
++	help
++	  Enable this do a full check of the FIT to make sure it is valid. This
++	  helps to protect against carefully crafted FITs which take advantage
++	  of bugs or omissions in the code. This includes a bad structure,
++	  multiple root nodes and the like.
++
+ config FIT_SIGNATURE
+ 	bool "Enable signature verification of FIT uImages"
+ 	depends on FIT
+ 	depends on DM
+ 	select RSA
++	select FIT_FULL_CHECK
+ 	help
+ 	  This option enables signature verification of FIT uImages,
+ 	  using a hash signed and verified using RSA. If
+@@ -240,11 +250,20 @@ config FIT_SIGNATURE
+ 	  format support in this case, enable it using
+ 	  CONFIG_IMAGE_FORMAT_LEGACY.
+ 
++config SPL_FIT_FULL_CHECK
++	bool "Do a full check of the FIT before using it"
++	help
++	  Enable this do a full check of the FIT to make sure it is valid. This
++	  helps to protect against carefully crafted FITs which take advantage
++	  of bugs or omissions in the code. This includes a bad structure,
++	  multiple root nodes and the like.
++
+ config SPL_FIT_SIGNATURE
+ 	bool "Enable signature verification of FIT firmware within SPL"
+ 	depends on SPL_FIT
+ 	depends on SPL_DM
+ 	select SPL_RSA
++	select SPL_FIT_FULL_CHECK
+ 
+ config FIT_BEST_MATCH
+ 	bool "Select the best match for the kernel device tree"
+diff --git a/common/image-fit.c b/common/image-fit.c
+index 34bbc8645205..78db32e89f6f 100644
+--- a/common/image-fit.c
++++ b/common/image-fit.c
+@@ -24,11 +24,14 @@ DECLARE_GLOBAL_DATA_PTR;
+ #endif /* !USE_HOSTCC*/
+ 
+ #include <bootstage.h>
++#include <linux/kconfig.h>
+ #include <u-boot/crc.h>
+ #include <u-boot/md5.h>
+ #include <u-boot/sha1.h>
+ #include <u-boot/sha256.h>
+ 
++#define log_debug(fmt, args...)	debug(fmt, ##args)
++
+ /*****************************************************************************/
+ /* New uImage format routines */
+ /*****************************************************************************/
+@@ -1239,6 +1242,22 @@ int fit_check_format(const void *fit, ulong size)
+ 		}
+ 	}
+ 
++	if (CONFIG_IS_ENABLED(FIT_FULL_CHECK)) {
++		/*
++		 * If we are not given the size, make do wtih calculating it.
++		 * This is not as secure, so we should consider a flag to
++		 * control this.
++		 */
++		if (size == IMAGE_SIZE_INVAL)
++			size = fdt_totalsize(fit);
++		ret = fdt_check_full(fit, size);
++
++		if (ret) {
++			log_debug("FIT check error %d\n", ret);
++			return -EINVAL;
++		}
++	}
++
+ 	/* mandatory subimages parent '/images' node */
+ 	if (fdt_path_offset(fit, FIT_IMAGES_PATH) < 0) {
+ 		log_debug("Wrong FIT format: no images parent node\n");
+diff --git a/include/libfdt.h b/include/libfdt.h
+index 74b1d149c2dd..6a4b2f871205 100644
+--- a/include/libfdt.h
++++ b/include/libfdt.h
+@@ -1980,4 +1980,5 @@ int fdt_next_region(const void *fdt,
+ int fdt_add_alias_regions(const void *fdt, struct fdt_region *region, int count,
+ 			  int max_regions, struct fdt_region_state *info);
+ 
++int fdt_check_full(const void *fdt, size_t bufsize);
+ #endif /* _LIBFDT_H */
+diff --git a/lib/libfdt/fdt_ro.c b/lib/libfdt/fdt_ro.c
+index 12214c2dc2b5..5ae4b84d6e54 100644
+--- a/lib/libfdt/fdt_ro.c
++++ b/lib/libfdt/fdt_ro.c
+@@ -625,3 +625,68 @@ int fdt_node_offset_by_compatible(const void *fdt, int startoffset,
+ 
+ 	return offset; /* error from fdt_next_node() */
+ }
++
++#define INT_MAX	((int)(~0U>>1))
++
++int fdt_check_full(const void *fdt, size_t bufsize)
++{
++        int err;
++        int num_memrsv;
++        int offset, nextoffset = 0;
++        uint32_t tag;
++        unsigned depth = 0;
++        const void *prop;
++        const char *propname;
++
++        if (bufsize < FDT_V1_SIZE)
++                return -FDT_ERR_TRUNCATED;
++        err = fdt_check_header(fdt);
++        if (err != 0)
++                return err;
++        if (bufsize < fdt_totalsize(fdt))
++                return -FDT_ERR_TRUNCATED;
++
++        num_memrsv = fdt_num_mem_rsv(fdt);
++        if (num_memrsv < 0)
++                return num_memrsv;
++
++        while (1) {
++                offset = nextoffset;
++                tag = fdt_next_tag(fdt, offset, &nextoffset);
++
++                if (nextoffset < 0)
++                        return nextoffset;
++
++                switch (tag) {
++                case FDT_NOP:
++                        break;
++
++                case FDT_END:
++                        if (depth != 0)
++                                return -FDT_ERR_BADSTRUCTURE;
++                        return 0;
++
++                case FDT_BEGIN_NODE:
++                        depth++;
++                        if (depth > INT_MAX)
++                                return -FDT_ERR_BADSTRUCTURE;
++                        break;
++
++                case FDT_END_NODE:
++                        if (depth == 0)
++                                return -FDT_ERR_BADSTRUCTURE;
++                        depth--;
++                        break;
++
++                case FDT_PROP:
++                        prop = fdt_getprop_by_offset(fdt, offset, &propname,
++                                                     &err);
++                        if (!prop)
++                                return err;
++                        break;
++
++                default:
++                        return -FDT_ERR_INTERNAL;
++                }
++        }
++}
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch
new file mode 100644
index 000000000..33dbf15be
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/files/CVE-2021-27138/0001-image-Check-for-unit-addresses-in-FITs.patch
@@ -0,0 +1,106 @@
+From dbfcf0735d5f4d27445176f72e6174edf064c118 Mon Sep 17 00:00:00 2001
+From: Simon Glass <sjg@chromium.org>
+Date: Mon, 15 Feb 2021 17:08:12 -0700
+Subject: [PATCH] image: Check for unit addresses in FITs
+
+Using unit addresses in a FIT is a security risk. Add a check for this
+and disallow it.
+
+CVE-2021-27138
+
+Signed-off-by: Simon Glass <sjg@chromium.org>
+Reported-by: Bruce Monroe <bruce.monroe@intel.com>
+Reported-by: Arie Haenel <arie.haenel@intel.com>
+Reported-by: Julien Lenoir <julien.lenoir@intel.com>
+---
+ common/image-fit.c | 56 ++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 52 insertions(+), 4 deletions(-)
+
+diff --git a/common/image-fit.c b/common/image-fit.c
+index 78db32e89f6f..6c495ffa4349 100644
+--- a/common/image-fit.c
++++ b/common/image-fit.c
+@@ -1217,6 +1217,34 @@ int fit_image_check_comp(const void *fit, int noffset, uint8_t comp)
+ 	return (comp == image_comp);
+ }
+ 
++/**
++ * fdt_check_no_at() - Check for nodes whose names contain '@'
++ *
++ * This checks the parent node and all subnodes recursively
++ *
++ * @fit: FIT to check
++ * @parent: Parent node to check
++ * @return 0 if OK, -EADDRNOTAVAIL is a node has a name containing '@'
++ */
++static int fdt_check_no_at(const void *fit, int parent)
++{
++	const char *name;
++	int node;
++	int ret;
++
++	name = fdt_get_name(fit, parent, NULL);
++	if (!name || strchr(name, '@'))
++		return -EADDRNOTAVAIL;
++
++	fdt_for_each_subnode(node, fit, parent) {
++		ret = fdt_check_no_at(fit, node);
++		if (ret)
++			return ret;
++	}
++
++	return 0;
++}
++
+ int fit_check_format(const void *fit, ulong size)
+ {
+ 	int ret;
+@@ -1251,10 +1279,27 @@ int fit_check_format(const void *fit, ulong size)
+ 		if (size == IMAGE_SIZE_INVAL)
+ 			size = fdt_totalsize(fit);
+ 		ret = fdt_check_full(fit, size);
++		if (ret)
++			ret = -EINVAL;
++
++		/*
++		 * U-Boot stopped using unit addressed in 2017. Since libfdt
++		 * can match nodes ignoring any unit address, signature
++		 * verification can see the wrong node if one is inserted with
++		 * the same name as a valid node but with a unit address
++		 * attached. Protect against this by disallowing unit addresses.
++		 */
++		if (!ret && CONFIG_IS_ENABLED(FIT_SIGNATURE)) {
++			ret = fdt_check_no_at(fit, 0);
+ 
++			if (ret) {
++				log_debug("FIT check error %d\n", ret);
++				return ret;
++			}
++		}
+ 		if (ret) {
+ 			log_debug("FIT check error %d\n", ret);
+-			return -EINVAL;
++			return ret;
+ 		}
+ 	}
+ 
+@@ -1604,10 +1649,13 @@ int fit_image_load(bootm_headers_t *images, ulong addr,
+ 	printf("## Loading %s from FIT Image at %08lx ...\n", prop_name, addr);
+ 
+ 	bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT);
+-	if (fit_check_format(fit, IMAGE_SIZE_INVAL)) {
+-		printf("Bad FIT %s image format!\n", prop_name);
++	ret = fit_check_format(fit, IMAGE_SIZE_INVAL);
++	if (ret) {
++		printf("Bad FIT %s image format! (err=%d)\n", prop_name, ret);
++		if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && ret == -EADDRNOTAVAIL)
++			printf("Signature checking prevents use of unit addresses (@) in nodes\n");
+ 		bootstage_error(bootstage_id + BOOTSTAGE_SUB_FORMAT);
+-		return -ENOEXEC;
++		return ret;
+ 	}
+ 	bootstage_mark(bootstage_id + BOOTSTAGE_SUB_FORMAT_OK);
+ 	if (fit_uname) {
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend
index f5dd88f7a..53e91136e 100644
--- a/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend
+++ b/meta-openbmc-mods/meta-ast2500/recipes-bsp/u-boot/u-boot-aspeed_%.bbappend
@@ -1,6 +1,5 @@
 COMPATIBLE_MACHINE = "intel-ast2500"
 FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files:"
-FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files/CVE-2020-10648:"
 
 # the meta-phosphor layer adds this patch, which conflicts
 # with the intel layout for environment
@@ -53,6 +52,7 @@ SRC_URI_append_intel-ast2500 = " \
     file://0054-U-Boot-4-4-lib-uuid-Improve-randomness-of-uuid-values-on-RANDOM_UUID-y.patch \
     "
 # CVE-2020-10648 vulnerability fix
+FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files/CVE-2020-10648:"
 SRC_URI_append_intel-ast2500 = " \
     file://0001-image-Correct-comment-for-fit_conf_get_node.patch \
     file://0002-image-Be-a-little-more-verbose-when-checking-signatu.patch \
@@ -62,6 +62,20 @@ SRC_URI_append_intel-ast2500 = " \
     file://0009-fit_check_sign-Allow-selecting-the-configuration-to-.patch \
     file://0012-image-Use-constants-for-required-and-key-name-hint.patch \
     "
+
+# CVE-2021-27097 vulnerability fix
+FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files/CVE-2021-27097:"
+SRC_URI_append_intel-ast2500 = " \
+    file://0001-image-Adjust-the-workings-of-fit_check_format.patch \
+    file://0002-image-Add-an-option-to-do-a-full-check-of-the-FIT.patch \
+    "
+
+# CVE-2021-27138 vulnerability fix
+FILESEXTRAPATHS_append_intel-ast2500:= "${THISDIR}/files/CVE-2021-27138:"
+SRC_URI_append_intel-ast2500 = " \
+    file://0001-image-Check-for-unit-addresses-in-FITs.patch \
+    "
+
 PFR_SRC_URI = " \
     file://0022-u-boot-env-change-for-PFR-image.patch \
     file://0032-PFR-FW-update-and-checkpoint-support-in-u-boot.patch \
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch
new file mode 100644
index 000000000..c4e093083
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch
@@ -0,0 +1,62 @@
+From 13a5a77c408efd1e84b48de8a48ab5990d26fca9 Mon Sep 17 00:00:00 2001
+From: Zhikui Ren <zhikui.ren@intel.com>
+Date: Tue, 9 Mar 2021 20:25:29 -0800
+Subject: [PATCH] ADCSensor: check threshold 10 seconds after power on
+
+For ADC Sensors, only check for threshold if the host power state file
+has been written for more than 10 seconds.
+
+This is a workaround to ensure that the sensor value that is used to
+compare against the threshold level is read after voltages settled and
+full ADC sampling cycle has been passed.
+
+The false SEL logs cannot be reliably reproduced, so it is not
+possible to confirm that the issue is fixed with this change.
+
+Tested:
+Use debug print to verify check threshold is skipped during first 10
+seconds after power state transition.
+SEL log is created when event is triggered after 10 seconds.
+
+Signed-off-by: Zhikui Ren <zhikui.ren@intel.com>
+---
+ src/ADCSensor.cpp | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/ADCSensor.cpp b/src/ADCSensor.cpp
+index 4de2b1f..2017c0c 100644
+--- a/src/ADCSensor.cpp
++++ b/src/ADCSensor.cpp
+@@ -246,6 +246,7 @@ void ADCSensor::handleResponse(const boost::system::error_code& err)
+ 
+ const static std::filesystem::path tmpHostStateFileDir = "/tmp";
+ const static constexpr std::string_view hostStateFile = "host-state";
++constexpr auto powerSettleTime = std::chrono::seconds{10};
+ 
+ static bool isPowerCurrentlyOn()
+ {
+@@ -256,6 +257,21 @@ static bool isPowerCurrentlyOn()
+         return false;
+     }
+ 
++    // File time is used as host power state change time.
++    // Make sure we are in the current state longer than settling time.
++    // This is only needed for power on to ensure VRs are sampled in
++    // the steady state.
++    // But it is ok to apply check for power off also,
++    // so always check the timestamp to keep the logic simple.
++    std::filesystem::file_time_type hostStateUpdateTime =
++        std::filesystem::last_write_time(
++            std::filesystem::path(tmpHostStateFileDir / hostStateFile));
++    if ((std::filesystem::file_time_type::clock::now() - hostStateUpdateTime) <=
++        powerSettleTime)
++    {
++        return false;
++    }
++
+     std::string state;
+     std::getline(hostStateStream, state);
+     return state == "xyz.openbmc_project.State.Host.HostState.Running";
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch
new file mode 100644
index 000000000..c0f8c5c92
--- /dev/null
+++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors/0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch
@@ -0,0 +1,209 @@
+From efb007d288530ce6ec8a319488422fbccb521edd Mon Sep 17 00:00:00 2001
+From: Zhikui Ren <zhikui.ren@intel.com>
+Date: Tue, 9 Mar 2021 20:45:35 -0800
+Subject: ExitAirTemp fix: use weak_ptr to in async handler
+
+Replace shared_ptr with weak_ptr in async handler's capture.
+CFMSensor and ExitAirTempSensor are properly deleted before
+new instances are created.
+
+Tested:
+Run dc cycle test and no more memory leak or dbus connection timeout.
+
+Signed-off-by Zhikui Ren <zhikui.ren@intel.com>
+---
+ src/ExitAirTempSensor.cpp | 102 +++++++++++++++++++++++++++++---------
+ 1 file changed, 79 insertions(+), 23 deletions(-)
+
+diff --git a/src/ExitAirTempSensor.cpp b/src/ExitAirTempSensor.cpp
+index 4661aeb..1ee9301 100644
+--- a/src/ExitAirTempSensor.cpp
++++ b/src/ExitAirTempSensor.cpp
+@@ -208,10 +208,16 @@ CFMSensor::CFMSensor(std::shared_ptr<sdbusplus::asio::connection>& conn,
+ void CFMSensor::setupMatches()
+ {
+ 
+-    std::shared_ptr<CFMSensor> self = shared_from_this();
++    std::weak_ptr<CFMSensor> weakRef = weak_from_this();
+     setupSensorMatch(
+         matches, *dbusConnection, "fan_tach",
+-        [self](const double& value, sdbusplus::message::message& message) {
++        [weakRef](const double& value, sdbusplus::message::message& message) {
++            std::shared_ptr<CFMSensor> self = weakRef.lock();
++            if (!self)
++            {
++                // we have been deleted
++                return;
++            }
+             self->tachReadings[message.get_path()] = value;
+             if (self->tachRanges.find(message.get_path()) ==
+                 self->tachRanges.end())
+@@ -226,8 +232,15 @@ void CFMSensor::setupMatches()
+         });
+ 
+     dbusConnection->async_method_call(
+-        [self](const boost::system::error_code ec,
+-               const std::variant<double> cfmVariant) {
++        [weakRef](const boost::system::error_code ec,
++                  const std::variant<double> cfmVariant) {
++            std::shared_ptr<CFMSensor> self = weakRef.lock();
++            if (!self)
++            {
++                // we have been deleted
++                return;
++            }
++
+             uint64_t maxRpm = 100;
+             if (!ec)
+             {
+@@ -252,7 +265,13 @@ void CFMSensor::setupMatches()
+         "freedesktop.DBus.Properties',path='" +
+             std::string(cfmSettingPath) + "',arg0='" +
+             std::string(cfmSettingIface) + "'",
+-        [self](sdbusplus::message::message& message) {
++        [weakRef](sdbusplus::message::message& message) {
++            std::shared_ptr<CFMSensor> self = weakRef.lock();
++            if (!self)
++            {
++                // we have been deleted
++                return;
++            }
+             boost::container::flat_map<std::string, std::variant<double>>
+                 values;
+             std::string objectName;
+@@ -298,18 +317,24 @@ void CFMSensor::createMaxCFMIface(void)
+ void CFMSensor::addTachRanges(const std::string& serviceName,
+                               const std::string& path)
+ {
+-    std::shared_ptr<CFMSensor> self = shared_from_this();
++    std::weak_ptr<CFMSensor> weakRef = weak_from_this();
+     dbusConnection->async_method_call(
+-        [self, path](const boost::system::error_code ec,
+-                     const boost::container::flat_map<std::string,
+-                                                      BasicVariantType>& data) {
++        [weakRef,
++         path](const boost::system::error_code ec,
++               const boost::container::flat_map<std::string, BasicVariantType>&
++                   data) {
+             if (ec)
+             {
+                 std::cerr << "Error getting properties from " << path << "\n";
+                 std::cerr << ec.message() << "\n";
+                 return;
+             }
+-
++            std::shared_ptr<CFMSensor> self = weakRef.lock();
++            if (!self)
++            {
++                // we have been deleted
++                return;
++            }
+             double max = loadVariant<double>(data, "MaxValue");
+             double min = loadVariant<double>(data, "MinValue");
+             self->tachRanges[path] = std::make_pair(min, max);
+@@ -544,13 +569,19 @@ void ExitAirTempSensor::setupMatches(void)
+     constexpr const std::array<const char*, 2> matchTypes = {
+         "power", inletTemperatureSensor};
+ 
+-    std::shared_ptr<ExitAirTempSensor> self = shared_from_this();
++    std::weak_ptr<ExitAirTempSensor> weakRef = weak_from_this();
+     for (const std::string& type : matchTypes)
+     {
+         setupSensorMatch(
+             matches, *dbusConnection, type,
+-            [self, type](const double& value,
+-                         sdbusplus::message::message& message) {
++            [weakRef, type](const double& value,
++                            sdbusplus::message::message& message) {
++                std::shared_ptr<ExitAirTempSensor> self = weakRef.lock();
++                if (!self)
++                {
++                    // we have been deleted
++                    return;
++                }
+                 if (type == "power")
+                 {
+                     std::string path = message.get_path();
+@@ -579,8 +610,14 @@ void ExitAirTempSensor::setupMatches(void)
+             });
+     }
+     dbusConnection->async_method_call(
+-        [self](boost::system::error_code ec,
+-               const std::variant<double>& value) {
++        [weakRef](boost::system::error_code ec,
++                  const std::variant<double>& value) {
++            std::shared_ptr<ExitAirTempSensor> self = weakRef.lock();
++            if (!self)
++            {
++                // we have been deleted
++                return;
++            }
+             if (ec)
+             {
+                 // sensor not ready yet
+@@ -593,7 +630,13 @@ void ExitAirTempSensor::setupMatches(void)
+         std::string("/xyz/openbmc_project/sensors/") + inletTemperatureSensor,
+         properties::interface, properties::get, sensorValueInterface, "Value");
+     dbusConnection->async_method_call(
+-        [self](boost::system::error_code ec, const GetSubTreeType& subtree) {
++        [weakRef](boost::system::error_code ec, const GetSubTreeType& subtree) {
++            std::shared_ptr<ExitAirTempSensor> self = weakRef.lock();
++            if (!self)
++            {
++                // we have been deleted
++                return;
++            }
+             if (ec)
+             {
+                 std::cerr << "Error contacting mapper\n";
+@@ -614,8 +657,15 @@ void ExitAirTempSensor::setupMatches(void)
+                 {
+                     const std::string& path = item.first;
+                     self->dbusConnection->async_method_call(
+-                        [self, path](boost::system::error_code ec,
+-                                     const std::variant<double>& value) {
++                        [weakRef, path](boost::system::error_code ec,
++                                        const std::variant<double>& value) {
++                            std::shared_ptr<ExitAirTempSensor> self =
++                                weakRef.lock();
++                            if (!self)
++                            {
++                                // we have been deleted
++                                return;
++                            }
+                             if (ec)
+                             {
+                                 std::cerr << "Error getting value from " << path
+@@ -644,18 +694,24 @@ void ExitAirTempSensor::setupMatches(void)
+ void ExitAirTempSensor::addPowerRanges(const std::string& serviceName,
+                                        const std::string& path)
+ {
+-    std::shared_ptr<ExitAirTempSensor> self = shared_from_this();
++    std::weak_ptr<ExitAirTempSensor> weakRef = weak_from_this();
+     dbusConnection->async_method_call(
+-        [self, path](const boost::system::error_code ec,
+-                     const boost::container::flat_map<std::string,
+-                                                      BasicVariantType>& data) {
++        [weakRef,
++         path](const boost::system::error_code ec,
++               const boost::container::flat_map<std::string, BasicVariantType>&
++                   data) {
+             if (ec)
+             {
+                 std::cerr << "Error getting properties from " << path << "\n";
+                 std::cerr << ec.message() << "\n";
+                 return;
+             }
+-
++            std::shared_ptr<ExitAirTempSensor> self = weakRef.lock();
++            if (!self)
++            {
++                // we have been deleted
++                return;
++            }
+             double max = loadVariant<double>(data, "MaxValue");
+             double min = loadVariant<double>(data, "MinValue");
+             self->powerRanges[path] = std::make_pair(min, max);
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend
index 8e2126d9d..c75d5bb97 100644
--- a/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend
+++ b/meta-openbmc-mods/meta-ast2500/recipes-phosphor/sensors/dbus-sensors_%.bbappend
@@ -18,4 +18,6 @@ SRC_URI += "file://0001-Only-allow-drive-sensors-on-bus-2-for-ast2500.patch \
             file://0016-Fix-threshold-assertion-events-for-cpu-adc-sensors.patch \
             file://0017-Add-more-boundary-checking-in-Texitair-calculation.patch \
             file://0018-ADCSensor-use-tmp-power-state-file-for-threshold.patch \
+            file://0019-ADCSensor-check-threshold-10-seconds-after-power-on.patch \
+            file://0020-ExitAirTemp-fix-use-weak_ptr-to-in-async-handler.patch \
             "
diff --git a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1k.bb
index a9120d136..034cc610d 100644
--- a/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1i.bb
+++ b/meta-openbmc-mods/meta-common/recipes-connectivity/openssl/openssl_1.1.1k.bb
@@ -23,7 +23,7 @@ SRC_URI_append_class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"
+SRC_URI[sha256sum] = "892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5"
 
 inherit lib_package multilib_header multilib_script ptest
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb
index 6e3e0c4de..f35fee7ab 100644
--- a/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb
+++ b/meta-openbmc-mods/meta-common/recipes-core/at-scale-debug/at-scale-debug_git.bb
@@ -4,7 +4,7 @@ SUMMARY = "At Scale Debug Service"
 DESCRIPTION = "At Scale Debug Service exposes remote JTAG target debug capabilities"
 
 LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=0d1c657b2ba1e8877940a8d1614ec560"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=8929d33c051277ca2294fe0f5b062f38"
 
 
 inherit cmake
@@ -13,7 +13,7 @@ DEPENDS = "sdbusplus openssl libpam libgpiod safec"
 do_configure[depends] += "virtual/kernel:do_shared_workdir"
 
 SRC_URI = "git://github.com/Intel-BMC/asd;protocol=git"
-SRCREV = "1.4.3"
+SRCREV = "1.4.6"
 
 inherit useradd
 
diff --git a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch
new file mode 100644
index 000000000..b0f22dcab
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox/0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch
@@ -0,0 +1,48 @@
+From f25d254dfd4243698c31a4f3153d4ac72aa9e9bd Mon Sep 17 00:00:00 2001
+From: Samuel Sapalski <samuel.sapalski@nokia.com>
+Date: Wed, 3 Mar 2021 16:31:22 +0100
+Subject: decompress_gunzip: Fix DoS if gzip is corrupt
+
+On certain corrupt gzip files, huft_build will set the error bit on
+the result pointer. If afterwards abort_unzip is called huft_free
+might run into a segmentation fault or an invalid pointer to
+free(p).
+
+In order to mitigate this, we check in huft_free if the error bit
+is set and clear it before the linked list is freed.
+
+Signed-off-by: Samuel Sapalski <samuel.sapalski@nokia.com>
+Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+---
+ archival/libarchive/decompress_gunzip.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/archival/libarchive/decompress_gunzip.c b/archival/libarchive/decompress_gunzip.c
+index eb3b64930..e93cd5005 100644
+--- a/archival/libarchive/decompress_gunzip.c
++++ b/archival/libarchive/decompress_gunzip.c
+@@ -220,10 +220,20 @@ static const uint8_t border[] ALIGN1 = {
+  * each table.
+  * t: table to free
+  */
++#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
++#define ERR_RET     ((huft_t*)(uintptr_t)1)
+ static void huft_free(huft_t *p)
+ {
+ 	huft_t *q;
+ 
++	/*
++	 * If 'p' has the error bit set we have to clear it, otherwise we might run
++	 * into a segmentation fault or an invalid pointer to free(p)
++	 */
++	if (BAD_HUFT(p)) {
++		p = (huft_t*)((uintptr_t)(p) ^ (uintptr_t)(ERR_RET));
++	}
++
+ 	/* Go through linked list, freeing from the malloced (t[-1]) address. */
+ 	while (p) {
+ 		q = (--p)->v.t;
+-- 
+cgit v1.2.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend
index c72975ccc..b2a5f393f 100644
--- a/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-core/busybox/busybox_%.bbappend
@@ -2,6 +2,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 SRC_URI += " \
            file://disable.cfg \
            file://enable.cfg \
-		"
+           file://0001-Decompress_gunzip-Fix-Dos-if-gzip-is-corrupt-CVE-2021-28831.patch \
+           "
 
 SRC_URI += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks','file://dev-only.cfg','',d)}"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb b/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb
index b603cdefe..adcdc6011 100644
--- a/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb
+++ b/meta-openbmc-mods/meta-common/recipes-core/crashdump/crashdump_git.bb
@@ -13,7 +13,7 @@ LICENSE = "Proprietary"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=43c09494f6b77f344027eea0a1c22830"
 
 SRC_URI = "git://github.com/Intel-BMC/crashdump;protocol=git"
-SRCREV = "wht-1.0.4"
+SRCREV = "wht-1.0.6"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dhcp-check/dhcp-check/dhcp-check.service b/meta-openbmc-mods/meta-common/recipes-core/dhcp-check/dhcp-check/dhcp-check.service
index f32935a7f..de0236064 100644
--- a/meta-openbmc-mods/meta-common/recipes-core/dhcp-check/dhcp-check/dhcp-check.service
+++ b/meta-openbmc-mods/meta-common/recipes-core/dhcp-check/dhcp-check/dhcp-check.service
@@ -3,8 +3,8 @@ Description=Check for DHCP address
 After=network.target
 
 [Service]
-Type=oneshot
-ExecStart=/usr/bin/dhcp-check.sh
+Type=simple
+ExecStart=/bin/sh -c '/usr/bin/dhcp-check.sh'
 
 [Install]
 WantedBy=multi-user.target
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend
index cfa1d0711..686369d3f 100644
--- a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend
@@ -1,6 +1,8 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 
-SRC_URI += "file://enable-ssh.sh"
+SRC_URI += "file://0001-Port-OpenSSH-CVE-2018-20685-fix.patch \
+            file://enable-ssh.sh \
+           "
 
 add_manual_ssh_enable() {
    install -d ${D}/usr/share/misc
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/0001-Port-OpenSSH-CVE-2018-20685-fix.patch b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/0001-Port-OpenSSH-CVE-2018-20685-fix.patch
new file mode 100644
index 000000000..947c2fe22
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/0001-Port-OpenSSH-CVE-2018-20685-fix.patch
@@ -0,0 +1,23 @@
+From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001
+From: Haelwenn Monnier <contact+github.com@hacktivis.me>
+Date: Mon, 25 May 2020 14:54:29 +0200
+Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80)
+
+---
+ scp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/scp.c b/scp.c
+index 742ae00f..7b8e7d22 100644
+--- a/scp.c
++++ b/scp.c
+@@ -935,7 +935,8 @@ sink(int argc, char **argv)
+ 			size = size * 10 + (*cp++ - '0');
+ 		if (*cp++ != ' ')
+ 			SCREWUP("size not delimited");
+-		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
++		if (*cp == '\0' || strchr(cp, '/') != NULL ||
++		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+ 			run_err("error: unexpected filename: %s", cp);
+ 			exit(1);
+ 		}
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/cross-localedef-native_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/cross-localedef-native_2.33.bb
new file mode 100644
index 000000000..ec59c6ba1
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/cross-localedef-native_2.33.bb
@@ -0,0 +1,50 @@
+SUMMARY = "Cross locale generation tool for glibc"
+HOMEPAGE = "http://www.gnu.org/software/libc/libc.html"
+SECTION = "libs"
+LICENSE = "LGPL-2.1"
+
+LIC_FILES_CHKSUM = "file://LICENSES;md5=1541fd8f5e8f1579512bf05f533371ba \
+      file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+      file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \
+      file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
+
+require glibc-version.inc
+
+# Tell autotools that we're working in the localedef directory
+#
+AUTOTOOLS_SCRIPT_PATH = "${S}/localedef"
+
+inherit autotools
+inherit native
+
+FILESEXTRAPATHS =. "${FILE_DIRNAME}/${PN}:${FILE_DIRNAME}/glibc:"
+
+SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
+           git://github.com/kraj/localedef;branch=master;name=localedef;destsuffix=git/localedef \
+           \
+           file://0001-localedef-Add-hardlink-resolver-from-util-linux.patch \
+           file://0002-localedef-fix-ups-hardlink-to-make-it-compile.patch \
+           \
+           file://0016-timezone-re-written-tzselect-as-posix-sh.patch \
+           file://0017-Remove-bash-dependency-for-nscd-init-script.patch \
+           file://0018-eglibc-Cross-building-and-testing-instructions.patch \
+           file://0019-eglibc-Help-bootstrap-cross-toolchain.patch \
+           file://0020-eglibc-Resolve-__fpscr_values-on-SH4.patch \
+           file://0021-eglibc-Forward-port-cross-locale-generation-support.patch \
+           file://0022-Define-DUMMY_LOCALE_T-if-not-defined.patch \
+           file://0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \
+"
+# Makes for a rather long rev (22 characters), but...
+#
+SRCREV_FORMAT = "glibc_localedef"
+
+S = "${WORKDIR}/git"
+
+EXTRA_OECONF = "--with-glibc=${S}"
+CFLAGS += "-fgnu89-inline -std=gnu99 -DIS_IN\(x\)='0'"
+
+do_install() {
+	install -d ${D}${bindir}
+	install -m 0755 ${B}/localedef ${D}${bindir}/cross-localedef
+	install -m 0755 ${B}/cross-localedef-hardlink ${D}${bindir}/cross-localedef-hardlink
+}
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-collateral.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-collateral.inc
new file mode 100644
index 000000000..52880791a
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-collateral.inc
@@ -0,0 +1,12 @@
+require glibc-common.inc
+
+LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6 \
+                     file://${COMMON_LICENSE_DIR}/LGPL-2.1;md5=1a6d268fd218675ffea8be556788b780"
+
+deltask do_fetch
+deltask do_unpack
+deltask do_patch
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install[depends] += "virtual/${MLPREFIX}libc:do_stash_locale"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-common.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-common.inc
new file mode 100644
index 000000000..41ff7e9a1
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-common.inc
@@ -0,0 +1,25 @@
+SUMMARY = "GLIBC (GNU C Library)"
+DESCRIPTION = "The GNU C Library is used as the system C library in most systems with the Linux kernel."
+HOMEPAGE = "http://www.gnu.org/software/libc/libc.html"
+SECTION = "libs"
+LICENSE = "GPLv2 & LGPLv2.1"
+
+LIC_FILES_CHKSUM ?= "file://LICENSES;md5=1541fd8f5e8f1579512bf05f533371ba \
+      file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+      file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \
+      file://COPYING.LIB;md5=4fbd65380cdd255951079008b364516c"
+
+CVE_PRODUCT = "glibc"
+
+INHIBIT_DEFAULT_DEPS = "1"
+
+ARM_INSTRUCTION_SET_armv4 = "arm"
+ARM_INSTRUCTION_SET_armv5 = "arm"
+ARM_INSTRUCTION_SET_armv6 = "arm"
+#
+# We will skip parsing glibc when target system C library selection is not glibc
+# this helps in easing out parsing for non-glibc system libraries
+#
+COMPATIBLE_HOST_libc-musl_class-target = "null"
+
+PV = "2.33"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-ld.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-ld.inc
new file mode 100644
index 000000000..041ffbb9c
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-ld.inc
@@ -0,0 +1,20 @@
+inherit linuxloader
+
+GLIBC_GETLOADER = "${@get_linuxloader(d)}"
+
+def glibc_dl_info(d):
+    infos = {'ldconfig':set(), 'lddrewrite':set()}
+
+    loaders = all_multilib_tune_values(d, "GLIBC_GETLOADER").split()
+    for loader in loaders:
+        infos['ldconfig'].add('{"' + loader + '",' + "FLAG_ELF_LIBC6" + ' }')
+        infos['lddrewrite'].add(loader)
+
+    infos['ldconfig'] = ','.join(sorted(infos['ldconfig']))
+    infos['lddrewrite'] = ' '.join(sorted(infos['lddrewrite']))
+    return infos
+
+EGLIBC_KNOWN_INTERPRETER_NAMES = "${@glibc_dl_info(d)['ldconfig']}"
+RTLDLIST = "${@glibc_dl_info(d)['lddrewrite']}"
+RTLDLIST_class-nativesdk = "${base_libdir}/${@bb.utils.contains('SDK_ARCH', 'x86_64', 'ld-linux-x86-64.so.2', 'ld-linux.so.2', d)}"
+glibc_dl_info[vardepsexclude] = "OVERRIDES"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale.inc
new file mode 100644
index 000000000..ef06389ff
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale.inc
@@ -0,0 +1,103 @@
+require glibc-collateral.inc
+
+SUMMARY = "Locale data from glibc"
+
+BPN = "glibc"
+LOCALEBASEPN = "${MLPREFIX}glibc"
+
+# glibc-collateral.inc inhibits all default deps, but do_package needs objcopy
+# ERROR: objcopy failed with exit code 127 (cmd was 'i586-webos-linux-objcopy' --only-keep-debug 'glibc-locale/2.17-r0/package/usr/lib/gconv/IBM1166.so' 'glibc-locale/2.17-r0/package/usr/lib/gconv/.debug/IBM1166.so')
+# ERROR: Function failed: split_and_strip_files
+BINUTILSDEP = "virtual/${MLPREFIX}${TARGET_PREFIX}binutils:do_populate_sysroot"
+BINUTILSDEP_class-nativesdk = "virtual/${TARGET_PREFIX}binutils-crosssdk:do_populate_sysroot"
+do_package[depends] += "${BINUTILSDEP}"
+
+DEPENDS += "virtual/libc"
+
+# Binary locales are generated at build time if ENABLE_BINARY_LOCALE_GENERATION
+# is set. The idea is to avoid running localedef on the target (at first boot)
+# to decrease initial boot time and avoid localedef being killed by the OOM
+# killer which used to effectively break i18n on machines with < 128MB RAM.
+
+# default to disabled
+ENABLE_BINARY_LOCALE_GENERATION ?= "0"
+ENABLE_BINARY_LOCALE_GENERATION_pn-nativesdk-glibc-locale = "1"
+
+#enable locale generation on these arches
+# BINARY_LOCALE_ARCHES is a space separated list of regular expressions
+BINARY_LOCALE_ARCHES ?= "arc arm.* aarch64 i[3-6]86 x86_64 powerpc mips mips64 riscv32 riscv64"
+
+# set "1" to use cross-localedef for locale generation
+# set "0" for qemu emulation of native localedef for locale generation
+LOCALE_GENERATION_WITH_CROSS-LOCALEDEF = "1"
+
+PROVIDES = "virtual/libc-locale"
+
+PACKAGES = "localedef ${PN}-dbg"
+
+PACKAGES_DYNAMIC = "^locale-base-.* \
+                    ^glibc-gconv-.* ^glibc-charmap-.* ^glibc-localedata-.* ^glibc-binary-localedata-.* \
+                    ^${MLPREFIX}glibc-gconv$"
+
+# Create a glibc-binaries package
+ALLOW_EMPTY_${BPN}-binaries = "1"
+PACKAGES += "${BPN}-binaries"
+RRECOMMENDS_${BPN}-binaries =  "${@" ".join([p for p in d.getVar('PACKAGES').split() if p.find("glibc-binary") != -1])}"
+
+# Create a glibc-charmaps package
+ALLOW_EMPTY_${BPN}-charmaps = "1"
+PACKAGES += "${BPN}-charmaps"
+RRECOMMENDS_${BPN}-charmaps =  "${@" ".join([p for p in d.getVar('PACKAGES').split() if p.find("glibc-charmap") != -1])}"
+
+# Create a glibc-gconvs package
+ALLOW_EMPTY_${BPN}-gconvs = "1"
+PACKAGES += "${BPN}-gconvs"
+RRECOMMENDS_${BPN}-gconvs =  "${@" ".join([p for p in d.getVar('PACKAGES').split() if p.find("glibc-gconv") != -1])}"
+
+# Create a glibc-localedatas package
+ALLOW_EMPTY_${BPN}-localedatas = "1"
+PACKAGES += "${BPN}-localedatas"
+RRECOMMENDS_${BPN}-localedatas =  "${@" ".join([p for p in d.getVar('PACKAGES').split() if p.find("glibc-localedata") != -1])}"
+
+DESCRIPTION_localedef = "glibc: compile locale definition files"
+
+# glibc-gconv is dynamically added into PACKAGES, thus
+# FILES_glibc-gconv will not be automatically extended in multilib.
+# Explicitly add ${MLPREFIX} for FILES_glibc-gconv.
+FILES_${MLPREFIX}glibc-gconv = "${libdir}/gconv/*"
+FILES_localedef = "${bindir}/localedef"
+
+LOCALETREESRC = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale"
+
+copy_locale_files() {
+	local dir=$1 mode=$2
+
+	[ -e "${LOCALETREESRC}$dir" ] || return 0
+
+	for d in . $(find "${LOCALETREESRC}$dir" -type d -printf '%P '); do
+		install -d ${D}$dir/$d
+		find "${LOCALETREESRC}$dir/$d" -maxdepth 1 -type f \
+			-exec install -m $mode -t "${D}$dir/$d" {} \;
+	done
+}
+
+do_install() {
+	copy_locale_files ${bindir} 0755
+	copy_locale_files ${localedir} 0644
+	if [ ${PACKAGE_NO_GCONV} -eq 0 ]; then
+		copy_locale_files ${libdir}/gconv 0755
+		copy_locale_files ${datadir}/i18n 0644
+	else
+		# Remove the libdir if it is empty when gconv is not copied
+		find ${D}${libdir} -type d -empty -delete
+	fi
+	copy_locale_files ${datadir}/locale 0644
+	install -m 0644 ${LOCALETREESRC}/SUPPORTED ${WORKDIR}/SUPPORTED
+}
+
+inherit libc-package
+
+BBCLASSEXTEND = "nativesdk"
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale_2.33.bb
new file mode 100644
index 000000000..f7702e035
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-locale_2.33.bb
@@ -0,0 +1 @@
+require glibc-locale.inc
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace.inc
new file mode 100644
index 000000000..ef9d60ec2
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace.inc
@@ -0,0 +1,16 @@
+require glibc-collateral.inc
+
+SUMMARY = "mtrace utility provided by glibc"
+DESCRIPTION = "mtrace utility provided by glibc"
+RDEPENDS_${PN} = "perl"
+RPROVIDES_${PN} = "libc-mtrace"
+
+SRC = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale/scripts"
+
+do_install() {
+	install -d -m 0755 ${D}${bindir}
+	install -m 0755 ${SRC}/mtrace ${D}${bindir}/
+}
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace_2.33.bb
new file mode 100644
index 000000000..0b69bad46
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-mtrace_2.33.bb
@@ -0,0 +1 @@
+require glibc-mtrace.inc
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-package.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-package.inc
new file mode 100644
index 000000000..8d0cc8047
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-package.inc
@@ -0,0 +1,286 @@
+INHIBIT_SYSROOT_STRIP = "1"
+
+PACKAGES = "${PN}-dbg catchsegv sln nscd ldconfig ldd tzcode glibc-thread-db ${PN}-pic libcidn libmemusage libnss-db libsegfault ${PN}-pcprofile libsotruss ${PN} ${PN}-utils glibc-extra-nss ${PN}-dev ${PN}-staticdev ${PN}-doc"
+
+# The ld.so in this glibc supports the GNU_HASH
+RPROVIDES_${PN} = "eglibc rtld(GNU_HASH)"
+RPROVIDES_${PN}-utils = "eglibc-utils"
+RPROVIDES_${PN}-mtrace = "eglibc-mtrace libc-mtrace"
+RPROVIDES_${PN}-pic = "eglibc-pic"
+RPROVIDES_${PN}-dev = "eglibc-dev libc6-dev virtual-libc-dev"
+RPROVIDES_${PN}-staticdev = "eglibc-staticdev"
+RPROVIDES_${PN}-doc = "eglibc-doc"
+RPROVIDES_glibc-extra-nss = "eglibc-extra-nss"
+RPROVIDES_glibc-thread-db = "eglibc-thread-db"
+RPROVIDES_${PN}-pcprofile = "eglibc-pcprofile"
+RPROVIDES_${PN}-dbg = "eglibc-dbg"
+libc_baselibs = "${base_libdir}/libc.so.* ${base_libdir}/libc-*.so ${base_libdir}/libm*.so.* ${base_libdir}/libm-*.so ${base_libdir}/libmvec-*.so ${base_libdir}/ld*.so.* ${base_libdir}/ld-*.so ${base_libdir}/libpthread*.so.* ${base_libdir}/libpthread-*.so ${base_libdir}/libresolv*.so.* ${base_libdir}/libresolv-*.so ${base_libdir}/librt*.so.* ${base_libdir}/librt-*.so ${base_libdir}/libutil*.so.* ${base_libdir}/libutil-*.so ${base_libdir}/libnsl*.so.* ${base_libdir}/libnsl-*.so ${base_libdir}/libnss_files*.so.* ${base_libdir}/libnss_files-*.so ${base_libdir}/libnss_compat*.so.* ${base_libdir}/libnss_compat-*.so ${base_libdir}/libnss_dns*.so.* ${base_libdir}/libnss_dns-*.so ${base_libdir}/libdl*.so.* ${base_libdir}/libdl-*.so ${base_libdir}/libanl*.so.* ${base_libdir}/libanl-*.so ${base_libdir}/libBrokenLocale*.so.* ${base_libdir}/libBrokenLocale-*.so"
+ARCH_DYNAMIC_LOADER = ""
+# The aarch64 ABI says the dynamic linker -must- be
+# /lib/ld-linux-aarch64{,_be}.so.1. With usrmerge, that may mean that
+# we need to install it in /usr/lib.
+ARCH_DYNAMIC_LOADER_aarch64 = "ld-linux-${TARGET_ARCH}.so.1"
+libc_baselibs_append = " ${@oe.utils.conditional('ARCH_DYNAMIC_LOADER', '', '', '${root_prefix}/lib/${ARCH_DYNAMIC_LOADER}', d)}"
+INSANE_SKIP_${PN}_append_aarch64 = " libdir"
+
+FILES_${PN} = "${libc_baselibs} ${libexecdir}/* ${sysconfdir}/ld.so.conf"
+RRECOMMENDS_${PN} = "${@bb.utils.contains('DISTRO_FEATURES', 'ldconfig', '${MLPREFIX}ldconfig', '', d)}"
+FILES_ldconfig = "${base_sbindir}/ldconfig"
+FILES_ldd = "${bindir}/ldd"
+FILES_libsegfault = "${base_libdir}/libSegFault*"
+FILES_libcidn = "${base_libdir}/libcidn-*.so ${base_libdir}/libcidn.so.*"
+FILES_libmemusage = "${base_libdir}/libmemusage.so"
+FILES_libnss-db = "${base_libdir}/libnss_db.so.* ${base_libdir}/libnss_db-*.so ${localstatedir}/db/Makefile ${localstatedir}/db/makedbs.sh"
+RDEPENDS_libnss-db = "${PN}-utils"
+FILES_glibc-extra-nss = "${base_libdir}/libnss_*-*.so ${base_libdir}/libnss_*.so.*"
+FILES_sln = "${base_sbindir}/sln"
+FILES_${PN}-pic = "${libdir}/*_pic.a ${libdir}/*_pic.map ${libdir}/libc_pic/*.o"
+FILES_libsotruss = "${libdir}/audit/sotruss-lib.so"
+FILES_SOLIBSDEV = "${libdir}/lib*${SOLIBSDEV}"
+FILES_${PN}-dev += "${libdir}/*_nonshared.a ${base_libdir}/*_nonshared.a ${base_libdir}/*.o ${datadir}/aclocal"
+RDEPENDS_${PN}-dev = "linux-libc-headers-dev"
+FILES_${PN}-staticdev += "${libdir}/*.a ${base_libdir}/*.a"
+FILES_nscd = "${sbindir}/nscd* ${sysconfdir}/init.d/nscd ${systemd_unitdir}/system/nscd* ${sysconfdir}/tmpfiles.d/nscd.conf \
+              ${sysconfdir}/nscd.conf ${sysconfdir}/default/volatiles/98_nscd ${localstatedir}/db/nscd"
+FILES_${PN}-mtrace = "${bindir}/mtrace"
+FILES_tzcode = "${bindir}/tzselect ${sbindir}/zic ${sbindir}/zdump"
+FILES_${PN}-utils = "${bindir}/* ${sbindir}/*"
+FILES_catchsegv = "${bindir}/catchsegv"
+RDEPENDS_catchsegv = "libsegfault"
+FILES_${PN}-pcprofile = "${base_libdir}/libpcprofile.so"
+FILES_glibc-thread-db = "${base_libdir}/libthread_db.so.* ${base_libdir}/libthread_db-*.so"
+RPROVIDES_${PN}-dev += "libc-dev"
+RPROVIDES_${PN}-staticdev += "libc-staticdev"
+
+SUMMARY_sln = "The static ln"
+DESCRIPTION_sln = "Similar to the 'ln' utility, but statically linked.  sln is useful to make symbolic links to dynamic libraries if the dynamic linking system, for some reason, is not functional."
+SUMMARY_nscd = "Name service cache daemon"
+DESCRIPTION_nscd = "nscd, name service cache daemon, caches name service lookups for the passwd, group and hosts information.  It can damatically improvide performance with remote, such as NIS or NIS+, name services."
+SUMMARY_glibc-extra-nss = "hesiod, NIS and NIS+ nss libraries"
+DESCRIPTION_glibc-extra-nss = "glibc: nis, nisplus and hesiod search services."
+SUMMARY_ldd = "print shared library dependencies"
+DESCRIPTION_ldd = "${bindir}/ldd prints shared library dependencies for each program or shared library specified on the command line."
+SUMMARY_${PN}-utils = "Miscellaneous utilities provided by glibc"
+DESCRIPTION_${PN}-utils = "Miscellaneous utilities including getconf, iconv, locale, gencat, ..."
+DESCRIPTION_libsotruss = "Library to support sotruss which traces calls through PLTs"
+DESCRIPTION_tzcode = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect"
+
+inherit multilib_header
+
+do_install() {
+	oe_runmake install_root=${D} install
+	install -Dm 0644 ${WORKDIR}/etc/ld.so.conf ${D}/${sysconfdir}/ld.so.conf
+	install -d ${D}${localedir}
+	make -f ${WORKDIR}/generate-supported.mk IN="${S}/localedata/SUPPORTED" OUT="${WORKDIR}/SUPPORTED"
+	# get rid of some broken files...
+	for i in ${GLIBC_BROKEN_LOCALES}; do
+		sed -i "/$i/d" ${WORKDIR}/SUPPORTED
+	done
+	rm -f ${D}${sysconfdir}/rpc
+	rm -rf ${D}${datadir}/zoneinfo
+	rm -rf ${D}${libexecdir}/getconf
+
+	rm -f ${D}${sysconfdir}/localtime
+
+	# remove empty glibc dir
+	if [ -d ${D}${libexecdir} ]; then
+		rmdir --ignore-fail-on-non-empty ${D}${libexecdir}
+	fi
+
+	oe_multilib_header bits/syscall.h bits/long-double.h bits/floatn.h bits/endianness.h bits/struct_rwlock.h
+
+	if [ -f ${D}${bindir}/mtrace ]; then
+		sed -i -e '1s,#!.*perl,#! ${USRBINPATH}/env perl,' -e '2s,exec.*perl,exec ${USRBINPATH}/env perl,' ${D}${bindir}/mtrace
+	fi
+	# Info dir listing isn't interesting at this point so remove it if it exists.
+	if [ -e "${D}${infodir}/dir" ]; then
+		rm -f ${D}${infodir}/dir
+	fi
+
+	install -d ${D}${sysconfdir}/init.d
+	install -d ${D}${localstatedir}/db/nscd
+	install -m 0755 ${S}/nscd/nscd.init ${D}${sysconfdir}/init.d/nscd
+	install -m 0755 ${S}/nscd/nscd.conf ${D}${sysconfdir}/nscd.conf
+	install -m 0755 ${WORKDIR}/makedbs.sh ${D}${localstatedir}/db
+	sed -i "s%daemon%start-stop-daemon --start --exec%g" ${D}${sysconfdir}/init.d/nscd
+	sed -i "s|\(enable-cache\t\+netgroup\t\+\)yes|\1no|" ${D}${sysconfdir}/nscd.conf
+
+	install -d ${D}${systemd_unitdir}/system
+	install -m 0644 ${S}/nscd/nscd.service ${D}${systemd_unitdir}/system/
+
+	# The dynamic loader will have been installed into
+	# ${base_libdir}. However, if that isn't going to end up being
+	# available in the ABI-mandated location, then a symlink must
+	# be created.
+
+	if [ -n "${ARCH_DYNAMIC_LOADER}" -a ! -e "${D}${root_prefix}/lib/${ARCH_DYNAMIC_LOADER}" ]; then
+		install -d ${D}${root_prefix}/lib
+		ln -s ${@oe.path.relative('${root_prefix}/lib', '${base_libdir}')}/${ARCH_DYNAMIC_LOADER} \
+				${D}${root_prefix}/lib/${ARCH_DYNAMIC_LOADER}
+	fi
+}
+
+def get_libc_fpu_setting(bb, d):
+    if d.getVar('TARGET_FPU') in [ 'soft', 'ppc-efd' ]:
+        return "--without-fp"
+    return ""
+
+do_install_append_class-target() {
+	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+		install -d ${D}${sysconfdir}/tmpfiles.d
+		echo "d /run/nscd 755 root root -" \
+			> ${D}${sysconfdir}/tmpfiles.d/nscd.conf
+	fi
+
+	if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then
+		install -d ${D}${sysconfdir}/default/volatiles
+		echo "d root root 0755 /var/run/nscd none" \
+			> ${D}${sysconfdir}/default/volatiles/98_nscd
+	fi
+
+}
+do_install_append_aarch64 () {
+	do_install_armmultilib
+}
+
+do_install_append_arm () {
+	do_install_armmultilib
+}
+
+do_install_append_armeb () {
+	do_install_armmultilib
+}
+
+do_install_armmultilib () {
+	oe_multilib_header bits/endian.h bits/fcntl.h bits/fenv.h bits/fp-fast.h bits/hwcap.h bits/ipc.h bits/link.h
+	oe_multilib_header bits/local_lim.h bits/mman.h bits/msq.h bits/pthreadtypes.h bits/pthreadtypes-arch.h  bits/sem.h  bits/semaphore.h bits/setjmp.h
+	oe_multilib_header bits/shm.h bits/sigstack.h bits/stat.h bits/statfs.h bits/typesizes.h
+	oe_multilib_header bits/procfs-id.h bits/procfs.h bits/shmlba.h
+	oe_multilib_header bits/struct_stat.h
+
+	oe_multilib_header fpu_control.h gnu/lib-names.h gnu/stubs.h ieee754.h
+
+	oe_multilib_header sys/elf.h sys/procfs.h sys/ptrace.h sys/ucontext.h sys/user.h
+}
+
+
+LOCALESTASH = "${WORKDIR}/stashed-locale"
+bashscripts = "mtrace sotruss xtrace"
+
+do_stash_locale () {
+	dest=${LOCALESTASH}
+	install -d $dest${base_libdir} $dest${bindir} $dest${libdir} $dest${datadir}
+	# Hide away the locale data from the deployment
+	if [ -e ${D}${bindir}/localedef ]; then
+		cp -a ${D}${bindir}/localedef $dest${bindir}
+	fi
+	if [ -e ${D}${libdir}/gconv ]; then
+		cp -a ${D}${libdir}/gconv $dest${libdir}
+	fi
+	if [ -e ${D}${datadir}/i18n ]; then
+		cp -a  ${D}${datadir}/i18n $dest${datadir}
+	fi
+
+	# Make a copy of all the libraries into the locale stash
+	cp -fpPR ${D}${libdir}/* $dest${libdir}
+	if [ "${base_libdir}" != "${libdir}" ]; then
+		cp -fpPR ${D}${base_libdir}/* $dest${base_libdir}
+	fi
+	if [ -e ${D}${exec_prefix}/lib ]; then
+		if [ ${exec_prefix}/lib != ${base_libdir} ] && [ ${exec_prefix}/lib != ${libdir} ]; then
+			cp -fpPR ${D}${exec_prefix}/lib $dest${exec_prefix}
+		fi
+	fi
+
+	cp -fpPR ${D}${datadir}/* $dest${datadir}
+	cp -fpPR ${WORKDIR}/SUPPORTED $dest
+
+	target=$dest/scripts
+	mkdir -p $target
+	for i in ${bashscripts}; do
+		if [ -f ${D}${bindir}/$i ]; then
+			cp ${D}${bindir}/$i $target/
+		fi
+	done
+}
+
+addtask do_stash_locale after do_install before do_populate_sysroot do_package
+do_stash_locale[dirs] = "${B}"
+do_stash_locale[cleandirs] = "${LOCALESTASH}"
+SSTATETASKS += "do_stash_locale"
+do_stash_locale[sstate-inputdirs] = "${LOCALESTASH}"
+do_stash_locale[sstate-outputdirs] = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale"
+do_stash_locale[sstate-fixmedir] = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale"
+
+python do_stash_locale_setscene () {
+    sstate_setscene(d)
+}
+addtask do_stash_locale_setscene
+
+PACKAGE_PREPROCESS_FUNCS += "stash_locale_package_cleanup"
+SYSROOT_PREPROCESS_FUNCS += "stash_locale_sysroot_cleanup"
+stash_locale_cleanup () {
+	cleanupdir=$1
+	# Remove all files which do_stash_locale() copies
+	for i in ${bashscripts}; do
+		rm -f $cleanupdir${bindir}/$i
+	done
+	rm -f $cleanupdir${bindir}/localedef
+	rm -rf $cleanupdir${datadir}/i18n
+	rm -rf $cleanupdir${libdir}/gconv
+	rm -rf $cleanupdir${localedir}
+	rm -rf $cleanupdir${datadir}/locale
+	rmdir --ignore-fail-on-non-empty $cleanupdir${datadir}
+
+	if [ "${libdir}" != "${exec_prefix}/lib" ] && [ "${root_prefix}/lib" != "${exec_prefix}/lib" ]; then
+		if [ -d "$cleanupdir${exec_prefix}/lib" ]; then
+			if [ -z "${ARCH_DYNAMIC_LOADER}" -o \
+			     ! -e "$cleanupdir${exec_prefix}/lib/${ARCH_DYNAMIC_LOADER}" ]; then
+				# error out if directory isn't empty
+				# this dir should only contain locale dir
+				# which has been deleted in the previous step
+				rmdir $cleanupdir${exec_prefix}/lib
+			fi
+		fi
+	fi
+}
+
+stash_locale_sysroot_cleanup() {
+	stash_locale_cleanup ${SYSROOT_DESTDIR}
+}
+stash_locale_package_cleanup() {
+	stash_locale_cleanup ${PKGD}
+}
+
+python populate_packages_prepend () {
+    if d.getVar('DEBIAN_NAMES'):
+        pkgs = d.getVar('PACKAGES').split()
+        bpn = d.getVar('BPN')
+        prefix = d.getVar('MLPREFIX') or ""
+        # Set the base package...
+        d.setVar('PKG_' + prefix + bpn, prefix + 'libc6')
+        libcprefix = prefix + bpn + '-'
+        for p in pkgs:
+            # And all the subpackages.
+            if p.startswith(libcprefix):
+                renamed = p.replace(bpn, 'libc6', 1)
+                d.setVar('PKG_' + p, renamed)
+        # For backward compatibility with old -dbg package
+        d.appendVar('RPROVIDES_' + libcprefix + 'dbg', ' ' + prefix + 'libc-dbg')
+        d.appendVar('RCONFLICTS_' + libcprefix + 'dbg', ' ' + prefix + 'libc-dbg')
+        d.appendVar('RREPLACES_' + libcprefix + 'dbg', ' ' + prefix + 'libc-dbg')
+}
+
+pkg_postinst_nscd () {
+	if [ -z "$D" ]; then
+		if command -v systemd-tmpfiles >/dev/null; then
+			systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/nscd.conf
+		elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+			${sysconfdir}/init.d/populate-volatile.sh update
+		fi
+	fi
+}
+CONFFILES_nscd="${sysconfdir}/nscd.conf"
+
+SYSTEMD_PACKAGES = "nscd"
+SYSTEMD_SERVICE_nscd = "nscd.service"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts.inc
new file mode 100644
index 000000000..14a14e451
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts.inc
@@ -0,0 +1,23 @@
+require glibc-collateral.inc
+
+SUMMARY = "utility scripts provided by glibc"
+DESCRIPTION = "utility scripts provided by glibc"
+RDEPENDS_${PN} = "bash glibc-mtrace"
+
+SRC = "${COMPONENTS_DIR}/${PACKAGE_ARCH}/glibc-stash-locale/scripts"
+
+bashscripts = "sotruss xtrace"
+
+do_install() {
+	install -d -m 0755 ${D}${bindir}
+	for i in ${bashscripts}; do
+		install -m 0755 ${SRC}/$i ${D}${bindir}/
+	done
+}
+
+# sotruss script requires sotruss-lib.so (given by libsotruss package), 
+# to produce trace of the library calls.
+RDEPENDS_${PN} += "libsotruss"
+
+# Don't scan for CVEs as glibc will be scanned
+CVE_PRODUCT = ""
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts_2.33.bb
new file mode 100644
index 000000000..5a89bd802
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-scripts_2.33.bb
@@ -0,0 +1 @@
+require glibc-scripts.inc
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-testsuite_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-testsuite_2.33.bb
new file mode 100644
index 000000000..d887aeff7
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-testsuite_2.33.bb
@@ -0,0 +1,63 @@
+require glibc_${PV}.bb
+
+EXCLUDE_FROM_WORLD = "1"
+
+# handle PN differences
+FILESEXTRAPATHS_prepend := "${THISDIR}/glibc:"
+
+# strip provides
+PROVIDES = ""
+# setup depends
+INHIBIT_DEFAULT_DEPS = ""
+
+python () {
+    libc = d.getVar("PREFERRED_PROVIDER_virtual/libc")
+    libclocale = d.getVar("PREFERRED_PROVIDER_virtual/libc-locale")
+    if libc != "glibc" or libclocale != "glibc-locale":
+        raise bb.parse.SkipRecipe("glibc-testsuite requires that virtual/libc is glibc")
+}
+
+DEPENDS += "glibc-locale libgcc gcc-runtime"
+
+# remove the initial depends
+DEPENDS_remove = "libgcc-initial"
+
+inherit qemu
+
+SRC_URI += "file://check-test-wrapper"
+
+DEPENDS += "${@'qemu-native' if d.getVar('TOOLCHAIN_TEST_TARGET') == 'user' else ''}"
+
+TOOLCHAIN_TEST_TARGET ??= "user"
+TOOLCHAIN_TEST_HOST ??= "localhost"
+TOOLCHAIN_TEST_HOST_USER ??= "root"
+TOOLCHAIN_TEST_HOST_PORT ??= "2222"
+
+do_check[dirs] += "${B}"
+do_check[nostamp] = "1"
+do_check () {
+    chmod 0755 ${WORKDIR}/check-test-wrapper
+
+    # clean out previous test results
+    oe_runmake tests-clean
+    # makefiles don't clean entirely (and also sometimes fails due to too many args)
+    find ${B} -type f -name "*.out" -delete
+    find ${B} -type f -name "*.test-result" -delete
+    find ${B}/catgets -name "*.cat" -delete
+    find ${B}/conform -name "symlist-*" -delete
+    [ ! -e ${B}/timezone/testdata ] || rm -rf ${B}/timezone/testdata
+
+    oe_runmake -i \
+        QEMU_SYSROOT="${RECIPE_SYSROOT}" \
+        QEMU_OPTIONS="${@qemu_target_binary(d)} ${QEMU_OPTIONS}" \
+        SSH_HOST="${TOOLCHAIN_TEST_HOST}" \
+        SSH_HOST_USER="${TOOLCHAIN_TEST_HOST_USER}" \
+        SSH_HOST_PORT="${TOOLCHAIN_TEST_HOST_PORT}" \
+        test-wrapper="${WORKDIR}/check-test-wrapper ${TOOLCHAIN_TEST_TARGET}" \
+        check
+}
+addtask do_check after do_compile
+
+inherit nopackages
+deltask do_stash_locale
+deltask do_install
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-version.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-version.inc
new file mode 100644
index 000000000..3a9517317
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc-version.inc
@@ -0,0 +1,8 @@
+SRCBRANCH ?= "release/2.33/master"
+PV = "2.33"
+SRCREV_glibc ?= "9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3"
+SRCREV_localedef ?= "bd644c9e6f3e20c5504da1488448173c69c56c28"
+
+GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
+
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.(?!90)\d+)*)"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc.inc b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc.inc
new file mode 100644
index 000000000..7d1430637
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc.inc
@@ -0,0 +1,52 @@
+require glibc-common.inc
+require glibc-ld.inc
+
+DEPENDS = "virtual/${TARGET_PREFIX}gcc libgcc-initial linux-libc-headers"
+
+PROVIDES = "virtual/libc"
+PROVIDES += "virtual/libintl virtual/libiconv"
+inherit autotools texinfo systemd
+
+LEAD_SONAME = "libc.so"
+
+# msgfmt could come from gettext-native but we don't depend on that and
+# disable for reproducibility
+CACHED_CONFIGUREVARS += " \
+  ac_cv_path_BASH_SHELL=${base_bindir}/bash \
+  ac_cv_prog_MSGFMT= \
+  libc_cv_slibdir=${base_libdir} \
+  libc_cv_rootsbindir=${base_sbindir} \
+  libc_cv_localedir=${localedir} \
+  libc_cv_ssp_strong=no \
+  libc_cv_ssp_all=no \
+  libc_cv_ssp=no \
+  libc_cv_include_x86_isa_level=no \
+"
+
+# ifunc doesn't appear to work on mips, casuses libbfd assertion failures
+CACHED_CONFIGUREVARS_append_mipsarch = " libc_cv_ld_gnu_indirect_function=no"
+
+GLIBC_EXTRA_OECONF ?= ""
+GLIBC_EXTRA_OECONF_class-nativesdk = ""
+
+# glibc uses PARALLELMFLAGS variable to pass parallel build info so transfer
+# PARALLEL_MAKE into PARALLELMFLAGS and empty out PARALLEL_MAKE
+EGLIBCPARALLELISM := "PARALLELMFLAGS="${PARALLEL_MAKE}""
+EXTRA_OEMAKE[vardepsexclude] += "EGLIBCPARALLELISM"
+EXTRA_OEMAKE += "${EGLIBCPARALLELISM}"
+PARALLEL_MAKE = ""
+
+# glibc make-syscalls.sh has a number of issues with /bin/dash and
+# it's output which make calls via the SHELL also has issues, so
+# ensure make uses /bin/bash
+EXTRA_OEMAKE += "SHELL=/bin/bash"
+
+do_configure_prepend() {
+	sed -e "s#@BASH@#/bin/sh#" -i ${S}/elf/ldd.bash.in
+}
+
+# Enable backtrace from abort()
+do_configure_append_arm () {
+	echo "CFLAGS-abort.c = -fasynchronous-unwind-tables" >> ${B}/configparms
+	echo "CFLAGS-raise.c = -fasynchronous-unwind-tables" >> ${B}/configparms
+}
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-localedef-Add-hardlink-resolver-from-util-linux.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-localedef-Add-hardlink-resolver-from-util-linux.patch
new file mode 100644
index 000000000..f96da83a9
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-localedef-Add-hardlink-resolver-from-util-linux.patch
@@ -0,0 +1,1130 @@
+From d1f1671034a222417f9a829dcaa4f0c3d4f8954d Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Sat, 7 Dec 2019 09:59:22 -0800
+Subject: [PATCH] localedef: Add hardlink resolver from util-linux
+
+The hard link resolver that is built into localedef cannot be run in
+parallel.  It will search sibling directories (which are be processed
+in parallel) and perform a creation of a .tmp file and remove the
+original and move the .tmp file in.  The problem is that if a probe
+occurs a hard link can be requested to the file that is being removed.
+This will lead to a stray copy or potentially, on a loaded system
+cause race condition which pseudo cannot deal with, where it is left
+with a hard link request to a file that no longer exists.  In this
+situation psuedo will inherit the permissions of what ever the target
+inode had to offer.
+
+In short, there are two problems:
+
+1) You will be left with stray copies when using the hard link
+resolution that is built in while running in parallel with
+localedef.
+
+2) When running under pseudo the possibility exists for uid/gid
+leakage when the source file is removed before the hard link can
+be completed.
+
+The solution is to call localedef with --no-hard-links and separately
+process the hardlinks at a later point.  To do this requires the
+inclusion of the hardlink utility found in modern versions of
+util-linux.  Most host systems do not have this, so it will be
+included with the cross-localedef binary.
+
+[YOCTO #11299]
+[YOCTO #12434]
+
+Upstream-Status: Pending
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ locale/programs/c.h                        | 407 ++++++++++++++++
+ locale/programs/cross-localedef-hardlink.c | 528 +++++++++++++++++++++
+ locale/programs/xalloc.h                   | 129 +++++
+ 3 files changed, 1064 insertions(+)
+ create mode 100644 locale/programs/c.h
+ create mode 100644 locale/programs/cross-localedef-hardlink.c
+ create mode 100644 locale/programs/xalloc.h
+
+diff --git a/locale/programs/c.h b/locale/programs/c.h
+new file mode 100644
+index 0000000000..d0a402e90e
+--- /dev/null
++++ b/locale/programs/c.h
+@@ -0,0 +1,407 @@
++/*
++ * Fundamental C definitions.
++ */
++
++#ifndef UTIL_LINUX_C_H
++#define UTIL_LINUX_C_H
++
++#include <limits.h>
++#include <stddef.h>
++#include <stdint.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <stdarg.h>
++#include <stdlib.h>
++#include <string.h>
++#include <errno.h>
++
++#include <assert.h>
++
++#ifdef HAVE_ERR_H
++# include <err.h>
++#endif
++
++#ifdef HAVE_SYS_SYSMACROS_H
++# include <sys/sysmacros.h>     /* for major, minor */
++#endif
++
++#ifndef LOGIN_NAME_MAX
++# define LOGIN_NAME_MAX 256
++#endif
++
++#ifndef NAME_MAX
++# define NAME_MAX PATH_MAX
++#endif
++
++/*
++ * __GNUC_PREREQ is deprecated in favour of __has_attribute() and
++ * __has_feature(). The __has macros are supported by clang and gcc>=5.
++ */
++#ifndef __GNUC_PREREQ
++# if defined __GNUC__ && defined __GNUC_MINOR__
++#  define __GNUC_PREREQ(maj, min) \
++	((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
++# else
++#  define __GNUC_PREREQ(maj, min) 0
++# endif
++#endif
++
++#ifdef __GNUC__
++
++/* &a[0] degrades to a pointer: a different type from an array */
++# define __must_be_array(a) \
++	UL_BUILD_BUG_ON_ZERO(__builtin_types_compatible_p(__typeof__(a), __typeof__(&a[0])))
++
++# define ignore_result(x) __extension__ ({ \
++	__typeof__(x) __dummy __attribute__((__unused__)) = (x); (void) __dummy; \
++})
++
++#else /* !__GNUC__ */
++# define __must_be_array(a)	0
++# define __attribute__(_arg_)
++# define ignore_result(x) ((void) (x))
++#endif /* !__GNUC__ */
++
++/*
++ * It evaluates to 1 if the attribute/feature is supported by the current
++ * compilation targed. Fallback for old compilers.
++ */
++#ifndef __has_attribute
++  #define __has_attribute(x) 0
++#endif
++
++#ifndef __has_feature
++  #define __has_feature(x) 0
++#endif
++
++/*
++ * Function attributes
++ */
++#ifndef __ul_alloc_size
++# if (__has_attribute(alloc_size) && __has_attribute(warn_unused_result)) || __GNUC_PREREQ (4, 3)
++#  define __ul_alloc_size(s) __attribute__((alloc_size(s), warn_unused_result))
++# else
++#  define __ul_alloc_size(s)
++# endif
++#endif
++
++#ifndef __ul_calloc_size
++# if (__has_attribute(alloc_size) && __has_attribute(warn_unused_result)) || __GNUC_PREREQ (4, 3)
++#  define __ul_calloc_size(n, s) __attribute__((alloc_size(n, s), warn_unused_result))
++# else
++#  define __ul_calloc_size(n, s)
++# endif
++#endif
++
++#if __has_attribute(returns_nonnull) || __GNUC_PREREQ (4, 9)
++# define __ul_returns_nonnull __attribute__((returns_nonnull))
++#else
++# define __ul_returns_nonnull
++#endif
++
++/*
++ * Force a compilation error if condition is true, but also produce a
++ * result (of value 0 and type size_t), so the expression can be used
++ * e.g. in a structure initializer (or wherever else comma expressions
++ * aren't permitted).
++ */
++#define UL_BUILD_BUG_ON_ZERO(e) __extension__ (sizeof(struct { int:-!!(e); }))
++#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); }))
++
++#ifndef ARRAY_SIZE
++# define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
++#endif
++
++#ifndef PATH_MAX
++# define PATH_MAX 4096
++#endif
++
++#ifndef TRUE
++# define TRUE 1
++#endif
++
++#ifndef FALSE
++# define FALSE 0
++#endif
++
++#ifndef min
++# define min(x, y) __extension__ ({		\
++	__typeof__(x) _min1 = (x);		\
++	__typeof__(y) _min2 = (y);		\
++	(void) (&_min1 == &_min2);		\
++	_min1 < _min2 ? _min1 : _min2; })
++#endif
++
++#ifndef max
++# define max(x, y) __extension__ ({		\
++	__typeof__(x) _max1 = (x);		\
++	__typeof__(y) _max2 = (y);		\
++	(void) (&_max1 == &_max2);		\
++	_max1 > _max2 ? _max1 : _max2; })
++#endif
++
++#ifndef cmp_numbers
++# define cmp_numbers(x, y) __extension__ ({	\
++	__typeof__(x) _a = (x);			\
++	__typeof__(y) _b = (y);			\
++	(void) (&_a == &_b);			\
++	_a == _b ? 0 : _a > _b ? 1 : -1; })
++#endif
++
++#ifndef offsetof
++#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
++#endif
++
++/*
++ * container_of - cast a member of a structure out to the containing structure
++ * @ptr:	the pointer to the member.
++ * @type:	the type of the container struct this is embedded in.
++ * @member:	the name of the member within the struct.
++ */
++#ifndef container_of
++#define container_of(ptr, type, member) __extension__ ({	\
++	const __typeof__( ((type *)0)->member ) *__mptr = (ptr); \
++	(type *)( (char *)__mptr - offsetof(type,member) );})
++#endif
++
++#ifndef HAVE_PROGRAM_INVOCATION_SHORT_NAME
++# ifdef HAVE___PROGNAME
++extern char *__progname;
++#  define program_invocation_short_name __progname
++# else
++#  ifdef HAVE_GETEXECNAME
++#   define program_invocation_short_name \
++		prog_inv_sh_nm_from_file(getexecname(), 0)
++#  else
++#   define program_invocation_short_name \
++		prog_inv_sh_nm_from_file(__FILE__, 1)
++#  endif
++static char prog_inv_sh_nm_buf[256];
++static inline char *
++prog_inv_sh_nm_from_file(char *f, char stripext)
++{
++	char *t;
++
++	if ((t = strrchr(f, '/')) != NULL)
++		t++;
++	else
++		t = f;
++
++	strncpy(prog_inv_sh_nm_buf, t, sizeof(prog_inv_sh_nm_buf) - 1);
++	prog_inv_sh_nm_buf[sizeof(prog_inv_sh_nm_buf) - 1] = '\0';
++
++	if (stripext && (t = strrchr(prog_inv_sh_nm_buf, '.')) != NULL)
++		*t = '\0';
++
++	return prog_inv_sh_nm_buf;
++}
++# endif
++#endif
++
++
++#ifndef HAVE_ERR_H
++static inline void
++errmsg(char doexit, int excode, char adderr, const char *fmt, ...)
++{
++	fprintf(stderr, "%s: ", program_invocation_short_name);
++	if (fmt != NULL) {
++		va_list argp;
++		va_start(argp, fmt);
++		vfprintf(stderr, fmt, argp);
++		va_end(argp);
++		if (adderr)
++			fprintf(stderr, ": ");
++	}
++	if (adderr)
++		fprintf(stderr, "%m");
++	fprintf(stderr, "\n");
++	if (doexit)
++		exit(excode);
++}
++
++#ifndef HAVE_ERR
++# define err(E, FMT...) errmsg(1, E, 1, FMT)
++#endif
++
++#ifndef HAVE_ERRX
++# define errx(E, FMT...) errmsg(1, E, 0, FMT)
++#endif
++
++#ifndef HAVE_WARN
++# define warn(FMT...) errmsg(0, 0, 1, FMT)
++#endif
++
++#ifndef HAVE_WARNX
++# define warnx(FMT...) errmsg(0, 0, 0, FMT)
++#endif
++#endif /* !HAVE_ERR_H */
++
++
++/* Don't use inline function to avoid '#include "nls.h"' in c.h
++ */
++#define errtryhelp(eval) __extension__ ({ \
++	fprintf(stderr, _("Try '%s --help' for more information.\n"), \
++			program_invocation_short_name); \
++	exit(eval); \
++})
++
++/* After failed execvp() */
++#define EX_EXEC_FAILED		126	/* Program located, but not usable. */
++#define EX_EXEC_ENOENT		127	/* Could not find program to exec.  */
++#define errexec(name)	err(errno == ENOENT ? EX_EXEC_ENOENT : EX_EXEC_FAILED, \
++			_("failed to execute %s"), name)
++
++
++static inline __attribute__((const)) int is_power_of_2(unsigned long num)
++{
++	return (num != 0 && ((num & (num - 1)) == 0));
++}
++
++#ifndef HAVE_LOFF_T
++typedef int64_t loff_t;
++#endif
++
++#if !defined(HAVE_DIRFD) && (!defined(HAVE_DECL_DIRFD) || HAVE_DECL_DIRFD == 0) && defined(HAVE_DIR_DD_FD)
++#include <sys/types.h>
++#include <dirent.h>
++static inline int dirfd(DIR *d)
++{
++	return d->dd_fd;
++}
++#endif
++
++/*
++ * Fallback defines for old versions of glibc
++ */
++#include <fcntl.h>
++
++#ifdef O_CLOEXEC
++#define UL_CLOEXECSTR	"e"
++#else
++#define UL_CLOEXECSTR	""
++#endif
++
++#ifndef O_CLOEXEC
++#define O_CLOEXEC 0
++#endif
++
++#ifdef __FreeBSD_kernel__
++#ifndef F_DUPFD_CLOEXEC
++#define F_DUPFD_CLOEXEC	17	/* Like F_DUPFD, but FD_CLOEXEC is set */
++#endif
++#endif
++
++
++#ifndef AI_ADDRCONFIG
++#define AI_ADDRCONFIG 0x0020
++#endif
++
++#ifndef IUTF8
++#define IUTF8 0040000
++#endif
++
++/*
++ * MAXHOSTNAMELEN replacement
++ */
++static inline size_t get_hostname_max(void)
++{
++	long len = sysconf(_SC_HOST_NAME_MAX);
++
++	if (0 < len)
++		return len;
++
++#ifdef MAXHOSTNAMELEN
++	return MAXHOSTNAMELEN;
++#elif HOST_NAME_MAX
++	return HOST_NAME_MAX;
++#endif
++	return 64;
++}
++
++
++/*
++ * Constant strings for usage() functions. For more info see
++ * Documentation/{howto-usage-function.txt,boilerplate.c}
++ */
++#define USAGE_HEADER     ("\nUsage:\n")
++#define USAGE_OPTIONS    ("\nOptions:\n")
++#define USAGE_FUNCTIONS  ("\nFunctions:\n")
++#define USAGE_COMMANDS   ("\nCommands:\n")
++#define USAGE_COLUMNS    ("\nAvailable output columns:\n")
++#define USAGE_SEPARATOR    "\n"
++
++#define USAGE_OPTSTR_HELP     ("display this help")
++#define USAGE_OPTSTR_VERSION  ("display version")
++
++#define USAGE_HELP_OPTIONS(marg_dsc) \
++		"%-" #marg_dsc "s%s\n" \
++		"%-" #marg_dsc "s%s\n" \
++		, " -h, --help",    USAGE_OPTSTR_HELP \
++		, " -V, --version", USAGE_OPTSTR_VERSION
++
++#define USAGE_MAN_TAIL(_man)   ("\nFor more details see %s.\n"), _man
++
++#define UTIL_LINUX_VERSION ("%s from %s\n"), program_invocation_short_name, PACKAGE_STRING
++
++#define print_version(eval) __extension__ ({ \
++		printf(UTIL_LINUX_VERSION); \
++		exit(eval); \
++})
++
++/*
++ * scanf modifiers for "strings allocation"
++ */
++#ifdef HAVE_SCANF_MS_MODIFIER
++#define UL_SCNsA	"%ms"
++#elif defined(HAVE_SCANF_AS_MODIFIER)
++#define UL_SCNsA	"%as"
++#endif
++
++/*
++ * seek stuff
++ */
++#ifndef SEEK_DATA
++# define SEEK_DATA	3
++#endif
++#ifndef SEEK_HOLE
++# define SEEK_HOLE	4
++#endif
++
++
++/*
++ * Macros to convert #define'itions to strings, for example
++ * #define XYXXY 42
++ * printf ("%s=%s\n", stringify(XYXXY), stringify_value(XYXXY));
++ */
++#define stringify_value(s) stringify(s)
++#define stringify(s) #s
++
++/*
++ * UL_ASAN_BLACKLIST is a macro to tell AddressSanitizer (a compile-time
++ * instrumentation shipped with Clang and GCC) to not instrument the
++ * annotated function.  Furthermore, it will prevent the compiler from
++ * inlining the function because inlining currently breaks the blacklisting
++ * mechanism of AddressSanitizer.
++ */
++#if __has_feature(address_sanitizer) && __has_attribute(no_sanitize_memory) && __has_attribute(no_sanitize_address)
++# define UL_ASAN_BLACKLIST __attribute__((noinline)) __attribute__((no_sanitize_memory)) __attribute__((no_sanitize_address))
++#else
++# define UL_ASAN_BLACKLIST	/* nothing */
++#endif
++
++/*
++ * Note that sysconf(_SC_GETPW_R_SIZE_MAX) returns *initial* suggested size for
++ * pwd buffer and in some cases it is not large enough. See POSIX and
++ * getpwnam_r man page for more details.
++ */
++#define UL_GETPW_BUFSIZ	(16 * 1024)
++
++/*
++ * Darwin or other BSDs may only have MAP_ANON. To get it on Darwin we must
++ * define _DARWIN_C_SOURCE before including sys/mman.h. We do this in config.h.
++ */
++#if !defined MAP_ANONYMOUS && defined MAP_ANON
++# define MAP_ANONYMOUS  (MAP_ANON)
++#endif
++
++#endif /* UTIL_LINUX_C_H */
+diff --git a/locale/programs/cross-localedef-hardlink.c b/locale/programs/cross-localedef-hardlink.c
+new file mode 100644
+index 0000000000..63615896b0
+--- /dev/null
++++ b/locale/programs/cross-localedef-hardlink.c
+@@ -0,0 +1,528 @@
++/*
++ * hardlink - consolidate duplicate files via hardlinks
++ *
++ * Copyright (C) 2018 Red Hat, Inc. All rights reserved.
++ * Written by Jakub Jelinek <jakub@redhat.com>
++ *
++ * Copyright (C) 2019 Karel Zak <kzak@redhat.com>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation; either version 2 of the License, or
++ * (at your option) any later version.
++ *
++ * This program is distributed in the hope that it would be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License along
++ * with this program; if not, write to the Free Software Foundation, Inc.,
++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++ */
++#include <sys/types.h>
++#include <stdlib.h>
++#include <getopt.h>
++#include <stdio.h>
++#include <unistd.h>
++#include <sys/stat.h>
++#include <sys/mman.h>
++#include <string.h>
++#include <dirent.h>
++#include <fcntl.h>
++#include <errno.h>
++#ifdef HAVE_PCRE
++# define PCRE2_CODE_UNIT_WIDTH 8
++# include <pcre2.h>
++#endif
++
++#include "c.h"
++#include "xalloc.h"
++#include "nls.h"
++#include "closestream.h"
++
++#define NHASH   (1<<17)  /* Must be a power of 2! */
++#define NBUF    64
++
++struct hardlink_file;
++
++struct hardlink_hash {
++	struct hardlink_hash *next;
++	struct hardlink_file *chain;
++	off_t size;
++	time_t mtime;
++};
++
++struct hardlink_dir {
++	struct hardlink_dir *next;
++	char name[];
++};
++
++struct hardlink_file {
++	struct hardlink_file *next;
++	ino_t ino;
++	dev_t dev;
++	unsigned int cksum;
++	char name[];
++};
++
++struct hardlink_dynstr {
++	char *buf;
++	size_t alloc;
++};
++
++struct hardlink_ctl {
++	struct hardlink_dir *dirs;
++	struct hardlink_hash *hps[NHASH];
++	char iobuf1[BUFSIZ];
++	char iobuf2[BUFSIZ];
++	/* summary counters */
++	unsigned long long ndirs;
++	unsigned long long nobjects;
++	unsigned long long nregfiles;
++	unsigned long long ncomp;
++	unsigned long long nlinks;
++	unsigned long long nsaved;
++	/* current device */
++	dev_t dev;
++	/* flags */
++	unsigned int verbose;
++	unsigned int
++		no_link:1,
++		content_only:1,
++		force:1;
++};
++/* ctl is in global scope due use in atexit() */
++struct hardlink_ctl global_ctl;
++
++__attribute__ ((always_inline))
++static inline unsigned int hash(off_t size, time_t mtime)
++{
++	return (size ^ mtime) & (NHASH - 1);
++}
++
++__attribute__ ((always_inline))
++static inline int stcmp(struct stat *st1, struct stat *st2, int content_scope)
++{
++	if (content_scope)
++		return st1->st_size != st2->st_size;
++
++	return st1->st_mode != st2->st_mode
++		|| st1->st_uid != st2->st_uid
++		|| st1->st_gid != st2->st_gid
++		|| st1->st_size != st2->st_size
++		|| st1->st_mtime != st2->st_mtime;
++}
++
++static void print_summary(void)
++{
++	struct hardlink_ctl const *const ctl = &global_ctl;
++
++	if (!ctl->verbose)
++		return;
++
++	if (ctl->verbose > 1 && ctl->nlinks)
++		fputc('\n', stdout);
++
++	printf(_("Directories:   %9lld\n"), ctl->ndirs);
++	printf(_("Objects:       %9lld\n"), ctl->nobjects);
++	printf(_("Regular files: %9lld\n"), ctl->nregfiles);
++	printf(_("Comparisons:   %9lld\n"), ctl->ncomp);
++	printf(  "%s%9lld\n", (ctl->no_link ?
++	       _("Would link:    ") :
++	       _("Linked:        ")), ctl->nlinks);
++	printf(  "%s %9lld\n", (ctl->no_link ?
++	       _("Would save:   ") :
++	       _("Saved:        ")), ctl->nsaved);
++}
++
++static void __attribute__((__noreturn__)) usage(void)
++{
++	fputs(USAGE_HEADER, stdout);
++	printf(_(" %s [options] directory...\n"), program_invocation_short_name);
++
++	fputs(USAGE_SEPARATOR, stdout);
++	puts(_("Consolidate duplicate files using hardlinks."));
++
++	fputs(USAGE_OPTIONS, stdout);
++	puts(_(" -c, --content          compare only contents, ignore permission, etc."));
++	puts(_(" -n, --dry-run          don't actually link anything"));
++	puts(_(" -v, --verbose          print summary after hardlinking"));
++	puts(_(" -vv                    print every hardlinked file and summary"));
++	puts(_(" -f, --force            force hardlinking across filesystems"));
++	puts(_(" -x, --exclude <regex>  exclude files matching pattern"));
++
++	fputs(USAGE_SEPARATOR, stdout);
++	printf(USAGE_HELP_OPTIONS(16)); /* char offset to align option descriptions */
++	printf(USAGE_MAN_TAIL("hardlink(1)"));
++	exit(EXIT_SUCCESS);
++}
++
++__attribute__ ((always_inline))
++static inline size_t add2(size_t a, size_t b)
++{
++	size_t sum = a + b;
++
++	if (sum < a)
++		errx(EXIT_FAILURE, _("integer overflow"));
++	return sum;
++}
++
++__attribute__ ((always_inline))
++static inline size_t add3(size_t a, size_t b, size_t c)
++{
++	return add2(add2(a, b), c);
++}
++
++static void growstr(struct hardlink_dynstr *str, size_t newlen)
++{
++	if (newlen < str->alloc)
++		return;
++	str->buf = xrealloc(str->buf, str->alloc = add2(newlen, 1));
++}
++
++static void process_path(struct hardlink_ctl *ctl, const char *name)
++{
++	struct stat st, st2, st3;
++	const size_t namelen = strlen(name);
++
++	ctl->nobjects++;
++	if (lstat(name, &st))
++		return;
++
++	if (st.st_dev != ctl->dev && !ctl->force) {
++		if (ctl->dev)
++			errx(EXIT_FAILURE,
++			     _("%s is on different filesystem than the rest "
++			       "(use -f option to override)."), name);
++		ctl->dev = st.st_dev;
++	}
++	if (S_ISDIR(st.st_mode)) {
++		struct hardlink_dir *dp = xmalloc(add3(sizeof(*dp), namelen, 1));
++		memcpy(dp->name, name, namelen + 1);
++		dp->next = ctl->dirs;
++		ctl->dirs = dp;
++
++	} else if (S_ISREG(st.st_mode)) {
++		int fd, i;
++		struct hardlink_file *fp, *fp2;
++		struct hardlink_hash *hp;
++		const char *n1, *n2;
++		unsigned int buf[NBUF];
++		int cksumsize = sizeof(buf);
++		unsigned int cksum;
++		time_t mtime = ctl->content_only ? 0 : st.st_mtime;
++		unsigned int hsh = hash(st.st_size, mtime);
++		off_t fsize;
++
++		ctl->nregfiles++;
++		if (ctl->verbose > 1)
++			printf("%s\n", name);
++
++		fd = open(name, O_RDONLY);
++		if (fd < 0)
++			return;
++
++		if ((size_t)st.st_size < sizeof(buf)) {
++			cksumsize = st.st_size;
++			memset(((char *)buf) + cksumsize, 0,
++			       (sizeof(buf) - cksumsize) % sizeof(buf[0]));
++		}
++		if (read(fd, buf, cksumsize) != cksumsize) {
++			close(fd);
++			return;
++		}
++		cksumsize = (cksumsize + sizeof(buf[0]) - 1) / sizeof(buf[0]);
++		for (i = 0, cksum = 0; i < cksumsize; i++) {
++			if (cksum + buf[i] < cksum)
++				cksum += buf[i] + 1;
++			else
++				cksum += buf[i];
++		}
++		for (hp = ctl->hps[hsh]; hp; hp = hp->next) {
++			if (hp->size == st.st_size && hp->mtime == mtime)
++				break;
++		}
++		if (!hp) {
++			hp = xmalloc(sizeof(*hp));
++			hp->size = st.st_size;
++			hp->mtime = mtime;
++			hp->chain = NULL;
++			hp->next = ctl->hps[hsh];
++			ctl->hps[hsh] = hp;
++		}
++		for (fp = hp->chain; fp; fp = fp->next) {
++			if (fp->cksum == cksum)
++				break;
++		}
++		for (fp2 = fp; fp2 && fp2->cksum == cksum; fp2 = fp2->next) {
++			if (fp2->ino == st.st_ino && fp2->dev == st.st_dev) {
++				close(fd);
++				return;
++			}
++		}
++		for (fp2 = fp; fp2 && fp2->cksum == cksum; fp2 = fp2->next) {
++
++			if (!lstat(fp2->name, &st2) && S_ISREG(st2.st_mode) &&
++			    !stcmp(&st, &st2, ctl->content_only) &&
++			    st2.st_ino != st.st_ino &&
++			    st2.st_dev == st.st_dev) {
++
++				int fd2 = open(fp2->name, O_RDONLY);
++				if (fd2 < 0)
++					continue;
++
++				if (fstat(fd2, &st2) || !S_ISREG(st2.st_mode)
++				    || st2.st_size == 0) {
++					close(fd2);
++					continue;
++				}
++				ctl->ncomp++;
++				lseek(fd, 0, SEEK_SET);
++
++				for (fsize = st.st_size; fsize > 0;
++				     fsize -= (off_t)sizeof(ctl->iobuf1)) {
++					ssize_t xsz;
++					ssize_t rsize = fsize > (ssize_t) sizeof(ctl->iobuf1) ?
++							(ssize_t) sizeof(ctl->iobuf1) : fsize;
++
++					if ((xsz = read(fd, ctl->iobuf1, rsize)) != rsize)
++						warn(_("cannot read %s"), name);
++					else if ((xsz = read(fd2, ctl->iobuf2, rsize)) != rsize)
++						warn(_("cannot read %s"), fp2->name);
++
++					if (xsz != rsize) {
++						close(fd);
++						close(fd2);
++						return;
++					}
++					if (memcmp(ctl->iobuf1, ctl->iobuf2, rsize))
++						break;
++				}
++				close(fd2);
++				if (fsize > 0)
++					continue;
++				if (lstat(name, &st3)) {
++					warn(_("cannot stat %s"), name);
++					close(fd);
++					return;
++				}
++				st3.st_atime = st.st_atime;
++				if (stcmp(&st, &st3, 0)) {
++					warnx(_("file %s changed underneath us"), name);
++					close(fd);
++					return;
++				}
++				n1 = fp2->name;
++				n2 = name;
++
++				if (!ctl->no_link) {
++					const char *suffix =
++					    ".$$$___cleanit___$$$";
++					const size_t suffixlen = strlen(suffix);
++					size_t n2len = strlen(n2);
++					struct hardlink_dynstr nam2 = { NULL, 0 };
++
++					growstr(&nam2, add2(n2len, suffixlen));
++					memcpy(nam2.buf, n2, n2len);
++					memcpy(&nam2.buf[n2len], suffix,
++					       suffixlen + 1);
++					/* First create a temporary link to n1 under a new name */
++					if (link(n1, nam2.buf)) {
++						warn(_("failed to hardlink %s to %s (create temporary link as %s failed)"),
++							n1, n2, nam2.buf);
++						free(nam2.buf);
++						continue;
++					}
++					/* Then rename into place over the existing n2 */
++					if (rename(nam2.buf, n2)) {
++						warn(_("failed to hardlink %s to %s (rename temporary link to %s failed)"),
++							n1, n2, n2);
++						/* Something went wrong, try to remove the now redundant temporary link */
++						if (unlink(nam2.buf))
++							warn(_("failed to remove temporary link %s"), nam2.buf);
++						free(nam2.buf);
++						continue;
++					}
++					free(nam2.buf);
++				}
++				ctl->nlinks++;
++				if (st3.st_nlink > 1) {
++					/* We actually did not save anything this time, since the link second argument
++					   had some other links as well.  */
++					if (ctl->verbose > 1)
++						printf(_(" %s %s to %s\n"),
++							(ctl->no_link ? _("Would link") : _("Linked")),
++							n1, n2);
++				} else {
++					ctl->nsaved += ((st.st_size + 4095) / 4096) * 4096;
++					if (ctl->verbose > 1)
++						printf(_(" %s %s to %s, %s %jd\n"),
++							(ctl->no_link ? _("Would link") : _("Linked")),
++							n1, n2,
++							(ctl->no_link ? _("would save") : _("saved")),
++							(intmax_t)st.st_size);
++				}
++				close(fd);
++				return;
++			}
++		}
++		fp2 = xmalloc(add3(sizeof(*fp2), namelen, 1));
++		close(fd);
++		fp2->ino = st.st_ino;
++		fp2->dev = st.st_dev;
++		fp2->cksum = cksum;
++		memcpy(fp2->name, name, namelen + 1);
++
++		if (fp) {
++			fp2->next = fp->next;
++			fp->next = fp2;
++		} else {
++			fp2->next = hp->chain;
++			hp->chain = fp2;
++		}
++		return;
++	}
++}
++
++int main(int argc, char **argv)
++{
++	int ch;
++	int i;
++#ifdef HAVE_PCRE
++	int errornumber;
++	PCRE2_SIZE erroroffset;
++	pcre2_code *re = NULL;
++	PCRE2_SPTR exclude_pattern = NULL;
++	pcre2_match_data *match_data = NULL;
++#endif
++	struct hardlink_dynstr nam1 = { NULL, 0 };
++	struct hardlink_ctl *ctl = &global_ctl;
++
++	static const struct option longopts[] = {
++		{ "content",    no_argument, NULL, 'c' },
++		{ "dry-run",    no_argument, NULL, 'n' },
++		{ "exclude",    required_argument, NULL, 'x' },
++		{ "force",      no_argument, NULL, 'f' },
++		{ "help",       no_argument, NULL, 'h' },
++		{ "verbose",    no_argument, NULL, 'v' },
++		{ "version",    no_argument, NULL, 'V' },
++		{ NULL, 0, NULL, 0 },
++	};
++
++	setlocale(LC_ALL, "");
++	bindtextdomain(PACKAGE, LOCALEDIR);
++	textdomain(PACKAGE);
++	close_stdout_atexit();
++
++	while ((ch = getopt_long(argc, argv, "cnvfx:Vh", longopts, NULL)) != -1) {
++		switch (ch) {
++		case 'n':
++			ctl->no_link = 1;
++			break;
++		case 'v':
++			ctl->verbose++;
++			break;
++		case 'c':
++			ctl->content_only = 1;
++			break;
++		case 'f':
++			ctl->force = 1;
++			break;
++		case 'x':
++#ifdef HAVE_PCRE
++			exclude_pattern = (PCRE2_SPTR) optarg;
++#else
++			errx(EXIT_FAILURE,
++			     _("option --exclude not supported (built without pcre2)"));
++#endif
++			break;
++		case 'V':
++			print_version(EXIT_SUCCESS);
++		case 'h':
++			usage();
++		default:
++			errtryhelp(EXIT_FAILURE);
++		}
++	}
++
++	if (optind == argc) {
++		warnx(_("no directory specified"));
++		errtryhelp(EXIT_FAILURE);
++	}
++
++#ifdef HAVE_PCRE
++	if (exclude_pattern) {
++		re = pcre2_compile(exclude_pattern, /* the pattern */
++				   PCRE2_ZERO_TERMINATED, /* indicates pattern is zero-terminate */
++				   0, /* default options */
++				   &errornumber, &erroroffset, NULL); /* use default compile context */
++		if (!re) {
++			PCRE2_UCHAR buffer[256];
++			pcre2_get_error_message(errornumber, buffer,
++						sizeof(buffer));
++			errx(EXIT_FAILURE, _("pattern error at offset %d: %s"),
++				(int)erroroffset, buffer);
++		}
++		match_data = pcre2_match_data_create_from_pattern(re, NULL);
++	}
++#endif
++	atexit(print_summary);
++
++	for (i = optind; i < argc; i++)
++		process_path(ctl, argv[i]);
++
++	while (ctl->dirs) {
++		DIR *dh;
++		struct dirent *di;
++		struct hardlink_dir *dp = ctl->dirs;
++		size_t nam1baselen = strlen(dp->name);
++
++		ctl->dirs = dp->next;
++		growstr(&nam1, add2(nam1baselen, 1));
++		memcpy(nam1.buf, dp->name, nam1baselen);
++		free(dp);
++		nam1.buf[nam1baselen++] = '/';
++		nam1.buf[nam1baselen] = 0;
++		dh = opendir(nam1.buf);
++
++		if (dh == NULL)
++			continue;
++		ctl->ndirs++;
++
++		while ((di = readdir(dh)) != NULL) {
++			if (!di->d_name[0])
++				continue;
++			if (di->d_name[0] == '.') {
++				if (!di->d_name[1] || !strcmp(di->d_name, ".."))
++					continue;
++			}
++#ifdef HAVE_PCRE
++			if (re && pcre2_match(re, /* compiled regex */
++					      (PCRE2_SPTR) di->d_name, strlen(di->d_name), 0, /* start at offset 0 */
++					      0, /* default options */
++					      match_data, /* block for storing the result */
++					      NULL) /* use default match context */
++			    >=0) {
++				if (ctl->verbose) {
++					nam1.buf[nam1baselen] = 0;
++					printf(_("Skipping %s%s\n"), nam1.buf, di->d_name);
++				}
++				continue;
++			}
++#endif
++			{
++				size_t subdirlen;
++				growstr(&nam1,
++					add2(nam1baselen, subdirlen =
++					     strlen(di->d_name)));
++				memcpy(&nam1.buf[nam1baselen], di->d_name,
++				       add2(subdirlen, 1));
++			}
++			process_path(ctl, nam1.buf);
++		}
++		closedir(dh);
++	}
++
++	return 0;
++}
+diff --git a/locale/programs/xalloc.h b/locale/programs/xalloc.h
+new file mode 100644
+index 0000000000..0129a85e2e
+--- /dev/null
++++ b/locale/programs/xalloc.h
+@@ -0,0 +1,129 @@
++/*
++ * Copyright (C) 2010 Davidlohr Bueso <dave@gnu.org>
++ *
++ * This file may be redistributed under the terms of the
++ * GNU Lesser General Public License.
++ *
++ * General memory allocation wrappers for malloc, realloc, calloc and strdup
++ */
++
++#ifndef UTIL_LINUX_XALLOC_H
++#define UTIL_LINUX_XALLOC_H
++
++#include <stdlib.h>
++#include <string.h>
++
++#include "c.h"
++
++#ifndef XALLOC_EXIT_CODE
++# define XALLOC_EXIT_CODE EXIT_FAILURE
++#endif
++
++static inline void __attribute__((__noreturn__))
++__err_oom(const char *file, unsigned int line)
++{
++	err(XALLOC_EXIT_CODE, "%s: %u: cannot allocate memory", file, line);
++}
++
++#define err_oom()	__err_oom(__FILE__, __LINE__)
++
++static inline __ul_alloc_size(1) __ul_returns_nonnull
++void *xmalloc(const size_t size)
++{
++        void *ret = malloc(size);
++
++        if (!ret && size)
++                err(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size);
++        return ret;
++}
++
++static inline __ul_alloc_size(2) __ul_returns_nonnull
++void *xrealloc(void *ptr, const size_t size)
++{
++        void *ret = realloc(ptr, size);
++
++        if (!ret && size)
++                err(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size);
++        return ret;
++}
++
++static inline __ul_calloc_size(1, 2) __ul_returns_nonnull
++void *xcalloc(const size_t nelems, const size_t size)
++{
++        void *ret = calloc(nelems, size);
++
++        if (!ret && size && nelems)
++                err(XALLOC_EXIT_CODE, "cannot allocate %zu bytes", size);
++        return ret;
++}
++
++static inline char __attribute__((warn_unused_result)) __ul_returns_nonnull
++*xstrdup(const char *str)
++{
++        char *ret;
++
++        if (!str)
++                return NULL;
++
++        ret = strdup(str);
++
++        if (!ret)
++                err(XALLOC_EXIT_CODE, "cannot duplicate string");
++        return ret;
++}
++
++static inline char * __attribute__((warn_unused_result)) __ul_returns_nonnull
++xstrndup(const char *str, size_t size)
++{
++        char *ret;
++
++        if (!str)
++                return NULL;
++
++        ret = strndup(str, size);
++
++        if (!ret)
++                err(XALLOC_EXIT_CODE, "cannot duplicate string");
++        return ret;
++}
++
++
++static inline int __attribute__ ((__format__(printf, 2, 3)))
++    xasprintf(char **strp, const char *fmt, ...)
++{
++	int ret;
++	va_list args;
++	va_start(args, fmt);
++	ret = vasprintf(&(*strp), fmt, args);
++	va_end(args);
++	if (ret < 0)
++		err(XALLOC_EXIT_CODE, "cannot allocate string");
++	return ret;
++}
++
++static inline int  __attribute__ ((__format__(printf, 2, 0)))
++xvasprintf(char **strp, const char *fmt, va_list ap)
++{
++	int ret = vasprintf(&(*strp), fmt, ap);
++	if (ret < 0)
++		err(XALLOC_EXIT_CODE, "cannot allocate string");
++	return ret;
++}
++
++
++static inline char * __attribute__((warn_unused_result)) xgethostname(void)
++{
++	char *name;
++	size_t sz = get_hostname_max() + 1;
++
++	name = xmalloc(sizeof(char) * sz);
++
++	if (gethostname(name, sz) != 0) {
++		free(name);
++		return NULL;
++	}
++	name[sz - 1] = '\0';
++	return name;
++}
++
++#endif
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch
new file mode 100644
index 000000000..39fde5b78
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0001-nptl-Remove-private-futex-optimization-BZ-27304.patch
@@ -0,0 +1,49 @@
+From c4ad832276f4dadfa40904109b26a521468f66bc Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Thu, 4 Feb 2021 15:00:20 +0100
+Subject: [PATCH] nptl: Remove private futex optimization [BZ #27304]
+
+It is effectively used, unexcept for pthread_cond_destroy, where we do
+not want it; see bug 27304.  The internal locks do not support a
+process-shared mode.
+
+This fixes commit dc6cfdc934db9997c33728082d63552b9eee4563 ("nptl:
+Move pthread_cond_destroy implementation into libc").
+
+Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+
+Upstream-Status: Backport [https://sourceware.org/bugzilla/show_bug.cgi?id=27304]
+Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
+---
+ sysdeps/nptl/lowlevellock-futex.h | 14 +-------------
+ 1 file changed, 1 insertion(+), 13 deletions(-)
+
+diff --git a/sysdeps/nptl/lowlevellock-futex.h b/sysdeps/nptl/lowlevellock-futex.h
+index ecb729da6b..ca96397a4a 100644
+--- a/sysdeps/nptl/lowlevellock-futex.h
++++ b/sysdeps/nptl/lowlevellock-futex.h
+@@ -50,20 +50,8 @@
+ #define LLL_SHARED	FUTEX_PRIVATE_FLAG
+ 
+ #ifndef __ASSEMBLER__
+-
+-# if IS_IN (libc) || IS_IN (rtld)
+-/* In libc.so or ld.so all futexes are private.  */
+-#  define __lll_private_flag(fl, private)			\
+-  ({								\
+-    /* Prevent warnings in callers of this macro.  */		\
+-    int __lll_private_flag_priv __attribute__ ((unused));	\
+-    __lll_private_flag_priv = (private);			\
+-    ((fl) | FUTEX_PRIVATE_FLAG);				\
+-  })
+-# else
+-#  define __lll_private_flag(fl, private) \
++# define __lll_private_flag(fl, private) \
+   (((fl) | FUTEX_PRIVATE_FLAG) ^ (private))
+-# endif
+ 
+ # define lll_futex_syscall(nargs, futexp, op, ...)                      \
+   ({                                                                    \
+-- 
+2.27.0
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0002-localedef-fix-ups-hardlink-to-make-it-compile.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0002-localedef-fix-ups-hardlink-to-make-it-compile.patch
new file mode 100644
index 000000000..3dc4582f4
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0002-localedef-fix-ups-hardlink-to-make-it-compile.patch
@@ -0,0 +1,238 @@
+From 14d256e2db009f8bac9a265e8393d7ed25050df9 Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Sat, 7 Dec 2019 10:01:37 -0800
+Subject: [PATCH] localedef: fix-ups hardlink to make it compile
+
+Upstream-Status: Pending
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ locale/programs/c.h                        |  2 +-
+ locale/programs/cross-localedef-hardlink.c | 79 +++++++++++-----------
+ 2 files changed, 39 insertions(+), 42 deletions(-)
+
+diff --git a/locale/programs/c.h b/locale/programs/c.h
+index d0a402e90e..1804d31c73 100644
+--- a/locale/programs/c.h
++++ b/locale/programs/c.h
+@@ -240,7 +240,7 @@ errmsg(char doexit, int excode, char adderr, const char *fmt, ...)
+ /* Don't use inline function to avoid '#include "nls.h"' in c.h
+  */
+ #define errtryhelp(eval) __extension__ ({ \
+-	fprintf(stderr, _("Try '%s --help' for more information.\n"), \
++	fprintf(stderr, ("Try '%s --help' for more information.\n"), \
+ 			program_invocation_short_name); \
+ 	exit(eval); \
+ })
+diff --git a/locale/programs/cross-localedef-hardlink.c b/locale/programs/cross-localedef-hardlink.c
+index 63615896b0..726e6dd948 100644
+--- a/locale/programs/cross-localedef-hardlink.c
++++ b/locale/programs/cross-localedef-hardlink.c
+@@ -20,6 +20,8 @@
+  * with this program; if not, write to the Free Software Foundation, Inc.,
+  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+  */
++
++#undef HAVE_PCRE
+ #include <sys/types.h>
+ #include <stdlib.h>
+ #include <getopt.h>
+@@ -38,8 +40,8 @@
+ 
+ #include "c.h"
+ #include "xalloc.h"
+-#include "nls.h"
+-#include "closestream.h"
++//#include "nls.h"
++//#include "closestream.h"
+ 
+ #define NHASH   (1<<17)  /* Must be a power of 2! */
+ #define NBUF    64
+@@ -124,33 +126,33 @@ static void print_summary(void)
+ 	if (ctl->verbose > 1 && ctl->nlinks)
+ 		fputc('\n', stdout);
+ 
+-	printf(_("Directories:   %9lld\n"), ctl->ndirs);
+-	printf(_("Objects:       %9lld\n"), ctl->nobjects);
+-	printf(_("Regular files: %9lld\n"), ctl->nregfiles);
+-	printf(_("Comparisons:   %9lld\n"), ctl->ncomp);
++	printf(("Directories:   %9lld\n"), ctl->ndirs);
++	printf(("Objects:       %9lld\n"), ctl->nobjects);
++	printf(("Regular files: %9lld\n"), ctl->nregfiles);
++	printf(("Comparisons:   %9lld\n"), ctl->ncomp);
+ 	printf(  "%s%9lld\n", (ctl->no_link ?
+-	       _("Would link:    ") :
+-	       _("Linked:        ")), ctl->nlinks);
++	       ("Would link:    ") :
++	       ("Linked:        ")), ctl->nlinks);
+ 	printf(  "%s %9lld\n", (ctl->no_link ?
+-	       _("Would save:   ") :
+-	       _("Saved:        ")), ctl->nsaved);
++	       ("Would save:   ") :
++	       ("Saved:        ")), ctl->nsaved);
+ }
+ 
+ static void __attribute__((__noreturn__)) usage(void)
+ {
+ 	fputs(USAGE_HEADER, stdout);
+-	printf(_(" %s [options] directory...\n"), program_invocation_short_name);
++	printf((" %s [options] directory...\n"), program_invocation_short_name);
+ 
+ 	fputs(USAGE_SEPARATOR, stdout);
+-	puts(_("Consolidate duplicate files using hardlinks."));
++	puts(("Consolidate duplicate files using hardlinks."));
+ 
+ 	fputs(USAGE_OPTIONS, stdout);
+-	puts(_(" -c, --content          compare only contents, ignore permission, etc."));
+-	puts(_(" -n, --dry-run          don't actually link anything"));
+-	puts(_(" -v, --verbose          print summary after hardlinking"));
+-	puts(_(" -vv                    print every hardlinked file and summary"));
+-	puts(_(" -f, --force            force hardlinking across filesystems"));
+-	puts(_(" -x, --exclude <regex>  exclude files matching pattern"));
++	puts((" -c, --content          compare only contents, ignore permission, etc."));
++	puts((" -n, --dry-run          don't actually link anything"));
++	puts((" -v, --verbose          print summary after hardlinking"));
++	puts((" -vv                    print every hardlinked file and summary"));
++	puts((" -f, --force            force hardlinking across filesystems"));
++	puts((" -x, --exclude <regex>  exclude files matching pattern"));
+ 
+ 	fputs(USAGE_SEPARATOR, stdout);
+ 	printf(USAGE_HELP_OPTIONS(16)); /* char offset to align option descriptions */
+@@ -164,7 +166,7 @@ static inline size_t add2(size_t a, size_t b)
+ 	size_t sum = a + b;
+ 
+ 	if (sum < a)
+-		errx(EXIT_FAILURE, _("integer overflow"));
++		errx(EXIT_FAILURE, ("integer overflow"));
+ 	return sum;
+ }
+ 
+@@ -193,7 +195,7 @@ static void process_path(struct hardlink_ctl *ctl, const char *name)
+ 	if (st.st_dev != ctl->dev && !ctl->force) {
+ 		if (ctl->dev)
+ 			errx(EXIT_FAILURE,
+-			     _("%s is on different filesystem than the rest "
++			     ("%s is on different filesystem than the rest "
+ 			       "(use -f option to override)."), name);
+ 		ctl->dev = st.st_dev;
+ 	}
+@@ -287,9 +289,9 @@ static void process_path(struct hardlink_ctl *ctl, const char *name)
+ 							(ssize_t) sizeof(ctl->iobuf1) : fsize;
+ 
+ 					if ((xsz = read(fd, ctl->iobuf1, rsize)) != rsize)
+-						warn(_("cannot read %s"), name);
++						warn(("cannot read %s"), name);
+ 					else if ((xsz = read(fd2, ctl->iobuf2, rsize)) != rsize)
+-						warn(_("cannot read %s"), fp2->name);
++						warn(("cannot read %s"), fp2->name);
+ 
+ 					if (xsz != rsize) {
+ 						close(fd);
+@@ -303,13 +305,13 @@ static void process_path(struct hardlink_ctl *ctl, const char *name)
+ 				if (fsize > 0)
+ 					continue;
+ 				if (lstat(name, &st3)) {
+-					warn(_("cannot stat %s"), name);
++					warn(("cannot stat %s"), name);
+ 					close(fd);
+ 					return;
+ 				}
+ 				st3.st_atime = st.st_atime;
+ 				if (stcmp(&st, &st3, 0)) {
+-					warnx(_("file %s changed underneath us"), name);
++					warnx(("file %s changed underneath us"), name);
+ 					close(fd);
+ 					return;
+ 				}
+@@ -329,18 +331,18 @@ static void process_path(struct hardlink_ctl *ctl, const char *name)
+ 					       suffixlen + 1);
+ 					/* First create a temporary link to n1 under a new name */
+ 					if (link(n1, nam2.buf)) {
+-						warn(_("failed to hardlink %s to %s (create temporary link as %s failed)"),
++						warn(("failed to hardlink %s to %s (create temporary link as %s failed)"),
+ 							n1, n2, nam2.buf);
+ 						free(nam2.buf);
+ 						continue;
+ 					}
+ 					/* Then rename into place over the existing n2 */
+ 					if (rename(nam2.buf, n2)) {
+-						warn(_("failed to hardlink %s to %s (rename temporary link to %s failed)"),
++						warn(("failed to hardlink %s to %s (rename temporary link to %s failed)"),
+ 							n1, n2, n2);
+ 						/* Something went wrong, try to remove the now redundant temporary link */
+ 						if (unlink(nam2.buf))
+-							warn(_("failed to remove temporary link %s"), nam2.buf);
++							warn(("failed to remove temporary link %s"), nam2.buf);
+ 						free(nam2.buf);
+ 						continue;
+ 					}
+@@ -351,16 +353,16 @@ static void process_path(struct hardlink_ctl *ctl, const char *name)
+ 					/* We actually did not save anything this time, since the link second argument
+ 					   had some other links as well.  */
+ 					if (ctl->verbose > 1)
+-						printf(_(" %s %s to %s\n"),
+-							(ctl->no_link ? _("Would link") : _("Linked")),
++						printf((" %s %s to %s\n"),
++							(ctl->no_link ? ("Would link") : ("Linked")),
+ 							n1, n2);
+ 				} else {
+ 					ctl->nsaved += ((st.st_size + 4095) / 4096) * 4096;
+ 					if (ctl->verbose > 1)
+-						printf(_(" %s %s to %s, %s %jd\n"),
+-							(ctl->no_link ? _("Would link") : _("Linked")),
++						printf((" %s %s to %s, %s %jd\n"),
++							(ctl->no_link ? ("Would link") : ("Linked")),
+ 							n1, n2,
+-							(ctl->no_link ? _("would save") : _("saved")),
++							(ctl->no_link ? ("would save") : ("saved")),
+ 							(intmax_t)st.st_size);
+ 				}
+ 				close(fd);
+@@ -410,11 +412,6 @@ int main(int argc, char **argv)
+ 		{ NULL, 0, NULL, 0 },
+ 	};
+ 
+-	setlocale(LC_ALL, "");
+-	bindtextdomain(PACKAGE, LOCALEDIR);
+-	textdomain(PACKAGE);
+-	close_stdout_atexit();
+-
+ 	while ((ch = getopt_long(argc, argv, "cnvfx:Vh", longopts, NULL)) != -1) {
+ 		switch (ch) {
+ 		case 'n':
+@@ -434,7 +431,7 @@ int main(int argc, char **argv)
+ 			exclude_pattern = (PCRE2_SPTR) optarg;
+ #else
+ 			errx(EXIT_FAILURE,
+-			     _("option --exclude not supported (built without pcre2)"));
++			     ("option --exclude not supported (built without pcre2)"));
+ #endif
+ 			break;
+ 		case 'V':
+@@ -447,7 +444,7 @@ int main(int argc, char **argv)
+ 	}
+ 
+ 	if (optind == argc) {
+-		warnx(_("no directory specified"));
++		warnx(("no directory specified"));
+ 		errtryhelp(EXIT_FAILURE);
+ 	}
+ 
+@@ -461,7 +458,7 @@ int main(int argc, char **argv)
+ 			PCRE2_UCHAR buffer[256];
+ 			pcre2_get_error_message(errornumber, buffer,
+ 						sizeof(buffer));
+-			errx(EXIT_FAILURE, _("pattern error at offset %d: %s"),
++			errx(EXIT_FAILURE, ("pattern error at offset %d: %s"),
+ 				(int)erroroffset, buffer);
+ 		}
+ 		match_data = pcre2_match_data_create_from_pattern(re, NULL);
+@@ -506,7 +503,7 @@ int main(int argc, char **argv)
+ 			    >=0) {
+ 				if (ctl->verbose) {
+ 					nam1.buf[nam1baselen] = 0;
+-					printf(_("Skipping %s%s\n"), nam1.buf, di->d_name);
++					printf(("Skipping %s%s\n"), nam1.buf, di->d_name);
+ 				}
+ 				continue;
+ 			}
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch
new file mode 100644
index 000000000..c4718a106
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch
@@ -0,0 +1,65 @@
+From 32a4b8ae046fe4bb1b19f61378d079d44deaede7 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 01:48:24 +0000
+Subject: [PATCH] nativesdk-glibc: Look for host system ld.so.cache as well
+
+Upstream-Status: Inappropriate [embedded specific]
+
+The default lib search path order is:
+
+  1) LD_LIBRARY_PATH
+  2) RPATH from the binary
+  3) ld.so.cache
+  4) default search paths embedded in the linker
+
+For nativesdk binaries which are being used alongside binaries on a host system, we
+need the search paths to firstly search the shipped nativesdk libs but then also
+cover the host system. For example we want the host system's libGL and this may be
+in a non-standard location like /usr/lib/mesa. The only place the location is know
+about is in the ld.so.cache of the host system.
+
+Since nativesdk has a simple structure and doesn't need to use a cache itself, we
+repurpose the cache for use as a last resort in finding host system binaries. This
+means we need to switch the order of 3 and 4 above to make this work effectively.
+
+RP 14/10/2010
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ elf/dl-load.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index 9e2089cfaa..ad01674027 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -2175,6 +2175,14 @@ _dl_map_object (struct link_map *loader, const char *name,
+             }
+         }
+ 
++      /* try the default path.  */
++      if (fd == -1
++	  && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
++	   || __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1))
++	 && __rtld_search_dirs.dirs != (void *) -1)
++	fd = open_path (name, namelen, mode & __RTLD_SECURE, &__rtld_search_dirs,
++			&realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
++      /* Finally try ld.so.cache */
+ #ifdef USE_LDCONFIG
+       if (fd == -1
+ 	  && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
+@@ -2233,14 +2241,6 @@ _dl_map_object (struct link_map *loader, const char *name,
+ 	}
+ #endif
+ 
+-      /* Finally, try the default path.  */
+-      if (fd == -1
+-	  && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
+-	      || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
+-	  && __rtld_search_dirs.dirs != (void *) -1)
+-	fd = open_path (name, namelen, mode, &__rtld_search_dirs,
+-			&realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
+-
+       /* Add another newline when we are tracing the library loading.  */
+       if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
+ 	_dl_debug_printf ("\n");
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch
new file mode 100644
index 000000000..a8e625d24
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch
@@ -0,0 +1,46 @@
+From aa8393bff257e4badfd208b88473ead175c69362 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 01:50:00 +0000
+Subject: [PATCH] nativesdk-glibc: Fix buffer overrun with a relocated SDK
+
+When ld-linux-*.so.2 is relocated to a path that is longer than the
+original fixed location, the dynamic loader will crash in open_path
+because it implicitly assumes that max_dirnamelen is a fixed size that
+never changes.
+
+The allocated buffer will not be large enough to contain the directory
+path string which is larger than the fixed location provided at build
+time.
+
+Upstream-Status: Inappropriate [OE SDK specific]
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ elf/dl-load.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index ad01674027..f455207e79 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -1871,7 +1871,19 @@ open_path (const char *name, size_t namelen, int mode,
+        given on the command line when rtld is run directly.  */
+     return -1;
+ 
++  do
++    {
++      struct r_search_path_elem *this_dir = *dirs;
++      if (this_dir->dirnamelen > max_dirnamelen)
++	{
++	  max_dirnamelen = this_dir->dirnamelen;
++	}
++    }
++  while (*++dirs != NULL);
++
+   buf = alloca (max_dirnamelen + max_capstrlen + namelen);
++
++  dirs = sps->dirs;
+   do
+     {
+       struct r_search_path_elem *this_dir = *dirs;
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch
new file mode 100644
index 000000000..197caae92
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch
@@ -0,0 +1,153 @@
+From 3ea08e491a8494ff03e598b5e0fc2d8131e75da9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 01:51:38 +0000
+Subject: [PATCH] nativesdk-glibc: Raise the size of arrays containing dl paths
+
+This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings
+and lengths as well as ld.so.cache path in the dynamic loader to specific
+sections in memory. The sections that contain paths have been allocated a 4096
+byte section, which is the maximum path length in linux. This will allow the
+relocating script to parse the ELF binary, detect the section and easily replace
+the strings in a certain path.
+
+Upstream-Status: Inappropriate [SDK specific]
+
+Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ elf/dl-cache.c             | 4 ++++
+ elf/dl-load.c              | 4 ++--
+ elf/dl-usage.c             | 6 ++++--
+ elf/interp.c               | 2 +-
+ elf/ldconfig.c             | 3 +++
+ elf/rtld.c                 | 1 +
+ iconv/gconv_conf.c         | 2 +-
+ sysdeps/generic/dl-cache.h | 4 ----
+ 8 files changed, 16 insertions(+), 10 deletions(-)
+
+diff --git a/elf/dl-cache.c b/elf/dl-cache.c
+index 32f3bef5ea..71f3a82dc0 100644
+--- a/elf/dl-cache.c
++++ b/elf/dl-cache.c
+@@ -359,6 +359,10 @@ search_cache (const char *string_table, uint32_t string_table_size,
+   return best;
+ }
+ 
++const char LD_SO_CACHE[4096] __attribute__ ((section (".ldsocache"))) =
++		SYSCONFDIR "/ld.so.cache";
++
++
+ int
+ _dl_cache_libcmp (const char *p1, const char *p2)
+ {
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index f455207e79..a144e24fcf 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -115,8 +115,8 @@ enum { ncapstr = 1, max_capstrlen = 0 };
+    gen-trusted-dirs.awk.  */
+ #include "trusted-dirs.h"
+ 
+-static const char system_dirs[] = SYSTEM_DIRS;
+-static const size_t system_dirs_len[] =
++static const char system_dirs[4096] __attribute__ ((section (".sysdirs"))) = SYSTEM_DIRS;
++volatile static const size_t system_dirs_len[] __attribute__ ((section (".sysdirslen"))) =
+ {
+   SYSTEM_DIRS_LEN
+ };
+diff --git a/elf/dl-usage.c b/elf/dl-usage.c
+index 6e26818bd7..f09e8b93e5 100644
+--- a/elf/dl-usage.c
++++ b/elf/dl-usage.c
+@@ -25,6 +25,8 @@
+ #include <dl-procinfo.h>
+ #include <dl-hwcaps.h>
+ 
++extern const char LD_SO_CACHE[4096] __attribute__ ((section (".ldsocache")));
++
+ void
+ _dl_usage (const char *argv0, const char *wrong_option)
+ {
+@@ -244,7 +246,7 @@ setting environment variables (which would be inherited by subprocesses).\n\
+   --list                list all dependencies and how they are resolved\n\
+   --verify              verify that given object really is a dynamically linked\n\
+                         object we can handle\n\
+-  --inhibit-cache       Do not use " LD_SO_CACHE "\n\
++  --inhibit-cache       Do not use %s\n\
+   --library-path PATH   use given PATH instead of content of the environment\n\
+                         variable LD_LIBRARY_PATH\n\
+   --glibc-hwcaps-prepend LIST\n\
+@@ -266,7 +268,7 @@ setting environment variables (which would be inherited by subprocesses).\n\
+ \n\
+ This program interpreter self-identifies as: " RTLD "\n\
+ ",
+-              argv0);
++              argv0, LD_SO_CACHE);
+   print_search_path_for_help (state);
+   print_hwcaps_subdirectories (state);
+   print_legacy_hwcap_directories ();
+diff --git a/elf/interp.c b/elf/interp.c
+index 91966702ca..dc86c20e83 100644
+--- a/elf/interp.c
++++ b/elf/interp.c
+@@ -18,5 +18,5 @@
+ 
+ #include <runtime-linker.h>
+ 
+-const char __invoke_dynamic_linker__[] __attribute__ ((section (".interp")))
++const char __invoke_dynamic_linker__[4096] __attribute__ ((section (".interp")))
+   = RUNTIME_LINKER;
+diff --git a/elf/ldconfig.c b/elf/ldconfig.c
+index 28ed637a29..5d38a60c5d 100644
+--- a/elf/ldconfig.c
++++ b/elf/ldconfig.c
+@@ -176,6 +176,9 @@ static struct argp argp =
+   options, parse_opt, NULL, doc, NULL, more_help, NULL
+ };
+ 
++
++extern const char LD_SO_CACHE[4096] __attribute__ ((section (".ldsocache")));
++
+ /* Check if string corresponds to an important hardware capability or
+    a platform.  */
+ static int
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 596b6ac3d9..1ccd33f668 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -185,6 +185,7 @@ dso_name_valid_for_suid (const char *p)
+     }
+   return *p != '\0';
+ }
++extern const char LD_SO_CACHE[4096] __attribute__ ((section (".ldsocache")));
+ 
+ static void
+ audit_list_init (struct audit_list *list)
+diff --git a/iconv/gconv_conf.c b/iconv/gconv_conf.c
+index 682f949834..7eed87bc9d 100644
+--- a/iconv/gconv_conf.c
++++ b/iconv/gconv_conf.c
+@@ -36,7 +36,7 @@
+ 
+ 
+ /* This is the default path where we look for module lists.  */
+-static const char default_gconv_path[] = GCONV_PATH;
++static char default_gconv_path[4096] __attribute__ ((section (".gccrelocprefix"))) = GCONV_PATH;
+ 
+ /* Type to represent search path.  */
+ struct path_elem
+diff --git a/sysdeps/generic/dl-cache.h b/sysdeps/generic/dl-cache.h
+index 964d50a486..94bf68ca9d 100644
+--- a/sysdeps/generic/dl-cache.h
++++ b/sysdeps/generic/dl-cache.h
+@@ -34,10 +34,6 @@
+   ((flags) == 1 || (flags) == _DL_CACHE_DEFAULT_ID)
+ #endif
+ 
+-#ifndef LD_SO_CACHE
+-# define LD_SO_CACHE SYSCONFDIR "/ld.so.cache"
+-#endif
+-
+ #ifndef add_system_dir
+ # define add_system_dir(dir) add_dir (dir)
+ #endif
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch
new file mode 100644
index 000000000..172ade8d9
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch
@@ -0,0 +1,39 @@
+From 19e3e45eb1838ee80af13c3d27fcff446773211e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 31 Dec 2015 14:35:35 -0800
+Subject: [PATCH] nativesdk-glibc: Allow 64 bit atomics for x86
+
+The fix consist of allowing 64bit atomic ops for x86.
+This should be safe for i586 and newer CPUs.
+It also makes the synchronization more efficient.
+
+Upstream-Status: Inappropriate [OE-Specific]
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/x86/atomic-machine.h | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/sysdeps/x86/atomic-machine.h b/sysdeps/x86/atomic-machine.h
+index 695222e4fa..9d39bfdbd5 100644
+--- a/sysdeps/x86/atomic-machine.h
++++ b/sysdeps/x86/atomic-machine.h
+@@ -52,15 +52,14 @@ typedef uintmax_t uatomic_max_t;
+ #define LOCK_PREFIX "lock;"
+ 
+ #define USE_ATOMIC_COMPILER_BUILTINS	1
++# define __HAVE_64B_ATOMICS		1
+ 
+ #ifdef __x86_64__
+-# define __HAVE_64B_ATOMICS		1
+ # define SP_REG				"rsp"
+ # define SEG_REG			"fs"
+ # define BR_CONSTRAINT			"q"
+ # define IBR_CONSTRAINT			"iq"
+ #else
+-# define __HAVE_64B_ATOMICS		0
+ # define SP_REG				"esp"
+ # define SEG_REG			"gs"
+ # define BR_CONSTRAINT			"r"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch
new file mode 100644
index 000000000..14697567c
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch
@@ -0,0 +1,100 @@
+From 732d4f4954fe60718870048d0583a20a7a8a8540 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Aug 2018 09:55:12 -0700
+Subject: [PATCH] nativesdk-glibc: Make relocatable install for locales
+
+The glibc locale path is hard-coded to the install prefix, but in SDKs we need
+to be able to relocate the binaries.  Expand the strings to 4K and put them in a
+magic segment that we can relocate at install time.
+
+Upstream-Status: Inappropriate (OE-specific)
+
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ locale/findlocale.c      | 4 ++--
+ locale/loadarchive.c     | 2 +-
+ locale/localeinfo.h      | 2 +-
+ locale/programs/locale.c | 7 ++++---
+ 4 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/locale/findlocale.c b/locale/findlocale.c
+index ab09122b0c..f42cc75780 100644
+--- a/locale/findlocale.c
++++ b/locale/findlocale.c
+@@ -56,7 +56,7 @@ struct __locale_data *const _nl_C[] attribute_hidden =
+    which are somehow addressed.  */
+ struct loaded_l10nfile *_nl_locale_file_list[__LC_LAST];
+ 
+-const char _nl_default_locale_path[] attribute_hidden = COMPLOCALEDIR;
++char _nl_default_locale_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR;
+ 
+ /* Checks if the name is actually present, that is, not NULL and not
+    empty.  */
+@@ -166,7 +166,7 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
+ 
+       /* Nothing in the archive.  Set the default path to search below.  */
+       locale_path = _nl_default_locale_path;
+-      locale_path_len = sizeof _nl_default_locale_path;
++      locale_path_len = strlen(locale_path) + 1;
+     }
+   else
+     /* We really have to load some data.  First see whether the name is
+diff --git a/locale/loadarchive.c b/locale/loadarchive.c
+index 4177fc8972..40247b1e68 100644
+--- a/locale/loadarchive.c
++++ b/locale/loadarchive.c
+@@ -42,7 +42,7 @@
+ 
+ 
+ /* Name of the locale archive file.  */
+-static const char archfname[] = COMPLOCALEDIR "/locale-archive";
++static const char archfname[4096] __attribute__ ((section (".gccrelocprefix"))) = COMPLOCALEDIR "/locale-archive";
+ 
+ /* Size of initial mapping window, optimal if large enough to
+    cover the header plus the initial locale.  */
+diff --git a/locale/localeinfo.h b/locale/localeinfo.h
+index b3d4da0185..22f9dc1140 100644
+--- a/locale/localeinfo.h
++++ b/locale/localeinfo.h
+@@ -331,7 +331,7 @@ _nl_lookup_word (locale_t l, int category, int item)
+ }
+ 
+ /* Default search path if no LOCPATH environment variable.  */
+-extern const char _nl_default_locale_path[] attribute_hidden;
++extern char _nl_default_locale_path[4096] attribute_hidden;
+ 
+ /* Load the locale data for CATEGORY from the file specified by *NAME.
+    If *NAME is "", use environment variables as specified by POSIX, and
+diff --git a/locale/programs/locale.c b/locale/programs/locale.c
+index 575b208e82..5ec630c3a4 100644
+--- a/locale/programs/locale.c
++++ b/locale/programs/locale.c
+@@ -632,6 +632,7 @@ nameentcmp (const void *a, const void *b)
+ 		  ((const struct nameent *) b)->name);
+ }
+ 
++static char _write_archive_locales_path[4096] attribute_hidden __attribute__ ((section (".gccrelocprefix"))) = ARCHIVE_NAME;
+ 
+ static int
+ write_archive_locales (void **all_datap, char *linebuf)
+@@ -645,7 +646,7 @@ write_archive_locales (void **all_datap, char *linebuf)
+   int fd, ret = 0;
+   uint32_t cnt;
+ 
+-  fd = open64 (ARCHIVE_NAME, O_RDONLY);
++  fd = open64 (_write_archive_locales_path, O_RDONLY);
+   if (fd < 0)
+     return 0;
+ 
+@@ -700,8 +701,8 @@ write_archive_locales (void **all_datap, char *linebuf)
+ 	  if (cnt)
+ 	    putchar_unlocked ('\n');
+ 
+-	  printf ("locale: %-15.15s archive: " ARCHIVE_NAME "\n%s\n",
+-		  names[cnt].name, linebuf);
++	  printf ("locale: %-15.15s archive: %s\n%s\n",
++		  names[cnt].name, _write_archive_locales_path, linebuf);
+ 
+ 	  locrec = (struct locrecent *) (addr + names[cnt].locrec_offset);
+ 
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch
new file mode 100644
index 000000000..2162bf38c
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch
@@ -0,0 +1,1581 @@
+From 3d58330390a7d4f4ed32f4a9c25628af3e0dd5c1 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:01:50 +0000
+Subject: [PATCH] fsl e500/e5500/e6500/603e fsqrt implementation
+
+Upstream-Status: Pending
+Signed-off-by: Edmar Wienskoski <edmar@freescale.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c   | 134 ++++++++++++++++++
+ sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c  | 101 +++++++++++++
+ sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c | 134 ++++++++++++++++++
+ .../powerpc/powerpc32/e500mc/fpu/e_sqrtf.c    | 101 +++++++++++++
+ sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c  | 134 ++++++++++++++++++
+ sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c | 101 +++++++++++++
+ sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c  | 134 ++++++++++++++++++
+ sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c | 101 +++++++++++++
+ sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c  | 134 ++++++++++++++++++
+ sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c | 101 +++++++++++++
+ sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c  | 134 ++++++++++++++++++
+ sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c | 101 +++++++++++++
+ .../linux/powerpc/powerpc32/603e/fpu/Implies  |   1 +
+ .../powerpc/powerpc32/e300c3/fpu/Implies      |   2 +
+ .../powerpc/powerpc32/e500mc/fpu/Implies      |   1 +
+ .../linux/powerpc/powerpc32/e5500/fpu/Implies |   1 +
+ .../linux/powerpc/powerpc32/e6500/fpu/Implies |   1 +
+ .../linux/powerpc/powerpc64/e5500/fpu/Implies |   1 +
+ .../linux/powerpc/powerpc64/e6500/fpu/Implies |   1 +
+ 19 files changed, 1418 insertions(+)
+ create mode 100644 sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
+ create mode 100644 sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
+ create mode 100644 sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
+ create mode 100644 sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
+ create mode 100644 sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
+ create mode 100644 sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
+ create mode 100644 sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+ create mode 100644 sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+ create mode 100644 sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
+ create mode 100644 sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
+ create mode 100644 sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
+ create mode 100644 sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
+ create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/603e/fpu/Implies
+ create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/e300c3/fpu/Implies
+ create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/e500mc/fpu/Implies
+ create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/e5500/fpu/Implies
+ create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc32/e6500/fpu/Implies
+ create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc64/e5500/fpu/Implies
+ create mode 100644 sysdeps/unix/sysv/linux/powerpc/powerpc64/e6500/fpu/Implies
+
+diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
+new file mode 100644
+index 0000000000..71e516d1c8
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
+@@ -0,0 +1,134 @@
++/* Double-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float two108 = 3.245185536584267269e+32;
++static const float twom54 = 5.551115123125782702e-17;
++static const float half = 0.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the actual square root and half of its reciprocal
++   simultaneously.  */
++
++#ifdef __STDC__
++double
++__ieee754_sqrt (double b)
++#else
++double
++__ieee754_sqrt (b)
++     double b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++      double y, g, h, d, r;
++      ieee_double_shape_type u;
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          u.value = b;
++
++          relax_fenv_state ();
++
++          __asm__ ("frsqrte %[estimate], %[x]\n"
++                   : [estimate] "=f" (y) : [x] "f" (b));
++
++          /* Following Muller et al, page 168, equation 5.20.
++
++             h goes to 1/(2*sqrt(b))
++             g goes to sqrt(b).
++
++             We need three iterations to get within 1ulp.  */
++
++          /* Indicate that these can be performed prior to the branch.  GCC
++             insists on sinking them below the branch, however; it seems like
++             they'd be better before the branch so that we can cover any latency
++             from storing the argument and loading its high word.  Oh well.  */
++
++          g = b * y;
++          h = 0.5 * y;
++
++          /* Handle small numbers by scaling.  */
++          if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
++            return __ieee754_sqrt (b * two108) * twom54;
++
++#define FMADD(a_, c_, b_)                                               \
++          ({ double __r;                                                \
++          __asm__ ("fmadd %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++#define FNMSUB(a_, c_, b_)                                          \
++          ({ double __r;                                                \
++          __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          /* g is now +/- 1ulp, or exactly equal to, the square root of b.  */
++
++          /* Final refinement.  */
++          d = FNMSUB (g, g, b);
++
++          fesetenv_register (fe);
++          return FMADD (d, h, g);
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_wash (b);
++}
+diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
+new file mode 100644
+index 0000000000..26fa067abf
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
+@@ -0,0 +1,101 @@
++/* Single-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float threehalf = 1.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the reciprocal square root and use that to compute the actual
++   square root.  */
++
++#ifdef __STDC__
++float
++__ieee754_sqrtf (float b)
++#else
++float
++__ieee754_sqrtf (b)
++     float b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++#define FMSUB(a_, c_, b_)                                               \
++      ({ double __r;                                                    \
++        __asm__ ("fmsub %[r], %[a], %[c], %[b]\n"                       \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++#define FNMSUB(a_, c_, b_)                                              \
++      ({ double __r;                                                    \
++        __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                      \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          double y, x;
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          relax_fenv_state ();
++
++          /* Compute y = 1.5 * b - b.  Uses fewer constants than y = 0.5 * b.  */
++          y = FMSUB (threehalf, b, b);
++
++          /* Initial estimate.  */
++          __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b));
++
++          /* Iterate.  x_{n+1} = x_n * (1.5 - y * (x_n * x_n)).  */
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++
++          /* All done.  */
++          fesetenv_register (fe);
++          return x * b;
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_washf (b);
++}
+diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
+new file mode 100644
+index 0000000000..71e516d1c8
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
+@@ -0,0 +1,134 @@
++/* Double-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float two108 = 3.245185536584267269e+32;
++static const float twom54 = 5.551115123125782702e-17;
++static const float half = 0.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the actual square root and half of its reciprocal
++   simultaneously.  */
++
++#ifdef __STDC__
++double
++__ieee754_sqrt (double b)
++#else
++double
++__ieee754_sqrt (b)
++     double b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++      double y, g, h, d, r;
++      ieee_double_shape_type u;
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          u.value = b;
++
++          relax_fenv_state ();
++
++          __asm__ ("frsqrte %[estimate], %[x]\n"
++                   : [estimate] "=f" (y) : [x] "f" (b));
++
++          /* Following Muller et al, page 168, equation 5.20.
++
++             h goes to 1/(2*sqrt(b))
++             g goes to sqrt(b).
++
++             We need three iterations to get within 1ulp.  */
++
++          /* Indicate that these can be performed prior to the branch.  GCC
++             insists on sinking them below the branch, however; it seems like
++             they'd be better before the branch so that we can cover any latency
++             from storing the argument and loading its high word.  Oh well.  */
++
++          g = b * y;
++          h = 0.5 * y;
++
++          /* Handle small numbers by scaling.  */
++          if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
++            return __ieee754_sqrt (b * two108) * twom54;
++
++#define FMADD(a_, c_, b_)                                               \
++          ({ double __r;                                                \
++          __asm__ ("fmadd %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++#define FNMSUB(a_, c_, b_)                                          \
++          ({ double __r;                                                \
++          __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          /* g is now +/- 1ulp, or exactly equal to, the square root of b.  */
++
++          /* Final refinement.  */
++          d = FNMSUB (g, g, b);
++
++          fesetenv_register (fe);
++          return FMADD (d, h, g);
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_wash (b);
++}
+diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
+new file mode 100644
+index 0000000000..26fa067abf
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
+@@ -0,0 +1,101 @@
++/* Single-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float threehalf = 1.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the reciprocal square root and use that to compute the actual
++   square root.  */
++
++#ifdef __STDC__
++float
++__ieee754_sqrtf (float b)
++#else
++float
++__ieee754_sqrtf (b)
++     float b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++#define FMSUB(a_, c_, b_)                                               \
++      ({ double __r;                                                    \
++        __asm__ ("fmsub %[r], %[a], %[c], %[b]\n"                       \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++#define FNMSUB(a_, c_, b_)                                              \
++      ({ double __r;                                                    \
++        __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                      \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          double y, x;
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          relax_fenv_state ();
++
++          /* Compute y = 1.5 * b - b.  Uses fewer constants than y = 0.5 * b.  */
++          y = FMSUB (threehalf, b, b);
++
++          /* Initial estimate.  */
++          __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b));
++
++          /* Iterate.  x_{n+1} = x_n * (1.5 - y * (x_n * x_n)).  */
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++
++          /* All done.  */
++          fesetenv_register (fe);
++          return x * b;
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_washf (b);
++}
+diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
+new file mode 100644
+index 0000000000..71e516d1c8
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
+@@ -0,0 +1,134 @@
++/* Double-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float two108 = 3.245185536584267269e+32;
++static const float twom54 = 5.551115123125782702e-17;
++static const float half = 0.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the actual square root and half of its reciprocal
++   simultaneously.  */
++
++#ifdef __STDC__
++double
++__ieee754_sqrt (double b)
++#else
++double
++__ieee754_sqrt (b)
++     double b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++      double y, g, h, d, r;
++      ieee_double_shape_type u;
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          u.value = b;
++
++          relax_fenv_state ();
++
++          __asm__ ("frsqrte %[estimate], %[x]\n"
++                   : [estimate] "=f" (y) : [x] "f" (b));
++
++          /* Following Muller et al, page 168, equation 5.20.
++
++             h goes to 1/(2*sqrt(b))
++             g goes to sqrt(b).
++
++             We need three iterations to get within 1ulp.  */
++
++          /* Indicate that these can be performed prior to the branch.  GCC
++             insists on sinking them below the branch, however; it seems like
++             they'd be better before the branch so that we can cover any latency
++             from storing the argument and loading its high word.  Oh well.  */
++
++          g = b * y;
++          h = 0.5 * y;
++
++          /* Handle small numbers by scaling.  */
++          if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
++            return __ieee754_sqrt (b * two108) * twom54;
++
++#define FMADD(a_, c_, b_)                                               \
++          ({ double __r;                                                \
++          __asm__ ("fmadd %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++#define FNMSUB(a_, c_, b_)                                          \
++          ({ double __r;                                                \
++          __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          /* g is now +/- 1ulp, or exactly equal to, the square root of b.  */
++
++          /* Final refinement.  */
++          d = FNMSUB (g, g, b);
++
++          fesetenv_register (fe);
++          return FMADD (d, h, g);
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_wash (b);
++}
+diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
+new file mode 100644
+index 0000000000..26fa067abf
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
+@@ -0,0 +1,101 @@
++/* Single-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float threehalf = 1.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the reciprocal square root and use that to compute the actual
++   square root.  */
++
++#ifdef __STDC__
++float
++__ieee754_sqrtf (float b)
++#else
++float
++__ieee754_sqrtf (b)
++     float b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++#define FMSUB(a_, c_, b_)                                               \
++      ({ double __r;                                                    \
++        __asm__ ("fmsub %[r], %[a], %[c], %[b]\n"                       \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++#define FNMSUB(a_, c_, b_)                                              \
++      ({ double __r;                                                    \
++        __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                      \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          double y, x;
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          relax_fenv_state ();
++
++          /* Compute y = 1.5 * b - b.  Uses fewer constants than y = 0.5 * b.  */
++          y = FMSUB (threehalf, b, b);
++
++          /* Initial estimate.  */
++          __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b));
++
++          /* Iterate.  x_{n+1} = x_n * (1.5 - y * (x_n * x_n)).  */
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++
++          /* All done.  */
++          fesetenv_register (fe);
++          return x * b;
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_washf (b);
++}
+diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+new file mode 100644
+index 0000000000..71e516d1c8
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+@@ -0,0 +1,134 @@
++/* Double-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float two108 = 3.245185536584267269e+32;
++static const float twom54 = 5.551115123125782702e-17;
++static const float half = 0.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the actual square root and half of its reciprocal
++   simultaneously.  */
++
++#ifdef __STDC__
++double
++__ieee754_sqrt (double b)
++#else
++double
++__ieee754_sqrt (b)
++     double b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++      double y, g, h, d, r;
++      ieee_double_shape_type u;
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          u.value = b;
++
++          relax_fenv_state ();
++
++          __asm__ ("frsqrte %[estimate], %[x]\n"
++                   : [estimate] "=f" (y) : [x] "f" (b));
++
++          /* Following Muller et al, page 168, equation 5.20.
++
++             h goes to 1/(2*sqrt(b))
++             g goes to sqrt(b).
++
++             We need three iterations to get within 1ulp.  */
++
++          /* Indicate that these can be performed prior to the branch.  GCC
++             insists on sinking them below the branch, however; it seems like
++             they'd be better before the branch so that we can cover any latency
++             from storing the argument and loading its high word.  Oh well.  */
++
++          g = b * y;
++          h = 0.5 * y;
++
++          /* Handle small numbers by scaling.  */
++          if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
++            return __ieee754_sqrt (b * two108) * twom54;
++
++#define FMADD(a_, c_, b_)                                               \
++          ({ double __r;                                                \
++          __asm__ ("fmadd %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++#define FNMSUB(a_, c_, b_)                                          \
++          ({ double __r;                                                \
++          __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          /* g is now +/- 1ulp, or exactly equal to, the square root of b.  */
++
++          /* Final refinement.  */
++          d = FNMSUB (g, g, b);
++
++          fesetenv_register (fe);
++          return FMADD (d, h, g);
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_wash (b);
++}
+diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+new file mode 100644
+index 0000000000..26fa067abf
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+@@ -0,0 +1,101 @@
++/* Single-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float threehalf = 1.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the reciprocal square root and use that to compute the actual
++   square root.  */
++
++#ifdef __STDC__
++float
++__ieee754_sqrtf (float b)
++#else
++float
++__ieee754_sqrtf (b)
++     float b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++#define FMSUB(a_, c_, b_)                                               \
++      ({ double __r;                                                    \
++        __asm__ ("fmsub %[r], %[a], %[c], %[b]\n"                       \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++#define FNMSUB(a_, c_, b_)                                              \
++      ({ double __r;                                                    \
++        __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                      \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          double y, x;
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          relax_fenv_state ();
++
++          /* Compute y = 1.5 * b - b.  Uses fewer constants than y = 0.5 * b.  */
++          y = FMSUB (threehalf, b, b);
++
++          /* Initial estimate.  */
++          __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b));
++
++          /* Iterate.  x_{n+1} = x_n * (1.5 - y * (x_n * x_n)).  */
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++
++          /* All done.  */
++          fesetenv_register (fe);
++          return x * b;
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_washf (b);
++}
+diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
+new file mode 100644
+index 0000000000..71e516d1c8
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
+@@ -0,0 +1,134 @@
++/* Double-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float two108 = 3.245185536584267269e+32;
++static const float twom54 = 5.551115123125782702e-17;
++static const float half = 0.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the actual square root and half of its reciprocal
++   simultaneously.  */
++
++#ifdef __STDC__
++double
++__ieee754_sqrt (double b)
++#else
++double
++__ieee754_sqrt (b)
++     double b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++      double y, g, h, d, r;
++      ieee_double_shape_type u;
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          u.value = b;
++
++          relax_fenv_state ();
++
++          __asm__ ("frsqrte %[estimate], %[x]\n"
++                   : [estimate] "=f" (y) : [x] "f" (b));
++
++          /* Following Muller et al, page 168, equation 5.20.
++
++             h goes to 1/(2*sqrt(b))
++             g goes to sqrt(b).
++
++             We need three iterations to get within 1ulp.  */
++
++          /* Indicate that these can be performed prior to the branch.  GCC
++             insists on sinking them below the branch, however; it seems like
++             they'd be better before the branch so that we can cover any latency
++             from storing the argument and loading its high word.  Oh well.  */
++
++          g = b * y;
++          h = 0.5 * y;
++
++          /* Handle small numbers by scaling.  */
++          if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
++            return __ieee754_sqrt (b * two108) * twom54;
++
++#define FMADD(a_, c_, b_)                                               \
++          ({ double __r;                                                \
++          __asm__ ("fmadd %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++#define FNMSUB(a_, c_, b_)                                          \
++          ({ double __r;                                                \
++          __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          /* g is now +/- 1ulp, or exactly equal to, the square root of b.  */
++
++          /* Final refinement.  */
++          d = FNMSUB (g, g, b);
++
++          fesetenv_register (fe);
++          return FMADD (d, h, g);
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_wash (b);
++}
+diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
+new file mode 100644
+index 0000000000..26fa067abf
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
+@@ -0,0 +1,101 @@
++/* Single-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float threehalf = 1.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the reciprocal square root and use that to compute the actual
++   square root.  */
++
++#ifdef __STDC__
++float
++__ieee754_sqrtf (float b)
++#else
++float
++__ieee754_sqrtf (b)
++     float b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++#define FMSUB(a_, c_, b_)                                               \
++      ({ double __r;                                                    \
++        __asm__ ("fmsub %[r], %[a], %[c], %[b]\n"                       \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++#define FNMSUB(a_, c_, b_)                                              \
++      ({ double __r;                                                    \
++        __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                      \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          double y, x;
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          relax_fenv_state ();
++
++          /* Compute y = 1.5 * b - b.  Uses fewer constants than y = 0.5 * b.  */
++          y = FMSUB (threehalf, b, b);
++
++          /* Initial estimate.  */
++          __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b));
++
++          /* Iterate.  x_{n+1} = x_n * (1.5 - y * (x_n * x_n)).  */
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++
++          /* All done.  */
++          fesetenv_register (fe);
++          return x * b;
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_washf (b);
++}
+diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
+new file mode 100644
+index 0000000000..71e516d1c8
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
+@@ -0,0 +1,134 @@
++/* Double-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float two108 = 3.245185536584267269e+32;
++static const float twom54 = 5.551115123125782702e-17;
++static const float half = 0.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the actual square root and half of its reciprocal
++   simultaneously.  */
++
++#ifdef __STDC__
++double
++__ieee754_sqrt (double b)
++#else
++double
++__ieee754_sqrt (b)
++     double b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++      double y, g, h, d, r;
++      ieee_double_shape_type u;
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          u.value = b;
++
++          relax_fenv_state ();
++
++          __asm__ ("frsqrte %[estimate], %[x]\n"
++                   : [estimate] "=f" (y) : [x] "f" (b));
++
++          /* Following Muller et al, page 168, equation 5.20.
++
++             h goes to 1/(2*sqrt(b))
++             g goes to sqrt(b).
++
++             We need three iterations to get within 1ulp.  */
++
++          /* Indicate that these can be performed prior to the branch.  GCC
++             insists on sinking them below the branch, however; it seems like
++             they'd be better before the branch so that we can cover any latency
++             from storing the argument and loading its high word.  Oh well.  */
++
++          g = b * y;
++          h = 0.5 * y;
++
++          /* Handle small numbers by scaling.  */
++          if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
++            return __ieee754_sqrt (b * two108) * twom54;
++
++#define FMADD(a_, c_, b_)                                               \
++          ({ double __r;                                                \
++          __asm__ ("fmadd %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++#define FNMSUB(a_, c_, b_)                                          \
++          ({ double __r;                                                \
++          __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                     \
++                   : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++          __r;})
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          r = FNMSUB (g, h, half);
++          g = FMADD (g, r, g);
++          h = FMADD (h, r, h);
++
++          /* g is now +/- 1ulp, or exactly equal to, the square root of b.  */
++
++          /* Final refinement.  */
++          d = FNMSUB (g, g, b);
++
++          fesetenv_register (fe);
++          return FMADD (d, h, g);
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_wash (b);
++}
+diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
+new file mode 100644
+index 0000000000..26fa067abf
+--- /dev/null
++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
+@@ -0,0 +1,101 @@
++/* Single-precision floating point square root.
++   Copyright (C) 2010 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include <math.h>
++#include <math_private.h>
++#include <fenv_libc.h>
++#include <inttypes.h>
++
++#include <sysdep.h>
++#include <ldsodefs.h>
++
++static const ieee_float_shape_type a_nan = {.word = 0x7fc00000 };
++static const ieee_float_shape_type a_inf = {.word = 0x7f800000 };
++static const float threehalf = 1.5;
++
++/* The method is based on the descriptions in:
++
++   _The Handbook of Floating-Pointer Arithmetic_ by Muller et al., chapter 5;
++   _IA-64 and Elementary Functions: Speed and Precision_ by Markstein, chapter 9
++
++   We find the reciprocal square root and use that to compute the actual
++   square root.  */
++
++#ifdef __STDC__
++float
++__ieee754_sqrtf (float b)
++#else
++float
++__ieee754_sqrtf (b)
++     float b;
++#endif
++{
++  if (__builtin_expect (b > 0, 1))
++    {
++#define FMSUB(a_, c_, b_)                                               \
++      ({ double __r;                                                    \
++        __asm__ ("fmsub %[r], %[a], %[c], %[b]\n"                       \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++#define FNMSUB(a_, c_, b_)                                              \
++      ({ double __r;                                                    \
++        __asm__ ("fnmsub %[r], %[a], %[c], %[b]\n"                      \
++                 : [r] "=f" (__r) : [a] "f" (a_), [c] "f" (c_), [b] "f" (b_)); \
++        __r;})
++
++      if (__builtin_expect (b != a_inf.value, 1))
++        {
++          double y, x;
++          fenv_t fe;
++
++          fe = fegetenv_register ();
++
++          relax_fenv_state ();
++
++          /* Compute y = 1.5 * b - b.  Uses fewer constants than y = 0.5 * b.  */
++          y = FMSUB (threehalf, b, b);
++
++          /* Initial estimate.  */
++          __asm__ ("frsqrte %[x], %[b]\n" : [x] "=f" (x) : [b] "f" (b));
++
++          /* Iterate.  x_{n+1} = x_n * (1.5 - y * (x_n * x_n)).  */
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++          x = x * FNMSUB (y, x * x, threehalf);
++
++          /* All done.  */
++          fesetenv_register (fe);
++          return x * b;
++        }
++    }
++  else if (b < 0)
++    {
++      /* For some reason, some PowerPC32 processors don't implement
++         FE_INVALID_SQRT.  */
++#ifdef FE_INVALID_SQRT
++      feraiseexcept (FE_INVALID_SQRT);
++
++      fenv_union_t u = { .fenv = fegetenv_register () };
++      if ((u.l & FE_INVALID) == 0)
++#endif
++	feraiseexcept (FE_INVALID);
++      b = a_nan.value;
++    }
++  return f_washf (b);
++}
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/603e/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/603e/fpu/Implies
+new file mode 100644
+index 0000000000..b103b4dea5
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/603e/fpu/Implies
+@@ -0,0 +1 @@
++powerpc/powerpc32/603e/fpu
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/e300c3/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e300c3/fpu/Implies
+new file mode 100644
+index 0000000000..64db17fada
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e300c3/fpu/Implies
+@@ -0,0 +1,2 @@
++# e300c3 is a variant of 603e so use the same optimizations for sqrt
++powerpc/powerpc32/603e/fpu
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/e500mc/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e500mc/fpu/Implies
+new file mode 100644
+index 0000000000..7eac5fcf02
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e500mc/fpu/Implies
+@@ -0,0 +1 @@
++powerpc/powerpc32/e500mc/fpu
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/e5500/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e5500/fpu/Implies
+new file mode 100644
+index 0000000000..264b2a7700
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e5500/fpu/Implies
+@@ -0,0 +1 @@
++powerpc/powerpc32/e5500/fpu
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/e6500/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e6500/fpu/Implies
+new file mode 100644
+index 0000000000..a25934467b
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/e6500/fpu/Implies
+@@ -0,0 +1 @@
++powerpc/powerpc32/e6500/fpu
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/e5500/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc64/e5500/fpu/Implies
+new file mode 100644
+index 0000000000..a7bc854be8
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/e5500/fpu/Implies
+@@ -0,0 +1 @@
++powerpc/powerpc64/e5500/fpu
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/e6500/fpu/Implies b/sysdeps/unix/sysv/linux/powerpc/powerpc64/e6500/fpu/Implies
+new file mode 100644
+index 0000000000..04ff8cc181
+--- /dev/null
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/e6500/fpu/Implies
+@@ -0,0 +1 @@
++powerpc/powerpc64/e6500/fpu
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch
new file mode 100644
index 000000000..0c8bf94a7
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch
@@ -0,0 +1,205 @@
+From 3b5fe5b1a7390cde0f07351415e3891f62d1f7e0 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:15:07 +0000
+Subject: [PATCH] ppc/sqrt: Fix undefined reference to `__sqrt_finite'
+
+on ppc fixes the errors like below
+| ./.libs/libpulsecore-1.1.so: undefined reference to `__sqrt_finite'
+| collect2: ld returned 1 exit status
+
+Upstream-Status: Pending
+
+ChangeLog
+
+2012-01-06  Khem Raj  <raj.khem@gmail.com>
+
+        * sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c: Add __*_finite alias.
+        Remove cruft.
+        * sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c: Ditto.
+        * sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c: Ditto.
+        * sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c: Ditto.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c    | 7 +------
+ sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c   | 7 +------
+ sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c  | 1 +
+ sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c | 1 +
+ sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c   | 1 +
+ sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c  | 1 +
+ sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c   | 1 +
+ sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c  | 1 +
+ sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c   | 7 +------
+ sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c  | 7 +------
+ sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c   | 1 +
+ sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c  | 1 +
+ 12 files changed, 12 insertions(+), 24 deletions(-)
+
+diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
+index 71e516d1c8..1795fd6c3e 100644
+--- a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
+@@ -39,14 +39,8 @@ static const float half = 0.5;
+    We find the actual square root and half of its reciprocal
+    simultaneously.  */
+ 
+-#ifdef __STDC__
+ double
+ __ieee754_sqrt (double b)
+-#else
+-double
+-__ieee754_sqrt (b)
+-     double b;
+-#endif
+ {
+   if (__builtin_expect (b > 0, 1))
+     {
+@@ -132,3 +126,4 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
+index 26fa067abf..a917f313ab 100644
+--- a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
+@@ -37,14 +37,8 @@ static const float threehalf = 1.5;
+    We find the reciprocal square root and use that to compute the actual
+    square root.  */
+ 
+-#ifdef __STDC__
+ float
+ __ieee754_sqrtf (float b)
+-#else
+-float
+-__ieee754_sqrtf (b)
+-     float b;
+-#endif
+ {
+   if (__builtin_expect (b > 0, 1))
+     {
+@@ -99,3 +93,4 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
+index 71e516d1c8..fc4a74990e 100644
+--- a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
+@@ -132,3 +132,4 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
+index 26fa067abf..9d175122a8 100644
+--- a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
+@@ -99,3 +99,4 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
+index 71e516d1c8..fc4a74990e 100644
+--- a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
+@@ -132,3 +132,4 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
+index 26fa067abf..9d175122a8 100644
+--- a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
+@@ -99,3 +99,4 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+index 71e516d1c8..fc4a74990e 100644
+--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+@@ -132,3 +132,4 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+index 26fa067abf..9d175122a8 100644
+--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+@@ -99,3 +99,4 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
+index 71e516d1c8..1795fd6c3e 100644
+--- a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
+@@ -39,14 +39,8 @@ static const float half = 0.5;
+    We find the actual square root and half of its reciprocal
+    simultaneously.  */
+ 
+-#ifdef __STDC__
+ double
+ __ieee754_sqrt (double b)
+-#else
+-double
+-__ieee754_sqrt (b)
+-     double b;
+-#endif
+ {
+   if (__builtin_expect (b > 0, 1))
+     {
+@@ -132,3 +126,4 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
+index 26fa067abf..a917f313ab 100644
+--- a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
+@@ -37,14 +37,8 @@ static const float threehalf = 1.5;
+    We find the reciprocal square root and use that to compute the actual
+    square root.  */
+ 
+-#ifdef __STDC__
+ float
+ __ieee754_sqrtf (float b)
+-#else
+-float
+-__ieee754_sqrtf (b)
+-     float b;
+-#endif
+ {
+   if (__builtin_expect (b > 0, 1))
+     {
+@@ -99,3 +93,4 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
+index 71e516d1c8..fc4a74990e 100644
+--- a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
+@@ -132,3 +132,4 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
+index 26fa067abf..9d175122a8 100644
+--- a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
+@@ -99,3 +99,4 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++strong_alias (__ieee754_sqrtf, __sqrtf_finite)
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch
new file mode 100644
index 000000000..cadaa0b2e
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch
@@ -0,0 +1,384 @@
+From 6b6e1dcd707017598ea3bdc2d91a761943b62218 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:16:38 +0000
+Subject: [PATCH] __ieee754_sqrt{,f} are now inline functions and call out
+ __slow versions
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c    | 12 ++++++++++--
+ sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c   |  8 +++++++-
+ sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c  | 14 +++++++++++---
+ sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c | 12 ++++++++++--
+ sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c   | 14 +++++++++++---
+ sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c  | 12 ++++++++++--
+ sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c   |  8 ++++++++
+ sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c  |  8 ++++++++
+ sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c   | 12 ++++++++++--
+ sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c  |  9 ++++++++-
+ sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c   | 14 +++++++++++---
+ sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c  | 12 ++++++++++--
+ 12 files changed, 114 insertions(+), 21 deletions(-)
+
+diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
+index 1795fd6c3e..daa83f3fe8 100644
+--- a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrt.c
+@@ -40,7 +40,7 @@ static const float half = 0.5;
+    simultaneously.  */
+ 
+ double
+-__ieee754_sqrt (double b)
++__slow_ieee754_sqrt (double b)
+ {
+   if (__builtin_expect (b > 0, 1))
+     {
+@@ -77,7 +77,7 @@ __ieee754_sqrt (double b)
+ 
+           /* Handle small numbers by scaling.  */
+           if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
+-            return __ieee754_sqrt (b * two108) * twom54;
++            return __slow_ieee754_sqrt (b * two108) * twom54;
+ 
+ #define FMADD(a_, c_, b_)                                               \
+           ({ double __r;                                                \
+@@ -126,4 +126,12 @@ __ieee754_sqrt (double b)
+     }
+   return f_wash (b);
+ }
++
++#undef __ieee754_sqrt
++double
++__ieee754_sqrt (double x)
++{
++   return __slow_ieee754_sqrt (x);
++}
++
+ strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
+index a917f313ab..b812cf1705 100644
+--- a/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/603e/fpu/e_sqrtf.c
+@@ -38,7 +38,7 @@ static const float threehalf = 1.5;
+    square root.  */
+ 
+ float
+-__ieee754_sqrtf (float b)
++__slow_ieee754_sqrtf (float b)
+ {
+   if (__builtin_expect (b > 0, 1))
+     {
+@@ -93,4 +93,10 @@ __ieee754_sqrtf (float b)
+     }
+   return f_washf (b);
+ }
++#undef __ieee754_sqrtf
++float
++__ieee754_sqrtf (float x)
++{
++  return __slow_ieee754_sqrtf (x);
++}
+ strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
+index fc4a74990e..7038a70b47 100644
+--- a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrt.c
+@@ -41,10 +41,10 @@ static const float half = 0.5;
+ 
+ #ifdef __STDC__
+ double
+-__ieee754_sqrt (double b)
++__slow_ieee754_sqrt (double b)
+ #else
+ double
+-__ieee754_sqrt (b)
++__slow_ieee754_sqrt (b)
+      double b;
+ #endif
+ {
+@@ -83,7 +83,7 @@ __ieee754_sqrt (b)
+ 
+           /* Handle small numbers by scaling.  */
+           if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
+-            return __ieee754_sqrt (b * two108) * twom54;
++            return __slow_ieee754_sqrt (b * two108) * twom54;
+ 
+ #define FMADD(a_, c_, b_)                                               \
+           ({ double __r;                                                \
+@@ -132,4 +132,12 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++
++#undef __ieee754_sqrt
++double
++__ieee754_sqrt (double x)
++{
++   return __slow_ieee754_sqrt (x);
++}
++
+ strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
+index 9d175122a8..10de1f0cc3 100644
+--- a/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/e500mc/fpu/e_sqrtf.c
+@@ -39,10 +39,10 @@ static const float threehalf = 1.5;
+ 
+ #ifdef __STDC__
+ float
+-__ieee754_sqrtf (float b)
++__slow_ieee754_sqrtf (float b)
+ #else
+ float
+-__ieee754_sqrtf (b)
++__slow_ieee754_sqrtf (b)
+      float b;
+ #endif
+ {
+@@ -99,4 +99,12 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++
++#undef __ieee754_sqrtf
++float
++__ieee754_sqrtf (float x)
++{
++  return __slow_ieee754_sqrtf (x);
++}
++
+ strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
+index fc4a74990e..7038a70b47 100644
+--- a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrt.c
+@@ -41,10 +41,10 @@ static const float half = 0.5;
+ 
+ #ifdef __STDC__
+ double
+-__ieee754_sqrt (double b)
++__slow_ieee754_sqrt (double b)
+ #else
+ double
+-__ieee754_sqrt (b)
++__slow_ieee754_sqrt (b)
+      double b;
+ #endif
+ {
+@@ -83,7 +83,7 @@ __ieee754_sqrt (b)
+ 
+           /* Handle small numbers by scaling.  */
+           if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
+-            return __ieee754_sqrt (b * two108) * twom54;
++            return __slow_ieee754_sqrt (b * two108) * twom54;
+ 
+ #define FMADD(a_, c_, b_)                                               \
+           ({ double __r;                                                \
+@@ -132,4 +132,12 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++
++#undef __ieee754_sqrt
++double
++__ieee754_sqrt (double x)
++{
++   return __slow_ieee754_sqrt (x);
++}
++
+ strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
+index 9d175122a8..10de1f0cc3 100644
+--- a/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/e5500/fpu/e_sqrtf.c
+@@ -39,10 +39,10 @@ static const float threehalf = 1.5;
+ 
+ #ifdef __STDC__
+ float
+-__ieee754_sqrtf (float b)
++__slow_ieee754_sqrtf (float b)
+ #else
+ float
+-__ieee754_sqrtf (b)
++__slow_ieee754_sqrtf (b)
+      float b;
+ #endif
+ {
+@@ -99,4 +99,12 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++
++#undef __ieee754_sqrtf
++float
++__ieee754_sqrtf (float x)
++{
++  return __slow_ieee754_sqrtf (x);
++}
++
+ strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+index fc4a74990e..1c34244bd8 100644
+--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+@@ -132,4 +132,12 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++
++#undef __ieee754_sqrt
++double
++__ieee754_sqrt (double x)
++{
++   return __slow_ieee754_sqrt (x);
++}
++
+ strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+index 9d175122a8..812653558f 100644
+--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+@@ -99,4 +99,12 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++
++#undef __ieee754_sqrtf
++float
++__ieee754_sqrtf (float x)
++{
++  return __slow_ieee754_sqrtf (x);
++}
++
+ strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
+index 1795fd6c3e..13a81973e3 100644
+--- a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrt.c
+@@ -40,7 +40,7 @@ static const float half = 0.5;
+    simultaneously.  */
+ 
+ double
+-__ieee754_sqrt (double b)
++__slow_ieee754_sqrt (double b)
+ {
+   if (__builtin_expect (b > 0, 1))
+     {
+@@ -77,7 +77,7 @@ __ieee754_sqrt (double b)
+ 
+           /* Handle small numbers by scaling.  */
+           if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
+-            return __ieee754_sqrt (b * two108) * twom54;
++            return __slow_ieee754_sqrt (b * two108) * twom54;
+ 
+ #define FMADD(a_, c_, b_)                                               \
+           ({ double __r;                                                \
+@@ -126,4 +126,12 @@ __ieee754_sqrt (double b)
+     }
+   return f_wash (b);
+ }
++
++#undef __ieee754_sqrt
++double
++__ieee754_sqrt (double x)
++{
++  return __slow_ieee754_sqrt (x);
++}
++
+ strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
+index a917f313ab..fae2d81210 100644
+--- a/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc64/e5500/fpu/e_sqrtf.c
+@@ -38,7 +38,7 @@ static const float threehalf = 1.5;
+    square root.  */
+ 
+ float
+-__ieee754_sqrtf (float b)
++__slow_ieee754_sqrtf (float b)
+ {
+   if (__builtin_expect (b > 0, 1))
+     {
+@@ -93,4 +93,11 @@ __ieee754_sqrtf (float b)
+     }
+   return f_washf (b);
+ }
++#undef __ieee754_sqrtf
++float
++__ieee754_sqrtf (float x)
++{
++  return __slow_ieee754_sqrtf (x);
++}
++
+ strong_alias (__ieee754_sqrtf, __sqrtf_finite)
+diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
+index fc4a74990e..7038a70b47 100644
+--- a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrt.c
+@@ -41,10 +41,10 @@ static const float half = 0.5;
+ 
+ #ifdef __STDC__
+ double
+-__ieee754_sqrt (double b)
++__slow_ieee754_sqrt (double b)
+ #else
+ double
+-__ieee754_sqrt (b)
++__slow_ieee754_sqrt (b)
+      double b;
+ #endif
+ {
+@@ -83,7 +83,7 @@ __ieee754_sqrt (b)
+ 
+           /* Handle small numbers by scaling.  */
+           if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
+-            return __ieee754_sqrt (b * two108) * twom54;
++            return __slow_ieee754_sqrt (b * two108) * twom54;
+ 
+ #define FMADD(a_, c_, b_)                                               \
+           ({ double __r;                                                \
+@@ -132,4 +132,12 @@ __ieee754_sqrt (b)
+     }
+   return f_wash (b);
+ }
++
++#undef __ieee754_sqrt
++double
++__ieee754_sqrt (double x)
++{
++   return __slow_ieee754_sqrt (x);
++}
++
+ strong_alias (__ieee754_sqrt, __sqrt_finite)
+diff --git a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
+index 9d175122a8..10de1f0cc3 100644
+--- a/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc64/e6500/fpu/e_sqrtf.c
+@@ -39,10 +39,10 @@ static const float threehalf = 1.5;
+ 
+ #ifdef __STDC__
+ float
+-__ieee754_sqrtf (float b)
++__slow_ieee754_sqrtf (float b)
+ #else
+ float
+-__ieee754_sqrtf (b)
++__slow_ieee754_sqrtf (b)
+      float b;
+ #endif
+ {
+@@ -99,4 +99,12 @@ __ieee754_sqrtf (b)
+     }
+   return f_washf (b);
+ }
++
++#undef __ieee754_sqrtf
++float
++__ieee754_sqrtf (float x)
++{
++  return __slow_ieee754_sqrtf (x);
++}
++
+ strong_alias (__ieee754_sqrtf, __sqrtf_finite)
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch
new file mode 100644
index 000000000..e4c78b5c7
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch
@@ -0,0 +1,58 @@
+From 297bac9429260f8df495b81d3fae8ae4c6913f5f Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:20:09 +0000
+Subject: [PATCH] Quote from bug 1443 which explains what the patch does :
+
+  We build some random program and link it with -lust.  When we run it,
+  it dies with a SIGSEGV before reaching main().
+
+  Libust.so depends on liburcu-bp.so from the usermode-rcu package.
+  Although libust.so is not prelinked, liburcu-bp.so IS prelinked; this
+  is critical.
+
+  Libust.so uses a TLS / __thread variable that is defined in liburcu-
+  bp.so.  There are special ARM-specific relocation types that allow two
+  shared libraries to share thread-specific data.  This is critical too.
+
+  One more critical issue: although liburcu-bp.so is prelinked, we can't
+  load it at its prelinked address, because we also link against
+  librt.so, and librt.so uses that address.
+
+  The dynamic linker is forced to relink liburcu-bp.so at a different
+  address.  In the course of relinking, it processes the special ARM
+  relocation record mentioned above.  The prelinker has already filled
+  in the information, which is a short offset into a table of thread-
+  specific data that is allocated per-thread for each library that uses
+  TLS.  Because the normal behavior of a relocation is to add the symbol
+  value to an addend stored at the address being relocated, we end up
+  adding the short offset to itself, doubling it.
+
+  Now we have an awkward situation.  The libust.so library doesn't know
+  about the addend, so its TLS data for this element is correct.  The
+  liburcu-bp.so library has a different offset for the element.  When we
+  go to initialize the element for the first time in liburcu-bp.so, we
+  write the address of the result at the doubled (broken) offset.
+  Later, when we refer to the address from libust.so, we check the value
+  at the correct offset, but it's NULL, so we eat hot SIGSEGV.
+
+Upstream-Status: Pending
+
+Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/arm/dl-machine.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sysdeps/arm/dl-machine.h b/sysdeps/arm/dl-machine.h
+index ff5e09e207..d68bfe5cbe 100644
+--- a/sysdeps/arm/dl-machine.h
++++ b/sysdeps/arm/dl-machine.h
+@@ -510,7 +510,7 @@ elf_machine_rel (struct link_map *map, const Elf32_Rel *reloc,
+ 
+ 	case R_ARM_TLS_DTPOFF32:
+ 	  if (sym != NULL)
+-	    *reloc_addr += sym->st_value;
++	    *reloc_addr = sym->st_value;
+ 	  break;
+ 
+ 	case R_ARM_TLS_TPOFF32:
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch
new file mode 100644
index 000000000..c5e8e6473
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch
@@ -0,0 +1,33 @@
+From f389babf3c920e68b7d7391556a78ebf62a21ebe Mon Sep 17 00:00:00 2001
+From: Ting Liu <b28495@freescale.com>
+Date: Wed, 19 Dec 2012 04:39:57 -0600
+Subject: [PATCH] eglibc: run libm-err-tab.pl with specific dirs in ${S}
+
+libm-err-tab.pl will parse all the files named "libm-test-ulps"
+in the given dir recursively. To avoid parsing the one in
+${S}/.pc/ (it does exist after eglibc adds aarch64 support,
+${S}/.pc/aarch64-0001-glibc-fsf-v1-eaf6f205.patch/ports/sysdeps/
+aarch64/libm-test-ulps), run libm-err-tab.pl with specific dirs
+in ${S}.
+
+Upstream-Status: inappropriate [OE specific]
+
+Signed-off-by: Ting Liu <b28495@freescale.com>
+---
+ manual/Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/manual/Makefile b/manual/Makefile
+index e83444341e..aa2645bc55 100644
+--- a/manual/Makefile
++++ b/manual/Makefile
+@@ -103,7 +103,8 @@ $(objpfx)stamp-libm-err: $(..)math/gen-libm-test.py \
+ 			 $(wildcard $(foreach dir,$(sysdirs),\
+ 						  $(dir)/libm-test-ulps))
+ 	pwd=`pwd`; \
+-	$(PYTHON) $< -s $$pwd/.. -m $(objpfx)libm-err-tmp
++	$(PYTHON) $< -s $$pwd/../ports -m $(objpfx)libm-err-tmp
++	$(PYTHON) $< -s $$pwd/../sysdeps -m $(objpfx)libm-err-tmp
+ 	$(move-if-change) $(objpfx)libm-err-tmp $(objpfx)libm-err.texi
+ 	touch $@
+ 
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch
new file mode 100644
index 000000000..7f362cace
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch
@@ -0,0 +1,58 @@
+From 4b0d41a315e66f688fef7b0c2e2b6ce9fa16ec93 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:24:46 +0000
+Subject: [PATCH] __ieee754_sqrt{,f} are now inline functions and call out
+ __slow versions
+
+Upstream-Status: Pending
+
+Signed-off-by: chunrong guo <B40290@freescale.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c  | 6 +++---
+ sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c | 4 ++--
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+index 1c34244bd8..7038a70b47 100644
+--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrt.c
+@@ -41,10 +41,10 @@ static const float half = 0.5;
+ 
+ #ifdef __STDC__
+ double
+-__ieee754_sqrt (double b)
++__slow_ieee754_sqrt (double b)
+ #else
+ double
+-__ieee754_sqrt (b)
++__slow_ieee754_sqrt (b)
+      double b;
+ #endif
+ {
+@@ -83,7 +83,7 @@ __ieee754_sqrt (b)
+ 
+           /* Handle small numbers by scaling.  */
+           if (__builtin_expect ((u.parts.msw & 0x7ff00000) <= 0x02000000, 0))
+-            return __ieee754_sqrt (b * two108) * twom54;
++            return __slow_ieee754_sqrt (b * two108) * twom54;
+ 
+ #define FMADD(a_, c_, b_)                                               \
+           ({ double __r;                                                \
+diff --git a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+index 812653558f..10de1f0cc3 100644
+--- a/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
++++ b/sysdeps/powerpc/powerpc32/e6500/fpu/e_sqrtf.c
+@@ -39,10 +39,10 @@ static const float threehalf = 1.5;
+ 
+ #ifdef __STDC__
+ float
+-__ieee754_sqrtf (float b)
++__slow_ieee754_sqrtf (float b)
+ #else
+ float
+-__ieee754_sqrtf (b)
++__slow_ieee754_sqrtf (b)
+      float b;
+ #endif
+ {
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch
new file mode 100644
index 000000000..4da0e003c
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch
@@ -0,0 +1,39 @@
+From c062a462fee53a30a85d693c8288b5bd8fe4ec6e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:27:10 +0000
+Subject: [PATCH] sysdeps/gnu/configure.ac: handle correctly
+ $libc_cv_rootsbindir
+
+Upstream-Status:Pending
+
+Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/gnu/configure    | 2 +-
+ sysdeps/gnu/configure.ac | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sysdeps/gnu/configure b/sysdeps/gnu/configure
+index c15d1087e8..37cc983f2a 100644
+--- a/sysdeps/gnu/configure
++++ b/sysdeps/gnu/configure
+@@ -32,6 +32,6 @@ case "$prefix" in
+   else
+     libc_cv_localstatedir=$localstatedir
+    fi
+-  libc_cv_rootsbindir=/sbin
++  test -n "$libc_cv_rootsbindir" || libc_cv_rootsbindir=/sbin
+   ;;
+ esac
+diff --git a/sysdeps/gnu/configure.ac b/sysdeps/gnu/configure.ac
+index 634fe4de2a..3db1697f4f 100644
+--- a/sysdeps/gnu/configure.ac
++++ b/sysdeps/gnu/configure.ac
+@@ -21,6 +21,6 @@ case "$prefix" in
+   else
+     libc_cv_localstatedir=$localstatedir
+    fi
+-  libc_cv_rootsbindir=/sbin
++  test -n "$libc_cv_rootsbindir" || libc_cv_rootsbindir=/sbin
+   ;;
+ esac
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch
new file mode 100644
index 000000000..15e83f891
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0015-yes-within-the-path-sets-wrong-config-variables.patch
@@ -0,0 +1,260 @@
+From 0bd39d8907953f18e01742f42b24647ac7689d0a Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:31:06 +0000
+Subject: [PATCH] 'yes' within the path sets wrong config variables
+
+It seems that the 'AC_EGREP_CPP(yes...' example is quite popular
+but being such a short word to grep it is likely to produce
+false-positive matches with the path it is configured into.
+
+The change is to use a more elaborated string to grep for.
+
+Upstream-Status: Submitted [libc-alpha@sourceware.org]
+
+Signed-off-by: Benjamin Esquivel <benjamin.esquivel@linux.intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/aarch64/configure                              | 4 ++--
+ sysdeps/aarch64/configure.ac                           | 4 ++--
+ sysdeps/arm/configure                                  | 4 ++--
+ sysdeps/arm/configure.ac                               | 4 ++--
+ sysdeps/mips/configure                                 | 4 ++--
+ sysdeps/mips/configure.ac                              | 4 ++--
+ sysdeps/nios2/configure                                | 4 ++--
+ sysdeps/nios2/configure.ac                             | 4 ++--
+ sysdeps/unix/sysv/linux/mips/configure                 | 4 ++--
+ sysdeps/unix/sysv/linux/mips/configure.ac              | 4 ++--
+ sysdeps/unix/sysv/linux/powerpc/powerpc64/configure    | 8 ++++----
+ sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac | 8 ++++----
+ 12 files changed, 28 insertions(+), 28 deletions(-)
+
+diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure
+index 83c3a23e44..a68c946277 100644
+--- a/sysdeps/aarch64/configure
++++ b/sysdeps/aarch64/configure
+@@ -157,12 +157,12 @@ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ #ifdef __AARCH64EB__
+-                      yes
++                      is_aarch64_be
+                      #endif
+ 
+ _ACEOF
+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+-  $EGREP "yes" >/dev/null 2>&1; then :
++  $EGREP "is_aarch64_be" >/dev/null 2>&1; then :
+   libc_cv_aarch64_be=yes
+ else
+   libc_cv_aarch64_be=no
+diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac
+index 66f755078a..a32b265bbe 100644
+--- a/sysdeps/aarch64/configure.ac
++++ b/sysdeps/aarch64/configure.ac
+@@ -17,8 +17,8 @@ AC_DEFINE(SUPPORT_STATIC_PIE)
+ # the dynamic linker via %ifdef.
+ AC_CACHE_CHECK([for big endian],
+   [libc_cv_aarch64_be],
+-  [AC_EGREP_CPP(yes,[#ifdef __AARCH64EB__
+-                      yes
++  [AC_EGREP_CPP(is_aarch64_be,[#ifdef __AARCH64EB__
++                      is_aarch64_be
+                      #endif
+   ], libc_cv_aarch64_be=yes, libc_cv_aarch64_be=no)])
+ if test $libc_cv_aarch64_be = yes; then
+diff --git a/sysdeps/arm/configure b/sysdeps/arm/configure
+index 431e843b2b..e152461138 100644
+--- a/sysdeps/arm/configure
++++ b/sysdeps/arm/configure
+@@ -151,12 +151,12 @@ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ #ifdef __ARM_PCS_VFP
+-		      yes
++		      use_arm_pcs_vfp
+ 		     #endif
+ 
+ _ACEOF
+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+-  $EGREP "yes" >/dev/null 2>&1; then :
++  $EGREP "use_arm_pcs_vfp" >/dev/null 2>&1; then :
+   libc_cv_arm_pcs_vfp=yes
+ else
+   libc_cv_arm_pcs_vfp=no
+diff --git a/sysdeps/arm/configure.ac b/sysdeps/arm/configure.ac
+index 90cdd69c75..05a262ba00 100644
+--- a/sysdeps/arm/configure.ac
++++ b/sysdeps/arm/configure.ac
+@@ -15,8 +15,8 @@ AC_DEFINE(PI_STATIC_AND_HIDDEN)
+ # the dynamic linker via %ifdef.
+ AC_CACHE_CHECK([whether the compiler is using the ARM hard-float ABI],
+   [libc_cv_arm_pcs_vfp],
+-  [AC_EGREP_CPP(yes,[#ifdef __ARM_PCS_VFP
+-		      yes
++  [AC_EGREP_CPP(use_arm_pcs_vfp,[#ifdef __ARM_PCS_VFP
++		      use_arm_pcs_vfp
+ 		     #endif
+   ], libc_cv_arm_pcs_vfp=yes, libc_cv_arm_pcs_vfp=no)])
+ if test $libc_cv_arm_pcs_vfp = yes; then
+diff --git a/sysdeps/mips/configure b/sysdeps/mips/configure
+index 4e13248c03..f14af952d0 100644
+--- a/sysdeps/mips/configure
++++ b/sysdeps/mips/configure
+@@ -143,11 +143,11 @@ else
+ /* end confdefs.h.  */
+ dnl
+ #ifdef __mips_nan2008
+-yes
++use_mips_nan2008
+ #endif
+ _ACEOF
+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+-  $EGREP "yes" >/dev/null 2>&1; then :
++  $EGREP "use_mips_nan2008" >/dev/null 2>&1; then :
+   libc_cv_mips_nan2008=yes
+ else
+   libc_cv_mips_nan2008=no
+diff --git a/sysdeps/mips/configure.ac b/sysdeps/mips/configure.ac
+index bcbdaffd9f..ad3057f4cc 100644
+--- a/sysdeps/mips/configure.ac
++++ b/sysdeps/mips/configure.ac
+@@ -6,9 +6,9 @@ dnl position independent way.
+ dnl AC_DEFINE(PI_STATIC_AND_HIDDEN)
+ 
+ AC_CACHE_CHECK([whether the compiler is using the 2008 NaN encoding],
+-  libc_cv_mips_nan2008, [AC_EGREP_CPP(yes, [dnl
++  libc_cv_mips_nan2008, [AC_EGREP_CPP(use_mips_nan2008, [dnl
+ #ifdef __mips_nan2008
+-yes
++use_mips_nan2008
+ #endif], libc_cv_mips_nan2008=yes, libc_cv_mips_nan2008=no)])
+ if test x$libc_cv_mips_nan2008 = xyes; then
+   AC_DEFINE(HAVE_MIPS_NAN2008)
+diff --git a/sysdeps/nios2/configure b/sysdeps/nios2/configure
+index 14c8a3a014..dde3814ef2 100644
+--- a/sysdeps/nios2/configure
++++ b/sysdeps/nios2/configure
+@@ -142,12 +142,12 @@ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ #ifdef __nios2_big_endian__
+-                      yes
++                      is_nios2_be
+                      #endif
+ 
+ _ACEOF
+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+-  $EGREP "yes" >/dev/null 2>&1; then :
++  $EGREP "is_nios2_be" >/dev/null 2>&1; then :
+   libc_cv_nios2_be=yes
+ else
+   libc_cv_nios2_be=no
+diff --git a/sysdeps/nios2/configure.ac b/sysdeps/nios2/configure.ac
+index f05f43802b..dc8639902d 100644
+--- a/sysdeps/nios2/configure.ac
++++ b/sysdeps/nios2/configure.ac
+@@ -4,8 +4,8 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
+ # Nios II big endian is not yet supported.
+ AC_CACHE_CHECK([for big endian],
+   [libc_cv_nios2_be],
+-  [AC_EGREP_CPP(yes,[#ifdef __nios2_big_endian__
+-                      yes
++  [AC_EGREP_CPP(is_nios2_be,[#ifdef __nios2_big_endian__
++                      is_nios2_be
+                      #endif
+   ], libc_cv_nios2_be=yes, libc_cv_nios2_be=no)])
+ if test $libc_cv_nios2_be = yes; then
+diff --git a/sysdeps/unix/sysv/linux/mips/configure b/sysdeps/unix/sysv/linux/mips/configure
+index f25f2a3a65..1b7483e6c6 100644
+--- a/sysdeps/unix/sysv/linux/mips/configure
++++ b/sysdeps/unix/sysv/linux/mips/configure
+@@ -414,11 +414,11 @@ else
+ /* end confdefs.h.  */
+ dnl
+ #ifdef __mips_nan2008
+-yes
++use_mips_nan2008
+ #endif
+ _ACEOF
+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+-  $EGREP "yes" >/dev/null 2>&1; then :
++  $EGREP "use_mips_nan2008" >/dev/null 2>&1; then :
+   libc_cv_mips_nan2008=yes
+ else
+   libc_cv_mips_nan2008=no
+diff --git a/sysdeps/unix/sysv/linux/mips/configure.ac b/sysdeps/unix/sysv/linux/mips/configure.ac
+index 049a0f4bdf..005526d4e8 100644
+--- a/sysdeps/unix/sysv/linux/mips/configure.ac
++++ b/sysdeps/unix/sysv/linux/mips/configure.ac
+@@ -105,9 +105,9 @@ AC_COMPILE_IFELSE(
+ LIBC_CONFIG_VAR([mips-mode-switch],[${libc_mips_mode_switch}])
+ 
+ AC_CACHE_CHECK([whether the compiler is using the 2008 NaN encoding],
+-  libc_cv_mips_nan2008, [AC_EGREP_CPP(yes, [dnl
++  libc_cv_mips_nan2008, [AC_EGREP_CPP(use_mips_nan2008, [dnl
+ #ifdef __mips_nan2008
+-yes
++use_mips_nan2008
+ #endif], libc_cv_mips_nan2008=yes, libc_cv_mips_nan2008=no)])
+ 
+ libc_mips_nan=
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure b/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure
+index ae7f254da4..874519000b 100644
+--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure
+@@ -155,12 +155,12 @@ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ #if _CALL_ELF == 2
+-                      yes
++                      use_ppc_elfv2_abi
+                      #endif
+ 
+ _ACEOF
+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+-  $EGREP "yes" >/dev/null 2>&1; then :
++  $EGREP "use_ppc_elfv2_abi" >/dev/null 2>&1; then :
+   libc_cv_ppc64_elfv2_abi=yes
+ else
+   libc_cv_ppc64_elfv2_abi=no
+@@ -188,12 +188,12 @@ else
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h.  */
+ #ifdef _CALL_ELF
+-                         yes
++                         is_def_call_elf
+                        #endif
+ 
+ _ACEOF
+ if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+-  $EGREP "yes" >/dev/null 2>&1; then :
++  $EGREP "is_def_call_elf" >/dev/null 2>&1; then :
+   libc_cv_ppc64_def_call_elf=yes
+ else
+   libc_cv_ppc64_def_call_elf=no
+diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac b/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac
+index f9cba6e15d..b21f72f1e4 100644
+--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac
++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/configure.ac
+@@ -6,8 +6,8 @@ LIBC_SLIBDIR_RTLDDIR([lib64], [lib64])
+ # Define default-abi according to compiler flags.
+ AC_CACHE_CHECK([whether the compiler is using the PowerPC64 ELFv2 ABI],
+   [libc_cv_ppc64_elfv2_abi],
+-  [AC_EGREP_CPP(yes,[#if _CALL_ELF == 2
+-                      yes
++  [AC_EGREP_CPP(use_ppc_elfv2_abi,[#if _CALL_ELF == 2
++                      use_ppc_elfv2_abi
+                      #endif
+   ], libc_cv_ppc64_elfv2_abi=yes, libc_cv_ppc64_elfv2_abi=no)])
+ if test $libc_cv_ppc64_elfv2_abi = yes; then
+@@ -19,8 +19,8 @@ else
+   # Compiler that do not support ELFv2 ABI does not define _CALL_ELF
+   AC_CACHE_CHECK([whether the compiler defines _CALL_ELF],
+     [libc_cv_ppc64_def_call_elf],
+-    [AC_EGREP_CPP(yes,[#ifdef _CALL_ELF
+-                         yes
++    [AC_EGREP_CPP(is_def_call_elf,[#ifdef _CALL_ELF
++                         is_def_call_elf
+                        #endif
+     ], libc_cv_ppc64_def_call_elf=yes, libc_cv_ppc64_def_call_elf=no)])
+   if test $libc_cv_ppc64_def_call_elf = no; then
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch
new file mode 100644
index 000000000..79bd70415
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0016-timezone-re-written-tzselect-as-posix-sh.patch
@@ -0,0 +1,42 @@
+From 3feb4213628f1485000ffe1d3fd26e37a7b14336 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:33:03 +0000
+Subject: [PATCH] timezone: re-written tzselect as posix sh
+
+To avoid the bash dependency.
+
+Upstream-Status: Pending
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ timezone/Makefile     | 2 +-
+ timezone/tzselect.ksh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/timezone/Makefile b/timezone/Makefile
+index 395abfeebd..2d939edf75 100644
+--- a/timezone/Makefile
++++ b/timezone/Makefile
+@@ -123,7 +123,7 @@ $(testdata)/XT%: testdata/XT%
+ 	cp $< $@
+ 
+ $(objpfx)tzselect: tzselect.ksh $(common-objpfx)config.make
+-	sed -e 's|/bin/bash|$(BASH)|' \
++	sed -e 's|/bin/bash|/bin/sh|' \
+ 	    -e 's|TZDIR=[^}]*|TZDIR=$(zonedir)|' \
+ 	    -e '/TZVERSION=/s|see_Makefile|"$(version)"|' \
+ 	    -e '/PKGVERSION=/s|=.*|="$(PKGVERSION)"|' \
+diff --git a/timezone/tzselect.ksh b/timezone/tzselect.ksh
+index 18fce27e24..70745f9d36 100755
+--- a/timezone/tzselect.ksh
++++ b/timezone/tzselect.ksh
+@@ -34,7 +34,7 @@ REPORT_BUGS_TO=tz@iana.org
+ 
+ # Specify default values for environment variables if they are unset.
+ : ${AWK=awk}
+-: ${TZDIR=`pwd`}
++: ${TZDIR=$(pwd)}
+ 
+ # Output one argument as-is to standard output.
+ # Safer than 'echo', which can mishandle '\' or leading '-'.
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch
new file mode 100644
index 000000000..c32d70b59
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0017-Remove-bash-dependency-for-nscd-init-script.patch
@@ -0,0 +1,72 @@
+From f6119b98a9caa80642d69a97edc98f57ecef5c3c Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 31 Dec 2015 14:33:02 -0800
+Subject: [PATCH] Remove bash dependency for nscd init script
+
+The nscd init script uses #! /bin/bash but only really uses one bashism
+(translated strings), so remove them and switch the shell to #!/bin/sh.
+
+Upstream-Status: Pending
+
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ nscd/nscd.init | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/nscd/nscd.init b/nscd/nscd.init
+index a882da7d8b..b02986ec15 100644
+--- a/nscd/nscd.init
++++ b/nscd/nscd.init
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ #
+ # nscd:		Starts the Name Switch Cache Daemon
+ #
+@@ -49,7 +49,7 @@ prog=nscd
+ start () {
+     [ -d /var/run/nscd ] || mkdir /var/run/nscd
+     [ -d /var/db/nscd ] || mkdir /var/db/nscd
+-    echo -n $"Starting $prog: "
++    echo -n "Starting $prog: "
+     daemon /usr/sbin/nscd
+     RETVAL=$?
+     echo
+@@ -58,7 +58,7 @@ start () {
+ }
+ 
+ stop () {
+-    echo -n $"Stopping $prog: "
++    echo -n "Stopping $prog: "
+     /usr/sbin/nscd -K
+     RETVAL=$?
+     if [ $RETVAL -eq 0 ]; then
+@@ -67,9 +67,9 @@ stop () {
+ 	# a non-privileged user
+ 	rm -f /var/run/nscd/nscd.pid
+ 	rm -f /var/run/nscd/socket
+-       	success $"$prog shutdown"
++	success "$prog shutdown"
+     else
+-       	failure $"$prog shutdown"
++	failure "$prog shutdown"
+     fi
+     echo
+     return $RETVAL
+@@ -103,13 +103,13 @@ case "$1" in
+ 	RETVAL=$?
+ 	;;
+     force-reload | reload)
+-    	echo -n $"Reloading $prog: "
++	echo -n "Reloading $prog: "
+ 	killproc /usr/sbin/nscd -HUP
+ 	RETVAL=$?
+ 	echo
+ 	;;
+     *)
+-	echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}"
++	echo "Usage: $0 {start|stop|status|restart|reload|condrestart}"
+ 	RETVAL=1
+ 	;;
+ esac
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch
new file mode 100644
index 000000000..826e5af46
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0018-eglibc-Cross-building-and-testing-instructions.patch
@@ -0,0 +1,616 @@
+From 060ba13b5ac5e90517d540f009ebdcdcf62f9685 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:42:58 +0000
+Subject: [PATCH] eglibc: Cross building and testing instructions
+
+Ported from eglibc
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ GLIBC.cross-building | 383 +++++++++++++++++++++++++++++++++++++++++++
+ GLIBC.cross-testing  | 205 +++++++++++++++++++++++
+ 2 files changed, 588 insertions(+)
+ create mode 100644 GLIBC.cross-building
+ create mode 100644 GLIBC.cross-testing
+
+diff --git a/GLIBC.cross-building b/GLIBC.cross-building
+new file mode 100644
+index 0000000000..e6e0da1aaf
+--- /dev/null
++++ b/GLIBC.cross-building
+@@ -0,0 +1,383 @@
++                                                        -*- mode: text -*-
++
++                        Cross-Compiling GLIBC
++                  Jim Blandy <jimb@codesourcery.com>
++
++
++Introduction
++
++Most GNU tools have a simple build procedure: you run their
++'configure' script, and then you run 'make'.  Unfortunately, the
++process of cross-compiling the GNU C library is quite a bit more
++involved:
++
++1) Build a cross-compiler, with certain facilities disabled.
++
++2) Configure the C library using the compiler you built in step 1).
++   Build a few of the C run-time object files, but not the rest of the
++   library.  Install the library's header files and the run-time
++   object files, and create a dummy libc.so.
++
++3) Build a second cross-compiler, using the header files and object
++   files you installed in step 2.
++
++4) Configure, build, and install a fresh C library, using the compiler
++   built in step 3.
++
++5) Build a third cross-compiler, based on the C library built in step 4.
++
++The reason for this complexity is that, although GCC and the GNU C
++library are distributed separately, they are not actually independent
++of each other: GCC requires the C library's headers and some object
++files to compile its own libraries, while the C library depends on
++GCC's libraries.  GLIBC includes features and bug fixes to the stock
++GNU C library that simplify this process, but the fundamental
++interdependency stands.
++
++In this document, we explain how to cross-compile an GLIBC/GCC pair
++from source.  Our intended audience is developers who are already
++familiar with the GNU toolchain and comfortable working with
++cross-development tools.  While we do present a worked example to
++accompany the explanation, for clarity's sake we do not cover many of
++the options available to cross-toolchain users.
++
++
++Preparation
++
++GLIBC requires recent versions of the GNU binutils, GCC, and the
++Linux kernel.  The web page <http://www.eglibc.org/prerequisites>
++documents the current requirements, and lists patches needed for
++certain target architectures.  As of this writing, these build
++instructions have been tested with binutils 2.22.51, GCC 4.6.2,
++and Linux 3.1.
++
++First, let's set some variables, to simplify later commands.  We'll
++build GLIBC and GCC for an ARM target, known to the Linux kernel
++as 'arm', and we'll do the build on an Intel x86_64 Linux box:
++
++    $ build=x86_64-pc-linux-gnu
++    $ host=$build
++    $ target=arm-none-linux-gnueabi
++    $ linux_arch=arm
++
++We're using the aforementioned versions of Binutils, GCC, and Linux:
++
++    $ binutilsv=binutils-2.22.51
++    $ gccv=gcc-4.6.2
++    $ linuxv=linux-3.1
++
++We're carrying out the entire process under '~/cross-build', which
++contains unpacked source trees for binutils, gcc, and linux kernel,
++along with GLIBC svn trunk (which can be checked-out with
++'svn co http://www.eglibc.org/svn/trunk eglibc'):
++
++    $ top=$HOME/cross-build/$target
++    $ src=$HOME/cross-build/src
++    $ ls $src
++    binutils-2.22.51  glibc  gcc-4.6.2  linux-3.1
++
++We're going to place our build directories in a subdirectory 'obj',
++we'll install the cross-development toolchain in 'tools', and we'll
++place our sysroot (containing files to be installed on the target
++system) in 'sysroot':
++
++    $ obj=$top/obj
++    $ tools=$top/tools
++    $ sysroot=$top/sysroot
++
++
++Binutils
++
++Configuring and building binutils for the target is straightforward:
++
++    $ mkdir -p $obj/binutils
++    $ cd $obj/binutils
++    $ $src/$binutilsv/configure \
++    >     --target=$target \
++    >     --prefix=$tools \
++    >     --with-sysroot=$sysroot
++    $ make
++    $ make install
++
++
++The First GCC
++
++For our work, we need a cross-compiler targeting an ARM Linux
++system.  However, that configuration includes the shared library
++'libgcc_s.so', which is compiled against the GLIBC headers (which we
++haven't installed yet) and linked against 'libc.so' (which we haven't
++built yet).
++
++Fortunately, there are configuration options for GCC which tell it not
++to build 'libgcc_s.so'.  The '--without-headers' option is supposed to
++take care of this, but its implementation is incomplete, so you must
++also configure with the '--with-newlib' option.  While '--with-newlib'
++appears to mean "Use the Newlib C library", its effect is to tell the
++GCC build machinery, "Don't assume there is a C library available."
++
++We also need to disable some of the libraries that would normally be
++built along with GCC, and specify that only the compiler for the C
++language is needed.
++
++So, we create a build directory, configure, make, and install.
++
++    $ mkdir -p $obj/gcc1
++    $ cd $obj/gcc1
++    $ $src/$gccv/configure \
++    >     --target=$target \
++    >     --prefix=$tools \
++    >     --without-headers --with-newlib \
++    >     --disable-shared --disable-threads --disable-libssp \
++    >     --disable-libgomp --disable-libmudflap --disable-libquadmath \
++    >     --disable-decimal-float --disable-libffi \
++    >     --enable-languages=c
++    $ PATH=$tools/bin:$PATH make
++    $ PATH=$tools/bin:$PATH make install
++
++
++Linux Kernel Headers
++
++To configure GLIBC, we also need Linux kernel headers in place.
++Fortunately, the Linux makefiles have a target that installs them for
++us.  Since the process does modify the source tree a bit, we make a
++copy first:
++
++    $ cp -r $src/$linuxv $obj/linux
++    $ cd $obj/linux
++
++Now we're ready to install the headers into the sysroot:
++
++    $ PATH=$tools/bin:$PATH \
++    > make headers_install \
++    >      ARCH=$linux_arch CROSS_COMPILE=$target- \
++    >      INSTALL_HDR_PATH=$sysroot/usr
++
++
++GLIBC Headers and Preliminary Objects
++
++Using the cross-compiler we've just built, we can now configure GLIBC
++well enough to install the headers and build the object files that the
++full cross-compiler will need:
++
++    $ mkdir -p $obj/glibc-headers
++    $ cd $obj/glibc-headers
++    $ BUILD_CC=gcc \
++    > CC=$tools/bin/$target-gcc \
++    > CXX=$tools/bin/$target-g++ \
++    > AR=$tools/bin/$target-ar \
++    > RANLIB=$tools/bin/$target-ranlib \
++    > $src/glibc/libc/configure \
++    >     --prefix=/usr \
++    >     --with-headers=$sysroot/usr/include \
++    >     --build=$build \
++    >     --host=$target \
++    >     --disable-profile --without-gd --without-cvs \
++    >     --enable-add-ons=nptl,libidn,../ports
++
++The option '--prefix=/usr' may look strange, but you should never
++configure GLIBC with a prefix other than '/usr': in various places,
++GLIBC's build system checks whether the prefix is '/usr', and does
++special handling only if that is the case.  Unless you use this
++prefix, you will get a sysroot that does not use the standard Linux
++directory layouts and cannot be used as a basis for the root
++filesystem on your target system compatibly with normal GLIBC
++installations.
++
++The '--with-headers' option tells GLIBC where the Linux headers have
++been installed.
++
++The '--enable-add-ons=nptl,libidn,../ports' option tells GLIBC to look
++for the listed glibc add-ons. Most notably the ports add-on (located
++just above the libc sources in the GLIBC svn tree) is required to
++support ARM targets.
++
++We can now use the 'install-headers' makefile target to install the
++headers:
++
++    $ make install-headers install_root=$sysroot \
++    >                      install-bootstrap-headers=yes
++
++The 'install_root' variable indicates where the files should actually
++be installed; its value is treated as the parent of the '--prefix'
++directory we passed to the configure script, so the headers will go in
++'$sysroot/usr/include'.  The 'install-bootstrap-headers' variable
++requests special handling for certain tricky header files.
++
++Next, there are a few object files needed to link shared libraries,
++which we build and install by hand:
++
++    $ mkdir -p $sysroot/usr/lib
++    $ make csu/subdir_lib
++    $ cp csu/crt1.o csu/crti.o csu/crtn.o $sysroot/usr/lib
++
++Finally, 'libgcc_s.so' requires a 'libc.so' to link against.  However,
++since we will never actually execute its code, it doesn't matter what
++it contains.  So, treating '/dev/null' as a C source file, we produce
++a dummy 'libc.so' in one step:
++
++    $ $tools/bin/$target-gcc -nostdlib -nostartfiles -shared -x c /dev/null \
++    >                        -o $sysroot/usr/lib/libc.so
++
++
++The Second GCC
++
++With the GLIBC headers and selected object files installed, we can
++now build a GCC that is capable of compiling GLIBC.  We configure,
++build, and install the second GCC, again building only the C compiler,
++and avoiding libraries we won't use:
++
++    $ mkdir -p $obj/gcc2
++    $ cd $obj/gcc2
++    $ $src/$gccv/configure \
++    >     --target=$target \
++    >     --prefix=$tools \
++    >     --with-sysroot=$sysroot \
++    >     --disable-libssp --disable-libgomp --disable-libmudflap \
++    >     --disable-libffi --disable-libquadmath \
++    >     --enable-languages=c
++    $ PATH=$tools/bin:$PATH make
++    $ PATH=$tools/bin:$PATH make install
++
++
++GLIBC, Complete
++
++With the second compiler built and installed, we're now ready for the
++full GLIBC build:
++
++    $ mkdir -p $obj/glibc
++    $ cd $obj/glibc
++    $ BUILD_CC=gcc \
++    > CC=$tools/bin/$target-gcc \
++    > CXX=$tools/bin/$target-g++ \
++    > AR=$tools/bin/$target-ar \
++    > RANLIB=$tools/bin/$target-ranlib \
++    > $src/glibc/libc/configure \
++    >     --prefix=/usr \
++    >     --with-headers=$sysroot/usr/include \
++    >     --with-kconfig=$obj/linux/scripts/kconfig \
++    >     --build=$build \
++    >     --host=$target \
++    >     --disable-profile --without-gd --without-cvs \
++    >     --enable-add-ons=nptl,libidn,../ports
++
++Note the additional '--with-kconfig' option. This tells GLIBC where to
++find the host config tools used by the kernel 'make config' and 'make
++menuconfig'.  These tools can be re-used by GLIBC for its own 'make
++*config' support, which will create 'option-groups.config' for you.
++But first make sure those tools have been built by running some
++dummy 'make *config' calls in the kernel directory:
++
++    $ cd $obj/linux
++    $ PATH=$tools/bin:$PATH make config \
++    >      ARCH=$linux_arch CROSS_COMPILE=$target- \
++    $ PATH=$tools/bin:$PATH make menuconfig \
++    >      ARCH=$linux_arch CROSS_COMPILE=$target- \
++
++Now we can configure and build the full GLIBC:
++
++    $ cd $obj/glibc
++    $ PATH=$tools/bin:$PATH make defconfig
++    $ PATH=$tools/bin:$PATH make menuconfig
++    $ PATH=$tools/bin:$PATH make
++    $ PATH=$tools/bin:$PATH make install install_root=$sysroot
++
++At this point, we have a complete GLIBC installation in '$sysroot',
++with header files, library files, and most of the C runtime startup
++files in place.
++
++
++The Third GCC
++
++Finally, we recompile GCC against this full installation, enabling
++whatever languages and libraries we would like to use:
++
++    $ mkdir -p $obj/gcc3
++    $ cd $obj/gcc3
++    $ $src/$gccv/configure \
++    >     --target=$target \
++    >     --prefix=$tools \
++    >     --with-sysroot=$sysroot \
++    >     --enable-__cxa_atexit \
++    >     --disable-libssp --disable-libgomp --disable-libmudflap \
++    >     --enable-languages=c,c++
++    $ PATH=$tools/bin:$PATH make
++    $ PATH=$tools/bin:$PATH make install
++
++The '--enable-__cxa_atexit' option tells GCC what sort of C++
++destructor support to expect from the C library; it's required with
++GLIBC.
++
++And since GCC's installation process isn't designed to help construct
++sysroot trees, we must manually copy certain libraries into place in
++the sysroot.
++
++    $ cp -d $tools/$target/lib/libgcc_s.so* $sysroot/lib
++    $ cp -d $tools/$target/lib/libstdc++.so* $sysroot/usr/lib
++
++
++Trying Things Out
++
++At this point, '$tools' contains a cross toolchain ready to use
++the GLIBC installation in '$sysroot':
++
++    $ cat > hello.c <<EOF
++    > #include <stdio.h>
++    > int
++    > main (int argc, char **argv)
++    > {
++    >   puts ("Hello, world!");
++    >   return 0;
++    > }
++    > EOF
++    $ $tools/bin/$target-gcc -Wall hello.c -o hello
++    $ cat > c++-hello.cc <<EOF
++    > #include <iostream>
++    > int
++    > main (int argc, char **argv)
++    > {
++    >   std::cout << "Hello, C++ world!" << std::endl;
++    >   return 0;
++    > }
++    > EOF
++    $ $tools/bin/$target-g++ -Wall c++-hello.cc -o c++-hello
++
++
++We can use 'readelf' to verify that these are indeed executables for
++our target, using our dynamic linker:
++
++    $ $tools/bin/$target-readelf -hl hello
++    ELF Header:
++    ...
++      Type:                              EXEC (Executable file)
++      Machine:                           ARM
++
++    ...
++    Program Headers:
++      Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
++      PHDR           0x000034 0x10000034 0x10000034 0x00100 0x00100 R E 0x4
++      INTERP         0x000134 0x00008134 0x00008134 0x00013 0x00013 R   0x1
++          [Requesting program interpreter: /lib/ld-linux.so.3]
++      LOAD           0x000000 0x00008000 0x00008000 0x0042c 0x0042c R E 0x8000
++    ...
++
++Looking at the dynamic section of the installed 'libgcc_s.so', we see
++that the 'NEEDED' entry for the C library does include the '.6'
++suffix, indicating that was linked against our fully build GLIBC, and
++not our dummy 'libc.so':
++
++    $ $tools/bin/$target-readelf -d $sysroot/lib/libgcc_s.so.1
++    Dynamic section at offset 0x1083c contains 24 entries:
++      Tag        Type                         Name/Value
++     0x00000001 (NEEDED)                     Shared library: [libc.so.6]
++     0x0000000e (SONAME)                     Library soname: [libgcc_s.so.1]
++    ...
++
++
++And on the target machine, we can run our programs:
++
++    $ $sysroot/lib/ld.so.1 --library-path $sysroot/lib:$sysroot/usr/lib \
++    > ./hello
++    Hello, world!
++    $ $sysroot/lib/ld.so.1 --library-path $sysroot/lib:$sysroot/usr/lib \
++    > ./c++-hello
++    Hello, C++ world!
+diff --git a/GLIBC.cross-testing b/GLIBC.cross-testing
+new file mode 100644
+index 0000000000..b67b468466
+--- /dev/null
++++ b/GLIBC.cross-testing
+@@ -0,0 +1,205 @@
++                                                        -*- mode: text -*-
++
++                      Cross-Testing With GLIBC
++                  Jim Blandy <jimb@codesourcery.com>
++
++
++Introduction
++
++Developers writing software for embedded systems often use a desktop
++or other similarly capable computer for development, but need to run
++tests on the embedded system, or perhaps on a simulator.  When
++configured for cross-compilation, the stock GNU C library simply
++disables running tests altogether: the command 'make tests' builds
++test programs, but does not run them.  GLIBC, however, provides
++facilities for compiling tests and generating data files on the build
++system, but running the test programs themselves on a remote system or
++simulator.
++
++
++Test environment requirements
++
++The test environment must meet certain conditions for GLIBC's
++cross-testing facilities to work:
++
++- Shared filesystems.  The 'build' system, on which you configure and
++  compile GLIBC, and the 'host' system, on which you intend to run
++  GLIBC, must share a filesystem containing the GLIBC build and
++  source trees.  Files must appear at the same paths on both systems.
++
++- Remote-shell like invocation.  There must be a way to run a program
++  on the host system from the build system, passing it properly quoted
++  command-line arguments, setting environment variables, and
++  inheriting the caller's standard input and output.
++
++
++Usage
++
++To use GLIBC's cross-testing support, provide values for the
++following Make variables when you invoke 'make':
++
++- cross-test-wrapper
++
++  This should be the name of the cross-testing wrapper command, along
++  with any arguments.
++
++- cross-localedef
++
++  This should be the name of a cross-capable localedef program, like
++  that included in the GLIBC 'localedef' module, along with any
++  arguments needed.
++
++These are each explained in detail below.
++
++
++The Cross-Testing Wrapper
++
++To run test programs reliably, the stock GNU C library takes care to
++ensure that test programs use the newly compiled dynamic linker and
++shared libraries, and never the host system's installed libraries.  To
++accomplish this, it runs the tests by explicitly invoking the dynamic
++linker from the build tree, passing it a list of build tree
++directories to search for shared libraries, followed by the name of
++the executable to run and its arguments.
++
++For example, where one might normally run a test program like this:
++
++    $ ./tst-foo arg1 arg2
++
++the GNU C library might run that program like this:
++
++    $ $objdir/elf/ld-linux.so.3 --library-path $objdir \
++      ./tst-foo arg1 arg2
++
++(where $objdir is the path to the top of the build tree, and the
++trailing backslash indicates a continuation of the command).  In other
++words, each test program invocation is 'wrapped up' inside an explicit
++invocation of the dynamic linker, which must itself execute the test
++program, having loaded shared libraries from the appropriate
++directories.
++
++To support cross-testing, GLIBC allows the developer to optionally
++set the 'cross-test-wrapper' Make variable to another wrapper command,
++to which it passes the entire dynamic linker invocation shown above as
++arguments.  For example, if the developer supplies a wrapper of
++'my-wrapper hostname', then GLIBC would run the test above as
++follows:
++
++    $ my-wrapper hostname \
++      $objdir/elf/ld-linux.so.3 --library-path $objdir \
++      ./tst-foo arg1 arg2
++
++The 'my-wrapper' command is responsible for executing the command
++given on the host system.
++
++Since tests are run in varying directories, the wrapper should either
++be in your command search path, or 'cross-test-wrapper' should give an
++absolute path for the wrapper.
++
++The wrapper must meet several requirements:
++
++- It must preserve the current directory.  As explained above, the
++  build directory tree must be visible on both the build and host
++  systems, at the same path.  The test wrapper must ensure that the
++  current directory it inherits is also inherited by the dynamic
++  linker (and thus the test program itself).
++
++- It must preserve environment variables' values.  Many GLIBC tests
++  set environment variables for test runs; in native testing, it
++  invokes programs like this:
++
++    $ GCONV_PATH=$objdir/iconvdata \
++      $objdir/elf/ld-linux.so.3 --library-path $objdir \
++      ./tst-foo arg1 arg2
++
++  With the cross-testing wrapper, that invocation becomes:
++
++    $ GCONV_PATH=$objdir/iconvdata \
++      my-wrapper hostname \
++      $objdir/elf/ld-linux.so.3 --library-path $objdir \
++      ./tst-foo arg1 arg2
++
++  Here, 'my-wrapper' must ensure that the value it sees for
++  'GCONV_PATH' will be seen by the dynamic linker, and thus 'tst-foo'
++  itself.  (The wrapper supplied with GLIBC simply preserves the
++  values of *all* enviroment variables, with a fixed set of
++  exceptions.)
++
++  If your wrapper is a shell script, take care to correctly propagate
++  environment variables whose values contain spaces and shell
++  metacharacters.
++
++- It must pass the command's arguments, unmodified.  The arguments
++  seen by the test program should be exactly those seen by the wrapper
++  (after whatever arguments are given to the wrapper itself).  The
++  GLIBC test framework performs all needed shell word splitting and
++  expansion (wildcard expansion, parameter substitution, and so on)
++  before invoking the wrapper; further expansion may break the tests.
++
++
++The 'cross-test-ssh.sh' script
++
++If you want to use 'ssh' (or something sufficiently similar) to run
++test programs on your host system, GLIBC includes a shell script,
++'scripts/cross-test-ssh.sh', which you can use as your wrapper
++command.  This script takes care of setting the test command's current
++directory, propagating environment variable values, and carrying
++command-line arguments, all across an 'ssh' connection.  You may even
++supply an alternative to 'ssh' on the command line, if needed.
++
++For more details, pass 'cross-test-ssh.sh' the '--help' option.
++
++
++The Cross-Compiling Locale Definition Command
++
++Some GLIBC tests rely on locales generated especially for the test
++process.  In a native configuration, these tests simply run the
++'localedef' command built by the normal GLIBC build process,
++'locale/localedef', to process and install their locales.  However, in
++a cross-compiling configuration, this 'localedef' is built for the
++host system, not the build system, and since it requires quite a bit
++of memory to run (we have seen it fail on systems with 64MiB of
++memory), it may not be practical to run it on the host system.
++
++If set, GLIBC uses the 'cross-localedef' Make variable as the command
++to run on the build system to process and install locales.  The
++localedef program built from the GLIBC 'localedef' module is
++suitable.
++
++The value of 'cross-localedef' may also include command-line arguments
++to be passed to the program; if you are using GLIBC's 'localedef',
++you may include endianness and 'uint32_t' alignment arguments here.
++
++
++Example
++
++In developing GLIBC's cross-testing facility, we invoked 'make' with
++the following script:
++
++    #!/bin/sh
++
++    srcdir=...
++    test_hostname=...
++    localedefdir=...
++    cross_gxx=...-g++
++
++    wrapper="$srcdir/scripts/cross-test-ssh.sh $test_hostname"
++    localedef="$localedefdir/localedef --little-endian --uint32-align=4"
++
++    make cross-test-wrapper="$wrapper" \
++         cross-localedef="$localedef" \
++         CXX="$cross_gxx" \
++         "$@"
++
++
++Other Cross-Testing Concerns
++
++Here are notes on some other issues which you may encounter in running
++the GLIBC tests in a cross-compiling environment:
++
++- Some tests require a C++ cross-compiler; you should set the 'CXX'
++  Make variable to the name of an appropriate cross-compiler.
++
++- Some tests require access to libstdc++.so.6 and libgcc_s.so.1; we
++  simply place copies of these libraries in the top GLIBC build
++  directory.
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch
new file mode 100644
index 000000000..afac2e04f
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0019-eglibc-Help-bootstrap-cross-toolchain.patch
@@ -0,0 +1,97 @@
+From f13c2f525e9bc82ce13e4cf486f7fe0831fc3fac Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:49:28 +0000
+Subject: [PATCH] eglibc: Help bootstrap cross toolchain
+
+Taken from EGLIBC, r1484 + r1525
+
+        2007-02-20  Jim Blandy  <jimb@codesourcery.com>
+
+                * Makefile (install-headers): Preserve old behavior: depend on
+                $(inst_includedir)/gnu/stubs.h only if install-bootstrap-headers
+                is set; otherwise, place gnu/stubs.h on the 'install-others' list.
+
+        2007-02-16  Jim Blandy  <jimb@codesourcery.com>
+
+                * Makefile: Amend make install-headers to install everything
+                necessary for building a cross-compiler.  Install gnu/stubs.h as
+                part of 'install-headers', not 'install-others'.
+                If install-bootstrap-headers is 'yes', install a dummy copy of
+                gnu/stubs.h, instead of computing the real thing.
+                * include/stubs-bootstrap.h: New file.
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ Makefile                  | 22 +++++++++++++++++++++-
+ include/stubs-bootstrap.h | 12 ++++++++++++
+ 2 files changed, 33 insertions(+), 1 deletion(-)
+ create mode 100644 include/stubs-bootstrap.h
+
+diff --git a/Makefile b/Makefile
+index 50f99ca611..31eed15f02 100644
+--- a/Makefile
++++ b/Makefile
+@@ -79,9 +79,18 @@ subdir-dirs = include
+ vpath %.h $(subdir-dirs)
+ 
+ # What to install.
+-install-others = $(inst_includedir)/gnu/stubs.h
+ install-bin-script =
+ 
++# If we're bootstrapping, install a dummy gnu/stubs.h along with the
++# other headers, so 'make install-headers' produces a useable include
++# tree.  Otherwise, install gnu/stubs.h later, after the rest of the
++# build is done.
++ifeq ($(install-bootstrap-headers),yes)
++install-headers: $(inst_includedir)/gnu/stubs.h
++else
++install-others = $(inst_includedir)/gnu/stubs.h
++endif
++
+ ifeq (yes,$(build-shared))
+ headers += gnu/lib-names.h
+ endif
+@@ -416,6 +425,16 @@ others: $(common-objpfx)testrun.sh $(common-objpfx)debugglibc.sh
+ 
+ subdir-stubs := $(foreach dir,$(subdirs),$(common-objpfx)$(dir)/stubs)
+ 
++# gnu/stubs.h depends (via the subdir 'stubs' targets) on all the .o
++# files in EGLIBC.  For bootstrapping a GCC/EGLIBC pair, an empty
++# gnu/stubs.h is good enough.
++ifeq ($(install-bootstrap-headers),yes)
++$(inst_includedir)/gnu/stubs.h: include/stubs-bootstrap.h $(+force)
++	$(make-target-directory)
++	$(INSTALL_DATA) $< $@
++
++installed-stubs =
++else
+ ifndef abi-variants
+ installed-stubs = $(inst_includedir)/gnu/stubs.h
+ else
+@@ -442,6 +461,7 @@ $(inst_includedir)/gnu/stubs.h: $(+force)
+ 
+ install-others-nosubdir: $(installed-stubs)
+ endif
++endif
+ 
+ 
+ # Since stubs.h is never needed when building the library, we simplify the
+diff --git a/include/stubs-bootstrap.h b/include/stubs-bootstrap.h
+new file mode 100644
+index 0000000000..1d2b669aff
+--- /dev/null
++++ b/include/stubs-bootstrap.h
+@@ -0,0 +1,12 @@
++/* Placeholder stubs.h file for bootstrapping.
++
++   When bootstrapping a GCC/EGLIBC pair, GCC requires that the EGLIBC
++   headers be installed, but we can't fully build EGLIBC without that
++   GCC.  So we run the command:
++
++      make install-headers install-bootstrap-headers=yes
++
++   to install the headers GCC needs, but avoid building certain
++   difficult headers.  The <gnu/stubs.h> header depends, via the
++   EGLIBC subdir 'stubs' make targets, on every .o file in EGLIBC, but
++   an empty stubs.h like this will do fine for GCC.  */
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0020-eglibc-Resolve-__fpscr_values-on-SH4.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0020-eglibc-Resolve-__fpscr_values-on-SH4.patch
new file mode 100644
index 000000000..9a610c670
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0020-eglibc-Resolve-__fpscr_values-on-SH4.patch
@@ -0,0 +1,53 @@
+From 330c4e50e28e29c31fb8d6ab39cdbb2af4d3def7 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:55:53 +0000
+Subject: [PATCH] eglibc: Resolve __fpscr_values on SH4
+
+2010-09-29  Nobuhiro Iwamatsu  <iwamatsu@nigauri.org>
+            Andrew Stubbs  <ams@codesourcery.com>
+
+        Resolve SH's __fpscr_values to symbol in libc.so.
+
+        * sysdeps/sh/sh4/fpu/fpu_control.h: Add C++ __set_fpscr prototype.
+        * sysdeps/unix/sysv/linux/sh/Versions (GLIBC_2.2): Add __fpscr_values.
+        * sysdeps/unix/sysv/linux/sh/sysdep.S (___fpscr_values): New constant.
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/unix/sysv/linux/sh/Versions |  1 +
+ sysdeps/unix/sysv/linux/sh/sysdep.S | 11 +++++++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/sysdeps/unix/sysv/linux/sh/Versions b/sysdeps/unix/sysv/linux/sh/Versions
+index e0938c4165..ca1d7da339 100644
+--- a/sysdeps/unix/sysv/linux/sh/Versions
++++ b/sysdeps/unix/sysv/linux/sh/Versions
+@@ -2,6 +2,7 @@ libc {
+   GLIBC_2.2 {
+     # functions used in other libraries
+     __xstat64; __fxstat64; __lxstat64;
++    __fpscr_values;
+ 
+     # a*
+     alphasort64;
+diff --git a/sysdeps/unix/sysv/linux/sh/sysdep.S b/sysdeps/unix/sysv/linux/sh/sysdep.S
+index a18fbb2e8b..59421bfbb0 100644
+--- a/sysdeps/unix/sysv/linux/sh/sysdep.S
++++ b/sysdeps/unix/sysv/linux/sh/sysdep.S
+@@ -30,3 +30,14 @@ ENTRY (__syscall_error)
+ 
+ #define __syscall_error __syscall_error_1
+ #include <sysdeps/unix/sh/sysdep.S>
++
++       .data
++       .align 3
++       .globl ___fpscr_values
++       .type ___fpscr_values, @object
++       .size ___fpscr_values, 8
++___fpscr_values:
++       .long 0
++       .long 0x80000
++weak_alias (___fpscr_values, __fpscr_values)
++
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0021-eglibc-Forward-port-cross-locale-generation-support.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0021-eglibc-Forward-port-cross-locale-generation-support.patch
new file mode 100644
index 000000000..0b2f020fd
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0021-eglibc-Forward-port-cross-locale-generation-support.patch
@@ -0,0 +1,560 @@
+From 557ed640b26bd208ce8d4a6fd725b124893668d7 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 01:33:49 +0000
+Subject: [PATCH] eglibc: Forward port cross locale generation support
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ locale/Makefile               |  3 +-
+ locale/catnames.c             | 46 +++++++++++++++++++++++++++
+ locale/localeinfo.h           |  2 +-
+ locale/programs/charmap-dir.c |  6 ++++
+ locale/programs/ld-collate.c  | 17 +++++-----
+ locale/programs/ld-ctype.c    | 27 ++++++++--------
+ locale/programs/ld-time.c     | 31 ++++++++++++------
+ locale/programs/linereader.c  |  2 +-
+ locale/programs/localedef.c   |  8 +++++
+ locale/programs/locfile.c     |  5 ++-
+ locale/programs/locfile.h     | 59 +++++++++++++++++++++++++++++++++--
+ locale/setlocale.c            | 29 -----------------
+ 12 files changed, 167 insertions(+), 68 deletions(-)
+ create mode 100644 locale/catnames.c
+
+diff --git a/locale/Makefile b/locale/Makefile
+index b7c60681fa..07c606cde3 100644
+--- a/locale/Makefile
++++ b/locale/Makefile
+@@ -26,7 +26,8 @@ headers		= langinfo.h locale.h bits/locale.h \
+ 		  bits/types/locale_t.h bits/types/__locale_t.h
+ routines	= setlocale findlocale loadlocale loadarchive \
+ 		  localeconv nl_langinfo nl_langinfo_l mb_cur_max \
+-		  newlocale duplocale freelocale uselocale
++		  newlocale duplocale freelocale uselocale \
++		  catnames
+ tests		= tst-C-locale tst-locname tst-duplocale
+ tests-container	= tst-localedef-path-norm
+ categories	= ctype messages monetary numeric time paper name \
+diff --git a/locale/catnames.c b/locale/catnames.c
+new file mode 100644
+index 0000000000..538f3f5edb
+--- /dev/null
++++ b/locale/catnames.c
+@@ -0,0 +1,46 @@
++/* Copyright (C) 2006  Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, write to the Free
++   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++   02111-1307 USA.  */
++
++#include "localeinfo.h"
++
++/* Define an array of category names (also the environment variable names).  */
++const struct catnamestr_t _nl_category_names attribute_hidden =
++  {
++#define DEFINE_CATEGORY(category, category_name, items, a) \
++    category_name,
++#include "categories.def"
++#undef DEFINE_CATEGORY
++  };
++
++const uint8_t _nl_category_name_idxs[__LC_LAST] attribute_hidden =
++  {
++#define DEFINE_CATEGORY(category, category_name, items, a) \
++    [category] = offsetof (struct catnamestr_t, CATNAMEMF (__LINE__)),
++#include "categories.def"
++#undef DEFINE_CATEGORY
++  };
++
++/* An array of their lengths, for convenience.  */
++const uint8_t _nl_category_name_sizes[] attribute_hidden =
++  {
++#define DEFINE_CATEGORY(category, category_name, items, a) \
++    [category] = sizeof (category_name) - 1,
++#include "categories.def"
++#undef	DEFINE_CATEGORY
++    [LC_ALL] = sizeof ("LC_ALL") - 1
++  };
+diff --git a/locale/localeinfo.h b/locale/localeinfo.h
+index 22f9dc1140..fa31b3c5ea 100644
+--- a/locale/localeinfo.h
++++ b/locale/localeinfo.h
+@@ -230,7 +230,7 @@ __libc_tsd_define (extern, locale_t, LOCALE)
+    unused.  We can manage this playing some tricks with weak references.
+    But with thread-local locale settings, it becomes quite ungainly unless
+    we can use __thread variables.  So only in that case do we attempt this.  */
+-#ifndef SHARED
++#if !defined SHARED && !defined IN_GLIBC_LOCALEDEF
+ # include <tls.h>
+ # define NL_CURRENT_INDIRECT	1
+ #endif
+diff --git a/locale/programs/charmap-dir.c b/locale/programs/charmap-dir.c
+index 4841bfd05d..ffcba1fd79 100644
+--- a/locale/programs/charmap-dir.c
++++ b/locale/programs/charmap-dir.c
+@@ -18,7 +18,9 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <libintl.h>
++#ifndef NO_UNCOMPRESS
+ #include <spawn.h>
++#endif
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -154,6 +156,7 @@ charmap_closedir (CHARMAP_DIR *cdir)
+   return closedir (dir);
+ }
+ 
++#ifndef NO_UNCOMPRESS
+ /* Creates a subprocess decompressing the given pathname, and returns
+    a stream reading its output (the decompressed data).  */
+ static
+@@ -202,6 +205,7 @@ fopen_uncompressed (const char *pathname, const char *compressor)
+     }
+   return NULL;
+ }
++#endif
+ 
+ /* Opens a charmap for reading, given its name (not an alias name).  */
+ FILE *
+@@ -224,6 +228,7 @@ charmap_open (const char *directory, const char *name)
+   if (stream != NULL)
+     return stream;
+ 
++#ifndef NO_UNCOMPRESS
+   memcpy (p, ".gz", 4);
+   stream = fopen_uncompressed (pathname, "gzip");
+   if (stream != NULL)
+@@ -233,6 +238,7 @@ charmap_open (const char *directory, const char *name)
+   stream = fopen_uncompressed (pathname, "bzip2");
+   if (stream != NULL)
+     return stream;
++#endif
+ 
+   return NULL;
+ }
+diff --git a/locale/programs/ld-collate.c b/locale/programs/ld-collate.c
+index 0af21e05e2..4980b0c52f 100644
+--- a/locale/programs/ld-collate.c
++++ b/locale/programs/ld-collate.c
+@@ -349,7 +349,7 @@ new_element (struct locale_collate_t *collate, const char *mbs, size_t mbslen,
+     }
+   if (wcs != NULL)
+     {
+-      size_t nwcs = wcslen ((wchar_t *) wcs);
++      size_t nwcs = wcslen_uint32 (wcs);
+       uint32_t zero = 0;
+       /* Handle <U0000> as a single character.  */
+       if (nwcs == 0)
+@@ -1772,8 +1772,7 @@ symbol `%s' has the same encoding as"), (*eptr)->name);
+ 
+ 	      if ((*eptr)->nwcs == runp->nwcs)
+ 		{
+-		  int c = wmemcmp ((wchar_t *) (*eptr)->wcs,
+-				   (wchar_t *) runp->wcs, runp->nwcs);
++		  int c = wmemcmp_uint32 ((*eptr)->wcs, runp->wcs, runp->nwcs);
+ 
+ 		  if (c == 0)
+ 		    {
+@@ -2000,9 +1999,9 @@ add_to_tablewc (uint32_t ch, struct element_t *runp)
+ 	     one consecutive entry.  */
+ 	  if (runp->wcnext != NULL
+ 	      && runp->nwcs == runp->wcnext->nwcs
+-	      && wmemcmp ((wchar_t *) runp->wcs,
+-			  (wchar_t *)runp->wcnext->wcs,
+-			  runp->nwcs - 1) == 0
++	      && wmemcmp_uint32 (runp->wcs,
++				 runp->wcnext->wcs,
++				 runp->nwcs - 1) == 0
+ 	      && (runp->wcs[runp->nwcs - 1]
+ 		  == runp->wcnext->wcs[runp->nwcs - 1] + 1))
+ 	    {
+@@ -2026,9 +2025,9 @@ add_to_tablewc (uint32_t ch, struct element_t *runp)
+ 		runp = runp->wcnext;
+ 	      while (runp->wcnext != NULL
+ 		     && runp->nwcs == runp->wcnext->nwcs
+-		     && wmemcmp ((wchar_t *) runp->wcs,
+-				 (wchar_t *)runp->wcnext->wcs,
+-				 runp->nwcs - 1) == 0
++		     && wmemcmp_uint32 (runp->wcs,
++					runp->wcnext->wcs,
++					runp->nwcs - 1) == 0
+ 		     && (runp->wcs[runp->nwcs - 1]
+ 			 == runp->wcnext->wcs[runp->nwcs - 1] + 1));
+ 
+diff --git a/locale/programs/ld-ctype.c b/locale/programs/ld-ctype.c
+index 2fb579bbbf..d0be99581c 100644
+--- a/locale/programs/ld-ctype.c
++++ b/locale/programs/ld-ctype.c
+@@ -915,7 +915,7 @@ ctype_output (struct localedef_t *locale, const struct charmap_t *charmap,
+   allocate_arrays (ctype, charmap, ctype->repertoire);
+ 
+   default_missing_len = (ctype->default_missing
+-			 ? wcslen ((wchar_t *) ctype->default_missing)
++			 ? wcslen_uint32 (ctype->default_missing)
+ 			 : 0);
+ 
+   init_locale_data (&file, nelems);
+@@ -1927,7 +1927,7 @@ read_translit_entry (struct linereader *ldfile, struct locale_ctype_t *ctype,
+ 	    ignore = 1;
+ 	  else
+ 	    /* This value is usable.  */
+-	    obstack_grow (ob, to_wstr, wcslen ((wchar_t *) to_wstr) * 4);
++	    obstack_grow (ob, to_wstr, wcslen_uint32 (to_wstr) * 4);
+ 
+ 	  first = 0;
+ 	}
+@@ -2461,8 +2461,8 @@ with character code range values one must use the absolute ellipsis `...'"));
+ 	    }
+ 
+ 	handle_tok_digit:
+-	  class_bit = _ISwdigit;
+-	  class256_bit = _ISdigit;
++	  class_bit = BITw (tok_digit);
++	  class256_bit = BIT (tok_digit);
+ 	  handle_digits = 1;
+ 	  goto read_charclass;
+ 
+@@ -3904,8 +3904,7 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap,
+ 
+ 	  while (idx < number)
+ 	    {
+-	      int res = wcscmp ((const wchar_t *) sorted[idx]->from,
+-				(const wchar_t *) runp->from);
++	      int res = wcscmp_uint32 (sorted[idx]->from, runp->from);
+ 	      if (res == 0)
+ 		{
+ 		  replace = 1;
+@@ -3942,11 +3941,11 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap,
+       for (size_t cnt = 0; cnt < number; ++cnt)
+ 	{
+ 	  struct translit_to_t *srunp;
+-	  from_len += wcslen ((const wchar_t *) sorted[cnt]->from) + 1;
++	  from_len += wcslen_uint32 (sorted[cnt]->from) + 1;
+ 	  srunp = sorted[cnt]->to;
+ 	  while (srunp != NULL)
+ 	    {
+-	      to_len += wcslen ((const wchar_t *) srunp->str) + 1;
++	      to_len += wcslen_uint32 (srunp->str) + 1;
+ 	      srunp = srunp->next;
+ 	    }
+ 	  /* Plus one for the extra NUL character marking the end of
+@@ -3970,18 +3969,18 @@ allocate_arrays (struct locale_ctype_t *ctype, const struct charmap_t *charmap,
+ 	  ctype->translit_from_idx[cnt] = from_len;
+ 	  ctype->translit_to_idx[cnt] = to_len;
+ 
+-	  len = wcslen ((const wchar_t *) sorted[cnt]->from) + 1;
+-	  wmemcpy ((wchar_t *) &ctype->translit_from_tbl[from_len],
+-		   (const wchar_t *) sorted[cnt]->from, len);
++	  len = wcslen_uint32 (sorted[cnt]->from) + 1;
++	  wmemcpy_uint32 (&ctype->translit_from_tbl[from_len],
++			  sorted[cnt]->from, len);
+ 	  from_len += len;
+ 
+ 	  ctype->translit_to_idx[cnt] = to_len;
+ 	  srunp = sorted[cnt]->to;
+ 	  while (srunp != NULL)
+ 	    {
+-	      len = wcslen ((const wchar_t *) srunp->str) + 1;
+-	      wmemcpy ((wchar_t *) &ctype->translit_to_tbl[to_len],
+-		       (const wchar_t *) srunp->str, len);
++	      len = wcslen_uint32 (srunp->str) + 1;
++	      wmemcpy_uint32 (&ctype->translit_to_tbl[to_len],
++			      srunp->str, len);
+ 	      to_len += len;
+ 	      srunp = srunp->next;
+ 	    }
+diff --git a/locale/programs/ld-time.c b/locale/programs/ld-time.c
+index dcd2a2386d..6814740325 100644
+--- a/locale/programs/ld-time.c
++++ b/locale/programs/ld-time.c
+@@ -220,8 +220,10 @@ No definition for %s category found"), "LC_TIME");
+ 	}
+       else
+ 	{
++	  static const uint32_t wt_fmt_ampm[]
++	    = { '%','I',':','%','M',':','%','S',' ','%','p',0 };
+ 	  time->t_fmt_ampm = "%I:%M:%S %p";
+-	  time->wt_fmt_ampm = (const uint32_t *) L"%I:%M:%S %p";
++	  time->wt_fmt_ampm = wt_fmt_ampm;
+ 	}
+     }
+ 
+@@ -231,7 +233,7 @@ No definition for %s category found"), "LC_TIME");
+       const int days_per_month[12] = { 31, 29, 31, 30, 31, 30,
+ 				       31, 31, 30, 31 ,30, 31 };
+       size_t idx;
+-      wchar_t *wstr;
++      uint32_t *wstr;
+ 
+       time->era_entries =
+ 	(struct era_data *) xmalloc (time->num_era
+@@ -457,18 +459,18 @@ No definition for %s category found"), "LC_TIME");
+ 	    }
+ 
+ 	  /* Now generate the wide character name and format.  */
+-	  wstr = wcschr ((wchar_t *) time->wera[idx], L':');/* end direction */
+-	  wstr = wstr ? wcschr (wstr + 1, L':') : NULL;	/* end offset */
+-	  wstr = wstr ? wcschr (wstr + 1, L':') : NULL;	/* end start */
+-	  wstr = wstr ? wcschr (wstr + 1, L':') : NULL;	/* end end */
++	  wstr = wcschr_uint32 (time->wera[idx], L':'); /* end direction */
++	  wstr = wstr ? wcschr_uint32 (wstr + 1, L':') : NULL; /* end offset */
++	  wstr = wstr ? wcschr_uint32 (wstr + 1, L':') : NULL; /* end start */
++	  wstr = wstr ? wcschr_uint32 (wstr + 1, L':') : NULL; /* end end */
+ 	  if (wstr != NULL)
+ 	    {
+-	      time->era_entries[idx].wname = (uint32_t *) wstr + 1;
+-	      wstr = wcschr (wstr + 1, L':');	/* end name */
++	      time->era_entries[idx].wname = wstr + 1;
++	      wstr = wcschr_uint32 (wstr + 1, L':'); /* end name */
+ 	      if (wstr != NULL)
+ 		{
+ 		  *wstr = L'\0';
+-		  time->era_entries[idx].wformat = (uint32_t *) wstr + 1;
++		  time->era_entries[idx].wformat = wstr + 1;
+ 		}
+ 	      else
+ 		time->era_entries[idx].wname =
+@@ -527,7 +529,16 @@ No definition for %s category found"), "LC_TIME");
+   if (time->date_fmt == NULL)
+     time->date_fmt = "%a %b %e %H:%M:%S %Z %Y";
+   if (time->wdate_fmt == NULL)
+-    time->wdate_fmt = (const uint32_t *) L"%a %b %e %H:%M:%S %Z %Y";
++    {
++      static const uint32_t wdate_fmt[] =
++	{ '%','a',' ',
++	  '%','b',' ',
++	  '%','e',' ',
++	  '%','H',':','%','M',':','%','S',' ',
++	  '%','Z',' ',
++	  '%','Y',0 };
++      time->wdate_fmt = wdate_fmt;
++    }
+ }
+ 
+ 
+diff --git a/locale/programs/linereader.c b/locale/programs/linereader.c
+index 96d3ab66db..3af379d2c3 100644
+--- a/locale/programs/linereader.c
++++ b/locale/programs/linereader.c
+@@ -595,7 +595,7 @@ get_string (struct linereader *lr, const struct charmap_t *charmap,
+ {
+   int return_widestr = lr->return_widestr;
+   char *buf;
+-  wchar_t *buf2 = NULL;
++  uint32_t *buf2 = NULL;
+   size_t bufact;
+   size_t bufmax = 56;
+ 
+diff --git a/locale/programs/localedef.c b/locale/programs/localedef.c
+index 832c8fd1fc..fe689b3ae1 100644
+--- a/locale/programs/localedef.c
++++ b/locale/programs/localedef.c
+@@ -109,6 +109,7 @@ void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version;
+ #define OPT_NO_WARN 402
+ #define OPT_WARN 403
+ #define OPT_NO_HARD_LINKS 404
++#define OPT_UINT32_ALIGN 405
+ 
+ /* Definitions of arguments for argp functions.  */
+ static const struct argp_option options[] =
+@@ -153,6 +154,8 @@ static const struct argp_option options[] =
+     N_("Generate little-endian output") },
+   { "big-endian", OPT_BIG_ENDIAN, NULL, 0,
+     N_("Generate big-endian output") },
++  { "uint32-align", OPT_UINT32_ALIGN, "ALIGNMENT", 0,
++    N_("Set the target's uint32_t alignment in bytes (default 4)") },
+   { NULL, 0, NULL, 0, NULL }
+ };
+ 
+@@ -243,12 +246,14 @@ main (int argc, char *argv[])
+      ctype locale.  (P1003.2 4.35.5.2)  */
+   setlocale (LC_CTYPE, "POSIX");
+ 
++#ifndef NO_SYSCONF
+   /* Look whether the system really allows locale definitions.  POSIX
+      defines error code 3 for this situation so I think it must be
+      a fatal error (see P1003.2 4.35.8).  */
+   if (sysconf (_SC_2_LOCALEDEF) < 0)
+     record_error (3, 0, _("\
+ FATAL: system does not define `_POSIX2_LOCALEDEF'"));
++#endif
+ 
+   /* Process charmap file.  */
+   charmap = charmap_read (charmap_file, verbose, 1, be_quiet, 1);
+@@ -400,6 +405,9 @@ parse_opt (int key, char *arg, struct argp_state *state)
+       /* Do not hard link to other locales.  */
+       hard_links = false;
+       break;
++    case OPT_UINT32_ALIGN:
++      uint32_align_mask = strtol (arg, NULL, 0) - 1;
++      break;
+     case 'c':
+       force_output = 1;
+       break;
+diff --git a/locale/programs/locfile.c b/locale/programs/locfile.c
+index 0f1affa1d4..7d86fae801 100644
+--- a/locale/programs/locfile.c
++++ b/locale/programs/locfile.c
+@@ -544,6 +544,9 @@ compare_files (const char *filename1, const char *filename2, size_t size,
+    machine running localedef.  */
+ bool swap_endianness_p;
+ 
++/* The target's value of __align__(uint32_t) - 1.  */
++unsigned int uint32_align_mask = 3;
++
+ /* When called outside a start_locale_structure/end_locale_structure
+    or start_locale_prelude/end_locale_prelude block, record that the
+    next byte in FILE's obstack will be the first byte of a new element.
+@@ -621,7 +624,7 @@ add_locale_string (struct locale_file *file, const char *string)
+ void
+ add_locale_wstring (struct locale_file *file, const uint32_t *string)
+ {
+-  add_locale_uint32_array (file, string, wcslen ((const wchar_t *) string) + 1);
++  add_locale_uint32_array (file, string, wcslen_uint32 (string) + 1);
+ }
+ 
+ /* Record that FILE's next element is the 32-bit integer VALUE.  */
+diff --git a/locale/programs/locfile.h b/locale/programs/locfile.h
+index c986d599ec..222a779176 100644
+--- a/locale/programs/locfile.h
++++ b/locale/programs/locfile.h
+@@ -71,6 +71,8 @@ extern void write_all_categories (struct localedef_t *definitions,
+ 
+ extern bool swap_endianness_p;
+ 
++extern unsigned int uint32_align_mask;
++
+ /* Change the output to be big-endian if BIG_ENDIAN is true and
+    little-endian otherwise.  */
+ static inline void
+@@ -89,7 +91,8 @@ maybe_swap_uint32 (uint32_t value)
+ }
+ 
+ /* Likewise, but munge an array of N uint32_ts starting at ARRAY.  */
+-static inline void
++static void
++__attribute__ ((unused))
+ maybe_swap_uint32_array (uint32_t *array, size_t n)
+ {
+   if (swap_endianness_p)
+@@ -99,7 +102,8 @@ maybe_swap_uint32_array (uint32_t *array, size_t n)
+ 
+ /* Like maybe_swap_uint32_array, but the array of N elements is at
+    the end of OBSTACK's current object.  */
+-static inline void
++static void
++__attribute__ ((unused))
+ maybe_swap_uint32_obstack (struct obstack *obstack, size_t n)
+ {
+   maybe_swap_uint32_array ((uint32_t *) obstack_next_free (obstack) - n, n);
+@@ -276,4 +280,55 @@ extern void identification_output (struct localedef_t *locale,
+ 				   const struct charmap_t *charmap,
+ 				   const char *output_path);
+ 
++static size_t wcslen_uint32 (const uint32_t *str) __attribute__ ((unused));
++static uint32_t * wmemcpy_uint32 (uint32_t *s1, const uint32_t *s2, size_t n) __attribute__ ((unused));
++static uint32_t * wcschr_uint32 (const uint32_t *s, uint32_t ch) __attribute__ ((unused));
++static int wcscmp_uint32 (const uint32_t *s1, const uint32_t *s2) __attribute__ ((unused));
++static int wmemcmp_uint32 (const uint32_t *s1, const uint32_t *s2, size_t n) __attribute__ ((unused));
++
++static size_t
++wcslen_uint32 (const uint32_t *str)
++{
++  size_t len = 0;
++  while (str[len] != 0)
++    len++;
++  return len;
++}
++
++static  int
++wmemcmp_uint32 (const uint32_t *s1, const uint32_t *s2, size_t n)
++{
++  while (n-- != 0)
++    {
++      int diff = *s1++ - *s2++;
++      if (diff != 0)
++	return diff;
++    }
++  return 0;
++}
++
++static int
++wcscmp_uint32 (const uint32_t *s1, const uint32_t *s2)
++{
++  while (*s1 != 0 && *s1 == *s2)
++    s1++, s2++;
++  return *s1 - *s2;
++}
++
++static uint32_t *
++wmemcpy_uint32 (uint32_t *s1, const uint32_t *s2, size_t n)
++{
++  return memcpy (s1, s2, n * sizeof (uint32_t));
++}
++
++static uint32_t *
++wcschr_uint32 (const uint32_t *s, uint32_t ch)
++{
++  do
++    if (*s == ch)
++      return (uint32_t *) s;
++  while (*s++ != 0);
++  return 0;
++}
++
+ #endif /* locfile.h */
+diff --git a/locale/setlocale.c b/locale/setlocale.c
+index 19ed85ae8e..f28ca11446 100644
+--- a/locale/setlocale.c
++++ b/locale/setlocale.c
+@@ -63,35 +63,6 @@ static char *const _nl_current_used[] =
+ 
+ #endif
+ 
+-
+-/* Define an array of category names (also the environment variable names).  */
+-const struct catnamestr_t _nl_category_names attribute_hidden =
+-  {
+-#define DEFINE_CATEGORY(category, category_name, items, a) \
+-    category_name,
+-#include "categories.def"
+-#undef DEFINE_CATEGORY
+-  };
+-
+-const uint8_t _nl_category_name_idxs[__LC_LAST] attribute_hidden =
+-  {
+-#define DEFINE_CATEGORY(category, category_name, items, a) \
+-    [category] = offsetof (struct catnamestr_t, CATNAMEMF (__LINE__)),
+-#include "categories.def"
+-#undef DEFINE_CATEGORY
+-  };
+-
+-/* An array of their lengths, for convenience.  */
+-const uint8_t _nl_category_name_sizes[] attribute_hidden =
+-  {
+-#define DEFINE_CATEGORY(category, category_name, items, a) \
+-    [category] = sizeof (category_name) - 1,
+-#include "categories.def"
+-#undef	DEFINE_CATEGORY
+-    [LC_ALL] = sizeof ("LC_ALL") - 1
+-  };
+-
+-
+ #ifdef NL_CURRENT_INDIRECT
+ # define WEAK_POSTLOAD(postload) weak_extern (postload)
+ #else
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0022-Define-DUMMY_LOCALE_T-if-not-defined.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0022-Define-DUMMY_LOCALE_T-if-not-defined.patch
new file mode 100644
index 000000000..33d912d35
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0022-Define-DUMMY_LOCALE_T-if-not-defined.patch
@@ -0,0 +1,29 @@
+From c8df3cf4556d8d78a98675865395ce42f3b67109 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 20 Apr 2016 21:11:00 -0700
+Subject: [PATCH] Define DUMMY_LOCALE_T if not defined
+
+This is a hack to fix building the locale bits on an older
+CentOs 5.X machine
+
+Upstream-Status: Inappropriate [other]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ locale/programs/config.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/locale/programs/config.h b/locale/programs/config.h
+index 2edcf3696c..5350101e38 100644
+--- a/locale/programs/config.h
++++ b/locale/programs/config.h
+@@ -19,6 +19,9 @@
+ #ifndef _LD_CONFIG_H
+ #define _LD_CONFIG_H	1
+ 
++#ifndef DUMMY_LOCALE_T
++#define DUMMY_LOCALE_T
++#endif
+ /* Use the internal textdomain used for libc messages.  */
+ #define PACKAGE _libc_intl_domainname
+ #ifndef VERSION
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch
new file mode 100644
index 000000000..a5a7a0cad
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch
@@ -0,0 +1,80 @@
+From 2ec233ce078b74030de9195096058cd502fdc395 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Aug 2018 09:42:06 -0700
+Subject: [PATCH] localedef --add-to-archive uses a hard-coded locale path
+
+it doesn't exist in normal use, and there's no way to pass an
+alternative filename.
+
+Add a fallback of $LOCALEARCHIVE from the environment, and allow
+creation of new locale archives that are not the system archive.
+
+Upstream-Status: Inappropriate (OE-specific)
+
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ locale/programs/locarchive.c | 35 +++++++++++++++++++++++++----------
+ 1 file changed, 25 insertions(+), 10 deletions(-)
+
+diff --git a/locale/programs/locarchive.c b/locale/programs/locarchive.c
+index 6bb189ae37..0711c5c44e 100644
+--- a/locale/programs/locarchive.c
++++ b/locale/programs/locarchive.c
+@@ -340,12 +340,24 @@ enlarge_archive (struct locarhandle *ah, const struct locarhead *head)
+   struct namehashent *oldnamehashtab;
+   struct locarhandle new_ah;
+   size_t prefix_len = output_prefix ? strlen (output_prefix) : 0;
+-  char archivefname[prefix_len + sizeof (ARCHIVE_NAME)];
+-  char fname[prefix_len + sizeof (ARCHIVE_NAME) + sizeof (".XXXXXX") - 1];
++  char *archivefname;
++  char *fname;
++  char *envarchive = getenv("LOCALEARCHIVE");
+ 
+-  if (output_prefix)
+-    memcpy (archivefname, output_prefix, prefix_len);
+-  strcpy (archivefname + prefix_len, ARCHIVE_NAME);
++  if (envarchive != NULL)
++    {
++      archivefname = xmalloc(strlen(envarchive) + 1);
++      fname = xmalloc(strlen(envarchive) + sizeof (".XXXXXX"));
++      strcpy (archivefname, envarchive);
++    }
++  else
++    {
++      archivefname = xmalloc(prefix_len + sizeof (ARCHIVE_NAME));
++      fname = xmalloc(prefix_len + sizeof (ARCHIVE_NAME) + sizeof (".XXXXXX") - 1);
++      if (output_prefix)
++        memcpy (archivefname, output_prefix, prefix_len);
++      strcpy (archivefname + prefix_len, ARCHIVE_NAME);
++    }
+   strcpy (stpcpy (fname, archivefname), ".XXXXXX");
+ 
+   /* Not all of the old file has to be mapped.  Change this now this
+@@ -569,10 +581,13 @@ open_archive (struct locarhandle *ah, bool readonly)
+   /* If ah has a non-NULL fname open that otherwise open the default.  */
+   if (archivefname == NULL)
+     {
+-      archivefname = default_fname;
+-      if (output_prefix)
+-        memcpy (default_fname, output_prefix, prefix_len);
+-      strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++      archivefname = getenv("LOCALEARCHIVE");
++      if (archivefname == NULL) {
++              archivefname = default_fname;
++              if (output_prefix)
++                memcpy (default_fname, output_prefix, prefix_len);
++              strcpy (default_fname + prefix_len, ARCHIVE_NAME);
++      }
+     }
+ 
+   while (1)
+@@ -585,7 +600,7 @@ open_archive (struct locarhandle *ah, bool readonly)
+ 	     the default locale archive we ignore the failure and
+ 	     list an empty archive, otherwise we print an error
+ 	     and exit.  */
+-	  if (errno == ENOENT && archivefname == default_fname)
++	  if (errno == ENOENT)
+ 	    {
+ 	      if (readonly)
+ 		{
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch
new file mode 100644
index 000000000..d2691e1ee
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch
@@ -0,0 +1,53 @@
+From f8289aa320b00f6db43213979cceab2325a7a611 Mon Sep 17 00:00:00 2001
+From: Mark Hatle <mark.hatle@windriver.com>
+Date: Thu, 18 Aug 2016 14:07:58 -0500
+Subject: [PATCH] elf/dl-deps.c: Make _dl_build_local_scope breadth first
+
+According to the ELF specification:
+
+When resolving symbolic references, the dynamic linker examines the symbol
+tables with a breadth-first search.
+
+This function was using a depth first search.  By doing so the conflict
+resolution reported to the prelinker (when LD_TRACE_PRELINKING=1 is set)
+was incorrect.  This caused problems when their were various circular
+dependencies between libraries.  The problem usually manifested itself by
+the wrong IFUNC being executed.
+
+[BZ# 20488]
+
+Upstream-Status: Submitted [libc-alpha]
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+---
+ elf/dl-deps.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/elf/dl-deps.c b/elf/dl-deps.c
+index 087a49b212..c09f9334f2 100644
+--- a/elf/dl-deps.c
++++ b/elf/dl-deps.c
+@@ -73,13 +73,19 @@ _dl_build_local_scope (struct link_map **list, struct link_map *map)
+ {
+   struct link_map **p = list;
+   struct link_map **q;
++  struct link_map **r;
+ 
+   *p++ = map;
+   map->l_reserved = 1;
+-  if (map->l_initfini)
+-    for (q = map->l_initfini + 1; *q; ++q)
+-      if (! (*q)->l_reserved)
+-	p += _dl_build_local_scope (p, *q);
++
++  for (r = list; r < p; ++r)
++    if ((*r)->l_initfini)
++      for (q = (*r)->l_initfini + 1; *q; ++q)
++	if (! (*q)->l_reserved)
++	  {
++	    *p++ = *q;
++	    (*q)->l_reserved = 1;
++	  }
+   return p - list;
+ }
+ 
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0025-intl-Emit-no-lines-in-bison-generated-files.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0025-intl-Emit-no-lines-in-bison-generated-files.patch
new file mode 100644
index 000000000..32f8fd22b
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0025-intl-Emit-no-lines-in-bison-generated-files.patch
@@ -0,0 +1,31 @@
+From 3156464f9a95bf1dafd2e22d19d7bf89c520acc1 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 3 Aug 2018 09:44:00 -0700
+Subject: [PATCH] intl: Emit no lines in bison generated files
+
+Improve reproducibility:
+Do not put any #line preprocessor commands in bison generated files.
+These lines contain absolute paths containing file locations on
+the host build machine.
+
+Upstream-Status: Pending
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ intl/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/intl/Makefile b/intl/Makefile
+index 93478d87e8..b27a7935eb 100644
+--- a/intl/Makefile
++++ b/intl/Makefile
+@@ -155,7 +155,7 @@ $(objpfx)tst-gettext6.out: $(objpfx)tst-gettext.out
+ 
+ CPPFLAGS += -D'LOCALEDIR="$(localedir)"' \
+ 	    -D'LOCALE_ALIAS_PATH="$(localedir)"'
+-BISONFLAGS = --yacc --name-prefix=__gettext --output
++BISONFLAGS = --yacc --no-lines --name-prefix=__gettext --output
+ 
+ $(inst_localedir)/locale.alias: locale.alias $(+force)
+ 	$(do-install)
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch
new file mode 100644
index 000000000..782d931f2
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch
@@ -0,0 +1,53 @@
+From 881f5b8134afd9a30049b93fc79dda7a44947a5f Mon Sep 17 00:00:00 2001
+From: Martin Jansa <martin.jansa@gmail.com>
+Date: Mon, 17 Dec 2018 21:36:18 +0000
+Subject: [PATCH] locale: prevent maybe-uninitialized errors with -Os [BZ
+ #19444]
+
+Fixes following error when building for aarch64 with -Os:
+| In file included from strcoll_l.c:43:
+| strcoll_l.c: In function '__strcoll_l':
+| ../locale/weight.h:31:26: error: 'seq2.back_us' may be used uninitialized in this function [-Werror=maybe-uninitialized]
+|    int_fast32_t i = table[*(*cpp)++];
+|                           ^~~~~~~~~
+| strcoll_l.c:304:18: note: 'seq2.back_us' was declared here
+|    coll_seq seq1, seq2;
+|                   ^~~~
+| In file included from strcoll_l.c:43:
+| ../locale/weight.h:31:26: error: 'seq1.back_us' may be used uninitialized in this function [-Werror=maybe-uninitialized]
+|    int_fast32_t i = table[*(*cpp)++];
+|                           ^~~~~~~~~
+| strcoll_l.c:304:12: note: 'seq1.back_us' was declared here
+|    coll_seq seq1, seq2;
+|             ^~~~
+
+        Partial fix for [BZ #19444]
+        * locale/weight.h: Fix build with -Os.
+
+Upstream-Status: Submitted [https://patchwork.ozlabs.org/patch/1014766]
+
+Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ locale/weight.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/locale/weight.h b/locale/weight.h
+index 723e1fefda..f5798d379a 100644
+--- a/locale/weight.h
++++ b/locale/weight.h
+@@ -28,7 +28,14 @@ findidx (const int32_t *table,
+ 	 const unsigned char *extra,
+ 	 const unsigned char **cpp, size_t len)
+ {
++  /* With GCC 8 when compiling with -Os the compiler warns that
++     seq1.back_us and seq2.back_us might be used uninitialized.
++     This uninitialized use is impossible for the same reason
++     as described in comments in locale/weightwc.h.  */
++  DIAG_PUSH_NEEDS_COMMENT;
++  DIAG_IGNORE_Os_NEEDS_COMMENT (8, "-Wmaybe-uninitialized");
+   int_fast32_t i = table[*(*cpp)++];
++  DIAG_POP_NEEDS_COMMENT;
+   const unsigned char *cp;
+   const unsigned char *usrc;
+ 
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch
new file mode 100644
index 000000000..d273cab4a
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch
@@ -0,0 +1,29 @@
+From b4e0a034b12b313dcb82d22341bef6a66b3e9ef9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 18 Mar 2015 00:11:22 +0000
+Subject: [PATCH] readlib: Add OECORE_KNOWN_INTERPRETER_NAMES to known names
+
+This bolts in a hook for OE to pass its own version of interpreter
+names into glibc especially for multilib case, where it differs from any
+other distros
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Lianhao Lu <lianhao.lu@intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ elf/readlib.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/elf/readlib.c b/elf/readlib.c
+index 7383c23249..e97ea9449d 100644
+--- a/elf/readlib.c
++++ b/elf/readlib.c
+@@ -51,6 +51,7 @@ static struct known_names interpreters[] =
+ #ifdef SYSDEP_KNOWN_INTERPRETER_NAMES
+   SYSDEP_KNOWN_INTERPRETER_NAMES
+ #endif
++  OECORE_KNOWN_INTERPRETER_NAMES
+ };
+ 
+ static struct known_names known_libs[] =
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
new file mode 100644
index 000000000..11a77cdf9
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
@@ -0,0 +1,75 @@
+From 2ae3ff3ae28abb1d0d100b4722da7ff188de9a30 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 15 May 2020 17:05:45 -0700
+Subject: [PATCH] wordsize.h: Unify the header between arm and aarch64
+
+This helps OE multilibs to not sythesize this header which causes all
+kind of recursions and other issues since wordsize is fundamental header
+and ends up including itself in many case e.g. clang tidy, bpf etc.
+
+Upstream-Status: Inappropriate [ OE-Specific ]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/aarch64/bits/wordsize.h          |  8 ++++++--
+ sysdeps/{aarch64 => arm}/bits/wordsize.h | 10 +++++++---
+ 2 files changed, 13 insertions(+), 5 deletions(-)
+ copy sysdeps/{aarch64 => arm}/bits/wordsize.h (80%)
+
+diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h
+index 91da566b74..9a754514b3 100644
+--- a/sysdeps/aarch64/bits/wordsize.h
++++ b/sysdeps/aarch64/bits/wordsize.h
+@@ -17,12 +17,16 @@
+    License along with the GNU C Library; if not, see
+    <https://www.gnu.org/licenses/>.  */
+ 
+-#ifdef __LP64__
++#if defined (__aarch64__) && defined (__LP64__)
+ # define __WORDSIZE			64
+-#else
++#elif defined (__aarch64__)
+ # define __WORDSIZE			32
+ # define __WORDSIZE32_SIZE_ULONG	1
+ # define __WORDSIZE32_PTRDIFF_LONG	1
++#else
++# define __WORDSIZE			32
++# define __WORDSIZE32_SIZE_ULONG	0
++# define __WORDSIZE32_PTRDIFF_LONG	0
+ #endif
+ 
+ #define __WORDSIZE_TIME64_COMPAT32	0
+diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
+similarity index 80%
+copy from sysdeps/aarch64/bits/wordsize.h
+copy to sysdeps/arm/bits/wordsize.h
+index 91da566b74..34fcdef1f1 100644
+--- a/sysdeps/aarch64/bits/wordsize.h
++++ b/sysdeps/arm/bits/wordsize.h
+@@ -1,6 +1,6 @@
+ /* Determine the wordsize from the preprocessor defines.
+ 
+-   Copyright (C) 2016-2021 Free Software Foundation, Inc.
++   Copyright (C) 2016-2021 Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+    The GNU C Library is free software; you can redistribute it and/or
+@@ -17,12 +17,16 @@
+    License along with the GNU C Library; if not, see
+    <https://www.gnu.org/licenses/>.  */
+ 
+-#ifdef __LP64__
++#if defined (__aarch64__) && defined (__LP64__)
+ # define __WORDSIZE			64
+-#else
++#elif defined (__aarch64__)
+ # define __WORDSIZE			32
+ # define __WORDSIZE32_SIZE_ULONG	1
+ # define __WORDSIZE32_PTRDIFF_LONG	1
++#else
++# define __WORDSIZE			32
++# define __WORDSIZE32_SIZE_ULONG	0
++# define __WORDSIZE32_PTRDIFF_LONG	0
+ #endif
+ 
+ #define __WORDSIZE_TIME64_COMPAT32	0
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch
new file mode 100644
index 000000000..5ef1ac2ed
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch
@@ -0,0 +1,48 @@
+From 5cc14938f05ae1354c8062f017a21f39d5fc9729 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 7 Aug 2020 14:31:16 -0700
+Subject: [PATCH] powerpc: Do not ask compiler for finding arch
+
+This does not work well in cross compiling environments like OE
+and moreover it uses its own -mcpu/-march options via cflags
+
+Upstream-Status: Inappropriate [ OE-Specific]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sysdeps/powerpc/preconfigure    | 5 +----
+ sysdeps/powerpc/preconfigure.ac | 5 +----
+ 2 files changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/sysdeps/powerpc/preconfigure b/sysdeps/powerpc/preconfigure
+index dfe8e20399..bbff040f0f 100644
+--- a/sysdeps/powerpc/preconfigure
++++ b/sysdeps/powerpc/preconfigure
+@@ -29,10 +29,7 @@ esac
+ # directive which shows up, and try using it.
+ case "${machine}:${submachine}" in
+ *powerpc*:)
+-  archcpu=`echo "int foo () { return 0; }" \
+-	   | $CC $CFLAGS $CPPFLAGS -S -frecord-gcc-switches -xc -o - - \
+-	   | grep -E "mcpu=|.machine" -m 1 \
+-	   | sed -e "s/.*machine //" -e "s/.*mcpu=\(.*\)\"/\1/"`
++  archcpu=''
+   # Note if you add patterns here you must ensure that an appropriate
+   # directory exists in sysdeps/powerpc.  Likewise, if we find a
+   # cpu, don't let the generic configure append extra compiler options.
+diff --git a/sysdeps/powerpc/preconfigure.ac b/sysdeps/powerpc/preconfigure.ac
+index 6c63bd8257..3e925f1d48 100644
+--- a/sysdeps/powerpc/preconfigure.ac
++++ b/sysdeps/powerpc/preconfigure.ac
+@@ -29,10 +29,7 @@ esac
+ # directive which shows up, and try using it.
+ case "${machine}:${submachine}" in
+ *powerpc*:)
+-  archcpu=`echo "int foo () { return 0; }" \
+-	   | $CC $CFLAGS $CPPFLAGS -S -frecord-gcc-switches -xc -o - - \
+-	   | grep -E "mcpu=|[.]machine" -m 1 \
+-	   | sed -e "s/.*machine //" -e "s/.*mcpu=\(.*\)\"/\1/"`
++  archcpu=''
+   # Note if you add patterns here you must ensure that an appropriate
+   # directory exists in sysdeps/powerpc.  Likewise, if we find a
+   # cpu, don't let the generic configure append extra compiler options.
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch
deleted file mode 100644
index 708c481e3..000000000
--- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From 228edd356f03bf62dcf2b1335f25d43c602ee68d Mon Sep 17 00:00:00 2001
-From: Michael Colavita <mcolavita@fb.com>
-Date: Thu, 19 Nov 2020 11:44:40 -0500
-Subject: [PATCH] iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
-
-Previously, in UCS4 conversion routines we limit the number of
-characters we examine to the minimum of the number of characters in the
-input and the number of characters in the output. This is not the
-correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume
-an output character when we skip a code unit. Instead, track the input
-and output pointers and terminate the loop when either reaches its
-limit.
-
-This resolves assertion failures when resetting the input buffer in a step of
-iconv, which assumes that the input will be fully consumed given sufficient
-output space.
----
- iconv/Makefile       |  2 +-
- iconv/gconv_simple.c | 16 ++++----------
- iconv/tst-iconv8.c   | 50 ++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 55 insertions(+), 13 deletions(-)
- create mode 100644 iconv/tst-iconv8.c
-
-diff --git a/iconv/Makefile b/iconv/Makefile
-index 30bf996d3a..f9b51e23ec 100644
---- a/iconv/Makefile
-+++ b/iconv/Makefile
-@@ -44,7 +44,7 @@ CFLAGS-linereader.c += -DNO_TRANSLITERATION
- CFLAGS-simple-hash.c += -I../locale
- 
- tests	= tst-iconv1 tst-iconv2 tst-iconv3 tst-iconv4 tst-iconv5 tst-iconv6 \
--	  tst-iconv7 tst-iconv-mt
-+	  tst-iconv7 tst-iconv8 tst-iconv-mt
- 
- others		= iconv_prog iconvconfig
- install-others-programs	= $(inst_bindir)/iconv
-diff --git a/iconv/gconv_simple.c b/iconv/gconv_simple.c
-index d4797fba17..963b29f246 100644
---- a/iconv/gconv_simple.c
-+++ b/iconv/gconv_simple.c
-@@ -239,11 +239,9 @@ ucs4_internal_loop (struct __gconv_step *step,
-   int flags = step_data->__flags;
-   const unsigned char *inptr = *inptrp;
-   unsigned char *outptr = *outptrp;
--  size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
-   int result;
--  size_t cnt;
- 
--  for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
-+  for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
-     {
-       uint32_t inval;
- 
-@@ -307,11 +305,9 @@ ucs4_internal_loop_unaligned (struct __gconv_step *step,
-   int flags = step_data->__flags;
-   const unsigned char *inptr = *inptrp;
-   unsigned char *outptr = *outptrp;
--  size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
-   int result;
--  size_t cnt;
- 
--  for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
-+  for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
-     {
-       if (__glibc_unlikely (inptr[0] > 0x80))
- 	{
-@@ -613,11 +609,9 @@ ucs4le_internal_loop (struct __gconv_step *step,
-   int flags = step_data->__flags;
-   const unsigned char *inptr = *inptrp;
-   unsigned char *outptr = *outptrp;
--  size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
-   int result;
--  size_t cnt;
- 
--  for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
-+  for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
-     {
-       uint32_t inval;
- 
-@@ -684,11 +678,9 @@ ucs4le_internal_loop_unaligned (struct __gconv_step *step,
-   int flags = step_data->__flags;
-   const unsigned char *inptr = *inptrp;
-   unsigned char *outptr = *outptrp;
--  size_t n_convert = MIN (inend - inptr, outend - outptr) / 4;
-   int result;
--  size_t cnt;
- 
--  for (cnt = 0; cnt < n_convert; ++cnt, inptr += 4)
-+  for (; inptr + 4 <= inend && outptr + 4 <= outend; inptr += 4)
-     {
-       if (__glibc_unlikely (inptr[3] > 0x80))
- 	{
-diff --git a/iconv/tst-iconv8.c b/iconv/tst-iconv8.c
-new file mode 100644
-index 0000000000..0b92b19f66
---- /dev/null
-+++ b/iconv/tst-iconv8.c
-@@ -0,0 +1,50 @@
-+/* Test iconv behavior on UCS4 conversions with //IGNORE.
-+   Copyright (C) 2020 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <http://www.gnu.org/licenses/>.  */
-+
-+/* Derived from BZ #26923 */
-+#include <errno.h>
-+#include <iconv.h>
-+#include <stdio.h>
-+#include <support/check.h>
-+
-+static int
-+do_test (void)
-+{
-+  iconv_t cd = iconv_open ("UTF-8//IGNORE", "ISO-10646/UCS4/");
-+  TEST_VERIFY_EXIT (cd != (iconv_t) -1);
-+
-+  /*
-+   * Convert sequence beginning with an irreversible character into buffer that
-+   * is too small.
-+   */
-+  char input[12] = "\xe1\x80\xa1" "AAAAAAAAA";
-+  char *inptr = input;
-+  size_t insize = sizeof (input);
-+  char output[6];
-+  char *outptr = output;
-+  size_t outsize = sizeof (output);
-+
-+  TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == -1);
-+  TEST_VERIFY (errno == E2BIG);
-+
-+  TEST_VERIFY_EXIT (iconv_close (cd) != -1);
-+
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
--- 
-2.27.0
-
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch
new file mode 100644
index 000000000..3cb60b2e5
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch
@@ -0,0 +1,116 @@
+From b1971f6f1331d738d1d6b376b4741668a7546125 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Tue, 2 Feb 2021 13:45:58 -0800
+Subject: [PATCH] x86: Require full ISA support for x86-64 level marker [BZ #27318]
+
+Since -march=sandybridge enables ISAs in x86-64 ISA level v3, the v3
+marker is set on libc.so.  We couldn't set the needed ISA marker to v2
+since this libc won't run on all v2 machines.  Technically, the v3 marker
+is correct.  But the resulting libc.so won't run on Sandy Brigde, which
+is a v2 machine, even when libc is compiled with -march=sandybridge:
+
+$ ./elf/ld.so ./libc.so
+./libc.so: (p) CPU ISA level is lower than required: needed: 7; got: 3
+
+Instead, we require full ISA support for x86-64 level marker and disable
+x86-64 level marker for -march=sandybridge which enables ISAs between v2
+and v3.
+
+Upstream-Status: Submitted [https://sourceware.org/pipermail/libc-alpha/2021-February/122297.html]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+
+ sysdeps/x86/configure    |  7 ++++++-
+ sysdeps/x86/configure.ac |  2 +-
+ sysdeps/x86/isa-level.c  | 21 ++++++++++++++++++++-
+ 3 files changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure
+index 5e32dc62b3..5b20646843 100644
+--- a/sysdeps/x86/configure
++++ b/sysdeps/x86/configure
+@@ -133,7 +133,12 @@ if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest c
+   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+   test $ac_status = 0; }; }; then
+   count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
+-  if test "$count" = 1; then
++  if test "$count" = 1 && { ac_try='${CC-cc} $CFLAGS $CPPFLAGS -DINCLUDE_X86_ISA_LEVEL -S -o conftest.s $srcdir/sysdeps/x86/isa-level.c'
++  { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
++  (eval $ac_try) 2>&5
++  ac_status=$?
++  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
++  test $ac_status = 0; }; }; then
+     libc_cv_include_x86_isa_level=yes
+   fi
+ fi
+diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac
+index f94088f377..54ecd33d2c 100644
+--- a/sysdeps/x86/configure.ac
++++ b/sysdeps/x86/configure.ac
+@@ -100,7 +100,7 @@ EOF
+ libc_cv_include_x86_isa_level=no
+ if AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -nostartfiles -nostdlib -r -o conftest conftest1.S conftest2.S); then
+   count=`LC_ALL=C $READELF -n conftest | grep NT_GNU_PROPERTY_TYPE_0 | wc -l`
+-  if test "$count" = 1; then
++  if test "$count" = 1 && AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -DINCLUDE_X86_ISA_LEVEL -S -o conftest.s $srcdir/sysdeps/x86/isa-level.c); then
+     libc_cv_include_x86_isa_level=yes
+   fi
+ fi
+diff --git a/sysdeps/x86/isa-level.c b/sysdeps/x86/isa-level.c
+index aaf524cb56..7f83449061 100644
+--- a/sysdeps/x86/isa-level.c
++++ b/sysdeps/x86/isa-level.c
+@@ -25,12 +25,17 @@
+    License along with the GNU C Library; if not, see
+    <https://www.gnu.org/licenses/>.  */
+ 
+-#include <elf.h>
++#ifdef _LIBC
++# include <elf.h>
++#endif
+ 
+ /* ELF program property for x86 ISA level.  */
+ #ifdef INCLUDE_X86_ISA_LEVEL
+ # if defined __x86_64__ || defined __FXSR__ || !defined _SOFT_FLOAT \
+      || defined  __MMX__ || defined __SSE__ || defined __SSE2__
++#  if !defined __SSE__ || !defined __SSE2__
++#   error "Missing ISAs for x86-64 ISA level baseline"
++#  endif
+ #  define ISA_BASELINE	GNU_PROPERTY_X86_ISA_1_BASELINE
+ # else
+ #  define ISA_BASELINE	0
+@@ -40,6 +45,11 @@
+      || (defined __x86_64__ && defined __LAHF_SAHF__) \
+      || defined __POPCNT__ || defined __SSE3__ \
+      || defined __SSSE3__ || defined __SSE4_1__ || defined __SSE4_2__
++#  if !defined __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 \
++     || !defined __POPCNT__ || !defined __SSE3__ \
++     || !defined __SSSE3__ || !defined __SSE4_1__ || !defined __SSE4_2__
++#   error "Missing ISAs for x86-64 ISA level v2"
++#  endif
+ #  define ISA_V2	GNU_PROPERTY_X86_ISA_1_V2
+ # else
+ #  define ISA_V2	0
+@@ -48,6 +58,10 @@
+ # if defined __AVX__ || defined __AVX2__ || defined __F16C__ \
+      || defined __FMA__ || defined __LZCNT__ || defined __MOVBE__ \
+      || defined __XSAVE__
++# if !defined __AVX__ || !defined __AVX2__ || !defined __F16C__ \
++     || !defined __FMA__ || !defined __LZCNT__
++#   error "Missing ISAs for x86-64 ISA level v3"
++#  endif
+ #  define ISA_V3	GNU_PROPERTY_X86_ISA_1_V3
+ # else
+ #  define ISA_V3	0
+@@ -55,6 +69,11 @@
+ 
+ # if defined __AVX512F__ || defined __AVX512BW__ || defined __AVX512CD__ \
+      || defined __AVX512DQ__ || defined __AVX512VL__
++#  if !defined __AVX512F__ || !defined __AVX512BW__ \
++      || !defined __AVX512CD__ || !defined __AVX512DQ__ \
++      || !defined __AVX512VL__
++#   error "Missing ISAs for x86-64 ISA level v4"
++#  endif
+ #  define ISA_V4	GNU_PROPERTY_X86_ISA_1_V4
+ # else
+ #  define ISA_V4	0
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch
deleted file mode 100644
index bc012e290..000000000
--- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@suse.de>
-Date: Mon, 21 Dec 2020 08:56:43 +0530
-Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
-
-The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
-area and is not allowed.  The from_euc_kr function used to skip two bytes
-when told to skip over the unknown designation, potentially running over
-the buffer end.
----
- iconvdata/Makefile      |  3 ++-
- iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++
- iconvdata/euc-kr.c      |  6 +----
- iconvdata/ksc5601.h     |  6 ++---
- 4 files changed, 59 insertions(+), 9 deletions(-)
- create mode 100644 iconvdata/bug-iconv13.c
-
-diff --git a/iconvdata/Makefile b/iconvdata/Makefile
-index 4ec2741cdc..85009f3390 100644
---- a/iconvdata/Makefile
-+++ b/iconvdata/Makefile
-@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules))
- ifeq (yes,$(build-shared))
- tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
- 	tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
--	bug-iconv10 bug-iconv11 bug-iconv12
-+	bug-iconv10 bug-iconv11 bug-iconv12 \
-+	bug-iconv13
- ifeq ($(have-thread-library),yes)
- tests += bug-iconv3
- endif
-diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
-new file mode 100644
-index 0000000000..87aaff398e
---- /dev/null
-+++ b/iconvdata/bug-iconv13.c
-@@ -0,0 +1,53 @@
-+/* bug 24973: Test EUC-KR module
-+   Copyright (C) 2020 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <https://www.gnu.org/licenses/>.  */
-+
-+#include <errno.h>
-+#include <iconv.h>
-+#include <stdio.h>
-+#include <support/check.h>
-+
-+static int
-+do_test (void)
-+{
-+  iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
-+  TEST_VERIFY_EXIT (cd != (iconv_t) -1);
-+
-+  /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
-+     areas, which are not allowed and should be skipped over due to
-+     //IGNORE.  The trailing 0xfe also is an incomplete sequence, which
-+     should be checked first.  */
-+  char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
-+  char *inptr = input;
-+  size_t insize = sizeof (input);
-+  char output[4];
-+  char *outptr = output;
-+  size_t outsize = sizeof (output);
-+
-+  /* This used to crash due to buffer overrun.  */
-+  TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
-+  TEST_VERIFY (errno == EINVAL);
-+  /* The conversion should produce one character, the converted null
-+     character.  */
-+  TEST_VERIFY (sizeof (output) - outsize == 1);
-+
-+  TEST_VERIFY_EXIT (iconv_close (cd) != -1);
-+
-+  return 0;
-+}
-+
-+#include <support/test-driver.c>
-diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
-index b0d56cf3ee..1045bae926 100644
---- a/iconvdata/euc-kr.c
-+++ b/iconvdata/euc-kr.c
-@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
- 									      \
-     if (ch <= 0x9f)							      \
-       ++inptr;								      \
--    /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are		      \
--       user-defined areas.  */						      \
--    else if (__builtin_expect (ch == 0xa0, 0)				      \
--	     || __builtin_expect (ch > 0xfe, 0)				      \
--	     || __builtin_expect (ch == 0xc9, 0))			      \
-+    else if (__glibc_unlikely (ch == 0xa0))				      \
-       {									      \
- 	/* This is illegal.  */						      \
- 	STANDARD_FROM_LOOP_ERR_HANDLER (1);				      \
-diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
-index d3eb3a4ff8..f5cdc72797 100644
---- a/iconvdata/ksc5601.h
-+++ b/iconvdata/ksc5601.h
-@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset)
-   unsigned char ch2;
-   int idx;
- 
-+  if (avail < 2)
-+    return 0;
-+
-   /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
- 
-   if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e
-       || (ch - offset) == 0x49)
-     return __UNKNOWN_10646_CHAR;
- 
--  if (avail < 2)
--    return 0;
--
-   ch2 = (*s)[1];
-   if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f)
-     return __UNKNOWN_10646_CHAR;
--- 
-2.27.0
-
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch
new file mode 100644
index 000000000..e904b28a0
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch
@@ -0,0 +1,58 @@
+From 044e603b698093cf48f6e6229e0b66acf05227e4 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Fri, 19 Feb 2021 13:29:00 +0100
+Subject: [PATCH] string: Work around GCC PR 98512 in rawmemchr
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=044e603b698093cf48f6e6229e0b66acf05227e4]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ string/rawmemchr.c | 26 +++++++++++++++-----------
+ 1 file changed, 15 insertions(+), 11 deletions(-)
+
+diff --git a/string/rawmemchr.c b/string/rawmemchr.c
+index 59bbeeaa42..b8523118e5 100644
+--- a/string/rawmemchr.c
++++ b/string/rawmemchr.c
+@@ -22,24 +22,28 @@
+ # define RAWMEMCHR __rawmemchr
+ #endif
+ 
+-/* Find the first occurrence of C in S.  */
+-void *
+-RAWMEMCHR (const void *s, int c)
+-{
+-  DIAG_PUSH_NEEDS_COMMENT;
++/* The pragmata should be nested inside RAWMEMCHR below, but that
++   triggers GCC PR 98512.  */
++DIAG_PUSH_NEEDS_COMMENT;
+ #if __GNUC_PREREQ (7, 0)
+-  /* GCC 8 warns about the size passed to memchr being larger than
+-     PTRDIFF_MAX; the use of SIZE_MAX is deliberate here.  */
+-  DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow=");
++/* GCC 8 warns about the size passed to memchr being larger than
++   PTRDIFF_MAX; the use of SIZE_MAX is deliberate here.  */
++DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-overflow=");
+ #endif
+ #if __GNUC_PREREQ (11, 0)
+-  /* Likewise GCC 11, with a different warning option.  */
+-  DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
++/* Likewise GCC 11, with a different warning option.  */
++DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread");
+ #endif
++
++/* Find the first occurrence of C in S.  */
++void *
++RAWMEMCHR (const void *s, int c)
++{
+   if (c != '\0')
+     return memchr (s, c, (size_t)-1);
+-  DIAG_POP_NEEDS_COMMENT;
+   return (char *)s + strlen (s);
+ }
+ libc_hidden_def (__rawmemchr)
+ weak_alias (__rawmemchr, rawmemchr)
++
++DIAG_POP_NEEDS_COMMENT;
+-- 
+2.30.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch
new file mode 100644
index 000000000..3a004e227
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch
@@ -0,0 +1,185 @@
+From 750b00a1ddae220403fd892a6fd4e0791ffd154a Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Fri, 18 Sep 2020 07:55:14 -0700
+Subject: [PATCH] x86: Handle _SC_LEVEL1_ICACHE_LINESIZE [BZ #27444]
+
+    x86: Move x86 processor cache info to cpu_features
+
+missed _SC_LEVEL1_ICACHE_LINESIZE.
+
+1. Add level1_icache_linesize to struct cpu_features.
+2. Initialize level1_icache_linesize by calling handle_intel,
+handle_zhaoxin and handle_amd with _SC_LEVEL1_ICACHE_LINESIZE.
+3. Return level1_icache_linesize for _SC_LEVEL1_ICACHE_LINESIZE.
+
+Upstream-Status: Backport [https://sourceware.org/bugzilla/show_bug.cgi?id=27444]
+Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
+---
+ sysdeps/x86/Makefile                          |  8 +++
+ sysdeps/x86/cacheinfo.c                       |  3 +
+ sysdeps/x86/dl-cacheinfo.h                    |  6 ++
+ sysdeps/x86/include/cpu-features.h            |  2 +
+ .../x86/tst-sysconf-cache-linesize-static.c   |  1 +
+ sysdeps/x86/tst-sysconf-cache-linesize.c      | 57 +++++++++++++++++++
+ 6 files changed, 77 insertions(+)
+ create mode 100644 sysdeps/x86/tst-sysconf-cache-linesize-static.c
+ create mode 100644 sysdeps/x86/tst-sysconf-cache-linesize.c
+
+diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
+index dd82674342..d231263051 100644
+--- a/sysdeps/x86/Makefile
++++ b/sysdeps/x86/Makefile
+@@ -208,3 +208,11 @@ $(objpfx)check-cet.out: $(..)sysdeps/x86/check-cet.awk \
+ generated += check-cet.out
+ endif
+ endif
++
++ifeq ($(subdir),posix)
++tests += \
++  tst-sysconf-cache-linesize \
++  tst-sysconf-cache-linesize-static
++tests-static += \
++  tst-sysconf-cache-linesize-static
++endif
+diff --git a/sysdeps/x86/cacheinfo.c b/sysdeps/x86/cacheinfo.c
+index 7b8df45e3b..5ea4723ca6 100644
+--- a/sysdeps/x86/cacheinfo.c
++++ b/sysdeps/x86/cacheinfo.c
+@@ -32,6 +32,9 @@ __cache_sysconf (int name)
+     case _SC_LEVEL1_ICACHE_SIZE:
+       return cpu_features->level1_icache_size;
+ 
++    case _SC_LEVEL1_ICACHE_LINESIZE:
++      return cpu_features->level1_icache_linesize;
++
+     case _SC_LEVEL1_DCACHE_SIZE:
+       return cpu_features->level1_dcache_size;
+ 
+diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h
+index a31fa0783a..7cd00b92f1 100644
+--- a/sysdeps/x86/dl-cacheinfo.h
++++ b/sysdeps/x86/dl-cacheinfo.h
+@@ -707,6 +707,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+   long int core;
+   unsigned int threads = 0;
+   unsigned long int level1_icache_size = -1;
++  unsigned long int level1_icache_linesize = -1;
+   unsigned long int level1_dcache_size = -1;
+   unsigned long int level1_dcache_assoc = -1;
+   unsigned long int level1_dcache_linesize = -1;
+@@ -726,6 +727,8 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+ 
+       level1_icache_size
+ 	= handle_intel (_SC_LEVEL1_ICACHE_SIZE, cpu_features);
++      level1_icache_linesize
++	= handle_intel (_SC_LEVEL1_ICACHE_LINESIZE, cpu_features);
+       level1_dcache_size = data;
+       level1_dcache_assoc
+ 	= handle_intel (_SC_LEVEL1_DCACHE_ASSOC, cpu_features);
+@@ -753,6 +756,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+       shared = handle_zhaoxin (_SC_LEVEL3_CACHE_SIZE);
+ 
+       level1_icache_size = handle_zhaoxin (_SC_LEVEL1_ICACHE_SIZE);
++      level1_icache_linesize = handle_zhaoxin (_SC_LEVEL1_ICACHE_LINESIZE);
+       level1_dcache_size = data;
+       level1_dcache_assoc = handle_zhaoxin (_SC_LEVEL1_DCACHE_ASSOC);
+       level1_dcache_linesize = handle_zhaoxin (_SC_LEVEL1_DCACHE_LINESIZE);
+@@ -772,6 +776,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+       shared = handle_amd (_SC_LEVEL3_CACHE_SIZE);
+ 
+       level1_icache_size = handle_amd (_SC_LEVEL1_ICACHE_SIZE);
++      level1_icache_linesize = handle_amd (_SC_LEVEL1_ICACHE_LINESIZE);
+       level1_dcache_size = data;
+       level1_dcache_assoc = handle_amd (_SC_LEVEL1_DCACHE_ASSOC);
+       level1_dcache_linesize = handle_amd (_SC_LEVEL1_DCACHE_LINESIZE);
+@@ -833,6 +838,7 @@ dl_init_cacheinfo (struct cpu_features *cpu_features)
+     }
+ 
+   cpu_features->level1_icache_size = level1_icache_size;
++  cpu_features->level1_icache_linesize = level1_icache_linesize;
+   cpu_features->level1_dcache_size = level1_dcache_size;
+   cpu_features->level1_dcache_assoc = level1_dcache_assoc;
+   cpu_features->level1_dcache_linesize = level1_dcache_linesize;
+diff --git a/sysdeps/x86/include/cpu-features.h b/sysdeps/x86/include/cpu-features.h
+index 624736b40e..39a3f4f311 100644
+--- a/sysdeps/x86/include/cpu-features.h
++++ b/sysdeps/x86/include/cpu-features.h
+@@ -874,6 +874,8 @@ struct cpu_features
+   unsigned long int rep_stosb_threshold;
+   /* _SC_LEVEL1_ICACHE_SIZE.  */
+   unsigned long int level1_icache_size;
++  /* _SC_LEVEL1_ICACHE_LINESIZE.  */
++  unsigned long int level1_icache_linesize;
+   /* _SC_LEVEL1_DCACHE_SIZE.  */
+   unsigned long int level1_dcache_size;
+   /* _SC_LEVEL1_DCACHE_ASSOC.  */
+diff --git a/sysdeps/x86/tst-sysconf-cache-linesize-static.c b/sysdeps/x86/tst-sysconf-cache-linesize-static.c
+new file mode 100644
+index 0000000000..152ae68821
+--- /dev/null
++++ b/sysdeps/x86/tst-sysconf-cache-linesize-static.c
+@@ -0,0 +1 @@
++#include "tst-sysconf-cache-linesize.c"
+diff --git a/sysdeps/x86/tst-sysconf-cache-linesize.c b/sysdeps/x86/tst-sysconf-cache-linesize.c
+new file mode 100644
+index 0000000000..642dbde5d2
+--- /dev/null
++++ b/sysdeps/x86/tst-sysconf-cache-linesize.c
+@@ -0,0 +1,57 @@
++/* Test system cache line sizes.
++   Copyright (C) 2021 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <array_length.h>
++
++static struct
++{
++  const char *name;
++  int _SC_val;
++} sc_options[] =
++  {
++#define N(name) { "_SC_"#name, _SC_##name }
++    N (LEVEL1_ICACHE_LINESIZE),
++    N (LEVEL1_DCACHE_LINESIZE),
++    N (LEVEL2_CACHE_LINESIZE)
++  };
++
++static int
++do_test (void)
++{
++  int result = EXIT_SUCCESS;
++
++  for (int i = 0; i < array_length (sc_options); ++i)
++    {
++      long int scret = sysconf (sc_options[i]._SC_val);
++      if (scret < 0)
++	{
++	  printf ("sysconf (%s) returned < 0 (%ld)\n",
++		  sc_options[i].name, scret);
++	  result = EXIT_FAILURE;
++	}
++      else
++	printf ("sysconf (%s): %ld\n", sc_options[i].name, scret);
++    }
++
++  return result;
++}
++
++#include <support/test-driver.c>
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0035-Fix-build-error.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0035-Fix-build-error.patch
new file mode 100644
index 000000000..6cf56c64f
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0035-Fix-build-error.patch
@@ -0,0 +1,26 @@
+From 2a246ee8129e7cd4660fe76f7ab656191be7bc5e Mon Sep 17 00:00:00 2001
+From: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
+Date: Thu, 11 Mar 2021 11:23:00 -0800
+Subject: [PATCH] Fix build error
+
+Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@intel.com>
+---
+ stdlib/canonicalize.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c
+index 698f9ede2557..cac1f73d7471 100644
+--- a/stdlib/canonicalize.c
++++ b/stdlib/canonicalize.c
+@@ -198,7 +198,7 @@ static char *
+ realpath_stk (const char *name, char *resolved,
+               struct scratch_buffer *rname_buf)
+ {
+-  char *dest;
++  char *dest = NULL;
+   char const *start;
+   char const *end;
+   int num_links = 0;
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch
new file mode 100644
index 000000000..5e1bc958b
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch
@@ -0,0 +1,54 @@
+From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@linux-m68k.org>
+Date: Thu, 27 May 2021 12:49:47 +0200
+Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896)
+
+Make a deep copy of the pthread attribute object to remove a potential
+use-after-free issue.
+---
+ sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
+index cc575a0cdd..f7ddfe5a6c 100644
+--- a/sysdeps/unix/sysv/linux/mq_notify.c
++++ b/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -133,8 +133,11 @@ helper_thread (void *arg)
+ 	    (void) __pthread_barrier_wait (&notify_barrier);
+ 	}
+       else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
+-	/* The only state we keep is the copy of the thread attributes.  */
+-	free (data.attr);
++	{
++	  /* The only state we keep is the copy of the thread attributes.  */
++	  pthread_attr_destroy (data.attr);
++	  free (data.attr);
++	}
+     }
+   return NULL;
+ }
+@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
+       if (data.attr == NULL)
+ 	return -1;
+ 
+-      memcpy (data.attr, notification->sigev_notify_attributes,
+-	      sizeof (pthread_attr_t));
++      __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
+     }
+ 
+   /* Construct the new request.  */
+@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
+ 
+   /* If it failed, free the allocated memory.  */
+   if (__glibc_unlikely (retval != 0))
+-    free (data.attr);
++    {
++      pthread_attr_destroy (data.attr);
++      free (data.attr);
++    }
+ 
+   return retval;
+ }
+-- 
+2.27.0
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch
new file mode 100644
index 000000000..447943a46
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch
@@ -0,0 +1,52 @@
+From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 1 Jun 2021 17:51:41 +0200
+Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896)
+
+__pthread_attr_copy can fail and does not initialize the attribute
+structure in that case.
+
+If __pthread_attr_copy is never called and there is no allocated
+attribute, pthread_attr_destroy should not be called, otherwise
+there is a null pointer dereference in rt/tst-mqueue6.
+
+Fixes commit 42d359350510506b87101cf77202fefcbfc790cb
+("Use __pthread_attr_copy in mq_notify (bug 27896)").
+
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+---
+ sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
+index f7ddfe5a6c..6f46d29d1d 100644
+--- a/sysdeps/unix/sysv/linux/mq_notify.c
++++ b/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
+       if (data.attr == NULL)
+ 	return -1;
+ 
+-      __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
++      int ret = __pthread_attr_copy (data.attr,
++				     notification->sigev_notify_attributes);
++      if (ret != 0)
++	{
++	  free (data.attr);
++	  __set_errno (ret);
++	  return -1;
++	}
+     }
+ 
+   /* Construct the new request.  */
+@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
+   int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se);
+ 
+   /* If it failed, free the allocated memory.  */
+-  if (__glibc_unlikely (retval != 0))
++  if (retval != 0 && data.attr != NULL)
+     {
+       pthread_attr_destroy (data.attr);
+       free (data.attr);
+-- 
+2.27.0
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/CVE-2021-27645.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/CVE-2021-27645.patch
new file mode 100644
index 000000000..26c5c0d2a
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/CVE-2021-27645.patch
@@ -0,0 +1,51 @@
+From dca565886b5e8bd7966e15f0ca42ee5cff686673 Mon Sep 17 00:00:00 2001
+From: DJ Delorie <dj@redhat.com>
+Date: Thu, 25 Feb 2021 16:08:21 -0500
+Subject: [PATCH] nscd: Fix double free in netgroupcache [BZ #27462]
+
+In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free
+was fixed, but this led to an occasional double-free.  This patch
+tracks the "live" allocation better.
+
+Tested manually by a third party.
+
+Related: RHBZ 1927877
+
+Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673]
+
+CVE: CVE-2021-27645
+
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
+---
+ nscd/netgroupcache.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index dba6ceec1b..ad2daddafd 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -248,7 +248,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ 					     : NULL);
+ 				    ndomain = (ndomain ? newbuf + ndomaindiff
+ 					       : NULL);
+-				    buffer = newbuf;
++				    *tofreep = buffer = newbuf;
+ 				  }
+ 
+ 				nhost = memcpy (buffer + bufused,
+@@ -319,7 +319,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
+ 		    else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
+ 		      {
+ 			buflen *= 2;
+-			buffer = xrealloc (buffer, buflen);
++			*tofreep = buffer = xrealloc (buffer, buflen);
+ 		      }
+ 		    else if (status == NSS_STATUS_RETURN
+ 			     || status == NSS_STATUS_NOTFOUND
+-- 
+2.27.0
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/check-test-wrapper b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/check-test-wrapper
new file mode 100644
index 000000000..f8e04e02d
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/check-test-wrapper
@@ -0,0 +1,71 @@
+#!/usr/bin/env python3
+import sys
+import os
+import subprocess
+
+env = os.environ.copy()
+args = sys.argv[1:]
+targettype = args.pop(0)
+
+if targettype == "user":
+    qemuargs = os.environ.get("QEMU_OPTIONS", "").split()
+    if not os.path.exists(qemuargs[0]):
+        # ensure qemu args has a valid absolute path
+        for i in os.environ.get("PATH", "").split(":"):
+            if os.path.exists(os.path.join(i, qemuargs[0])):
+                qemuargs[0] = os.path.join(i, qemuargs[0])
+                break
+    sysroot = os.environ.get("QEMU_SYSROOT", None)
+    if not sysroot:
+        sys.exit(-1)
+    libpaths = [sysroot + "/usr/lib", sysroot + "/lib"]
+
+    if args[0] == "env":
+        args.pop(0)
+        if len(args) == 0:
+            args = ["env"]
+        else:
+            # process options
+            while args[0].startswith("-"):
+                opt = args.pop(0).lstrip("-")
+                if "i" in opt:
+                    env.clear()
+            # process environment vars
+            while "=" in args[0]:
+                key, val = args.pop(0).split("=", 1)
+                if key == "LD_LIBRARY_PATH":
+                    libpaths += val.split(":")
+                else:
+                    env[key] = val
+    if args[0] == "cp":
+        # ignore copies, the filesystem is the same
+        sys.exit(0)
+
+    qemuargs += ["-L", sysroot]
+    qemuargs += ["-E", "LD_LIBRARY_PATH={}".format(":".join(libpaths))]
+    command = qemuargs + args
+elif targettype == "ssh":
+    host = os.environ.get("SSH_HOST", None)
+    user = os.environ.get("SSH_HOST_USER", None)
+    port = os.environ.get("SSH_HOST_PORT", None)
+
+    command = ["ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no"]
+    if port:
+        command += ["-p", str(port)]
+    if not host:
+        sys.exit(-1)
+    command += ["{}@{}".format(user, host) if user else host]
+
+    # wrap and replace quotes for correct transformation on ssh
+    wrapped = " ".join(["'{0}'".format(i.replace("'", r"'\''")) for i in ["cd", os.getcwd()]]) + "; "
+    wrapped += " ".join(["'{0}'".format(i.replace("'", r"'\''")) for i in args])
+    command += ["sh", "-c", "\"{}\"".format(wrapped)]
+else:
+    sys.exit(-1)
+
+try:
+    r = subprocess.run(command, timeout = 1800, env = env)
+    sys.exit(r.returncode)
+except subprocess.TimeoutExpired:
+    sys.exit(-1)
+
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/etc/ld.so.conf b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/etc/ld.so.conf
new file mode 100644
index 000000000..83327c01b
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/etc/ld.so.conf
@@ -0,0 +1 @@
+include /etc/ld.so.conf.d/*.conf
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/faccessat2-perm.patch b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/faccessat2-perm.patch
new file mode 100644
index 000000000..2ee7110ca
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/faccessat2-perm.patch
@@ -0,0 +1,31 @@
+Older seccomp-based filters used in container frameworks will block faccessat2
+calls as it's a relatively new syscall.  This isn't a big problem with
+glibc <2.33 but 2.33 will call faccessat2 itself, get EPERM, and thenn be confused
+about what to do as EPERM isn't an expected error code.
+
+This manifests itself as mysterious errors, for example a kernel failing to link.
+
+The root cause of bad seccomp filters is mostly fixed (systemd 247, Docker 20.10.0)
+but we can't expect everyone to upgrade, so add a workaound (originally from 
+Red Hat) to handle EPERM like ENOSYS and fallback to faccessat().
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+diff --git a/sysdeps/unix/sysv/linux/faccessat.c b/sysdeps/unix/sysv/linux/faccessat.c
+index 56cb6dcc8b4d58d3..5de75032bbc93a2c 100644
+--- a/sysdeps/unix/sysv/linux/faccessat.c
++++ b/sysdeps/unix/sysv/linux/faccessat.c
+@@ -34,7 +34,11 @@ faccessat (int fd, const char *file, int mode, int flag)
+ #if __ASSUME_FACCESSAT2
+   return ret;
+ #else
+-  if (ret == 0 || errno != ENOSYS)
++  /* Fedora-specific workaround:
++     As a workround for a broken systemd-nspawn that returns
++     EPERM when a syscall is not allowed instead of ENOSYS
++     we must check for EPERM here and fall back to faccessat.  */
++  if (ret == 0 || !(errno == ENOSYS || errno == EPERM))
+     return ret;
+ 
+   if (flag & ~(AT_SYMLINK_NOFOLLOW | AT_EACCESS))
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/generate-supported.mk b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/generate-supported.mk
new file mode 100644
index 000000000..d2a28c2dc
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/generate-supported.mk
@@ -0,0 +1,11 @@
+#!/usr/bin/make
+
+include $(IN)
+
+all:
+	rm -f $(OUT)
+	touch $(OUT)
+	for locale in $(SUPPORTED-LOCALES); do \
+		[ $$locale = true ] && continue; \
+		echo $$locale | sed 's,/, ,' >> $(OUT); \
+	done
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/makedbs.sh b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/makedbs.sh
new file mode 100755
index 000000000..7d51a6735
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc/makedbs.sh
@@ -0,0 +1,177 @@
+#!/bin/sh
+
+#
+# Make passwd.db, group.db, etc.
+#
+
+VAR_DB=/var/db
+
+# Use make if available
+if [ -x /usr/bin/make -o -x /bin/make ]; then
+	make -C $VAR_DB
+	exit 0
+fi
+
+# No make available, do it in hard way
+
+# passwd.db
+if [ -e /etc/passwd ]; then
+target=$VAR_DB/passwd.db
+echo -n "passwd... "
+awk 'BEGIN { FS=":"; OFS=":" } \
+ /^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { printf ".%s ", $$1; print; \
+	   printf "=%s ", $$3; print }' /etc/passwd | \
+makedb --quiet -o $target -
+echo "done."
+fi
+
+# group.db
+if [ -e /etc/group ]; then
+target=$VAR_DB/group.db
+echo -n "group... "
+awk 'BEGIN { FS=":"; OFS=":" } \
+ /^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { printf ".%s ", $$1; print; \
+	   printf "=%s ", $$3; print; \
+	   if ($$4 != "") { \
+	     split($$4, grmems, ","); \
+	     for (memidx in grmems) { \
+	       mem=grmems[memidx]; \
+	       if (members[mem] == "") \
+		 members[mem]=$$3; \
+	       else \
+		 members[mem]=members[mem] "," $$3; \
+	     } \
+	     delete grmems; } } \
+ END { for (mem in members) \
+	 printf ":%s %s %s\n", mem, mem, members[mem]; }' /etc/group | \
+makedb --quiet -o $target -
+echo "done."
+fi
+
+# ethers.db
+if [ -e /etc/ethers ]; then
+target=$VAR_DB/ethers.db
+echo -n "ethers... "
+awk '/^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { printf ".%s ", $$1; print; \
+	   printf "=%s ", $$2; print }' /etc/ethers | \
+makedb --quiet -o $target -
+echo "done."
+fi
+
+# protocols.db
+if [ -e /etc/protocols ]; then
+target=$VAR_DB/protocols.db
+echo -n "protocols... "
+awk '/^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { printf ".%s ", $$1; print; \
+	   printf "=%s ", $$2; print; \
+	   for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
+	     { printf ".%s ", $$i; print } }' /etc/protocols | \
+makedb --quiet -o $target -
+echo "done."
+fi
+
+# rpc.db
+if [ -e /etc/rpc ]; then
+target=$VAR_DB/rpc.db
+echo -n "rpc... "
+awk '/^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { printf ".%s ", $$1; print; \
+	   printf "=%s ", $$2; print; \
+	   for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
+	     { printf ".%s ", $$i; print } }' /etc/rpc | \
+makedb --quiet -o $target -
+echo "done."
+fi
+
+# services.db
+if [ -e /etc/services ]; then
+target=$VAR_DB/services.db
+echo -n "services... "
+awk 'BEGIN { FS="[ \t/]+" } \
+ /^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { sub(/[ \t]*#.*$$/, "");\
+	   printf ":%s/%s ", $$1, $$3; print; \
+	   printf ":%s/ ", $$1; print; \
+	   printf "=%s/%s ", $$2, $$3; print; \
+	   printf "=%s/ ", $$2; print; \
+	   for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \
+	     { printf ":%s/%s ", $$i, $$3; print; \
+	       printf ":%s/ ", $$i; print } }' /etc/services | \
+makedb --quiet -o $target -
+echo "done."
+fi
+
+# shadow.db
+if [ -e /etc/shadow ]; then
+target=$VAR_DB/shadow.db
+echo -n "shadow... "
+awk 'BEGIN { FS=":"; OFS=":" } \
+ /^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { printf ".%s ", $$1; print }' /etc/shadow | \
+(umask 077 && makedb --quiet -o $target -)
+echo "done."
+if chgrp shadow $target 2>/dev/null; then
+	chmod g+r $target
+else
+	chown 0 $target; chgrp 0 $target; chmod 600 $target;
+	echo
+	echo "Warning: The shadow password database $target"
+	echo "has been set to be readable only by root.  You may want"
+	echo "to make it readable by the \`shadow' group depending"
+	echo "on your configuration."
+	echo
+fi
+fi
+
+# gshadow.db
+if [ -e /etc/gshadow ]; then
+target=$VAR_DB/gshadow.db
+echo -n "gshadow... "
+awk 'BEGIN { FS=":"; OFS=":" } \
+ /^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { printf ".%s ", $$1; print }' /etc/gshadow | \
+(umask 077 && makedb --quiet -o $target -)
+echo "done."
+if chgrp shadow $target 2>/dev/null; then
+	chmod g+r $target
+else
+	chown 0 $target; chgrp 0 $target; chmod 600 $target
+	echo
+	echo "Warning: The shadow group database $target"
+	echo "has been set to be readable only by root.  You may want"
+	echo "to make it readable by the \`shadow' group depending"
+	echo "on your configuration."
+	echo
+fi
+fi
+
+# netgroup.db
+if [ -e /etc/netgroup ]; then
+target=$VAR_DB/netgroup.db
+echo -n "netgroup... "
+awk 'BEGIN { ini=1 } \
+ /^[ \t]*$$/ { next } \
+ /^[ \t]*#/ { next } \
+ /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \
+	   else end=""; \
+	   gsub(/[ \t]+/, " "); \
+	   sub(/^[ \t]*/, ""); \
+	   if (ini == 0) printf "%s%s", $$0, end; \
+	   else printf ".%s %s%s", $$1, $$0, end; \
+	   ini=end == "" ? 0 : 1; } \
+ END { if (ini==0) printf "\n" }' /etc/netgroup | \
+makedb --quiet -o $target
+echo "done."
+fi
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend
deleted file mode 100644
index 3fa99af0a..000000000
--- a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_%.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
-
-SRC_URI +=  "file://0031-iconv-Fix-incorrect-UCS4-inner-loop-bounds-BZ-26923.patch \
-             file://0032-Fix-buffer-overrun-in-EUC-KR-conversion-module-BZ-24973.patch \
-           "
diff --git a/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb
new file mode 100644
index 000000000..5c4d944b0
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/glibc/glibc_2.33.bb
@@ -0,0 +1,126 @@
+require glibc.inc
+require glibc-version.inc
+
+CVE_CHECK_WHITELIST += "CVE-2020-10029"
+
+DEPENDS += "gperf-native bison-native make-native"
+
+NATIVESDKFIXES ?= ""
+NATIVESDKFIXES_class-nativesdk = "\
+           file://0003-nativesdk-glibc-Look-for-host-system-ld.so.cache-as-.patch \
+           file://0004-nativesdk-glibc-Fix-buffer-overrun-with-a-relocated-.patch \
+           file://0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \
+           file://0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \
+           file://0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch \
+           file://faccessat2-perm.patch \
+"
+
+SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
+           file://etc/ld.so.conf \
+           file://generate-supported.mk \
+           file://makedbs.sh \
+           \
+           ${NATIVESDKFIXES} \
+           file://0008-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch \
+           file://0009-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch \
+           file://0010-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
+           file://0011-Quote-from-bug-1443-which-explains-what-the-patch-do.patch \
+           file://0012-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch \
+           file://0013-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch \
+           file://0014-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch \
+           file://0015-yes-within-the-path-sets-wrong-config-variables.patch \
+           file://0016-timezone-re-written-tzselect-as-posix-sh.patch \
+           file://0017-Remove-bash-dependency-for-nscd-init-script.patch \
+           file://0018-eglibc-Cross-building-and-testing-instructions.patch \
+           file://0019-eglibc-Help-bootstrap-cross-toolchain.patch \
+           file://0020-eglibc-Resolve-__fpscr_values-on-SH4.patch \
+           file://0021-eglibc-Forward-port-cross-locale-generation-support.patch \
+           file://0022-Define-DUMMY_LOCALE_T-if-not-defined.patch \
+           file://0023-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch \
+           file://0024-elf-dl-deps.c-Make-_dl_build_local_scope-breadth-fir.patch \
+           file://0025-intl-Emit-no-lines-in-bison-generated-files.patch \
+           file://0027-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \
+           file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \
+           file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \
+           file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
+           file://0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch \
+           file://0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch \
+           file://0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch \
+           file://CVE-2021-27645.patch \
+           file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \
+           file://0035-Fix-build-error.patch \
+           file://0036-Use-__pthread_attr_copy-in-mq_notify-bug-27896.patch \
+           file://0037-Fix-use-of-__pthread_attr_copy-in-mq_notify-bug-27896.patch \
+           "
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build-${TARGET_SYS}"
+
+PACKAGES_DYNAMIC = ""
+
+# the -isystem in bitbake.conf screws up glibc do_stage
+BUILD_CPPFLAGS = "-I${STAGING_INCDIR_NATIVE}"
+TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir}"
+
+GLIBC_BROKEN_LOCALES = ""
+
+GLIBCPIE ??= ""
+
+EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
+                --disable-profile \
+                --disable-debug --without-gd \
+                --enable-clocale=gnu \
+                --with-headers=${STAGING_INCDIR} \
+                --without-selinux \
+                --enable-tunables \
+                --enable-bind-now \
+                --enable-stack-protector=strong \
+                --enable-stackguard-randomization \
+                --disable-crypt \
+                --with-default-link \
+                ${@bb.utils.contains_any('SELECTED_OPTIMIZATION', '-O0 -Og', '--disable-werror', '', d)} \
+                ${GLIBCPIE} \
+                ${GLIBC_EXTRA_OECONF}"
+
+EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"
+
+EXTRA_OECONF_append_x86 = " --enable-cet"
+EXTRA_OECONF_append_x86-64 = " --enable-cet"
+
+PACKAGECONFIG ??= "nscd"
+PACKAGECONFIG[nscd] = "--enable-nscd,--disable-nscd"
+
+do_patch_append() {
+    bb.build.exec_func('do_fix_readlib_c', d)
+}
+
+do_fix_readlib_c () {
+	sed -i -e 's#OECORE_KNOWN_INTERPRETER_NAMES#${EGLIBC_KNOWN_INTERPRETER_NAMES}#' ${S}/elf/readlib.c
+}
+
+do_configure () {
+# override this function to avoid the autoconf/automake/aclocal/autoheader
+# calls for now
+# don't pass CPPFLAGS into configure, since it upsets the kernel-headers
+# version check and doesn't really help with anything
+        (cd ${S} && gnu-configize) || die "failure in running gnu-configize"
+        find ${S} -name "configure" | xargs touch
+        CPPFLAGS="" oe_runconf
+}
+
+LDFLAGS += "-fuse-ld=bfd"
+do_compile () {
+	base_do_compile
+	echo "Adjust ldd script"
+	if [ -n "${RTLDLIST}" ]
+	then
+		prevrtld=`cat ${B}/elf/ldd | grep "^RTLDLIST=" | sed 's#^RTLDLIST="\?\([^"]*\)"\?$#\1#'`
+		# remove duplicate entries
+		newrtld=`echo $(printf '%s\n' ${prevrtld} ${RTLDLIST} | LC_ALL=C sort -u)`
+		echo "ldd \"${prevrtld} ${RTLDLIST}\" -> \"${newrtld}\""
+		sed -i ${B}/elf/ldd -e "s#^RTLDLIST=.*\$#RTLDLIST=\"${newrtld}\"#"
+	fi
+}
+
+require glibc-package.inc
+
+BBCLASSEXTEND = "nativesdk"
diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch
new file mode 100644
index 000000000..15ecbe477
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch
@@ -0,0 +1,29 @@
+From 099016b7e8d70a6d5dd814e788bba08d33d48426 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Mon, 4 May 2020 19:41:16 +0200
+Subject: [PATCH] Protect array_list_del_idx against size_t overflow.
+
+If the assignment of stop overflows due to idx and count being
+larger than SIZE_T_MAX in sum, out of boundary access could happen.
+
+It takes invalid usage of this function for this to happen, but
+I decided to add this check so array_list_del_idx is as safe against
+bad usage as the other arraylist functions.
+---
+ arraylist.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/arraylist.c b/arraylist.c
+index 12ad8af6d3..e5524aca75 100644
+--- a/arraylist.c
++++ b/arraylist.c
+@@ -136,6 +136,9 @@ int array_list_del_idx(struct array_list *arr, size_t idx, size_t count)
+ {
+ 	size_t i, stop;
+ 
++	/* Avoid overflow in calculation with large indices. */
++	if (idx > SIZE_T_MAX - count)
++		return -1;
+ 	stop = idx + count;
+ 	if (idx >= arr->length || stop > arr->length)
+ 		return -1;
diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0002-Prevent-division-by-zero-in-linkhash.patch b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0002-Prevent-division-by-zero-in-linkhash.patch
new file mode 100644
index 000000000..447dfe776
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0002-Prevent-division-by-zero-in-linkhash.patch
@@ -0,0 +1,34 @@
+From 77d935b7ae7871a1940cd827e850e6063044ec45 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Mon, 4 May 2020 19:46:45 +0200
+Subject: [PATCH] Prevent division by zero in linkhash.
+
+If a linkhash with a size of zero is created, then modulo operations
+are prone to division by zero operations.
+
+Purely protective measure against bad usage.
+---
+ linkhash.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/linkhash.c b/linkhash.c
+index 7ea58c0abf..f05cc38030 100644
+--- a/linkhash.c
++++ b/linkhash.c
+@@ -12,6 +12,7 @@
+ 
+ #include "config.h"
+ 
++#include <assert.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
+@@ -499,6 +500,8 @@ struct lh_table *lh_table_new(int size, lh_entry_free_fn *free_fn, lh_hash_fn *h
+ 	int i;
+ 	struct lh_table *t;
+ 
++	/* Allocate space for elements to avoid divisions by zero. */
++	assert(size > 0);
+ 	t = (struct lh_table*)calloc(1, sizeof(struct lh_table));
+ 	if (!t)
+ 		return NULL;
diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0003-Fix-integer-overflows.patch b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0003-Fix-integer-overflows.patch
new file mode 100644
index 000000000..c94430210
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0003-Fix-integer-overflows.patch
@@ -0,0 +1,90 @@
+From d07b91014986900a3a75f306d302e13e005e9d67 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Mon, 4 May 2020 19:47:25 +0200
+Subject: [PATCH] Fix integer overflows.
+
+The data structures linkhash and printbuf are limited to 2 GB in size
+due to a signed integer being used to track their current size.
+
+If too much data is added, then size variable can overflow, which is
+an undefined behaviour in C programming language.
+
+Assuming that a signed int overflow just leads to a negative value,
+like it happens on many sytems (Linux i686/amd64 with gcc), then
+printbuf is vulnerable to an out of boundary write on 64 bit systems.
+---
+ linkhash.c |  7 +++++--
+ printbuf.c | 19 ++++++++++++++++---
+ 2 files changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/linkhash.c b/linkhash.c
+index f05cc38030..51e90b13a2 100644
+--- a/linkhash.c
++++ b/linkhash.c
+@@ -580,9 +580,12 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con
+ {
+ 	unsigned long n;
+ 
+-	if (t->count >= t->size * LH_LOAD_FACTOR)
+-		if (lh_table_resize(t, t->size * 2) != 0)
++	if (t->count >= t->size * LH_LOAD_FACTOR) {
++		/* Avoid signed integer overflow with large tables. */
++		int new_size = INT_MAX / 2 < t->size ? t->size * 2 : INT_MAX;
++		if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0)
+ 			return -1;
++	}
+ 
+ 	n = h % t->size;
+ 
+diff --git a/printbuf.c b/printbuf.c
+index 976c12dde5..00822fac4f 100644
+--- a/printbuf.c
++++ b/printbuf.c
+@@ -15,6 +15,7 @@
+ 
+ #include "config.h"
+ 
++#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -65,10 +66,16 @@ static int printbuf_extend(struct printbuf *p, int min_size)
+ 
+ 	if (p->size >= min_size)
+ 		return 0;
+-
+-	new_size = p->size * 2;
+-	if (new_size < min_size + 8)
++	/* Prevent signed integer overflows with large buffers. */
++	if (min_size > INT_MAX - 8)
++		return -1;
++	if (p->size > INT_MAX / 2)
+ 		new_size =  min_size + 8;
++	else {
++		new_size = p->size * 2;
++		if (new_size < min_size + 8)
++			new_size = min_size + 8;
++	}
+ #ifdef PRINTBUF_DEBUG
+ 	MC_DEBUG("printbuf_memappend: realloc "
+ 	  "bpos=%d min_size=%d old_size=%d new_size=%d\n",
+@@ -83,6 +90,9 @@ static int printbuf_extend(struct printbuf *p, int min_size)
+ 
+ int printbuf_memappend(struct printbuf *p, const char *buf, int size)
+ {
++  /* Prevent signed integer overflows with large buffers. */
++  if (size > INT_MAX - p->bpos - 1)
++      return -1;
+   if (p->size <= p->bpos + size + 1) {
+     if (printbuf_extend(p, p->bpos + size + 1) < 0)
+       return -1;
+@@ -100,6 +110,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
+ 
+ 	if (offset == -1)
+ 		offset = pb->bpos;
++	/* Prevent signed integer overflows with large buffers. */
++	if (len > INT_MAX - offset)
++		return -1;
+ 	size_needed = offset + len;
+ 	if (pb->size < size_needed)
+ 	{
diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c_%.bbappend b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c_%.bbappend
new file mode 100644
index 000000000..40d7250c3
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c_%.bbappend
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI +=  "file://0001-Protect-array_list_del_idx-against-size_t-overflow.patch \
+             file://0002-Prevent-division-by-zero-in-linkhash.patch \
+             file://0003-Fix-integer-overflows.patch \
+            "
diff --git a/meta-openbmc-mods/meta-common/recipes-intel/host-misc-comm-manager/host-misc-comm-manager_git.bb b/meta-openbmc-mods/meta-common/recipes-intel/host-misc-comm-manager/host-misc-comm-manager_git.bb
index 1a55391f9..35b641986 100644
--- a/meta-openbmc-mods/meta-common/recipes-intel/host-misc-comm-manager/host-misc-comm-manager_git.bb
+++ b/meta-openbmc-mods/meta-common/recipes-intel/host-misc-comm-manager/host-misc-comm-manager_git.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e"
 
 SRC_URI = "git://github.com/Intel-BMC/host-misc-comm-manager.git;protocol=ssh"
 
-SRCREV = "17481c639999cda1bfc999fe1703290425c7ce45"
+SRCREV = "9cdaeb8f63889f63d315ecd0e94b364e8cba883a"
 
 inherit cmake systemd
 SYSTEMD_SERVICE_${PN} = "xyz.openbmc_project.Host.Misc.Manager.service"
diff --git a/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch b/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch
new file mode 100644
index 000000000..23b805b87
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-intel/psu-manager/psu-manager/0001-disable-PSU-cold-redundancy.patch
@@ -0,0 +1,73 @@
+From 5829d9e6e1956ebb34ed8a723b0758146529459f Mon Sep 17 00:00:00 2001
+From: AppaRao Puli <apparao.puli@linux.intel.com>
+Date: Wed, 7 Oct 2020 22:42:26 +0530
+Subject: [PATCH] disable PSU cold redundancy
+
+In RP platforms, single PSU also considered as
+valid configuration. We don't have user configuration
+option to enable/disable PSU cold redundancy. So
+it should be disabled by default to avoid issues in
+Rp platforms.
+Also make sure if persistent config already set this
+to true, make it to false.
+
+This avoids unwanted critical event logs and
+unexpected LED status for RP platforms where
+single PSU also considered as valid config.
+
+Tested:
+ - Rebooted BMC and observed no CR event logs and
+   no amber blocking of status LED.
+ - Set the persistent store to true, rebooted
+   BMC and value changed back to disabled.
+
+Change-Id: Ie0f1f3f8daa95593af6db698d65ea804cebfee87
+Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
+---
+ src/cold_redundancy.cpp | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/cold_redundancy.cpp b/src/cold_redundancy.cpp
+index d64a9e3..3bfd37f 100644
+--- a/src/cold_redundancy.cpp
++++ b/src/cold_redundancy.cpp
+@@ -76,8 +76,9 @@ ColdRedundancy::ColdRedundancy(
+         std::cerr << "error initializing assoc interface\n";
+     }
+ 
++    // For RP platforms, default cold redundancy should be disabled.
++    powerSupplyRedundancyEnabled(false);
+     // set default configuration
+-    powerSupplyRedundancyEnabled(true);
+     rotationEnabled(true);
+     periodOfRotation(7 * oneDay);
+     rotationAlgorithm(Algo::bmcSpecific);
+@@ -109,6 +110,14 @@ ColdRedundancy::ColdRedundancy(
+                 return;
+             }
+ 
++            // For RP platforms, cold redundancy should be disabled.
++            // If its already set to true in persistent area, Lets
++            // override to false during bootup.
++            if (*redundancyEnabled)
++            {
++                *redundancyEnabled = false;
++            }
++
+             if (*period >= minRotationPeriod && *period <= maxRotationPeriod)
+             {
+                 periodOfRotation(*period);
+@@ -867,6 +876,10 @@ void ColdRedundancy::readPmbus(uint8_t bus, uint8_t slaveAddr, int& value)
+ 
+ void ColdRedundancy::checkRedundancyEvent()
+ {
++    if (!crSupported || !powerSupplyRedundancyEnabled())
++    {
++        return;
++    }
+     puRedundantTimer.expires_after(std::chrono::seconds(2));
+     puRedundantTimer.async_wait([this](const boost::system::error_code& ec) {
+         if (ec == boost::asio::error::operation_aborted)
+-- 
+2.7.4
+
diff --git a/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb b/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb
index 5a5604524..31daf1b51 100644
--- a/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb
+++ b/meta-openbmc-mods/meta-common/recipes-intel/smbios/smbios-mdrv2.bb
@@ -2,7 +2,7 @@ SUMMARY = "SMBIOS MDR version 2 service for Intel based platform"
 DESCRIPTION = "SMBIOS MDR version 2 service for Intel based platfrom"
 
 SRC_URI = "git://github.com/Intel-BMC/mdrv2.git;protocol=ssh"
-SRCREV = "4478c25423287575ebe2c579aea3da0150f2b735"
+SRCREV = "3ba68e4fd97aac7511fab8eff6c5afc259ee1b6a"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27815/0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27815/0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch
new file mode 100644
index 000000000..013f21a39
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-27815/0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch
@@ -0,0 +1,35 @@
+From c2032bf94ba4fb15db0c277614338d377fe430d2 Mon Sep 17 00:00:00 2001
+From: Dave Kleikamp <dave.kleikamp@oracle.com>
+Date: Fri, 13 Nov 2020 14:58:46 -0600
+Subject: [PATCH] jfs: Fix array index bounds check in dbAdjTree
+
+commit c61b3e4839007668360ed8b87d7da96d2e59fc6c upstream.
+
+Bounds checking tools can flag a bug in dbAdjTree() for an array index
+out of bounds in dmt_stree. Since dmt_stree can refer to the stree in
+both structures dmaptree and dmapctl, use the larger array to eliminate
+the false positive.
+
+Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
+Reported-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/jfs/jfs_dmap.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/jfs/jfs_dmap.h b/fs/jfs/jfs_dmap.h
+index 29891fad3f09..aa03a904d5ab 100644
+--- a/fs/jfs/jfs_dmap.h
++++ b/fs/jfs/jfs_dmap.h
+@@ -183,7 +183,7 @@ typedef union dmtree {
+ #define	dmt_leafidx	t1.leafidx
+ #define	dmt_height	t1.height
+ #define	dmt_budmin	t1.budmin
+-#define	dmt_stree	t1.stree
++#define	dmt_stree	t2.stree
+ 
+ /*
+  *	on-disk aggregate disk allocation map descriptor.
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-28588/0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-28588/0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch
new file mode 100644
index 000000000..dc2ae62fc
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-28588/0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch
@@ -0,0 +1,62 @@
+From 4f134b89a24b965991e7c345b9a4591821f7c2a6 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Mon, 30 Nov 2020 08:36:48 +0100
+Subject: [PATCH] lib/syscall: fix syscall registers retrieval on 32-bit
+ platforms
+
+Lilith >_> and Claudio Bozzato of Cisco Talos security team reported
+that collect_syscall() improperly casts the syscall registers to 64-bit
+values leaking the uninitialized last 24 bytes on 32-bit platforms, that
+are visible in /proc/self/syscall.
+
+The cause is that info->data.args are u64 while syscall_get_arguments()
+uses longs, as hinted by the bogus pointer cast in the function.
+
+Let's just proceed like the other call places, by retrieving the
+registers into an array of longs before assigning them to the caller's
+array.  This was successfully tested on x86_64, i386 and ppc32.
+
+Reference: CVE-2020-28588, TALOS-2020-1211
+Fixes: 631b7abacd02 ("ptrace: Remove maxargs from task_current_syscall()")
+Cc: Greg KH <greg@kroah.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Tested-by: Michael Ellerman <mpe@ellerman.id.au> (ppc32)
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ lib/syscall.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/syscall.c b/lib/syscall.c
+index 8533d2fea2d7..ba13e924c430 100644
+--- a/lib/syscall.c
++++ b/lib/syscall.c
+@@ -7,6 +7,7 @@
+ 
+ static int collect_syscall(struct task_struct *target, struct syscall_info *info)
+ {
++	unsigned long args[6] = { };
+ 	struct pt_regs *regs;
+ 
+ 	if (!try_get_task_stack(target)) {
+@@ -27,8 +28,14 @@ static int collect_syscall(struct task_struct *target, struct syscall_info *info
+ 
+ 	info->data.nr = syscall_get_nr(target, regs);
+ 	if (info->data.nr != -1L)
+-		syscall_get_arguments(target, regs,
+-				      (unsigned long *)&info->data.args[0]);
++		syscall_get_arguments(target, regs, args);
++
++	info->data.args[0] = args[0];
++	info->data.args[1] = args[1];
++	info->data.args[2] = args[2];
++	info->data.args[3] = args[3];
++	info->data.args[4] = args[4];
++	info->data.args[5] = args[5];
+ 
+ 	put_task_stack(target);
+ 	return 0;
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-35508/0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-35508/0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch
new file mode 100644
index 000000000..61004dbdc
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2020-35508/0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch
@@ -0,0 +1,55 @@
+From 7589cef5e0bd71dc3830aeccbda9c0b718641a63 Mon Sep 17 00:00:00 2001
+From: Eddy Wu <itseddy0402@gmail.com>
+Date: Sat, 7 Nov 2020 14:47:22 +0800
+Subject: [PATCH] fork: fix copy_process(CLONE_PARENT) race with the exiting
+ ->real_parent
+
+current->group_leader->exit_signal may change during copy_process() if
+current->real_parent exits.
+
+Move the assignment inside tasklist_lock to avoid the race.
+
+Signed-off-by: Eddy Wu <eddy_wu@trendmicro.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ kernel/fork.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/kernel/fork.c b/kernel/fork.c
+index 9180f4416dba..fe799c9e787b 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -2080,14 +2080,9 @@ static __latent_entropy struct task_struct *copy_process(
+ 	/* ok, now we should be set up.. */
+ 	p->pid = pid_nr(pid);
+ 	if (clone_flags & CLONE_THREAD) {
+-		p->exit_signal = -1;
+ 		p->group_leader = current->group_leader;
+ 		p->tgid = current->tgid;
+ 	} else {
+-		if (clone_flags & CLONE_PARENT)
+-			p->exit_signal = current->group_leader->exit_signal;
+-		else
+-			p->exit_signal = args->exit_signal;
+ 		p->group_leader = p;
+ 		p->tgid = p->pid;
+ 	}
+@@ -2132,9 +2127,14 @@ static __latent_entropy struct task_struct *copy_process(
+ 	if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) {
+ 		p->real_parent = current->real_parent;
+ 		p->parent_exec_id = current->parent_exec_id;
++		if (clone_flags & CLONE_THREAD)
++			p->exit_signal = -1;
++		else
++			p->exit_signal = current->group_leader->exit_signal;
+ 	} else {
+ 		p->real_parent = current;
+ 		p->parent_exec_id = current->self_exec_id;
++		p->exit_signal = args->exit_signal;
+ 	}
+ 
+ 	klp_copy_process(p);
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-20177/0001-netfilter-add-and-use-nf_hook_slow_list.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-20177/0001-netfilter-add-and-use-nf_hook_slow_list.patch
new file mode 100644
index 000000000..8563d5cae
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-20177/0001-netfilter-add-and-use-nf_hook_slow_list.patch
@@ -0,0 +1,119 @@
+From ca58fbe06c54795f00db79e447f94c2028d30124 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 11 Oct 2019 00:30:37 +0200
+Subject: [PATCH] netfilter: add and use nf_hook_slow_list()
+
+At this time, NF_HOOK_LIST() macro will iterate the list and then calls
+nf_hook() for each individual skb.
+
+This makes it so the entire list is passed into the netfilter core.
+The advantage is that we only need to fetch the rule blob once per list
+instead of per-skb.
+
+NF_HOOK_LIST now only works for ipv4 and ipv6, as those are the only
+callers.
+
+v2: use skb_list_del_init() instead of list_del (Edward Cree)
+
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Acked-by: Edward Cree <ecree@solarflare.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/linux/netfilter.h | 41 +++++++++++++++++++++++++++++----------
+ net/netfilter/core.c      | 20 +++++++++++++++++++
+ 2 files changed, 51 insertions(+), 10 deletions(-)
+
+diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
+index 77ebb61faf48..eb312e7ca36e 100644
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -199,6 +199,8 @@ extern struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS];
+ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state,
+ 		 const struct nf_hook_entries *e, unsigned int i);
+ 
++void nf_hook_slow_list(struct list_head *head, struct nf_hook_state *state,
++		       const struct nf_hook_entries *e);
+ /**
+  *	nf_hook - call a netfilter hook
+  *
+@@ -311,17 +313,36 @@ NF_HOOK_LIST(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
+ 	     struct list_head *head, struct net_device *in, struct net_device *out,
+ 	     int (*okfn)(struct net *, struct sock *, struct sk_buff *))
+ {
+-	struct sk_buff *skb, *next;
+-	struct list_head sublist;
+-
+-	INIT_LIST_HEAD(&sublist);
+-	list_for_each_entry_safe(skb, next, head, list) {
+-		list_del(&skb->list);
+-		if (nf_hook(pf, hook, net, sk, skb, in, out, okfn) == 1)
+-			list_add_tail(&skb->list, &sublist);
++	struct nf_hook_entries *hook_head = NULL;
++
++#ifdef CONFIG_JUMP_LABEL
++	if (__builtin_constant_p(pf) &&
++	    __builtin_constant_p(hook) &&
++	    !static_key_false(&nf_hooks_needed[pf][hook]))
++		return;
++#endif
++
++	rcu_read_lock();
++	switch (pf) {
++	case NFPROTO_IPV4:
++		hook_head = rcu_dereference(net->nf.hooks_ipv4[hook]);
++		break;
++	case NFPROTO_IPV6:
++		hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]);
++		break;
++	default:
++		WARN_ON_ONCE(1);
++		break;
+ 	}
+-	/* Put passed packets back on main list */
+-	list_splice(&sublist, head);
++
++	if (hook_head) {
++		struct nf_hook_state state;
++
++		nf_hook_state_init(&state, hook, pf, in, out, sk, net, okfn);
++
++		nf_hook_slow_list(head, &state, hook_head);
++	}
++	rcu_read_unlock();
+ }
+ 
+ /* Call setsockopt() */
+diff --git a/net/netfilter/core.c b/net/netfilter/core.c
+index 5d5bdf450091..78f046ec506f 100644
+--- a/net/netfilter/core.c
++++ b/net/netfilter/core.c
+@@ -536,6 +536,26 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state,
+ }
+ EXPORT_SYMBOL(nf_hook_slow);
+ 
++void nf_hook_slow_list(struct list_head *head, struct nf_hook_state *state,
++		       const struct nf_hook_entries *e)
++{
++	struct sk_buff *skb, *next;
++	struct list_head sublist;
++	int ret;
++
++	INIT_LIST_HEAD(&sublist);
++
++	list_for_each_entry_safe(skb, next, head, list) {
++		skb_list_del_init(skb);
++		ret = nf_hook_slow(skb, state, e, 0);
++		if (ret == 1)
++			list_add_tail(&skb->list, &sublist);
++	}
++	/* Put passed packets back on main list */
++	list_splice(&sublist, head);
++}
++EXPORT_SYMBOL(nf_hook_slow_list);
++
+ /* This needs to be compiled in any case to avoid dependencies between the
+  * nfnetlink_queue code and nf_conntrack.
+  */
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch
new file mode 100644
index 000000000..b0232e56d
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch
@@ -0,0 +1,58 @@
+From add3b2ec508d24c739ad1842dc1590fd0ca026f9 Mon Sep 17 00:00:00 2001
+From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
+Date: Mon, 8 Mar 2021 14:24:13 +1300
+Subject: [PATCH] netfilter: x_tables: Use correct memory barriers.
+
+When a new table value was assigned, it was followed by a write memory
+barrier. This ensured that all writes before this point would complete
+before any writes after this point. However, to determine whether the
+rules are unused, the sequence counter is read. To ensure that all
+writes have been done before these reads, a full memory barrier is
+needed, not just a write memory barrier. The same argument applies when
+incrementing the counter, before the rules are read.
+
+Changing to using smp_mb() instead of smp_wmb() fixes the kernel panic
+reported in cc00bcaa5899 (which is still present), while still
+maintaining the same speed of replacing tables.
+
+The smb_mb() barriers potentially slow the packet path, however testing
+has shown no measurable change in performance on a 4-core MIPS64
+platform.
+
+Fixes: 7f5c6d4f665b ("netfilter: get rid of atomic ops in fast path")
+Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ include/linux/netfilter/x_tables.h | 2 +-
+ net/netfilter/x_tables.c           | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
+index 1b261c51b3a3..04e7f5630509 100644
+--- a/include/linux/netfilter/x_tables.h
++++ b/include/linux/netfilter/x_tables.h
+@@ -376,7 +376,7 @@ static inline unsigned int xt_write_recseq_begin(void)
+ 	 * since addend is most likely 1
+ 	 */
+ 	__this_cpu_add(xt_recseq.sequence, addend);
+-	smp_wmb();
++	smp_mb();
+ 
+ 	return addend;
+ }
+diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
+index 44f971f31992..e1a5a32605a4 100644
+--- a/net/netfilter/x_tables.c
++++ b/net/netfilter/x_tables.c
+@@ -1387,7 +1387,7 @@ xt_replace_table(struct xt_table *table,
+ 	table->private = newinfo;
+ 
+ 	/* make sure all cpus see new ->private value */
+-	smp_wmb();
++	smp_mb();
+ 
+ 	/*
+ 	 * Even though table entries have now been swapped, other CPU's
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-30002/0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-30002/0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch
new file mode 100644
index 000000000..2b3916723
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-30002/0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch
@@ -0,0 +1,78 @@
+From 12c97777a902f6a04f3c268038ed831d405ebf1a Mon Sep 17 00:00:00 2001
+From: Sakari Ailus <sakari.ailus@linux.intel.com>
+Date: Sat, 19 Dec 2020 23:29:58 +0100
+Subject: [PATCH] media: v4l: ioctl: Fix memory leak in video_usercopy
+
+When an IOCTL with argument size larger than 128 that also used array
+arguments were handled, two memory allocations were made but alas, only
+the latter one of them was released. This happened because there was only
+a single local variable to hold such a temporary allocation.
+
+Fix this by adding separate variables to hold the pointers to the
+temporary allocations.
+
+Reported-by: Arnd Bergmann <arnd@kernel.org>
+Reported-by: syzbot+1115e79c8df6472c612b@syzkaller.appspotmail.com
+Fixes: d14e6d76ebf7 ("[media] v4l: Add multi-planar ioctl handling code")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
+Acked-by: Arnd Bergmann <arnd@arndb.de>
+Acked-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
+Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+---
+ drivers/media/v4l2-core/v4l2-ioctl.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c
+index 58868d7129eb..d72a274ade8d 100644
+--- a/drivers/media/v4l2-core/v4l2-ioctl.c
++++ b/drivers/media/v4l2-core/v4l2-ioctl.c
+@@ -3016,7 +3016,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg,
+ 	       v4l2_kioctl func)
+ {
+ 	char	sbuf[128];
+-	void    *mbuf = NULL;
++	void    *mbuf = NULL, *array_buf = NULL;
+ 	void	*parg = (void *)arg;
+ 	long	err  = -EINVAL;
+ 	bool	has_array_args;
+@@ -3081,14 +3081,14 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg,
+ 		 * array) fits into sbuf (so that mbuf will still remain
+ 		 * unused up to here).
+ 		 */
+-		mbuf = kvmalloc(array_size, GFP_KERNEL);
++		array_buf = kvmalloc(array_size, GFP_KERNEL);
+ 		err = -ENOMEM;
+-		if (NULL == mbuf)
++		if (array_buf == NULL)
+ 			goto out_array_args;
+ 		err = -EFAULT;
+-		if (copy_from_user(mbuf, user_ptr, array_size))
++		if (copy_from_user(array_buf, user_ptr, array_size))
+ 			goto out_array_args;
+-		*kernel_ptr = mbuf;
++		*kernel_ptr = array_buf;
+ 	}
+ 
+ 	/* Handles IOCTL */
+@@ -3107,7 +3107,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg,
+ 
+ 	if (has_array_args) {
+ 		*kernel_ptr = (void __force *)user_ptr;
+-		if (copy_to_user(user_ptr, mbuf, array_size))
++		if (copy_to_user(user_ptr, array_buf, array_size))
+ 			err = -EFAULT;
+ 		goto out_array_args;
+ 	}
+@@ -3129,6 +3129,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg,
+ 	}
+ 
+ out:
++	kvfree(array_buf);
+ 	kvfree(mbuf);
+ 	return err;
+ }
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-31916/0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-31916/0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch
new file mode 100644
index 000000000..95def3832
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-31916/0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch
@@ -0,0 +1,40 @@
+From 921aae17bb0f02181fa05cf5580ebc855fdbd74d Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Fri, 26 Mar 2021 14:32:32 -0400
+Subject: [PATCH] dm ioctl: fix out of bounds array access when no devices
+
+commit 4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a upstream.
+
+If there are not any dm devices, we need to zero the "dev" argument in
+the first structure dm_name_list. However, this can cause out of
+bounds write, because the "needed" variable is zero and len may be
+less than eight.
+
+Fix this bug by reporting DM_BUFFER_FULL_FLAG if the result buffer is
+too small to hold the "nl->dev" value.
+
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-ioctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
+index 5e306bba4375..1ca65b434f1f 100644
+--- a/drivers/md/dm-ioctl.c
++++ b/drivers/md/dm-ioctl.c
+@@ -529,7 +529,7 @@ static int list_devices(struct file *filp, struct dm_ioctl *param, size_t param_
+ 	 * Grab our output buffer.
+ 	 */
+ 	nl = orig_nl = get_result_buffer(param, param_size, &len);
+-	if (len < needed) {
++	if (len < needed || len < sizeof(nl->dev)) {
+ 		param->flags |= DM_BUFFER_FULL_FLAG;
+ 		goto out;
+ 	}
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0001-futex-Fix-incorrect-should_fail_futex-handling.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0001-futex-Fix-incorrect-should_fail_futex-handling.patch
new file mode 100644
index 000000000..15420d4a4
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0001-futex-Fix-incorrect-should_fail_futex-handling.patch
@@ -0,0 +1,47 @@
+From 2db7590371520735366639647352b44c0eeda11f Mon Sep 17 00:00:00 2001
+From: Mateusz Nosek <mateusznosek0@gmail.com>
+Date: Sun, 27 Sep 2020 02:08:58 +0200
+Subject: [PATCH] futex: Fix incorrect should_fail_futex() handling
+
+[ Upstream commit 921c7ebd1337d1a46783d7e15a850e12aed2eaa0 ]
+
+If should_futex_fail() returns true in futex_wake_pi(), then the 'ret'
+variable is set to -EFAULT and then immediately overwritten. So the failure
+injection is non-functional.
+
+Fix it by actually leaving the function and returning -EFAULT.
+
+The Fixes tag is kinda blury because the initial commit which introduced
+failure injection was already sloppy, but the below mentioned commit broke
+it completely.
+
+[ tglx: Massaged changelog ]
+
+Fixes: 6b4f4bc9cb22 ("locking/futex: Allow low-level atomic operations to return -EAGAIN")
+Signed-off-by: Mateusz Nosek <mateusznosek0@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Link: https://lore.kernel.org/r/20200927000858.24219-1-mateusznosek0@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/futex.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 5660c02b01b0..17fba7a986e0 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -1594,8 +1594,10 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_pi_state *pi_
+ 	 */
+ 	newval = FUTEX_WAITERS | task_pid_vnr(new_owner);
+ 
+-	if (unlikely(should_fail_futex(true)))
++	if (unlikely(should_fail_futex(true))) {
+ 		ret = -EFAULT;
++		goto out_unlock;
++	}
+ 
+ 	ret = cmpxchg_futex_value_locked(&curval, uaddr, uval, newval);
+ 	if (!ret && (curval != uval)) {
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch
new file mode 100644
index 000000000..c8c3b08eb
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch
@@ -0,0 +1,82 @@
+From 2716e78a6486814537df95a82efec4e9e4e081d9 Mon Sep 17 00:00:00 2001
+From: Mike Galbraith <efault@gmx.de>
+Date: Wed, 4 Nov 2020 16:12:44 +0100
+Subject: [PATCH] futex: Handle transient "ownerless" rtmutex state correctly
+
+commit 9f5d1c336a10c0d24e83e40b4c1b9539f7dba627 upstream.
+
+Gratian managed to trigger the BUG_ON(!newowner) in fixup_pi_state_owner().
+This is one possible chain of events leading to this:
+
+Task Prio       Operation
+T1   120	lock(F)
+T2   120	lock(F)   -> blocks (top waiter)
+T3   50 (RT)	lock(F)   -> boosts T1 and blocks (new top waiter)
+XX   		timeout/  -> wakes T2
+		signal
+T1   50		unlock(F) -> wakes T3 (rtmutex->owner == NULL, waiter bit is set)
+T2   120	cleanup   -> try_to_take_mutex() fails because T3 is the top waiter
+     			     and the lower priority T2 cannot steal the lock.
+     			  -> fixup_pi_state_owner() sees newowner == NULL -> BUG_ON()
+
+The comment states that this is invalid and rt_mutex_real_owner() must
+return a non NULL owner when the trylock failed, but in case of a queued
+and woken up waiter rt_mutex_real_owner() == NULL is a valid transient
+state. The higher priority waiter has simply not yet managed to take over
+the rtmutex.
+
+The BUG_ON() is therefore wrong and this is just another retry condition in
+fixup_pi_state_owner().
+
+Drop the locks, so that T3 can make progress, and then try the fixup again.
+
+Gratian provided a great analysis, traces and a reproducer. The analysis is
+to the point, but it confused the hell out of that tglx dude who had to
+page in all the futex horrors again. Condensed version is above.
+
+[ tglx: Wrote comment and changelog ]
+
+Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
+Reported-by: Gratian Crisan <gratian.crisan@ni.com>
+Signed-off-by: Mike Galbraith <efault@gmx.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/87a6w6x7bb.fsf@ni.com
+Link: https://lore.kernel.org/r/87sg9pkvf7.fsf@nanos.tec.linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 17fba7a986e0..9c4f9b868a49 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -2511,10 +2511,22 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 		}
+ 
+ 		/*
+-		 * Since we just failed the trylock; there must be an owner.
++		 * The trylock just failed, so either there is an owner or
++		 * there is a higher priority waiter than this one.
+ 		 */
+ 		newowner = rt_mutex_owner(&pi_state->pi_mutex);
+-		BUG_ON(!newowner);
++		/*
++		 * If the higher priority waiter has not yet taken over the
++		 * rtmutex then newowner is NULL. We can't return here with
++		 * that state because it's inconsistent vs. the user space
++		 * state. So drop the locks and try again. It's a valid
++		 * situation and not any different from the other retry
++		 * conditions.
++		 */
++		if (unlikely(!newowner)) {
++			err = -EAGAIN;
++			goto handle_err;
++		}
+ 	} else {
+ 		WARN_ON_ONCE(argowner != current);
+ 		if (oldowner == current) {
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch
new file mode 100644
index 000000000..d58a046fc
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch
@@ -0,0 +1,51 @@
+From 2192d905df0d540f6f3240046bcb06c53bcf5016 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 6 Nov 2020 11:52:05 +0300
+Subject: [PATCH] futex: Don't enable IRQs unconditionally in put_pi_state()
+
+commit 1e106aa3509b86738769775969822ffc1ec21bf4 upstream.
+
+The exit_pi_state_list() function calls put_pi_state() with IRQs disabled
+and is not expecting that IRQs will be enabled inside the function.
+
+Use the _irqsave() variant so that IRQs are restored to the original state
+instead of being enabled unconditionally.
+
+Fixes: 153fbd1226fb ("futex: Fix more put_pi_state() vs. exit_pi_state_list() races")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20201106085205.GA1159983@mwanda
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 9c4f9b868a49..b6dec5f79370 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -880,8 +880,9 @@ static void put_pi_state(struct futex_pi_state *pi_state)
+ 	 */
+ 	if (pi_state->owner) {
+ 		struct task_struct *owner;
++		unsigned long flags;
+ 
+-		raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
++		raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags);
+ 		owner = pi_state->owner;
+ 		if (owner) {
+ 			raw_spin_lock(&owner->pi_lock);
+@@ -889,7 +890,7 @@ static void put_pi_state(struct futex_pi_state *pi_state)
+ 			raw_spin_unlock(&owner->pi_lock);
+ 		}
+ 		rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner);
+-		raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
++		raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
+ 	}
+ 
+ 	if (current->pi_state_cache) {
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch
new file mode 100644
index 000000000..24f1986a8
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch
@@ -0,0 +1,138 @@
+From 0dae88a92596db9405fd4a341c1915cf7d8fbad4 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 20 Jan 2021 16:00:24 +0100
+Subject: [PATCH] futex: Ensure the correct return value from futex_lock_pi()
+
+commit 12bb3f7f1b03d5913b3f9d4236a488aa7774dfe9 upstream
+
+In case that futex_lock_pi() was aborted by a signal or a timeout and the
+task returned without acquiring the rtmutex, but is the designated owner of
+the futex due to a concurrent futex_unlock_pi() fixup_owner() is invoked to
+establish consistent state. In that case it invokes fixup_pi_state_owner()
+which in turn tries to acquire the rtmutex again. If that succeeds then it
+does not propagate this success to fixup_owner() and futex_lock_pi()
+returns -EINTR or -ETIMEOUT despite having the futex locked.
+
+Return success from fixup_pi_state_owner() in all cases where the current
+task owns the rtmutex and therefore the futex and propagate it correctly
+through fixup_owner(). Fixup the other callsite which does not expect a
+positive return value.
+
+Fixes: c1e2f0eaf015 ("futex: Avoid violating the 10th rule of futex")
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index b6dec5f79370..d2cc406c6658 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -2506,8 +2506,8 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 		}
+ 
+ 		if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) {
+-			/* We got the lock after all, nothing to fix. */
+-			ret = 0;
++			/* We got the lock. pi_state is correct. Tell caller. */
++			ret = 1;
+ 			goto out_unlock;
+ 		}
+ 
+@@ -2535,7 +2535,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 			 * We raced against a concurrent self; things are
+ 			 * already fixed up. Nothing to do.
+ 			 */
+-			ret = 0;
++			ret = 1;
+ 			goto out_unlock;
+ 		}
+ 		newowner = argowner;
+@@ -2581,7 +2581,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 	raw_spin_unlock(&newowner->pi_lock);
+ 	raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+ 
+-	return 0;
++	return argowner == current;
+ 
+ 	/*
+ 	 * In order to reschedule or handle a page fault, we need to drop the
+@@ -2623,7 +2623,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 	 * Check if someone else fixed it for us:
+ 	 */
+ 	if (pi_state->owner != oldowner) {
+-		ret = 0;
++		ret = argowner == current;
+ 		goto out_unlock;
+ 	}
+ 
+@@ -2656,8 +2656,6 @@ static long futex_wait_restart(struct restart_block *restart);
+  */
+ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
+ {
+-	int ret = 0;
+-
+ 	if (locked) {
+ 		/*
+ 		 * Got the lock. We might not be the anticipated owner if we
+@@ -2668,8 +2666,8 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
+ 		 * stable state, anything else needs more attention.
+ 		 */
+ 		if (q->pi_state->owner != current)
+-			ret = fixup_pi_state_owner(uaddr, q, current);
+-		goto out;
++			return fixup_pi_state_owner(uaddr, q, current);
++		return 1;
+ 	}
+ 
+ 	/*
+@@ -2680,10 +2678,8 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
+ 	 * Another speculative read; pi_state->owner == current is unstable
+ 	 * but needs our attention.
+ 	 */
+-	if (q->pi_state->owner == current) {
+-		ret = fixup_pi_state_owner(uaddr, q, NULL);
+-		goto out;
+-	}
++	if (q->pi_state->owner == current)
++		return fixup_pi_state_owner(uaddr, q, NULL);
+ 
+ 	/*
+ 	 * Paranoia check. If we did not take the lock, then we should not be
+@@ -2696,8 +2692,7 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
+ 				q->pi_state->owner);
+ 	}
+ 
+-out:
+-	return ret ? ret : locked;
++	return 0;
+ }
+ 
+ /**
+@@ -3406,7 +3401,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
+ 		if (q.pi_state && (q.pi_state->owner != current)) {
+ 			spin_lock(q.lock_ptr);
+ 			ret = fixup_pi_state_owner(uaddr2, &q, current);
+-			if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) {
++			if (ret < 0 && rt_mutex_owner(&q.pi_state->pi_mutex) == current) {
+ 				pi_state = q.pi_state;
+ 				get_pi_state(pi_state);
+ 			}
+@@ -3416,6 +3411,11 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
+ 			 */
+ 			put_pi_state(q.pi_state);
+ 			spin_unlock(q.lock_ptr);
++			/*
++			 * Adjust the return value. It's either -EFAULT or
++			 * success (1) but the caller expects 0 for success.
++			 */
++			ret = ret < 0 ? ret : 0;
+ 		}
+ 	} else {
+ 		struct rt_mutex *pi_mutex;
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0005-futex-Replace-pointless-printk-in-fixup_owner.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0005-futex-Replace-pointless-printk-in-fixup_owner.patch
new file mode 100644
index 000000000..d8711e8b9
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0005-futex-Replace-pointless-printk-in-fixup_owner.patch
@@ -0,0 +1,44 @@
+From 65aad57cac8db8dd0d1dcdd86bc8603039d937b7 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Tue, 19 Jan 2021 16:06:10 +0100
+Subject: [PATCH] futex: Replace pointless printk in fixup_owner()
+
+commit 04b79c55201f02ffd675e1231d731365e335c307 upstream
+
+If that unexpected case of inconsistent arguments ever happens then the
+futex state is left completely inconsistent and the printk is not really
+helpful. Replace it with a warning and make the state consistent.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index d2cc406c6658..8bfb16258ae7 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -2683,14 +2683,10 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
+ 
+ 	/*
+ 	 * Paranoia check. If we did not take the lock, then we should not be
+-	 * the owner of the rt_mutex.
++	 * the owner of the rt_mutex. Warn and establish consistent state.
+ 	 */
+-	if (rt_mutex_owner(&q->pi_state->pi_mutex) == current) {
+-		printk(KERN_ERR "fixup_owner: ret = %d pi-mutex: %p "
+-				"pi-state %p\n", ret,
+-				q->pi_state->pi_mutex.owner,
+-				q->pi_state->owner);
+-	}
++	if (WARN_ON_ONCE(rt_mutex_owner(&q->pi_state->pi_mutex) == current))
++		return fixup_pi_state_owner(uaddr, q, current);
+ 
+ 	return 0;
+ }
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0006-futex-Provide-and-use-pi_state_update_owner.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0006-futex-Provide-and-use-pi_state_update_owner.patch
new file mode 100644
index 000000000..ae0f63a18
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0006-futex-Provide-and-use-pi_state_update_owner.patch
@@ -0,0 +1,117 @@
+From 015b6a4c2564a9385401a6105e80a20c333e1d44 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Tue, 19 Jan 2021 15:21:35 +0100
+Subject: [PATCH] futex: Provide and use pi_state_update_owner()
+
+commit c5cade200ab9a2a3be9e7f32a752c8d86b502ec7 upstream
+
+Updating pi_state::owner is done at several places with the same
+code. Provide a function for it and use that at the obvious places.
+
+This is also a preparation for a bug fix to avoid yet another copy of the
+same code or alternatively introducing a completely unpenetratable mess of
+gotos.
+
+Originally-by: Peter Zijlstra <peterz@infradead.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c | 66 +++++++++++++++++++++++++-------------------------
+ 1 file changed, 33 insertions(+), 33 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 8bfb16258ae7..69f62d0f5851 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -857,6 +857,29 @@ static struct futex_pi_state *alloc_pi_state(void)
+ 	return pi_state;
+ }
+ 
++static void pi_state_update_owner(struct futex_pi_state *pi_state,
++				  struct task_struct *new_owner)
++{
++	struct task_struct *old_owner = pi_state->owner;
++
++	lockdep_assert_held(&pi_state->pi_mutex.wait_lock);
++
++	if (old_owner) {
++		raw_spin_lock(&old_owner->pi_lock);
++		WARN_ON(list_empty(&pi_state->list));
++		list_del_init(&pi_state->list);
++		raw_spin_unlock(&old_owner->pi_lock);
++	}
++
++	if (new_owner) {
++		raw_spin_lock(&new_owner->pi_lock);
++		WARN_ON(!list_empty(&pi_state->list));
++		list_add(&pi_state->list, &new_owner->pi_state_list);
++		pi_state->owner = new_owner;
++		raw_spin_unlock(&new_owner->pi_lock);
++	}
++}
++
+ static void get_pi_state(struct futex_pi_state *pi_state)
+ {
+ 	WARN_ON_ONCE(!refcount_inc_not_zero(&pi_state->refcount));
+@@ -1614,26 +1637,15 @@ static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_pi_state *pi_
+ 			ret = -EINVAL;
+ 	}
+ 
+-	if (ret)
+-		goto out_unlock;
+-
+-	/*
+-	 * This is a point of no return; once we modify the uval there is no
+-	 * going back and subsequent operations must not fail.
+-	 */
+-
+-	raw_spin_lock(&pi_state->owner->pi_lock);
+-	WARN_ON(list_empty(&pi_state->list));
+-	list_del_init(&pi_state->list);
+-	raw_spin_unlock(&pi_state->owner->pi_lock);
+-
+-	raw_spin_lock(&new_owner->pi_lock);
+-	WARN_ON(!list_empty(&pi_state->list));
+-	list_add(&pi_state->list, &new_owner->pi_state_list);
+-	pi_state->owner = new_owner;
+-	raw_spin_unlock(&new_owner->pi_lock);
+-
+-	postunlock = __rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q);
++	if (!ret) {
++		/*
++		 * This is a point of no return; once we modified the uval
++		 * there is no going back and subsequent operations must
++		 * not fail.
++		 */
++		pi_state_update_owner(pi_state, new_owner);
++		postunlock = __rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q);
++	}
+ 
+ out_unlock:
+ 	raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+@@ -2566,19 +2578,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 	 * We fixed up user space. Now we need to fix the pi_state
+ 	 * itself.
+ 	 */
+-	if (pi_state->owner != NULL) {
+-		raw_spin_lock(&pi_state->owner->pi_lock);
+-		WARN_ON(list_empty(&pi_state->list));
+-		list_del_init(&pi_state->list);
+-		raw_spin_unlock(&pi_state->owner->pi_lock);
+-	}
+-
+-	pi_state->owner = newowner;
+-
+-	raw_spin_lock(&newowner->pi_lock);
+-	WARN_ON(!list_empty(&pi_state->list));
+-	list_add(&pi_state->list, &newowner->pi_state_list);
+-	raw_spin_unlock(&newowner->pi_lock);
++	pi_state_update_owner(pi_state, newowner);
+ 	raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+ 
+ 	return argowner == current;
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch
new file mode 100644
index 000000000..9196c9ed2
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch
@@ -0,0 +1,64 @@
+From ceb83cf9ed6764977c86a03fe187578def3b4e18 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 20 Jan 2021 11:32:07 +0100
+Subject: [PATCH] rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
+
+commit 2156ac1934166d6deb6cd0f6ffc4c1076ec63697 upstream
+
+Nothing uses the argument. Remove it as preparation to use
+pi_state_update_owner().
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c                  | 2 +-
+ kernel/locking/rtmutex.c        | 3 +--
+ kernel/locking/rtmutex_common.h | 3 +--
+ 3 files changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 69f62d0f5851..8175bdce7267 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -912,7 +912,7 @@ static void put_pi_state(struct futex_pi_state *pi_state)
+ 			list_del_init(&pi_state->list);
+ 			raw_spin_unlock(&owner->pi_lock);
+ 		}
+-		rt_mutex_proxy_unlock(&pi_state->pi_mutex, owner);
++		rt_mutex_proxy_unlock(&pi_state->pi_mutex);
+ 		raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
+ 	}
+ 
+diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c
+index 2874bf556162..734698aec5f9 100644
+--- a/kernel/locking/rtmutex.c
++++ b/kernel/locking/rtmutex.c
+@@ -1718,8 +1718,7 @@ void rt_mutex_init_proxy_locked(struct rt_mutex *lock,
+  * possible because it belongs to the pi_state which is about to be freed
+  * and it is not longer visible to other tasks.
+  */
+-void rt_mutex_proxy_unlock(struct rt_mutex *lock,
+-			   struct task_struct *proxy_owner)
++void rt_mutex_proxy_unlock(struct rt_mutex *lock)
+ {
+ 	debug_rt_mutex_proxy_unlock(lock);
+ 	rt_mutex_set_owner(lock, NULL);
+diff --git a/kernel/locking/rtmutex_common.h b/kernel/locking/rtmutex_common.h
+index d1d62f942be2..ca6fb489007b 100644
+--- a/kernel/locking/rtmutex_common.h
++++ b/kernel/locking/rtmutex_common.h
+@@ -133,8 +133,7 @@ enum rtmutex_chainwalk {
+ extern struct task_struct *rt_mutex_next_owner(struct rt_mutex *lock);
+ extern void rt_mutex_init_proxy_locked(struct rt_mutex *lock,
+ 				       struct task_struct *proxy_owner);
+-extern void rt_mutex_proxy_unlock(struct rt_mutex *lock,
+-				  struct task_struct *proxy_owner);
++extern void rt_mutex_proxy_unlock(struct rt_mutex *lock);
+ extern void rt_mutex_init_waiter(struct rt_mutex_waiter *waiter);
+ extern int __rt_mutex_start_proxy_lock(struct rt_mutex *lock,
+ 				     struct rt_mutex_waiter *waiter,
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch
new file mode 100644
index 000000000..cfff74b57
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch
@@ -0,0 +1,42 @@
+From a3155c362ca0a4677d0c886798bbeb5f0a9efe86 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 20 Jan 2021 11:35:19 +0100
+Subject: [PATCH] futex: Use pi_state_update_owner() in put_pi_state()
+
+commit 6ccc84f917d33312eb2846bd7b567639f585ad6d upstream
+
+No point in open coding it. This way it gains the extra sanity checks.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 8175bdce7267..758deac71345 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -902,16 +902,10 @@ static void put_pi_state(struct futex_pi_state *pi_state)
+ 	 * and has cleaned up the pi_state already
+ 	 */
+ 	if (pi_state->owner) {
+-		struct task_struct *owner;
+ 		unsigned long flags;
+ 
+ 		raw_spin_lock_irqsave(&pi_state->pi_mutex.wait_lock, flags);
+-		owner = pi_state->owner;
+-		if (owner) {
+-			raw_spin_lock(&owner->pi_lock);
+-			list_del_init(&pi_state->list);
+-			raw_spin_unlock(&owner->pi_lock);
+-		}
++		pi_state_update_owner(pi_state, NULL);
+ 		rt_mutex_proxy_unlock(&pi_state->pi_mutex);
+ 		raw_spin_unlock_irqrestore(&pi_state->pi_mutex.wait_lock, flags);
+ 	}
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0009-futex-Simplify-fixup_pi_state_owner.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0009-futex-Simplify-fixup_pi_state_owner.patch
new file mode 100644
index 000000000..d6b60749d
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0009-futex-Simplify-fixup_pi_state_owner.patch
@@ -0,0 +1,138 @@
+From 55ea172ce3ebe276e734352eb1b236b3065496c3 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Tue, 19 Jan 2021 16:26:38 +0100
+Subject: [PATCH] futex: Simplify fixup_pi_state_owner()
+
+commit f2dac39d93987f7de1e20b3988c8685523247ae2 upstream
+
+Too many gotos already and an upcoming fix would make it even more
+unreadable.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c | 53 +++++++++++++++++++++++++-------------------------
+ 1 file changed, 26 insertions(+), 27 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 758deac71345..48c37ff4388d 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -2462,18 +2462,13 @@ static void unqueue_me_pi(struct futex_q *q)
+ 	spin_unlock(q->lock_ptr);
+ }
+ 
+-static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+-				struct task_struct *argowner)
++static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
++				  struct task_struct *argowner)
+ {
++	u32 uval, uninitialized_var(curval), newval, newtid;
+ 	struct futex_pi_state *pi_state = q->pi_state;
+-	u32 uval, uninitialized_var(curval), newval;
+ 	struct task_struct *oldowner, *newowner;
+-	u32 newtid;
+-	int ret, err = 0;
+-
+-	lockdep_assert_held(q->lock_ptr);
+-
+-	raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
++	int err = 0;
+ 
+ 	oldowner = pi_state->owner;
+ 
+@@ -2507,14 +2502,12 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 			 * We raced against a concurrent self; things are
+ 			 * already fixed up. Nothing to do.
+ 			 */
+-			ret = 0;
+-			goto out_unlock;
++			return 0;
+ 		}
+ 
+ 		if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) {
+ 			/* We got the lock. pi_state is correct. Tell caller. */
+-			ret = 1;
+-			goto out_unlock;
++			return 1;
+ 		}
+ 
+ 		/*
+@@ -2541,8 +2534,7 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 			 * We raced against a concurrent self; things are
+ 			 * already fixed up. Nothing to do.
+ 			 */
+-			ret = 1;
+-			goto out_unlock;
++			return 1;
+ 		}
+ 		newowner = argowner;
+ 	}
+@@ -2573,7 +2565,6 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 	 * itself.
+ 	 */
+ 	pi_state_update_owner(pi_state, newowner);
+-	raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+ 
+ 	return argowner == current;
+ 
+@@ -2596,17 +2587,16 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 
+ 	switch (err) {
+ 	case -EFAULT:
+-		ret = fault_in_user_writeable(uaddr);
++		err = fault_in_user_writeable(uaddr);
+ 		break;
+ 
+ 	case -EAGAIN:
+ 		cond_resched();
+-		ret = 0;
++		err = 0;
+ 		break;
+ 
+ 	default:
+ 		WARN_ON_ONCE(1);
+-		ret = err;
+ 		break;
+ 	}
+ 
+@@ -2616,17 +2606,26 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 	/*
+ 	 * Check if someone else fixed it for us:
+ 	 */
+-	if (pi_state->owner != oldowner) {
+-		ret = argowner == current;
+-		goto out_unlock;
+-	}
++	if (pi_state->owner != oldowner)
++		return argowner == current;
+ 
+-	if (ret)
+-		goto out_unlock;
++	/* Retry if err was -EAGAIN or the fault in succeeded */
++	if (!err)
++		goto retry;
+ 
+-	goto retry;
++	return err;
++}
+ 
+-out_unlock:
++static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
++				struct task_struct *argowner)
++{
++	struct futex_pi_state *pi_state = q->pi_state;
++	int ret;
++
++	lockdep_assert_held(q->lock_ptr);
++
++	raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
++	ret = __fixup_pi_state_owner(uaddr, q, argowner);
+ 	raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
+ 	return ret;
+ }
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0010-futex-Handle-faults-correctly-for-PI-futexes.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0010-futex-Handle-faults-correctly-for-PI-futexes.patch
new file mode 100644
index 000000000..321ba84d8
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-3347/0010-futex-Handle-faults-correctly-for-PI-futexes.patch
@@ -0,0 +1,164 @@
+From ecd62d2e9ab405d9575c3aa8eb44e44e523a0d19 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Mon, 18 Jan 2021 19:01:21 +0100
+Subject: [PATCH] futex: Handle faults correctly for PI futexes
+
+commit 34b1a1ce1458f50ef27c54e28eb9b1947012907a upstream
+
+fixup_pi_state_owner() tries to ensure that the state of the rtmutex,
+pi_state and the user space value related to the PI futex are consistent
+before returning to user space. In case that the user space value update
+faults and the fault cannot be resolved by faulting the page in via
+fault_in_user_writeable() the function returns with -EFAULT and leaves
+the rtmutex and pi_state owner state inconsistent.
+
+A subsequent futex_unlock_pi() operates on the inconsistent pi_state and
+releases the rtmutex despite not owning it which can corrupt the RB tree of
+the rtmutex and cause a subsequent kernel stack use after free.
+
+It was suggested to loop forever in fixup_pi_state_owner() if the fault
+cannot be resolved, but that results in runaway tasks which is especially
+undesired when the problem happens due to a programming error and not due
+to malice.
+
+As the user space value cannot be fixed up, the proper solution is to make
+the rtmutex and the pi_state consistent so both have the same owner. This
+leaves the user space value out of sync. Any subsequent operation on the
+futex will fail because the 10th rule of PI futexes (pi_state owner and
+user space value are consistent) has been violated.
+
+As a consequence this removes the inept attempts of 'fixing' the situation
+in case that the current task owns the rtmutex when returning with an
+unresolvable fault by unlocking the rtmutex which left pi_state::owner and
+rtmutex::owner out of sync in a different and only slightly less dangerous
+way.
+
+Fixes: 1b7558e457ed ("futexes: fix fault handling in futex_lock_pi")
+Reported-by: gzobqq@gmail.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/futex.c | 56 ++++++++++++++++++--------------------------------
+ 1 file changed, 20 insertions(+), 36 deletions(-)
+
+diff --git a/kernel/futex.c b/kernel/futex.c
+index 48c37ff4388d..042c2707e913 100644
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -1052,7 +1052,8 @@ static inline void exit_pi_state_list(struct task_struct *curr) { }
+  *	FUTEX_OWNER_DIED bit. See [4]
+  *
+  * [10] There is no transient state which leaves owner and user space
+- *	TID out of sync.
++ *	TID out of sync. Except one error case where the kernel is denied
++ *	write access to the user address, see fixup_pi_state_owner().
+  *
+  *
+  * Serialization and lifetime rules:
+@@ -2613,6 +2614,24 @@ static int __fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
+ 	if (!err)
+ 		goto retry;
+ 
++	/*
++	 * fault_in_user_writeable() failed so user state is immutable. At
++	 * best we can make the kernel state consistent but user state will
++	 * be most likely hosed and any subsequent unlock operation will be
++	 * rejected due to PI futex rule [10].
++	 *
++	 * Ensure that the rtmutex owner is also the pi_state owner despite
++	 * the user space value claiming something different. There is no
++	 * point in unlocking the rtmutex if current is the owner as it
++	 * would need to wait until the next waiter has taken the rtmutex
++	 * to guarantee consistent state. Keep it simple. Userspace asked
++	 * for this wreckaged state.
++	 *
++	 * The rtmutex has an owner - either current or some other
++	 * task. See the EAGAIN loop above.
++	 */
++	pi_state_update_owner(pi_state, rt_mutex_owner(&pi_state->pi_mutex));
++
+ 	return err;
+ }
+ 
+@@ -2893,7 +2912,6 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags,
+ 			 ktime_t *time, int trylock)
+ {
+ 	struct hrtimer_sleeper timeout, *to;
+-	struct futex_pi_state *pi_state = NULL;
+ 	struct task_struct *exiting = NULL;
+ 	struct rt_mutex_waiter rt_waiter;
+ 	struct futex_hash_bucket *hb;
+@@ -3030,23 +3048,9 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags,
+ 	if (res)
+ 		ret = (res < 0) ? res : 0;
+ 
+-	/*
+-	 * If fixup_owner() faulted and was unable to handle the fault, unlock
+-	 * it and return the fault to userspace.
+-	 */
+-	if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current)) {
+-		pi_state = q.pi_state;
+-		get_pi_state(pi_state);
+-	}
+-
+ 	/* Unqueue and drop the lock */
+ 	unqueue_me_pi(&q);
+ 
+-	if (pi_state) {
+-		rt_mutex_futex_unlock(&pi_state->pi_mutex);
+-		put_pi_state(pi_state);
+-	}
+-
+ 	goto out_put_key;
+ 
+ out_unlock_put_key:
+@@ -3312,7 +3316,6 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
+ 				 u32 __user *uaddr2)
+ {
+ 	struct hrtimer_sleeper timeout, *to;
+-	struct futex_pi_state *pi_state = NULL;
+ 	struct rt_mutex_waiter rt_waiter;
+ 	struct futex_hash_bucket *hb;
+ 	union futex_key key2 = FUTEX_KEY_INIT;
+@@ -3390,10 +3393,6 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
+ 		if (q.pi_state && (q.pi_state->owner != current)) {
+ 			spin_lock(q.lock_ptr);
+ 			ret = fixup_pi_state_owner(uaddr2, &q, current);
+-			if (ret < 0 && rt_mutex_owner(&q.pi_state->pi_mutex) == current) {
+-				pi_state = q.pi_state;
+-				get_pi_state(pi_state);
+-			}
+ 			/*
+ 			 * Drop the reference to the pi state which
+ 			 * the requeue_pi() code acquired for us.
+@@ -3435,25 +3434,10 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
+ 		if (res)
+ 			ret = (res < 0) ? res : 0;
+ 
+-		/*
+-		 * If fixup_pi_state_owner() faulted and was unable to handle
+-		 * the fault, unlock the rt_mutex and return the fault to
+-		 * userspace.
+-		 */
+-		if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) {
+-			pi_state = q.pi_state;
+-			get_pi_state(pi_state);
+-		}
+-
+ 		/* Unqueue and drop the lock. */
+ 		unqueue_me_pi(&q);
+ 	}
+ 
+-	if (pi_state) {
+-		rt_mutex_futex_unlock(&pi_state->pi_mutex);
+-		put_pi_state(pi_state);
+-	}
+-
+ 	if (ret == -EINTR) {
+ 		/*
+ 		 * We've already been requeued, but cannot restart by calling
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend
index 0186ee5f4..467578d85 100644
--- a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed_%.bbappend
@@ -207,5 +207,62 @@ SRC_URI += " \
     file://0001-tracing-Fix-race-in-trace_open-and-buffer-resize-cal.patch \
     "
 
+# CVE-2021-3347 vulnerability fix
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-3347:"
+SRC_URI += " \
+    file://0001-futex-Fix-incorrect-should_fail_futex-handling.patch \
+    file://0002-futex-Handle-transient-ownerless-rtmutex-state-corre.patch \
+    file://0003-futex-Don-t-enable-IRQs-unconditionally-in-put_pi_st.patch \
+    file://0004-futex-Ensure-the-correct-return-value-from-futex_loc.patch \
+    file://0005-futex-Replace-pointless-printk-in-fixup_owner.patch \
+    file://0006-futex-Provide-and-use-pi_state_update_owner.patch \
+    file://0007-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch \
+    file://0008-futex-Use-pi_state_update_owner-in-put_pi_state.patch \
+    file://0009-futex-Simplify-fixup_pi_state_owner.patch \
+    file://0010-futex-Handle-faults-correctly-for-PI-futexes.patch \
+    "
+
+# CVE-2020-35508 vulnerability fix
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-35508:"
+SRC_URI += " \
+    file://0001-fork-fix-copy_process-CLONE_PARENT-race-with-the-exi.patch \
+    "
+
+# CVE-2021-29650 vulnerability fix
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-29650:"
+SRC_URI += " \
+    file://0001-netfilter-x_tables-Use-correct-memory-barriers.patch \
+    "
+
+# CVE-2021-30002 vulnerability fix
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-30002:"
+SRC_URI += " \
+    file://0001-media-v4l-ioctl-Fix-memory-leak-in-video_usercopy.patch \
+    "
+
+# CVE-2020-28588 vulnerability fix
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-28588:"
+SRC_URI += " \
+    file://0001-lib-syscall-fix-syscall-registers-retrieval-on-32-bi.patch \
+    "
+
+# CVE-2020-27815 vulnerability fix
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2020-27815:"
+SRC_URI += " \
+    file://0001-jfs-Fix-array-index-bounds-check-in-dbAdjTree.patch \
+    "
+
+# CVE-2021-20177 vulnerability fix
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-20177:"
+SRC_URI += " \
+    file://0001-netfilter-add-and-use-nf_hook_slow_list.patch \
+    "
+
+# CVE-2021-31916 vulnerability fix
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}/CVE-2021-31916:"
+SRC_URI += " \
+    file://0001-dm-ioctl-fix-out-of-bounds-array-access-when-no-devi.patch \
+    "
+
 SRC_URI += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', 'file://0005-128MB-flashmap-for-PFR.patch', '', d)}"
 SRC_URI += "${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', 'file://debug.cfg', '', d)}"
diff --git a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0003-Adding-channel-specific-privilege-to-network.patch b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0003-Adding-channel-specific-privilege-to-network.patch
index f361c3d07..3c168141d 100644
--- a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0003-Adding-channel-specific-privilege-to-network.patch
+++ b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0003-Adding-channel-specific-privilege-to-network.patch
@@ -1,4 +1,4 @@
-From 5dfcd6c81a9f26c6c9c867a7a49f5259c3512be2 Mon Sep 17 00:00:00 2001
+From 7ff692291e9548bfc3e91f3ac32ab973a42b0b79 Mon Sep 17 00:00:00 2001
 From: AppaRao Puli <apparao.puli@linux.intel.com>
 Date: Thu, 2 Apr 2020 17:06:07 +0530
 Subject: [PATCH 1/2] Adding channel specific privilege to network
@@ -17,20 +17,21 @@ access command
 Change-Id: I3b592a19363eef684e31d5f7c34dad8f2f9211df
 Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
 Signed-off-by: Yong Li <yong.b.li@linux.intel.com>
+Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
 ---
- ethernet_interface.cpp | 123 +++++++++++++++++++++++++++++++++++++++++++++++++
- ethernet_interface.hpp |  39 +++++++++++++++-
- network_manager.cpp    | 104 +++++++++++++++++++++++++++++++++++++++++
- network_manager.hpp    |   9 ++++
- 4 files changed, 274 insertions(+), 1 deletion(-)
+ ethernet_interface.cpp | 123 +++++++++++++++++++++++++++++++++++++++++
+ ethernet_interface.hpp |  38 ++++++++++++-
+ network_manager.cpp    | 102 ++++++++++++++++++++++++++++++++++
+ network_manager.hpp    |   9 +++
+ 4 files changed, 271 insertions(+), 1 deletion(-)
 
 diff --git a/ethernet_interface.cpp b/ethernet_interface.cpp
-index ed1e1ba..fca86bd 100644
+index 4827f68..fd75514 100644
 --- a/ethernet_interface.cpp
 +++ b/ethernet_interface.cpp
-@@ -37,6 +37,10 @@ using namespace phosphor::logging;
- using namespace sdbusplus::xyz::openbmc_project::Common::Error;
- using Argument = xyz::openbmc_project::Common::InvalidArgument;
+@@ -44,6 +44,10 @@ constexpr auto PROPERTY_INTERFACE = "org.freedesktop.DBus.Properties";
+ constexpr auto RESOLVED_SERVICE_PATH = "/org/freedesktop/resolve1/link/";
+ constexpr auto METHOD_GET = "Get";
  
 +static constexpr const char* networkChannelCfgFile =
 +    "/var/channel_intf_data.json";
@@ -39,15 +40,15 @@ index ed1e1ba..fca86bd 100644
  struct EthernetIntfSocket
  {
      EthernetIntfSocket(int domain, int type, int protocol)
-@@ -86,6 +90,7 @@ EthernetInterface::EthernetInterface(sdbusplus::bus::bus& bus,
-     EthernetInterfaceIntf::speed(std::get<0>(ifInfo));
+@@ -93,6 +97,7 @@ EthernetInterface::EthernetInterface(sdbusplus::bus::bus& bus,
      EthernetInterfaceIntf::linkUp(std::get<3>(ifInfo));
+     EthernetInterfaceIntf::nICEnabled(std::get<4>(ifInfo));
  #endif
 +    getChannelPrivilege(intfName);
  
      // Emit deferred signal.
      if (emitSignal)
-@@ -869,5 +874,123 @@ void EthernetInterface::deleteAll()
+@@ -1007,5 +1012,123 @@ void EthernetInterface::deleteAll()
      manager.writeToConfigurationFile();
  }
  
@@ -115,7 +116,7 @@ index ed1e1ba..fca86bd 100644
 +    }
 +    else
 +    {
-+        jsonData[interfaceName] = priv;
++        return priv;
 +    }
 +
 +    if (writeJsonFile(networkChannelCfgFile, jsonData) != 0)
@@ -172,7 +173,7 @@ index ed1e1ba..fca86bd 100644
  } // namespace network
  } // namespace phosphor
 diff --git a/ethernet_interface.hpp b/ethernet_interface.hpp
-index 68668d6..058d328 100644
+index f8086a4..4191d49 100644
 --- a/ethernet_interface.hpp
 +++ b/ethernet_interface.hpp
 @@ -2,11 +2,14 @@
@@ -215,7 +216,7 @@ index 68668d6..058d328 100644
  namespace fs = std::experimental::filesystem;
  
  class Manager; // forward declaration of network manager.
-@@ -199,6 +208,14 @@ class EthernetInterface : public Ifaces
+@@ -217,6 +225,14 @@ class EthernetInterface : public Ifaces
       */
      void deleteAll();
  
@@ -230,7 +231,7 @@ index 68668d6..058d328 100644
      using EthernetInterfaceIntf::dHCPEnabled;
      using EthernetInterfaceIntf::interfaceName;
      using EthernetInterfaceIntf::linkUp;
-@@ -296,6 +313,26 @@ class EthernetInterface : public Ifaces
+@@ -316,6 +332,26 @@ class EthernetInterface : public Ifaces
      std::string objPath;
  
      friend class TestEthernetInterface;
@@ -258,7 +259,7 @@ index 68668d6..058d328 100644
  
  } // namespace network
 diff --git a/network_manager.cpp b/network_manager.cpp
-index 043d7a2..75f4e5f 100644
+index 637092b..6e5234c 100644
 --- a/network_manager.cpp
 +++ b/network_manager.cpp
 @@ -34,6 +34,13 @@ extern std::unique_ptr<Timer> restartTimer;
@@ -378,7 +379,7 @@ index 043d7a2..75f4e5f 100644
  
  bool Manager::createDefaultNetworkFiles(bool force)
 diff --git a/network_manager.hpp b/network_manager.hpp
-index edb341f..5fb9fe8 100644
+index 80d017e..e308650 100644
 --- a/network_manager.hpp
 +++ b/network_manager.hpp
 @@ -137,6 +137,12 @@ class Manager : public details::VLANCreateIface
@@ -405,5 +406,5 @@ index edb341f..5fb9fe8 100644
  
  } // namespace network
 -- 
-2.7.4
+2.31.1
 
diff --git a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch
new file mode 100644
index 000000000..222a07aff
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network/0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch
@@ -0,0 +1,63 @@
+From 8d0cc1dfc3b48bccbe09a205f1ff2eb7721dbc6f Mon Sep 17 00:00:00 2001
+From: Johnathan Mantey <johnathanx.mantey@intel.com>
+Date: Mon, 21 Jun 2021 13:34:04 -0700
+Subject: [PATCH] Correct several latent issues discovered by a Klocwork scan
+
+Klocwork identified several issues:
+1. ncsi_util: Null pointer dereferences
+2. vlan_interface: Missing return value for non-void function
+
+Tested:
+Programmed the updated code to WCity system.
+
+Change-Id: Ie6a601b343404f3070f35171336c0c5796c8d635
+Signed-off-by: Johnathan Mantey <johnathanx.mantey@intel.com>
+---
+ ncsi_util.cpp      | 11 +++++++++++
+ vlan_interface.cpp |  1 +
+ 2 files changed, 12 insertions(+)
+
+diff --git a/ncsi_util.cpp b/ncsi_util.cpp
+index 2b3fb54..4a46849 100644
+--- a/ncsi_util.cpp
++++ b/ncsi_util.cpp
+@@ -180,6 +180,12 @@ int applyCmd(int ifindex, int cmd, int package = DEFAULT_VALUE,
+              CallBack function = nullptr)
+ {
+     nlSocketPtr socket(nl_socket_alloc(), &::nl_socket_free);
++    if (socket == nullptr)
++    {
++        log<level::ERR>("Unable to allocate memory for the socket.");
++        return -ENOMEM;
++    }
++
+     auto ret = genl_connect(socket.get());
+     if (ret < 0)
+     {
+@@ -195,6 +201,11 @@ int applyCmd(int ifindex, int cmd, int package = DEFAULT_VALUE,
+     }
+ 
+     nlMsgPtr msg(nlmsg_alloc(), &::nlmsg_free);
++    if (msg == nullptr)
++    {
++        log<level::ERR>("Unable to allocate memory for the message.");
++        return -ENOMEM;
++    }
+ 
+     auto msgHdr = genlmsg_put(msg.get(), 0, 0, driverID, 0, flags, cmd, 0);
+     if (!msgHdr)
+diff --git a/vlan_interface.cpp b/vlan_interface.cpp
+index 26282cb..baa5271 100644
+--- a/vlan_interface.cpp
++++ b/vlan_interface.cpp
+@@ -41,6 +41,7 @@ std::string VlanInterface::mACAddress(std::string)
+ {
+     log<level::ERR>("Tried to set MAC address on VLAN");
+     elog<InternalFailure>();
++    return {};
+ }
+ 
+ void VlanInterface::writeDeviceFile()
+-- 
+2.31.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network_%.bbappend b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network_%.bbappend
index 5774d5318..c5d608371 100644
--- a/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-network/network/phosphor-network_%.bbappend
@@ -6,6 +6,7 @@ DEPENDS += "nlohmann-json boost"
 SRC_URI = "git://github.com/openbmc/phosphor-networkd;nobranch=1"
 SRC_URI += "file://0003-Adding-channel-specific-privilege-to-network.patch \
             file://0009-Enhance-DHCP-beyond-just-OFF-and-IPv4-IPv6-enabled.patch \
+            file://0010-Correct-several-latent-issues-discovered-by-a-Klocwo.patch \
             "
 SRCREV = "d0679f9bb46670c593061c4aaebec2a577cdd5c3"
 
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager/0001-Verify-that-certificate-is-loadable-in-SSL-context.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager/0001-Verify-that-certificate-is-loadable-in-SSL-context.patch
new file mode 100644
index 000000000..b0bbd1080
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager/0001-Verify-that-certificate-is-loadable-in-SSL-context.patch
@@ -0,0 +1,53 @@
+From 811a29e1941db0157f49d2e05491be945f7b2f07 Mon Sep 17 00:00:00 2001
+From: Nidhin MS <nidhin.ms@intel.com>
+Date: Thu, 13 May 2021 12:54:32 +0530
+Subject: [PATCH] Verify that certificate is loadable in SSL context
+
+Openssl requires private keys to have a minimum keylength specified by
+openssl security level 1. As a result RSA keys shorter
+than 1024 bits and ECC keys shorter than 160 bits are prohibited. Add a
+validation step to create an SSL context and try to load the
+certificate.
+
+Tested:
+Tested RSA with length 512 756 and 1024
+
+Change-Id: Idac4dea6279964bfd8e3d996d91cd278678c73f9
+Signed-off-by: Nidhin MS <nidhin.ms@intel.com>
+---
+ certificate.cpp | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/certificate.cpp b/certificate.cpp
+index 6bfd4af..7b902bd 100644
+--- a/certificate.cpp
++++ b/certificate.cpp
+@@ -9,6 +9,7 @@
+ #include <openssl/err.h>
+ #include <openssl/evp.h>
+ #include <openssl/pem.h>
++#include <openssl/ssl.h>
+ #include <openssl/x509v3.h>
+ 
+ #include <fstream>
+@@ -351,6 +352,17 @@ void Certificate::install(const std::string& certSrcFilePath)
+ 
+     validateCertificateExpiryDate(cert);
+ 
++    // Verify that the certificate can be used in a TLS context
++    const SSL_METHOD* method = TLS_method();
++    std::unique_ptr<SSL_CTX, decltype(&::SSL_CTX_free)> ctx(SSL_CTX_new(method),
++                                                            SSL_CTX_free);
++    if (SSL_CTX_use_certificate(ctx.get(), cert.get()) != 1)
++    {
++        log<level::ERR>("Certificate is not usable",
++                        entry("ERRCODE=%x", ERR_get_error()));
++        elog<InvalidCertificate>(Reason("Certificate is not usable"));
++    }
++
+     // Invoke type specific append private key function.
+     auto appendIter = appendKeyMap.find(certType);
+     if (appendIter == appendKeyMap.end())
+-- 
+2.7.4
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager_%.bbappend
new file mode 100644
index 000000000..f46e1b596
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/certificate/phosphor-certificate-manager_%.bbappend
@@ -0,0 +1,5 @@
+FILESEXTRAPATHS_append := ":${THISDIR}/${PN}"
+
+SRCREV = "c4522d2ea747e139dc97238b58c9609ac9d11776"
+SRC_URI += "file://0001-Verify-that-certificate-is-loadable-in-SSL-context.patch"
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0003-Klocwork-fix-fruDevice.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0003-Klocwork-fix-fruDevice.patch
new file mode 100644
index 000000000..c2faddce2
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager/0003-Klocwork-fix-fruDevice.patch
@@ -0,0 +1,41 @@
+From c3286fb24b5d10557dbe2f91e03db6230e1d3b9a Mon Sep 17 00:00:00 2001
+From: Zhikui Ren <zhikui.ren@intel.com>
+Date: Tue, 15 Jun 2021 10:02:07 -0700
+Subject: [PATCH] Klocwork fix - fruDevice
+
+Fix for Klocwork issues.
+
+Signed-off-by: Zhikui Ren <zhikui.ren@intel.com>
+---
+ src/FruDevice.cpp | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/FruDevice.cpp b/src/FruDevice.cpp
+index e1e95f8..a2078a1 100644
+--- a/src/FruDevice.cpp
++++ b/src/FruDevice.cpp
+@@ -903,7 +903,7 @@ static std::pair<DecodeState, std::string>
+ 
+         case FRUDataEncoding::sixBitASCII:
+         {
+-            unsigned int accum;
++            unsigned int accum = 0;
+             unsigned int accumBitLen = 0;
+             value = std::string();
+             for (i = 0; i < len; i++, iter++)
+@@ -982,7 +982,11 @@ bool formatFru(const std::vector<char>& fruBytes,
+                 std::tm fruTime = intelEpoch();
+                 std::time_t timeValue = std::mktime(&fruTime);
+                 timeValue += minutes * 60;
+-                fruTime = *std::gmtime(&timeValue);
++                std::tm* realTime = std::gmtime(&timeValue);
++                if (realTime != NULL)
++                {
++                    fruTime = *realTime;
++                }
+ 
+                 // Tue Nov 20 23:08:00 2018
+                 char timeString[32] = {0};
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager_%.bbappend
index 212797329..7b84000dc 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/configuration/entity-manager_%.bbappend
@@ -4,4 +4,5 @@ SRCREV = "e18edb5badc2e16181cfc464a6ccd0ef51dc4548"
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 SRC_URI += "file://0001-Add-retries-to-mapper-calls.patch \
-            file://0002-Improve-initialization-of-I2C-sensors.patch"
+            file://0002-Improve-initialization-of-I2C-sensors.patch \
+            file://0003-Klocwork-fix-fruDevice.patch"
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch
index 54efbee8c..c10dadea4 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch
@@ -1,13 +1,13 @@
-From f2dd5e13a0774d8683542798dd96979f9d7a6691 Mon Sep 17 00:00:00 2001
+From f268c4679e391e213c36d2046f0d95b858f41054 Mon Sep 17 00:00:00 2001
 From: Vernon Mauery <vernon.mauery@intel.com>
 Date: Tue, 29 Sep 2020 13:38:35 -0700
 Subject: [PATCH] Fix delete image by ID and inhibit removal of bmc_active
 
 Delete image by ID was broken because when hitting the delete dbus
 interface, it recalculated the ID from the parent version, which then
-does not match because of the random number addition that was added to
-the ID when the parent interface was created. This saves away the parent
-interface ID and recalls it rather than recalculating it.
+does not match because of the random number addition that was added
+to the ID when the parent interface was created. This saves away the
+parent interface ID and recalls it rather than recalculating it.
 
 Also, there was a logic error in deleting images that would delete the
 active BMC image. This fixes up that error.
@@ -17,6 +17,7 @@ Tested: run multiple back-to back updates and see that when the fwupd
         deleted and that the bmc_active interface is not deleted.
 
 Signed-off-by: Vernon Mauery <vernon.mauery@intel.com>
+Signed-off-by: AppaRao Puli <apparao.puli@linux.intel.com>
 ---
  item_updater.cpp      | 17 +++++++++++------
  pfr_image_manager.cpp |  2 +-
@@ -25,10 +26,10 @@ Signed-off-by: Vernon Mauery <vernon.mauery@intel.com>
  4 files changed, 28 insertions(+), 12 deletions(-)
 
 diff --git a/item_updater.cpp b/item_updater.cpp
-index db255d6..90970d3 100644
+index 8d7bb82..5bf8b87 100644
 --- a/item_updater.cpp
 +++ b/item_updater.cpp
-@@ -133,7 +133,7 @@ void ItemUpdater::createActivation(sdbusplus::message::message& msg)
+@@ -132,7 +132,7 @@ void ItemUpdater::createActivation(sdbusplus::message::message& msg)
                                           activationState, associations)));
  
          auto versionPtr = std::make_unique<VersionClass>(
@@ -37,7 +38,7 @@ index db255d6..90970d3 100644
              std::bind(&ItemUpdater::erase, this, std::placeholders::_1));
          versionPtr->deleteObject =
              std::make_unique<phosphor::software::manager::Delete>(bus, path,
-@@ -247,7 +247,7 @@ void ItemUpdater::processBMCImage()
+@@ -224,7 +224,7 @@ void ItemUpdater::processBMCImage()
  
              // Create Version instance for this version.
              auto versionPtr = std::make_unique<VersionClass>(
@@ -46,7 +47,7 @@ index db255d6..90970d3 100644
                  std::bind(&ItemUpdater::erase, this, std::placeholders::_1));
              auto isVersionFunctional = versionPtr->isFunctional();
              if (!isVersionFunctional)
-@@ -322,11 +322,11 @@ void ItemUpdater::erase(std::string entryId)
+@@ -298,11 +298,11 @@ void ItemUpdater::erase(std::string entryId)
      auto it = versions.find(entryId);
      if (it != versions.end())
      {
@@ -61,8 +62,8 @@ index db255d6..90970d3 100644
 +                             entry("VERSIONID=%s", entryId.c_str()));
              return;
          }
-     }
-@@ -669,6 +669,11 @@ void ItemUpdater::freeSpace(Activation& caller)
+ 
+@@ -633,6 +633,11 @@ void ItemUpdater::freeSpace(Activation& caller)
      std::size_t count = 0;
      for (const auto& iter : activations)
      {
@@ -75,10 +76,10 @@ index db255d6..90970d3 100644
               server::Activation::Activations::Active) ||
              (iter.second.get()->activation() ==
 diff --git a/pfr_image_manager.cpp b/pfr_image_manager.cpp
-index 145237e..0c6c3d8 100644
+index ba73cc1..36f0a62 100644
 --- a/pfr_image_manager.cpp
 +++ b/pfr_image_manager.cpp
-@@ -308,7 +308,7 @@ int Manager::processImage(const std::string& imgFilePath)
+@@ -265,7 +265,7 @@ int Manager::processImage(const std::string& imgFilePath)
      std::string objPath = std::string{SOFTWARE_OBJPATH} + '/' + id;
  
      auto versionPtr = std::make_unique<Version>(
@@ -88,10 +89,10 @@ index 145237e..0c6c3d8 100644
      versionPtr->deleteObject =
          std::make_unique<phosphor::software::manager::Delete>(bus, objPath,
 diff --git a/version.cpp b/version.cpp
-index 18f3f4f..e6fd481 100644
+index f50500a..1471233 100644
 --- a/version.cpp
 +++ b/version.cpp
-@@ -182,7 +182,7 @@ void Delete::delete_()
+@@ -181,7 +181,7 @@ void Delete::delete_()
  {
      if (parent.eraseCallback)
      {
@@ -101,10 +102,10 @@ index 18f3f4f..e6fd481 100644
  }
  
 diff --git a/version.hpp b/version.hpp
-index 9cf76da..ae70ea8 100644
+index 5827c8a..ad1170a 100644
 --- a/version.hpp
 +++ b/version.hpp
-@@ -74,14 +74,15 @@ class Version : public VersionInherit
+@@ -73,14 +73,15 @@ class Version : public VersionInherit
       * @param[in] callback       - The eraseFunc callback
       */
      Version(sdbusplus::bus::bus& bus, const std::string& objPath,
@@ -115,16 +116,16 @@ index 9cf76da..ae70ea8 100644
 +            eraseFunc callback) :
          VersionInherit(bus, (objPath).c_str(), true),
 -        eraseCallback(callback), versionStr(versionString)
-+        eraseCallback(callback), extId(extId), versionStr(versionString)
++        eraseCallback(callback), versionStr(versionString), extId(extId)
      {
          // Set properties.
          purpose(versionPurpose);
 -        version(versionString);
-+        version(extId);
++        version(versionStr);
          path(filePath);
          // Emit deferred signal.
          emit_object_added();
-@@ -134,6 +135,15 @@ class Version : public VersionInherit
+@@ -133,6 +134,15 @@ class Version : public VersionInherit
       */
      bool isFunctional();
  
@@ -140,7 +141,7 @@ index 9cf76da..ae70ea8 100644
      /** @brief Persistent Delete D-Bus object */
      std::unique_ptr<Delete> deleteObject;
  
-@@ -143,6 +153,7 @@ class Version : public VersionInherit
+@@ -142,6 +152,7 @@ class Version : public VersionInherit
    private:
      /** @brief This Version's version string */
      const std::string versionStr;
@@ -149,5 +150,5 @@ index 9cf76da..ae70ea8 100644
  
  } // namespace manager
 -- 
-2.17.1
+2.7.4
 
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend
index 623c4f77e..0b1bdf1e4 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager_%.bbappend
@@ -20,6 +20,7 @@ SRC_URI += "file://0001-Add-more-error-types.patch \
 SRC_URI_PFR = "file://0007-PFR-images-support.patch \
                file://0008-PFR-image-HASH-verification.patch \
                file://0010-Add-error-reporting-to-pfr_image_manager.patch \
+               file://0015-Fix-delete-image-by-ID-and-inhibit-removal-of-bmc_ac.patch \
               "
 
 SRC_URI += "${@bb.utils.contains('IMAGE_FSTYPES', 'intel-pfr', SRC_URI_PFR, '', d)}"
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0042-Fix-nlohmann-json-dump-calls.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0042-Fix-nlohmann-json-dump-calls.patch
new file mode 100644
index 000000000..c72f36d28
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0042-Fix-nlohmann-json-dump-calls.patch
@@ -0,0 +1,451 @@
+From 7c93f19e80d6d6fb11710e112a7aa449c77924f6 Mon Sep 17 00:00:00 2001
+From: Ed Tanous <edtanous@google.com>
+Date: Fri, 19 Feb 2021 08:51:17 -0800
+Subject: [PATCH] Fix nlohmann::json::dump calls
+
+The nlohmann::json::dump call needs to be called with specific arguments
+to avoid throwing in failure cases.  http connection already does this
+properly, but a bunch of code has snuck in (mostly in redfish) that
+ignores this, and calls it incorrectly.  This can potentially lead to a
+crash if the wrong thing throws on invalid UTF8 characters.
+
+This audits the whole codebase, and replaces every dump() call with the
+correct dump(2, ' ', true, nlohmann::json::error_handler_t::replace)
+call.  For correct output, the callers should expect no change, and in
+practice, this would require injecting non-utf8 characters into the
+BMC.
+
+Tested:
+Ran several of the endpoints/error conditions in question, including
+some of the error cases.  Observed correct responses.  I don't know of a
+security issue that would allow injecting invalid utf8 into the BMC, but
+in theory if it were possible, this would prevent a crash.
+
+Signed-off-by: Ed Tanous <edtanous@google.com>
+Change-Id: I4a15b8e260e3db129bc20484ade4ed5449f75ad0
+Signed-off-by: Terry S. Duncan <terry.s.duncan@linux.intel.com>
+---
+ http/http_connection.h                        |  3 +-
+ include/dbus_monitor.hpp                      |  3 +-
+ include/openbmc_dbus_rest.hpp                 |  6 ++-
+ .../include/event_service_manager.hpp         | 12 +++--
+ redfish-core/include/utils/json_utils.hpp     | 30 ++++++++++--
+ redfish-core/lib/account_service.hpp          |  4 +-
+ redfish-core/lib/ethernet.hpp                 | 48 +++++++++++-------
+ redfish-core/lib/event_service.hpp            |  4 +-
+ redfish-core/lib/hypervisor_ethernet.hpp      |  7 ++-
+ redfish-core/lib/managers.hpp                 | 49 +++++++++++++------
+ 10 files changed, 115 insertions(+), 51 deletions(-)
+
+diff --git a/http/http_connection.h b/http/http_connection.h
+index 59a134f..4fb2d85 100644
+--- a/http/http_connection.h
++++ b/http/http_connection.h
+@@ -660,7 +660,8 @@ class Connection :
+             else
+             {
+                 res.jsonMode();
+-                res.body() = res.jsonValue.dump(2, ' ', true);
++                res.body() = res.jsonValue.dump(
++                    2, ' ', true, nlohmann::json::error_handler_t::replace);
+             }
+         }
+ 
+diff --git a/include/dbus_monitor.hpp b/include/dbus_monitor.hpp
+index 9e22b9c..db0d07b 100644
+--- a/include/dbus_monitor.hpp
++++ b/include/dbus_monitor.hpp
+@@ -110,7 +110,8 @@ inline int onPropertyUpdate(sd_bus_message* m, void* userdata,
+         return 0;
+     }
+ 
+-    connection->sendText(j.dump());
++    connection->sendText(
++        j.dump(2, ' ', true, nlohmann::json::error_handler_t::replace));
+     return 0;
+ }
+ 
+diff --git a/include/openbmc_dbus_rest.hpp b/include/openbmc_dbus_rest.hpp
+index c41a568..00d849a 100644
+--- a/include/openbmc_dbus_rest.hpp
++++ b/include/openbmc_dbus_rest.hpp
+@@ -508,7 +508,9 @@ int convertJsonToDbus(sd_bus_message* m, const std::string& arg_type,
+                       const nlohmann::json& input_json)
+ {
+     int r = 0;
+-    BMCWEB_LOG_DEBUG << "Converting " << input_json.dump()
++    BMCWEB_LOG_DEBUG << "Converting "
++                     << input_json.dump(2, ' ', true,
++                                        nlohmann::json::error_handler_t::replace)
+                      << " to type: " << arg_type;
+     const std::vector<std::string> argTypes = dbusArgSplit(arg_type);
+ 
+@@ -917,7 +919,7 @@ int readDictEntryFromMessage(const std::string& typeCode,
+     {
+         // json doesn't support non-string keys.  If we hit this condition,
+         // convert the result to a string so we can proceed
+-        key = key.dump();
++        key = key.dump(2, ' ', true, nlohmann::json::error_handler_t::replace);
+         keyPtr = key.get_ptr<const std::string*>();
+         // in theory this can't fail now, but lets be paranoid about it
+         // anyway
+diff --git a/redfish-core/include/event_service_manager.hpp b/redfish-core/include/event_service_manager.hpp
+index 470636f..633e096 100644
+--- a/redfish-core/include/event_service_manager.hpp
++++ b/redfish-core/include/event_service_manager.hpp
+@@ -462,7 +462,8 @@ class Subscription
+                               {"Name", "Event Log"},
+                               {"Events", logEntryArray}};
+ 
+-        this->sendEvent(msg.dump());
++        this->sendEvent(
++            msg.dump(2, ' ', true, nlohmann::json::error_handler_t::replace));
+         this->eventSeqNum++;
+     }
+ 
+@@ -526,7 +527,8 @@ class Subscription
+                               {"Name", "Event Log"},
+                               {"Events", logEntryArray}};
+ 
+-        this->sendEvent(msg.dump());
++        this->sendEvent(
++            msg.dump(2, ' ', true, nlohmann::json::error_handler_t::replace));
+         this->eventSeqNum++;
+     }
+ #endif
+@@ -573,7 +575,8 @@ class Subscription
+             {"MetricReportDefinition", {{"@odata.id", metricReportDef}}},
+             {"MetricValues", metricValuesArray}};
+ 
+-        this->sendEvent(msg.dump());
++        this->sendEvent(
++            msg.dump(2, ' ', true, nlohmann::json::error_handler_t::replace));
+     }
+ 
+     void updateRetryConfig(const uint32_t retryAttempts,
+@@ -826,7 +829,8 @@ class EventServiceManager
+ 
+         const std::string tmpFile(std::string(eventServiceFile) + "_tmp");
+         std::ofstream ofs(tmpFile, std::ios::out);
+-        const auto& writeData = jsonData.dump();
++        const auto& writeData = jsonData.dump(
++            2, ' ', true, nlohmann::json::error_handler_t::replace);
+         ofs << writeData;
+         ofs.close();
+ 
+diff --git a/redfish-core/include/utils/json_utils.hpp b/redfish-core/include/utils/json_utils.hpp
+index fbb259d..1252746 100644
+--- a/redfish-core/include/utils/json_utils.hpp
++++ b/redfish-core/include/utils/json_utils.hpp
+@@ -222,12 +222,20 @@ bool unpackValue(nlohmann::json& jsonValue, const std::string& key,
+     {
+         if (!jsonValue.is_array())
+         {
+-            messages::propertyValueTypeError(res, res.jsonValue.dump(), key);
++            messages::propertyValueTypeError(
++                res,
++                res.jsonValue.dump(2, ' ', true,
++                                   nlohmann::json::error_handler_t::replace),
++                key);
+             return false;
+         }
+         if (jsonValue.size() != value.size())
+         {
+-            messages::propertyValueTypeError(res, res.jsonValue.dump(), key);
++            messages::propertyValueTypeError(
++                res,
++                res.jsonValue.dump(2, ' ', true,
++                                   nlohmann::json::error_handler_t::replace),
++                key);
+             return false;
+         }
+         size_t index = 0;
+@@ -242,7 +250,11 @@ bool unpackValue(nlohmann::json& jsonValue, const std::string& key,
+     {
+         if (!jsonValue.is_array())
+         {
+-            messages::propertyValueTypeError(res, res.jsonValue.dump(), key);
++            messages::propertyValueTypeError(
++                res,
++                res.jsonValue.dump(2, ' ', true,
++                                   nlohmann::json::error_handler_t::replace),
++                key);
+             return false;
+         }
+ 
+@@ -261,11 +273,19 @@ bool unpackValue(nlohmann::json& jsonValue, const std::string& key,
+         {
+             if (ec == UnpackErrorCode::invalidType)
+             {
+-                messages::propertyValueTypeError(res, jsonValue.dump(), key);
++                messages::propertyValueTypeError(
++                    res,
++                    jsonValue.dump(2, ' ', true,
++                                   nlohmann::json::error_handler_t::replace),
++                    key);
+             }
+             else if (ec == UnpackErrorCode::outOfRange)
+             {
+-                messages::propertyValueNotInList(res, jsonValue.dump(), key);
++                messages::propertyValueNotInList(
++                    res,
++                    jsonValue.dump(2, ' ', true,
++                                   nlohmann::json::error_handler_t::replace),
++                    key);
+             }
+             return false;
+         }
+diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
+index 8ef1434..1619a3e 100644
+--- a/redfish-core/lib/account_service.hpp
++++ b/redfish-core/lib/account_service.hpp
+@@ -240,7 +240,9 @@ static void handleRoleMapPatch(
+             {
+                 BMCWEB_LOG_ERROR << "Can't delete the object";
+                 messages::propertyValueTypeError(
+-                    asyncResp->res, thisJson.dump(),
++                    asyncResp->res,
++                    thisJson.dump(2, ' ', true,
++                                  nlohmann::json::error_handler_t::replace),
+                     "RemoteRoleMapping/" + std::to_string(index));
+                 return;
+             }
+diff --git a/redfish-core/lib/ethernet.hpp b/redfish-core/lib/ethernet.hpp
+index b1a9f69..fc909ce 100644
+--- a/redfish-core/lib/ethernet.hpp
++++ b/redfish-core/lib/ethernet.hpp
+@@ -1421,8 +1421,11 @@ class EthernetInterface : public Node
+     {
+         if ((!input.is_array()) || input.empty())
+         {
+-            messages::propertyValueTypeError(asyncResp->res, input.dump(),
+-                                             "IPv4StaticAddresses");
++            messages::propertyValueTypeError(
++                asyncResp->res,
++                input.dump(2, ' ', true,
++                           nlohmann::json::error_handler_t::replace),
++                "IPv4StaticAddresses");
+             return;
+         }
+ 
+@@ -1450,7 +1453,10 @@ class EthernetInterface : public Node
+                                          "Gateway", gateway))
+                 {
+                     messages::propertyValueFormatError(
+-                        asyncResp->res, thisJson.dump(), pathString);
++                        asyncResp->res,
++                        thisJson.dump(2, ' ', true,
++                                      nlohmann::json::error_handler_t::replace),
++                        pathString);
+                     return;
+                 }
+ 
+@@ -1569,12 +1575,12 @@ class EthernetInterface : public Node
+                         messages::resourceCannotBeDeleted(asyncResp->res);
+                         return;
+                     }
+-                    else
+-                    {
+-                        messages::propertyValueFormatError(
+-                            asyncResp->res, thisJson.dump(), pathString);
+-                        return;
+-                    }
++                    messages::propertyValueFormatError(
++                        asyncResp->res,
++                        thisJson.dump(2, ' ', true,
++                                      nlohmann::json::error_handler_t::replace),
++                        pathString);
++                    return;
+                 }
+ 
+                 if (thisJson.is_null())
+@@ -1619,8 +1625,11 @@ class EthernetInterface : public Node
+     {
+         if (!input.is_array() || input.empty())
+         {
+-            messages::propertyValueTypeError(asyncResp->res, input.dump(),
+-                                             "IPv6StaticAddresses");
++            messages::propertyValueTypeError(
++                asyncResp->res,
++                input.dump(2, ' ', true,
++                           nlohmann::json::error_handler_t::replace),
++                "IPv6StaticAddresses");
+             return;
+         }
+         size_t entryIdx = 1;
+@@ -1640,7 +1649,10 @@ class EthernetInterface : public Node
+                                          address, "PrefixLength", prefixLength))
+                 {
+                     messages::propertyValueFormatError(
+-                        asyncResp->res, thisJson.dump(), pathString);
++                        asyncResp->res,
++                        thisJson.dump(2, ' ', true,
++                                      nlohmann::json::error_handler_t::replace),
++                        pathString);
+                     return;
+                 }
+ 
+@@ -1706,12 +1718,12 @@ class EthernetInterface : public Node
+                         messages::resourceCannotBeDeleted(asyncResp->res);
+                         return;
+                     }
+-                    else
+-                    {
+-                        messages::propertyValueFormatError(
+-                            asyncResp->res, thisJson.dump(), pathString);
+-                        return;
+-                    }
++                    messages::propertyValueFormatError(
++                        asyncResp->res,
++                        thisJson.dump(2, ' ', true,
++                                      nlohmann::json::error_handler_t::replace),
++                        pathString);
++                    return;
+                 }
+ 
+                 if (thisJson.is_null())
+diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp
+index 7a29af5..dd5cf32 100644
+--- a/redfish-core/lib/event_service.hpp
++++ b/redfish-core/lib/event_service.hpp
+@@ -472,7 +472,9 @@ class EventDestinationCollection : public Node
+                 else
+                 {
+                     messages::propertyValueFormatError(
+-                        asyncResp->res, mrdObj.dump(),
++                        asyncResp->res,
++                        mrdObj.dump(2, ' ', true,
++                                    nlohmann::json::error_handler_t::replace),
+                         "MetricReportDefinitions");
+                     return;
+                 }
+diff --git a/redfish-core/lib/hypervisor_ethernet.hpp b/redfish-core/lib/hypervisor_ethernet.hpp
+index 7b64c20..6fb301f 100644
+--- a/redfish-core/lib/hypervisor_ethernet.hpp
++++ b/redfish-core/lib/hypervisor_ethernet.hpp
+@@ -521,8 +521,11 @@ class HypervisorInterface : public Node
+                                      address, "SubnetMask", subnetMask,
+                                      "Gateway", gateway))
+             {
+-                messages::propertyValueFormatError(asyncResp->res,
+-                                                   thisJson.dump(), pathString);
++                messages::propertyValueFormatError(
++                    asyncResp->res,
++                    thisJson.dump(2, ' ', true,
++                                  nlohmann::json::error_handler_t::replace),
++                    pathString);
+                 return;
+             }
+ 
+diff --git a/redfish-core/lib/managers.hpp b/redfish-core/lib/managers.hpp
+index 7832e81..176d146 100644
+--- a/redfish-core/lib/managers.hpp
++++ b/redfish-core/lib/managers.hpp
+@@ -865,8 +865,10 @@ static CreatePIDRet createPidInterface(
+                 "PositiveHysteresis", doubles["PositiveHysteresis"],
+                 "NegativeHysteresis", doubles["NegativeHysteresis"]))
+         {
+-            BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property "
+-                             << it.value().dump();
++            BMCWEB_LOG_ERROR << "Line:" << __LINE__
++                << "Illegal Property "
++                << it.value().dump(2, ' ', true,
++                                   nlohmann::json::error_handler_t::replace);
+             return CreatePIDRet::fail;
+         }
+         if (zones)
+@@ -972,8 +974,10 @@ static CreatePIDRet createPidInterface(
+                                           failSafePercent, "MinThermalOutput",
+                                           minThermalOutput))
+         {
+-            BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property "
+-                             << it.value().dump();
++            BMCWEB_LOG_ERROR << "Line:" << __LINE__
++                << "Illegal Property "
++                << it.value().dump(2, ' ', true,
++                                   nlohmann::json::error_handler_t::replace);
+             return CreatePIDRet::fail;
+         }
+ 
+@@ -984,8 +988,11 @@ static CreatePIDRet createPidInterface(
+             if (!redfish::json_util::readJson(*chassisContainer, response->res,
+                                               "@odata.id", chassisId))
+             {
+-                BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property "
+-                                 << chassisContainer->dump();
++                BMCWEB_LOG_ERROR << "Line:" << __LINE__
++                    << "Illegal Property "
++                    << chassisContainer->dump(
++                           2, ' ', true,
++                           nlohmann::json::error_handler_t::replace);
+                 return CreatePIDRet::fail;
+             }
+ 
+@@ -1022,8 +1029,10 @@ static CreatePIDRet createPidInterface(
+                 "NegativeHysteresis", negativeHysteresis, "Direction",
+                 direction))
+         {
+-            BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property "
+-                             << it.value().dump();
++            BMCWEB_LOG_ERROR << "Line:" << __LINE__
++                << "Illegal Property "
++                << it.value().dump(2, ' ', true,
++                                   nlohmann::json::error_handler_t::replace);
+             return CreatePIDRet::fail;
+         }
+ 
+@@ -1057,8 +1066,10 @@ static CreatePIDRet createPidInterface(
+                                                   target, "Output", output))
+                 {
+                     BMCWEB_LOG_ERROR << "Line:" << __LINE__
+-                                     << ", Illegal Property "
+-                                     << it.value().dump();
++                        << "Illegal Property "
++                        << it.value().dump(
++                               2, ' ', true,
++                               nlohmann::json::error_handler_t::replace);
+                     return CreatePIDRet::fail;
+                 }
+                 readings.emplace_back(target);
+@@ -1299,8 +1310,10 @@ struct SetPIDValues : std::enable_shared_from_this<SetPIDValues>
+                 "FanControllers", fanControllers, "FanZones", fanZones,
+                 "StepwiseControllers", stepwiseControllers, "Profile", profile))
+         {
+-            BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property "
+-                             << data.dump();
++            BMCWEB_LOG_ERROR << "Line:" << __LINE__
++                << "Illegal Property "
++                << data.dump(2, ' ', true,
++                             nlohmann::json::error_handler_t::replace);
+             return;
+         }
+         configuration.emplace_back("PidControllers", std::move(pidControllers));
+@@ -1822,8 +1835,10 @@ class Manager : public Node
+             std::optional<nlohmann::json> openbmc;
+             if (!redfish::json_util::readJson(*oem, res, "OpenBmc", openbmc))
+             {
+-                BMCWEB_LOG_ERROR << "Line:" << __LINE__ << ", Illegal Property "
+-                                 << oem->dump();
++                BMCWEB_LOG_ERROR << "Line:" << __LINE__
++                    << "Illegal Property "
++                    << oem->dump(2, ' ', true,
++                                 nlohmann::json::error_handler_t::replace);
+                 return;
+             }
+             if (openbmc)
+@@ -1832,8 +1847,10 @@ class Manager : public Node
+                 if (!redfish::json_util::readJson(*openbmc, res, "Fan", fan))
+                 {
+                     BMCWEB_LOG_ERROR << "Line:" << __LINE__
+-                                     << ", Illegal Property "
+-                                     << openbmc->dump();
++                        << "Illegal Property "
++                        << openbmc->dump(
++                               2, ' ', true,
++                               nlohmann::json::error_handler_t::replace);
+                     return;
+                 }
+                 if (fan)
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0043-account_service-Fix-incorrect-pointer-dereference.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0043-account_service-Fix-incorrect-pointer-dereference.patch
new file mode 100644
index 000000000..263a7412d
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/0043-account_service-Fix-incorrect-pointer-dereference.patch
@@ -0,0 +1,40 @@
+From 2cfacab5512cdf9802b267138d06d955989c8593 Mon Sep 17 00:00:00 2001
+From: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
+Date: Tue, 15 Jun 2021 01:38:43 +0530
+Subject: [PATCH] account_service: Fix incorrect pointer dereference flow
+
+The pointer is being dereferenced before checking for null.
+Moved dereferencing of pointer to occur after null check.
+
+Tested:
+ -Built Successfully
+ -No regressions observed.
+
+Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
+---
+ redfish-core/lib/account_service.hpp | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
+index 1619a3e..9263090 100644
+--- a/redfish-core/lib/account_service.hpp
++++ b/redfish-core/lib/account_service.hpp
+@@ -122,13 +122,14 @@ void userErrorMessageHandler(const sd_bus_error* e,
+                              const std::string& newUser,
+                              const std::string& username)
+ {
+-    const char* errorMessage = e->name;
+     if (e == nullptr)
+     {
+         messages::internalError(asyncResp->res);
+         return;
+     }
+ 
++    const char* errorMessage = e->name;
++
+     if (strcmp(errorMessage,
+                "xyz.openbmc_project.User.Common.Error.UserNameExists") == 0)
+     {
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend
index b409243a4..3f4eb3f72 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb_%.bbappend
@@ -56,6 +56,8 @@ SRC_URI += "file://0001-Firmware-update-support-for-StandBySpare.patch \
             file://0039-Return-InternalError-on-DBus-error.patch \
             file://0040-Add-boundary-check-to-avoid-crash.patch \
             file://0041-Revamp-Redfish-Event-Log-Unique-ID-Generation.patch \
+            file://0042-Fix-nlohmann-json-dump-calls.patch \
+            file://0043-account_service-Fix-incorrect-pointer-dereference.patch \
 "
 
 # Temporary downstream mirror of upstream patches, see telemetry\README for details
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/0001-Add-dbus-method-SlotIpmbRequest.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/0001-Add-dbus-method-SlotIpmbRequest.patch
index 3f01cd2c8..d119b4d4f 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/0001-Add-dbus-method-SlotIpmbRequest.patch
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-ipmb/0001-Add-dbus-method-SlotIpmbRequest.patch
@@ -1,4 +1,4 @@
-From 644165bf32fd6e757c261881987d127a865cbf2b Mon Sep 17 00:00:00 2001
+From b0baf051a2b56e87d63d047c4a09a00d6d4bb955 Mon Sep 17 00:00:00 2001
 From: Rajashekar Gade Reddy <raja.sekhar.reddy.gade@linux.intel.com>
 Date: Mon, 23 Mar 2020 22:19:07 +0530
 Subject: [PATCH] Add dbus method SlotIpmbRequest
@@ -33,8 +33,7 @@ ipmitool raw 0x3e 0x51 0 0x01 0xb0 0x6 1
 Note: Tested for all possible negative test cases and it works fine.
 
 Signed-off-by: Rajashekar Gade Reddy <raja.sekhar.reddy.gade@intel.com>
-
-%% original patch: 0001-Add-dbus-method-SlotIpmbRequest.patch
+Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
 ---
  CMakeLists.txt      |   2 +-
  include/linux/i2c.h | 159 ++++++++++++++++++++++++++++++++
@@ -240,7 +239,7 @@ index 0876db7..ff570c6 100644
    ]
  }
 diff --git a/ipmbbridged.cpp b/ipmbbridged.cpp
-index e0eadfc..72ede8c 100644
+index e0eadfc..6e998bf 100644
 --- a/ipmbbridged.cpp
 +++ b/ipmbbridged.cpp
 @@ -18,6 +18,11 @@
@@ -362,7 +361,6 @@ index e0eadfc..72ede8c 100644
 +                                std::shared_ptr<IpmbRequest> request,
 +                                const uint8_t pcieSlot)
 +{
-+    makeRequestValid(request);
 +    std::filesystem::path p =
 +        "/dev/i2c-mux/PCIE_Mux/Pcie_Slot_" + std::to_string(pcieSlot);
 +
@@ -386,6 +384,7 @@ index e0eadfc..72ede8c 100644
 +        return returnStatus(ipmbResponseStatus::error);
 +    }
 +
++    makeRequestValid(request);
 +    uint8_t size = buffer.size();
 +
 +    const uint8_t slaveAddrIndex = 1;
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs/0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs/0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch
new file mode 100644
index 000000000..5b9ba9820
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs/0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch
@@ -0,0 +1,61 @@
+From b8ab6980db2132276b0b74335710fe43a7a0c5b0 Mon Sep 17 00:00:00 2001
+From: "Terry S. Duncan" <terry.s.duncan@linux.intel.com>
+Date: Tue, 23 Feb 2021 14:55:02 -0800
+Subject: [PATCH] Add WA for host OS not retrying when BMC times out
+
+Patch was submitted upstream to add return codes to list being retried.
+This work around changes the completion code to one that the OS will
+retry.
+
+Signed-off-by: Terry S. Duncan <terry.s.duncan@linux.intel.com>
+---
+ kcsbridged.cpp | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/kcsbridged.cpp b/kcsbridged.cpp
+index 38911fa..b72cede 100644
+--- a/kcsbridged.cpp
++++ b/kcsbridged.cpp
+@@ -191,16 +191,21 @@ class SmsChannel
+                 if (ec)
+                 {
+                     log<level::ERR>(
+-                        "kcs<->ipmid bus error:", entry("NETFN=0x%02x", netfn),
+-                        entry("LUN=0x%02x", lun), entry("CMD=0x%02x", cmd),
++                        "kcs<->ipmid DBus error:",
++                        entry("NETFN=0x%02x", netfnCap),
++                        entry("LUN=0x%02x", lunCap),
++                        entry("CMD=0x%02x", cmdCap),
+                         entry("ERROR=%s", ec.message().c_str()));
+-                    // send unspecified error for a D-Bus error
+-                    constexpr uint8_t ccResponseNotAvailable = 0xce;
+-                    rsp.resize(sizeof(netfn) + sizeof(cmd) + sizeof(cc));
++                    // Send cannot-execute error for a D-Bus error.
++                    // This CC gets retried by the host driver.
++                    constexpr uint8_t ccCannotExecute = 0xd5;
++                    rsp.resize(sizeof(netfnCap) + sizeof(cmdCap) + sizeof(cc));
++
++                    // DBUS fail response will have zeros; copy values from req.
+                     rsp[0] =
+                         ((netfnCap + 1) << netFnShift) | (lunCap & lunMask);
+                     rsp[1] = cmdCap;
+-                    rsp[2] = ccResponseNotAvailable;
++                    rsp[2] = ccCannotExecute;
+                 }
+                 else
+                 {
+@@ -233,8 +238,9 @@ class SmsChannel
+                         "Failed to send rsp msg", entry("SIZE=%d", wlen),
+                         entry("EXPECT=%d", rsp.size()),
+                         entry("ERROR=%s", ecWr.message().c_str()),
+-                        entry("NETFN=0x%02x", netfn), entry("LUN=0x%02x", lun),
+-                        entry("CMD=0x%02x", cmd), entry("CC=0x%02x", cc));
++                        entry("NETFN=0x%02x", netfnCap),
++                        entry("LUN=0x%02x", lunCap),
++                        entry("CMD=0x%02x", cmdCap), entry("CC=0x%02x", cc));
+                 }
+             },
+             ipmiQueueService, ipmiQueuePath, ipmiQueueIntf, ipmiQueueMethod,
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs_%.bbappend
index a3dceb01e..d19fe8014 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-kcs_%.bbappend
@@ -13,7 +13,9 @@ SYSTEMD_SERVICE_${PN}_append = " ${PN}@${SMM_DEVICE}.service "
 SRC_URI = "git://github.com/openbmc/kcsbridge.git"
 SRCREV = "d8594e9a62feb8b2fac789159966b4782b4aa31e"
 
-SRC_URI += "file://99-ipmi-kcs.rules"
+SRC_URI += "file://99-ipmi-kcs.rules \
+            file://0001-Add-WA-for-host-OS-not-retrying-when-BMC-times-out.patch \
+"
 
 do_install_append() {
     install -d ${D}${base_libdir}/udev/rules.d
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0012-crypt_algo-Null-check-on-Cipher-context.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0012-crypt_algo-Null-check-on-Cipher-context.patch
new file mode 100644
index 000000000..d4c6a3847
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net/0012-crypt_algo-Null-check-on-Cipher-context.patch
@@ -0,0 +1,47 @@
+From 0b1184586b34ae40976e307d30fc44c3ed71dc11 Mon Sep 17 00:00:00 2001
+From: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
+Date: Fri, 25 Jun 2021 20:23:26 +0530
+Subject: [PATCH] crypt_algo: Null check on Cipher context
+
+There is no Null check performed while creating a new
+Cipher contex. OPENSSL_zalloc can return NULL.
+
+Tested: No regression observed
+
+Change-Id: Ibc135adf9a20783c72116587ed3c45e3d457b3ad
+Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
+---
+ crypt_algo.cpp | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/crypt_algo.cpp b/crypt_algo.cpp
+index c51465f..d5be1cb 100644
+--- a/crypt_algo.cpp
++++ b/crypt_algo.cpp
+@@ -103,6 +103,11 @@ std::vector<uint8_t> AlgoAES128::decryptData(const uint8_t* iv,
+     // Initializes Cipher context
+     EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
+ 
++    if (!ctx)
++    {
++        throw std::runtime_error("EVP_CIPHER_CTX failed");
++    }
++
+     auto cleanupFunc = [](EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_free(ctx); };
+ 
+     std::unique_ptr<EVP_CIPHER_CTX, decltype(cleanupFunc)> ctxPtr(ctx,
+@@ -164,6 +169,11 @@ std::vector<uint8_t> AlgoAES128::encryptData(const uint8_t* input,
+     // Initializes Cipher context
+     EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
+ 
++    if (!ctx)
++    {
++        throw std::runtime_error("EVP_CIPHER_CTX failed");
++    }
++
+     auto cleanupFunc = [](EVP_CIPHER_CTX* ctx) { EVP_CIPHER_CTX_free(ctx); };
+ 
+     std::unique_ptr<EVP_CIPHER_CTX, decltype(cleanupFunc)> ctxPtr(ctx,
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend
index fcf8df18d..f10bb6ef4 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/ipmi/phosphor-ipmi-net_%.bbappend
@@ -23,6 +23,7 @@ SRC_URI += " file://10-nice-rules.conf \
              file://0006-Modify-dbus-namespace-of-chassis-control-for-guid.patch \
              file://0009-Add-dbus-interface-for-sol-commands.patch \
              file://0011-Remove-Get-SOL-Config-Command-from-Netipmid.patch \
+             file://0012-crypt_algo-Null-check-on-Cipher-context.patch \
            "
 
 do_install_append() {
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0003-Add-check-for-min-max-received-from-hwmon-files.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0003-Add-check-for-min-max-received-from-hwmon-files.patch
new file mode 100644
index 000000000..2abfcbd41
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors/0003-Add-check-for-min-max-received-from-hwmon-files.patch
@@ -0,0 +1,95 @@
+From 540b694667c659e2e811ddbb86a73d3356cc1885 Mon Sep 17 00:00:00 2001
+From: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
+Date: Wed, 21 Apr 2021 15:01:18 +0200
+Subject: [PATCH] Add check for min/max received from hwmon files
+
+    When hwmon reports incorrect min/max values or CPU Sensor cannot access
+    readings, it shall keep the last known good readings and not update
+    DBus with incorrect values.
+    This patch adds min < max verification check for the values received
+    from hwmon and removes check for power on/off in the case of a read
+    failure.
+
+    Tested manually on a physical platform, test cases cover incorrect
+    max/min values and failing access to hwmon files.
+    SDR over IPMI can be fully received in the case of error.
+
+Signed-off-by: Wojciech Dembinski <wojciech.dembinski@intel.com>
+Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
+---
+ src/CPUSensor.cpp | 40 ++++++++++++++++++++++------------------
+ 1 file changed, 22 insertions(+), 18 deletions(-)
+
+diff --git a/src/CPUSensor.cpp b/src/CPUSensor.cpp
+index f96b178..a17d5db 100644
+--- a/src/CPUSensor.cpp
++++ b/src/CPUSensor.cpp
+@@ -156,16 +156,21 @@ void CPUSensor::setupRead(void)
+ 
+ void CPUSensor::updateMinMaxValues(void)
+ {
++    double newMin = std::numeric_limits<double>::quiet_NaN();
++    double newMax = std::numeric_limits<double>::quiet_NaN();
++
+     const boost::container::flat_map<
+         std::string,
+         std::vector<std::tuple<const char*, std::reference_wrapper<double>,
+-                               const char*>>>
++                               const char*, std::reference_wrapper<double>>>>
+         map = {
+             {
+                 "cap",
+                 {
+-                    std::make_tuple("cap_max", std::ref(maxValue), "MaxValue"),
+-                    std::make_tuple("cap_min", std::ref(minValue), "MinValue"),
++                    std::make_tuple("cap_max", std::ref(maxValue), "MaxValue",
++                                    std::ref(newMax)),
++                    std::make_tuple("cap_min", std::ref(minValue), "MinValue",
++                                    std::ref(newMin)),
+                 },
+             },
+         };
+@@ -178,26 +183,25 @@ void CPUSensor::updateMinMaxValues(void)
+         {
+             for (const auto& vectorItem : mapIt->second)
+             {
+-                auto [suffix, oldValue, dbusName] = vectorItem;
++                auto [suffix, oldValue, dbusName, newValue] = vectorItem;
+                 auto attrPath = boost::replace_all_copy(path, fileItem, suffix);
+-                if (auto newVal =
+-                        readFile(attrPath, CPUSensor::sensorScaleFactor))
++                if (auto tmp = readFile(attrPath, CPUSensor::sensorScaleFactor))
+                 {
+-                    updateProperty(sensorInterface, oldValue, *newVal,
+-                                   dbusName);
++                    newValue.get() = *tmp;
+                 }
+                 else
+                 {
+-                    if (isPowerOn())
+-                    {
+-                        updateProperty(sensorInterface, oldValue, 0, dbusName);
+-                    }
+-                    else
+-                    {
+-                        updateProperty(sensorInterface, oldValue,
+-                                       std::numeric_limits<double>::quiet_NaN(),
+-                                       dbusName);
+-                    }
++                    newValue.get() = std::numeric_limits<double>::quiet_NaN();
++                }
++            }
++            if (std::isfinite(newMin) && std::isfinite(newMax) &&
++                (newMin < newMax))
++            {
++                for (const auto& vectorItem : mapIt->second)
++                {
++                    auto& [suffix, oldValue, dbusName, newValue] = vectorItem;
++                    updateProperty(sensorInterface, oldValue, newValue,
++                                   dbusName);
+                 }
+             }
+         }
+-- 
+2.7.4
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend
index 5cdb6c525..ab5fdac56 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/sensors/dbus-sensors_%.bbappend
@@ -7,6 +7,7 @@ SRCREV = "8aeffd91ff3434f7812e9fdb6b0b03c6119921dd"
 SRC_URI += "\
     file://intrusionsensor-depend-on-networkd.conf \
     file://0001-Fix-for-intrusionsensor-service-crash.patch \
+    file://0003-Add-check-for-min-max-received-from-hwmon-files.patch \
     "
 
 DEPENDS_append = " libgpiod libmctp"
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend
index a0141f2b7..36b155fe9 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/phosphor-webui_%.bbappend
@@ -1,14 +1,4 @@
 SRC_URI = "git://github.com/Intel-BMC/phosphor-webui;protocol=ssh;branch=intel2"
 FILESEXTRAPATHS_prepend_intel := "${THISDIR}/${PN}:"
 
-SRCREV = "6313c9df615fd85a8617c46444f964b972abdebd"
-
-# Adding the code below as a workaround as
-# favicon gets corrupted during emit due to issue with html-webpack-plugin.
-# This workaround needs to be removed once this issue is fixed in the
-# newer version of  html-webpack-plugin
-do_compile_append() {
-	rm -rf ${S}/dist/favicon.ico.gz
-	mv ${S}/dist/favicon.gz ${S}/dist/favicon.ico.gz
-	rm -rf ${S}/dist/app.bundle.js.LICENSE.txt.gz
-}
+SRCREV = "2397c142c0d75c7705757a52848945b00928232d"
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/init b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/init
new file mode 100755
index 000000000..47995466f
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/init
@@ -0,0 +1,66 @@
+#! /bin/sh
+# /etc/init.d/snmpd: start snmp daemon.
+
+. /etc/init.d/functions
+
+# Defaults
+export MIBDIRS=/usr/share/snmp/mibs
+SNMPDRUN=yes
+SNMPDOPTS='-Lsd -Lf /dev/null -p /var/run/snmpd.pid'
+TRAPDRUN=no
+TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
+PIDFILE=/var/run/snmpd.pid
+SPIDFILE=/var/run/snmptrapd.pid
+
+# Reads config file if exists (will override defaults above)
+[ -r /etc/default/snmpd ] && . /etc/default/snmpd
+
+[ "$SNMPDRUN" = "yes" ] && { test -x /usr/sbin/snmpd || exit 0; }
+[ "$TRAPDRUN" = "yes" ] && { test -x /usr/sbin/snmptrapd || exit 0; }
+
+case "$1" in
+  start)
+    echo -n "Starting network management services:"
+    if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf -a ! -f "$PIDFILE" ]; then
+	start-stop-daemon -o --start --quiet --name snmpd --pidfile "$PIDFILE" \
+		--exec /usr/sbin/snmpd -- $SNMPDOPTS
+	echo -n " snmpd"
+    fi
+    if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf -a ! -f "$SPIDFILE" ]; then
+	start-stop-daemon -o --start --quiet --name snmptrapd  --pidfile "$SPIDFILE" \
+		 --exec /usr/sbin/snmptrapd -- $TRAPDOPTS
+	echo -n " snmptrapd"
+    fi
+    echo "."
+
+    test ! -x /sbin/restorecon || /sbin/restorecon -FR /var/lib/net-snmp
+    ;;
+  stop)
+    echo -n "Stopping network management services:"
+    if [ -f  "$PIDFILE" ] ; then
+	start-stop-daemon -o --stop  --quiet --pidfile $PIDFILE --name snmpd
+    fi
+    echo -n " snmpd"
+    if [ -f "$SPIDFILE" ] ; then
+	start-stop-daemon -o --stop  --quiet --pidfile $SPIDFILE --name snmptrapd
+	rm -rf $SPIDFILE
+    fi
+    echo -n " snmptrapd"
+    echo "."
+    ;;
+  status)
+    status /usr/sbin/snmpd;
+    exit $?
+    ;;
+  restart|reload|force-reload)
+    $0 stop
+    # Allow the daemons time to exit completely.
+    sleep 2
+    $0 start
+    ;;
+  *)
+    echo "Usage: /etc/init.d/snmpd {start|stop|status|restart|reload|force-reload}"
+    exit 1
+esac
+
+exit 0
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmpd.conf b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmpd.conf
new file mode 100644
index 000000000..728171c42
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmpd.conf
@@ -0,0 +1,422 @@
+###############################################################################
+#
+# EXAMPLE.conf:
+#   An example configuration file for configuring the ucd-snmp snmpd agent.
+#
+###############################################################################
+#
+# This file is intended to only be an example.  If, however, you want
+# to use it, it should be placed in /etc/snmp/snmpd.conf.
+# When the snmpd agent starts up, this is where it will look for it.
+#
+# You might be interested in generating your own snmpd.conf file using
+# the "snmpconf" program (perl script) instead.  It's a nice menu
+# based interface to writing well commented configuration files.  Try it!
+#
+# Note: This file is automatically generated from EXAMPLE.conf.def.
+# Do NOT read the EXAMPLE.conf.def file! Instead, after you have run
+# configure & make, and then make sure you read the EXAMPLE.conf file
+# instead, as it will tailor itself to your configuration.
+
+# All lines beginning with a '#' are comments and are intended for you
+# to read.  All other lines are configuration commands for the agent.
+
+#
+# PLEASE: read the snmpd.conf(5) manual page as well!
+#
+
+
+###############################################################################
+# Access Control
+###############################################################################
+
+# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
+# KNOWN AT YOUR SITE.  YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
+# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
+
+# By far, the most common question I get about the agent is "why won't
+# it work?", when really it should be "how do I configure the agent to
+# allow me to access it?"
+#
+# By default, the agent responds to the "public" community for read
+# only access, if run out of the box without any configuration file in 
+# place.  The following examples show you other ways of configuring
+# the agent so that you can change the community names, and give
+# yourself write access as well.
+#
+# The following lines change the access permissions of the agent so
+# that the COMMUNITY string provides read-only access to your entire
+# NETWORK (EG: 10.10.10.0/24), and read/write access to only the
+# localhost (127.0.0.1, not its real ipaddress).
+#
+# For more information, read the FAQ as well as the snmpd.conf(5)
+# manual page.
+
+####
+# First, map the community name (COMMUNITY) into a security name
+# (local and mynetwork, depending on where the request is coming
+# from):
+
+#       sec.name  source          community
+com2sec paranoid  default         public
+#com2sec readonly  default         public
+#com2sec readwrite default         private
+
+####
+# Second, map the security names into group names:
+
+#             	sec.model  sec.name
+group MyROSystem v1        paranoid
+group MyROSystem v2c       paranoid
+group MyROSystem usm       paranoid
+group MyROGroup v1         readonly
+group MyROGroup v2c        readonly
+group MyROGroup usm        readonly
+group MyRWGroup v1         readwrite
+group MyRWGroup v2c        readwrite
+group MyRWGroup usm        readwrite
+
+####
+# Third, create a view for us to let the groups have rights to:
+
+#           incl/excl subtree                          mask
+view all    included  .1                               80
+view system included  .iso.org.dod.internet.mgmt.mib-2.system
+
+####
+# Finally, grant the 2 groups access to the 1 view with different
+# write permissions:
+
+#                context sec.model sec.level match  read   write  notif
+access MyROSystem ""     any       noauth    exact  system none   none
+access MyROGroup ""      any       noauth    exact  all    none   none
+access MyRWGroup ""      any       noauth    exact  all    all    none
+
+# -----------------------------------------------------------------------------
+
+
+###############################################################################
+# System contact information
+#
+
+# It is also possible to set the sysContact and sysLocation system
+# variables through the snmpd.conf file.  **PLEASE NOTE** that setting
+# the value of these objects here makes these objects READ-ONLY
+# (regardless of any access control settings).  Any attempt to set the
+# value of an object whose value is given here will fail with an error
+# status of notWritable.
+
+syslocation Unknown (configure /etc/snmp/snmpd.local.conf)
+syscontact Root <root@localhost> (configure /etc/snmp/snmpd.local.conf)
+
+# Example output of snmpwalk:
+#   % snmpwalk -v 1 -c public localhost system
+#   system.sysDescr.0 = "SunOS name sun4c"
+#   system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4
+#   system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55
+#   system.sysContact.0 = "Me <me@somewhere.org>"
+#   system.sysName.0 = "name"
+#   system.sysLocation.0 = "Right here, right now."
+#   system.sysServices.0 = 72
+
+
+# -----------------------------------------------------------------------------
+
+
+###############################################################################
+# Process checks.
+#
+#  The following are examples of how to use the agent to check for
+#  processes running on the host.  The syntax looks something like:
+#
+#  proc NAME [MAX=0] [MIN=0]
+#
+#  NAME:  the name of the process to check for.  It must match
+#         exactly (ie, http will not find httpd processes).
+#  MAX:   the maximum number allowed to be running.  Defaults to 0.
+#  MIN:   the minimum number to be running.  Defaults to 0.
+
+#
+#  Examples:
+#
+
+#  Make sure mountd is running
+#proc mountd
+
+#  Make sure there are no more than 4 ntalkds running, but 0 is ok too.
+#proc ntalkd 4
+
+#  Make sure at least one sendmail, but less than or equal to 10 are running.
+#proc sendmail 10 1
+
+#  A snmpwalk of the prTable would look something like this:
+# 
+# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.2
+# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1
+# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2
+# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3
+# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd"
+# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd"
+# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail"
+# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0
+# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0
+# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1
+# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0
+# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4
+# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10
+# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0
+# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0
+# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1
+# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1
+# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0
+# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0
+# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running."
+# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = ""
+# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = ""
+# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0
+# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0
+# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0
+#
+#  Note that the errorFlag for mountd is set to 1 because one is not
+#  running (in this case an rpc.mountd is, but thats not good enough),
+#  and the ErrMessage tells you what's wrong.  The configuration
+#  imposed in the snmpd.conf file is also shown.  
+# 
+#  Special Case:  When the min and max numbers are both 0, it assumes
+#  you want a max of infinity and a min of 1.
+#
+
+
+# -----------------------------------------------------------------------------
+
+
+###############################################################################
+# Executables/scripts
+#
+
+#
+#  You can also have programs run by the agent that return a single
+#  line of output and an exit code.  Here are two examples.
+#
+#  exec NAME PROGRAM [ARGS ...]
+#
+#  NAME:     A generic name.
+#  PROGRAM:  The program to run.  Include the path!
+#  ARGS:     optional arguments to be passed to the program
+
+# a simple hello world
+#exec echotest /bin/echo hello world
+
+# Run a shell script containing:
+#
+# #!/bin/sh
+# echo hello world
+# echo hi there
+# exit 35
+#
+# Note:  this has been specifically commented out to prevent
+# accidental security holes due to someone else on your system writing
+# a /tmp/shtest before you do.  Uncomment to use it.
+#
+#exec shelltest /bin/sh /tmp/shtest
+
+# Then, 
+# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.8
+# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
+# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
+# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest"
+# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest"
+# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world"
+# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest"
+# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
+# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35
+# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world."
+# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world."
+# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
+# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
+
+# Note that the second line of the /tmp/shtest shell script is cut
+# off.  Also note that the exit status of 35 was returned.
+
+# -----------------------------------------------------------------------------
+
+
+###############################################################################
+# disk checks
+#
+
+# The agent can check the amount of available disk space, and make
+# sure it is above a set limit.  
+
+# disk PATH [MIN=DEFDISKMINIMUMSPACE]
+#
+# PATH:  mount path to the disk in question.
+# MIN:   Disks with space below this value will have the Mib's errorFlag set.
+#        Default value = DEFDISKMINIMUMSPACE.
+
+# Check the / partition and make sure it contains at least 10 megs.
+
+#disk / 10000
+
+# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.9
+# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0
+# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F 
+# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0"
+# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000
+# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130
+# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325
+# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092
+# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58
+# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0
+# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = ""
+
+# -----------------------------------------------------------------------------
+
+
+###############################################################################
+# load average checks
+#
+
+# load [1MAX=DEFMAXLOADAVE] [5MAX=DEFMAXLOADAVE] [15MAX=DEFMAXLOADAVE]
+#
+# 1MAX:   If the 1 minute load average is above this limit at query
+#         time, the errorFlag will be set.
+# 5MAX:   Similar, but for 5 min average.
+# 15MAX:  Similar, but for 15 min average.
+
+# Check for loads:
+#load 12 14 14
+
+# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.10
+# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1
+# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2
+# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3
+# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1"
+# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5"
+# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15"
+# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 
+# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 
+# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 
+# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00"
+# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00"
+# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00"
+# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0
+# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0
+# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0
+# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = ""
+# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = ""
+# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = ""
+
+# -----------------------------------------------------------------------------
+
+
+###############################################################################
+# Extensible sections.
+# 
+
+# This alleviates the multiple line output problem found in the
+# previous executable mib by placing each mib in its own mib table:
+
+# Run a shell script containing:
+#
+# #!/bin/sh
+# echo hello world
+# echo hi there
+# exit 35
+#
+# Note:  this has been specifically commented out to prevent
+# accidental security holes due to someone else on your system writing
+# a /tmp/shtest before you do.  Uncomment to use it.
+#
+# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest
+
+# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.50
+# enterprises.ucdavis.50.1.1 = 1
+# enterprises.ucdavis.50.2.1 = "shelltest"
+# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest"
+# enterprises.ucdavis.50.100.1 = 35
+# enterprises.ucdavis.50.101.1 = "hello world."
+# enterprises.ucdavis.50.101.2 = "hi there."
+# enterprises.ucdavis.50.102.1 = 0
+
+# Now the Output has grown to two lines, and we can see the 'hi
+# there.' output as the second line from our shell script.
+#
+# Note that you must alter the mib.txt file to be correct if you want
+# the .50.* outputs above to change to reasonable text descriptions.
+
+# Other ideas:
+# 
+# exec .1.3.6.1.4.1.2021.51 ps /bin/ps 
+# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top
+# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq
+
+# -----------------------------------------------------------------------------
+
+
+###############################################################################
+# Pass through control.
+# 
+
+# Usage:
+#   pass MIBOID EXEC-COMMAND
+#
+# This will pass total control of the mib underneath the MIBOID
+# portion of the mib to the EXEC-COMMAND.  
+#
+# Note:  You'll have to change the path of the passtest script to your
+# source directory or install it in the given location.
+# 
+# Example:  (see the script for details)
+#           (commented out here since it requires that you place the
+#           script in the right location. (its not installed by default))
+
+# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/passtest
+
+# % snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255
+# enterprises.ucdavis.255.1 = "life the universe and everything"
+# enterprises.ucdavis.255.2.1 = 42
+# enterprises.ucdavis.255.2.2 = OID: 42.42.42
+# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42
+# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1
+# enterprises.ucdavis.255.5 = 42
+# enterprises.ucdavis.255.6 = Gauge: 42
+#
+# % snmpget -v 1 -c public localhost .1.3.6.1.4.1.2021.255.5
+# enterprises.ucdavis.255.5 = 42
+#
+# % snmpset -v 1 -c public localhost .1.3.6.1.4.1.2021.255.1 s "New string"
+# enterprises.ucdavis.255.1 = "New string"
+#
+
+# For specific usage information, see the man/snmpd.conf.5 manual page
+# as well as the local/passtest script used in the above example.
+
+###############################################################################
+# Subagent control
+#
+
+# The agent can support subagents using a number of extension mechanisms.
+# From the 4.2.1 release, AgentX support is being compiled in by default.
+# However, this is still experimental code, so should not be used on
+# critical production systems.
+#   Please see the file README.agentx for more details.
+#
+# If having read, marked, learnt and inwardly digested this information,
+# you decide that you do wish to make use of this mechanism, simply
+# uncomment the following directive.
+#
+#  master  agentx
+#
+# I repeat - this is *NOT* regarded as suitable for front-line production
+# systems, though it is probably stable enough for day-to-day use.
+# Probably.
+#
+# No refunds will be given.
+
+###############################################################################
+# Further Information
+#
+#  See the snmpd.conf manual page, and the output of "snmpd -H".
+#  MUCH more can be done with the snmpd.conf than is shown as an
+#  example here.
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmptrapd.conf b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmptrapd.conf
new file mode 100644
index 000000000..8d2e4375e
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/files/snmptrapd.conf
@@ -0,0 +1,18 @@
+###############################################################################
+#
+# EXAMPLE.conf:
+#   An example configuration file for configuring the ucd-snmp snmptrapd agent.
+#
+###############################################################################
+#
+# This file is intended to only be an example.  If, however, you want
+# to use it, it should be placed in /etc/snmp/snmptrapd.conf.
+# When the snmptrapd agent starts up, this is where it will look for it.
+#
+# All lines beginning with a '#' are comments and are intended for you
+# to read.  All other lines are configuration commands for the agent.
+
+#
+# PLEASE: read the snmptrapd.conf(5) manual page as well!
+#
+
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch
new file mode 100644
index 000000000..4cd729044
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch
@@ -0,0 +1,39 @@
+From 6f8ea2e841ad45eed193310b599d3f3b410ae91d Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Fri, 29 Jan 2021 08:49:15 +0000
+Subject: [PATCH] ac_add_search_path.m4: keep consistent between 32bit and 64bit
+
+With configure option "--with-openssl=${STAGING_EXECPREFIXDIR}", it behaves
+differently between 32bit and 64bit system as the openssl lib resides under
+/build/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib64
+for 64bit system, but resides under [1] for 32bit system.
+
+So add the patch to fix the gap between 32bit and 64bit system.
+
+[1] /build/tmp/work/corei7-64-wrs-linux/net-snmp/5.9-r0/recipe-sysroot/usr/lib
+
+Upstream-Status: Inappropriate [configuration specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ m4/ac_add_search_path.m4 | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/m4/ac_add_search_path.m4 b/m4/ac_add_search_path.m4
+index 8e0a819..961f587 100644
+--- a/m4/ac_add_search_path.m4
++++ b/m4/ac_add_search_path.m4
+@@ -3,8 +3,8 @@ dnl Add a search path to the LIBS and CPPFLAGS variables
+ dnl
+ AC_DEFUN([AC_ADD_SEARCH_PATH],[
+   if test "x$1" != x -a -d $1; then
+-     if test -d $1/lib; then
+-       LDFLAGS="-L$1/lib $LDFLAGS"
++     if test -d $1/${libdir:5}; then
++       LDFLAGS="-L$1/${libdir:5} $LDFLAGS"
+      fi
+      if test -d $1/include; then
+ 	CPPFLAGS="-I$1/include $CPPFLAGS"
+-- 
+2.29.2
+
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch
new file mode 100644
index 000000000..05a47f61c
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-config_os_headers-Error-Fix.patch
@@ -0,0 +1,35 @@
+From 69d4c517c07f55c505090e48d96ace8cd599fb26 Mon Sep 17 00:00:00 2001
+From: Li xin <lixin.fnst@cn.fujitsu.com>
+Date: Fri, 21 Aug 2015 18:23:13 +0900
+Subject: [PATCH] config_os_headers: Error Fix
+
+ERROR: This autoconf log indicates errors, it looked at host include
+and/or library paths while determining system capabilities.
+cc1: warning: include location "/usr/local/include" is unsafe for cross-compilation [-Wpoison-system-directories]
+conftest.c:168:17: fatal error: pkg.h: No such file or directory
+ #include <pkg.h>
+                 ^
+
+Upstream-Status: pending
+
+Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
+
+---
+ configure.d/config_os_headers | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers
+index f07d512..2363b42 100644
+--- a/configure.d/config_os_headers
++++ b/configure.d/config_os_headers
+@@ -395,8 +395,8 @@ then
+     unset ac_cv_header_pkg_h
+     netsnmp_save_CPPFLAGS="$CPPFLAGS"
+     netsnmp_save_LDFLAGS="$LDFLAGS"
+-    CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+-    LDFLAGS="$LDFLAGS -L/usr/local/lib"
++    CPPFLAGS="$CPPFLAGS"
++    LDFLAGS="$LDFLAGS"
+     AC_CHECK_HEADERS(pkg.h,
+         NETSNMP_SEARCH_LIBS(pkg_init, pkg,
+ 	    AC_DEFINE(HAVE_LIBPKG, 1, [define if you have BSD pkg-ng])))
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch
new file mode 100644
index 000000000..22e591556
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-get_pid_from_inode-Include-limit.h.patch
@@ -0,0 +1,27 @@
+From 2bf1bbe1d428ed06d57aa76b03e394b72ff2216d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 22 Jul 2016 18:34:39 +0000
+Subject: [PATCH] get_pid_from_inode: Include limit.h
+
+PATH_MAX and NAME_MAX are required by this file
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ agent/mibgroup/util_funcs/get_pid_from_inode.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/agent/mibgroup/util_funcs/get_pid_from_inode.c b/agent/mibgroup/util_funcs/get_pid_from_inode.c
+index aee907d..7abaec2 100644
+--- a/agent/mibgroup/util_funcs/get_pid_from_inode.c
++++ b/agent/mibgroup/util_funcs/get_pid_from_inode.c
+@@ -6,6 +6,7 @@
+ #include <net-snmp/output_api.h>
+ 
+ #include <ctype.h>
++#include <limits.h>
+ #include <stdio.h>
+ #if HAVE_STDLIB_H
+ #include <stdlib.h>
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch
new file mode 100644
index 000000000..42352a6b0
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch
@@ -0,0 +1,34 @@
+From f3ff99736b8cccbba77349b0d10a3cee366a4c87 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 18 Sep 2015 00:28:45 -0400
+Subject: [PATCH] snmplib/keytools.c: Don't check for return from
+
+ EVP_MD_CTX_init()
+
+EVP_MD_CTX_init() API returns void, it fixes errors with new compilers
+
+snmplib/keytools.c: In function 'generate_Ku': error: invalid use of void expression
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
+
+---
+ snmplib/keytools.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/snmplib/keytools.c b/snmplib/keytools.c
+index 129a7c0..2fc1efc 100644
+--- a/snmplib/keytools.c
++++ b/snmplib/keytools.c
+@@ -183,10 +183,7 @@ generate_Ku(const oid * hashtype, u_int hashtype_len,
+     ctx = EVP_MD_CTX_create();
+ #else
+     ctx = malloc(sizeof(*ctx));
+-    if (!EVP_MD_CTX_init(ctx)) {
+-        rval = SNMPERR_GENERR;
+-        goto generate_Ku_quit;
+-    }
++    EVP_MD_CTX_init(ctx);
+ #endif
+     if (!EVP_DigestInit(ctx, hashfn)) {
+         rval = SNMPERR_GENERR;
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch
new file mode 100644
index 000000000..c973bde72
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0002-configure-fix-a-cc-check-issue.patch
@@ -0,0 +1,28 @@
+From 0a02ac779c51a2b4af3b58cb96967bf3eff80367 Mon Sep 17 00:00:00 2001
+From: Wenlin Kang <wenlin.kang@windriver.com>
+Date: Wed, 24 May 2017 16:45:34 +0800
+Subject: [PATCH] configure: fix a cc check issue.
+
+When has "." in cc value, the expression
+$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'
+can't get corretly the cc's value.
+
+Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
+
+---
+ configure.d/config_project_perl_python | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.d/config_project_perl_python b/configure.d/config_project_perl_python
+index 475c843..22d2ad3 100644
+--- a/configure.d/config_project_perl_python
++++ b/configure.d/config_project_perl_python
+@@ -87,7 +87,7 @@ if test "x$install_perl" != "xno" ; then
+     if test "x$enable_perl_cc_checks" != "xno" ; then
+         AC_MSG_CHECKING([for Perl cc])
+         changequote(, )
+-        PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\w\s\/]+).;\s*/$1/);'`
++        PERLCC=`$myperl -V:cc | $myperl -n -e 'print if (s/^\s*cc=.([-=\.\w\s\/]+).;\s*/$1/);'`
+         changequote([, ])
+         if test "x$PERLCC" != "x" ; then
+             AC_MSG_RESULT([$PERLCC])
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch
new file mode 100644
index 000000000..bfddc63dd
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/0004-configure-fix-incorrect-variable.patch
@@ -0,0 +1,28 @@
+From 011bdcd07f2a289d0cfc1b411c03c0cc7c42dad1 Mon Sep 17 00:00:00 2001
+From: Wenlin Kang <wenlin.kang@windriver.com>
+Date: Wed, 24 May 2017 17:10:20 +0800
+Subject: [PATCH] configure: fix incorrect variable
+
+For cross compile platform, this variable will not be correct, so fix it.
+
+Upstream-Status: Inappropriate [cross compile specific]
+
+Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
+
+---
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 912f6b2..a53d1b2 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -174,7 +174,7 @@ OTHERCLEANTODOS=perlclean @PYTHONCLEANTARGS@ cleanfeatures perlcleanfeatures pyt
+ #
+ # override LD_RUN_PATH to avoid dependencies on the build directory
+ perlmodules: perlmakefiles subdirs
+-	@(cd perl ; $(MAKE) LD_RUN_PATH="$(libdir):`$(PERL) -e 'use Config; print qq($$Config{archlibexp}/CORE);'`") ; \
++	@(cd perl ; $(MAKE) LD_RUN_PATH="$(libdir):`$(PERL) -e 'use Config; print qq($$Config{installprivlib}/CORE);'`") ; \
+         if test $$? != 0 ; then \
+            exit 1 ; \
+         fi
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch
new file mode 100644
index 000000000..26dd014ce
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/fix-libtool-finish.patch
@@ -0,0 +1,34 @@
+From 27444fbf8323679ea0551a3bd5f04c365143d8c0 Mon Sep 17 00:00:00 2001
+From: "Roy.Li" <rongqing.li@windriver.com>
+Date: Fri, 16 Jan 2015 14:14:01 +0800
+Subject: [PATCH] net-snmp: fix "libtool --finish"
+
+LIB_LDCONFIG_CMD failed since it is using a host dir $(libdir)
+which is /usr/lib64 does not exist on host when compile 64bit
+image.
+
+In fact, configuring dynamic linker run-time bindings is meaningless
+at this step,  If it is needed, Poky would write ldconfig scripts to
+rpm-postinst for each recipe while do_package, in package.bbclass.
+
+Upstream-Status: Inappropriate [cross compile specific]
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+
+---
+ Makefile.top | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.top b/Makefile.top
+index 6315401..fc0ee06 100644
+--- a/Makefile.top
++++ b/Makefile.top
+@@ -89,7 +89,7 @@ LIBREVISION = 0
+ LIB_LD_CMD      = $(LIBTOOL) --mode=link $(LINKCC) $(CFLAGS) -rpath $(libdir) -version-info $(LIBCURRENT):$(LIBREVISION):$(LIBAGE) -o
+ LIB_EXTENSION   = la
+ LIB_VERSION     =
+-LIB_LDCONFIG_CMD = $(LIBTOOL) --mode=finish $(INSTALL_PREFIX)$(libdir)
++LIB_LDCONFIG_CMD = echo "do not ldconfig\n"
+ LINK		= $(LIBTOOL) --mode=link $(LINKCC)
+ # RANLIB 	= @RANLIB@
+ RANLIB		= :
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
new file mode 100644
index 000000000..da6d80ef4
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch
@@ -0,0 +1,43 @@
+From b6a3d6c8af35f1ef27b80b0516742fce89f4eb29 Mon Sep 17 00:00:00 2001
+From: Marian Florea <marian.florea@windriver.com>
+Date: Thu, 20 Jul 2017 16:55:24 +0800
+Subject: [PATCH] net snmp: fix engineBoots value on SIGHUP
+
+Upstream-Status: Pending
+
+Signed-off-by: Marian Florea <marian.florea@windriver.com>
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+
+---
+ agent/snmpd.c    | 1 +
+ snmplib/snmpv3.c | 4 ++--
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/agent/snmpd.c b/agent/snmpd.c
+index ae73eda..66b4560 100644
+--- a/agent/snmpd.c
++++ b/agent/snmpd.c
+@@ -1207,6 +1207,7 @@ receive(void)
+ 	    snmp_log(LOG_INFO, "NET-SNMP version %s restarted\n",
+ 		     netsnmp_get_version());
+             update_config();
++            snmp_store(app_name);
+             send_easy_trap(SNMP_TRAP_ENTERPRISESPECIFIC, 3);
+ #if HAVE_SIGHOLD
+             sigrelse(SIGHUP);
+diff --git a/snmplib/snmpv3.c b/snmplib/snmpv3.c
+index 29c2a0f..ada961c 100644
+--- a/snmplib/snmpv3.c
++++ b/snmplib/snmpv3.c
+@@ -1059,9 +1059,9 @@ init_snmpv3_post_config(int majorid, int minorid, void *serverarg,
+     /*
+      * if our engineID has changed at all, the boots record must be set to 1 
+      */
+-    if (engineIDLen != oldEngineIDLength ||
++    if (oldEngineIDLength != (size_t)0 && (engineIDLen != oldEngineIDLength ||
+         oldEngineID == NULL || c_engineID == NULL ||
+-        memcmp(oldEngineID, c_engineID, engineIDLen) != 0) {
++        memcmp(oldEngineID, c_engineID, engineIDLen) != 0)) {
+         engineBoots = 1;
+     }
+ 
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch
new file mode 100644
index 000000000..f1ebe2bb6
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-add-knob-whether-nlist.h-are-checked.patch
@@ -0,0 +1,36 @@
+From e507dcf8b29c55011f85d88bf05400d4717e4074 Mon Sep 17 00:00:00 2001
+From: Chong Lu <Chong.Lu@windriver.com>
+Date: Thu, 28 May 2020 09:46:34 -0500
+Subject: [PATCH] net-snmp: add knob whether nlist.h are checked
+
+Previously, it still was checked when there was no nlish.h in sysroots directory.
+Add knob to decide whether nlist.h are checked or not.
+
+Upstream-status: Pending
+
+Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
+
+---
+ configure.d/config_os_headers | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/configure.d/config_os_headers b/configure.d/config_os_headers
+index 76ef58a..f07d512 100644
+--- a/configure.d/config_os_headers
++++ b/configure.d/config_os_headers
+@@ -37,6 +37,7 @@ AC_CHECK_HEADERS([getopt.h   pthread.h  regex.h      ] dnl
+                  [sys/timeb.h        ])
+ 
+ #  Library and Agent:
++if test "x$with_elf" != "xno"; then
+ AC_CHECK_HEADERS([nlist.h],,,[
+ AC_INCLUDES_DEFAULT
+ [
+@@ -44,6 +45,7 @@ AC_INCLUDES_DEFAULT
+ #define LIBBSD_DISABLE_DEPRECATED 1
+ #endif
+ ]])
++fi
+ 
+ #  Library:
+ AC_CHECK_HEADERS([crt_externs.h                        ] dnl
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch
new file mode 100644
index 000000000..2941a3609
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-fix-for-disable-des.patch
@@ -0,0 +1,30 @@
+From 3ca4335ec1d6b7b384c134fc85d7a9e513c68376 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Thu, 22 Jun 2017 10:25:08 +0800
+Subject: [PATCH] net-snmp: fix for --disable-des
+
+Include des.h only if it's found in openssl so that
+the --disable-des works correctly.
+
+Upstream-Status: Submitted [net-snmp-coders@lists.sourceforge.net]
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+
+---
+ snmplib/scapi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/snmplib/scapi.c b/snmplib/scapi.c
+index 00c9174..c6875e1 100644
+--- a/snmplib/scapi.c
++++ b/snmplib/scapi.c
+@@ -85,7 +85,9 @@ netsnmp_feature_child_of(usm_scapi, usm_support);
+ #include <openssl/hmac.h>
+ #include <openssl/evp.h>
+ #include <openssl/rand.h>
++#ifdef HAVE_OPENSSL_DES_H
+ #include <openssl/des.h>
++#endif
+ #ifdef HAVE_AES
+ #include <openssl/aes.h>
+ #endif
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch
new file mode 100644
index 000000000..807983f61
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/net-snmp-testing-add-the-output-format-for-ptest.patch
@@ -0,0 +1,35 @@
+From 972df16e9599dffddf5d714a4cbf43008c771122 Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Wed, 14 Jan 2015 15:10:06 +0800
+Subject: [PATCH] testing: add the output format for ptest
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+
+---
+ testing/RUNTESTS | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/testing/RUNTESTS b/testing/RUNTESTS
+index 6715831..a2b6fb8 100755
+--- a/testing/RUNTESTS
++++ b/testing/RUNTESTS
+@@ -17,13 +17,17 @@ failed_count=0
+ rm -f failed_tests
+ for i in "${srcdir}"/testing/fulltests/default/T*$1*; do
+     echo "RUNNING $i"
++    test_name=`basename $i`
+     ${srcdir}/testing/fulltests/support/simple_run $i
+     if [ $? = 0 ]; then
++        echo "PASS: $test_name"
+         success_count=`expr $success_count + 1`
+     else
++        echo "FAIL: $test_name"
+         failed_count=`expr $failed_count + 1`
+         echo "$i" >> failed_tests
+     fi
++    echo
+ done
+ 
+ if [ -f failed_tests ]; then
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch
new file mode 100644
index 000000000..bf1e7bedf
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/reproducibility-have-printcap.patch
@@ -0,0 +1,30 @@
+From 84e362fe97f50fbad69f083bc2d8fe18f83eb2f7 Mon Sep 17 00:00:00 2001
+From: "douglas.royds" <douglas.royds@taitradio.com>
+Date: Wed, 21 Nov 2018 13:52:18 +1300
+Subject: [PATCH] net-snmp: Reproducibility: Don't check build host for
+
+Reproducible build: Don't check for /etc/printcap on the build machine when
+cross-compiling. Use AC_CHECK_FILE to set the cached variable
+ac_cv_file__etc_printcap instead. When cross-compiling, this variable should be
+set in the environment to "yes" or "no" as appropriate for the target platform.
+
+---
+ configure.d/config_os_misc4 | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.d/config_os_misc4 b/configure.d/config_os_misc4
+index 6f23c8e..8cea75a 100644
+--- a/configure.d/config_os_misc4
++++ b/configure.d/config_os_misc4
+@@ -99,9 +99,9 @@ if test x$LPSTAT_PATH != x; then
+ 	[Path to the lpstat command])
+     AC_DEFINE(HAVE_LPSTAT, 1, [Set if the lpstat command is available])
+ fi
+-if test -r /etc/printcap; then
++AC_CHECK_FILE([/etc/printcap],
+     AC_DEFINE(HAVE_PRINTCAP, 1, [Set if /etc/printcap exists])
+-fi
++)
+ 
+ 
+ #       Check ps args
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/run-ptest b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/run-ptest
new file mode 100755
index 000000000..76514c202
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/run-ptest
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+workdir=$(dirname `realpath $0`)
+cd ${workdir}/testing
+./RUNTESTS
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmpd.service b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmpd.service
new file mode 100644
index 000000000..447683f85
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmpd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Simple Network Management Protocol (SNMP) Daemon.
+After=syslog.target network.target
+
+[Service]
+Type=notify
+Environment=OPTIONS="-Ls0-6d"
+EnvironmentFile=-/etc/default/snmpd
+ExecStart=/usr/sbin/snmpd $OPTIONS -a -f
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmptrapd.service b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmptrapd.service
new file mode 100644
index 000000000..951f9f270
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/snmptrapd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Simple Network Management Protocol (SNMP) Trap Daemon.
+After=syslog.target network.target
+
+[Service]
+Type=notify
+Environment=OPTIONS="-Lsd"
+EnvironmentFile=-/etc/default/snmptrapd
+ExecStart=/usr/sbin/snmptrapd $OPTIONS -f
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/systemd-support.patch b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/systemd-support.patch
new file mode 100644
index 000000000..c6af8c0f3
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp/systemd-support.patch
@@ -0,0 +1,1652 @@
+From 0cad0c6c36af2a2d589563804c9ed2b37b7085fb Mon Sep 17 00:00:00 2001
+From: Li xin <lixin.fnst@cn.fujitsu.com>
+Date: Fri, 21 Aug 2015 14:37:02 +0900
+Subject: [PATCH] ystemd support backported from the master branch as of
+ 23/04/2012 (post 5.7.1, pre 5.8).
+
+The following commits have been cherry-picked:
+
+19499c3c90bf9d7b2b9e5d08baa26cc6bba28a11
+fef6cddfdb94da1a6b1fb768af62918b80f11fd3
+0641e43c694c485cbbffef0556efc4641bd3ff50
+76530a89f1c8bbd0b63acce63e10d5d4812a1a16 (conflict resolved)
+bf108d7f1354f6276fc43c129963f2c49b9fc242
+3692875172352f72cf3afd0d35f355e83d7e421b
+74412748067c685e1d8ab6ed3bcc3ca9c2774844
+86132e3f1e6ef7b4e0b96d8fa24e37c81b71b0e0
+63557cf8986a33dba1d4429b583a901361052c4f
+
+Upstream-Status: Backport
+
+Signed-off-by: Thomas Fitzsimmons <fitzsim@cisco.com>
+---
+ README.systemd                             |  41 +++
+ agent/snmpd.c                              |  33 +-
+ apps/snmptrapd.c                           |  32 +-
+ configure.d/config_modules_lib             |   8 +
+ configure.d/config_project_with_enable     |   9 +
+ dist/snmpd.servic                          |  18 +
+ dist/snmpd.socket                          |  17 +
+ dist/snmptrapd.service                     |  16 +
+ dist/snmptrapd.socket                      |  14 +
+ include/net-snmp/library/sd-daemon.h       | 290 ++++++++++++++++
+ snmplib/sd-daemon.c                        | 532 +++++++++++++++++++++++++++++
+ snmplib/transports/snmpTCPDomain.c         |  43 ++-
+ snmplib/transports/snmpTCPIPv6Domain.c     |  46 ++-
+ snmplib/transports/snmpUDPIPv4BaseDomain.c |  33 +-
+ snmplib/transports/snmpUDPIPv6Domain.c     |  34 +-
+ snmplib/transports/snmpUnixDomain.c        |  66 ++--
+ win32/libsnmp/Makefile.in                  |   6 +
+ win32/net-snmp/net-snmp-config.h           |   2 +
+ win32/net-snmp/net-snmp-config.h.in        |   2 +
+ 19 files changed, 1176 insertions(+), 66 deletions(-)
+ create mode 100644 README.systemd
+ create mode 100644 dist/snmpd.servic
+ create mode 100644 dist/snmpd.socket
+ create mode 100644 dist/snmptrapd.service
+ create mode 100644 dist/snmptrapd.socket
+ create mode 100644 include/net-snmp/library/sd-daemon.h
+ create mode 100644 snmplib/sd-daemon.c
+
+diff --git a/README.systemd b/README.systemd
+new file mode 100644
+index 0000000..dba15d1
+--- /dev/null
++++ b/README.systemd
+@@ -0,0 +1,41 @@
++README.systemd
++--------------
++Net-SNMP provides two daemons, which support systemd system manager.
++See http://www.freedesktop.org/wiki/Software/systemd to learn how
++systemd works. Both socket activation and notification is supported by these
++daemons.
++
++To enable systemd support, the sources must be compiled with
++--with-systemd configure option.
++
++snmpd - The SNMP agent
++----------------------
++Socket activation od snmpd daemon is implemented, but it's discouraged.
++The reason is simple - snmpd not only listens and processes SNMP requests
++from network, but also gathers system statistics counters, sends traps and
++communicates with subagents. It even opens few netlink sockets.
++
++In other words, snmpd should run from system start to properly work.
++This can be done in two ways:
++1) either as snmpd service unit with 'Type=notification' and without a socket
++   unit
++2) or as snmpd service unit with 'Type=simple', appropriate socket socket unit
++   and the snmpd service enabled. This way systemd creates the snmpd listening
++   socket early during boot and passes the sockets to snmpd slightly later
++   (but still during machine boot). This way systemd can paralelize start of
++   services, which depend on snmpd. Admins must adjust the socket file manually,
++   depending if the snmpd support AgentX, IPv6, SMUX etc.
++
++snmpd should be started with '-f' command line parameter to disable forking -
++systemd does that for us automatically.
++
++
++snmptrapd - The trap processing daemon
++--------------------------------------
++snmptrapd supports full socket activation and also notification (if needed).
++Both 'Type=simple' (with appropriate socket unit) and 'Type=notify' services
++will work. Again, '-f' parameter should be provided on snmptrapd command line.
++
++If integration with SNMP agent using AgentX protocol is enabled, snmptrapd should
++start during boot and not after first SNMP trap arrives. Same rules as for snmpd
++applies then.
+diff --git a/agent/snmpd.c b/agent/snmpd.c
+index cfc7bce..116ee5c 100644
+--- a/agent/snmpd.c
++++ b/agent/snmpd.c
+@@ -164,6 +164,10 @@ typedef long    fd_mask;
+ 
+ #endif
+ 
++#ifndef NETSNMP_NO_SYSTEMD
++#include <net-snmp/library/sd-daemon.h>
++#endif
++
+ netsnmp_feature_want(logging_file)
+ netsnmp_feature_want(logging_stdio)
+ netsnmp_feature_want(logging_syslog)
+@@ -443,19 +447,29 @@ main(int argc, char *argv[])
+     int             agent_mode = -1;
+     char           *pid_file = NULL;
+     char            option_compatability[] = "-Le";
++#ifndef WIN32
++    int             prepared_sockets = 0;
++#endif
+ #if HAVE_GETPID
+     int fd;
+     FILE           *PID;
+ #endif
+ 
+ #ifndef WIN32
++#ifndef NETSNMP_NO_SYSTEMD
++    /* check if systemd has sockets for us and don't close them */
++    prepared_sockets = netsnmp_sd_listen_fds(0);
++#endif /* NETSNMP_NO_SYSTEMD */
++
+     /*
+      * close all non-standard file descriptors we may have
+      * inherited from the shell.
+      */
+-    for (i = getdtablesize() - 1; i > 2; --i) {
+-        (void) close(i);
+-    }
++    if (!prepared_sockets) {
++        for (i = getdtablesize() - 1; i > 2; --i) {
++            (void) close(i);
++        }    
++}
+ #endif /* #WIN32 */
+     
+     /*
+@@ -1107,6 +1121,19 @@ main(int argc, char *argv[])
+     netsnmp_addrcache_initialise();
+ 
+     /*
++     * Let systemd know we're up.
++     */
++#ifndef NETSNMP_NO_SYSTEMD
++    netsnmp_sd_notify(1, "READY=1\n");
++    if (prepared_sockets)
++        /*
++         * Clear the environment variable, we already processed all the sockets
++         * by now.
++         */
++        netsnmp_sd_listen_fds(1);
++#endif
++
++    /*
+      * Forever monitor the dest_port for incoming PDUs.  
+      */
+     DEBUGMSGTL(("snmpd/main", "We're up.  Starting to process data.\n"));
+diff --git a/apps/snmptrapd.c b/apps/snmptrapd.c
+index bce0d47..c6a74ec 100644
+--- a/apps/snmptrapd.c
++++ b/apps/snmptrapd.c
+@@ -125,6 +125,10 @@ SOFTWARE.
+ 
+ #include <net-snmp/net-snmp-features.h>
+ 
++#ifndef NETSNMP_NO_SYSTEMD
++#include <net-snmp/library/sd-daemon.h>
++#endif
++
+ #ifndef BSD4_3
+ #define BSD4_2
+ #endif
+@@ -657,16 +661,25 @@ main(int argc, char *argv[])
+     int             agentx_subagent = 1;
+ #endif
+     netsnmp_trapd_handler *traph;
++#ifndef WIN32
++    int             prepared_sockets = 0;
++#endif
+ 
+ 
+ #ifndef WIN32
++#ifndef NETSNMP_NO_SYSTEMD
++    /* check if systemd has sockets for us and don't close them */
++    prepared_sockets = netsnmp_sd_listen_fds(0);
++#endif
+     /*
+      * close all non-standard file descriptors we may have
+      * inherited from the shell.
+      */
+-    for (i = getdtablesize() - 1; i > 2; --i) {
+-        (void) close(i);
+-    }
++    if (!prepared_sockets) {
++        for (i = getdtablesize() - 1; i > 2; --i) {
++            (void) close(i);
++        }    
++}
+ #endif /* #WIN32 */
+     
+ #ifdef SIGTERM
+@@ -1318,6 +1331,19 @@ main(int argc, char *argv[])
+ #endif
+ #endif
+ 
++    /*
++     * Let systemd know we're up.
++     */
++#ifndef NETSNMP_NO_SYSTEMD
++    netsnmp_sd_notify(1, "READY=1\n");
++    if (prepared_sockets)
++        /*
++         * Clear the environment variable, we already processed all the sockets
++         * by now.
++         */
++        netsnmp_sd_listen_fds(1);
++#endif
++
+ #ifdef WIN32SERVICE
+     trapd_status = SNMPTRAPD_RUNNING;
+ #endif
+diff --git a/configure.d/config_modules_lib b/configure.d/config_modules_lib
+index 362ba0a..bb69daa 100644
+--- a/configure.d/config_modules_lib
++++ b/configure.d/config_modules_lib
+@@ -53,6 +53,14 @@ if test "x$PARTIALTARGETOS" = "xmingw32" -o "x$PARTIALTARGETOS" = "xmingw32msvc"
+   other_ftobjs_list="$other_ftobjs_list winpipe.ft"
+ fi
+ 
++# Linux systemd
++if test "x$with_systemd" == "xyes"; then
++  other_src_list="$other_src_list sd-daemon.c"
++  other_objs_list="$other_objs_list sd-daemon.o"
++  other_lobjs_list="$other_lobjs_list sd-daemon.lo"
++  other_ftobjs_list="$other_ftobjs_list sd-daemon.ft"
++fi
++
+ AC_SUBST(other_src_list)
+ AC_SUBST(other_objs_list)
+ AC_SUBST(other_lobjs_list)
+diff --git a/configure.d/config_project_with_enable b/configure.d/config_project_with_enable
+index 61ba026..d782d12 100644
+--- a/configure.d/config_project_with_enable
++++ b/configure.d/config_project_with_enable
+@@ -690,6 +690,15 @@ if test "x$with_dummy_values" != "xyes"; then
+      data for])
+ fi
+ 
++NETSNMP_ARG_WITH(systemd,
++[  --with-systemd                 Provide systemd support. See README.systemd
++                                  for details.])
++# Define unless specifically suppressed (i.e., option defaults to false).
++if test "x$with_systemd" != "xyes"; then
++  AC_DEFINE(NETSNMP_NO_SYSTEMD, 1,
++    [If you don't want to integrate with systemd.])
++fi
++
+ NETSNMP_ARG_ENABLE(set-support,
+ [  --disable-set-support           Do not allow SNMP set requests.])
+ if test "x$enable_set_support" = "xno"; then
+diff --git a/dist/snmpd.servic b/dist/snmpd.servic
+new file mode 100644
+index 0000000..31391e5
+--- /dev/null
++++ b/dist/snmpd.servic
+@@ -0,0 +1,18 @@
++#
++# SNMP agent service file for systemd
++#
++#
++# The service should be enabled, i.e. snmpd should start during machine boot.
++# Socket activation shall not be used. See README.systemd for details.
++
++[Unit]
++Description=Simple Network Management Protocol (SNMP) daemon.
++After=syslog.target network.target
++
++[Service]
++# Type=notify is also supported. It should be set when snmpd.socket is not used.
++Type=simple
++ExecStart=/usr/sbin/snmpd -f
++
++[Install]
++WantedBy=multi-user.target
+diff --git a/dist/snmpd.socket b/dist/snmpd.socket
+new file mode 100644
+index 0000000..7f3a2d9
+--- /dev/null
++++ b/dist/snmpd.socket
+@@ -0,0 +1,17 @@
++[Unit]
++Description=Socket listening for SNMP and AgentX messages
++
++[Socket]
++ListenDatagram=0.0.0.0:161
++# Uncomment other listening addresses as needed - TCP, UDP6, TCP6.
++# It must match listening addresses/ports defined in snmpd.service
++# or snmpd.conf.
++# ListenStream=0.0.0.0:161
++# ListenDatagram=[::]:161
++# ListenStream=[::]:161
++#
++# Uncomment AgentX socket if snmpd.conf enables AgentX protocol.
++# ListenStream=/var/agentx/master
++
++[Install]
++WantedBy=sockets.target
+diff --git a/dist/snmptrapd.service b/dist/snmptrapd.service
+new file mode 100644
+index 0000000..e88a5b4
+--- /dev/null
++++ b/dist/snmptrapd.service
+@@ -0,0 +1,16 @@
++#
++# SNMP trap-processing service file for systemd
++#
++
++[Unit]
++Description=Simple Network Management Protocol (SNMP) Trap daemon.
++After=syslog.target network.target
++
++[Service]
++# Type=notify is also supported. It should be set when snmptrapd.socket is not
++# used.
++Type=simple
++ExecStart=/usr/sbin/snmptrapd -f
++
++[Install]
++WantedBy=multi-user.target
+diff --git a/dist/snmptrapd.socket b/dist/snmptrapd.socket
+new file mode 100644
+index 0000000..2d24fb8
+--- /dev/null
++++ b/dist/snmptrapd.socket
+@@ -0,0 +1,14 @@
+++[Unit]
+++Description=Socket listening for SNMP trap messages
+++
+++[Socket]
+++ListenDatagram=0.0.0.0:162
+++# Uncomment other listening addresses as needed - TCP, UDP6, TCP6.
+++# It must match listening addresses/ports defined in snmptrapd.service
+++# or snmptrapd.conf.
+++# ListenStream=0.0.0.0:162
+++# ListenDatagram=[::]:162
+++# ListenStream=[::]:162
+++
+++[Install]
+++WantedBy=sockets.target
+diff --git a/include/net-snmp/library/sd-daemon.h b/include/net-snmp/library/sd-daemon.h
+new file mode 100644
+index 0000000..85274c9
+--- /dev/null
++++ b/include/net-snmp/library/sd-daemon.h
+@@ -0,0 +1,290 @@
++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
++
++#ifndef SNMPD_SD_DAEMON_H
++#define SNMPD_SD_DAEMON_H
++
++/***
++  Copyright 2010 Lennart Poettering
++
++  Permission is hereby granted, free of charge, to any person
++  obtaining a copy of this software and associated documentation files
++  (the "Software"), to deal in the Software without restriction,
++  including without limitation the rights to use, copy, modify, merge,
++  publish, distribute, sublicense, and/or sell copies of the Software,
++  and to permit persons to whom the Software is furnished to do so,
++  subject to the following conditions:
++
++  The above copyright notice and this permission notice shall be
++  included in all copies or substantial portions of the Software.
++
++  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
++  BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
++  ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
++  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++  SOFTWARE.
++***/
++
++#ifdef HAVE_SYS_TYPES_H
++#include <sys/types.h>
++#endif
++#ifdef HAVE_INTTYPES_H
++#include <inttypes.h>
++#endif
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/*
++  Reference implementation of a few systemd related interfaces for
++  writing daemons. These interfaces are trivial to implement. To
++  simplify porting we provide this reference implementation.
++  Applications are welcome to reimplement the algorithms described
++  here if they do not want to include these two source files.
++
++  The following functionality is provided:
++
++  - Support for logging with log levels on stderr
++  - File descriptor passing for socket-based activation
++  - Daemon startup and status notification
++  - Detection of systemd boots
++
++  You may compile this with -DDISABLE_SYSTEMD to disable systemd
++  support. This makes all those calls NOPs that are directly related to
++  systemd (i.e. only sd_is_xxx() will stay useful).
++
++  Since this is drop-in code we don't want any of our symbols to be
++  exported in any case. Hence we declare hidden visibility for all of
++  them.
++
++  You may find an up-to-date version of these source files online:
++
++  http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.h
++  http://cgit.freedesktop.org/systemd/plain/src/sd-daemon.c
++
++  This should compile on non-Linux systems, too, but with the
++  exception of the sd_is_xxx() calls all functions will become NOPs.
++
++  See sd-daemon(7) for more information.
++*/
++
++#ifndef _sd_printf_attr_
++#if __GNUC__ >= 4
++#define _sd_printf_attr_(a,b) __attribute__ ((format (printf, a, b)))
++#else
++#define _sd_printf_attr_(a,b)
++#endif
++#endif
++
++/*
++  Log levels for usage on stderr:
++
++          fprintf(stderr, SD_NOTICE "Hello World!\n");
++
++  This is similar to printk() usage in the kernel.
++*/
++#define SD_EMERG   "<0>"  /* system is unusable */
++#define SD_ALERT   "<1>"  /* action must be taken immediately */
++#define SD_CRIT    "<2>"  /* critical conditions */
++#define SD_ERR     "<3>"  /* error conditions */
++#define SD_WARNING "<4>"  /* warning conditions */
++#define SD_NOTICE  "<5>"  /* normal but significant condition */
++#define SD_INFO    "<6>"  /* informational */
++#define SD_DEBUG   "<7>"  /* debug-level messages */
++
++/* The first passed file descriptor is fd 3 */
++#define SD_LISTEN_FDS_START 3
++
++/*
++  Returns how many file descriptors have been passed, or a negative
++  errno code on failure. Optionally, removes the $LISTEN_FDS and
++  $LISTEN_PID file descriptors from the environment (recommended, but
++  problematic in threaded environments). If r is the return value of
++  this function you'll find the file descriptors passed as fds
++  SD_LISTEN_FDS_START to SD_LISTEN_FDS_START+r-1. Returns a negative
++  errno style error code on failure. This function call ensures that
++  the FD_CLOEXEC flag is set for the passed file descriptors, to make
++  sure they are not passed on to child processes. If FD_CLOEXEC shall
++  not be set, the caller needs to unset it after this call for all file
++  descriptors that are used.
++
++  See sd_listen_fds(3) for more information.
++*/
++int netsnmp_sd_listen_fds(int unset_environment);
++
++/*
++  Helper call for identifying a passed file descriptor. Returns 1 if
++  the file descriptor is a FIFO in the file system stored under the
++  specified path, 0 otherwise. If path is NULL a path name check will
++  not be done and the call only verifies if the file descriptor
++  refers to a FIFO. Returns a negative errno style error code on
++  failure.
++
++  See sd_is_fifo(3) for more information.
++*/
++int netsnmp_sd_is_fifo(int fd, const char *path);
++
++/*
++  Helper call for identifying a passed file descriptor. Returns 1 if
++  the file descriptor is a special character device on the file
++  system stored under the specified path, 0 otherwise.
++  If path is NULL a path name check will not be done and the call
++  only verifies if the file descriptor refers to a special character.
++  Returns a negative errno style error code on failure.
++
++  See sd_is_special(3) for more information.
++*/
++int netsnmp_sd_is_special(int fd, const char *path);
++
++/*
++  Helper call for identifying a passed file descriptor. Returns 1 if
++  the file descriptor is a socket of the specified family (AF_INET,
++  ...) and type (SOCK_DGRAM, SOCK_STREAM, ...), 0 otherwise. If
++  family is 0 a socket family check will not be done. If type is 0 a
++  socket type check will not be done and the call only verifies if
++  the file descriptor refers to a socket. If listening is > 0 it is
++  verified that the socket is in listening mode. (i.e. listen() has
++  been called) If listening is == 0 it is verified that the socket is
++  not in listening mode. If listening is < 0 no listening mode check
++  is done. Returns a negative errno style error code on failure.
++
++  See sd_is_socket(3) for more information.
++*/
++int netsnmp_sd_is_socket(int fd, int family, int type, int listening);
++
++/*
++  Helper call for identifying a passed file descriptor. Returns 1 if
++  the file descriptor is an Internet socket, of the specified family
++  (either AF_INET or AF_INET6) and the specified type (SOCK_DGRAM,
++  SOCK_STREAM, ...), 0 otherwise. If version is 0 a protocol version
++  check is not done. If type is 0 a socket type check will not be
++  done. If port is 0 a socket port check will not be done. The
++  listening flag is used the same way as in sd_is_socket(). Returns a
++  negative errno style error code on failure.
++
++  See sd_is_socket_inet(3) for more information.
++*/
++int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port);
++
++/*
++  Helper call for identifying a passed file descriptor. Returns 1 if
++  the file descriptor is an AF_UNIX socket of the specified type
++  (SOCK_DGRAM, SOCK_STREAM, ...) and path, 0 otherwise. If type is 0
++  a socket type check will not be done. If path is NULL a socket path
++  check will not be done. For normal AF_UNIX sockets set length to
++  0. For abstract namespace sockets set length to the length of the
++  socket name (including the initial 0 byte), and pass the full
++  socket path in path (including the initial 0 byte). The listening
++  flag is used the same way as in sd_is_socket(). Returns a negative
++  errno style error code on failure.
++
++  See sd_is_socket_unix(3) for more information.
++*/
++int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length);
++
++/*
++  Informs systemd about changed daemon state. This takes a number of
++  newline separated environment-style variable assignments in a
++  string. The following variables are known:
++
++     READY=1      Tells systemd that daemon startup is finished (only
++                  relevant for services of Type=notify). The passed
++                  argument is a boolean "1" or "0". Since there is
++                  little value in signaling non-readiness the only
++                  value daemons should send is "READY=1".
++
++     STATUS=...   Passes a single-line status string back to systemd
++                  that describes the daemon state. This is free-from
++                  and can be used for various purposes: general state
++                  feedback, fsck-like programs could pass completion
++                  percentages and failing programs could pass a human
++                  readable error message. Example: "STATUS=Completed
++                  66% of file system check..."
++
++     ERRNO=...    If a daemon fails, the errno-style error code,
++                  formatted as string. Example: "ERRNO=2" for ENOENT.
++
++     BUSERROR=... If a daemon fails, the D-Bus error-style error
++                  code. Example: "BUSERROR=org.freedesktop.DBus.Error.TimedOut"
++
++     MAINPID=...  The main pid of a daemon, in case systemd did not
++                  fork off the process itself. Example: "MAINPID=4711"
++
++  Daemons can choose to send additional variables. However, it is
++  recommended to prefix variable names not listed above with X_.
++
++  Returns a negative errno-style error code on failure. Returns > 0
++  if systemd could be notified, 0 if it couldn't possibly because
++  systemd is not running.
++
++  Example: When a daemon finished starting up, it could issue this
++  call to notify systemd about it:
++
++     sd_notify(0, "READY=1");
++
++  See sd_notifyf() for more complete examples.
++
++  See sd_notify(3) for more information.
++*/
++int netsnmp_sd_notify(int unset_environment, const char *state);
++
++/*
++  Similar to sd_notify() but takes a format string.
++
++  Example 1: A daemon could send the following after initialization:
++
++     sd_notifyf(0, "READY=1\n"
++                   "STATUS=Processing requests...\n"
++                   "MAINPID=%lu",
++                   (unsigned long) getpid());
++
++  Example 2: A daemon could send the following shortly before
++  exiting, on failure:
++
++     sd_notifyf(0, "STATUS=Failed to start up: %s\n"
++                   "ERRNO=%i",
++                   strerror(errno),
++                   errno);
++
++  See sd_notifyf(3) for more information.
++*/
++int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) _sd_printf_attr_(2,3);
++
++/*
++  Returns > 0 if the system was booted with systemd. Returns < 0 on
++  error. Returns 0 if the system was not booted with systemd. Note
++  that all of the functions above handle non-systemd boots just
++  fine. You should NOT protect them with a call to this function. Also
++  note that this function checks whether the system, not the user
++  session is controlled by systemd. However the functions above work
++  for both user and system services.
++
++  See sd_booted(3) for more information.
++*/
++int netsnmp_sd_booted(void);
++
++/**
++ * Find an socket with given parameters. See man sd_is_socket_inet for
++ * description of the arguments.
++ *
++ * Returns the file descriptor if it is found, 0 otherwise.
++ */
++int netsnmp_sd_find_inet_socket(int family, int type, int listening, int port);
++
++/**
++ * Find an unix socket with given parameters. See man sd_is_socket_unix for
++ * description of the arguments.
++ *
++ * Returns the file descriptor if it is found, 0 otherwise.
++ */
++int
++netsnmp_sd_find_unix_socket(int type, int listening, const char *path);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* SNMPD_SD_DAEMON_H */
+diff --git a/snmplib/sd-daemon.c b/snmplib/sd-daemon.c
+new file mode 100644
+index 0000000..42dba29
+--- /dev/null
++++ b/snmplib/sd-daemon.c
+@@ -0,0 +1,532 @@
++/*
++ * Systemd integration parts.
++ *
++ * Most of this file is directly copied from systemd sources.
++ * Changes:
++ * - all functions were renamed to have netsnmp_ prefix
++ * - includes were  changed to match Net-SNMP style.
++ * - removed gcc export macros
++ * - removed POSIX message queues
++ */
++
++#include <net-snmp/net-snmp-config.h>
++#include <net-snmp/net-snmp-features.h>
++#include <net-snmp/types.h>
++#include <net-snmp/library/snmp_debug.h>
++
++#ifndef NETSNMP_NO_SYSTEMD
++
++/***
++  Copyright 2010 Lennart Poettering
++
++  Permission is hereby granted, free of charge, to any person
++  obtaining a copy of this software and associated documentation files
++  (the "Software"), to deal in the Software without restriction,
++  including without limitation the rights to use, copy, modify, merge,
++  publish, distribute, sublicense, and/or sell copies of the Software,
++  and to permit persons to whom the Software is furnished to do so,
++  subject to the following conditions:
++
++  The above copyright notice and this permission notice shall be
++  included in all copies or substantial portions of the Software.
++
++  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
++  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
++  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
++  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
++  BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
++  ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
++  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
++  SOFTWARE.
++***/
++
++#ifndef _GNU_SOURCE
++#define _GNU_SOURCE
++#endif
++
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/socket.h>
++#include <sys/un.h>
++#include <sys/fcntl.h>
++#include <netinet/in.h>
++#include <stdlib.h>
++#include <errno.h>
++#include <unistd.h>
++#include <string.h>
++#include <stdarg.h>
++#include <stdio.h>
++#include <stddef.h>
++#include <limits.h>
++
++#include <net-snmp/library/sd-daemon.h>
++
++int netsnmp_sd_listen_fds(int unset_environment) {
++
++        int r, fd;
++        const char *e;
++        char *p = NULL;
++        unsigned long l;
++
++        if (!(e = getenv("LISTEN_PID"))) {
++                r = 0;
++                goto finish;
++        }
++
++        errno = 0;
++        l = strtoul(e, &p, 10);
++
++        if (errno != 0) {
++                r = -errno;
++                goto finish;
++        }
++
++        if (!p || *p || l <= 0) {
++                r = -EINVAL;
++                goto finish;
++        }
++
++        /* Is this for us? */
++        if (getpid() != (pid_t) l) {
++                r = 0;
++                goto finish;
++        }
++
++        if (!(e = getenv("LISTEN_FDS"))) {
++                r = 0;
++                goto finish;
++        }
++
++        errno = 0;
++        l = strtoul(e, &p, 10);
++
++        if (errno != 0) {
++                r = -errno;
++                goto finish;
++        }
++
++        if (!p || *p) {
++                r = -EINVAL;
++                goto finish;
++        }
++
++        for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + (int) l; fd ++) {
++                int flags;
++
++                if ((flags = fcntl(fd, F_GETFD)) < 0) {
++                        r = -errno;
++                        goto finish;
++                }
++
++                if (flags & FD_CLOEXEC)
++                        continue;
++
++                if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0) {
++                        r = -errno;
++                        goto finish;
++                }
++        }
++
++        r = (int) l;
++
++finish:
++        if (unset_environment) {
++                unsetenv("LISTEN_PID");
++                unsetenv("LISTEN_FDS");
++        }
++
++        return r;
++}
++
++int netsnmp_sd_is_fifo(int fd, const char *path) {
++        struct stat st_fd;
++
++        if (fd < 0)
++                return -EINVAL;
++
++        memset(&st_fd, 0, sizeof(st_fd));
++        if (fstat(fd, &st_fd) < 0)
++                return -errno;
++
++        if (!S_ISFIFO(st_fd.st_mode))
++                return 0;
++
++        if (path) {
++                struct stat st_path;
++
++                memset(&st_path, 0, sizeof(st_path));
++                if (stat(path, &st_path) < 0) {
++
++                        if (errno == ENOENT || errno == ENOTDIR)
++                                return 0;
++
++                        return -errno;
++                }
++
++                return
++                        st_path.st_dev == st_fd.st_dev &&
++                        st_path.st_ino == st_fd.st_ino;
++        }
++
++        return 1;
++}
++
++int netsnmp_sd_is_special(int fd, const char *path) {
++        struct stat st_fd;
++
++        if (fd < 0)
++                return -EINVAL;
++
++        if (fstat(fd, &st_fd) < 0)
++                return -errno;
++
++        if (!S_ISREG(st_fd.st_mode) && !S_ISCHR(st_fd.st_mode))
++                return 0;
++
++        if (path) {
++                struct stat st_path;
++
++                if (stat(path, &st_path) < 0) {
++
++                        if (errno == ENOENT || errno == ENOTDIR)
++                                return 0;
++
++                        return -errno;
++                }
++
++                if (S_ISREG(st_fd.st_mode) && S_ISREG(st_path.st_mode))
++                        return
++                                st_path.st_dev == st_fd.st_dev &&
++                                st_path.st_ino == st_fd.st_ino;
++                else if (S_ISCHR(st_fd.st_mode) && S_ISCHR(st_path.st_mode))
++                        return st_path.st_rdev == st_fd.st_rdev;
++                else
++                        return 0;
++        }
++
++        return 1;
++}
++
++static int sd_is_socket_internal(int fd, int type, int listening) {
++        struct stat st_fd;
++
++        if (fd < 0 || type < 0)
++                return -EINVAL;
++
++        if (fstat(fd, &st_fd) < 0)
++                return -errno;
++
++        if (!S_ISSOCK(st_fd.st_mode))
++                return 0;
++
++        if (type != 0) {
++                int other_type = 0;
++                socklen_t l = sizeof(other_type);
++
++                if (getsockopt(fd, SOL_SOCKET, SO_TYPE, &other_type, &l) < 0)
++                        return -errno;
++
++                if (l != sizeof(other_type))
++                        return -EINVAL;
++
++                if (other_type != type)
++                        return 0;
++        }
++
++        if (listening >= 0) {
++                int accepting = 0;
++                socklen_t l = sizeof(accepting);
++
++                if (getsockopt(fd, SOL_SOCKET, SO_ACCEPTCONN, &accepting, &l) < 0)
++                        return -errno;
++
++                if (l != sizeof(accepting))
++                        return -EINVAL;
++
++                if (!accepting != !listening)
++                        return 0;
++        }
++
++        return 1;
++}
++
++union sockaddr_union {
++        struct sockaddr sa;
++        struct sockaddr_in in4;
++        struct sockaddr_in6 in6;
++        struct sockaddr_un un;
++        struct sockaddr_storage storage;
++};
++
++int netsnmp_sd_is_socket(int fd, int family, int type, int listening) {
++        int r;
++
++        if (family < 0)
++                return -EINVAL;
++
++        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
++                return r;
++
++        if (family > 0) {
++                union sockaddr_union sockaddr;
++                socklen_t l;
++
++                memset(&sockaddr, 0, sizeof(sockaddr));
++                l = sizeof(sockaddr);
++
++                if (getsockname(fd, &sockaddr.sa, &l) < 0)
++                        return -errno;
++
++                if (l < sizeof(sa_family_t))
++                        return -EINVAL;
++
++                return sockaddr.sa.sa_family == family;
++        }
++
++        return 1;
++}
++
++int netsnmp_sd_is_socket_inet(int fd, int family, int type, int listening, uint16_t port) {
++        union sockaddr_union sockaddr;
++        socklen_t l;
++        int r;
++
++        if (family != 0 && family != AF_INET && family != AF_INET6)
++                return -EINVAL;
++
++        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
++                return r;
++
++        memset(&sockaddr, 0, sizeof(sockaddr));
++        l = sizeof(sockaddr);
++
++        if (getsockname(fd, &sockaddr.sa, &l) < 0)
++                return -errno;
++
++        if (l < sizeof(sa_family_t))
++                return -EINVAL;
++
++        if (sockaddr.sa.sa_family != AF_INET &&
++            sockaddr.sa.sa_family != AF_INET6)
++                return 0;
++
++        if (family > 0)
++                if (sockaddr.sa.sa_family != family)
++                        return 0;
++
++        if (port > 0) {
++                if (sockaddr.sa.sa_family == AF_INET) {
++                        if (l < sizeof(struct sockaddr_in))
++                                return -EINVAL;
++
++                        return htons(port) == sockaddr.in4.sin_port;
++                } else {
++                        if (l < sizeof(struct sockaddr_in6))
++                                return -EINVAL;
++
++                        return htons(port) == sockaddr.in6.sin6_port;
++                }
++        }
++
++        return 1;
++}
++
++int netsnmp_sd_is_socket_unix(int fd, int type, int listening, const char *path, size_t length) {
++        union sockaddr_union sockaddr;
++        socklen_t l;
++        int r;
++
++        if ((r = sd_is_socket_internal(fd, type, listening)) <= 0)
++                return r;
++
++        memset(&sockaddr, 0, sizeof(sockaddr));
++        l = sizeof(sockaddr);
++
++        if (getsockname(fd, &sockaddr.sa, &l) < 0)
++                return -errno;
++
++        if (l < sizeof(sa_family_t))
++                return -EINVAL;
++
++        if (sockaddr.sa.sa_family != AF_UNIX)
++                return 0;
++
++        if (path) {
++                if (length <= 0)
++                        length = strlen(path);
++
++                if (length <= 0)
++                        /* Unnamed socket */
++                        return l == offsetof(struct sockaddr_un, sun_path);
++
++                if (path[0])
++                        /* Normal path socket */
++                        return
++                                (l >= offsetof(struct sockaddr_un, sun_path) + length + 1) &&
++                                memcmp(path, sockaddr.un.sun_path, length+1) == 0;
++                else
++                        /* Abstract namespace socket */
++                        return
++                                (l == offsetof(struct sockaddr_un, sun_path) + length) &&
++                                memcmp(path, sockaddr.un.sun_path, length) == 0;
++        }
++
++        return 1;
++}
++
++int netsnmp_sd_notify(int unset_environment, const char *state) {
++        int fd = -1, r;
++        struct msghdr msghdr;
++        struct iovec iovec;
++        union sockaddr_union sockaddr;
++        const char *e;
++
++        if (!state) {
++                r = -EINVAL;
++                goto finish;
++        }
++
++        if (!(e = getenv("NOTIFY_SOCKET")))
++                return 0;
++
++        /* Must be an abstract socket, or an absolute path */
++        if ((e[0] != '@' && e[0] != '/') || e[1] == 0) {
++                r = -EINVAL;
++                goto finish;
++        }
++
++        if ((fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0)) < 0) {
++                r = -errno;
++                goto finish;
++        }
++
++        memset(&sockaddr, 0, sizeof(sockaddr));
++        sockaddr.sa.sa_family = AF_UNIX;
++        strncpy(sockaddr.un.sun_path, e, sizeof(sockaddr.un.sun_path));
++
++        if (sockaddr.un.sun_path[0] == '@')
++                sockaddr.un.sun_path[0] = 0;
++
++        memset(&iovec, 0, sizeof(iovec));
++        iovec.iov_base = (char *)state;
++        iovec.iov_len = strlen(state);
++
++        memset(&msghdr, 0, sizeof(msghdr));
++        msghdr.msg_name = &sockaddr;
++        msghdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(e);
++
++        if (msghdr.msg_namelen > sizeof(struct sockaddr_un))
++                msghdr.msg_namelen = sizeof(struct sockaddr_un);
++
++        msghdr.msg_iov = &iovec;
++        msghdr.msg_iovlen = 1;
++
++        if (sendmsg(fd, &msghdr, MSG_NOSIGNAL) < 0) {
++                r = -errno;
++                goto finish;
++        }
++
++        r = 1;
++
++finish:
++        if (unset_environment)
++                unsetenv("NOTIFY_SOCKET");
++
++        if (fd >= 0)
++                close(fd);
++
++        return r;
++}
++
++int netsnmp_sd_notifyf(int unset_environment, const char *format, ...) {
++        va_list ap;
++        char *p = NULL;
++        int r;
++
++        va_start(ap, format);
++        r = vasprintf(&p, format, ap);
++        va_end(ap);
++
++        if (r < 0 || !p)
++                return -ENOMEM;
++
++        r = netsnmp_sd_notify(unset_environment, p);
++        free(p);
++
++        return r;
++}
++
++int netsnmp_sd_booted(void) {
++        struct stat a, b;
++
++        /* We simply test whether the systemd cgroup hierarchy is
++         * mounted */
++
++        if (lstat("/sys/fs/cgroup", &a) < 0)
++                return 0;
++
++        if (lstat("/sys/fs/cgroup/systemd", &b) < 0)
++                return 0;
++
++        return a.st_dev != b.st_dev;
++}
++
++/* End of original sd-daemon.c from systemd sources */
++
++int
++netsnmp_sd_find_inet_socket(int family, int type, int listening, int port)
++{
++    int count, fd;
++
++    count = netsnmp_sd_listen_fds(0);
++    if (count <= 0) {
++        DEBUGMSGTL(("systemd:find_inet_socket", "No LISTEN_FDS found.\n"));
++        return 0;
++    }
++    DEBUGMSGTL(("systemd:find_inet_socket", "LISTEN_FDS reports %d sockets.\n",
++            count));
++
++    for (fd = 3; fd < 3+count; fd++) {
++        int rc = netsnmp_sd_is_socket_inet(fd, family, type, listening, port);
++        if (rc < 0)
++            DEBUGMSGTL(("systemd:find_inet_socket",
++                    "sd_is_socket_inet error: %d\n", rc));
++        if (rc > 0) {
++            DEBUGMSGTL(("systemd:find_inet_socket",
++                    "Found the socket in LISTEN_FDS\n"));
++            return fd;
++        }
++    }
++    DEBUGMSGTL(("systemd:find_inet_socket", "Socket not found in LISTEN_FDS\n"));
++    return 0;
++}
++
++int
++netsnmp_sd_find_unix_socket(int type, int listening, const char *path)
++{
++    int count, fd;
++
++    count = netsnmp_sd_listen_fds(0);
++    if (count <= 0) {
++        DEBUGMSGTL(("systemd:find_unix_socket", "No LISTEN_FDS found.\n"));
++        return 0;
++    }
++    DEBUGMSGTL(("systemd:find_unix_socket", "LISTEN_FDS reports %d sockets.\n",
++            count));
++
++    for (fd = 3; fd < 3+count; fd++) {
++        int rc = netsnmp_sd_is_socket_unix(fd, type, listening, path, 0);
++        if (rc < 0)
++            DEBUGMSGTL(("systemd:find_unix_socket",
++                    "netsnmp_sd_is_socket_unix error: %d\n", rc));
++        if (rc > 0) {
++            DEBUGMSGTL(("systemd:find_unix_socket",
++                    "Found the socket in LISTEN_FDS\n"));
++            return fd;
++        }
++    }
++    DEBUGMSGTL(("systemd:find_unix_socket", "Socket not found in LISTEN_FDS\n"));
++    return 0;
++}
++
++#endif /* ! NETSNMP_NO_SYSTEMD */
+diff --git a/snmplib/transports/snmpTCPDomain.c b/snmplib/transports/snmpTCPDomain.c
+index 7feb028..a41b926 100644
+--- a/snmplib/transports/snmpTCPDomain.c
++++ b/snmplib/transports/snmpTCPDomain.c
+@@ -43,6 +43,10 @@
+ #include <net-snmp/library/snmpTCPBaseDomain.h>
+ #include <net-snmp/library/tools.h>
+ 
++#ifndef NETSNMP_NO_SYSTEMD
++#include <net-snmp/library/sd-daemon.h>
++#endif
++
+ /*
+  * needs to be in sync with the definitions in snmplib/snmpUDPDomain.c
+  * and perl/agent/agent.xs
+@@ -149,6 +153,7 @@ netsnmp_tcp_transport(struct sockaddr_in *addr, int local)
+     netsnmp_transport *t = NULL;
+     netsnmp_udp_addr_pair *addr_pair = NULL;
+     int rc = 0;
++    int socket_initialized = 0;
+ 
+ #ifdef NETSNMP_NO_LISTEN_SUPPORT
+     if (local)
+@@ -178,7 +183,19 @@ netsnmp_tcp_transport(struct sockaddr_in *addr, int local)
+     t->domain_length =
+         sizeof(netsnmp_snmpTCPDomain) / sizeof(netsnmp_snmpTCPDomain[0]);
+ 
+-    t->sock = socket(PF_INET, SOCK_STREAM, 0);
++#ifndef NETSNMP_NO_SYSTEMD
++    /*
++     * Maybe the socket was already provided by systemd...
++     */
++    if (local) {
++        t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_STREAM, 1,
++                ntohs(addr->sin_port));
++        if (t->sock)
++            socket_initialized = 1;
++    }
++#endif
++    if (!socket_initialized)
++        t->sock = socket(PF_INET, SOCK_STREAM, 0);
+     if (t->sock < 0) {
+         netsnmp_transport_free(t);
+         return NULL;
+@@ -215,11 +232,13 @@ netsnmp_tcp_transport(struct sockaddr_in *addr, int local)
+         setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt,
+ 		   sizeof(opt));
+ 
+-        rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr));
+-        if (rc != 0) {
+-            netsnmp_socketbase_close(t);
+-            netsnmp_transport_free(t);
+-            return NULL;
++        if (!socket_initialized) {
++            rc = bind(t->sock, (struct sockaddr *)addr, sizeof(struct sockaddr));
++            if (rc != 0) {
++                netsnmp_socketbase_close(t);
++                netsnmp_transport_free(t);
++                return NULL;
++            }
+         }
+ 
+         /*
+@@ -236,11 +255,13 @@ netsnmp_tcp_transport(struct sockaddr_in *addr, int local)
+          * Now sit here and wait for connections to arrive.  
+          */
+ 
+-        rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
+-        if (rc != 0) {
+-            netsnmp_socketbase_close(t);
+-            netsnmp_transport_free(t);
+-            return NULL;
++        if (!socket_initialized) {
++            rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
++            if (rc != 0) {
++                netsnmp_socketbase_close(t);
++                netsnmp_transport_free(t);
++                return NULL;
++            }
+         }
+         
+         /*
+diff --git a/snmplib/transports/snmpTCPIPv6Domain.c b/snmplib/transports/snmpTCPIPv6Domain.c
+index d2e0a2d..22de6d4 100644
+--- a/snmplib/transports/snmpTCPIPv6Domain.c
++++ b/snmplib/transports/snmpTCPIPv6Domain.c
+@@ -49,6 +49,10 @@
+ #include <net-snmp/library/snmpTCPBaseDomain.h>
+ #include <net-snmp/library/tools.h>
+ 
++#ifndef NETSNMP_NO_SYSTEMD
++#include <net-snmp/library/sd-daemon.h>
++#endif
++
+ #include "inet_ntop.h"
+ 
+ oid netsnmp_TCPIPv6Domain[] = { TRANSPORT_DOMAIN_TCP_IPV6 };
+@@ -140,6 +144,8 @@ netsnmp_tcp6_transport(struct sockaddr_in6 *addr, int local)
+ {
+     netsnmp_transport *t = NULL;
+     int             rc = 0;
++    char           *str = NULL;
++    int             socket_initialized = 0;
+ 
+ #ifdef NETSNMP_NO_LISTEN_SUPPORT
+     if (local)
+@@ -174,7 +180,19 @@ netsnmp_tcp6_transport(struct sockaddr_in6 *addr, int local)
+     t->domain = netsnmp_TCPIPv6Domain;
+     t->domain_length = sizeof(netsnmp_TCPIPv6Domain) / sizeof(oid);
+ 
+-    t->sock = socket(PF_INET6, SOCK_STREAM, 0);
++#ifndef NETSNMP_NO_SYSTEMD
++    /*
++     * Maybe the socket was already provided by systemd...
++     */
++    if (local) {
++        t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_STREAM, 1,
++                ntohs(addr->sin6_port));
++        if (t->sock)
++            socket_initialized = 1;
++    }
++#endif
++    if (!socket_initialized)
++        t->sock = socket(PF_INET6, SOCK_STREAM, 0);
+     if (t->sock < 0) {
+         netsnmp_transport_free(t);
+         return NULL;
+@@ -220,12 +238,14 @@ netsnmp_tcp6_transport(struct sockaddr_in6 *addr, int local)
+ 
+         setsockopt(t->sock, SOL_SOCKET, SO_REUSEADDR, (void *)&opt, sizeof(opt));
+ 
+-        rc = bind(t->sock, (struct sockaddr *) addr,
+-		  sizeof(struct sockaddr_in6));
+-        if (rc != 0) {
+-            netsnmp_socketbase_close(t);
+-            netsnmp_transport_free(t);
+-            return NULL;
++        if (!socket_initialized) {
++            rc = bind(t->sock, (struct sockaddr *) addr,
++                    sizeof(struct sockaddr_in6));
++            if (rc != 0) {
++                netsnmp_socketbase_close(t);
++                netsnmp_transport_free(t);
++                return NULL;
++            }
+         }
+ 
+         /*
+@@ -242,11 +262,13 @@ netsnmp_tcp6_transport(struct sockaddr_in6 *addr, int local)
+          * Now sit here and wait for connections to arrive.  
+          */
+ 
+-        rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
+-        if (rc != 0) {
+-            netsnmp_socketbase_close(t);
+-            netsnmp_transport_free(t);
+-            return NULL;
++        if (!socket_initialized) {
++            rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
++            if (rc != 0) {
++                netsnmp_socketbase_close(t);
++                netsnmp_transport_free(t);
++                return NULL;
++            }
+         }
+         
+         /*
+diff --git a/snmplib/transports/snmpUDPIPv4BaseDomain.c b/snmplib/transports/snmpUDPIPv4BaseDomain.c
+index 8c0fb05..00e5bbc 100644
+--- a/snmplib/transports/snmpUDPIPv4BaseDomain.c
++++ b/snmplib/transports/snmpUDPIPv4BaseDomain.c
+@@ -40,6 +40,10 @@
+ 
+ #include <net-snmp/library/snmpSocketBaseDomain.h>
+ 
++#ifndef NETSNMP_NO_SYSTEMD
++#include <net-snmp/library/sd-daemon.h>
++#endif
++
+ #if defined(HAVE_IP_PKTINFO) || defined(HAVE_IP_RECVDSTADDR)
+ int netsnmp_udpipv4_recvfrom(int s, void *buf, int len, struct sockaddr *from,
+                              socklen_t *fromlen, struct sockaddr *dstip,
+@@ -64,6 +68,7 @@ netsnmp_udpipv4base_transport(struct sockaddr_in *addr, int local)
+     char           *client_socket = NULL;
+     netsnmp_indexed_addr_pair addr_pair;
+     socklen_t       local_addr_len;
++    int             socket_initialized = 0;
+ 
+ #ifdef NETSNMP_NO_LISTEN_SUPPORT
+     if (local)
+@@ -88,7 +93,19 @@ netsnmp_udpipv4base_transport(struct sockaddr_in *addr, int local)
+         free(str);
+     }
+ 
+-    t->sock = socket(PF_INET, SOCK_DGRAM, 0);
++#ifndef NETSNMP_NO_SYSTEMD
++    /*
++     * Maybe the socket was already provided by systemd...
++     */
++    if (local) {
++        t->sock = netsnmp_sd_find_inet_socket(PF_INET, SOCK_DGRAM, -1,
++                ntohs(addr->sin_port));
++        if (t->sock)
++            socket_initialized = 1;
++    }
++#endif
++    if (!socket_initialized)
++        t->sock = socket(PF_INET, SOCK_DGRAM, 0);
+     DEBUGMSGTL(("UDPBase", "openned socket %d as local=%d\n", t->sock, local)); 
+     if (t->sock < 0) {
+         netsnmp_transport_free(t);
+@@ -151,12 +168,14 @@ netsnmp_udpipv4base_transport(struct sockaddr_in *addr, int local)
+             }
+         }
+ #endif /* !defined(WIN32) */
+-        rc = bind(t->sock, (struct sockaddr *) addr,
+-                  sizeof(struct sockaddr));
+-        if (rc != 0) {
+-            netsnmp_socketbase_close(t);
+-            netsnmp_transport_free(t);
+-            return NULL;
++        if (!socket_initialized) {
++            rc = bind(t->sock, (struct sockaddr *) addr,
++                    sizeof(struct sockaddr));
++            if (rc != 0) {
++                netsnmp_socketbase_close(t);
++                netsnmp_transport_free(t);
++                return NULL;
++            }
+         }
+         t->data = NULL;
+         t->data_length = 0;
+diff --git a/snmplib/transports/snmpUDPIPv6Domain.c b/snmplib/transports/snmpUDPIPv6Domain.c
+index 18de876..fd2ced4 100644
+--- a/snmplib/transports/snmpUDPIPv6Domain.c
++++ b/snmplib/transports/snmpUDPIPv6Domain.c
+@@ -67,6 +67,10 @@ static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT;
+ #include <net-snmp/library/snmpSocketBaseDomain.h>
+ #include <net-snmp/library/tools.h>
+ 
++#ifndef NETSNMP_NO_SYSTEMD
++#include <net-snmp/library/sd-daemon.h>
++#endif
++
+ #include "inet_ntop.h"
+ #include "inet_pton.h"
+ 
+@@ -190,6 +194,8 @@ netsnmp_udp6_transport(struct sockaddr_in6 *addr, int local)
+ {
+     netsnmp_transport *t = NULL;
+     int             rc = 0;
++    char           *str = NULL;
++    int             socket_initialized = 0;
+ 
+ #ifdef NETSNMP_NO_LISTEN_SUPPORT
+     if (local)
+@@ -217,7 +223,19 @@ netsnmp_udp6_transport(struct sockaddr_in6 *addr, int local)
+     t->domain_length =
+         sizeof(netsnmp_UDPIPv6Domain) / sizeof(netsnmp_UDPIPv6Domain[0]);
+ 
+-    t->sock = socket(PF_INET6, SOCK_DGRAM, 0);
++#ifndef NETSNMP_NO_SYSTEMD
++    /*
++     * Maybe the socket was already provided by systemd...
++     */
++    if (local) {
++        t->sock = netsnmp_sd_find_inet_socket(PF_INET6, SOCK_DGRAM, -1,
++                ntohs(addr->sin6_port));
++        if (t->sock)
++            socket_initialized = 1;
++    }
++#endif
++    if (!socket_initialized)
++        t->sock = socket(PF_INET6, SOCK_DGRAM, 0);
+     if (t->sock < 0) {
+         netsnmp_transport_free(t);
+         return NULL;
+@@ -243,12 +261,14 @@ netsnmp_udp6_transport(struct sockaddr_in6 *addr, int local)
+         }
+ #endif
+ 
+-        rc = bind(t->sock, (struct sockaddr *) addr,
+-		  sizeof(struct sockaddr_in6));
+-        if (rc != 0) {
+-            netsnmp_socketbase_close(t);
+-            netsnmp_transport_free(t);
+-            return NULL;
++        if (!socket_initialized) {
++            rc = bind(t->sock, (struct sockaddr *) addr,
++                    sizeof(struct sockaddr_in6));
++            if (rc != 0) {
++                netsnmp_socketbase_close(t);
++                netsnmp_transport_free(t);
++                return NULL;
++            }
+         }
+         t->local = (unsigned char*)malloc(18);
+         if (t->local == NULL) {
+diff --git a/snmplib/transports/snmpUnixDomain.c b/snmplib/transports/snmpUnixDomain.c
+index 47dffc1..8f34c37 100644
+--- a/snmplib/transports/snmpUnixDomain.c
++++ b/snmplib/transports/snmpUnixDomain.c
+@@ -37,6 +37,10 @@
+ #include <net-snmp/library/system.h> /* mkdirhier */
+ #include <net-snmp/library/tools.h>
+ 
++#ifndef NETSNMP_NO_SYSTEMD
++#include <net-snmp/library/sd-daemon.h>
++#endif
++
+ netsnmp_feature_child_of(transport_unix_socket_all, transport_all)
+ netsnmp_feature_child_of(unix_socket_paths, transport_unix_socket_all)
+ 
+@@ -295,6 +299,8 @@ netsnmp_unix_transport(struct sockaddr_un *addr, int local)
+     netsnmp_transport *t = NULL;
+     sockaddr_un_pair *sup = NULL;
+     int             rc = 0;
++    char           *string = NULL;
++    int             socket_initialized = 0;
+ 
+ #ifdef NETSNMP_NO_LISTEN_SUPPORT
+     /* SPECIAL CIRCUMSTANCE: We still want AgentX to be able to operate,
+@@ -333,7 +339,18 @@ netsnmp_unix_transport(struct sockaddr_un *addr, int local)
+     t->data_length = sizeof(sockaddr_un_pair);
+     sup = (sockaddr_un_pair *) t->data;
+ 
+-    t->sock = socket(PF_UNIX, SOCK_STREAM, 0);
++#ifndef NETSNMP_NO_SYSTEMD
++    /*
++     * Maybe the socket was already provided by systemd...
++     */
++    if (local) {
++        t->sock = netsnmp_sd_find_unix_socket(SOCK_STREAM, 1, addr->sun_path);
++        if (t->sock)
++            socket_initialized = 1;
++    }
++#endif
++    if (!socket_initialized)
++        t->sock = socket(PF_UNIX, SOCK_STREAM, 0);
+     if (t->sock < 0) {
+         netsnmp_transport_free(t);
+         return NULL;
+@@ -357,25 +374,26 @@ netsnmp_unix_transport(struct sockaddr_un *addr, int local)
+ 
+         t->flags |= NETSNMP_TRANSPORT_FLAG_LISTEN;
+ 
+-        unlink(addr->sun_path);
+-        rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr));
+-
+-        if (rc != 0 && errno == ENOENT && create_path) {
+-            rc = mkdirhier(addr->sun_path, create_mode, 1);
++        if (!socket_initialized) {
++            unlink(addr->sun_path);
++            rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr));
++            if (rc != 0 && errno == ENOENT && create_path) {
++                rc = mkdirhier(addr->sun_path, create_mode, 1);
++                if (rc != 0) {
++                    netsnmp_unix_close(t);
++                    netsnmp_transport_free(t);
++                    return NULL;
++                }
++                rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr));
++            }
+             if (rc != 0) {
++                DEBUGMSGTL(("netsnmp_unix_transport",
++                        "couldn't bind \"%s\", errno %d (%s)\n",
++                        addr->sun_path, errno, strerror(errno)));
+                 netsnmp_unix_close(t);
+                 netsnmp_transport_free(t);
+                 return NULL;
+             }
+-            rc = bind(t->sock, (struct sockaddr *) addr, SUN_LEN(addr));
+-        }
+-        if (rc != 0) {
+-            DEBUGMSGTL(("netsnmp_unix_transport",
+-                        "couldn't bind \"%s\", errno %d (%s)\n",
+-                        addr->sun_path, errno, strerror(errno)));
+-            netsnmp_unix_close(t);
+-            netsnmp_transport_free(t);
+-            return NULL;
+         }
+ 
+         /*
+@@ -391,14 +409,16 @@ netsnmp_unix_transport(struct sockaddr_un *addr, int local)
+          * Now sit here and listen for connections to arrive.
+          */
+ 
+-        rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
+-        if (rc != 0) {
+-            DEBUGMSGTL(("netsnmp_unix_transport",
+-                        "couldn't listen to \"%s\", errno %d (%s)\n",
+-                        addr->sun_path, errno, strerror(errno)));
+-            netsnmp_unix_close(t);
+-            netsnmp_transport_free(t);
+-            return NULL;
++        if (!socket_initialized) {
++            rc = listen(t->sock, NETSNMP_STREAM_QUEUE_LEN);
++            if (rc != 0) {
++                DEBUGMSGTL(("netsnmp_unix_transport",
++                            "couldn't listen to \"%s\", errno %d (%s)\n",
++                            addr->sun_path, errno, strerror(errno)));
++                netsnmp_unix_close(t);
++                netsnmp_transport_free(t);
++                return NULL;
++            }
+         }
+ 
+     } else {
+diff --git a/win32/libsnmp/Makefile.in b/win32/libsnmp/Makefile.in
+index 98d83c8..b228d20 100644
+--- a/win32/libsnmp/Makefile.in
++++ b/win32/libsnmp/Makefile.in
+@@ -42,6 +42,7 @@ LIB32_OBJS= \
+ 	"$(INTDIR)\read_config.obj" \
+ 	"$(INTDIR)\readdir.obj" \
+ 	"$(INTDIR)\scapi.obj" \
++        "$(INTDIR)\sd-daemon.obj" \
+ 	"$(INTDIR)\snmp-tc.obj" \
+ 	"$(INTDIR)\snmp.obj" \
+ 	"$(INTDIR)\snmpCallbackDomain.obj" \
+@@ -138,6 +139,11 @@ SOURCE=..\..\snmplib\asn1.c
+ "$(INTDIR)\asn1.obj" : $(SOURCE) "$(INTDIR)"
+ 	$(CPP) $(CPP_PROJ) $(SOURCE)
+ 
++SOURCE=..\..\snmplib\sd-daemon.c
++
++"$(INTDIR)\sd-daemon.obj" : $(SOURCE) "$(INTDIR)"
++       $(CPP) $(CPP_PROJ) $(SOURCE)
++
+ 
+ SOURCE=..\..\snmplib\callback.c
+ 
+diff --git a/win32/net-snmp/net-snmp-config.h b/win32/net-snmp/net-snmp-config.h
+index 1608563..7aec547 100644
+--- a/win32/net-snmp/net-snmp-config.h
++++ b/win32/net-snmp/net-snmp-config.h
+@@ -1717,6 +1717,8 @@ enum {
+ #define DMALLOC_FUNC_CHECK
+ #endif
+ 
+++#define NETSNMP_NO_SYSTEMD
+++
+ /* #undef NETSNMP_ENABLE_LOCAL_SMUX */
+ 
+ /* define if agentx transport is to use domain sockets only */
+diff --git a/win32/net-snmp/net-snmp-config.h.in b/win32/net-snmp/net-snmp-config.h.in
+index 9693730..96ec3d9 100644
+--- a/win32/net-snmp/net-snmp-config.h.in
++++ b/win32/net-snmp/net-snmp-config.h.in
+@@ -1717,6 +1717,8 @@ enum {
+ #define DMALLOC_FUNC_CHECK
+ #endif
+ 
++#define NETSNMP_NO_SYSTEMD
++
+ /* #undef NETSNMP_ENABLE_LOCAL_SMUX */
+ 
+ /* define if agentx transport is to use domain sockets only */
+-- 
+1.8.4.2
+
diff --git a/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp_5.9.bb b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp_5.9.bb
new file mode 100644
index 000000000..d9040c164
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-protocols/net-snmp/net-snmp_5.9.bb
@@ -0,0 +1,275 @@
+SUMMARY = "Various tools relating to the Simple Network Management Protocol"
+HOMEPAGE = "http://www.net-snmp.org/"
+SECTION = "net"
+LICENSE = "BSD & MIT"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=9d100a395a38584f2ec18a8275261687"
+
+DEPENDS = "openssl libnl pciutils"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/net-snmp/net-snmp-${PV}.tar.gz \
+           file://init \
+           file://snmpd.conf \
+           file://snmptrapd.conf \
+           file://snmpd.service \
+           file://snmptrapd.service \
+           file://net-snmp-add-knob-whether-nlist.h-are-checked.patch \
+           file://fix-libtool-finish.patch \
+           file://net-snmp-testing-add-the-output-format-for-ptest.patch \
+           file://run-ptest \
+           file://0001-config_os_headers-Error-Fix.patch \
+           file://0001-snmplib-keytools.c-Don-t-check-for-return-from-EVP_M.patch \
+           file://0001-get_pid_from_inode-Include-limit.h.patch \
+           file://0002-configure-fix-a-cc-check-issue.patch \
+           file://0004-configure-fix-incorrect-variable.patch \
+           file://net-snmp-5.7.2-fix-engineBoots-value-on-SIGHUP.patch \
+           file://net-snmp-fix-for-disable-des.patch \
+           file://reproducibility-have-printcap.patch \
+           file://0001-ac_add_search_path.m4-keep-consistent-between-32bit.patch \
+           "
+SRC_URI[sha256sum] = "04303a66f85d6d8b16d3cc53bde50428877c82ab524e17591dfceaeb94df6071"
+
+UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/net-snmp/files/net-snmp/"
+UPSTREAM_CHECK_REGEX = "/net-snmp/(?P<pver>\d+(\.\d+)+)/"
+
+inherit autotools-brokensep update-rc.d siteinfo systemd pkgconfig perlnative ptest multilib_script multilib_header
+
+EXTRA_OEMAKE = "INSTALL_PREFIX=${D} OTHERLDFLAGS='${LDFLAGS}' HOST_CPPFLAGS='${BUILD_CPPFLAGS}'"
+
+PARALLEL_MAKE = ""
+CCACHE = ""
+
+TARGET_CC_ARCH += "${LDFLAGS}"
+
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} des smux"
+PACKAGECONFIG[elfutils] = "--with-elf, --without-elf, elfutils"
+PACKAGECONFIG[libnl] = "--with-nl, --without-nl, libnl"
+
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,,"
+
+PACKAGECONFIG[perl] = "--enable-embedded-perl --with-perl-modules=yes, --disable-embedded-perl --with-perl-modules=no,\
+                       perl,"
+PACKAGECONFIG[des] = "--enable-des,--disable-des"
+PACKAGECONFIG[smux] = ""
+
+EXTRA_OECONF = "--enable-shared \
+                --disable-manuals \
+                --with-defaults \
+                --with-install-prefix=${D} \
+                --with-persistent-directory=${localstatedir}/lib/net-snmp \
+                ${@oe.utils.conditional('SITEINFO_ENDIANNESS', 'le', '--with-endianness=little', '--with-endianness=big', d)} \
+                --with-mib-modules='${MIB_MODULES}' \
+"
+
+MIB_MODULES = ""
+MIB_MODULES_append = " ${@bb.utils.filter('PACKAGECONFIG', 'smux', d)}"
+
+CACHED_CONFIGUREVARS = " \
+    ac_cv_header_valgrind_valgrind_h=no \
+    ac_cv_header_valgrind_memcheck_h=no \
+    ac_cv_ETC_MNTTAB=/etc/mtab \
+    lt_cv_shlibpath_overrides_runpath=yes \
+    ac_cv_path_UNAMEPROG=${base_bindir}/uname \
+    ac_cv_file__etc_printcap=no \
+    NETSNMP_CONFIGURE_OPTIONS= \
+"
+export PERLPROG="${bindir}/env perl"
+PERLPROG_append = "${@bb.utils.contains('PACKAGECONFIG', 'perl', ' -I${WORKDIR}', '', d)}"
+
+HAS_PERL = "${@bb.utils.contains('PACKAGECONFIG', 'perl', '1', '0', d)}"
+
+PTEST_BUILD_HOST_FILES += "net-snmp-config gen-variables"
+
+do_configure_prepend() {
+    sed -i -e "s|I/usr/include|I${STAGING_INCDIR}|g" \
+        "${S}"/configure \
+        "${S}"/configure.d/config_os_libs2
+
+    if [ "${HAS_PERL}" = "1" ]; then
+        # this may need to be changed when package perl has any change.
+        cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/Config.pm ${WORKDIR}/
+        cp -f ${STAGING_DIR_TARGET}/usr/lib*/perl?/*/*/Config_heavy.pl ${WORKDIR}/
+        sed -e "s@libpth => '/usr/lib.*@libpth => '${STAGING_DIR_TARGET}/${libdir} ${STAGING_DIR_TARGET}/${base_libdir}',@g" \
+            -e "s@privlibexp => '/usr@privlibexp => '${STAGING_DIR_TARGET}/usr@g" \
+            -e "s@scriptdir => '/usr@scriptdir => '${STAGING_DIR_TARGET}/usr@g" \
+            -e "s@sitearchexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \
+            -e "s@sitelibexp => '/usr@sitearchexp => '${STAGING_DIR_TARGET}/usr@g" \
+            -e "s@vendorarchexp => '/usr@vendorarchexp => '${STAGING_DIR_TARGET}/usr@g" \
+            -e "s@vendorlibexp => '/usr@vendorlibexp => '${STAGING_DIR_TARGET}/usr@g" \
+            -i ${WORKDIR}/Config.pm
+    fi
+
+}
+
+do_configure_append() {
+    sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=${STAGING_DIR_TARGET}\$\{includedir\}@g" \
+        -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L${STAGING_DIR_TARGET}\$\{libdir\}@g" \
+        -e "s@^NSC_LDFLAGS=\"-L.* @NSC_LDFLAGS=\"-L${STAGING_DIR_TARGET}\$\{libdir\} @g" \
+        -i ${B}/net-snmp-config
+}
+
+do_install_append() {
+    install -d ${D}${sysconfdir}/snmp
+    install -d ${D}${sysconfdir}/init.d
+    install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/snmpd
+    install -m 644 ${WORKDIR}/snmpd.conf ${D}${sysconfdir}/snmp/
+    install -m 644 ${WORKDIR}/snmptrapd.conf ${D}${sysconfdir}/snmp/
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/snmpd.service ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/snmptrapd.service ${D}${systemd_unitdir}/system
+    sed    -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g" \
+        -i ${D}${bindir}/net-snmp-create-v3-user
+    sed -e 's@^NSC_SRCDIR=.*@NSC_SRCDIR=.@g' \
+        -e 's@[^ ]*-fdebug-prefix-map=[^ "]*@@g' \
+        -e 's@[^ ]*-fmacro-prefix-map=[^ "]*@@g' \
+        -e 's@[^ ]*--sysroot=[^ "]*@@g' \
+        -e 's@[^ ]*--with-libtool-sysroot=[^ "]*@@g' \
+        -e 's@[^ ]*--with-install-prefix=[^ "]*@@g' \
+        -e 's@[^ ]*PKG_CONFIG_PATH=[^ "]*@@g' \
+        -e 's@[^ ]*PKG_CONFIG_LIBDIR=[^ "]*@@g' \
+        -e 's@${STAGING_DIR_HOST}@@g' \
+        -i ${D}${bindir}/net-snmp-config
+
+    sed -e 's@${STAGING_DIR_HOST}@@g' \
+        -i ${D}${libdir}/pkgconfig/netsnmp*.pc
+
+    sed -e "s@^NSC_INCLUDEDIR=.*@NSC_INCLUDEDIR=\$\{includedir\}@g" \
+        -e "s@^NSC_LIBDIR=-L.*@NSC_LIBDIR=-L\$\{libdir\}@g" \
+        -e "s@^NSC_LDFLAGS=\"-L.* @NSC_LDFLAGS=\"-L\$\{libdir\} @g" \
+        -i ${D}${bindir}/net-snmp-config
+
+    oe_multilib_header net-snmp/net-snmp-config.h
+}
+
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}
+    for i in ${S}/dist ${S}/include ${B}/include ${S}/mibs ${S}/configure \
+        ${B}/net-snmp-config ${S}/testing; do
+        if [ -e "$i" ]; then
+            cp -R --no-dereference --preserve=mode,links -v "$i" ${D}${PTEST_PATH}
+        fi
+    done
+    echo `autoconf -V|awk '/autoconf/{print $NF}'` > ${D}${PTEST_PATH}/dist/autoconf-version
+
+    rmdlist="${D}${PTEST_PATH}/dist/net-snmp-solaris-build"
+    for i in $rmdlist; do
+        if [ -d "$i" ]; then
+            rm -rf "$i"
+        fi
+    done
+}
+
+SYSROOT_PREPROCESS_FUNCS += "net_snmp_sysroot_preprocess"
+SNMP_DBGDIR = "/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}"
+
+net_snmp_sysroot_preprocess () {
+    if [ -e ${D}${bindir}/net-snmp-config ]; then
+        install -d ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+        install -m 755 ${D}${bindir}/net-snmp-config ${SYSROOT_DESTDIR}${bindir_crossscripts}/
+        sed -e "s@-I/usr/include@-I${STAGING_INCDIR}@g" \
+            -e "s@^prefix=.*@prefix=${STAGING_DIR_HOST}${prefix}@g" \
+            -e "s@^exec_prefix=.*@exec_prefix=${STAGING_EXECPREFIXDIR}@g" \
+            -e "s@^includedir=.*@includedir=${STAGING_INCDIR}@g" \
+            -e "s@^libdir=.*@libdir=${STAGING_LIBDIR}@g" \
+            -e "s@^NSC_SRCDIR=.*@NSC_SRCDIR=${S}@g" \
+            -e "s@-fdebug-prefix-map=${SNMP_DBGDIR}@-fdebug-prefix-map=${WORKDIR}=${SNMP_DBGDIR}@g" \
+            -e "s@-fdebug-prefix-map= -fdebug-prefix-map=@-fdebug-prefix-map=${STAGING_DIR_NATIVE}= \
+                  -fdebug-prefix-map=${STAGING_DIR_HOST}=@g" \
+            -e "s@--sysroot=@--sysroot=${STAGING_DIR_HOST}@g" \
+            -e "s@--with-libtool-sysroot=@--with-libtool-sysroot=${STAGING_DIR_HOST}@g" \
+            -e "s@--with-install-prefix=@--with-install-prefix=${D}@g" \
+          -i  ${SYSROOT_DESTDIR}${bindir_crossscripts}/net-snmp-config
+    fi
+}
+
+PACKAGES += "${PN}-libs ${PN}-mibs ${PN}-server ${PN}-client \
+             ${PN}-server-snmpd ${PN}-server-snmptrapd \
+             ${PN}-lib-netsnmp ${PN}-lib-agent ${PN}-lib-helpers \
+             ${PN}-lib-mibs ${PN}-lib-trapd"
+
+# perl module
+PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'perl', '${PN}-perl-modules', '', d)}"
+
+ALLOW_EMPTY_${PN} = "1"
+ALLOW_EMPTY_${PN}-server = "1"
+ALLOW_EMPTY_${PN}-libs = "1"
+
+FILES_${PN}-perl-modules = "${libdir}/perl?/*"
+RDEPENDS_${PN}-perl-modules = "perl"
+
+FILES_${PN}-libs = ""
+FILES_${PN}-mibs = "${datadir}/snmp/mibs"
+FILES_${PN}-server-snmpd = "${sbindir}/snmpd \
+                            ${sysconfdir}/snmp/snmpd.conf \
+                            ${sysconfdir}/init.d \
+                            ${systemd_unitdir}/system/snmpd.service \
+"
+
+FILES_${PN}-server-snmptrapd = "${sbindir}/snmptrapd \
+                                ${sysconfdir}/snmp/snmptrapd.conf \
+                                ${systemd_unitdir}/system/snmptrapd.service \
+"
+
+FILES_${PN}-lib-netsnmp = "${libdir}/libnetsnmp${SOLIBS}"
+FILES_${PN}-lib-agent = "${libdir}/libnetsnmpagent${SOLIBS}"
+FILES_${PN}-lib-helpers = "${libdir}/libnetsnmphelpers${SOLIBS}"
+FILES_${PN}-lib-mibs = "${libdir}/libnetsnmpmibs${SOLIBS}"
+FILES_${PN}-lib-trapd = "${libdir}/libnetsnmptrapd${SOLIBS}"
+
+FILES_${PN} = ""
+FILES_${PN}-client = "${bindir}/* ${datadir}/snmp/"
+FILES_${PN}-dbg += "${libdir}/.debug/ ${sbindir}/.debug/ ${bindir}/.debug/"
+FILES_${PN}-dev += "${bindir}/mib2c \
+                    ${bindir}/mib2c-update \
+                    ${bindir}/net-snmp-config \
+                    ${bindir}/net-snmp-create-v3-user \
+"
+
+CONFFILES_${PN}-server-snmpd = "${sysconfdir}/snmp/snmpd.conf"
+CONFFILES_${PN}-server-snmptrapd = "${sysconfdir}/snmp/snmptrapd.conf"
+
+INITSCRIPT_PACKAGES = "${PN}-server-snmpd"
+INITSCRIPT_NAME_${PN}-server-snmpd = "snmpd"
+INITSCRIPT_PARAMS_${PN}-server-snmpd = "start 90 2 3 4 5 . stop 60 0 1 6 ."
+
+EXTRA_OECONF += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)}"
+
+SYSTEMD_PACKAGES = "${PN}-server-snmpd \
+                    ${PN}-server-snmptrapd"
+
+SYSTEMD_SERVICE_${PN}-server-snmpd = "snmpd.service"
+SYSTEMD_SERVICE_${PN}-server-snmptrapd =  "snmptrapd.service"
+
+RDEPENDS_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'net-snmp-perl-modules', '', d)}"
+RDEPENDS_${PN} += "net-snmp-client"
+RDEPENDS_${PN}-server-snmpd += "net-snmp-mibs"
+RDEPENDS_${PN}-server-snmptrapd += "net-snmp-server-snmpd ${PN}-lib-trapd"
+RDEPENDS_${PN}-server += "net-snmp-server-snmpd net-snmp-server-snmptrapd"
+RDEPENDS_${PN}-client += "net-snmp-mibs net-snmp-libs"
+RDEPENDS_${PN}-libs += "libpci \
+                        ${PN}-lib-netsnmp \
+                        ${PN}-lib-agent \
+                        ${PN}-lib-helpers \
+                        ${PN}-lib-mibs \
+"
+RDEPENDS_${PN}-ptest += "perl \
+                         perl-module-test \
+                         perl-module-file-basename \
+                         perl-module-getopt-long \
+                         perl-module-file-temp \
+                         perl-module-data-dumper \
+"
+RDEPENDS_${PN}-dev = "net-snmp-client (= ${EXTENDPKGV}) net-snmp-server (= ${EXTENDPKGV})"
+RRECOMMENDS_${PN}-dbg = "net-snmp-client (= ${EXTENDPKGV}) net-snmp-server (= ${EXTENDPKGV})"
+
+RPROVIDES_${PN}-server-snmpd += "${PN}-server-snmpd-systemd"
+RREPLACES_${PN}-server-snmpd += "${PN}-server-snmpd-systemd"
+RCONFLICTS_${PN}-server-snmpd += "${PN}-server-snmpd-systemd"
+
+RPROVIDES_${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd"
+RREPLACES_${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd"
+RCONFLICTS_${PN}-server-snmptrapd += "${PN}-server-snmptrapd-systemd"
+
+LEAD_SONAME = "libnetsnmp.so"
+
+MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/net-snmp-config"
diff --git a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.77.0.bb
index 73dbd853c..9a5a40ec7 100644
--- a/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.74.0.bb
+++ b/meta-openbmc-mods/meta-common/recipes-support/curl/curl_7.77.0.bb
@@ -3,14 +3,14 @@ HOMEPAGE = "http://curl.haxx.se/"
 BUGTRACKER = "http://curl.haxx.se/mail/list.cgi?list=curl-tracker"
 SECTION = "console/network"
 LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531"
+LIC_FILES_CHKSUM = "file://COPYING;md5=425f6fdc767cc067518eef9bbdf4ab7b"
 
 SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
            file://0001-replace-krb5-config-with-pkg-config.patch \
 "
 
-SRC_URI[md5sum] = "646c71c7c9fdb71308032790d885ea00"
-SRC_URI[sha256sum] = "0f4d63e6681636539dc88fa8e929f934cd3a840c46e0bf28c73be11e521b77a5"
+SRC_URI[md5sum] = "045d28029679dabb6b20a814934671ad"
+SRC_URI[sha256sum] = "6c0c28868cb82593859fc43b9c8fdb769314c855c05cf1b56b023acf855df8ea"
 
 CVE_PRODUCT = "curl libcurl"
 inherit autotools pkgconfig binconfig multilib_header
diff --git a/meta-openbmc-mods/meta-common/recipes-support/gnutls/gnutls_%.bbappend b/meta-openbmc-mods/meta-common/recipes-support/gnutls/gnutls_%.bbappend
index 4377bf0e3..31eea8292 100644
--- a/meta-openbmc-mods/meta-common/recipes-support/gnutls/gnutls_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-support/gnutls/gnutls_%.bbappend
@@ -1,12 +1,11 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 
-PV = "3.6.15"
+PV = "3.7.1"
 
 SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
           "
-SRC_URI[md5sum] = "e80e0d20a8bb337a15fa63caa7f67006"
-#SRC_URI[sha256sum] =  "3847a3354dd908c5e603f490865ae10577d7ee3b5edf35e82d1ed8cfa1cf0191"
-SRC_URI[sha256sum] = "0ea8c3283de8d8335d7ae338ef27c53a916f15f382753b174c18b45ffd481558"
+SRC_URI[md5sum] = "278e1f50d79cd13727733adbf01fde8f"
+SRC_URI[sha256sum] = "3777d7963eca5e06eb315686163b7b3f5045e2baac5e54e038ace9835e5cac6f"
 
 
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
new file mode 100644
index 000000000..4df96f001
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
@@ -0,0 +1,90 @@
+From 1374254c2904ab5b18ba4a890856824a102d4705 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Sat, 27 Apr 2019 19:33:28 +0300
+Subject: [PATCH 1/3] Prefetch GCM look-up tables
+
+* cipher/cipher-gcm.c (prefetch_table, do_prefetch_tables)
+(prefetch_tables): New.
+(ghash_internal): Call prefetch_tables.
+--
+
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/cipher-gcm.c | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index c19f09f..11f119a 100644
+--- a/cipher/cipher-gcm.c
++++ b/cipher/cipher-gcm.c
+@@ -118,6 +118,34 @@ static const u16 gcmR[256] = {
+   0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+ };
+ 
++static inline
++void prefetch_table(const void *tab, size_t len)
++{
++  const volatile byte *vtab = tab;
++  size_t i;
++
++  for (i = 0; i < len; i += 8 * 32)
++    {
++      (void)vtab[i + 0 * 32];
++      (void)vtab[i + 1 * 32];
++      (void)vtab[i + 2 * 32];
++      (void)vtab[i + 3 * 32];
++      (void)vtab[i + 4 * 32];
++      (void)vtab[i + 5 * 32];
++      (void)vtab[i + 6 * 32];
++      (void)vtab[i + 7 * 32];
++    }
++
++  (void)vtab[len - 1];
++}
++
++static inline void
++do_prefetch_tables (const void *gcmM, size_t gcmM_size)
++{
++  prefetch_table(gcmM, gcmM_size);
++  prefetch_table(gcmR, sizeof(gcmR));
++}
++
+ #ifdef GCM_TABLES_USE_U64
+ static void
+ bshift (u64 * b0, u64 * b1)
+@@ -365,6 +393,8 @@ do_ghash (unsigned char *result, const unsigned char *buf, const u32 *gcmM)
+ #define fillM(c) \
+   do_fillM (c->u_mode.gcm.u_ghash_key.key, c->u_mode.gcm.gcm_table)
+ #define GHASH(c, result, buf) do_ghash (result, buf, c->u_mode.gcm.gcm_table)
++#define prefetch_tables(c) \
++  do_prefetch_tables(c->u_mode.gcm.gcm_table, sizeof(c->u_mode.gcm.gcm_table))
+ 
+ #else
+ 
+@@ -430,6 +460,7 @@ do_ghash (unsigned char *hsub, unsigned char *result, const unsigned char *buf)
+ 
+ #define fillM(c) do { } while (0)
+ #define GHASH(c, result, buf) do_ghash (c->u_mode.gcm.u_ghash_key.key, result, buf)
++#define prefetch_tables(c) do {} while (0)
+ 
+ #endif /* !GCM_USE_TABLES */
+ 
+@@ -441,6 +472,8 @@ ghash_internal (gcry_cipher_hd_t c, byte *result, const byte *buf,
+   const unsigned int blocksize = GCRY_GCM_BLOCK_LEN;
+   unsigned int burn = 0;
+ 
++  prefetch_tables (c);
++
+   while (nblocks)
+     {
+       burn = GHASH (c, result, buf);
+-- 
+2.7.4
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch
new file mode 100644
index 000000000..cd8a5993b
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0001-libgcrypt-fix-m4-file-for-oe-core.patch
@@ -0,0 +1,149 @@
+From bee26d7c4ea0b4a397c289b819b89e78bc325ba0 Mon Sep 17 00:00:00 2001
+From: Trevor Gamblin <trevor.gamblin@windriver.com>
+Date: Tue, 29 Oct 2019 14:08:32 -0400
+Subject: [PATCH] libgcrypt: fix m4 file for oe-core
+
+Modify libgcrypt pkgconfig specifically for oe-core. Changes
+are based on a previous patch from RP, using wiggle to
+incorporate the parts that aren't in the upstream pkgconfig
+settings.
+
+Upstream-Status: Inappropriate [oe-specific]
+
+Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
+
+---
+ src/libgcrypt.m4 | 90 +++---------------------------------------------
+ 1 file changed, 4 insertions(+), 86 deletions(-)
+
+diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4
+index 37dfbea2..3d2e90a8 100644
+--- a/src/libgcrypt.m4
++++ b/src/libgcrypt.m4
+@@ -29,41 +29,6 @@ dnl is added to the gpg_config_script_warn variable.
+ dnl
+ AC_DEFUN([AM_PATH_LIBGCRYPT],
+ [ AC_REQUIRE([AC_CANONICAL_HOST])
+-  AC_ARG_WITH(libgcrypt-prefix,
+-            AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
+-                           [prefix where LIBGCRYPT is installed (optional)]),
+-     libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
+-  if test x"${LIBGCRYPT_CONFIG}" = x ; then
+-     if test x"${libgcrypt_config_prefix}" != x ; then
+-        LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
+-     fi
+-  fi
+-
+-  use_gpgrt_config=""
+-  if test x"${LIBGCRYPT_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then
+-    if $GPGRT_CONFIG libgcrypt --exists; then
+-      LIBGCRYPT_CONFIG="$GPGRT_CONFIG libgcrypt"
+-      AC_MSG_NOTICE([Use gpgrt-config as libgcrypt-config])
+-      use_gpgrt_config=yes
+-    fi
+-  fi
+-  if test -z "$use_gpgrt_config"; then
+-    if test x"${LIBGCRYPT_CONFIG}" = x ; then
+-      case "${SYSROOT}" in
+-         /*)
+-           if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
+-             LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
+-           fi
+-           ;;
+-         '')
+-           ;;
+-          *)
+-           AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+-           ;;
+-      esac
+-    fi
+-    AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+-  fi
+ 
+   tmp=ifelse([$1], ,1:1.2.0,$1)
+   if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+@@ -74,56 +39,13 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+      min_libgcrypt_version="$tmp"
+   fi
+ 
+-  AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
+-  ok=no
+-  if test "$LIBGCRYPT_CONFIG" != "no" ; then
+-    req_major=`echo $min_libgcrypt_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+-    req_minor=`echo $min_libgcrypt_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+-    req_micro=`echo $min_libgcrypt_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+-    if test -z "$use_gpgrt_config"; then
+-      libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+-    else
+-      libgcrypt_config_version=`$LIBGCRYPT_CONFIG --modversion`
+-    fi
+-    major=`echo $libgcrypt_config_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+-    minor=`echo $libgcrypt_config_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+-    micro=`echo $libgcrypt_config_version | \
+-               sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+-    if test "$major" -gt "$req_major"; then
+-        ok=yes
+-    else
+-        if test "$major" -eq "$req_major"; then
+-            if test "$minor" -gt "$req_minor"; then
+-               ok=yes
+-            else
+-               if test "$minor" -eq "$req_minor"; then
+-                   if test "$micro" -ge "$req_micro"; then
+-                     ok=yes
+-                   fi
+-               fi
+-            fi
+-        fi
+-    fi
+-  fi
+-  if test $ok = yes; then
+-    AC_MSG_RESULT([yes ($libgcrypt_config_version)])
+-  else
+-    AC_MSG_RESULT(no)
+-  fi
++  PKG_CHECK_MODULES(LIBGCRYPT, [libgcrypt >= $min_libgcrypt_version], [ok=yes], [ok=no])
++
+   if test $ok = yes; then
+      # If we have a recent libgcrypt, we should also check that the
+      # API is compatible
+      if test "$req_libgcrypt_api" -gt 0 ; then
+-        if test -z "$use_gpgrt_config"; then
+-           tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+-	else
+-           tmp=`$LIBGCRYPT_CONFIG --variable=api_version 2>/dev/null || echo 0`
+-	fi
++        tmp=`$PKG_CONFIG --variable=api_version libgcrypt`
+         if test "$tmp" -gt 0 ; then
+            AC_MSG_CHECKING([LIBGCRYPT API version])
+            if test "$req_libgcrypt_api" -eq "$tmp" ; then
+@@ -136,11 +58,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+      fi
+   fi
+   if test $ok = yes; then
+-    LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
+-    LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
+     ifelse([$2], , :, [$2])
+     if test -z "$use_gpgrt_config"; then
+-      libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
++      libgcrypt_config_host=`$PKG_CONFIG --variable=host libgcrypt`
+     else
+       libgcrypt_config_host=`$LIBGCRYPT_CONFIG --variable=host 2>/dev/null || echo none`
+     fi
+@@ -158,8 +78,6 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
+       fi
+     fi
+   else
+-    LIBGCRYPT_CFLAGS=""
+-    LIBGCRYPT_LIBS=""
+     ifelse([$3], , :, [$3])
+   fi
+   AC_SUBST(LIBGCRYPT_CFLAGS)
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
new file mode 100644
index 000000000..c82c5b5c8
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
@@ -0,0 +1,332 @@
+From 119348dd9aa52ab229afb5e2d3342d2b76fe81bf Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:18:09 +0300
+Subject: [PATCH 2/3] AES: move look-up tables to .data section and unshare between
+ processes
+
+* cipher/rijndael-internal.h (ATTR_ALIGNED_64): New.
+* cipher/rijndael-tables.h (encT): Move to 'enc_tables' structure.
+(enc_tables): New structure for encryption table with counters before
+and after.
+(encT): New macro.
+(dec_tables): Add counters before and after encryption table; Move
+from .rodata to .data section.
+(do_encrypt): Change 'encT' to 'enc_tables.T'.
+(do_decrypt): Change '&dec_tables' to 'dec_tables.T'.
+* cipher/cipher-gcm.c (prefetch_table): Make inline; Handle input
+with length not multiple of 256.
+(prefetch_enc, prefetch_dec): Modify pre- and post-table counters
+to unshare look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/rijndael-internal.h |   4 +-
+ cipher/rijndael-tables.h   | 155 +++++++++++++++++++++++++--------------------
+ cipher/rijndael.c          |  35 ++++++++--
+ 3 files changed, 118 insertions(+), 76 deletions(-)
+
+diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h
+index 160fb8c..a62d4b7 100644
+--- a/cipher/rijndael-internal.h
++++ b/cipher/rijndael-internal.h
+@@ -29,11 +29,13 @@
+ #define BLOCKSIZE               (128/8)
+ 
+ 
+-/* Helper macro to force alignment to 16 bytes.  */
++/* Helper macro to force alignment to 16 or 64 bytes.  */
+ #ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
+ # define ATTR_ALIGNED_16  __attribute__ ((aligned (16)))
++# define ATTR_ALIGNED_64  __attribute__ ((aligned (64)))
+ #else
+ # define ATTR_ALIGNED_16
++# define ATTR_ALIGNED_64
+ #endif
+ 
+ 
+diff --git a/cipher/rijndael-tables.h b/cipher/rijndael-tables.h
+index 8359470..b54d959 100644
+--- a/cipher/rijndael-tables.h
++++ b/cipher/rijndael-tables.h
+@@ -21,80 +21,98 @@
+ /* To keep the actual implementation at a readable size we use this
+    include file to define the tables.  */
+ 
+-static const u32 encT[256] =
++static struct
++{
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
++  u32 T[256];
++  volatile u32 counter_tail;
++} enc_tables ATTR_ALIGNED_64 =
+   {
+-    0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
+-    0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+-    0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+-    0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+-    0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+-    0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+-    0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+-    0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+-    0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+-    0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
+-    0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
+-    0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+-    0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+-    0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
+-    0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+-    0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+-    0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+-    0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+-    0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+-    0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+-    0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
+-    0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+-    0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+-    0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+-    0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
+-    0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
+-    0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+-    0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+-    0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+-    0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+-    0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+-    0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
+-    0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+-    0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
+-    0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+-    0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+-    0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+-    0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
+-    0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+-    0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
+-    0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
+-    0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+-    0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
+-    0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
+-    0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+-    0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
+-    0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
+-    0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+-    0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
+-    0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
+-    0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+-    0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
+-    0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
+-    0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
+-    0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
+-    0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
+-    0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+-    0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
+-    0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
+-    0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+-    0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
+-    0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
+-    0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+-    0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++    0,
++    { 0, },
++    {
++      0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
++      0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
++      0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
++      0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
++      0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
++      0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
++      0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
++      0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
++      0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
++      0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
++      0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
++      0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
++      0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
++      0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
++      0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
++      0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
++      0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
++      0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
++      0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
++      0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
++      0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
++      0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
++      0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
++      0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
++      0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
++      0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
++      0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
++      0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
++      0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
++      0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
++      0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
++      0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
++      0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
++      0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
++      0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
++      0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
++      0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
++      0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
++      0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
++      0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
++      0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
++      0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
++      0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
++      0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
++      0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
++      0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
++      0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
++      0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
++      0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
++      0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
++      0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
++      0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
++      0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
++      0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
++      0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
++      0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
++      0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
++      0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
++      0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
++      0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
++      0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
++      0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
++      0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
++      0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
++    },
++    0
+   };
+ 
+-static const struct
++#define encT enc_tables.T
++
++static struct
+ {
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
+   u32 T[256];
+   byte inv_sbox[256];
+-} dec_tables =
++  volatile u32 counter_tail;
++} dec_tables ATTR_ALIGNED_64 =
+   {
++    0,
++    { 0, },
+     {
+       0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
+       0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
+@@ -194,7 +212,8 @@ static const struct
+       0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+       0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+       0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+-    }
++    },
++    0
+   };
+ 
+ #define decT dec_tables.T
+diff --git a/cipher/rijndael.c b/cipher/rijndael.c
+index 8637195..d0edab2 100644
+--- a/cipher/rijndael.c
++++ b/cipher/rijndael.c
+@@ -227,11 +227,11 @@ static const char *selftest(void);
+ 
+ 
+ /* Prefetching for encryption/decryption tables. */
+-static void prefetch_table(const volatile byte *tab, size_t len)
++static inline void prefetch_table(const volatile byte *tab, size_t len)
+ {
+   size_t i;
+ 
+-  for (i = 0; i < len; i += 8 * 32)
++  for (i = 0; len - i >= 8 * 32; i += 8 * 32)
+     {
+       (void)tab[i + 0 * 32];
+       (void)tab[i + 1 * 32];
+@@ -242,17 +242,37 @@ static void prefetch_table(const volatile byte *tab, size_t len)
+       (void)tab[i + 6 * 32];
+       (void)tab[i + 7 * 32];
+     }
++  for (; i < len; i += 32)
++    {
++      (void)tab[i];
++    }
+ 
+   (void)tab[len - 1];
+ }
+ 
+ static void prefetch_enc(void)
+ {
+-  prefetch_table((const void *)encT, sizeof(encT));
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  enc_tables.counter_head++;
++  enc_tables.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
++  prefetch_table((const void *)&enc_tables, sizeof(enc_tables));
+ }
+ 
+ static void prefetch_dec(void)
+ {
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  dec_tables.counter_head++;
++  dec_tables.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
+   prefetch_table((const void *)&dec_tables, sizeof(dec_tables));
+ }
+ 
+@@ -737,7 +757,7 @@ do_encrypt (const RIJNDAEL_context *ctx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+   return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
+-				       encT);
++				       enc_tables.T);
+ # else
+   /* Call SystemV ABI function without storing non-volatile XMM registers,
+    * as target function does not use vector instruction sets. */
+@@ -757,7 +777,8 @@ do_encrypt (const RIJNDAEL_context *ctx,
+   return ret;
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+-  return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT);
++  return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds,
++				     enc_tables.T);
+ #else
+   return do_encrypt_fn (ctx, bx, ax);
+ #endif /* !USE_ARM_ASM && !USE_AMD64_ASM*/
+@@ -1120,7 +1141,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ #ifdef USE_AMD64_ASM
+ # ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS
+   return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+-				       &dec_tables);
++				       dec_tables.T);
+ # else
+   /* Call SystemV ABI function without storing non-volatile XMM registers,
+    * as target function does not use vector instruction sets. */
+@@ -1141,7 +1162,7 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx,
+ # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */
+ #elif defined(USE_ARM_ASM)
+   return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds,
+-				     &dec_tables);
++				     dec_tables.T);
+ #else
+   return do_decrypt_fn (ctx, bx, ax);
+ #endif /*!USE_ARM_ASM && !USE_AMD64_ASM*/
+-- 
+2.7.4
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
new file mode 100644
index 000000000..f9c362431
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
@@ -0,0 +1,39 @@
+From 3c6c10eae0993c8ca60879494c6650f7b8f54ebe Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Wed, 16 Aug 2017 10:44:41 +0800
+Subject: [PATCH] libgcrypt: fix building error with '-O2' in sysroot path
+
+Upstream-Status: Pending
+
+Characters like '-O2' or '-Ofast' will be replaced by '-O1' when
+compiling cipher.
+If we are cross compiling libgcrypt and sysroot contains such
+characters, we would
+get compile errors because the sysroot path has been modified.
+
+Fix this by adding blank spaces before and after the original matching
+pattern in the
+sed command.
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+
+Rebase to 1.8.0
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
+---
+ cipher/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cipher/Makefile.am b/cipher/Makefile.am
+index d644005..1cf5072 100644
+--- a/cipher/Makefile.am
++++ b/cipher/Makefile.am
+@@ -147,7 +147,7 @@ gost-s-box: gost-s-box.c
+ 
+ 
+ if ENABLE_O_FLAG_MUNGING
+-o_flag_munging = sed -e 's/-O\([2-9sg][2-9sg]*\)/-O1/' -e 's/-Ofast/-O1/g'
++o_flag_munging = sed -e 's/ -O\([2-9sg][2-9sg]*\) / -O1 /' -e 's/ -Ofast / -O1 /g'
+ else
+ o_flag_munging = cat
+ endif
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch
new file mode 100644
index 000000000..b580b7b13
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch
@@ -0,0 +1,178 @@
+From a4c561aab1014c3630bc88faf6f5246fee16b020 Mon Sep 17 00:00:00 2001
+From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+Date: Fri, 31 May 2019 17:27:25 +0300
+Subject: [PATCH 3/3] GCM: move look-up table to .data section and unshare
+ between processes
+
+* cipher/cipher-gcm.c (ATTR_ALIGNED_64): New.
+(gcmR): Move to 'gcm_table' structure.
+(gcm_table): New structure for look-up table with counters before and
+after.
+(gcmR): New macro.
+(prefetch_table): Handle input with length not multiple of 256.
+(do_prefetch_tables): Modify pre- and post-table counters to unshare
+look-up table pages between processes.
+--
+
+GnuPG-bug-id: 4541
+Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
+
+Upstream-Status: Backport
+[https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020]
+
+CVE: CVE-2019-12904
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cipher/cipher-gcm.c | 106 ++++++++++++++++++++++++++++++++++------------------
+ 1 file changed, 70 insertions(+), 36 deletions(-)
+
+diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
+index 11f119a..194e2ec 100644
+--- a/cipher/cipher-gcm.c
++++ b/cipher/cipher-gcm.c
+@@ -30,6 +30,14 @@
+ #include "./cipher-internal.h"
+ 
+ 
++/* Helper macro to force alignment to 16 or 64 bytes.  */
++#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
++# define ATTR_ALIGNED_64  __attribute__ ((aligned (64)))
++#else
++# define ATTR_ALIGNED_64
++#endif
++
++
+ #ifdef GCM_USE_INTEL_PCLMUL
+ extern void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c);
+ 
+@@ -83,40 +91,54 @@ ghash_armv7_neon (gcry_cipher_hd_t c, byte *result, const byte *buf,
+ 
+ 
+ #ifdef GCM_USE_TABLES
+-static const u16 gcmR[256] = {
+-  0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
+-  0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
+-  0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
+-  0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
+-  0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
+-  0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
+-  0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
+-  0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
+-  0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
+-  0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
+-  0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
+-  0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
+-  0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
+-  0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
+-  0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
+-  0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
+-  0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
+-  0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
+-  0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
+-  0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
+-  0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
+-  0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
+-  0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
+-  0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
+-  0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
+-  0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
+-  0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
+-  0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
+-  0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
+-  0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
+-  0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
+-  0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
+-};
++static struct
++{
++  volatile u32 counter_head;
++  u32 cacheline_align[64 / 4 - 1];
++  u16 R[256];
++  volatile u32 counter_tail;
++} gcm_table ATTR_ALIGNED_64 =
++  {
++    0,
++    { 0, },
++    {
++      0x0000, 0x01c2, 0x0384, 0x0246, 0x0708, 0x06ca, 0x048c, 0x054e,
++      0x0e10, 0x0fd2, 0x0d94, 0x0c56, 0x0918, 0x08da, 0x0a9c, 0x0b5e,
++      0x1c20, 0x1de2, 0x1fa4, 0x1e66, 0x1b28, 0x1aea, 0x18ac, 0x196e,
++      0x1230, 0x13f2, 0x11b4, 0x1076, 0x1538, 0x14fa, 0x16bc, 0x177e,
++      0x3840, 0x3982, 0x3bc4, 0x3a06, 0x3f48, 0x3e8a, 0x3ccc, 0x3d0e,
++      0x3650, 0x3792, 0x35d4, 0x3416, 0x3158, 0x309a, 0x32dc, 0x331e,
++      0x2460, 0x25a2, 0x27e4, 0x2626, 0x2368, 0x22aa, 0x20ec, 0x212e,
++      0x2a70, 0x2bb2, 0x29f4, 0x2836, 0x2d78, 0x2cba, 0x2efc, 0x2f3e,
++      0x7080, 0x7142, 0x7304, 0x72c6, 0x7788, 0x764a, 0x740c, 0x75ce,
++      0x7e90, 0x7f52, 0x7d14, 0x7cd6, 0x7998, 0x785a, 0x7a1c, 0x7bde,
++      0x6ca0, 0x6d62, 0x6f24, 0x6ee6, 0x6ba8, 0x6a6a, 0x682c, 0x69ee,
++      0x62b0, 0x6372, 0x6134, 0x60f6, 0x65b8, 0x647a, 0x663c, 0x67fe,
++      0x48c0, 0x4902, 0x4b44, 0x4a86, 0x4fc8, 0x4e0a, 0x4c4c, 0x4d8e,
++      0x46d0, 0x4712, 0x4554, 0x4496, 0x41d8, 0x401a, 0x425c, 0x439e,
++      0x54e0, 0x5522, 0x5764, 0x56a6, 0x53e8, 0x522a, 0x506c, 0x51ae,
++      0x5af0, 0x5b32, 0x5974, 0x58b6, 0x5df8, 0x5c3a, 0x5e7c, 0x5fbe,
++      0xe100, 0xe0c2, 0xe284, 0xe346, 0xe608, 0xe7ca, 0xe58c, 0xe44e,
++      0xef10, 0xeed2, 0xec94, 0xed56, 0xe818, 0xe9da, 0xeb9c, 0xea5e,
++      0xfd20, 0xfce2, 0xfea4, 0xff66, 0xfa28, 0xfbea, 0xf9ac, 0xf86e,
++      0xf330, 0xf2f2, 0xf0b4, 0xf176, 0xf438, 0xf5fa, 0xf7bc, 0xf67e,
++      0xd940, 0xd882, 0xdac4, 0xdb06, 0xde48, 0xdf8a, 0xddcc, 0xdc0e,
++      0xd750, 0xd692, 0xd4d4, 0xd516, 0xd058, 0xd19a, 0xd3dc, 0xd21e,
++      0xc560, 0xc4a2, 0xc6e4, 0xc726, 0xc268, 0xc3aa, 0xc1ec, 0xc02e,
++      0xcb70, 0xcab2, 0xc8f4, 0xc936, 0xcc78, 0xcdba, 0xcffc, 0xce3e,
++      0x9180, 0x9042, 0x9204, 0x93c6, 0x9688, 0x974a, 0x950c, 0x94ce,
++      0x9f90, 0x9e52, 0x9c14, 0x9dd6, 0x9898, 0x995a, 0x9b1c, 0x9ade,
++      0x8da0, 0x8c62, 0x8e24, 0x8fe6, 0x8aa8, 0x8b6a, 0x892c, 0x88ee,
++      0x83b0, 0x8272, 0x8034, 0x81f6, 0x84b8, 0x857a, 0x873c, 0x86fe,
++      0xa9c0, 0xa802, 0xaa44, 0xab86, 0xaec8, 0xaf0a, 0xad4c, 0xac8e,
++      0xa7d0, 0xa612, 0xa454, 0xa596, 0xa0d8, 0xa11a, 0xa35c, 0xa29e,
++      0xb5e0, 0xb422, 0xb664, 0xb7a6, 0xb2e8, 0xb32a, 0xb16c, 0xb0ae,
++      0xbbf0, 0xba32, 0xb874, 0xb9b6, 0xbcf8, 0xbd3a, 0xbf7c, 0xbebe,
++    },
++    0
++  };
++
++#define gcmR gcm_table.R
+ 
+ static inline
+ void prefetch_table(const void *tab, size_t len)
+@@ -124,7 +146,7 @@ void prefetch_table(const void *tab, size_t len)
+   const volatile byte *vtab = tab;
+   size_t i;
+ 
+-  for (i = 0; i < len; i += 8 * 32)
++  for (i = 0; len - i >= 8 * 32; i += 8 * 32)
+     {
+       (void)vtab[i + 0 * 32];
+       (void)vtab[i + 1 * 32];
+@@ -135,6 +157,10 @@ void prefetch_table(const void *tab, size_t len)
+       (void)vtab[i + 6 * 32];
+       (void)vtab[i + 7 * 32];
+     }
++  for (; i < len; i += 32)
++    {
++      (void)vtab[i];
++    }
+ 
+   (void)vtab[len - 1];
+ }
+@@ -142,8 +168,16 @@ void prefetch_table(const void *tab, size_t len)
+ static inline void
+ do_prefetch_tables (const void *gcmM, size_t gcmM_size)
+ {
++  /* Modify counters to trigger copy-on-write and unsharing if physical pages
++   * of look-up table are shared between processes.  Modifying counters also
++   * causes checksums for pages to change and hint same-page merging algorithm
++   * that these pages are frequently changing.  */
++  gcm_table.counter_head++;
++  gcm_table.counter_tail++;
++
++  /* Prefetch look-up tables to cache.  */
+   prefetch_table(gcmM, gcmM_size);
+-  prefetch_table(gcmR, sizeof(gcmR));
++  prefetch_table(&gcm_table, sizeof(gcm_table));
+ }
+ 
+ #ifdef GCM_TABLES_USE_U64
+-- 
+2.7.4
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch
new file mode 100644
index 000000000..105df2957
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch
@@ -0,0 +1,79 @@
+From 7cc702c7b5a1ccc2b0091f3effa1391b6c3030fd Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Wed, 16 Aug 2017 10:46:28 +0800
+Subject: [PATCH 3/4] tests/bench-slope.c: workaround ICE failure on mips with
+ '-O -g'
+
+Hit a ICE and could reduce it to the following minimal example:
+
+1. Only the size of array assigned with 2 caused the issue:
+$ cat > mipgcc-test.c << END
+
+int main (int argc, char **argv)
+{
+        char *pStrArry[ARRAY_SIZE_MAX] = {"hello"};
+        int i = 0;
+
+        while(pStrArry[i] && i<ARRAY_SIZE_MAX)
+        {
+                printf("%s\n", pStrArry[i]);
+                i++;
+        }
+
+        return 0;
+}
+
+END
+
+2. Only -O1 and -g on mips caused the issue:
+$ mips-poky-linux-gcc -O1 -g -o mipgcc-test mipgcc-test.c
+mipgcc-test.c: In function 'main':
+mipgcc-test.c:18:1: internal compiler error: in dwarf2out_var_location,
+at dwarf2out.c:20810
+ }
+ ^
+Please submit a full bug report,
+with preprocessed source if appropriate.
+See <http://gcc.gnu.org/bugs.html> for instructions
+
+3. The quick workround is trying to enlarge the size of array with
+larger
+than 2.
+
+4. File a bug to GNU, but it could not be reproduced on there
+environment.
+http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60643
+
+Upstream-Status: Inappropriate [oe specific]
+
+Rebase to 1.8.0
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ tests/bench-slope.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/bench-slope.c b/tests/bench-slope.c
+index 75e6e43..4e70842 100644
+--- a/tests/bench-slope.c
++++ b/tests/bench-slope.c
+@@ -1463,7 +1463,7 @@ static struct bench_ops hash_ops = {
+ };
+ 
+ 
+-static struct bench_hash_mode hash_modes[] = {
++static struct bench_hash_mode hash_modes[3] = {
+   {"", &hash_ops},
+   {0},
+ };
+@@ -1629,7 +1629,7 @@ static struct bench_ops mac_ops = {
+ };
+ 
+ 
+-static struct bench_mac_mode mac_modes[] = {
++static struct bench_mac_mode mac_modes[3] = {
+   {"", &mac_ops},
+   {0},
+ };
+-- 
+1.8.3.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch
new file mode 100644
index 000000000..8622df3ea
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch
@@ -0,0 +1,28 @@
+From e20dbdb0b8f0af840ef90b299c4e2277c52ddf87 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Sun, 12 Jun 2016 04:44:29 -0400
+Subject: [PATCH 4/4] tests/Makefile.am: fix undefined reference to
+ `pthread_create'
+
+Add missing '-lpthread' to CFLAGS
+
+Upstream-Status: Pending
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ tests/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 1744ea7..04cf425 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -64,4 +64,4 @@ EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl \
+ 
+ LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS)
+ t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS)
+-t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS)
++t_lock_CFLAGS = $(GPG_ERROR_MT_CFLAGS) -lpthread
+-- 
+1.8.3.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/determinism.patch b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/determinism.patch
new file mode 100644
index 000000000..ad0b8c795
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/files/determinism.patch
@@ -0,0 +1,32 @@
+gnutls detects our outer git trees and injects that revision into its objects.
+That isn't deterministic so stop it. Also ensure we're not marked as a development
+build as its git detection is faulty.
+
+RP 2020/2/6
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+
+Index: libgcrypt-1.8.5/configure.ac
+===================================================================
+--- libgcrypt-1.8.5.orig/configure.ac
++++ libgcrypt-1.8.5/configure.ac
+@@ -45,7 +45,7 @@ m4_define([mym4_revision_dec],
+ m4_define([mym4_betastring],
+           m4_esyscmd_s([git describe --match 'libgcrypt-[0-9].*[0-9]' --long|\
+                         awk -F- '$3!=0{print"-beta"$3}']))
+-m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes]))
++m4_define([mym4_isgit],[no])
+ m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
+ 
+ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
+@@ -2575,7 +2575,7 @@ AM_CONDITIONAL([BUILD_DOC], [test "x$bui
+ #
+ # Provide information about the build.
+ #
+-BUILD_REVISION="mym4_revision"
++BUILD_REVISION="None"
+ AC_SUBST(BUILD_REVISION)
+ AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION",
+                    [GIT commit id revision used to build this package])
diff --git a/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/libgcrypt_1.8.8.bb b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/libgcrypt_1.8.8.bb
new file mode 100644
index 000000000..043044a4b
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/libgcrypt/libgcrypt_1.8.8.bb
@@ -0,0 +1,58 @@
+SUMMARY = "General purpose cryptographic library based on the code from GnuPG"
+HOMEPAGE = "http://directory.fsf.org/project/libgcrypt/"
+BUGTRACKER = "https://bugs.g10code.com/gnupg/index"
+SECTION = "libs"
+
+# helper program gcryptrnd and getrandom are under GPL, rest LGPL
+LICENSE = "GPLv2+ & LGPLv2.1+ & GPLv3+"
+LICENSE_${PN} = "LGPLv2.1+"
+LICENSE_${PN}-dev = "GPLv2+ & LGPLv2.1+"
+LICENSE_dumpsexp-dev = "GPLv3+"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+                    file://COPYING.LIB;md5=bbb461211a33b134d42ed5ee802b37ff \
+                    file://LICENSES;md5=840e3bcb754e5046ffeda7619034cbd8"
+
+DEPENDS = "libgpg-error"
+
+UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
+SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
+           file://0001-libgcrypt-fix-m4-file-for-oe-core.patch \
+           file://0003-tests-bench-slope.c-workaround-ICE-failure-on-mips-w.patch \
+           file://0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch \
+           file://0004-tests-Makefile.am-fix-undefined-reference-to-pthread.patch \
+           file://0001-Prefetch-GCM-look-up-tables.patch \
+           file://0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch \
+           file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
+           file://determinism.patch \
+"
+SRC_URI[md5sum] = "252045343c586e5261134c91330f5b90"
+SRC_URI[sha256sum] = "895de2bb981dd127f0821d1ce13fadf7d760f9fa7737648b15f2c1fe13cc5af5"
+
+BINCONFIG = "${bindir}/libgcrypt-config"
+
+inherit autotools texinfo binconfig-disabled pkgconfig
+
+EXTRA_OECONF = "--disable-asm"
+EXTRA_OEMAKE_class-target = "LIBTOOLFLAGS='--tag=CC'"
+
+PACKAGECONFIG ??= "capabilities"
+PACKAGECONFIG[capabilities] = "--with-capabilities,--without-capabilities,libcap"
+
+do_configure_prepend () {
+	# Else this could be used in preference to the one in aclocal-copy
+	rm -f ${S}/m4/gpg-error.m4
+}
+
+# libgcrypt.pc is added locally and thus installed here
+do_install_append() {
+	install -d ${D}/${libdir}/pkgconfig
+	install -m 0644 ${B}/src/libgcrypt.pc ${D}/${libdir}/pkgconfig/
+}
+
+PACKAGES =+ "dumpsexp-dev"
+
+FILES_${PN}-dev += "${bindir}/hmac256"
+FILES_dumpsexp-dev += "${bindir}/dumpsexp"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch
new file mode 100644
index 000000000..e3f5c6de7
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/Add-target-to-only-build-tests-not-run-them.patch
@@ -0,0 +1,45 @@
+Add target to only build tests (not run them)
+
+Not sending upstream as this is only a start of a solution to
+installable tests: It's useful for us already as is.
+
+Upstream-Status: Inappropriate [not a complete solution]
+
+Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
+Refactored for 3.4
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ Makefile.in           | 3 +++
+ testsuite/Makefile.in | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/Makefile.in b/Makefile.in
+index e5ccfc7..15c9275 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -52,6 +52,9 @@ clean distclean mostlyclean maintainer-clean tags:
+ 	  echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
+ 	$(MAKE) $@-here
+ 
++buildtest:
++	echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@)
++
+ check-here:
+ 	true
+ 
+diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
+index 3f5e5f6..8fd68a3 100644
+--- a/testsuite/Makefile.in
++++ b/testsuite/Makefile.in
+@@ -122,6 +122,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \
+ # data.
+ VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes @IF_ASM@ --partial-loads-ok=yes
+ 
++buildtest: $(TS_ALL)
++
+ check: $(TS_ALL)
+ 	TEST_SHLIB_DIR="$(TEST_SHLIB_DIR)" \
+ 	  srcdir="$(srcdir)" \
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch
new file mode 100644
index 000000000..d5f266681
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/check-header-files-of-openssl-only-if-enable_.patch
@@ -0,0 +1,36 @@
+From ffee6b5f6204a0210f717968ec6ce514d70acca1 Mon Sep 17 00:00:00 2001
+From: Haiqing Bai <Haiqing.Bai@windriver.com>
+Date: Fri, 9 Dec 2016 15:23:17 +0800
+Subject: [PATCH] nettle: check header files of openssl only if
+ 'enable_openssl=yes'.
+
+The original configure script checks openssl header files to generate
+config.h even if 'enable_openssl' is not set to yes, this made inconsistent
+building for nettle.
+
+Upstream-Status: Pending
+Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
+
+refactored for 3.4. pending not in as of 3.4
+
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: nettle-3.4/configure.ac
+===================================================================
+--- nettle-3.4.orig/configure.ac
++++ nettle-3.4/configure.ac
+@@ -185,9 +185,11 @@ AC_HEADER_TIME
+ AC_CHECK_SIZEOF(long)
+ AC_CHECK_SIZEOF(size_t)
+ 
+-AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],,
+-[enable_openssl=no
+- break])
++if test "x$enable_openssl" = "xyes"; then
++  AC_CHECK_HEADERS([openssl/evp.h openssl/ecdsa.h],,
++  [enable_openssl=no
++   break])
++fi
+ 
+ # For use by the testsuite
+ AC_CHECK_HEADERS([valgrind/memcheck.h])
diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/dlopen-test.patch b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/dlopen-test.patch
new file mode 100644
index 000000000..ab9b91f88
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/dlopen-test.patch
@@ -0,0 +1,29 @@
+Remove the relative path for libnettle.so so the test
+program can find it.
+Relative paths are not suitable, as the folder strucure for ptest
+is different from the one expected by the nettle testsuite.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ testsuite/dlopen-test.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/testsuite/dlopen-test.c b/testsuite/dlopen-test.c
+index 4265bf7..1a25d17 100644
+--- a/testsuite/dlopen-test.c
++++ b/testsuite/dlopen-test.c
+@@ -15,7 +15,7 @@ int
+ main (int argc UNUSED, char **argv UNUSED)
+ {
+ #if HAVE_LIBDL
+-  void *handle = dlopen ("../libnettle." SO_EXT, RTLD_NOW);
++  void *handle = dlopen ("libnettle.so", RTLD_NOW);
+   int (*get_version)(void);
+   if (!handle)
+     {
+-- 
+2.17.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/run-ptest b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/run-ptest
new file mode 100644
index 000000000..b90bed66d
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle/run-ptest
@@ -0,0 +1,36 @@
+#! /bin/sh
+
+cd testsuite
+
+failed=0
+all=0
+
+for f in *-test; do
+    if [ "$f" = "sha1-huge-test" ] ; then
+        echo "SKIP: $f (skipped for ludicrous run time)"
+        continue
+    fi
+
+    "./$f"
+    case "$?" in
+        0)
+            echo "PASS: $f"
+            all=$((all + 1))
+            ;;
+        77)
+            echo "SKIP: $f"
+            ;;
+        *)
+            echo "FAIL: $f"
+            failed=$((failed + 1))
+            all=$((all + 1))
+            ;;
+    esac
+done
+
+if [ "$failed" -eq 0 ] ; then
+  echo "All $all tests passed"
+else
+  echo "$failed of $all tests failed"
+fi
+
diff --git a/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb
new file mode 100644
index 000000000..320a9048b
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-support/nettle/nettle_3.7.2.bb
@@ -0,0 +1,58 @@
+SUMMARY = "A low level cryptographic library"
+HOMEPAGE = "http://www.lysator.liu.se/~nisse/nettle/"
+DESCRIPTION = "It tries to solve a problem of providing a common set of \
+cryptographic algorithms for higher-level applications by implementing a \
+context-independent set of cryptographic algorithms"
+SECTION = "libs"
+LICENSE = "LGPLv3+ | GPLv2+"
+
+LIC_FILES_CHKSUM = "file://COPYING.LESSERv3;md5=6a6a8e020838b23406c81b19c1d46df6 \
+                    file://COPYINGv2;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+                    file://serpent-decrypt.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e \
+                    file://serpent-set-key.c;beginline=14;endline=36;md5=ca0d220bc413e1842ecc507690ce416e"
+
+DEPENDS += "gmp"
+
+SRC_URI = "${GNU_MIRROR}/${BPN}/${BP}.tar.gz \
+           file://Add-target-to-only-build-tests-not-run-them.patch \
+           file://run-ptest \
+           file://check-header-files-of-openssl-only-if-enable_.patch \
+           "
+
+SRC_URI_append_class-target = "\
+            file://dlopen-test.patch \
+            "
+
+SRC_URI[md5sum] = "22849db27ed563ebbc829273f0c97e35"
+SRC_URI[sha256sum] = "8d2a604ef1cde4cd5fb77e422531ea25ad064679ff0adf956e78b3352e0ef162"
+
+
+UPSTREAM_CHECK_REGEX = "nettle-(?P<pver>\d+(\.\d+)+)\.tar"
+
+inherit autotools ptest multilib_header
+
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+EXTRA_OECONF = "--disable-openssl"
+
+do_compile_ptest() {
+        oe_runmake buildtest
+}
+
+do_install_append() {
+    oe_multilib_header nettle/version.h
+}
+
+do_install_ptest() {
+        install -d ${D}${PTEST_PATH}/testsuite/
+        install ${S}/testsuite/gold-bug.txt ${D}${PTEST_PATH}/testsuite/
+        install ${S}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/
+        # tools can be found in PATH, not in ../tools/
+        sed -i -e 's|../tools/||' ${D}${PTEST_PATH}/testsuite/*-test
+        install ${B}/testsuite/*-test ${D}${PTEST_PATH}/testsuite/
+}
+
+RDEPENDS_${PN}-ptest += "${PN}-dev"
+INSANE_SKIP_${PN}-ptest += "dev-deps"
+
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0003-Improve-graceful-power-state-handling.patch b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0003-Improve-graceful-power-state-handling.patch
new file mode 100644
index 000000000..57af6ee71
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control/0003-Improve-graceful-power-state-handling.patch
@@ -0,0 +1,97 @@
+From a7a1a2881643e1e711136363211df30a7133cf5f Mon Sep 17 00:00:00 2001
+From: "Jason M. Bills" <jason.m.bills@linux.intel.com>
+Date: Thu, 4 Mar 2021 12:54:04 -0800
+Subject: [PATCH] Improve graceful power state handling
+
+The current timeout of 1 minute for an OS to respond to a graceful
+shutdown, is not enough for some situations.  Extending this to
+5 minutes to allow enough time for an OS to gracefully shut down.
+
+This causes an issue with the current code which ignores further
+power change requests during the graceful timeout, which would now
+block forced shutdown and reset commands for 5 minutes.  So, this
+change also adds support for shutdown and reset commands to be
+accepted during a graceful shutdown timeout.
+
+Tested:
+Triggered a graceful shutdown and confirmed that it will time out
+after 5 minutes and that shutdown and reset commands can be issued
+during that time.
+
+Change-Id: Ie88207cbc754a34642b4e1bc9636a257475cdee6
+Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
+---
+ power-control-x86/src/power_control.cpp | 35 ++++++++++++++++++++++++++++++---
+ 1 file changed, 32 insertions(+), 3 deletions(-)
+
+diff --git a/power-control-x86/src/power_control.cpp b/power-control-x86/src/power_control.cpp
+index 9dc08ba..5a8487e 100644
+--- a/power-control-x86/src/power_control.cpp
++++ b/power-control-x86/src/power_control.cpp
+@@ -55,9 +55,8 @@ const static constexpr int resetPulseTimeMs = 500;
+ const static constexpr int powerCycleTimeMs = 5000;
+ const static constexpr int sioPowerGoodWatchdogTimeMs = 12000;
+ const static constexpr int psPowerOKWatchdogTimeMs = 8000;
+-const static constexpr int gracefulPowerOffTimeMs = 60000;
++const static constexpr int gracefulPowerOffTimeS = 5 * 60;
+ const static constexpr int warmResetCheckTimeMs = 500;
+-const static constexpr int buttonMaskTimeMs = 60000;
+ const static constexpr int powerOffSaveTimeMs = 7000;
+ 
+ const static std::filesystem::path powerControlDir = "/var/lib/power-control";
+@@ -1136,7 +1135,7 @@ static void gracefulPowerOffTimerStart()
+ {
+     std::cerr << "Graceful power-off timer started\n";
+     gracefulPowerOffTimer.expires_after(
+-        std::chrono::milliseconds(gracefulPowerOffTimeMs));
++        std::chrono::seconds(gracefulPowerOffTimeS));
+     gracefulPowerOffTimer.async_wait([](const boost::system::error_code ec) {
+         if (ec)
+         {
+@@ -1546,6 +1545,21 @@ static void powerStateGracefulTransitionToOff(const Event event)
+         case Event::gracefulPowerOffTimerExpired:
+             setPowerState(PowerState::on);
+             break;
++        case Event::powerOffRequest:
++            gracefulPowerOffTimer.cancel();
++            setPowerState(PowerState::transitionToOff);
++            forcePowerOff();
++            break;
++        case Event::powerCycleRequest:
++            gracefulPowerOffTimer.cancel();
++            setPowerState(PowerState::transitionToCycleOff);
++            forcePowerOff();
++            break;
++        case Event::resetRequest:
++            gracefulPowerOffTimer.cancel();
++            setPowerState(PowerState::on);
++            reset();
++            break;
+         default:
+             phosphor::logging::log<phosphor::logging::level::INFO>(
+                 "No action taken.");
+@@ -1614,6 +1628,21 @@ static void powerStateGracefulTransitionToCycleOff(const Event event)
+         case Event::gracefulPowerOffTimerExpired:
+             setPowerState(PowerState::on);
+             break;
++        case Event::powerOffRequest:
++            gracefulPowerOffTimer.cancel();
++            setPowerState(PowerState::transitionToOff);
++            forcePowerOff();
++            break;
++        case Event::powerCycleRequest:
++            gracefulPowerOffTimer.cancel();
++            setPowerState(PowerState::transitionToCycleOff);
++            forcePowerOff();
++            break;
++        case Event::resetRequest:
++            gracefulPowerOffTimer.cancel();
++            setPowerState(PowerState::on);
++            reset();
++            break;
+         default:
+             phosphor::logging::log<phosphor::logging::level::INFO>(
+                 "No action taken.");
+-- 
+2.7.4
+
diff --git a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend
index ea6a65bb2..fbb126681 100755
--- a/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-x86/chassis/x86-power-control_%.bbappend
@@ -7,4 +7,5 @@ FILESEXTRAPATHS_append := "${THISDIR}/${PN}:"
 SRC_URI += " \
         file://0001-Extend-VR-Watchdog-timeout.patch \
         file://0002-save-current-power-state-in-tmp-file.patch \
+        file://0003-Improve-graceful-power-state-handling.patch \
         "